From schaefer at alphanet.ch  Sat Sep  4 14:11:01 2004
From: schaefer at alphanet.ch (Marc SCHAEFER)
Date: Sat Sep  4 14:11:01 2004
Subject: [gull-annonces] =?iso-8859-1?Q?R=E9sum?=
 =?iso-8859-1?Q?=E9?= SecurityFocus Newsletter #264
Message-ID: <20040904111942.GA3816@defian.alphanet.ch>

KDE Konqueror Cookie Domain Validation Vulnerability
BugTraq ID: 10991
Remote: Yes
Date Published: Aug 21 2004
Relevant URL: http://www.securityfocus.com/bid/10991
Summary:
It is reported that Konqueror is susceptible to a vulnerability while
validating cookie domains, allowing web servers to receive potentially
sensitive cookie data not intended for them.

This vulnerability presents itself when Konqueror allows a web site to
set a cookie with domain restrictions containing certain
country-specific top-level domains.

Attackers may exploit this vulnerability to inject cookie data into
the domains of third party web servers. This may allow for denial of
service attacks against other web services, by injecting invalid or
conflicting cookie data. Other attacks are also likely possible,
depending on the design of targeted web services.

Further details are unknown at this time. This BID will be updated as
further information is disclosed.

Sympa New List HTML Injection Vulnerability
BugTraq ID: 10992
Remote: Yes
Date Published: Aug 21 2004
Relevant URL: http://www.securityfocus.com/bid/10992
Summary:
An HTML injection vulnerability is reported in Sympa. The problem
occurs due to a failure of the application to properly sanitize
user-supplied input data.

Unsuspecting users viewing the affected page will have
attacker-supplied malicious code interpreted by their browser in the
security context of the website hosting Sympa.

Attackers may potentially exploit this issue to manipulate web content
or to steal cookie-based authentication credentials. It may be
possible to take arbitrary actions as the victim user.

Versions 4.1, and all 4.1.x releases are reported vulnerable to this
issue.

Davenport XML Expansion Denial Of Service Vulnerability
BugTraq ID: 11001
Remote: Yes
Date Published: Aug 23 2004
Relevant URL: http://www.securityfocus.com/bid/11001
Summary:
Davenport is reportedly affected by a denial of service vulnerability
in its XML parsing functionality.  This issue is due to a failure of
the application to properly handle exceptional conditions.

Exploitation of this issue will allow an attacker to cause the
affected application to hang, denying service to legitimate users.

[ licence?  langage?  dans le doute je laisse ]

sredird Multiple Remote Vulnerabilities
BugTraq ID: 11002
Remote: Yes
Date Published: Aug 23 2004
Relevant URL: http://www.securityfocus.com/bid/11002
Summary:
sredird is reported prone to multiple vulnerabilities.  These issue
may allow a remote attacker execute arbitrary code on a vulnerable
computer to gain unauthorized access.

The issues include a format string vulnerability and a remote buffer
overflow vulnerability.  Successful exploitation of these issues may
allow an attacker to gain unauthorized access to a vulnerable computer
in the context of the affected process.

sredird versions 2.2.1 and prior are reportedly affected by these
vulnerabilities.

This BID is now split into BIDs 11031 and 11033. This one will be
retired shortly.

[ redirection de port s?rie sur r?seau, standard RFC ]

FIDOGATE Logfile Path Input Validation Vulnerability
BugTraq ID: 11005
Remote: No
Date Published: Aug 23 2004
Relevant URL: http://www.securityfocus.com/bid/11005
Summary:
FIDOGATE is prone to an input validation error that may permit local
users to append to or create files with the privileges of the program.
The source of the problem is that the attacker may control the
location of the logfile.  Since the program is typically setuid
'news', this could be exploited to append to or create files in the
context of that user.

This issue would only affect versions of the software for UNIX/Linux
variants.

[ passerelle FTN, je pr?f?rais ifgate ? l'?poque ]

musicd LOAD Command File Disclosure Vulnerability
BugTraq ID: 11006
Remote: Yes
Date Published: Aug 23 2004
Relevant URL: http://www.securityfocus.com/bid/11006
Summary:
musicd is reported prone to a remote file disclosure
vulnerability. The vulnerability presents itself due to a lack of
sufficient sanitization performed on Music daemon command arguments.

A remote attacker may exploit this vulnerability in order to disclose
the contents of files with the privilege of the Music daemon (musicd)
process.

It is reported that if a binary file is specified as an argument for
the affected command the attacker may cause the affected daemon to
crash.

imwheel Predictable Temporary File Creation Vulnerability
BugTraq ID: 11008
Remote: No
Date Published: Aug 23 2004
Relevant URL: http://www.securityfocus.com/bid/11008
Summary:
imwheel is reported prone to a predictable temporary file creation
vulnerability.  This issue is a race condition error and may allow a
local attacker to carry out denial of service attacks against other
users and possibly gain elevated privileges.

This vulnerability was identified in imwheel 1.0.0pre11, however,
other versions may be affected as well.

Axis Network Camera And Video Server Multiple Vulnerabilitie...
BugTraq ID: 11011
Remote: Yes
Date Published: Aug 23 2004
Relevant URL: http://www.securityfocus.com/bid/11011
Summary:
Multiple vulnerabilities are reported to exist in multiple Axis
network video and camera servers.

The first reported issue is a shell metacharacter command execution
vulnerability. This is reported to allow an anonymous user download
the contents of the '/etc/passwd' file on the device. Other commands
are also likely to work, facilitating other attacks.

The first vulnerability is reported to affect:
   - Axis 2100, 2110, 2120, 2420 network cameras with firmware versions
     2.34 thru 2.40

   - Axis 2130 network cameras

   - Axis 2401, and 2401 video servers

The second vulnerability is a directory traversal vulnerability in
HTTP POST requests. This attack is demonstrated by an anonymous user
calling protected administration scripts. This allows remote
adminitration of the devices by anonymous users, bypassing
authentication checks.

The second vulnerability is reported to affect:
   - Axis 2100, 2110, 2120, 2420 network cameras with firmware versions 2.12
     thru 2.40
   - Axis 2130 network cameras
   - Axis 2401, and 2401 video servers

The third vulnerability is reported to be a hard-coded backdoor
administrative user. This allows remote attackers to administer
affected devices, and it likely cannot be disabled.

The third vulnerability is reported to affect:
   - Axis StorePoint CD E100 CD-ROM Server with firmware version 5.30

Other products and versions of firmware are likely affected by one or
more of these vulnerabilities.

[ firmware ]

Hitachi Job Management Partner 1 Multiple Remote Vulnerabili...
BugTraq ID: 11012
Remote: Yes
Date Published: Aug 23 2004
Relevant URL: http://www.securityfocus.com/bid/11012
Summary:
Reportedly Hitachi Job Management Partner 1 is affected by multiple
remote vulnerabilities.  These issues are likely due to a failure of
the application to handle exceptional conditions.

These issue include a denial of service vulnerability in the bundled
FTP server, allowing attackers to stop the affected server and deny
service to legitimate users.

The second issue is an unspecified vulnerability surrounding the login
authentication functionality of which the impact is currently unknown.

[ firmware ]

EnderUNIX Hafiye Remote Terminal Escape Sequence Filtering W...
BugTraq ID: 11014
Remote: Yes
Date Published: Aug 23 2004
Relevant URL: http://www.securityfocus.com/bid/11014
Summary:
EnderUNIX Hafiye is affected by a remote terminal escape sequence
weakness.  This issue is caused by a failure of the application to
properly sanitize user-supplied input.

An attacker might leverage this issue to inject terminal escape
sequences into data that will be displayed on in a terminal window; if
the terminal is vulnerable to escape sequence issues code execution is
possible.

[ EnderUNIX est un groupe de d?veloppeurs turcs d?veloppant en C, C++
et Perl ]

Mozilla Network Security Services Library Remote Heap Overfl...
BugTraq ID: 11015
Remote: Yes
Date Published: Aug 23 2004
Relevant URL: http://www.securityfocus.com/bid/11015
Summary:
NSS is reported prone to a remote heap overflow vulnerability.  This
issue arises due to insufficient boundary checks performed by the
application.  Successful exploitation of this issue may result in
arbitrary code execution leading to an attacker gaining unauthorized
access to a vulnerable computer.

The NSS library is commonly used by Netscape Enterprise Server and Sun
One/iPlanet servers.  The SSLv2 protocol is not enabled by default on
these servers.  Other products may be affected as well.

PostgreSQL Debian GNU/Linux Specific Local Information Discl...
BugTraq ID: 11019
Remote: No
Date Published: Aug 23 2004
Relevant URL: http://www.securityfocus.com/bid/11019
Summary:
The version of PostgreSQL contained in Debian/GNU Linux is reported
susceptible to an information disclosure vulnerability. This issue is
due to improper file permissions in the default installation of the
PostgreSQL package.

This may aid attackers in further system compromise.

Versions up to, and including version 7.4.3-3 of the Debian package
for PostgreSQL are reported affected by this vulnerability.

Icecast Server Status Display Cross-Site Scripting Vulnerabi...
BugTraq ID: 11021
Remote: Yes
Date Published: Aug 24 2004
Relevant URL: http://www.securityfocus.com/bid/11021
Summary:
Reportedly Icecast Server is affected by a cross-site scripting
vulnerability in the status display functionality.  This issue is due
to a failure of the application to properly sanitize user-supplied
input.

As a result of this vulnerability, it is possible for a remote
attacker to create a malicious link containing script code that will
be executed in the browser of an unsuspecting user when followed. This
may facilitate the theft of cookie-based authentication credentials as
well as other attacks.

GNU a2ps File Name Command Execution Vulnerability
BugTraq ID: 11025
Remote: No
Date Published: Aug 24 2004
Relevant URL: http://www.securityfocus.com/bid/11025
Summary:
Reportedly GNU a2ps is affected by a file name command execution
vulnerability.  This issue is due to a failure of the application to
properly sanitize filenames.

This issue might be leveraged by an attacker to execute arbitrary
shell commands with the privileges of an unsuspecting user running the
vulnerable application.

Although this issue reportedly affects only a2ps version 4.13 it is
likely that other versions are affected as well.

OpenBSD Bridged Network ICMP Denial Of Service Vulnerability
BugTraq ID: 11044
Remote: Yes
Date Published: Aug 25 2004
Relevant URL: http://www.securityfocus.com/bid/11044
Summary:
The implementation of bridging in OpenBSD is reportedly susceptible to
a denial of service vulnerability.

This vulnerability presents itself when an OpenBSD host is configured
to bridge two or more networks. Additionally, the 'link2' flag must be
set on the bridging device. This flag is designed to transparently
join multiple networks via an IPSec VPN tunnel.

This vulnerability may allow an attacker to crash or reboot affected
computers, denying service to legitimate users.

A fix was applied in CVS to OpenBSD-current on 18 Aug 2004.

Network Everywhere NR041 Router DHCP Log HTML Injection Vuln...
BugTraq ID: 11046
Remote: Yes
Date Published: Aug 25 2004
Relevant URL: http://www.securityfocus.com/bid/11046
Summary:
It is reported that the Network Everywhere NR041 Router is susceptible
to an HTML injection vulnerability in its DHCP log.

An attacker can craft successive DHCP requests, which when viewed by
the administrator, will be combined to create longer strings of HTML
that are interpreted by the administrator's web browser.

The injected HTML can be used to cause the administrator to make
unintended changes to the configuration of the router. Other attacks
may be possible.

[ firmware ]

Cisco Secure Access Control Server Multiple Vulnerabilities
BugTraq ID: 11047
Remote: Yes
Date Published: Aug 25 2004
Relevant URL: http://www.securityfocus.com/bid/11047
Summary:
Cisco Secure Access Control Server and Secure Access Control Server
Solution Engine are reported prone to multiple vulnerabilities.  These
vulnerabilities may allow remote attackers to cause denial of service
conditions and gain unauthorized access to AAA clients and ACS
administration interface.

The following specific vulnerabilities were reported by the vendor:

A remote attacker can trigger a denial of service condition in ACS
Windows and ACS Solution Engine by establishing a large amount of TCP
connections to the CSAdmin application.

Cisco Secure ACS is reported prone to another denial of service
vulnerability when handling Light Extensible Authentication Protocol
(LEAP) authentication requests.

Cisco Secure ACS is reported prone to an authentication bypass
vulnerability when configured to communicate to a Novell Directory
Services (NDS) database for authenticating NDS users.

Another vulnerability affecting ACS may allow remote attackers to gain
unauthenticated access to the administration interface of the service.

[ firmware ]

RealVNC Server Remote Denial of Service Vulnerability
BugTraq ID: 11048
Remote: Yes
Date Published: Aug 25 2004
Relevant URL: http://www.securityfocus.com/bid/11048
Summary:
RealVNC server is reported prone to a remote denial of service
vulnerability.  This issue presents itself when an attacker
establishes a large amount connections to the server.

This issue was reportedly tested on RealVNC 4.0 running on Microsoft
Windows 2000.

Top Layer Attack Mitigator IPS 5500 Denial Of Service Vulner...
BugTraq ID: 11049
Remote: Yes
Date Published: Aug 25 2004
Relevant URL: http://www.securityfocus.com/bid/11049
Summary:
The Attack Mitigator IPS 5500 is reportedly susceptible to a denial of
service vulnerability.

This vulnerability presents itself when the device is bombarded with a
very high volume of HTTP traffic.

The vendor reports that in certain configurations, it is possible for
the devices overload protection feature to incorrectly activate,
causing a denial of service condition. Once this condition has
occurred, the device is reportedly unable to process HTTP traffic.

The IPS 5500 with firmware versions prior to 3.11.014 are reported
susceptible to this vulnerability.

[ firmware ]

zlib Compression Library Denial Of Service Vulnerability
BugTraq ID: 11051
Remote: Yes
Date Published: Aug 25 2004
Relevant URL: http://www.securityfocus.com/bid/11051
Summary:
The zlib compression library is reportedly susceptible to a denial of
service vulnerability. This vulnerability is caused by a failure of
the application to properly handle malformed input during the
decompression process.

This vulnerability is reported to exist in version 1.2.1 of the
library. Other versions are also likely affected.

Linux Kernel Process Spawning Race Condition Environment Var...
BugTraq ID: 11052
Remote: No
Date Published: Aug 25 2004
Relevant URL: http://www.securityfocus.com/bid/11052
Summary:
The Linux Kernel is prone to a race condition that may potentially
expose information about the environment of a process.

The race condition is reported to occur while a process is spawning.
If the condition is successfully exploited, an attacker could read
environment variables associated with a process they do not own.

Samba Remote Print Change Notify Denial Of Service Vulnerabi...
BugTraq ID: 11055
Remote: Yes
Date Published: Aug 26 2004
Relevant URL: http://www.securityfocus.com/bid/11055
Summary:
Samba is reportedly vulnerable to a remote denial of service
vulnerability in the processing of print change notify requests.  This
issue is due to a failure of the application to handle out of sequence
requests.

An attacker might leverage this issue to cause the affected server to
crash, denying service to legitimate users.

Gaim Multiple Vulnerabilities
BugTraq ID: 11056
Remote: Yes
Date Published: Aug 26 2004
Relevant URL: http://www.securityfocus.com/bid/11056
Summary:
Gaim version 0.82 has been released.  This version addressed various
security vulnerabilities.

The following specific issues have been disclosed by the vendor:

Gaim is reported prone to a remote arbitrary command execution
vulnerability during the installation of a smiley theme.

The Gaim client is reported prone to a remote heap overflow
vulnerability when processing data from a groupware server.

A remote buffer overflow vulnerability exists in the URI parsing
utility.

A buffer overflow vulnerability arises when the application performs a
DNS query to obtain a hostname when signing on to zephyr.

Another buffer overflow presents itself when the application processes
Rich Text Format (RTF) messages.

A malicious server can trigger a buffer overflow vulnerability in Gaim
by supplying an excessive value for the 'content-length' header.

These issues affect Gaim versions prior to 0.82.  Some of these issues
may have been reported previously.  This BID will be updated and
divided into individual BIDs as more information becomes available.

Mozilla/Netscape/Firefox Browsers XPCOM Plug-In For Apple Ma...
BugTraq ID: 11059
Remote: Yes
Date Published: Aug 26 2004
Relevant URL: http://www.securityfocus.com/bid/11059
Summary:
Browsers based on the Gecko engine are reported prone to a content
spoofing vulnerability when they are running on the Apple Mac OS X
platform. It is reported that the vulnerability occurs when the
browser is configured to employ 'Tabbed Browsing' functionality.

In essence, an XPCOM plug-in that is invoked in one tab will be drawn
into the environment of alternate tabs that are open in the same
browser window.

This vulnerability may be eexploited to spoof content and to aid in
phishing style attacks.

[ le logiciel est libre; mais la plateforme vuln?rable ne l'est pas. ]

Cisco IOS Telnet Service Remote Denial of Service Vulnerabil...
BugTraq ID: 11060
Remote: Yes
Date Published: Aug 27 2004
Relevant URL: http://www.securityfocus.com/bid/11060
Summary:
Cisco IOS telnet service is reported prone to a remote denial of
service vulnerability.  It is reported that an attacker can trigger
this issue by sending a specially crafted TCP packet to a telnet or
reverse telnet port of a Cisco device running IOS.

All Cisco devices running IOS with a telnet or reverse telnet service
are affected by this issue.

[ firmware ]



From schaefer at alphanet.ch  Wed Sep  8 15:01:04 2004
From: schaefer at alphanet.ch (Marc SCHAEFER)
Date: Wed Sep  8 15:01:04 2004
Subject: [gull-annonces] CH-FSFE: 2004-09-12: Proposed change to the meeting in Neuchatel
Message-ID: <20040908125251.GA4284@defian.alphanet.ch>

Hi,

due to the weather uncertainty, the fact that there are really few
people coming to what was expected, the difficulty to find something
good and not too expensive and other problems, I propose to drop the
dinner and

   meet about 13:00 in Neuch?tel Railway Station

     I will be at the railway station under the big electronic timetable
     in the railway station hall from 12:45 until 13:10 (later if
     some trains are late) with a CH-FSFE pancarte and we will move
     in a somewhat grouped fashion to the designed location.

   info: if you want to come earlier, you can eat at the railway
         station, choices are MacDonald, a self-service, and the
         Alpes et Lac Restaurant in front of the railway station.
         However none of those were really adequate for eating and
         a meeting, unfortunately. You can also fetch a sandwich
         at the local aperto.
  
The designed location is a meeting room in the same building which I
rented to the Buffet Express/Merkur (to my company's cost, but it's
not very expensive) which we have for the afternoon.
There is capacity for about 10 people, or even more.

Parking space is available at the railway station directly, however it's
not that cheap if you don't have a valid SBB/CFF ticket.

Call me at 032 841 40 14 (let it ring, let it ring until I answer or you
get a combox) in case you have a problem.

This message will be sent to switzerland at fsfeurope.org, to
gull-annonces at alphanet.ch, to wilhelmtux-admin at wilhelmtux.ch,
and to the currently registered participants.

Addendum:
In this first meeting we could also discuss what to do for organizing
meetings: I had one proposal for a boat excursion including dinner
(possible to get reduction starting at 10 persons). However, this would
require approval by the participants because of the costs. Maybe for
casual meetings we don't need this.



From schaefer at alphanet.ch  Sat Sep 11 18:11:10 2004
From: schaefer at alphanet.ch (Marc SCHAEFER)
Date: Sat Sep 11 18:11:10 2004
Subject: [gull-annonces] 2004-09-20: /ch/open-Event GNU/Linux a la place de Solaris pour le developpement
Message-ID: <20040911061522.GD1529@defian.alphanet.ch>

[ pr?sentation en allemand sur le d?ploiement de postes GNU/Linux
  dans une entreprise de d?veloppement (? la place de Solaris),
  ? Z?rich
]

Wir m?chten Sie noch einmal auf unseren n?chsten Event teilzunehmen:
20.9.04, Technopark Zuerich, Raum Pascal
17.00 - ca. 18.00 Uhr: Erfolgsstory - Linux im professionellen 
Software-Engineering-Umfeld
<http://www.ch-open.ch/events/2004/>
Anschliessend an den Vortrag sind Sie zu einem Ap?ro eingeladen.

Erfolgsstory - Linux im professionellen Software-Engineering-Umfeld
===================================================================

Referent:
---------
Stefan Wengi, AdNovum Informatik AG

Abstract:
---------
Das Open-Source-Betriebssystem Linux ist seit geraumer Zeit en vogue und 
wird mittlerweile auch von grossen Herstellern zentral positioniert. Trotz 
einem betr?chtlichen Mass an Hype scheinen viele Grossunternehmen in der 
Schweiz immer noch Respekt vor dem Einsatz von Linux auf ihren Servern zu 
haben.
Die Pr?sentation von Stefan Wengi zeigt anhand des Einsatzes von Linux auf 
Desktops einen m?glichen alternativen Einstieg in die Linuxwelt. Als 
Fallstudie dient ein mittelgrosses Softwarehaus, das seit 15 Jahren 
praktisch ausschliesslich Software-Systeme auf resp. f?r 
Sun-Solaris-Plattformen entwickelt. Mitte 2003 wurde beschlossen, die 
internen Arbeitspl?tze von Solaris auf Linux umzustellen. Der erste Teil 
der Pr?sentation f?hrt in die vorliegende Situation ein und nennt die 
wichtigsten Kriterien, die f?r den Plattformwechsel auf dem Desktop 
entscheidend waren.
Der zweite Teil widmet sich der technischen Umsetzung und den 
Stolpersteinen, die beim Aufbau einer heterogenen Systemlandschaft mit 
Linux auf dem Desktop und Solaris auf den Servern aus dem Weg zu r?umen 
sind. Stichworte sind dabei Naming und Directory Services (LDAP), Security, 
Install-Server, Automounter/NFS, VMware Images und Systemadministration. Im 
dritten Teil geht es um die Anpassung des Entwickler-Arbeitsplatzes und der 
eigentlichen Entwicklungsumgebung an die neue Plattform. Thematisiert wird 
auch der Einfluss der neuen Umgebung auf die t?gliche Arbeit der 
Entwickler. Dabei wird detailliert auf die Unterschiede zwischen C/C++- und 
Java/J2EE-Entwicklern eingegangen. Ebenfalls angesprochen werden die 
Erfahrungen bez?glich initialem Rollout, Akzeptanz bei der Umstellung und 
die mittelfristigen Anpassungen.

Bio:
----
Stefan Wengi, diplomierter Informatik-Ingenieur ETH, ist CTO des Z?rcher 
Software-Unternehmens AdNovum Informatik AG. Sein Schwerpunktthema ist 
Technology/Middleware. Von Februar 1999 bis Mai 2002 zeichnete Stefan Wengi 
f?r die Software-Entwicklung und den Aufbau/Unterhalt der technischen 
Infrastruktur der AdNovum Software Inc. in San Mateo verantwortlich. Seit 
Sommer 2002 arbeitet er wieder in Z?rich und befasst sich prim?r mit der 
breiten Palette von Technologiefragen in einem Highend-Entwicklungsumfeld.

Wir freuen uns ?ber Ihre Anmeldung unter 
<http://www.ch-open.ch/html/events/2004/>.


From schaefer at alphanet.ch  Mon Sep 13 13:11:01 2004
From: schaefer at alphanet.ch (Marc SCHAEFER)
Date: Mon Sep 13 13:11:01 2004
Subject: [gull-annonces] =?iso-8859-1?Q?R=E9sum?=
 =?iso-8859-1?Q?=E9?= SecurityFocus Newsletter #265
Message-ID: <20040913100803.GA2062@defian.alphanet.ch>

Rappel des r?gles de filtrage:

   - pas de jeux, chat ou autres programme de ce genre
   - pas de logiciel non libre au sens DFSG
        exception: `firmware' (p.ex. code contenu dans un
                               modem, etc)
   - pas de scripts PHP

Il est tr?s difficile (de plus en plus!), malheureusement,
de d?terminer les licences des logiciels dans les informations
que donne SecurityFocus, donc quelques erreurs peuvent
malheureusement se glisser.

Ma recommandation pour l'administrateur est de n'installer que des
logiciels support?s par sa distribution -- de pr?f?rence libres -- et
d'administrer lui-m?me les autres logiciels en s'abonnant ? toutes les
listes d'annonces de ces logiciels.

D-Link Securicam Network DCS-900 Internet Camera Remote Conf...
BugTraq ID: 11072
Remote: Yes
Date Published: Aug 31 2004
Relevant URL: http://www.securityfocus.com/bid/11072
Summary:
D-Link Securicam Network DCS-900 Internet Camera is reportedly
affected by a remote configuration vulnerability.  This issue is due
to a design error that allow remote, unauthorized users to update the
IP address of the vulnerable camera.

An attacker may leverage this issue to hijack the vulnerable camera,
ultimately triggering a denial of service condition, as the
unsuspecting user will be unable to connect to the device without
having its IP address.

[ firmware ]

cdrtools rsh Environment Variable Privilege Escalation Vulne...
BugTraq ID: 11075
Remote: No
Date Published: Aug 31 2004
Relevant URL: http://www.securityfocus.com/bid/11075
Summary:
cdrtools is reportedly vulnerable to an rsh environment variable
privilege escalation vulnerability.  This issue is due to a failure of
the application to properly implement security controls when executing
an application specified by the rsh environment variable.

An attacker may leverage this issue to gain superuser privileges on a
computer running the affected software.

[ uniquement si on utilise le gravage ? distance via rsh ou ssh, je
suppose ]

bsdmainutils calendar Information Disclosure Vulnerability
BugTraq ID: 11077
Remote: No
Date Published: Aug 31 2004
Relevant URL: http://www.securityfocus.com/bid/11077
Summary:
The calendar utility contained in the bsdmainutils package on Debian
GNU/Linux systems is reported susceptible to an information disclosure
vulnerability. This is due to a lack of proper file authorization
checks by the application.

The application fails to enforce permissions of included files when
run as the superuser with the '-a' argument, therefore it is possible
for a local attacker to create a calendar file that will disclose the
contents of arbitrary, potentially sensitive files. This may aid them
in further attacks against the affected computer.

By default, the package is installed with a crontab file that will not
call the calendar utility. Systems are only affected if the crontab is
enabled by administrators.

Debian GNU/Linux computers with bsdmainutils versions prior to 6.0.15
are reported to be vulnerable.

MIT Kerberos 5 Multiple Double-Free Vulnerabilities
BugTraq ID: 11078
Remote: Yes
Date Published: Aug 31 2004
Relevant URL: http://www.securityfocus.com/bid/11078
Summary:
There are multiple double-free vulnerabilities reported to exist in
MIT Kerberos 5.

All vulnerabilities stem from inconsistent memory handling routines in
the krb5 library.

These vulnerabilities are exploitable in various ways:

   - An attacker can execute arbitrary code in the context of a KDC
     server process, potentially compromising the entire Kerberos realm.

   - An attacker can execute arbitrary code in the context of a krb524d
     server process, potentially compromising the entire Kerberos realm if
     it is running on the same computer as a KDC.

   - An attacker can execute arbitrary code in the context of various
     other server processes utilizing the krb5 library.

   - An attacker impersonating a KDC or application server may be able to
     execute arbitrary code in the context of a client process attempting
     to authenticate.

Versions up to and including 1.3.4 are reported vulnerable.

MIT Kerberos 5 ASN.1 Decoder Denial Of Service Vulnerability
BugTraq ID: 11079
Remote: Yes
Date Published: Aug 31 2004
Relevant URL: http://www.securityfocus.com/bid/11079
Summary:
It is reported that MIT Kerberos V is susceptible to a denial of
service vulnerability in its ASN.1 decoder.

This vulnerability presents itself when the krb5 library attempts to
decode a malformed ASN.1 buffer.

As a result of this vulnerability, a remote attacker may be able to
deny all Kerberos service in a realm by sending malicious UDP packets
to all KDCs (Key Distribution Center). The affected KDCs would then
stop servicing further authentication requests. All services utilizing
Kerberos for authentication would fail to allow further requests.

MIT Kerberos V versions 1.2.2 through to 1.3.4 are reportedly affected
by this vulnerability.

SuSE Linux PTMX Unspecified Local Denial Of Service Vulnerab...
BugTraq ID: 11081
Remote: No
Date Published: Sep 01 2004
Relevant URL: http://www.securityfocus.com/bid/11081
Summary:
Reportedly SuSE Linux is vulnerable to a local ptmx denial of service
vulnerability; fixes are available.  The underlying cause of this
issue is currently unknown; this BID will be updated as more
information is released.

An attacker may leverage this issue to cause the affected computer to
hang or crash, denying service to legitimate users.

[ /dev/ptmx: un p?riph?rique sp?cial qui permet de cr?er des
  tty dynamiquements, remplace les anciens /dev/pty[pqr]*
  et /dev/tty[pqr]* et leurs probl?mes de s?curit?.
]

imlib/imlib2 Multiple BMP Image Decoding Buffer Overflow Vul...
BugTraq ID: 11084
Remote: Yes
Date Published: Sep 01 2004
Relevant URL: http://www.securityfocus.com/bid/11084
Summary:
Multiple buffer overflow vulnerabilities are reported to exist in the
immlib/imlib2 libraries. These issues may be triggered when handling
malformed bitmap images.

These vulnerabilities could be exploited by a remote attacker to cause
a denial of service in applications that use the vulnerable library to
render images. It is also reported that these vulnerabilities may be
exploited to execute code arbitrary code.

LHA Multiple Code Execution Vulnerabilities
BugTraq ID: 11093
Remote: Yes
Date Published: Sep 01 2004
Relevant URL: http://www.securityfocus.com/bid/11093
Summary:
LHA is reported prone to multiple vulnerabilities.  These issues
include multiple local and remote buffer overflow vulnerabilities and
a remote command execution vulnerability.  Successful exploitation of
these issues may allow an attacker to execute arbitrary code and gain
unauthorized access to a vulnerable computer.

The application is prone to a stack overflow vulnerability when
processing a malicious archive.

Multiple local buffer overflow vulnerabilities were reported as well.
These issues can be triggered by supplying an excessive string value
to the application through the command line.

Additionally, a remote command execution issue affects the
application.  This issue is triggered when LHA processes a directory
with a malformed name.

LHA versions 1.14 and prior are affected by these issues.

Apache mod_ssl Denial Of Service Vulnerability
BugTraq ID: 11094
Remote: Yes
Date Published: Sep 02 2004
Relevant URL: http://www.securityfocus.com/bid/11094
Summary:
Apache mod_ssl is reported susceptible to a denial of service
vulnerability.

This issue presents itself during SSL connections to a vulnerable
Apache server. The affected software may enter into an infinite loop
in certain circumstances. This will consume CPU resources and
potentially cause further connections to the affected server to fail.

All Apache versions from 2.0 through to 2.0.50 are reported
vulnerable.

Squid Proxy NTLM Authentication Denial Of Service Vulnerabil...
BugTraq ID: 11098
Remote: Yes
Date Published: Sep 02 2004
Relevant URL: http://www.securityfocus.com/bid/11098
Summary:
Squid is reported to be susceptible to a denial of service
vulnerability in its NTLM authentication module.

This vulnerability presents itself when attacker supplied input data
is passed to the affected NTLM module without proper sanitization.

This vulnerability allows an attacker to crash the NTLM helper
application. Squid will respawn new helper applications, but with a
sustained, repeating attack, it is likely that proxy authentication
depending on the NTLM helper application would fail. Failure of NTLM
authentication would result in the Squid application denying access to
legitimate users of the proxy.

Squid versions 2.x and 3.x are all reported to be vulnerable to this
issue. A patch is available from the vendor.

Dynalink RTA 230 ADSL Router Default Backdoor Account Vulner...
BugTraq ID: 11102
Remote: Yes
Date Published: Sep 03 2004
Relevant URL: http://www.securityfocus.com/bid/11102
Summary:
The Dynalink RTA 230 ADSL router is reported susceptible to a default
backdoor account vulnerability.

It is reported that the firmware contains a backdoor account. This
account is not visible or modifiable from the web administration
interface. Both the web configuration application and the telnet
service are not listening on the WAN interface by default.

Attackers with network access to internal interfaces of the device can
gain complete access to a vulnerable access point by using the default
credentials.

Other devices utilizing similar firmware may also be affected, but
this has not been confirmed. Other potential devices reported are:
   - US Robotics 9105 and 9106
   - Siemens SE515
   - Buffalo WMR-G54

[ firmware ]

Engenio Storage Controller Remote Denial Of Service Vulnerab...
BugTraq ID: 11108
Remote: Yes
Date Published: Sep 04 2004
Relevant URL: http://www.securityfocus.com/bid/11108
Summary:
It is reported that hardware based on Engenio Storage Controllers are
prone to a remote denial of service vulnerability.  This could also
result reportedly result in unrecoverable corruption of data.

Affected hardware includes Storagetek D280, and IBM DS4100 (formerly
FastT 100) and Brocade SilkWorm Switches.  Other devices may be
affected such as other Storagetek and IBM FastT storage controllers,
SGI, and Teradata storage controllers though this has not confirmed.
The problem may exist in the underlying vxWorks operating system
though this has also not been confirmed.

[ firmware. Ne mettez pas votre r?seau de donn?es sur un r?seau
g?n?ral. ]



From schaefer at alphanet.ch  Thu Sep 16 10:11:03 2004
From: schaefer at alphanet.ch (Marc SCHAEFER)
Date: Thu Sep 16 10:11:03 2004
Subject: [gull-annonces] =?iso-8859-1?Q?R=E9sum?=
 =?iso-8859-1?Q?=E9?= SecurityFocus Newsletter #266
Message-ID: <20040916074459.GA2375@defian.alphanet.ch>

Engenio Storage Controller Remote Denial Of Service Vulnerab...
BugTraq ID: 11108
Remote: Yes
Date Published: Sep 04 2004
Relevant URL: http://www.securityfocus.com/bid/11108
Summary:
It is reported that hardware based on Engenio Storage Controllers are
prone to a remote denial of service vulnerability.  This could also
result reportedly result in unrecoverable corruption of data.

Affected hardware includes Storagetek D280, and IBM DS4100 (formerly
FastT 100) and Brocade SilkWorm Switches.  Other devices may be
affected such as other Storagetek and IBM FastT storage controllers,
SGI, and Teradata storage controllers though this has not confirmed.
The problem may exist in the underlying vxWorks operating system
though this has also not been confirmed.

[ firmware ]

OpenCA HTML Injection Vulnerability
BugTraq ID: 11113
Remote: Yes
Date Published: Sep 06 2004
Relevant URL: http://www.securityfocus.com/bid/11113
Summary:
It has been reported that OpenCA is vulnerable to a HTML injection
attack due to inadequate validation / filtering of user input into a
web form frontend.  The vulnerability is present in the OpenCA PKI
software.  According to the report, malicious user-data containing
embedded HTML will persist in the system after it is injected.

[ X.509 / PKI Open Certificate Authority Server ]

Multi Gnome Terminal Information Leak Vulnerability
BugTraq ID: 11117
Remote: No
Date Published: Sep 06 2004
Relevant URL: http://www.securityfocus.com/bid/11117
Summary:
It has been reported that Multi Gnome Terminal may output active user
keystrokes to a file that is potentially world readable.  According to
the report, Gnome Multi Terminal "has been known to" (i.e. under some
circumstances, which are unclear at this time) write keystroke data to
~/.xsession-errors.  As this file can be world readable, this may
result in a leak of confidential information to other local users.

Webmin / Usermin HTML Email Command Execution Vulnerability
BugTraq ID: 11122
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11122
Summary:
Webmin / Usermin are reportedly affected by a command execution
vulnerability when rendering HTML email messages. This issue is due to
a failure to sanitize HTML email messages and may allow an attacker to
execute arbitrary commands on a vulnerable computer.

This issue is reported to affect Usermin versions 1.080 and prior.

gnubiff Multiple Remote POP3 Protocol Vulnerabilities
BugTraq ID: 11123
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11123
Summary:
Reportedly gnubiff is affected by multiple pop3 protocol
vulnerabilities.  The first issue is due to a design error in the pop3
protocol implementation that causes the application the crash.  The
second issue is a buffer overflow in the pop3 implementation.

An attacker might leverage these issues to cause the affected
application to crash and to manipulate process memory ultimately
facilitating arbitrary code execution.

Net-Acct Symbolic Link Vulnerability
BugTraq ID: 11125
Remote: No
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11125
Summary:
Net-Acct is reportedly affected by a symbolic link vulnerability. This
issue is due to a design error that fails to properly verify files
prior to writing to them.

This issue will allow an attacker to overwrite arbitrary
files. Reportedly, this issue could be leveraged to facilitate
privilege escalation.

[ Logs network traffic to a (?) MySQL database for analysis ]

OpenLDAP Ambiguous Password Attribute Weakness
BugTraq ID: 11137
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11137
Summary:
It is reported that in certain undisclosed cases, OpenLDAP is
susceptible to an ambiguous password attribute weakness.

If an attacker is able to retrieve a password hash as contained in the
OpenLDAP database, they are possibly able to directly authenticate to
the LDAP database. An attacker is able to gain unauthorized access if
they can sniff password hashes from the network, or retrieve the
contents of the 'userPassword' attribute from a database backup, or
through weak permissions on the database.

The OpenLDAP that is included with Apple Mac OS X, versions 10.3.4 and
10.3.5 is reported to be affected. Versions of OpenLDAP included in
other operating systems are also possibly affected.

Ulrik Petersen Emdros Database Engine Denial Of Service Vuln...
BugTraq ID: 11143
Remote: Yes
Date Published: Sep 08 2004
Relevant URL: http://www.securityfocus.com/bid/11143
Summary:
It is reported that Emdros is prone to a denial of service
vulnerability, due to a memory leak while running as a daemon.

This vulnerability is present in the 'mql' process. This process
contains a memory leak, and if it is run as a daemon, a remote
attacker has the ability to consume all available memory until the
process crashes.

[ http://emdros.org/, GPL, with other licences available for special
projects, the database engine for analyzed or annotated text ]

Versions prior to 1.1.20 are reported susceptible to this
vulnerability.

OpenOffice/StarOffice Local File Disclosure Vulnerability
BugTraq ID: 11151
Remote: No
Date Published: Sep 10 2004
Relevant URL: http://www.securityfocus.com/bid/11151
Summary:
StarOffice and OpenOffice are reported prone to a local file
disclosure vulnerability.  This issue presents itself because the
application creates insecure temporary files.  Each time a user saves
a file, a compressed copy of the file is saved in a temporary
direcotry.  This can allow a local attacker to disclose files of other
users.

OpenOffice 1.1.2 and StarOffice 7.0 are reported prone to this
vulnerability.

[ StarOffice est proprietaire ]



From schaefer at alphanet.ch  Tue Sep 21 11:11:01 2004
From: schaefer at alphanet.ch (Marc SCHAEFER)
Date: Tue Sep 21 11:11:01 2004
Subject: [gull-annonces] Que sont et que peuvent apporter les logiciels libres? 21 octobre, 20 heures, au Club 44, La Chaux-de-Fonds
Message-ID: <20040921085834.GA2136@defian.alphanet.ch>

Que sont et que peuvent apporter les logiciels libres ?
Jeudi 21 octobre, 20 heures, Club 44

De plus en plus d'utilisateurs ou de responsables informatique se tournent
vers les logiciels dits libres ? Mais ceux permettent-ils vraiment d'?chapper
aux virus ou d'?viter de co?teuses mises ? jour ? Comment se les
procure-t-on ? Sont-ils effectivement gratuits ? Le passage d'un syst?me ?
l'autre peut-il se faire sans perte de donn?es ? Quels sont en fin de compte
les avantages et inconv?nients, du point de vue technique, financier ou
l?gal des logiciels libres ? Ceux-ci sont-ils ? l'informatique ce que les
labels bio sont ? l'agriculture ?

Marc Schaefer, conseiller ind?pendant en informatique libre, vous proposera
une vue d'ensemble de la probl?matique.

La soir?e sera pr?sid?e par Ivan Zender, avocat ? La Chaux-de-Fonds.

Club 44
Centre de culture, d'information et de rencontres
64, rue de la Serre
CH - 2300 La Chaux-de-Fonds
T?l : +41 (0)32 913 45 44
Fax : +41 (0)32 913 35 83
Internet : www.club44.ch
Administratrice (Marina Nunez):
club44 at vtx.ch
D?l?gu? culturel (Thomas Sandoz):
thomas.sandoz at ccdille.ch


From anne.possoz at epfl.ch  Thu Sep 23 09:11:02 2004
From: anne.possoz at epfl.ch (Anne Possoz)
Date: Thu Sep 23 09:11:02 2004
Subject: [gull-annonces] cours mardi 5 octobre: LDAP et Tequila
Message-ID: <200409221914.i8MJEWNb016603@slpc7.epfl.ch>

Bonsoir,

Information concernant le prochain cours du Gull (j'esp?re que la page
du site du Gull sera mise ? jour avec ces d?tails):

 - sujet (en 2 partie mais une soir?e):

    * Introduction ? LDAP
    * Tequila: outil d'authentification distribu? pour le web

 - inscription : http://linux-gull.ch/cours/index.html
 - date : le mardi 5 octobre ? 19h30 ? 22h.
 - lieu : Grenier Bernois ? Morges 
     (plan : http://linux-gull.ch/pv/images/AG2003plan.jpg)
 - par : Claude Lecommandeur, de l'EPFL.

Une petite phrase qui d?crit bien Claude et ses responsabilit?s 
( http://kis.epfl.ch/page44412.html ) :
? Est charg? du poser les fondations, sur lesquelles pousseront les bl?s d'o? 
seront extrait les moellons servant de ferment pour l'?rection du syst?me 
d'informations de l'EPFL. ?

Pour la documentation Tequila, voir http://tequila.epfl.ch/.

Petite remarque personnelle: Tequila, c'est magnifique pour
l'authentification (avec single sign-on).


					Anne
-- 
Anne Possoz, Domaine IT-GE            Espace logiciel libre ? l'Ecole
Ecole Polytechnique F?d?rale de Lausanne, 1015 Lausanne (Switzerland)




From schaefer at alphanet.ch  Thu Sep 23 17:11:02 2004
From: schaefer at alphanet.ch (Marc SCHAEFER)
Date: Thu Sep 23 17:11:02 2004
Subject: [gull-annonces] =?iso-8859-1?Q?R=E9sum?=
 =?iso-8859-1?Q?=E9?= SecurityFocus Newsletter #267
Message-ID: <20040923144130.GA2019@defian.alphanet.ch>

John Sterling mod_cplusplus Buffer Overflow Vulnerability
BugTraq ID: 11152
Remote: Yes
Date Published: Sep 10 2004
Relevant URL: http://www.securityfocus.com/bid/11152
Summary:
John Sterling mod_cplusplus is a framework for creating Apache modules
in C++. This is designed to function in a similar fashion as mod_perl.

It is reported that mod_cplusplus contains a buffer overflow
vulnerability.

This may allow attacker-supplied data to overwrite a fixed size memory
buffer, corrupting adjacent memory regions. This may allow for denial
of service conditions, or possible remote code execution.

Versions prior to 1.4.1 are reported susceptible to this
vulnerability.

Apache Web Server Configuration File Environment Variable Lo...
BugTraq ID: 11182
Remote: No
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11182
Summary:
Reportedly the Apache Web Server is affected by a configuration file
environment variable local buffer overflow vulnerability.  This issue
is due to a failure of the affected application to validate
user-supplied string lengths before copying them into finite process
buffers.

An attacker may leverage this issue to execute arbitrary code on the
affected computer with the privileges of the Apache Web Server
process.

Apache mod_ssl Remote Denial of Service Vulnerability
BugTraq ID: 11154
Remote: Yes
Date Published: Sep 10 2004
Relevant URL: http://www.securityfocus.com/bid/11154
Summary:
Apache 2.x mod_ssl is reported prone to a remote denial of service
vulnerability.  This issue likely exists because the application fails
to handle exceptional conditions.  The vulnerability originates in the
'char_buffer_read' function of the 'ssl_engine_io.c' file.

It is likely that this issue only results in a denial of service condition in child process.  This BID will be updated as more information becomes available.

Apache 2.0.50 is reported to be affected by this issue, however, it is
possible that other versions are vulnerable as well.

Apache mod_dav LOCK Denial Of Service Vulnerability
BugTraq ID: 11185
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11185
Summary:
Apache's 'mod_dav' module is reported susceptible to a denial of
service vulnerability.

This vulnerability presents itself when Apache is configured to use
the 'mod_dav' module, and it receives a specific sequence of LOCK
commands from an authorized user.

This vulnerability can be exploited by remote attackers to crash
Apache processes. If Apache is configured to use the threaded process
model, an attacker could completely crash Apache. If Apache is
configured to use multiple processes as apposed to threads, an
attacker could crash individual web server processes. With a sustained
attack, they could crash multiple server processes, and still likely
deny service to legitimate users.

All versions of Apache 2.0, prior to 2.0.51 are reported vulnerable.

Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
BugTraq ID: 11187
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11187
Summary:
Apache Web Server is reportedly affected by a remote buffer overflow
vulnerability.  This issue is due to a buffer boundary condition error
that fails to provide a valid string length parameter while using libc
memory copy functions.

It has been reported that this issue can be exploited to execute
arbitrary code on computers running BSD based Unix variants.  This
issue is reportedly due to the implementation of the 'memcpy()'
function.

On Linux based Unix variants this issue can only be exploited to
trigger a denial of service condition.

Webmin / Usermin Installation Insecure Temporary File Creati...
BugTraq ID: 11153
Remote: No
Date Published: Sep 10 2004
Relevant URL: http://www.securityfocus.com/bid/11153
Summary:
It is reported that Webmin and Usermin create insecure temporary files
during installation. The result of this is that temporary files
created by the applications may use predictable filenames.

A local attacker may possibly exploit this vulnerability to execute
symbolic link file overwrite attacks.

Versions of Usermin prior to version 1.090 are reported prone to this
vulnerability.  Webmin 1.150 and prior versions are affected as well.

Samba Multiple ASN.1 and MailSlot Parsing Remote Denial Of S...
BugTraq ID: 11156
Remote: Yes
Date Published: Sep 13 2004
Relevant URL: http://www.securityfocus.com/bid/11156
Summary:
Samba is reportedly affected by multiple remote denial of service
vulnerabilities. These issues are due to a failure to properly parse
ASN.1 and MailSlot packets.

An attacker may leverage these issues to cause the affected Samba
server to become inaccessible, and to crash the NetBIOS name server,
effectively denying service to legitimate users.

Samba samba-vscan Undisclosed Denial Of Service Vulnerabilit...
BugTraq ID: 11216
Remote: Yes
Date Published: Sep 17 2004
Relevant URL: http://www.securityfocus.com/bid/11216
Summary:
An undisclosed denial of service vulnerability is reported to exist
that may result in a denial of service for both the smbd and nmbd
daemons. It is reported that the counter and pointer-handling present
in 'samba-vscan' may provide an exploit vector for this vulnerability.

This BID will be updated when further information regarding this
vulnerability is made available.

Multiple Vendor MIME Encapsulation Content Checking Filter B...
BugTraq ID: 11157
Remote: Yes
Date Published: Sep 13 2004
Relevant URL: http://www.securityfocus.com/bid/11157
Summary:
Multiple filter bypass vulnerabilities have been reported in numerous
software implementations due to ambiguities in MIME encapsulation
standards (RFCs 822, and 2045 through 2049).

The following types of software may be impacted by these issues:
- Email clients
- Web clients
- Antivirus products
- Email content filters
- Web content filters

The source of the problem is that affected implementations may not
handle malformed or incorrect MIME encapsulated data.  As a result,
various MIME encapsulation techniques could be used to allow MIME
attachments to pass on through when they should be rejected due to
being malformed or incorrect.  This could have various consequences
depending on the implementation, but will also generally require that
the client receiving the attachment will be able to interpret the
malformed attachment.

A conclusive list of affected implementations is not available at this
time.  This BID will be updated as more vendor products are determined
to be vulnerable.

[ Trop g?n?ral ]

Pingtel Xpressa Handset Remote Denial Of Service Vulnerabili...
BugTraq ID: 11161
Remote: Yes
Date Published: Sep 13 2004
Relevant URL: http://www.securityfocus.com/bid/11161
Summary:
Pingtel Xpressa handsets are reported prone to a remote denial of
service vulnerability. The issue is reported to exist because of a
lack of sufficient boundary checks performed on HTTP request data
handled by the Xpressa administration web server.

It is reported that a remote attacker may exploit this vulnerability
to effectively deny service to the affected handset. Due to the nature
of this vulnerability, it is reported that this issue may be exploited
in order to execute arbitrary code.

[ firmware ]

Lexar JumpDrive Secure USB Flash Drive Insecure Password Sto...
BugTraq ID: 11162
Remote: No
Date Published: Sep 13 2004
Relevant URL: http://www.securityfocus.com/bid/11162
Summary:
Lexar JumpDrive Secure USB Flash Drive is reportedly affected by an
insecure password storage vulnerability.  This issue is due to a
design error which causes the password to be stored insecurely on the
affected device.

An attacker can exploit this issue to gain access to the password
protecting the secure private zone of the affected drive, facilitating
unauthorized access.

[ firmware ]

ZyXEL P681 ARP Request Information Disclosure Vulnerability
BugTraq ID: 11167
Remote: Yes
Date Published: Sep 13 2004
Relevant URL: http://www.securityfocus.com/bid/11167
Summary:
It is reported that ZyXEL Prestige 681 SDSL routers are susceptible to
an information disclosure vulnerability.

An attacker sniffing network traffic on an attached network would be
able to retrieve partial contents of network packets that have
traversed the affected device.

This information may assist malicious users in attacks on systems and
services that utilize the affected device.

ZyNOS version Vt020225a is reported vulnerable to this issue. Due to
code reuse among products, it is likely that other devices and
versions are also affected by this issue.

[ firmware ]

Mozilla Browser Non-ASCII Hostname Heap Overflow Vulnerabili...
BugTraq ID: 11169
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11169
Summary:
Mozilla is prone to a remotely exploitable heap overflow that is
exposed when the browser handles non-ASCII characters in URIs.

This issue could be exploited by enticing a user to open a hyperlink
that references a malicious URI.  Successful exploitation will allow
execution of arbitrary code in the context of the client user.

Mozilla Firefox Default Installation File Permission Vulnera...
BugTraq ID: 11166
Remote: No
Date Published: Sep 13 2004
Relevant URL: http://www.securityfocus.com/bid/11166
Summary:
Mozilla Firefox is reported susceptible to an improper file permission
vulnerability. This vulnerability is reported to exist only in the
Linux archive as published by the Mozilla Foundation. If the browser
is installed by package management software contained in many
distributions of Linux, this vulnerability is likely not present.

This allows attackers with local interactive access to computers
hosting installations of Firefox to overwrite binaries and scripts
used by Firefox. This allows script, or code execution in the context
of the user running the affected package.

If this method of installation is used to install a system-wide
version of the browser by the superuser, then root-owned files are
world writable, allowing for code execution in the context of any user
utilizing the affected package.

The installation package from Mozilla.org for versions 0.9.x of
Firefox for Linux is reported to contain this vulnerability.

Mozilla Multiple URI Processing Heap Based Buffer Overflow V...
BugTraq ID: 11170
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11170
Summary:
Mozilla is reportedly affected by multiple heap based buffer overflow
vulnerabilities when processing URIs in emails. These issues are due
to a failure of the affected application to validate user-supplied
string lengths before copying them into finite process buffers.

An attacker might leverage these issues to have arbitrary code
executed in the context of the user running the vulnerable
application.

Mozilla Browser BMP Image Decoding Multiple Integer Overflow...
BugTraq ID: 11171
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11171
Summary:
Mozilla Browser is reportedly prone to multiple integer overflow
vulnerabilities in the image parsing routines.  These issues exist due
to insufficient boundary checks performed by the application.  A
remote attacker may cause denial of service conditions in the client
or execute arbitrary code to gain unauthorized access to a vulnerable
computer.

These vulnerabilities were researched on Mozilla 1.7, however, other
versions may be affected as well.  Thunderbird 0.7 was also tested.

Mozilla Browser vcard Handling Remote Buffer Overflow Vulner...
BugTraq ID: 11174
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11174
Summary:
Mozilla Browser is reported prone to a remote buffer overflow
vulnerability when processing malicious vcard files.  This issue
presents itself due to insufficient boundary checks performed by the
application and may allow a remote attacker to gain unauthorized
access to a vulnerable computer.

It is reported that the issue originates in the 'nsVCardObj.cpp' file
and may allow an attacker to overflow a finite buffer by creating a
malformed vcard (vcf) file and sending the file to a vulnerable user
in email.  Reportedly, this issue occurs when the mail is previewed in
the browser.

These vulnerabilities were researched on Mozilla 1.7, however, other
versions may be affected as well. Thunderbird 0.7 was tested as well.

Mozilla/Firefox Browsers URI Drag And Drop Cross-Domain Scri...
BugTraq ID: 11177
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11177
Summary:
Both Mozilla and Firefox are reported to be prone to a cross-domain
scripting vulnerability. It is reported that URI links that are
dragged from one browser window and dropped into another browser
window will bypass the browser same-origin policy security checks.

Certain URI types may be employed by a malicious website in order to
trigger this vulnerability. If successful, this attack will result in
the execution of arbitrary script code in the context of a target
domain.

Mozilla/Firefox Browsers Unauthorized Clipboard Contents Dis...
BugTraq ID: 11179
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11179
Summary:
A vulnerability is reported in Mozilla and Firefox browsers that could
permit a remote site to gain access to contents of the client user's
clipboard.

This vulnerability exists because certain unsafe scripting operations
are permitted on TextAreas. This can lead to the disclosure of
clipboard contents and malicious Web sites having the ability to write
to a users clipboard.

Mozilla/Firefox Browsers Tar.GZ Archive Weak Permissions Vul...
BugTraq ID: 11192
Remote: No
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11192
Summary:
Mozilla and Mozilla Firefox browsers tar.gz archive that contains the
installation files is reported susceptible to an improper file
permissions vulnerability. It is reported that if the archive is
extracted in a certain manner, then the archive is extracted with
world read/writeable permissions on its contents.

This allows attackers with local interactive access to overwrite or
modify installation files used during the installation of the browser.

Mozilla/Firefox Browsers PrivilegeManager EnablePrivilege Di...
BugTraq ID: 11194
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11194
Summary:
A vulnerability is reported in the Mozilla 'enablePrivilege'
method. Because the argument data of a 'enablePrivilege' method is
used as text in a prompt dialog if the user has not accessed the
principal previously, it is possible to manipulate dialog contents.

A remote attacker may exploit this condition to influence a victim
user into permitting a malicious script to run.

SUS Format String Vulnerability
BugTraq ID: 11176
Remote: No
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11176
Summary:
It is reported that SUS contains a format string vulnerability in its
logging function. This issue is due to a failure of the applications
to properly sanitize user-supplied input before using it as the format
specifier in a formatted printing function.

Due to improper message sanitization, any format string specifiers are
interpreted literally by the syslog() function, giving the attacker
control over process memory.

Due to the nature of the SUS package, an attacker with local
interactive access could exploit this vulnerability to gain superuser
privileges.

SUS versions prior to 2.0.6 are reported vulnerable.

[ sudo-like ]

Inkra 1504GX Remote Denial Of Service Vulnerability
BugTraq ID: 11178
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11178
Summary:
It is reported that the Inkra 1504GX is susceptible to a denial of
service vulnerability.

This vulnerability presents itself when the device receives particular
malformed IP packets. The switch must be configured in a particular
state for this vulnerability to be exploited.

This vulnerability allows a remote attacker to crash affected devices,
denying service to legitimate users.

Inkra 1504GX routers with VSM release 2.1.4.b003 is reportedly
vulnerable to this issue. Other versions are also likely affected.

[ firmware ]

SnipSnap HTTP Response Splitting Vulnerability
BugTraq ID: 11180
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11180
Summary:
SnipSnap is reported prone to an HTTP response splitting
vulnerability.  The issue exists in the 'referer' parameter.  The
issue presents itself due to a flaw in the application that allows an
attacker to manipulate how POST requests are handled.

This issue was identified in SnipSnap 0.5.2a and prior.

[ weblog/wiki en Java ]

CUPS UDP Packet Remote Denial Of Service Vulnerability
BugTraq ID: 11183
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11183
Summary:
CUPS is prone to a remotely exploitable denial of service
vulnerability that may be triggered through port 631 by a zero-length
UDP packet.

LinuxPrinting.org Foomatic-Filter Command Execution Vulnerab...
BugTraq ID: 11184
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11184
Summary:
Reportedly the LinuxPrinting.org Foomatic-Filter is affected by an
arbitrary command execution vulnerability.  Although unconfirmed, it
is likely that this issue is due to a failure of the affected script
to properly validate input when issuing shell commands.

An attacker may exploit this issue to execute arbitrary commands as
the printer user on a computer running the vulnerable software.

Multiple Browser Cross-Domain Cookie Injection Vulnerability
BugTraq ID: 11186
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11186
Summary:
Multiple Browsers are reported prone to a cross-domain cookie
injection vulnerability.  This issue is identified in Microsoft
Internet Explorer, KDE Konqueror, and Mozilla and may allow an
attacker to carry out session hijacking attacks.

The issue presents itself due to a design error in multiple browsers
that allows cookies to be incorrectly sent to other domains.

This BID will be divided and updated as more information becomes
available.

gdk-pixbuf Multiple Vulnerabilities
BugTraq ID: 11195
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11195
Summary:

Multiple vulnerabilities have been reported in gdk-pixbuf.

The first vulnerability in the library presents itself upon attempting
to decode BMP images. In certain circumstances, the library may enter
into an infinite loop, consuming CPU resources, and halting further
execution of applications utilizing the library.

The second and third vulnerabilities are exist when the library
attempts to decode XPM images. Specially crafted image files could
either crash applications utilizing the affected library, or allow for
the execution of attacker-supplied code.

The forth and last vulnerability in the library presents itself upon
attempting to decode ICO images. Specially crafted ICO files could
cause applications to crash.

These vulnerabilities allow attackers to crash applications, or
execute arbitrary code in the context of applications that use the
affected library.

libXpm Image Decoding Multiple Remote Buffer Overflow Vulner...
BugTraq ID: 11196
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11196
Summary:
Multiple vulnerabilities are reported to exist in the libXpm. These
issues may be triggered when the library handles malformed XPM images.
The vulnerabilities exist due to insufficient boundary checks
performed by the application and may allow for unauthorized access to
a vulnerable computer.

An attacker can exploit these issues by crafting a malicious XPM file
and having unsuspecting users view the file through an application
that uses the affected library.

libXpm shipped with X.org X11R6 6.8.0 is reported vulnerable to this
issue.

This BID will be divided and updated as more information becomes
available.

SMC7004VWBR and SMC7008ABR Authentication Bypass Vulnerabili...
BugTraq ID: 11197
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11197
Summary:
SMC 7004VWBR, and 7008ABR devices are reportedly susceptible to an
authentication bypass vulnerability in their web administration
interface.

This vulnerability exists due to the method by which the web
administration software validates authenticated users. Reportedly, the
software uses the source IP address of the web client to differentiate
between users accessing the administration interface.

This vulnerability allows attackers to gain administrative access to
affected devices.

[ firmware ? ]

GNU Radius SNMP String Length Remote Denial Of Service Vulne...
BugTraq ID: 11198
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11198
Summary:
GNU Radius is reported prone to a remote integer overrun
vulnerability. When GNU Radius handles SNMP string lengths that
contain a large unsigned number, a memory access violation will occur
this will cause the affected service to crash.

A remote attacker may exploit this condition to cause the affected
server to crash.

sudo Information Disclosure Vulnerability
BugTraq ID: 11204
Remote: No
Date Published: Sep 16 2004
Relevant URL: http://www.securityfocus.com/bid/11204
Summary:
sudo is reported prone to an information disclosure vulnerability.

This vulnerability presents itself when sudo is called with the '-e'
option, or the 'sudoedit' command is invoked. In certain
circumstances, attackers may access the contents of arbitrary files
with superuser privileges.

Version 1.6.8 is reported susceptible to this vulnerability.

xine-lib DVD Subpicture Decoder Heap Overflow Vulnerability
BugTraq ID: 11205
Remote: Yes
Date Published: Sep 16 2004
Relevant URL: http://www.securityfocus.com/bid/11205
Summary:
A buffer overflow in the DVD subpicture component, exploitable through
malicious DVD or MPEG content, may allow for the execution of
arbitrary code.  The xine-lib decoder converts subpicture data into an
internal representation and stores it in dynamically allocated memory.
There exists a flaw in the calculation of required buffer space that
may result in allocation of a buffer that is too small.  Consequently,
neighboring data in the heap may be corrupted when data is written to
the buffer.

This vulnerability can theoretically be exploited to write arbitrary
words to nearly arbitrary locations in memory.  The Linux and Windows
dynamic memory allocation subsystems may be more susceptible than
BSD-based systems.

xine-lib VideoCD And Text Subtitle Stack Overflow Vulnerabil...
BugTraq ID: 11206
Remote: Yes
Date Published: Sep 16 2004
Relevant URL: http://www.securityfocus.com/bid/11206
Summary:
Two buffer overflows are reported to exist in xine-lib. These issues
are exploitable through malicious VideoCDs or subtitle text content,
and may allow for the execution of arbitrary code in the context of
the user invoking Xine. Attackers can overwrite critical memory
structures and return addresses in order to control the flow of
execution of the application.

The first vulnerability presents itself when the affected application
attempts to read malicious ISO disk labels from VideoCDs. The second
vulnerability presents itself when the affected application attempts
to parse malicious text subtitle data.

xine-lib versions 1-rc2 though 1-rc5 are reported vulnerable to these
issues.

MacOSXLabs RsyncX Local Privilege Escalation Vulnerability
BugTraq ID: 11211
Remote: No
Date Published: Sep 17 2004
Relevant URL: http://www.securityfocus.com/bid/11211
Summary:
It is reported that RsyncX is prone to a local privilege escalation
vulnerability.

RsyncX is installed setuid root and setgid wheel. It is reported that
RsyncX drops root privileges properly but fails to drop setgid wheel
privileges before executing a third party binary.

A local attacker may exploit this vulnerability to execute arbitrary
code with group wheel privileges.

[ je suppose que la licence est libre, mais c'est ? v?rifier. De plus
  c'est inexploitable sans l'interface graphique propri?taire de
  MacOS X. ]

MacOSXLabs RsyncX Insecure Temporary File Creation Vulnerabi...
BugTraq ID: 11212
Remote: No
Date Published: Sep 17 2004
Relevant URL: http://www.securityfocus.com/bid/11212
Summary:
RsyncX is reported to contain an insecure temporary file creation
vulnerability.  The result of this is that temporary files created by
the application may use predictable filenames.

A local attacker may exploit this vulnerability to execute symbolic
link file overwrite attacks.



From schaefer at alphanet.ch  Fri Sep 24 10:11:04 2004
From: schaefer at alphanet.ch (Marc SCHAEFER)
Date: Fri Sep 24 10:11:04 2004
Subject: [gull-annonces] =?iso-8859-1?Q?Journ=E9?=
 =?iso-8859-1?Q?e?= porte ouvertes Radioamateurs, Myotis et EPFL
Message-ID: <20040924080838.GA2481@defian.alphanet.ch>

[ Mathias Coinchon sur SAITIS ]

Hello, 

Je vous rappelle qu'? lieu ce week end la journ?e portes ouvertes des 
radioamateurs conjointement avec Myotis et l'EPFL. 

Date: Samedi 25 septembre 14H00 ? 17H00 
Lieu: EPFL, b?timents d'?lectricit? (ELA) 

C'est l'occasion de d?couvrir les moyens de communication alternatifs 
des radioamateurs et leurs activit?s. 
Myotis sera pr?sent pour montrer ses activit?s. 
Il y aura aussi des d?monstration de l'EPFL (robots). 

A bient?t ;-) 

Mathias 

Voici la liste des d?mos tir?e du dernier communiqu? de presse des 
radioamateurs: 

 - WiFi: Access point Linksys avec Linux  

 ? Nouveau type d'access point Internet qui permet de faire  
 ? fonctionner ses propres applications directement sur cet  
 ? hardware. Construction d'un r?seau Wi-Fi pour cette manifestation.  
 ??  
 - T?l?phonie IP via Wi-Fi  

 ? D?monstration de communications t?l?phoniques ? partir d'un  
 ? mobile connect? au r?seau Wi-Fi. Gestion de cet appel sur un  
 ? serveur Linux avec passerelle sur le r?seau t?l?phonique public.  

 - Lien optique ? 10Mbps  

 ? D?monstration de l'utilisation d'un lien optique permettant  
 ? l'?change d'informations Internet ? un tr?s haut d?bit (10 mb/s,  
 ? soit 4 fois sup?rieur ? la meilleure connexion ADSL actuelle).  

 - Poster et informations sur une liaison sans fil WiFi de montagne  
 ? ? Vercorin et sur les activit?s de l'association Myotis 

 - Exposition de mat?riel, antennes, ?ventuellement liaison ext?rieure. 
 

 - EPFL: Pr?sentation de deux travaux d'?tudiants li?s aux t?l?coms. 

 ? Le premier travail est relatif ? une nouvelle forme de t?l?phonie 
 ? mobile qui pourrait concurrencer la t?l?phonie de la 4?me 
g?n?ration. 
 ? Id?e: chaque t?l?phone mobile peut servir de relais entre 
 ? un appelant / appel? et un r?seau mobile. Projet en cours de  
 ? d?veloppement. Plus d'infos: http://www.megawatch.org/ 

 ? Le second travail est relatif ? des robots travaillant ensemble 
 ? et communiquant entre eux via une liaison radio WiFi. 
 ? Plus d'infos: http://www.swarm-bots.org/ 

 - pr?sentation et discussions sur les diff?rents cursus offerts 
 ? par l'EPFL pour la formation dans le domaine des t?l?communications. 

 - Radiocommunication ? longue distance: une occasion unique de voir 
 ? et de comprendre comment des organisations telles que le CICR ou 
 ? l'ONU peuvent communiquent ? longue distance sans avoir recours 
 ? ? des r?seaux de t?l?communication priv?s ou publics. D?monstration 
 ? avec du mat?riel radioamateur avec utilisation de l'antenne 
 ? Ondes Courtes de l'EPFL. 

 - d?monstration des autre modes de transmission utilis?s par les 
 ? radioamateurs: TV (http://www.swissatv.ch/), morse,  
 ? modes num?riques (http://www.iapc.ch/). 

 - d?monstration de g?olocalisation. Un r?cepteur GPS est coupl? 
 ? ? un ?metteur et transmet sa position. La localisation d'une  
 ? personne peut se faire sur une carte affich?e sur un ordinateur. 

 - mariage entre les radioamateurs et Internet: d?monstration 
 ? d'interconnexion entre un relais vaudois et un autre relais 
 ? dans un autre pays via Internet en voix sur IP (VoIP). 
 ? Possibilit? d'?tablir des contacts tr?s fiables avec des  
 ? radioamateurs du monde entier. 

 - stand de pr?sentation de la formation n?cessaire pour devenir 
 ? radioamateur. 

 - DRM: d?monstration tr?s impressionnante. La DRM est la  
 ? "Digital Radio Mondiale". Elle permet d'?mettre sur Ondes 
 ? Courtes avec une qualit? proche de ce que l'on obtient  
 ? avec un CD. Ce sera l'avenir de la diffusion d'?missions 
 ? commerciales en Ondes Courtes sur longues distances, ceci 
 ? pour autant qu'aucune autre technologie ne vienne entraver  
 ? sa r?ception par des parasites, comme le fait actuellement 
 ? par exemple la technologie PLC (transmission de signaux  
 ? Internet via le courant 230V). 

 - Audiorama: Le mus?e national Suisse de l'audiovisuel nous 
 ? a mis ? disposition un ancien appareil radioamateur datant  
 ? de 1939. Sera expos? ? c?t? de l'installation de r?ception 
 ? DRM afin de se rendre compte des progr?s accomplis en 65 ans :-) 

 - allo.ch: pr?sence de 4 Communautaires d'allo.ch qui seront 
 ? ? votre disposition pour d?battre des probl?mes li?s aux 
 ? r?seaux et aux configurations Internet. 




From robert at prolibre.com  Mon Sep 27 12:37:03 2004
From: robert at prolibre.com (Gilbert Robert)
Date: Mon Sep 27 12:37:03 2004
Subject: [gull-annonces] =?ISO-8859-1?Q?pr=E9sentation_de_Linux_=E0_la_maison_?=
 =?ISO-8859-1?Q?des_associations_=E0_Gen=E8ve?=
Message-ID: <4157D7AB.40901@prolibre.com>


La Maison des associations ? Gen?ve, organise une soir?e d'information 
sur Linux et les Logiciels Libres.

Lieu: La maison des associations, 15 rue des Savoises, CH-1205 gen?ve
Date: 28 septembre 2004 ? 19h00

Au programme:

- pr?sentation de Linux et des Logiciels Libre
- expos? d'une migration de Windows ? Linux chez Terre-des-Hommes
- d?monstrations

Pr?sents:

- Gilbert Robert - Pr?sident du GULL
- Beto Duraes - Responsable informatique chez Terre-des-Hommes Suisse
- Jean-Luc Pitet- Secretaire g?n?ral de Terre-des-Hommes Suisse




Gilbert



From schaefer at alphanet.ch  Thu Sep 30 14:11:05 2004
From: schaefer at alphanet.ch (Marc SCHAEFER)
Date: Thu Sep 30 14:11:05 2004
Subject: [gull-annonces] =?iso-8859-1?Q?R=E9sum?=
 =?iso-8859-1?Q?=E9?= SecurityFocus Newsletter #268
Message-ID: <20040930115914.GA17543@defian.alphanet.ch>

J?rg Schilling SDD Remote Tape Support  Client Undisclosed V...
BugTraq ID: 11217
Remote: Unknown
Date Published: Sep 18 2004
Relevant URL: http://www.securityfocus.com/bid/11217
Summary:
J?rg Schilling sdd is reported prone to an undisclosed
vulnerability. The issue is reported to present itself in the RMT
client.

This BID will be updated as soon as further analysis of this
vulnerability is completed.

FreeRADIUS Access-Request Denial Of Service Vulnerability
BugTraq ID: 11222
Remote: Yes
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11222
Summary:
Reportedly FreeRADIUS is affected by a remote denial of service
vulnerability.  This issue is due to a failure of the application to
handle malformed packets.

An attacker may leverage this issue to cause the affected server to
crash, denying service to legitimate users.

getmail Local Symbolic Link Vulnerability
BugTraq ID: 11224
Remote: No
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11224
Summary:
Reportedly getmail is affected by a local symbolic link
vulnerability. This issue is due to a failure of the application to
validate files prior to writing to them.

An attacker may leverage this issue to cause arbitrary files to be
written to with the privileges of a user that sends messages to an
attacker-controlled file.  This may facilitate privilege escalation or
destruction of data.

OpenBSD Radius Authentication Bypass Vulnerability
BugTraq ID: 11227
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11227
Summary:
OpenBSD is reported prone to an authentication bypass vulnerability
when using Radius authentication.  This issue can be leverage by
spoofing traffic on a vulnerable network and carrying out a
man-in-the-middle attack to gain unauthorized access to an OpenBSD
computer.

This vulnerability arises if an OpenBSD computer is configured to use
Radius authentication and may allow an attacker to gain unauthorized
access to the OpenBSD computer.

The vulnerability is confirmed in OpenBSD 3.2 and OpenBSD 3.5.  Other
versions may be vulnerable as well.

Jabber Studio JabberD Remote Denial Of Service Vulnerability
BugTraq ID: 11231
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11231
Summary:
Jabber Studio jabberd is reportedly affected by a remote denial of
service vulnerability.  This issue is due to a failure of the
application to properly handle malformed network messages.

An attacker may leverage this issue by causing the affected server to
crash, denying service to legitimate users.

latex2rtf Remote Buffer Overflow Vulnerability
BugTraq ID: 11233
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11233
Summary:
It is reported that latex2rtf is susceptible to a remote buffer
overflow vulnerability when handling malformed files. This
vulnerability may allow a remote attacker to execute arbitrary code on
a vulnerable computer to gain unauthorized access. This issue is due
to a failure of the application to perform proper bounds checks before
copying data into a fixed sized memory buffer.

Version 1.9.15 of latex2rtf is reported vulnerable to this
issue. Other versions may also be affected.

Symantec Enterprise Firewall/VPN Appliance Multiple Remote V...
BugTraq ID: 11237
Remote: Yes
Date Published: Sep 22 2004
Relevant URL: http://www.securityfocus.com/bid/11237
Summary:
Symantec Enterprise Firewall/VPN Appliance is affected by multiple
remote vulnerabilities.  These issues are due to a failure of the
application to handle exceptional conditions, a default configuration
issue exists as well.

An attacker can leverage a denial of service issue to cause the
affected appliance to stop responding, requiring a power off to bring
the device back to functionality.  A filter bypass issue allows an
attacker to bypass the filters on the 'tftpd', 'snmpd', and 'isakmp'
services.  An attacker can also read and write the community string of
the affected device by default, facilitating disclosure and altering
of the device's settings.

[ firmware ]

Apache Satisfy Directive Access Control Bypass Vulnerability
BugTraq ID: 11239
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11239
Summary:
Apache Web Server is reportedly affected by an access control bypass
vulnerability.  This issue presents itself due to an unspecified error
in the merging of the 'Satisfy' directive.  As a result, a remote
attacker may bypass access controls and gain unauthorized access to
restricted resources.

It is reported that this issue only affects Apache 2.0.51.

Due to a lack of details, further information is not available at the
moment.  This BID will be updated as more information becomes
available.

Red Hat redhat-config-nfs Exported Shares Configuration Vuln...
BugTraq ID: 11240
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11240
Summary:
Red Hat redhat-config-nfs is affected by an exported shares
configuration vulnerability.  These issues are due to a failure of the
application to apply proper settings to the affected network file
system (NFS) shares.

This issue would cause some NFS option, such as 'all_squash' to fail
to be applied, potentially giving administrators a false sense of
security.

Motorola WR850G Wireless Router Remote Authentication Bypass...
BugTraq ID: 11241
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11241
Summary:
Motorola WR850G wireless router is reported prone to a remote
authentication bypass vulnerability.  This issue is caused by a design
error and may allow an attacker to ultimately take complete control
over the device.

A remote attacker can gain access to the Web interface of the affected
device by periodically attempting to access restricted pages such as
the 'ver.asp' script.

Motorola wireless router WR850G running firmware version 4.03 is
reportedly affected by this issue.  It is possible that other models
and firmware versions are affected as well.

[ firmware ]

Inkra Router Virtual Service Switch Remote Denial Of Service...
BugTraq ID: 11242
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11242
Summary:
The Inkra Router Virtual Service Switch is affected by a remote denial
of service vulnerability.  This issue is due to a failure of the
application to handle exceptional network data.

An attacker may leverage this issue to cause the affected device to
crash, denying service to legitimate users.

[ firmware ]

Subversion Mod_Authz_Svn Metadata Information Disclosure Vul...
BugTraq ID: 11243
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11243
Summary:
It is reported that Subversions mod_authz_svn module is susceptible to
an information disclosure vulnerability.

This vulnerability is presents itself when paths that are marked as
unreadable are accessed by particular Subversion client commands. It
is reportedly possible to disclose the existence of files that are
inaccessible to users. Under certain circumstances it may also be
possible to disclose commit log messages, or even the contents of
files that are configured to be inaccessible to users.

This vulnerability is reported to exist in versions prior to 1.0.8 and
1.1.0-rc4.

Canon ImageRUNNER 5000 Printer Email Printing Vulnerability
BugTraq ID: 11247
Remote: Yes
Date Published: Sep 24 2004
Relevant URL: http://www.securityfocus.com/bid/11247
Summary:
The Canon imageRUNNER printer is a network based printer and
photocopier designed to facilitate all small office printing
requirements.

Canon imageRUNNER 5000 is reportedly vulnerable to an email printing
vulnerability.  This issue is due to an access validation issue that
fails to require authorization to have emails printed.

Reportedly it is impossible to disable the vulnerable email server
feature.

An attacker may leverage this issue to print arbitrary text on an
affected printer, potentially consuming resources and triggering a
denial of service condition.

[ firmware ]

Zinf Malformed Playlist File Remote Buffer Overflow Vulnerab...
BugTraq ID: 11248
Remote: Yes
Date Published: Sep 24 2004
Relevant URL: http://www.securityfocus.com/bid/11248
Summary:
Zinf is reported prone to a remote buffer overflow vulnerability when
processing malformed playlist files.  This issue exists due to
insufficient boundary checks performed by the application and may
allow an attacker to gain unauthorized access to a vulnerable
computer.

Reportedly, this issue affects Zinf version 2.2.1 for Windows.  Zinf
version 2.2.5 for Linux is reportedly fixed, however, this is not
confirmed at the moment.