Vade79

Name of the Vulnerable Software and Affected Versions: Frank Yaul corehttp version 0.5.3alpha Description: The issue is related to multiple buffer overflows in the HttpSprockMake function, which can be triggered by a long string in the method name or URI in an HTTP request, potentially allowing remote attackers to execute arbitrary code. Recommendations: For Frank Yaul corehttp version 0.5.3alpha, consider restricting access to the HttpSprockMake function until a patch is available. As a temporary workaround, avoid using long strings in the method name or URI in HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Scintilla versions 1.73 and earlier notepad++ versions 4.1.1 and earlier **Description** A stack-based buffer overflow issue exists in the LexRuby.cxx file within the SciLexer.dll component of Scintilla, which is used by notepad++. This issue allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files that contain long lines. **Recommendations** For Scintilla version 1.73 and earlier, update to a version later than 1.73 to resolve the issue. For notepad++ version 4.1.1 and earlier, update to a version later than 4.1.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** webdesproxy version 0.0.1 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code via a long URL. This issue possibly involves the `process connection request` function in webdesproxy.c. **Recommendations** For webdesproxy version 0.0.1, consider disabling the `process connection request` function as a temporary workaround until a patch is available. Restrict access to webdesproxy to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions 10.3.x through 10.3.8 Mac OS X versions 10.4.x through 10.4.4 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the `.pwtmp.[PID]` temporary file. This is related to the `passwd` functionality in Directory Services. **Recommendations** For Mac OS X versions 10.3.x through 10.3.8, update to version 10.3.9 or later. For Mac OS X versions 10.4.x through 10.4.4, update to version 10.4.5 or later.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions 10.3.x through 10.3.8 Mac OS X versions 10.4.x through 10.4.4 **Description** The issue allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option. This is related to the `passwd` functionality in Directory Services. **Recommendations** For Mac OS X versions 10.3.x through 10.3.8, update to version 10.3.9 or later. For Mac OS X versions 10.4.x through 10.4.4, update to version 10.4.5 or later.

**Name of the Vulnerable Software and Affected Versions** Lynx versions prior to 2.8.6dev.15 **Description** The issue allows remote attackers to execute arbitrary commands via certain links, including `lynxcgi:`, `lynxexec`, and `lynxprog` links, due to improper restrictions in the default configuration in some environments. **Recommendations** For versions prior to 2.8.6dev.15, update to version 2.8.6dev.15 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenVPN versions prior to 2.0.4 OpenVPN version 2.0.x **Description** The issue concerns a format string vulnerability in the foreign option function in options.c. This vulnerability allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option. Multiple vulnerabilities in the OpenVPN package may lead to breaches of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely. **Recommendations** For OpenVPN versions prior to 2.0.4, update to version 2.0.4 or later to resolve the issue. For OpenVPN version 2.0.x, update to a version outside of the 2.0.x range to mitigate the risk. As a temporary workaround, consider restricting access to the foreign option function in options.c until a patch is available. Avoid using format string specifiers in the dhcp-option command option until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** University of Minnesota gopher client version 3.0.9 **Description** The issue is related to multiple stack-based buffer overflows. These overflows can be triggered by a remote malicious server through specific actions, including sending a long "+VIEWS:" reply that is not properly handled in the `VIfromLine` function, and passing certain arguments when launching third-party programs, such as a web browser from a web link, which is not properly handled in the `FIOgetargv` function. **Recommendations** For University of Minnesota gopher client version 3.0.9, consider disabling the `VIfromLine` and `FIOgetargv` functions as a temporary workaround until a patch is available. Restrict access to launching third-party programs from web links to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Mac OS X (affected versions not specified) **Description** The issue allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS Store file to an arbitrary file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: UMN gopher daemon (gopherd) versions 2.x through 3.0.5 Description: The issue is related to multiple buffer overflows that allow attackers to execute arbitrary code. This can be achieved via a long filename as a result of a LIST command, and through the `GSisText` function, which calculates the view-type. Recommendations: For versions 2.x through 3.0.5, update to version 3.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** xfstt (affected versions not specified) **Description** The issue is related to an off-by-one error in xfstt, allowing remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake. This can lead to a leak of memory in the server's response, potentially compromising confidentiality. Multiple vulnerabilities in the xfstt package may also lead to disruptions in the integrity and availability of protected information, with exploitation possible remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ezbounce versions 1.0 through 1.50 Description: The issue allows remote attackers to execute arbitrary code via the sessions command. Recommendations: For ezbounce versions 1.0 through 1.50, update to a version that contains a fix for this issue.