| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon May 2 17:11:00 2005 From: sohlow at gmail.com (solemn) Subject: DMA[2005-0425a] - 'ESRI ArcGIS 9.x multiple localvulnerabilities' if you think that's funny, check out ArcIMS for windows and some of the permissions that are given to the files during the install. at least it was pretty entertaining with earlier versions of ArcIMS wonder if they fixed it in 9. don't forget the humor with certain tags when making custom xml queries to the server as well. ;-) -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of KF (lists) Sent: Saturday, April 30, 2005 4:47 PM To: full-disclosure@...ts.grok.org.uk Subject: [Full-disclosure] DMA[2005-0425a] - 'ESRI ArcGIS 9.x multiple localvulnerabilities' DMA[2005-0425a] - 'ESRI ArcGIS 9.x multiple local vulnerabilities' Author: Kevin Finisterre Vendor: http://www.esri.com/, http://www.esri.com/software/arcgis/arcinfo/index.html Product: 'ArcInfo Workstation for UNIX' References: http://www.digitalmunition.com/DMA[2005-0425a].txt Description: On any given day, more than 1,000,000 people around the world use ESRI's GIS to improve the way their organizations conduct business. ESRI software is used by more than 300,000 organizations worldwide including most U.S. federal agencies and national mapping agencies, 45 of the top 50 petroleum companies, all 50 U.S. state health departments, most forestry companies, and many others in dozens of industries. ESRI software is the standard in state and local government and is used by more than 24,000 state and local governments including Paris, France; Los Angeles, California, USA; Beijing, China; and Kuwait City, Kuwait. ESRI ArcGIS is an integrated collection of GIS software products for building a complete GIS. ArcGIS enables users to deploy GIS functionality wherever it is needed in desktops, servers, or custom applications; over the Web; or in the field. Several local overflows and format string conditions have been found in the Unix versions of ESRI ArcGIS products. ESRI Staff has promptly responded to and fixed the issues mentioned below. Patches for ArcGIS 9.x will be available at the time this advisory is published. (http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015) Our testing was performed against ARCInfo Workstation 9 on two of ESRI's supported UNIX platforms. We have currently only tested IRIX 6.5 and Solaris 10(beta). All UNIX ArcInfo installs are believed to be impacted by these vulnerabilities. It is currently unknown how older versions of ArcGIS are affected by these bugs. ESRI has stated that fixes for 8.x are forthcomming so I can only assume exploitation is similar for this particlar version.
Powered by blists - more mailing lists