CERT Advisory

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT* Advisory CA-97.20 Original issue date: July 8, 1997 Last revised: -- July 11, 1997 - Updated Appendix A with vendor information for vulnerable browers. A complete revision history is at the end of this file. Topic: JavaScript Vulnerability - ----------------------------------------------------------------------------- The CERT Coordination Center has received reports of a vulnerability in JavaScript that enables remote attackers to monitor a user's Web activities. The vulnerability affects several Web browsers that suppo...

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT* Advisory CA-97.19 Original issue date: June 25, 1997 Last revised: -- Topic: lpr Buffer Overrun Vulnerability - ----------------------------------------------------------------------------- The technical content of this advisory was originally published by AUSCERT (AA-96.12), who last updated the information on June 19, 1997. We use it here with their permission. - --------------------------------------------------------------------------- There is a vulnerability in the BSD-based printing software, lpr, available on a v...

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT* Advisory CA-97.18 Original issue date: June 12, 1997 Last revised: June 25, 1997 Section IIIA and Appendix A - Added vendor information for Berkeley Software Design, Inc. (BSDI). A complete revision history is at the end of this file. Topic: Vulnerability in the at(1) program - ----------------------------------------------------------------------------- The CERT Coordination Center has received reports of a buffer overflow condition in some versions of the at(1) program. By carefully specifying the data that overflows t...

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT* Advisory CA-97.17 Original issue date: May 29, 1997 Last revised: June 9, 1997 Appendix A - added information from Sun Microsystems, Inc. A complete revision history is at the end of this file. Topic: Vulnerability in suidperl (sperl) - ----------------------------------------------------------------------------- The CERT Coordination Center has received reports of a buffer overflow condition in suidperl built from Perl 4.n and Perl 5.n distributions on UNIX systems. By calling this program with appropriately crafted par...

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT* Advisory CA-97.16 Original issue date: May 29, 1997 Last revised: June 9, 1997 UPDATES, Vendor Information Added by CERT/CC - added information for Sun Microsystems, Inc. A complete revision history is at the end of this file. Topic: ftpd Signal Handling Vulnerability - ----------------------------------------------------------------------------- The text of this advisory was originally released by AUSCERT as AA-97.03 ftpd Signal Handling Vulnerability on January 29, 1997, and updated on April 18, 1997. To give this ...

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT* Advisory CA-97.15 Original issue date: May 28, 1997 Last revised: --- Topic: Vulnerability in SGI login LOCKOUT - ----------------------------------------------------------------------------- The text of this advisory was originally released on April 10, 1997, as AUSCERT Advisory AA-97.12, developed by the Australian Computer Emergency Response Team. To more widely broadcast this information, we are reprinting the AUSCERT advisory here with their permission. Only the contact information at the end has changed: AUSCERT co...

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================ CERT* Advisory CA-97.14 Original issue date: May 21, 1997 Last revised: May 23, 1997 Appendix A, BSDI - added information. Topic: Vulnerability in metamail - ----------------------------------------------------------------------------- The CERT Coordination Center has received reports of a vulnerability in metamail, a program that implements MIME. By exploiting the vulnerability, a sender of a MIME-encoded electronic mail message can cause the receiver of the message to execute an arbitrary command if the receiver processes the...

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT* Advisory CA-97.13 Original issue date: May 7, 1997 Last revised: June 4, 1997 Appendix A - updated vendor information for BSDI. A complete revision history is at the end of this file. Topic: Vulnerability in xlock - ----------------------------------------------------------------------------- The CERT Coordination Center has received reports that a buffer overflow condition exists in some implementations of xlock. This vulnerability makes it possible for local users (users with access to an account on the system) to exec...

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT* Advisory CA-97.12 Original issue date: May 6, 1997 Last revised: May 7, 1997 Introduction - Corrected the AUSCERT advisory number. Acknowledgments - Corrected the AUSCERT advisory number and removed a company name. Topic: Vulnerability in webdist.cgi - ----------------------------------------------------------------------------- The CERT Coordination Center has received reports of a security vulnerability in the webdist.cgi cgi-bin program, part of the IRIX Mindshare Out Box package, available with IRIX 5.x and 6.x. By e...

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT* Advisory CA-97.11 Original issue date: May 1, 1997 Last revised: -- May 8, 1997 Appendix A - updated vendor information for Hewlett-Packard. A complete revision history is at the end of this file. Topic: Vulnerability in libXt - ----------------------------------------------------------------------------- There have been discussions on public mailing lists about buffer overflows in the Xt library of the X Windowing System made freely available by The Open Group (and previously by the now-defunct X Consortium). The specif...