S-221: Learn2 STRunner ActiveX Control Vulnerabilities


 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-221: Learn2 STRunner ActiveX Control Vulnerabilities
# 1  
Old 03-04-2008
S-221: Learn2 STRunner ActiveX Control Vulnerabilities

The Learn2 STRunner ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The risk is LOW. By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question
pam_stack(8)						   System Administrator's Manual					      pam_stack(8)

NAME
pam_stack - recurse into other PAM stacks SYNOPSIS
auth required /lib/security/pam_stack.so service=foo session optional /lib/security/pam_stack.so service=foo password optional /lib/security/pam_stack.so service=foo account optional /lib/security/pam_stack.so service=foo DESCRIPTION
In a nutshell, pam_stack lets you "call", from inside of the stack for a particular service, the stack defined for any another service. The intention is to allow multiple services to "include" a system-wide setup, so that when that setup needs to be changed, it need only be changed in one place. ARGUMENTS
debug turns on debugging via syslog(3). service=name tells pam_stack.so to execute the stack defined for the service name, which will usually be another file in /etc/pam.d. EXAMPLE
/etc/pam.d/imap: auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_shells.so /etc/pam.d/system-auth: auth sufficient /lib/security/pam_krb5.so auth sufficient /lib/security/pam_unix.so shadow nullok auth required /lib/security/pam_deny.so CAVEAT
Because recursion is fully supported, there is potential to really break things by having a stack call itself either directly or via mutual recursion. BUGS
Let's hope not, but if you find any, please email the author. AUTHOR
Nalin Dahyabhai <nalin@redhat.com> Red Hat Linux 2001/01/30 pam_stack(8)