Federico L. Bossi Bonin

**Name of the Vulnerable Software and Affected Versions** Sun Solaris version 9 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a crafted request to a specific procedure in the RPC subsystem. This is related to the XDR DECODE operation and the taddr2uaddr function. **Recommendations** For Sun Solaris version 9, consider restricting access to the RPC subsystem to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the rpcbind service may help prevent the daemon crash.

**Name of the Vulnerable Software and Affected Versions** xine-lib versions prior to 1.1.10 **Description** The issue is related to a buffer overflow in the ASF demuxer, which can be exploited by remote attackers using a crafted ASF header. This can lead to the execution of arbitrary code or cause a denial of service, resulting in a crash. **Recommendations** For versions prior to 1.1.10, update to version 1.1.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the ASF demuxer to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: KsIRC versions 1.3.12 KsIRC versions prior to 3.5.5-r1 Description: The issue allows remote attackers to cause a denial of service (crash) via a long `PRIVMSG` string when connecting to an Internet Relay Chat (IRC) server. This results in an assertion failure and a NULL pointer dereference, which was originally reported as a buffer overflow. The exploitation of this issue can lead to a disruption of protected information and can be carried out remotely. Recommendations: For version 1.3.12, consider disabling the `PRIVMSG` functionality until a patch is available. For versions prior to 3.5.5-r1, update to version 3.5.5-r1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: GNU wget version 1.10.2 Description: The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved through a malicious FTP server that sends a large number of blank 220 responses to the SYST command. Recommendations: For GNU wget version 1.10.2, consider updating to a newer version that addresses this issue, as the current version is susceptible to a denial of service attack via malicious FTP servers.

**Name of the Vulnerable Software and Affected Versions** xine-lib version 1.1.1 **Description** The issue is related to a buffer overflow in the HTTP Plugin for xine-lib, which can be triggered by a long reply from an HTTP server. This can cause a denial of service, resulting in an application crash. **Recommendations** For xine-lib version 1.1.1, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version.

Name of the Vulnerable Software and Affected Versions: libxine versions 1.14 and earlier xine-lib versions 1.1.1 and earlier Description: The issue is related to a buffer overflow in the `xine list delete current` function, which can be triggered by a crafted MPEG stream. This allows remote attackers to execute arbitrary code. Recommendations: For libxine versions 1.14 and earlier, update to a version later than 1.14 to resolve the issue. For xine-lib versions 1.1.1 and earlier, update to a version later than 1.1.1 to resolve the issue. As a temporary workaround, consider restricting access to MPEG streams from untrusted sources until a patch is available.