NCHOVY 인터넷 스톰 센터 xeraph@nchovy.kr National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-0411 Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow. 2010-02-08T00:00:00+09:00 2010-02-08T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-0294 chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets. 2010-02-08T00:00:00+09:00 2010-02-08T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-0293 The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets. 2010-02-08T00:00:00+09:00 2010-02-08T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-0292 The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563. 2010-02-08T00:00:00+09:00 2010-02-08T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2003-1588 Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file. 2010-02-08T00:00:00+09:00 2010-02-08T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-0559 The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain. 2010-02-08T00:00:00+09:00 2010-02-08T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-0558 The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain. 2010-02-08T00:00:00+09:00 2010-02-08T00:00:00+09:00 National Vulnerability Database http://nchovy.kr/security/cve/CVE-2010-0557 IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. 2010-02-08T00:00:00+09:00 2010-02-08T00:00:00+09:00