[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] NT: Five Buffer Overflows; One Denial of Service
From:       mea culpa <jericho () DIMENSIONAL ! COM>
Date:       1999-11-04 17:22:42
[Download RAW message or body]

From: WinSA Publisher <winsa@NTSECURITY.NET>


November 2, 1999 - WINSA - At least five different programs were
recently reported to contain possible buffer overflow condition that
may allow arbitrary code to execute on the server. The programs
reported to be vulnerable are as follows:

  * Avirt Mail Server
  * CMail Server
  * ExpressFS FTPServer
  * Xitami Web Server
  * WFTPD Server

In addition, a new exploit was released that can cause NT's native
SERVICES.EXE process to crash, thereby crippling much functionality
in the wake of the crash.

For complete details on all six of these newly discovered security
risks, including sample code that demonstrates some of these issues
against certain software packages, please visit our Web site:

  * RFPoison (Services.exe DoS)
    http://www.ntsecurity.net/go/load.asp?iD=/security/services.htm
  * Avirt Mail Server
    http://www.ntsecurity.net/go/load.asp?iD=/security/avirt1.htm
  * CMail Server
    http://www.ntsecurity.net/go/load.asp?iD=/security/cmail1.htm
  * ExpressFS FTPServer
    http://www.ntsecurity.net/go/load.asp?iD=/security/expressfs1.htm
  * Xitami Web Server
    http://www.ntsecurity.net/go/load.asp?iD=/security/xitami1.htm
  * WFTPD Server
    http://www.ntsecurity.net/go/load.asp?iD=/security/wftpd1.htm

Thanks for subscribing to WinSA.
Please tell your friends about this mailing list!

Sincerely,
The WinSA Team

ISN is sponsored by Security-Focus.COM

[prev in list] [next in list] [prev in thread] [next in thread]