From schaefer at alphanet.ch Thu Aug 5 17:21:03 2004 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Thu Aug 5 17:21:03 2004 Subject: [gull-annonces] =?iso-8859-1?Q?R=E9sum?= =?iso-8859-1?Q?=E9?= SecurityFocus Newsletter #260 Message-ID: <20040805151719.GA3460@defian.alphanet.ch> eSeSIX Thintune Thin Client Devices Multiple Vulnerabilities BugTraq ID: 10794 Remote: Yes Date Published: Jul 24 2004 Relevant URL: http://www.securityfocus.com/bid/10794 Summary: Thintune Linux-based devices are reported prone to multiple vulnerabilities. These issues can allow remote attackers to gain complete access to a vulnerable device. The issues include backdoor accounts that can be accessed over the network and an information disclosure issue that can disclose user accounts and passwords. Thintune devices with firmware version 2.4.38 and prior are affected by these issues. Reportedly, Thintune devices based on Windows CE are not affected. [ firmware ] Pavuk Remote Digest Authentication Buffer Overflow Vulnerabi... BugTraq ID: 10797 Remote: Yes Date Published: Jul 26 2004 Relevant URL: http://www.securityfocus.com/bid/10797 Summary: It has been reported that Pavuk is affected by a remote digest authentication buffer overflow vulnerability. This issue is due to a failure of the application to validate string lengths when copying user-supplied data into finite buffers in process memory. Ultimately a remote malicious web site may exploit this issue to execute arbitrary code on the affected computer with the privileges of the user who started the affected application. Subversion 'mod_authz_svn' Access Control Bypass Vulnerabili... BugTraq ID: 10800 Remote: Yes Date Published: Jul 26 2004 Relevant URL: http://www.securityfocus.com/bid/10800 Summary: Subversion is reported to contain access control bypass vulnerabilities in its 'mod_authz_svn' Apache module. These access control vulnerabilities present themselves when users have mixed access to a repository. These vulnerabilities exist in several server operations, such as COPY and DELETE. These operations fail to properly implement the operator assigned access controls, allowing users improper access to repositories. These issues are only present when using the WebDAV access method with the Apache 'mod_authz_svn' module, with the 'AuthzSVNAccessFile' configuration directive. The vulnerabilities are present in version 1.0.5 and prior. Versions 1.0.6 and 1.1.0-rc1 have been released to address these vulnerabilities. MoinMoin PageEditor Unspecified Privilege Escalation Vulnera... BugTraq ID: 10801 Remote: Yes Date Published: Jul 26 2004 Relevant URL: http://www.securityfocus.com/bid/10801 Summary: MoinMoin is reported prone to an unspecified privilege escalation vulnerability. This issue is related to the PageEditor functionality. Specifically this vulnerability may arise due to improper implementation of access control lists. A remote attacker may exploit this to gain elevated privileges. Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available. This issues is identified in MoinMoin version 1.2.2, however, other versions may be affected as well. MoinMoin Unspecified Privilege Escalation Vulnerability BugTraq ID: 10805 Remote: Yes Date Published: Jul 26 2004 Relevant URL: http://www.securityfocus.com/bid/10805 Summary: MoinMoin is reported prone to an unspecified privilege escalation vulnerability. It is reported that this issue presents itself if access control lists are not applied. An unspecified erroneous function allows remote attackers to carry out privileged tasks without proper access validation. Remote attackers may gain read and write access to sensitive data. Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available. This issues is identified in MoinMoin versions 1.2.2 and prior. [ Wiki en Python ] Dropbear SSH Server Digital Signature Standard Unspecified A... BugTraq ID: 10803 Remote: Yes Date Published: Jul 26 2004 Relevant URL: http://www.securityfocus.com/bid/10803 Summary: Reportedly Dropbear SSH is affected by an unspecified digital signal standard (DSS) authentication vulnerability; an upgrade is available. The impact of this issue is currently unknown, although it is speculated that this issue could be used to gain unauthorized access to a computer running the vulnerable application. It should be noted that this is not confirmed. This BID will be updated as more information becomes available. [ serveur SSH `l?ger' ] SoX WAV File Buffer Overflow Vulnerability BugTraq ID: 10819 Remote: No Date Published: Jul 28 2004 Relevant URL: http://www.securityfocus.com/bid/10819 Summary: The WAV header handling code in SoX is reported to contain a buffer overflow vulnerability. This issue is due to a failure of the application to validate string lengths when copying user-supplied data into finite buffers in process memory. The attacker must be able to present a malicious WAV file to an unsuspecting user. The user must employ the affected application to either listen to, or process the malicious file. Ultimately a malicious attacker may exploit this issue to execute arbitrary code on the affected computer with the privileges of the user who started the affected application. DansGuardian Hex Encoded File Extension URI Content Filter B... BugTraq ID: 10823 Remote: Yes Date Published: Jul 29 2004 Relevant URL: http://www.securityfocus.com/bid/10823 Summary: It is reported that DansGuardian contains a content filter bypass vulnerability when handling hex encoded file extensions in URIs. Under some installations, this may violate security policy, or allow users to inadvertently access malicious web content. [ Filtre WWW utilisant Squid ou oops. Attention, GPL uniquement pour utilisation non-commerciale ... ?trange .. la restriction est impl?ment?e au t?l?chargement; mais d'apr?s la GPL cela n'a pas vraiment de valeur, ou alors la GPL ne peut s'appliquer (`additional restrictions'). ] OpenFTPD Remote Message Format String Vulnerability BugTraq ID: 10830 Remote: Yes Date Published: Jul 30 2004 Relevant URL: http://www.securityfocus.com/bid/10830 Summary: Reportedly OpenFTPD is affected by a remote message format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function. Successful exploitation of this issue will allow an attacker to execute arbitrary code on the affected computer with the privileges of the user that invoked the affected FTP server software. MyServer Multiple Remote math_sum.mscgi Example Script Vulne... BugTraq ID: 10831 Remote: Yes Date Published: Jul 30 2004 Relevant URL: http://www.securityfocus.com/bid/10831 Summary: Reportedly MyServer is affected by multiple remote vulnerabilities in the 'math_sum.mscgi' example script. These issues are due to a boundary condition error and a failure to properly sanitize user-supplied URI input. An attacker could exploit the boundary condition issue to execute arbitrary code on the affected computer with the privileges of the user that started the affected application. The input validation issue could be leveraged to carry out cross-site scripting attacks against the affected computer. These issues are reported to affect MyServer version 0.6.2, it is likely other versions are also affected. [ licence ? langage ? ] Mozilla Firefox Refresh Security Property Spoofing Vulnerabi... BugTraq ID: 10796 Remote: Yes Date Published: Jul 26 2004 Relevant URL: http://www.securityfocus.com/bid/10796 Summary: Mozilla Firefox may permit malicious Web pages to spoof security properties of a trusted site. An attacker can exploit this issue to spoof the URI and SSL certificate of a site trusted by an unsuspecting user. The attacker can then use this spoofing to steal sensitive or private information, facilitating phishing attacks Mozilla Firefox XML User Interface Language Browser Interfac... BugTraq ID: 10832 Remote: Yes Date Published: Jul 30 2004 Relevant URL: http://www.securityfocus.com/bid/10832 Summary: Mozilla Firefox is reported prone to an interface spoofing vulnerability. The issue presents itself because JavaScript code is allowed to hide the Mozilla Firefox interface and status bar by default. A fake Mozilla firefox interface may be created using the XML User Interface Language API, this interface may aid in phishing style attacks. This misrepresentation may fool a user into trusting a malicious site, which would likely ask the user to submit sensitive or private information. Citadel/UX Username Buffer Overflow Vulnerability BugTraq ID: 10833 Remote: Yes Date Published: Jul 30 2004 Relevant URL: http://www.securityfocus.com/bid/10833 Summary: A buffer overrun vulnerability is reported for Citadel/UX. The problem occurs due to insufficient bounds checking when processing 'USER' command arguments. An anonymous remote attacker may be capable of exploiting this issue to execute arbitrary code. This however has not been confirmed. Failed exploit attempts may result in a denial of service. From schaefer at alphanet.ch Sat Aug 7 09:28:01 2004 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Sat Aug 7 09:28:01 2004 Subject: [gull-annonces] FSF Europe Newsletter Message-ID: <20040807072409.GA1619@defian.alphanet.ch> Bonjour, en g?n?ral je ne transmets pas les annonces de la FSFEurope, mais celle-l? vaut ? mon avis la peine. ----- Forwarded message from FSF Europe ----- To: announce at fsfeurope.org, discussion at fsfeurope.org, press-release at fsfeurope.org From: FSF Europe X-Spam-Status: No, hits=-23.4 required=5.0 tests=AWL,BAYES_00, MSGID_FROM_MTA_HEADER,USER_IN_WHITELIST autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on crosspoint.fsfeurope.org Cc: Subject: FSF Europe Newsletter X-BeenThere: discussion at fsfeurope.org X-Mailman-Version: 2.1.4.ber1 List-Id: General discussion list for the FSF Europe List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , 1. FSFE supporting European Commission in their case against Microsoft 2. Widely noticed interview in "Die Zeit" 3. Writing new licenses often counterproductive 4. RSS feeds for FSFE news and events available 5. FSFE supports the declaration of Caceres 6. Investigations on the impact of Free Software on companies 1. FSFE supporting European Commission in their case against Microsoft In 2001 the European Union, through the DG Competition of the European Commission (lead by Prof. Monti), started investigating Microsoft's dominant position in the desktop operating systems market. The Free Software Foundation Europe was invited by the EC to represent the interests of the Free Software movement. Together with the Samba team, which the FSFE involved in the case and with which it cooperated closely, we were able to provide much of the arguments that the European Commission based its decision upon. Microsoft recently appealed against the antitrust decision and the DG Competition called upon FSFE in cooperation with the Samba team again to now join the efforts of the Commission to defend that decision. FSFE, representing itself and the Samba team as well as the interests of the Free Software Community, has participated in the preliminary hearing held in Luxembourg on 27th of July. Sun, which originally started the antitrust trial in Europe, declined to participate to the appeal, so the list of the supporters of the Commission are: Novell, RealNetworks, CCIA (Computer & Communication Industry Association), SIIA (Software and Information Industry Association) and FSFE. In the course of the upcoming months, FSFE will read and comment on all the documentation submitted by Microsoft to sustain the idea that "disclosing documentation on interfaces and protocols is harmful" for their business and for consumers. These will be busy months, so if you know anybody that values being able to use SAMBA and could support our efforts, please tell them to support our work with their donation. 2. Widely noticed interview in "DIE ZEIT" "DIE ZEIT", a well-respected German newspaper, has printed an interview with Georg Greve that has been cited in several other newspapers and news services. Georg Greve explains why software patents are job- and economy-killers: "Many companies are facing a low liquitidy and can spend their money only once: either on software patents, or on innovation." 3. Writing new licenses often counterproductive There seems to be a trend that more and more projects create new licenses for Free Software instead of using the well established ones used by thousands of existing projects. The FSFE emphasises that the GNU GPL, the GNU LGPL and the BSD-style license are excellent for most - if not all - projects. Claims that the GPL is not fully applicable outside the U.S. have been proven wrong by a recent court decision in Germany. 4. RSS feeds for FSFE news and events available Our web team has created automatic RSS feeds for news and upcoming events. Feeds are focus and language dependent. The URL for the news feed is: http://www..fsfeurope.org/news/news..rss while you find the event feed at: http://www..fsfeurope.org/events/events..rss For example, for German speaking news and the German focus, you would choose http://www.germany.fsfeurope.org/news/news.de.rss as the URL. For your convenience, the news and event pages contain links to the RSS feed URLs. 5. FSFE supports the "Declaration of Caceres" During the Free Software Summer Event of the University of Extremadura in Caceres, Spain, Georg Greve gave a presentation on the Free Software Foundation Europe and participated in a panel discussion about software patents. As closing highlight of the university course, the participants made the "Declaration of Caceres" against software patents drafted by Hispalinux, which was read out in Portuguese by Marcelo D'Elia Branco, German by Georg Greve, English by Maureen O'Sullivan and finally Spanish by the vice-rector of the University, Fernando Sanchez Figueroa. The FSFE officially supports this declaration, which reads: "Freedom, equality and fraternity, the old Europe's values applied to technology, have achieved the biggest innovative space ever imagined. Software Patents are the countermeasure that augments costs, bureaucracy and legal costs to stop European progress." 6. Investigations on the impact of Free Software on companies The University Bocconi in Milan, Italy held a conference to discuss the impact Free Software has on Italian companies. Stefano Maffulli was invited to hold a speech in the name of the FSFE. You can find a list of all FSF Europe newsletters on http://www.fsfeurope.org/news/newsletter.en.html _______________________________________________ Discussion mailing list Discussion at fsfeurope.org https://mail.fsfeurope.org/mailman/listinfo/discussion ----- End forwarded message ----- From schaefer at alphanet.ch Sat Aug 14 23:11:02 2004 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Sat Aug 14 23:11:02 2004 Subject: [gull-annonces] =?iso-8859-1?Q?R=E9sum?= =?iso-8859-1?Q?=E9?= SecurityFocus Newsletter #261 Message-ID: <20040814210015.GA2603@defian.alphanet.ch> GNU Transport Layer Security Library X.509 Certificate Verif... BugTraq ID: 10839 Remote: Yes Date Published: Aug 02 2004 Relevant URL: http://www.securityfocus.com/bid/10839 Summary: Reportedly GNU Transport Layer Security Library (GNUTLS) is affected by a X.509 certificate verification denial of service vulnerability. This issue is due to a design error that causes the application to attempt to verify invalid X.509 certificates. This issue would allow an attacker to cause the affected application to consume CPU resources and hang while attempted verification takes place, denying service to legitimate users. U.S. Robotics USR808054 Wireless Access Point Web Administra... BugTraq ID: 10840 Remote: Yes Date Published: Aug 02 2004 Relevant URL: http://www.securityfocus.com/bid/10840 Summary: The USR808054 wireless access point is reported to contain a denial of service vulnerability in its embedded web server. When malicious requests are received by the device, it will reportedly crash, denying service to legitimate users of the access point. This issue can be exploited by anybody with network connectivity to the administration HTTP server, no authentication is required. Version 1.21h of the device was found to be vulnerable, but other versions are also likely affected. Due to the practice of code-reuse in companies, it is also possible that other devices and products have this same flaw. This BID may also be related to BID 6994, but this has not been confirmed. [ firmware ] BreakCalendar Multiple Remote Vulnerabilities BugTraq ID: 10847 Remote: Yes Date Published: Aug 03 2004 Relevant URL: http://www.securityfocus.com/bid/10847 Summary: Reportedly BreakCalendar is affected by multiple remote vulnerabilities. These issues are due to a failure to sanitize user-supplied input. An attacker could leverage these issues to conduct cross-site scripting attacks and to perform actions facilitated by the 'add event' and 'edit/remove event' forms. ripMIME MIME Attachment Decoding Weakness BugTraq ID: 10848 Remote: Yes Date Published: Aug 03 2004 Relevant URL: http://www.securityfocus.com/bid/10848 Summary: It is reported that a weakness exists in ripMIMEs decoding routine. If ripMIME is being used in conjunction with a virus scanning, or other similar type of application, this weakness has the affect of not passing the attachment to the engine. This means that the attachments will bypass the scanning process. By bypassing the scanning process, the message may then be passed on to an end user while still containing virus, or other malicious code that should have been blocked by the filter. Attackers may exploit this weakness by forming malicious content designed to pass through filtering software. This content is designed to be decoded by the end users MUA. Some MUAs may decode the MIME attachments, even though they are formed incorrectly, allowing the malicious content to be delivered. Version 1.3.2.3 has been released which fixes this weakness. PuTTY Modpow Integer Handling Memory Corruption Vulnerabilit... BugTraq ID: 10850 Remote: Yes Date Published: Aug 04 2004 Relevant URL: http://www.securityfocus.com/bid/10850 Summary: Reportedly PuTTY is affected by a remote, pre-authentication code execution vulnerability. An attacker might leverage this issue to execute arbitrary code on an affected system. As this issue is exploitable before any authorization and before the host key is verified, any remote attacker can exploit this to gain unauthorized access to a vulnerable computer with the privileges of the user that started the affected application. Linux Kernel File 64-Bit Offset Pointer Handling Kernel Memo... BugTraq ID: 10852 Remote: No Date Published: Aug 04 2004 Relevant URL: http://www.securityfocus.com/bid/10852 Summary: A vulnerability in the Linux kernel in the 64-bit file offset handling code may allow malicious users to read kernel memory. This issue is due to a design error that causes the affected code to fail to properly validate file pointers. An attacker may leverage this issue to read arbitrary Linux kernel memory. This could allow an attacker to read sensitive data such as cached passwords. This issue will certainly aid in further attacks against the affected computer. It has been reported that the Linux 2.6.X kernel, although still vulnerable, might not be exploitable. This BID will be updated when more information becomes available. Juniper Networks NetScreen SSHv1 Denial Of Service Vulnerabi... BugTraq ID: 10854 Remote: Yes Date Published: Aug 04 2004 Relevant URL: http://www.securityfocus.com/bid/10854 Summary: Juniper Networks NetScreen firewalls configured to run the SSHv1 service are reported prone to a denial of service vulnerability. It is reported that the vulnerability may be triggered by a remote attacker, prior to any form of authentication. [ firmware ] Acme thttpd Directory Traversal Vulnerability BugTraq ID: 10862 Remote: Yes Date Published: Aug 04 2004 Relevant URL: http://www.securityfocus.com/bid/10862 Summary: It is reported that thttpd is susceptible to a directory traversal vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. This issue only exists in the Windows port of the application, as it does not correctly take into consideration the environmental attributes of file system access in applications. This issue may allow an attacker to retrieve arbitrary, potentially sensitive files, from the affected host computer, as the user that the thttpd process is running as. Version 2.07 beta 0.4 of thttpd, running on a Microsoft Windows platform is reported vulnerable to this issue. [ very efficient, small and KISS open source HTTP daemon ] Gnome VFS 'extfs' Scripts Undisclosed Vulnerability BugTraq ID: 10864 Remote: Yes Date Published: Aug 04 2004 Relevant URL: http://www.securityfocus.com/bid/10864 Summary: Gnome VFSs 'extfs' scripts are reported prone to an undisclosed vulnerability. It is reported that a user that views specially crafted, attacker supplied URIs utilizing the 'extfs' VFS module may be able to execute arbitrary commands in the context of the user. This BID will be updated as further information is disclosed. LILO gfxboot Plaintext Password Display Vulnerability BugTraq ID: 10866 Remote: No Date Published: Aug 04 2004 Relevant URL: http://www.securityfocus.com/bid/10866 Summary: Reportedly gfxboot is affected by a plain text password display vulnerability. This issue is due to a design error that fails to protect user passwords. The problem reportedly results in the plain text lilo boot password to be displayed when typing. An attacker might leverage this issue to read the plain text lilo boot password. YaST2 Utility Library File Verification Shell Code Injection... BugTraq ID: 10867 Remote: Yes Date Published: Aug 04 2004 Relevant URL: http://www.securityfocus.com/bid/10867 Summary: YaST2 utility library 'liby2util' is affected by a file verification shell code injection vulnerability. This issue is due to a design error that fails to properly validate files. An attacker could leverage this issue to inject malicious shell code into a file name being transferred using the vulnerable utility. This might facilitate privilege escalation and unauthorized access. Neon WebDAV Client Library Unspecified Vulnerability BugTraq ID: 10869 Remote: Yes Date Published: Aug 04 2004 Relevant URL: http://www.securityfocus.com/bid/10869 Summary: It is reported that Neon contains an unspecified vulnerability. The cause of this vulnerability is currently unknown. Due to the nature of the library, it is likely that this is a remotely exploitable issue. It is currently unknown what the affects and impacts of this issue is. This BID will be updated immediately when more information becomes available. PSCP Modpow Base Integer Handling Buffer Overrun Vulnerabili... BugTraq ID: 10870 Remote: Yes Date Published: Aug 04 2004 Relevant URL: http://www.securityfocus.com/bid/10870 Summary: PSCP is reported prone to a buffer overrun vulnerability. An attacker might leverage this issue to execute arbitrary code on an affected system. As this issue is exploitable before any authorization and before the host key is verified, any remote attacker can exploit this to gain unauthorized access to a vulnerable computer with the privileges of the user that started the affected application. [ voir Putty ] libpng Graphics Library Multiple Remote Vulnerabilities BugTraq ID: 10857 Remote: Yes Date Published: Aug 04 2004 Relevant URL: http://www.securityfocus.com/bid/10857 Summary: The libpng graphics library is reported prone to multiple vulnerabilities. The following issues are reported: It is reported that a stack-based buffer overrun vulnerability exists in the libpng library (CAN-2004-0597). A remote attacker may exploit this condition, by supplying a malicious image to an unsuspecting user. When this image is viewed, the vulnerability may be triggered resulting in code execution occurring in the context of the user that viewed the malicious image. A denial of service vulnerability is also reported to affect libpng (CAN-2004-0598). A remote attacker may exploit this condition, by supplying a malicious image to an unsuspecting user. When the malicious image is viewed, a NULL pointer dereference will occur resulting in a crash of the application that is linked to the vulnerable library. Additionally several integer overrun vulnerabilities are reported to exist in png_handle_sPLT(), png_read_png() and other functions of libpng (CAN-2004-0599). A remote attacker may exploit the integer-overrun conditions, by supplying a malicious image to an unsuspecting user. When the malicious image is viewed, an integer value may wrap, or be interpreted incorrectly resulting in a crash of the application that is linked to the vulnerable library, or may potentially result in arbitrary code execution. This BID will be split into independent BIDs when further analysis of these vulnerabilities is complete. Mozilla and Netscape SOAPParameter Integer Overflow Vulnerab... BugTraq ID: 10843 Remote: Yes Date Published: Aug 02 2004 Relevant URL: http://www.securityfocus.com/bid/10843 Summary: It is reported that Mozilla and Netscape contain an integer overflow vulnerability in the SOAPParameter object constructor. This overflow may result in the corruption of critical heap memory structures, leading to possible remote code execution. An attacker can exploit this issue by crafting a malicious web page and having unsuspecting users view the page in a vulnerable version of Mozilla or Netscape. Netscape 7.0, 7.1, and versions of Mozilla prior to 1.7.1 are known to be vulnerable to this issue. Users of affected versions of Netscape are urged to switch to Mozilla 1.7.1 or later, as new versions of Netscape are not likely to appear. Mozilla Browser Input Type HTML Tag Unauthorized Access Vuln... BugTraq ID: 10874 Remote: Yes Date Published: Aug 05 2004 Relevant URL: http://www.securityfocus.com/bid/10874 Summary: Mozilla browser is reportedly affected by an input type HTML tag unauthorized access vulnerability. This issue is due to an access validation error that allows access to arbitrary files on an unsuspecting user's system. This issue will allow an attacker to obtain arbitrary files residing on the computer of an unsuspecting user that activates a malicious script. Mozilla Browser/Thunderbird SendUIDL POP3 Message Handling R... BugTraq ID: 10875 Remote: Yes Date Published: Aug 05 2004 Relevant URL: http://www.securityfocus.com/bid/10875 Summary: Mozilla and Mozilla Thunderbird are reported prone to a remote heap overflow vulnerability. The issue is reported to exist due to a lack of sufficient boundary checks performed on POP3 data handled by SendUidl(). An attacker controlled POP3 mail server may exploit this condition by sending a specifically crafted email message to the affected mail client. This will result in the corruption of heap-based memory. Mozilla Browser Non-FQDN SSL Certificate Spoofing Vulnerabil... BugTraq ID: 10876 Remote: Yes Date Published: Aug 05 2004 Relevant URL: http://www.securityfocus.com/bid/10876 Summary: Mozilla browser is reportedly vulnerable to an SSL certificate spoofing vulnerability in the 'cert_TestHostName()' function. This issue is due to a design error that fails to properly validate certified host names. This issue would allow an attacker to spoof a trusted certificate from a third party site, facilitating phishing style attacks by luring an unsuspecting user to enter information on what is apparently a trusted site. Mozilla SSL Redirect Spoofing Vulnerability BugTraq ID: 10880 Remote: Yes Date Published: Aug 05 2004 Relevant URL: http://www.securityfocus.com/bid/10880 Summary: It is reported that Mozilla, and products derived from Mozilla are susceptible to an SSL redirect spoofing vulnerability. By exploiting this vulnerability, an attacker can ensure that the victims browser contains the SSL lock icon, and will display the SSL certificate information of a legitimate site when the lock is clicked on. This vulnerability may aid in Phishing style attacks. Mozilla prior to 1.7, Mozilla Firebird 0.7, Mozilla Firefox prior to 0.9, and Mozilla Thunderbird prior to 0.7 are all reported vulnerable. CVSTrac filediff Remote Command Execution Vulnerability BugTraq ID: 10878 Remote: Yes Date Published: Aug 05 2004 Relevant URL: http://www.securityfocus.com/bid/10878 Summary: CVSTrac is affected by a remote command execution vulnerability in the 'filediff' functionality. This issue is due to an input validation error that allows for the appending of shell commands. An attacker could leverage this issue to execute arbitrary shell commands on a vulnerable computer with the privileges of the web server process. Thomson SpeedTouch Home ADSL Modem Predictable Initial TCP S... BugTraq ID: 10881 Remote: Yes Date Published: Aug 05 2004 Relevant URL: http://www.securityfocus.com/bid/10881 Summary: A vulnerability is reported to exist in the algorithms used by Thomson SpeedTouch Home ADSL Modem to generate initial TCP sequence numbers. The ability to predict TCP sequence numbers may allow a remote attacker to inject packets into a vulnerable data stream, for example the telnet service on the affected modem. [ firmware ] GNU Info Follow XRef Buffer Overrun Vulnerability BugTraq ID: 10882 Remote: No Date Published: Aug 06 2004 Relevant URL: http://www.securityfocus.com/bid/10882 Summary: GNU Info is reported prone to a buffer overrun vulnerability. The vulnerability is reported to present itself due to a lack of boundary checks performed on argument data for the (f) follow xref Info command. An attacker may exploit this vulnerability by crafting a malicious Info script that is sufficient to trigger the issue. Although this vulnerability is reported to affect info version 4.7-2.1, other versions might also be affected. From schaefer at alphanet.ch Wed Aug 18 10:11:03 2004 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Wed Aug 18 10:11:03 2004 Subject: [gull-annonces] /ch/open Open Business =?iso-8859-1?Q?Lunc?= =?iso-8859-1?Q?h_Z=FCrich?= und Bern Message-ID: <20040818073852.GA2234@defian.alphanet.ch> L'OBL de Z?rich du 1er septembre n'aura pas lieu. A la place /ch/open vous propose un OBL ? Berne les 19 octobre et 16 novembre, en allemand. 19.10., 11.45: F?d?ral Entrec?te Caf?, B?renplatz 31, Bern/BE (vor dem Bundeshaus), Tel.: 031 311 16 24 Mathias Kummer, Weblaw GmbH Abstract: ********* Aufzeigen juristischer Internetseiten mit Informationen zu Informatikrecht, Erkl?rung und Suche in Gesetzgebungs- und Urteilsdatenbanken des Bundes, Suche in juristischen Suchmaschinen Bio: **** Mathias Kummer ist Gesch?ftsf?hrer der Weblaw GmbH. Juristischer Berater und Projektbegleiter in der Informatik, IT-Recht-Dozent, Mitherausgeber und Autor "Informatikrecht in der Praxis", WEKA Verlag AG; regelm?ssig Publikationen in IT-Zeitschriften. Inscriptions sur jusqu'au 18.10. From schaefer at alphanet.ch Fri Aug 20 09:11:01 2004 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Fri Aug 20 09:11:01 2004 Subject: [gull-annonces] [CH-FSFE] Next meeting sunday 2004-09-12 Message-ID: <20040820064715.GB1235@defian.alphanet.ch> [ CH-FSFE is an attempt in creating links between the libre software movement in Switzerland and the FSF Europe. There is a mailing-list and a meeting. see https://mail.fsfeurope.org/mailman/listinfo/switzerland ] Hi, I have been appointed to organize the next meeting of the CH-FSFE group. So far I received one inscription from Cedric V., that's all. Date: Sunday 2004-09-12 Location: somewhere in Neuch?tel In order to simplify the organization, I suggest the following: - please register for the event using the automatic registration system at: http://www.alphanet.ch/~inscridb/cgi-bin/inscription.pl IF IT FAILS SEND A MAIL TO schaefer at alphanet.ch (not to the list!) giving your details (name, phone, number of person, coming by train or car) DEADLINE FOR REGISTRATION IS: 2004-09-06 (Monday) (but please register ASAP!) - a Wiki should be created for the group. If this is necessary, I can host it. You can see another project's Wiki at http://www.alphanet.ch/cgi-bin/la-sagne/wiki.pl (user la-sagne, password la-sagne) When created I could post the details there, such as map to the restaurant, etc. - the meeting will take place near Neuch?tel, at about 11:30 and will start with a dinner. Train from Basel dep BS 09:24 arr NE 10:56 Train from Bern dep BE 10:20 arr NE 10:59 Train from Fribourg dep FR 09:51 arr NE 10:59 Train from Geneva dep GE 09:48 arr NE 11:02 Train from Lausanne dep LS 10:27 arr NE 11:07 Train from Z?rich dep ZH Hbf 09:07 arr NE 10:51 I will be at the railway station under the big electronic timetable in the railway station hall from 10:46 until 11:10 (later if some trains are late) with a CH-FSFE pancarte and we will move in a somewhat grouped fashion to the designed location. - The exact location hasn't been defined yet and will depend on the amount of people coming. I will try to find a restaurant near the station where we can eat and meet in a relative calm for a relatively low price (you have to pay your dinner). - People coming by car shouldn't. Well, ok, we probably can find some park space near the restaurant. We can of course discuss/change the above, but please do it now and not one week before the event! Thank you. From schaefer at alphanet.ch Tue Aug 24 09:31:01 2004 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Tue Aug 24 09:31:01 2004 Subject: [gull-annonces] /ch/open 15.9.04: Event in Bern Message-ID: <20040824070914.GC4142@defian.alphanet.ch> Putting change at the center of the software process Referent Prof. Oscar Nierstrasz When 15. September 2004 17:30 Location Eidgen?ssisches Institut f?r Geistiges Eigentum, Einsteinstr. 2, 3003 Bern, Sitzungsraum 132 Organisation IGE, in Zusammenarbeit mit den IAM Alumni und /ch/open Abstract We know that successful software systems are doomed to change. But our programming languages and tools continue to focus on developing static, unchanging models of software. We propose that change should be at the center of our software process. To that end, we are exploring programming language mechanisms to support both fine-grained composition and coarse-grained extensibility, and we are developing tools and techniques to analyse and facilitate change in complex systems. In this talk we review problems and limitations with object-oriented and component-based development approaches, and we explore both technological and methodological ways in which change can be better accommodated. Inscription required: Matthias G?nter From schaefer at alphanet.ch Wed Aug 25 15:51:02 2004 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Wed Aug 25 15:51:02 2004 Subject: [gull-annonces] =?iso-8859-1?Q?R=E9sum?= =?iso-8859-1?Q?=E9?= SecurityFocus Newsletter #262 Message-ID: <20040825133951.GA3629@defian.alphanet.ch> Linux Kernel Unspecified chown Inode Time Vulnerability BugTraq ID: 10887 Remote: No Date Published: Aug 09 2004 Relevant URL: http://www.securityfocus.com/bid/10887 Summary: An unspecified vulnerability has been announced in the Linux Kernel implementation of the chown(2) system call. This issue is related to how inode time data is updated by the system call. The impact is not known at this time, though it is speculated that this could affect system integrity. Linux Kernel Unspecified Signal Denial Of Service Vulnerabil... BugTraq ID: 10888 Remote: No Date Published: Aug 09 2004 Relevant URL: http://www.securityfocus.com/bid/10888 Summary: An unspecified denial of service vulnerability has been reported to exist in the Linux Kernel. This issue could occur when signals are handled by the kernel. Further details are not available at this time. xine-lib Remote Buffer Overflow Vulnerability BugTraq ID: 10890 Remote: Yes Date Published: Aug 08 2004 Relevant URL: http://www.securityfocus.com/bid/10890 Summary: It is reported that the xine media library is affected by a remote buffer overflow vulnerability. This issue can allow a remote attacker to gain unauthorized access to a vulnerable computer. xine-lib rc-5 and prior versions are reportedly affected by this issue. xine versions 0.99.2 and prior are also vulnerable. Linux Kernel Unspecified USB Vulnerability BugTraq ID: 10892 Remote: No Date Published: Aug 09 2004 Relevant URL: http://www.securityfocus.com/bid/10892 Summary: The Linux Kernel implementation of USB is reported prone to an unspecified vulnerability. The impact is not known at this time, though it is speculated that this vulnerability could affect system stability. Bradley Chapman Tabbrowser Preferences (TBP) Mozilla Extensi... BugTraq ID: 10896 Remote: Yes Date Published: Aug 09 2004 Relevant URL: http://www.securityfocus.com/bid/10896 Summary: Bradley Chapman Tabbrowser Preferences (TBP) is reported prone to an information disclosure vulnerability. The issue is reported to exist if certain TBP options are selected. When a URL is typed into the browser address bar, the new page is loaded in a new tab. The information disclosure occurs because the site in the new tab will receive a HTTP referrer URL of the site in the previous tab even though the domains are not related. GNU cfengine AuthenticationDialogue Remote Denial Of Service... BugTraq ID: 10900 Remote: Yes Date Published: Aug 09 2004 Relevant URL: http://www.securityfocus.com/bid/10900 Summary: GNU cfengine cfservd is reported prone to a remote denial of service vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue() function that is responsible for processing SAUTH commands and also performing RSA based authentication. The vulnerability presents itself because return values for several statements within the AuthenticationDialogue() function are not checked. This memcpy() operation based on the return values will fail resulting in a daemon crash. A remote attacker may exploit this vulnerability to crash the affected daemon effectively denying service to legitimate users. cfservd employs an IP based access control method (AllowConnectionsFrom). This access control must be bypassed prior to exploitation. This may hinder exploitation attempts. This vulnerability is reported to affect versions 2.0.0 to 2.1.7p1 of cfengine cfservd. Symantec Clientless VPN Gateway 4400 Series Multiple Vulnera... BugTraq ID: 10903 Remote: Yes Date Published: Aug 06 2004 Relevant URL: http://www.securityfocus.com/bid/10903 Summary: Multiple vulnerabilities have been addressed in Symantec Clientless VPN Gateway 4400 Series. The issues include multiple vulnerabilities related to the ActiveX and HTML file browser, cross-site scripting vulnerabilities in the end user interface, and a vulnerability in the end user interface that will allow an unauthorized user to change another user's single signon information. [ firmware ] Genova GeNUGate Multiple Unspecified Denial Of Service Vulne... BugTraq ID: 10912 Remote: Yes Date Published: Aug 10 2004 Relevant URL: http://www.securityfocus.com/bid/10912 Summary: It is reported that GeNUGate is prone to two unspecified denial of service vulnerabilities. The first vulnerability is reported in the ISAKMP (Internet Security Association and Key Management Protocol) process. It is reported that an attacker sending malicious packets to the ISAKMP process can delete VPN security associations. This may be related to BID 10496. The second vulnerability is reported in web applications embedded in GeNUGate utilizing OpenSSL. An unspecified OpenSSL denial of service vulnerability can reportedly crash the applications. A remote attacker may exploit these vulnerabilities to deny service to legitimate users of the affected application. [ firewall mat?riel compos? de deux syst?mes, certifi? par le Gouvernement allemand, apparemment compos? de logiciel libre ] KDE Konqueror Cross-Domain Frame Loading Vulnerability BugTraq ID: 10921 Remote: Yes Date Published: Aug 11 2004 Relevant URL: http://www.securityfocus.com/bid/10921 Summary: Konqueror reported prone to a cross-domain frame loading vulnerability. It is reported that if the name of a frame rendered in a target site is known, then an attacker may potentially render arbitrary HTML in the frame of the target site. An attacker may exploit this vulnerability to spoof an interface of a trusted web site. All versions of KDE up to KDE 3.2.3 are vulnerable to this issue. KDE Insecure Temporary Directory Symlink Vulnerability BugTraq ID: 10922 Remote: No Date Published: Aug 11 2004 Relevant URL: http://www.securityfocus.com/bid/10922 Summary: KDE is reported to contain a temporary directory symlink vulnerability. This vulnerability is due to improper validation of the ownership of temporary directories. Local attackers can cause KDE applications to fail, denying service to users, or to overwrite arbitrary files with the privileges of the target user. Privilege escalation may be possible. Source patches have been made available by KDE to resolve this issue. KDE DCOPServer Insecure Temporary File Creation Vulnerabilit... BugTraq ID: 10924 Remote: No Date Published: Aug 11 2004 Relevant URL: http://www.securityfocus.com/bid/10924 Summary: KDEs DCOPServer is reported to contain an insecure temporary file creation vulnerability. This is due to the use of the mktemp() function. Since temporary files are used by the DCOP daemon for authentication purposes, a local attacker may possibly exploit this vulnerability to compromise the account of a targeted user running KDE. A local attacker may also possibly exploit this vulnerability to execute symbolic link file overwrite attacks. This may allow an attacker to overwrite arbitrary files with the privileges of the targeted user. Privilege escalation may also be possible using this method of attack. KDE versions from 3.2.0 to 3.2.3 are reported susceptible to this vulnerability. Nokia IPSO Unspecified Remote Denial of Service Vulnerabilit... BugTraq ID: 10925 Remote: Yes Date Published: Aug 12 2004 Relevant URL: http://www.securityfocus.com/bid/10925 Summary: An unspecified denial of service vulnerability is reported in the Nokia IPSO operating system. This issue can allow remote attacker to cause a vulnerable device to crash or hang, resulting in a denial of service condition. Further details regarding this issue are currently unknown, however as more information is made available this bid will be updated accordingly. IPSO versions 3.5, 3.5.1, 3.6, 3.7, 3.7.1, and 3.8 are affected by this issue. [ firmware ] Stefan Westerfeld ARTS Unspecified Insecure Temporary File C... BugTraq ID: 10928 Remote: No Date Published: Aug 12 2004 Relevant URL: http://www.securityfocus.com/bid/10928 Summary: aRts is reported prone to an unspecified insecure temporary file creation vulnerability. This issue may allow a local attacker to carry out a symbolic link attack. This issue was reported in a SUSE advisory. Further information is not available at the moment. This BID will be updated as more information becomes available. All versions of aRts are considered vulnerable to this issue. Mutt PGP/GnuPG Verified Email Signature Spoofing Vulnerabili... BugTraq ID: 10929 Remote: Yes Date Published: Aug 12 2004 Relevant URL: http://www.securityfocus.com/bid/10929 Summary: It is reported that Mutt contains a vulnerability that allows attackers to send email that spoofs the look of a successfully verified PGP/GnuPG email message. An attacker may potentially simulate the look of the PGP/GnuPG output that Mutt usually includes when processing signed email messages. If a user employs Mutt with a specific configuration, the attacker may make email messages look almost identical to a properly signed and verified email. This may allow an attacker to create a message that falsifies a correctly verified PGP/GnuPG signature. This could allow an attacker to spoof email from trusted sources. This will likely greatly increase the effectiveness of social engineering attacks. In the index mode, messages with signatures have the 's' flag. Verified signatures change to 'S'. Ensuring that messages have the proper attributes will aid in the mitigation of this vulnerability. Versions 1.3.28 and 1.5.6 are reported affected by this vulnerability. Other versions are also likely affected. Netgear DG834G Zebra Process Default Account Password Vulner... BugTraq ID: 10935 Remote: Yes Date Published: Aug 12 2004 Relevant URL: http://www.securityfocus.com/bid/10935 Summary: It is reported that Netgear DG834G devices contain a default password for their Zebra process. Zebra is a dynamic routing daemon, and contains a telnet-accessible configuration shell. It is reported that Zebra listens on both the WAN and the internal network interfaces. By gaining administrative access to Zebra, an attacker has the ability to modify network routes on the device, possibly redirecting traffic or denying network service to legitimate users. They may also be able to exploit latent vulnerabilities in Zebra itself. Due to code reuse, it is possible that other devices similar to this one are also affected. [ firmware ] rsync sanitize_path Function Module Path Escaping Vulnerabil... BugTraq ID: 10938 Remote: Yes Date Published: Aug 12 2004 Relevant URL: http://www.securityfocus.com/bid/10938 Summary: If an rsync server is installed as a daemon with a read/write enabled module without using the 'chroot' option, it is possible that a remote attacker could read/write files outside of the configured module path. Rsync does not properly sanitize the paths when not running with chroot. The problem exists in the 'sanitize_path' function. This could potentially be exploited to execute arbitrary code by corrupting or place arbitrary files on the system. Destruction of data could also result, possibly causing a denial of service condition. Other attacks could also occur, depending on the attacker's motives. Sympa List Creation Authentication Bypass Vulnerability BugTraq ID: 10941 Remote: Yes Date Published: Aug 13 2004 Relevant URL: http://www.securityfocus.com/bid/10941 Summary: Sympa is reported to be prone to an authentication bypass vulnerability when creating new mailing lists. This vulnerability presents itself upon creating a new mailing list. The list master approval process could reportedly be skipped by an attacker. An attacker may exploit this issue to create unauthorized mailing lists. This may possibly be used to forward UCE messages, or possibly other attacks. Versions prior to 4.1.2 are reportedly affected by this vulnerability. From schaefer at alphanet.ch Wed Aug 25 15:51:06 2004 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Wed Aug 25 15:51:06 2004 Subject: [gull-annonces] =?iso-8859-1?Q?R=E9sum?= =?iso-8859-1?Q?=E9?= SecurityFocus Newsletter #263 Message-ID: <20040825133957.GB3629@defian.alphanet.ch> gv Postscript and PDF Viewer Multiple Remote Buffer Overflow... BugTraq ID: 10944 Remote: Yes Date Published: Aug 14 2004 Relevant URL: http://www.securityfocus.com/bid/10944 Summary: gv is reported prone to multiple remote buffer overflow vulnerabilities. These issues exist due to insufficient checking performed by the application on file headers for PostScript and PDF documents. These vulnerabilities exist in the 'psscan' function of the 'ps.c' file. The vulnerabilities include multiple stack and heap based buffer overflows. A number of the stack overflows have been specified, however, there are also a number of unspecified heap overflows. Successful exploitation of these issues may result in an attacker executing arbitrary code on a vulnerable computer to gain unauthorized access. This would occur in the context of the vulnerable application. It should be noted that applications such as Web browsers may use the software as an automatic handler for PostScript and PDF files. Yukihiro Matsumoto Ruby CGI Session Management Insecure File... BugTraq ID: 10946 Remote: No Date Published: Aug 16 2004 Relevant URL: http://www.securityfocus.com/bid/10946 Summary: It is reported that Ruby is prone to an insecure file permissions vulnerability. This issue affects the CGI session management component of the application. This issue may allow a local attacker with access to a vulnerable Web server to hijack a session. Ruby versions prior to 1.6.7 and 1.8.1 are affected by the issue. awstats rawlog Plugin Logfile Parameter Input Validation Vul... BugTraq ID: 10950 Remote: Yes Date Published: Aug 16 2004 Relevant URL: http://www.securityfocus.com/bid/10950 Summary: awstats rawlog Plugin is reported prone to an input validation vulnerability. The issue is reported to exist because user supplied 'logfile' URI data passed to the 'awstats.pl' script is not sanitized. An attacker may exploit this condition to execute commands remotely or disclose contents of web server readable files. It should be noted that although this vulnerability is reported to affect AWStats version 6.1, other versions might also be affected. Gentoo Linux Tomcat EBuild Insecure Install Permissions Vuln... BugTraq ID: 10951 Remote: No Date Published: Aug 16 2004 Relevant URL: http://www.securityfocus.com/bid/10951 Summary: The Gentoo Linux Tomcat eBuild is reported prone to an insecure default install permission vulnerability. It is reported that certain Tomcat scripts are installed with permissions that allow members of the tomcat group to write to the file. A local attacker that is a member of the Tomcat group may exploit this condition to escalate privileges. KDE Mcoputils Insecure Temporary File Creation Vulnerability BugTraq ID: 10952 Remote: No Date Published: Aug 16 2004 Relevant URL: http://www.securityfocus.com/bid/10952 Summary: KDEs mcoputils is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames. A local attacker may also possibly exploit this vulnerability to execute symbolic link file overwrite attacks. This may allow an attacker to overwrite arbitrary files with the privileges of the targeted user. Privilege escalation may also be possible using this method of attack. SpamAssassin Malformed Email Remote Denial Of Service Vulner... BugTraq ID: 10957 Remote: Yes Date Published: Aug 16 2004 Relevant URL: http://www.securityfocus.com/bid/10957 Summary: SpamAssassin is reported prone to a remote denial of service vulnerability. Full details regarding this vulnerability are not known. A remote attacker may potentially exploit this vulnerability to deny service to a target SpamAssassin service. SpamAssassin versions prior to 2.64 are reported vulnerable to this issue. This BID will be updated as further details regarding this vulnerability are announced. rxvt-unicode Open File Descriptor Leakage Vulnerability BugTraq ID: 10959 Remote: No Date Published: Aug 16 2004 Relevant URL: http://www.securityfocus.com/bid/10959 Summary: It is reported that RXVT-Unicode fails to properly close file descriptors when spawning new child terminal windows. The child process could then potentially gain access to possibly sensitive information from the contents of the open file descriptors. Depending on the mode of the original file, and the privileges of the user that opened it, processes in the child window may exploit this vulnerability to take control of the parent process. Other attacks may also be possible. An attacker requires local access to the RXVT-Unicode process window to exploit this vulnerability. Versions prior to 3.6 are reported vulnerable to this issue. Inter7 vpopmail vsybase.c Multiple Vulnerabilities BugTraq ID: 10962 Remote: Yes Date Published: Aug 17 2004 Relevant URL: http://www.securityfocus.com/bid/10962 Summary: vpopmail is reported prone to multiple buffer overflow and a format string vulnerability. These issues are present in the 'vsybase.c' file. These issues exist due to the use of the sprintf() function. It is conjectured that these issues may allow an attacker to execute arbitrary code to gain unauthorized access to a vulnerable computer. At the very least a denial of service condition may result. vpopmail versions 5.4.2 and prior are affected by these issue. [ vpopmail est un ajout ? qmail ] Inter7 vpopmail Multiple SQL Injection Vulnerabilities BugTraq ID: 10990 Remote: Yes Date Published: Aug 20 2004 Relevant URL: http://www.securityfocus.com/bid/10990 Summary: vpopmail is reportedly susceptible to SQL injection vulnerabilities. This issue is due to a failure of the application to properly sanitize user-supplied input data before using it in an SQL query. vpopmail is only vulnerable if SQL servers are utilized by the application. Sites using the 'cdb' backend for data storage are not affected. Successful exploitation could result in compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation. Vpopmail is reported vulnerable in versions prior to 5.4.6. GNU gLibc LD_DEBUG Local Information Disclosure Vulnerabilit... BugTraq ID: 10963 Remote: No Date Published: Aug 17 2004 Relevant URL: http://www.securityfocus.com/bid/10963 Summary: A local vulnerability is reported to exist in glibc, it is reported that LD_DEBUG is allowed on setuid binaries even though this should not be allowed. A local attacker may debug a setuid binary and may disclose sensitive information. Information harvested in this manner may be employed to aid in further attacks that are launched against a vulnerable host. TNFTPD Multiple Signal Handler Remote Superuser Compromise V... BugTraq ID: 10967 Remote: Yes Date Published: Aug 17 2004 Relevant URL: http://www.securityfocus.com/bid/10967 Summary: It is reported that TNFTPD is susceptible to multiple remote superuser compromise vulnerabilities. These vulnerabilities are all derived from improper signal handler operations. Signals can be delivered to the vulnerable FTPD by a remote attacker via out-of-band TCP data (OOB). These vulnerabilities may allow an anonymous remote attacker to gain superuser privileges on computer hosting the affected software. TNFTPD versions prior to 10 Aug 2004 are reported vulnerable. All versions of Lukemftpd are reported vulnerable. NetBSD version 1.6.2 and prior, NetBSD-2.0 prior to 15 Aug 2004, as well as NetBSD-current prior to 10 Aug 2004 are reported vulnerable as well. MySQL mysqlhotcopy Script Insecure Temporary File Creation V... BugTraq ID: 10969 Remote: No Date Published: Aug 18 2004 Relevant URL: http://www.securityfocus.com/bid/10969 Summary: mysqlhotcopy is reported to contain an insecure temporary file creation vulnerability. The result of this is that temporary files created by the application may use predictable filenames. This issue presents itself when the 'scp' method is used with the script. A local attacker may also possibly exploit this vulnerability to execute symbolic link file overwrite attacks. It was confirmed that this issue exists in mysqlhotcopy shipped with MySQL 3.23.49 and 4.0.20. Other versions of MySQL are likely to be affected as well. This BID will be updated as more information becomes available. Cisco IOS OSPF Remote Denial Of Service Vulnerability BugTraq ID: 10971 Remote: Yes Date Published: Aug 18 2004 Relevant URL: http://www.securityfocus.com/bid/10971 Summary: Cisco IOS is reported prone to a remote denial of service vulnerability. It is reported that the vulnerability manifests when a malformed Open Shortest Path First (OSPF) packet is handled by the vulnerable router. A remote attacker may exploit this condition in multiple routers that reside on the same network segment as the attacker, to trigger a device reset. The attacker may continuously transmit malicious OSPF packets to the target routers in order to effectively deny network services to legitimate hosts. [ firmware ] Courier-IMAP Remote Format String Vulnerability BugTraq ID: 10976 Remote: Yes Date Published: Aug 18 2004 Relevant URL: http://www.securityfocus.com/bid/10976 Summary: Courier-IMAP is reported to be susceptible to a remote format string vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input before using it as the format specifier in a formatted printing function. Successful exploitation of this issue will allow an attacker to execute arbitrary code on the affected computer with the privileges of the user that the IMAP daemon runs as. This vulnerability is exploitable prior to authentication. Courier-IMAP versions 1.6.0 through to 2.2.1 are reported vulnerable. Other versions may also be vulnerable. Multiple Qt Image Handling Heap Overflow Vulnerabilities BugTraq ID: 10977 Remote: Yes Date Published: Aug 19 2004 Relevant URL: http://www.securityfocus.com/bid/10977 Summary: Multiple heap overflows have been reported to exist in the Qt QImage library. These issues may be triggered when handling malformed images of various types, potentially causing a denial of service in applications that use the library to render images. Remote code execution is also possible. MySQL mysql_real_connect Function Potential Remote Buffer Ov... BugTraq ID: 10981 Remote: Yes Date Published: Aug 20 2004 Relevant URL: http://www.securityfocus.com/bid/10981 Summary: MySQL is prone to a potential remote buffer overflow vulnerability. This issue occurs due to insufficient boundary checks performed by the 'mysql_real_connect' function. The 'mysql_real_connect' function does not verify the length of the IP address returned through a DNS response from a server. Immediate consequences of an attack may result in a denial of service condition. It is conjectured that this issue could allow for arbitrary code execution, however, this has not been confirmed. It is also reported that the glibc library verifies the length of an IP address, however, other libraries may obtain the length from a DNS response packet. Computers using glibc on Linux and BSD platforms may not be vulnerable to this issue. British National Corpus SARA Remote Buffer Overflow Vulnerab... BugTraq ID: 10984 Remote: Yes Date Published: Aug 20 2004 Relevant URL: http://www.securityfocus.com/bid/10984 Summary: sarad is reported prone to a buffer overflow vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. A remote attacker can trigger the overflow condition by supplying a large string value to the application. Arbitrary code execution is possible in the context of the server. In addition to this issue, it is reported that various other instances of potential buffer overflow and format string vulnerabilities exist throughout the application. These issues exist due to the use of strcpy() and sprintf functions. This BID will be updated upon further analysis. From schaefer at alphanet.ch Tue Aug 31 20:51:02 2004 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Tue Aug 31 20:51:02 2004 Subject: [gull-annonces] Brevets et actions politiques Message-ID: <20040831183716.GA8498@defian.alphanet.ch> Bonjour, Myriam Schweingruber de GuillaumeTux sur la liste CH-FSFE transmet le message suivant: A friend of Wilhelm Tux, member of the FDP (parti radical democratique [PRD] Suisse in french) brought up the SWAT-theme at the general assembly of the party. His proposition to ask the Swiss parliament to reject the proposition of the EU-council about the "Patentability of computer-implemented invention" has been accepted with a large majority of the FDP-members. As the next parliament session will be held in October, he asks us to help him to write to all swiss national council members in the next 2 - 3 weeks. We also should ask companies who use Free SOftware to do the same. So please spread around this demand and get in touch with Alfred when you decide to do something. I'll invite him on this list today, so it would be a good idea to co-ordinate his action on this list. Il semblerait que le PRD (parti radical-d?mocratique), lors de son Assembl?e g?n?rale, a trait? du sujet des brevets logiciels et a adopt? avec une large majorit? une proposition de demander au Parlement de rejeter la proposition du Conseil de l'Europe en ce qui concerne les brevets logiciels. Il semblerait int?ressant d'informer les Conseillers nationaux (en particuliers romands). Cela devrait se faire en coordination avec Alfred Weber et la liste CH-FSFE. On peut aussi bien s?r en discuter sur gull-org si une position officielle du GULL / lettre plut?t qu'une action individuelle se justifie. Plus de d?tails ici: https://mail.fsfeurope.org/mailman/listinfo/switzerland