Manualshelf

Specifications

ManualsBrandsCayman Systems ManualsComputer equipment3220-H
21222324252627282930
SAFER – Vol. 3, Issue 6 26 © 2000 The Relay Group
FileMaker Pro 5.0 Web Companion Software Multiple Vulnerabilities
Released May 02, 2000
Affects FileMaker FileMaker Pro 5.0
Reference http://www.securityfocus.com/bid/1159
Problem
- Web Companion Software is part of the Filemaker Pro 5.0 database package. Included in that
package is the XML publishing capability, which does not make use of Filemaker Pro's web
security features. Therefore any remote user can retrieve, via XML, any data from a web
connected database regardless of the web security settings on that data.
- Filemaker Pro 5.0 also integrates email capabilities into web-based database applications. One of
the features now available is the capability to specify contents of a database field for use as a
format for an email. This feature bypasses Filemaker Pro's normal web security and allows any
remote web user to send any database content to any email address regardless of the security
settings for that content.
- The email features of Filemaker Pro also allow web users to anonymously forge emails.
SAFER
- FileMaker has released the patches which rectify this issue.
Sniffit '-L mail' Remote Buffer Overflow Vulnerability
Released May 02, 2000
Affects Brecht Claerhout Sniffit 0.3.7beta, 0.3.6HIP
Reference http://www.securityfocus.com/bid/1158
Problem
- Certain versions of the popular network sniffer package Sniffit have a buffer overflow which can be
exploited remotely for root access. This buffer overflow in present in the code which handles
sniffing mail headers.
- More specifically the overflow occurs when the logging flag '-L' contains the directive 'mail'.
SAFER
- Unofficial patch has been made available.
Cassandra NNTPServer v1.10 Buffer Overflow Vulnerability
Released May 1, 2000
Affects Atrium Software Cassandra NNTP Server 1.10
Reference http://www.securityfocus.com/bid/1156
Problem
- Unchecked buffer exists in the code that handles login information in Cassandra NNTP v1.10
server. Entering a login name that consists of over 10 000 characters will cause the server to stop
responding until the administrator restarts the application.
SAFER
- It is not clear if the remote execution of code is possible. Updated version should be available
shortly.