rule software vulnerabilities
vulnerabilities.aspcode.net
Searching rule software vulnerabilities
PAM configuration file for rlogin in Red Hat Li
configuration
|
/etc/nologin
|
restrictive
|
explicitly
|
includes
|
disabled
|
earlier
|
before
|
allows
|
access
|
rlogin
|
which
|
Linux
|
users
|
using
|
been
|
even
|
host
|
rule
|
less
|
file
|
more
|
PAM
|
Red
|
Hat
|
one
|
via
|
has
|
PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via rlogin even if rlogin has been explicitly disabled using the /etc/nologin file.
Configuration error in Axent Raptor Firewall 6.
Configuration
|
httpnoproxy
|
attackers
|
resources
|
internal
|
Firewall
|
access
|
Raptor
|
remote
|
allows
|
error
|
Axent
|
proxy
|
Rule
|
set
|
not
|
use
|
web
|
Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set.
iptables-save in iptables before 1.2.4 records
iptables-save
|
iptables
|
before
|
iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.
PF in OpenBSD 3.0 with the return-rst rule sets
return-rst
|
OpenBSD
|
sets
|
rule
|
TTL
|
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
Rule Set Based Access Control (RSBAC) 1.2.2 thr
Control
|
Access
|
Based
|
Rule
|
Set
|
Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges.
BlackICE PC Protection and Server Protection in
Protection
|
installs
|
BlackICE
|
Server
|
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.
Check Point NGX R60 does not properly verify pa
restrictions
|
predefined
|
attackers
|
properly
|
intended
|
packets
|
service
|
against
|
bypass
|
remote
|
"CIFS"
|
verify
|
allows
|
which
|
Check
|
Point
|
group
|
does
|
rule
|
not
|
NGX
|
R60
|
Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions.
A rule file in module-assistant before 0.9.10 c
module-assistant
|
before
|
rule
|
file
|
A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations.
The siteaccess URIMatching implementation in eZ
implementation
|
URIMatching
|
siteaccess
|
through
|
publish
|
before
|
The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before Friday, August 12, 2005 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin.
A logic error in the IP fragment cache function
functionality
|
drop-ovl'
|
attackers
|
fragment
|
OpenBSD
|
service
|
FreeBSD
|
denial
|
allows
|
remote
|
'scrub
|
cause
|
logic
|
crop'
|
cache
|
being
|
error
|
rule
|
used
|
A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is being used, allows remote attackers to cause a denial of service (crash) via crafted packets that cause a packet fragment to be inserted twice.
M4 Macro Library in Symantec Security Informati
Information
|
Security
|
Symantec
|
Manager
|
Library
|
before
|
Macro
|
M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation.
ip6_tables in netfilter in the Linux kernel bef
ip6_tables
|
netfilter
|
kernel
|
before
|
Linux
|
ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug."
Symantec Sygate NAC allows physically proximate
associated
|
physically
|
proximate
|
attackers
|
selecting
|
exception
|
Symantec
|
network
|
address
|
methods
|
control
|
forged
|
Sygate
|
allows
|
bypass
|
local
|
join
|
rule
|
MAC
|
NAC
|
Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs).
procmail in Ingo H3 before 1.1.2 Horde module a
procmail
|
before
|
Ingo
|
procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule.
Unspecified vulnerability in the match_rule_equ
match_rule_equal
|
vulnerability
|
bus/signalsc
|
Unspecified
|
function
|
before
|
D-Bus
|
Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).
Algorithmic complexity vulnerability in Snort b
vulnerability
|
Algorithmic
|
complexity
|
before
|
Snort
|
Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack."
The Teredo interface in Microsoft Windows Vista
Vulnerability"
|
information
|
Disclosure
|
interface
|
sensitive
|
attackers
|
Microsoft
|
firewall
|
blocking
|
properly
|
"Windows
|
Edition
|
Windows
|
traffic
|
certain
|
crafted
|
network
|
obtain
|
bypass
|
handle
|
Teredo
|
allows
|
remote
|
Vista
|
rules
|
which
|
Rule
|
IPv6
|
does
|
x64
|
not
|
via
|
aka
|
The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability."
Rule Set Based Access Control (RSBAC) before 1.
Control
|
Access
|
Based
|
Rule
|
Set
|
Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.
Software vulnerabilities results 1 to 19 of 19
Page:
1