Karol Wiesek

**Name of the Vulnerable Software and Affected Versions** IBM AIX versions 5.3 through 6.1 **Description** The issue is related to a debugging component that does not properly handle the ` LIB INIT DBG` and ` LIB INIT DBG FILE` environment variables. This allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions. The problem is associated with the libC.a (also known as the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1. **Recommendations** For IBM AIX versions 5.3 through 6.1, consider restricting access to setuid-root programs to minimize the risk of exploitation. As a temporary workaround, avoid using the ` LIB INIT DBG` and ` LIB INIT DBG FILE` environment variables in sensitive operations until a patch is available.

Name of the Vulnerable Software and Affected Versions: Panda ActiveScan versions prior to 1.02.00 Description: The issue is related to a stack-based buffer overflow in the ActiveX control. This can be triggered by passing a long argument to the `Update` method, potentially allowing remote attackers to cause a denial of service or execute arbitrary code. Recommendations: For versions prior to 1.02.00, update to version 1.02.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the `as2guiie.dll` ActiveX control until the update is applied.

Name of the Vulnerable Software and Affected Versions: Panda ActiveScan versions prior to 1.02.00 Description: The issue allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the `Update` method. Recommendations: For versions prior to 1.02.00, update to version 1.02.00 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Squirrelmail S/MIME plugin versions 0.4 and 0.5 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `cert` parameter of the viewcert.php file. **Recommendations** For Squirrelmail S/MIME plugin versions 0.4 and 0.5, avoid using the `cert` parameter in the viewcert.php file until a fix is available. Consider restricting access to the viewcert.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samba versions 2.2.0 through 2.2.11 Samba versions 3.0.0 through 3.0.2a **Description** The issue allows remote attackers to bypass specified share restrictions and access files and directories outside of the share path. This is due to the `unix clean name` function trimming certain directory names down to absolute paths when "/.////" style sequences are used in pathnames. The `unix convert()` function converts names from the DOS namespace to Unix namespace and calls `unix clean name()`, which removes double slashes, leading './' characters, and '..' directory-traversal characters. However, this process can be exploited to specify the real path of any file on the computer. **Recommendations** For Samba versions 2.2.0 through 2.2.11, update to a version outside of this range to mitigate the risk. For Samba versions 3.0.0 through 3.0.2a, update to version 3.0.2a or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Linux-PAM version 0.78 Description: The issue allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name, specifically when the trust option is enabled and the use uid option is disabled in pam wheel. Recommendations: For Linux-PAM version 0.78, consider disabling the trust option or enabling the use uid option in pam wheel to mitigate the risk of exploitation.