CVE-2006-5873
https://notcve.org/view.php?id=CVE-2006-5873
Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet. Desbordamiento de búfer en la función cluster_process_heartbeat en cluster.c del layer 2 tunneling protocol network server (l2tpns) anterior a 2.1.21 permite a atacantes remotos provocar una denegación de servicio mediante un paquete de pulso (heartbeat packet) largo. • http://l2tpns.cvs.sourceforge.net/l2tpns/l2tpns/cluster.c?r1=1.53&r2=1.54 http://secunia.com/advisories/23230 http://secunia.com/advisories/23333 http://sourceforge.net/project/shownotes.php?group_id=97282&release_id=468202 http://www.debian.org/security/2006/dsa-1230 http://www.securityfocus.com/bid/21443 http://www.vupen.com/english/advisories/2006/4860 https://exchange.xforce.ibmcloud.com/vulnerabilities/30732 •
CVE-2006-5868 – Insufficient boundary check in ImageMagick's SGIDecode()
https://notcve.org/view.php?id=CVE-2006-5868
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. Múltiples desbordamientos de búfer en Imagemagick 6.0 anterior a 6.0.6.2, y 6.2 anterior a 6.2.4.5, tiene un impacto desconocido y vectores de ataque con la complicidad del usuario a través de una imagen SGI manipulada. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://secunia.com/advisories/22998 http://secunia.com/advisories/23101 http://secunia.com/advisories/23219 http://secunia.com/advisories/24186 http://secunia.com/advisories/24284 http://www.debian.org/security/2006/dsa-1213 http://www.mandriva.com/security/advisories?name=MDKSA-2006:223 http://www.redhat.com/support/errata/RHSA-2007-0015.html http://www.securityfocus.com/bid/21185 http://www.ubun •
CVE-2006-5170
https://notcve.org/view.php?id=CVE-2006-5170
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. pam_ldap en nss_ldap sobre Red Hat Enterprise Linux 4, Fedora Core 3 y anteriores, y posiblemente otras distribuciones no devuelven una condición de error cuando un servidor de directorio LDAP responde con una respuesta de control PasswordPolicyResponse, lo cual provoca que la función pam_authenticate devuelva código correcto aunque haya fallado, según lo divulgado originalmente para el xscreensaver. • http://bugzilla.padl.com/show_bug.cgi?id=291 http://rhn.redhat.com/errata/RHSA-2006-0719.html http://secunia.com/advisories/22682 http://secunia.com/advisories/22685 http://secunia.com/advisories/22694 http://secunia.com/advisories/22696 http://secunia.com/advisories/22869 http://secunia.com/advisories/23132 http://secunia.com/advisories/23428 http://security.gentoo.org/glsa/glsa-200612-19.xml http://securitytracker.com/id?1017153 http://www.debian.org/security/2006 • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2006-4343 – OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service
https://notcve.org/view.php?id=CVE-2006-4343
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference. La función get_server_hello código del cliente SSLv2 en OpenSSL 0.9.7 anterior a 0.9.7l, 0.9.8 anterior a 0.9.8d, y versiones anteriores permite a servidores remotos provocar una denegación de servicio (caída del cliente) mediante vectores desconocidos que disparan un referencia a un puntero nulo. • https://www.exploit-db.com/exploits/28726 https://www.exploit-db.com/exploits/4773 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://docs.info.apple.com/article.html?artnum=304829 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 http://issues.rpath.com/browse/RPL-613 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 http://itr • CWE-476: NULL Pointer Dereference •
CVE-2006-5051 – unsafe GSSAPI signal handler
https://notcve.org/view.php?id=CVE-2006-5051
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. Condición de carrera en el manejador de señal OpenSSH en versiones anteriores a 4.4 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario si la autenticación GSSAPI está habilitada, a través de vectores no especificados que conducen a una doble liberación. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:22.openssh.asc ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.freebsd.org/pipermail/freebsd-security/2006-October/004051.html http://marc.info/?l=openssh-unix-dev&m=115939141729160&w=2 http://openssh.org/txt/release-4.4 http://secunia.com/advisories& • CWE-415: Double Free •