CVE-2004-0112
https://notcve.org/view.php?id=CVE-2004-0112
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. El código que une SSL/TLS en OpenSSL 0.9.7a, 0.9.7b y 0.9.7c, usando Kerberos, no comprueba adecuadamente la longitud de los tickets de Kerberos, lo que permite que atacantes remotos provoquen una denegación de servicio. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/mhonarc/security-announce/msg00045.html http: • CWE-125: Out-of-bounds Read •
CVE-2004-0079
https://notcve.org/view.php?id=CVE-2004-0079
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. La función do_change_cipher_spec en OpenSSL 0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegación de servicio (caída) mediante una hábil unión SSL/TLS que provoca un puntero nulo. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://docs.info.apple.com/article.html?artnum=61798 http://fedoranews.org/updates/FEDORA-2004-095.shtml http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http • CWE-476: NULL Pointer Dereference •
CVE-2004-1764
https://notcve.org/view.php?id=CVE-2004-1764
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors. • http://www.ciac.org/ciac/bulletins/o-057.shtml http://www.kb.cert.org/vuls/id/406406 http://www.securityfocus.com/advisories/6237 https://exchange.xforce.ibmcloud.com/vulnerabilities/14828 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5789 •
CVE-2003-1359 – HP-UX 10.x - stmkfont Alternate Typeface Library Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-1359
Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument. • https://www.exploit-db.com/exploits/22246 https://www.exploit-db.com/exploits/22247 http://securityreason.com/securityalert/3236 http://www.securityfocus.com/advisories/4959 http://www.securityfocus.com/archive/1/324381 http://www.securityfocus.com/bid/6836 https://exchange.xforce.ibmcloud.com/vulnerabilities/11313 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5587 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2003-1362
https://notcve.org/view.php?id=CVE-2003-1362
Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases. • http://archives.neohapsis.com/archives/hp/2003-q1/0033.html http://www.securityfocus.com/bid/6878 https://exchange.xforce.ibmcloud.com/vulnerabilities/11366 • CWE-16: Configuration •