AusCERT - Novell Netware

copyright | disclaimer | privacy | contact

HOME

About AusCERT

Membership

Contact Us

PKI Services

Training

Publications

Sec. Bulletins

Conferences

News & Media

Services

Web Log

Site Map

Site Help

Member login

Novell Netware

Further Information
AA-2005.0025 -- Novell NetMail 3.5.2d and prior -- IMAPD buffer overflow - A post-authentication buffer overflow in the NetMail IMAP daemon allows remote execution of arbitrary code. (21/11/2005)

ESB-2005.0820 -- iDEFENSE Security Advisory 10.13.05 -- Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability - Remote exploitation of a buffer overflow vulnerability in wget and cURL allows attackers to execute arbitrary code with the privileges of the client. (14/10/2005)

AA-2005.0018 -- Novell NetMail NMAP agent buffer overflow vulnerability - (13/10/2005)

AL-2005.0028 -- Computer Associates multiple products -- message queuing (CAM/CAFT) multiple vulnerabilities - Multiple vulnerabilities exist in several CA products potentially allowing a remote attacker to take complete control of the computer and/or cause denial of service. (24/08/2005)

AL-2005.0023 -- Veritas confirms Backup Exec authentication vulnerability - A remote attacker can download arbitrary files from the computers where the Remote Agent is installed. In many cases the information downloaded may then be used to take complete control of the computer. Active exploitation of this vulnerability has now been reported. (13/08/2005)

AA-2005.013 -- Novell eDirectory Authentication Service (NMAS) -- unauthorized password change vulnerability - The Forgotten Password portal included with Novell eDirectory Authentication Server Modules (NMAS) 2.3.7 and prior may allow a remote attacker to change users' passwords without answering challenge questions. (02/08/2005)

ESB-2005.0569 -- US-CERT Technical Cyber Security Alert TA05-194A -- Oracle Products Contain Multiple Vulnerabilities - (19/07/2005)

ESB-2005.0548 -- iDEFENSE Security Advisory 07.14.05 -- Sophos Anti-Virus Zip File Handling DoS Vulnerability - (15/07/2005)

ESB-2005.0534 -- Oracle Security Advisory -- Critical Patch Update - July 2005 - Oracle has recently released a Critical Patch Update which details fixes for several vulnerabilities in Oracle's major product groups of database server, application server, collaboration suite, e-business and applications, and enterprise manager. (13/07/2005)

denotes AusCERT member only content. AU-2005.0015 -- AusCERT Update - Veritas Backup Exec public exploit code and increased port 10000 scanning activity - AusCERT advises that exploit code is now publicly available for at least one of the vulnerabilities described in AusCERT AL-2005.013, "Veritas Backup Exec - multiple vulnerabilities". AusCERT has also observed increased scanning activity this week to port 10000, believed to be attempting to exploit this vulnerability. (28/06/2005)

AL-2005.013 -- Veritas Backup Exec - multiple vulnerabilities - This bulletin describes six vulnerabilities in Veritas Backup Exec that potentially allow remote administrative compromise of both backup servers and clients. (23/06/2005)

AA-2005.009 -- Novell NetMail 3.5.2c and prior - multiple vulnerabilities - (22/06/2005)

AA-2005.002 -- Multiple products using CA Vet Antivirus Engine - integer overflow - (30/05/2005)

ESB-2005.0222 -- ISS Protection Brief -- McAfee AntiVirus Library Stack Overflow - A stack overflow vulnerability multiple products based on McAfee Antivirus Library versions prior to 4400 may allow arbitrary code execution which can lead to administrative compromise. (18/03/2005)

ESB-2005.0189 -- ISS Protection Advisory -- Trend Micro AntiVirus Library Heap Overflow - A remote attacker can execute arbitrary code without user interaction, by sending an e-mail containing a malicious ARJ file to the target Trend Micro AntiVirus Library on client, server, and gateway implementations. (25/02/2005)

ESB-2005.0187 -- Arkeia Network Backup 5.3.5 Fixes Buffer Overflow Vulnerability - ANB 5.3.5 fixes a buffer overflow that could allow a remote attacker to execute arbitrary code, and thereby get root access to the machine. An additional issue of weak authentication is also discussed. (24/02/2005)

ESB-2004.0758 -- Novell NetMail/NIMS/IMS NMAP Default Authentication Credential Vulnerability - (07/12/2004)

ESB-2004.0721 -- UNIRAS ALERT - 40/04 -- Vulnerability Issues in Implementations of the DNS Protocol - A potential Denial of Service vulnerability may impact multiple vendor implementations of the DNS protocol. (11/11/2004)

AL-2004.029 -- Apache Software Foundation Security Advisory -- Apache HTTP Server 2.0.51 Fixes 5 Security Vulnerabilities - The Apache Software Foundation has released version 2.0.51 of the Apache HTTP server. This version fixes 5 vulnerabilities, the most serious of which could allow for the execution of arbitrary code. (16/09/2004)

AL-2004.028 -- UNIRAS ALERT - 33/04 -- NISCC Vulnerability Advisory 380375/MIME - Multiple products' inconsistent implementation of MIME parsing causes inspection of MIME content for malicious data to fail. (14/09/2004)

ESB-2004.0556 -- US-CERT Technical Cyber Security Alert TA04-247A -- Vulnerabilities in MIT Kerberos 5 - The MIT Kerberos 5 implementation contains several vulnerabilities, the most severe of which could allow an unauthenticated, remote attacker to execute arbitrary code on a Kerberos Distribution Center (KDC). This could result in the compromise of an entire Kerberos realm. (06/09/2004)

ESB-2004.0536 -- US-CERT Vulnerability Note VU#432097 -- Novell Bordermanager VPN Service Denial of Service Vulnerability - A vulnerability exists in the Novell Bordermanager VPN service that could allow a remote attacker to cause a denial of service. (26/08/2004)

ESB-2004.0446 -- NGSSoftware Insight Security Research Advisory -- MySQL Authentication Bypass - This advisory details a bug that allows a remote user to entirely bypass the MySQL password authentication mechanism. (06/07/2004)

ESB-2004.0441 -- iDEFENSE Security Advisory 06.23.04 -- Lotus Notes URI Handler Argument Injection Vulnerability - (05/07/2004)

ESB-2004.0295 -- US-CERT Technical Cyber Security Alert TA04-111A -- Vulnerabilities in TCP - There is a vulnerability in TCP which allows remote attackers to terminate network sessions. Sustained exploitation of this vulnerability could lead to a denial of service condition. (22/04/2004)

AL-2004.12 -- NISCC Vulnerability Advisory 236929 - Vulnerability Issues in TCP - There is a vulnerability in TCP which allows remote attackers to terminate network sessions. The Border Gateway Protocol (BGP) is judged to be potentially most affected by this vulnerability. (21/04/2004)

ESB-2004.0216 -- UNIRAS ALERT - 12/04 -- Denial of Service Vulnerabilities in OpenSSL - Updated versions of OpenSSL are now available which correct three Denial of Service vulnerabilities. (18/03/2004)

ESB-2004.0204 -- HP SECURITY BULLETIN HPSBMA01003 -- SSRT4679 - HP Web-enabled Management Software certificate compromise using HP HTTP Server - (15/03/2004)

ESB-2004.0185 -- CIAC BULLETIN O-090 -- Vulnerability in Novell Client Firewall Tray Icon - (08/03/2004)

ESB-2004.0146 -- CIAC BULLETIN O-080 -- Novell iChain Telnet Service Vulnerability - (23/02/2004)

AU-2003.020 -- AusCERT Update - Novell eDirectory SSL/TLS ASN.1 Parser and Novell NFS Server Incorrect Hostname Alias Handling Vulnerabilities - (08/12/2003)

ESB-2003.0819 -- ISC Announcement - BIND 8.4.3 maintenance release -- Security Fix: Negative Cache Poison Fix - BIND DNS server version 8.4.3 is available, fixing a Negative Cache Poison vulnerability which may allow a remote attacker to cause a denial of service for specific domains. (28/11/2003)

ESB-2003.0159 -- ISS Security Brief -- PeopleSoft PeopleTools Remote Command Execution Vulnerability - (11/03/2003)

ESB-2003.0111 -- OpenSSL Security Advisory -- Timing-based attacks on SSL/TLS with CBC encryption - (21/02/2003)

ESB-2003.0098 -- PHP Security Advisory -- CGI vulnerability in PHP version 4.3.0 - (18/02/2003)

Previous 1, 2, 3, 4, 5, 6 Next denotes AusCERT member only content.