Angelo Rosiello

**Name of the Vulnerable Software and Affected Versions** Alt-N MDaemon versions 6.5.2 through 6.8.5 **Description** A stack-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code via a long `From` parameter to "Form2Raw.cgi" API endpoint. **Recommendations** For versions 6.5.2 through 6.8.5, update to a version outside of this range to resolve the issue.

Name of the Vulnerable Software and Affected Versions: ImageMagick versions 5.4.3.x and earlier Description: The issue allows attackers to cause a denial of service, potentially leading to a crash, and may also enable the execution of arbitrary code. This is achieved through the use of a filename containing `%x`, which could trigger a format string vulnerability. Recommendations: For versions 5.4.3.x and earlier, update to a version that fixes this issue to prevent potential denial of service and arbitrary code execution.

Name of the Vulnerable Software and Affected Versions: linux-atm versions prior to 2.4.1 Description: The issue is related to a buffer overflow in the les utility for ATM on Linux. This can be exploited by local users to gain privileges, specifically when the les utility is used with setuid and a long -f command line argument is provided. Recommendations: For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider removing the setuid bit from the les utility to prevent local users from exploiting the buffer overflow.

**Name of the Vulnerable Software and Affected Versions** fileutils versions 4.0.36 through 4.1.9 wu-ftpd (affected versions not specified) coreutils (affected versions not specified) **Description** The issue allows local users to consume a large amount of memory via a large -w value in the `ls` command, which can be remotely exploited via applications that use `ls`, such as `wu-ftpd`. Multiple vulnerabilities in the `wu-ftpd` and `fileutils` packages can lead to disruption of protected information and can be exploited remotely. **Recommendations** For fileutils versions 4.0.36 through 4.1.9, consider restricting the use of the `ls` command with large -w values to minimize the risk of exploitation. For wu-ftpd, restrict access to the service to minimize the risk of exploitation until a fix is available. For coreutils, consider disabling the `ls` command or restricting its use with large -w values until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.