Alberto Solino

**Name of the Vulnerable Software and Affected Versions** SAP SAPCAR version 721.510 **Description** The issue is a Heap Based Buffer Overflow that can be exploited with a crafted CAR archive file from an untrusted remote source. The problem arises because the length of data written is determined by an arbitrary number found within the file. **Recommendations** For SAP SAPCAR version 721.510, apply the fix as described in SAP Security Note 2441560.

**Name of the Vulnerable Software and Affected Versions** Samba versions 3.x through 4.4.x before 4.4.2 Samba versions 4.3.x before 4.3.8 Samba versions 4.2.x before 4.2.11 **Description** The issue is related to security flaws in the NETLOGON service of the Samba network interaction software package. It allows a remote attacker to exploit the vulnerability, potentially gaining access to confidential data and compromising its integrity. The vulnerability can be exploited by running a crafted application and leveraging the ability to sniff network traffic, which enables the attacker to spoof the computer name of a secure channel's endpoint and obtain sensitive session information. **Recommendations** For Samba versions 3.x through 4.4.x before 4.4.2, update to version 4.4.2 or later. For Samba versions 4.3.x before 4.3.8, update to version 4.3.8 or later. For Samba versions 4.2.x before 4.2.11, update to version 4.2.11 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows Server 2012 Gold and R2 **Description** A spoofing issue exists in the NETLOGON service, allowing remote attackers to spoof the computer name of a secure channel's endpoint and obtain sensitive session information by running a crafted application and leveraging the ability to sniff network traffic. This issue arises when the Netlogon service improperly establishes a secure communications channel belonging to a different machine with a spoofed computer name. To exploit this, an attacker must first be logged on to a domain-joined system and be able to observe network traffic, then run a specially crafted application to establish a secure channel connection belonging to a different computer, potentially using the established secure channel to obtain session-related information for the actual secure channel of the spoofed computer. **Recommendations** For Microsoft Windows Server 2003 SP2, update to a version that includes the fix for the NETLOGON Spoofing Vulnerability. For Microsoft Windows Server 2008 SP2 and R2 SP1, update to a version that includes the fix for the NETLOGON Spoofing Vulnerability. For Microsoft Windows Server 2012 Gold and R2, update to a version that includes the fix for the NETLOGON Spoofing Vulnerability. As a temporary workaround, consider restricting access to the NETLOGON service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Eye Of Gnome (EOG) versions 1.0.2 through 2.2.0 **Description** The issue allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out locally. **Recommendations** For versions 1.0.2 through 2.2.0, consider disabling the execution of arbitrary code via format string specifiers in command line arguments as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libesmtp versions 0.8.12 mutt versions 1.4.0 through 1.5.3 Balsa version 2.0.10 and earlier **Description** The issue concerns multiple vulnerabilities in certain packages of Red Hat Linux and Debian GNU/Linux operating systems, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A buffer overflow in Mutt and possibly other programs that use Mutt code allows a remote malicious IMAP server to cause a denial of service and possibly execute arbitrary code via a crafted folder. **Recommendations** For libesmtp version 0.8.12, update to a newer version to mitigate the risk. For mutt versions 1.4.0 through 1.5.3, update to version 1.5.4 or later to resolve the issue. For Balsa version 2.0.10 and earlier, update to version 2.0.11 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the IMAP server to minimize the risk of exploitation.