Juan Pablo Martinez Kuhn

Researcher fromCore Security Technologies
#7991of 53,633
34.4Total CVSS
Vulnerabilities · 4
High
4
PT-2004-1113
10
2004-08-09
Cfengine · Cfengine · CVE-2004-1702
**Name of the Vulnerable Software and Affected Versions** Cfengine versions 2.0.0 through 2.1.7p1 **Description** The issue is related to the AuthenticationDialogue function in cfservd, which does not properly check the return value of the ReceiveTransaction function. This leads to a failed malloc call and triggers a null dereference, allowing remote attackers to cause a denial of service (crash). Additionally, there are multiple vulnerabilities in the cfengine package that can lead to violations of confidentiality, integrity, and availability of protected information, and these can be exploited remotely. **Recommendations** For Cfengine versions 2.0.0 through 2.1.7p1, consider disabling the AuthenticationDialogue function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2003-1851
7.2
2003-09-19
Ibm · Ibm Db2 Universal Database · CVE-2003-0758
Name of the Vulnerable Software and Affected Versions: IBM DB2 Universal Data Base version 7.2 before Fixpak 10 Description: A buffer overflow issue exists in the db2dart component, allowing local users to potentially gain root privileges by providing a long command line argument. Recommendations: For IBM DB2 Universal Data Base version 7.2, apply Fixpak 10 to resolve the issue.
PT-2003-1852
7.2
2003-09-19
Ibm · Ibm Db2 Universal Database · CVE-2003-0759
Name of the Vulnerable Software and Affected Versions: IBM DB2 Universal Data Base version 7.2 before Fixpak 10a Description: A buffer overflow issue exists in the db2licm component, allowing local users to potentially gain root privileges by providing a long command line argument. Recommendations: For IBM DB2 Universal Data Base version 7.2, apply Fixpak 10a to resolve the issue.
PT-2003-1431
10
2003-04-16
Cisco · Snort · CVE-2003-0209
Name of the Vulnerable Software and Affected Versions: Snort versions 2.0 and earlier Description: The issue is related to an integer overflow in the TCP stream reassembly module, which can be exploited by remote attackers to execute arbitrary code. This is achieved through large sequence numbers in packets, leading to a heap-based buffer overflow. Recommendations: For Snort versions 2.0 and earlier, update to a version later than 2.0 to resolve the issue.