Summary of Security Items from February 4 through February 17, 2004

Released
Feb 17, 2004
Document ID
SB04-049


Publications by US-CERT | href="#vendors">Publications by Vendors | href="#others">Publications by Third Parties


Publications by US-CERT

Vulnerabilities in Microsoft ASN.1 Library

Multiple integer overflow vulnerabilities in the Microsoft Windows
ASN.1 parser library could allow an unauthenticated, remote attacker
to execute arbitrary code with SYSTEM privileges.

Vulnerabilities in Check Point Firewall-1

Both the AI and HTTP Security Server features of Firewall-1 contain an
HTTP parsing vulnerability that is triggered by sending an invalid
HTTP request through the firewall. This vulnerability allows remote
attackers to execute arbitrary code on affected firewalls with
administrative privileges, typically "SYSTEM" or "root".

VU#277396:
GNU Radius accounting service fails to properly handle exceptional
Acct-Status-Type and Acct-Session-Id attributes

The GNU Radius accounting service fails to properly handle packets
with exceptional Acct-Status-Type and Acct-Session-Id attributes.

VU#473814:
Multiple Real media players vulnerable to buffer overflow when parsing
crafted media files

Multiple Real media players vulnerable to buffer overflow when parsing
certain media files which may permit an attacker to execute arbitrary
code on the user's system.

VU#473902:
Multiple Real media players fail to properly validate SMIL files

Multiple Real media players fail to properly validate synchronized
multimedia integration language (SMIL) files which may permit a remote
attacker to gain sensitive information.

VU#514734:
Multiple Real media players fail to properly validate RMP files

Multiple Real media players fail to properly validate RealJukebox
Metadata Package (RMP) files which may permit an attacker to download
and execute arbitrary code on the user's system.

VU#873334:
Check Point ISAKMP vulnerable to buffer overflow via Certificate
Request

A buffer overflow vulnerability exists in the Internet Security
Association and Key Management Protocol (ISAKMP) implementation used
in Check Point VPN-1, SecuRemote, and SecureClient products. An
unauthenticated, remote attacker could execute arbitrary code with the
privileges of the ISAKMP process, typically root or SYSTEM.

Back to top


Publications by Vendors

Conectiva

Debian

Fedora

FreeBSD

Gentoo

Hewlett Packard

Mandrake

Microsoft

Novell

OpenBSD

Red Hat

SGI

Slackware

Sun Microsystems

Trustix

Turbolinux

Back to top


Publications by Third Parties

AusCERT

F-Secure

ISS

Network Associates

SANS

Sophos

Symantec

Trend Micro

UNIRAS



Copyright 2004 Carnegie Mellon University. Terms of use
Last
updated

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.