RSS   Vulnerabilities for 'Tarantella enterprise'   RSS

2005-03-30
 
CVE-2005-0486

 

 
Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme.

 
2004-11-23
 
CVE-2004-0112

CWE-Other
 

 
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

 
 
CVE-2004-0081

CWE-Other
 

 
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

 
 
CVE-2004-0079

CWE-Other
 

 
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

 
2002-05-31
 
CVE-2002-0296

 

 
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.

 
2002-05-16
 
CVE-2002-0211

 

 
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.

 
 
CVE-2002-0203

 

 
ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux, and 3.1x and 3.0x including 3.11.903, allows remote attackers to view directory contents via an empty pg parameter.

 
2001-12-06
 
CVE-2001-0805

 

 
Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter.

 

 >>> Vendor: Tarantella 2 Products
Tarantella enterprise
Secure global desktop


Copyright 2022, cxsecurity.com

 

Back to Top