Chris Anley

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions 10.3.9 through 10.4.9 **Description** A format string issue in the VPN daemon allows local users to execute arbitrary code via the `-i` parameter, specifically the `username` variable. This could potentially lead to unauthorized access and code execution. **Recommendations** For Mac OS X versions 10.3.9 through 10.4.9, avoid using the `-i` parameter in the VPN daemon until a fix is available. As a temporary workaround, consider restricting access to the VPN daemon to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: IBM DB2 version 8.1 Description: The issue allows local users to gain unauthorized access and sensitive information, such as cleartext passwords, due to default permissions of read and write for the Everyone group in shared memory sections and events. This can also cause a denial of service. Recommendations: For IBM DB2 version 8.1, consider changing the default permissions of shared memory sections and events to restrict access to the Everyone group, limiting it to only necessary users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: IBM DB2 version 8.1 Description: The issue concerns the `to char` and `to date` functions, which allow local users to cause a denial of service, resulting in an application crash. This occurs when an empty string is passed as the second parameter, leading to a null pointer dereference. Recommendations: For IBM DB2 version 8.1, consider restricting the use of the `to char` and `to date` functions to prevent the denial of service, or apply any available configuration changes to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Sybase Adaptive Server Enterprise (ASE) XP Server versions prior to 12.5.3 ESD#1 **Description** The issue allows attackers to cause a denial of service, resulting in a process crash, by sending malformed data to the XP Server TCP port. **Recommendations** For versions prior to 12.5.3 ESD#1, update to version 12.5.3 ESD#1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Sybase Adaptive Server Enterprise (ASE) versions prior to 12.5.3 ESD#1 **Description** The issue allows remote authenticated users to execute arbitrary code via several vulnerable functions, including the `attrib valid` function, `covert` function, `declare` statement, or a crafted query plan. Additionally, remote authenticated users with database owner or "sa" role privileges can execute arbitrary code via a crafted install java statement. **Recommendations** For versions prior to 12.5.3 ESD#1, update to version 12.5.3 ESD#1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `attrib valid` function, `covert` function, `declare` statement, and install java statement to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MySQL versions 4.1.x through 4.1.2 MySQL version 5.0 **Description** The issue allows remote attackers to bypass authentication. This is possible due to the `check scramble 323` function allowing a zero-length scrambled string. **Recommendations** For MySQL versions 4.1.x through 4.1.2, update to version 4.1.3 or later. For MySQL version 5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the `check scramble 323` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Oracle9i Database versions prior to Release 2 and 1 Oracle 8i Description: A stack-based buffer overflow issue exists in the PL/SQL EXTPROC functionality, allowing authenticated database users, and in some cases arbitrary database users, to execute arbitrary code by providing a long library name. Recommendations: For Oracle9i Database Release 2 and 1, update to a version that includes the fix for this issue. For Oracle 8i, consider disabling the EXTPROC functionality as a temporary workaround until a patch is available. Restrict access to the PL/SQL EXTPROC functionality to minimize the risk of exploitation.