lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <f196de390505020820459b913d@mail.gmail.com>
Date: Mon May  2 17:11:00 2005
From: sohlow at gmail.com (solemn)
Subject: DMA[2005-0425a] - 'ESRI ArcGIS 9.x multiple
	localvulnerabilities'

if you think that's funny, check out ArcIMS for windows and some of
the permissions that are given to the files during the install. at
least it was pretty entertaining with earlier versions of ArcIMS
wonder if they fixed it in 9. don't forget the humor with certain tags
when making custom xml queries to the server as well. ;-)

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of KF
(lists)
Sent: Saturday, April 30, 2005 4:47 PM
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] DMA[2005-0425a] - 'ESRI ArcGIS 9.x multiple
localvulnerabilities'


DMA[2005-0425a] - 'ESRI ArcGIS 9.x multiple local vulnerabilities'
Author: Kevin Finisterre
Vendor: http://www.esri.com/,
http://www.esri.com/software/arcgis/arcinfo/index.html
Product: 'ArcInfo Workstation for UNIX'
References:
http://www.digitalmunition.com/DMA[2005-0425a].txt

Description:
On any given day, more than 1,000,000 people around the world use
ESRI's GIS to improve the
way their organizations conduct business.

ESRI software is used by more than 300,000 organizations worldwide
including most U.S. federal
agencies and national mapping agencies, 45 of the top 50 petroleum
companies, all 50 U.S. state
health departments, most forestry companies, and many others in dozens
of industries.

ESRI software is the standard in state and local government and is
used by more than 24,000
state and local governments including Paris, France; Los Angeles,
California, USA; Beijing, China;
and Kuwait City, Kuwait.

ESRI ArcGIS is an integrated collection of GIS software products for
building a complete GIS.
ArcGIS enables users to deploy GIS functionality wherever it is needed
in desktops, servers, or
custom applications; over the Web; or in the field.

Several local overflows and format string conditions have been found
in the Unix versions of ESRI
ArcGIS products. ESRI Staff has promptly responded to and fixed the
issues mentioned below. Patches
for ArcGIS 9.x will be available at the time this advisory is published.

(http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015)

Our testing was performed against ARCInfo Workstation 9 on two of
ESRI's supported UNIX platforms.
We have currently only tested IRIX 6.5 and Solaris 10(beta). All UNIX
ArcInfo installs are believed
to be impacted by these vulnerabilities. It is currently unknown how
older versions of ArcGIS are
affected by these bugs. ESRI has stated that fixes for 8.x are
forthcomming so I can only assume
exploitation is similar for this particlar version.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ