Leon Juranic

**Name of the Vulnerable Software and Affected Versions** IBM DB2 for Linux, UNIX and Windows versions 9.2, 10.1, 10.5, and 11.1 **Description** The issue is caused by improper bounds checking, leading to a stack-based buffer overflow. This could allow a local attacker to execute arbitrary code. **Recommendations** For versions 9.2, 10.1, 10.5, and 11.1, update to a version that includes the fix for the buffer overflow issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sophos ES1000 and ES4000 Email Security Appliance version 2.1.0.0 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the web administration interface. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `error` and `go` parameters to the "login page" API endpoint. **Recommendations** For Sophos ES1000 and ES4000 Email Security Appliance version 2.1.0.0, as a temporary workaround, consider restricting access to the login page until a patch is available. Avoid using the `error` and `go` parameters in the login page API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** McAfee E-Business Server versions 8.5.2 and earlier **Description** The administration interface in the affected software allows remote attackers to cause a denial of service, resulting in a crash, and execute arbitrary code via a long initial authentication packet. **Recommendations** For McAfee E-Business Server versions 8.5.2 and earlier, update to a version later than 8.5.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Eudora WorldMail versions 3.1.x **Description** A heap-based buffer overflow issue exists in the Mail Management Server (MAILMA.exe) that allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters. **Recommendations** For Eudora WorldMail versions 3.1.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GuildFTPd version 0.999.13 **Description** The issue is related to a buffer overflow that can be triggered by remote attackers, potentially allowing code execution. This is possibly related to input containing "globbing chars." **Recommendations** For GuildFTPd version 0.999.13, consider updating to a newer version that addresses this issue, if available. As a temporary workaround, restrict access to the service to minimize the risk of exploitation. Avoid using input containing "globbing chars" in the affected service until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Alt-N MDaemon versions 9.0.5 and prior **Description** The issue is related to multiple heap-based buffer overflows in the POP3 server. These overflows can be triggered by remote attackers sending long strings that contain '@' characters in the `USER` and `APOP` commands, potentially leading to a denial of service (daemon crash) and possibly allowing the execution of arbitrary code. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For Alt-N MDaemon versions 9.0.5 and prior, update to version 9.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the POP3 server or limiting the length of input strings for the `USER` and `APOP` commands until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Golden FTP Server Pro version 2.70 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, and potentially execute arbitrary code. This can be achieved by sending a long argument to either the NLST or APPE commands. **Recommendations** For Golden FTP Server Pro version 2.70, consider disabling the NLST and APPE commands as a temporary workaround until a patch is available. Restrict access to these commands to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ArgoSoft FTP Server version 1.4.3.6 **Description** The issue allows remote attackers to execute arbitrary code via Unicode in the RNTO command. This can be demonstrated using tools like the Infigo FTPStress Fuzzer. **Recommendations** For ArgoSoft FTP Server version 1.4.3.6, consider disabling the RNTO command until a patch is available to prevent potential exploitation. Restrict access to the server to minimize the risk of arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** WarFTPD (affected versions not specified) **Description** A buffer overflow issue exists in the WDM.exe component of WarFTPD, allowing remote attackers to execute arbitrary code. This can be achieved by providing unspecified arguments, as demonstrated using the Infigo FTPStress Fuzzer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FileZilla FTP Server version 2.2.22 **Description** The issue allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code. This can be achieved via a long PORT or PASS command followed by the MLSD command, or through the remote server interface. **Recommendations** For FileZilla FTP Server version 2.2.22, consider updating to a newer version that addresses this issue. As a temporary workaround, restrict access to the MLSD command and limit the length of PORT and PASS commands to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Popper versions 1.41-r2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via the `form` parameter in the childwindow.inc.php file. **Recommendations** For Popper versions 1.41-r2 and earlier, update to a version later than 1.41-r2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ethereal versions 0.9.1 through 0.10.9 **Description** The issue is related to the IAPP dissector in Ethereal, which does not properly handle string formatting. This could lead to buffer overflows, particularly when dealing with modified length values that are not correctly processed by the `dissect pdus` and `pduval to str` functions. **Recommendations** For Ethereal versions 0.9.1 through 0.10.9, consider restricting the use of the IAPP dissector until a fix is available. As a temporary workaround, avoid using the `dissect pdus` and `pduval to str` functions in the IAPP dissector to minimize the risk of buffer overflows.

**Name of the Vulnerable Software and Affected Versions** Apache mod auth radius version 1.5.4 libpam-radius-auth (affected versions not specified) **Description** The issue allows remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS REPLY MESSAGE with a RADIUS attribute length of 1. This leads to a memcpy operation with a -1 length argument, resulting in a crash. **Recommendations** For Apache mod auth radius version 1.5.4, update to a version that fixes this issue. For libpam-radius-auth, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BNC versions 2.8.9 and possibly other versions **Description** The issue concerns multiple vulnerabilities in the BNC package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. A buffer overflow in the `getnickuserhost` function allows remote IRC servers to execute arbitrary code via an IRC server response containing many `!` (exclamation) or `@` (at sign) characters. **Recommendations** For BNC version 2.8.9, consider disabling the `getnickuserhost` function as a temporary workaround until a patch is available. Restrict access to the BNC module to minimize the risk of exploitation. Avoid using the BNC package until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.