From schutz at mathgen.ch Wed Feb 16 12:51:02 2005 From: schutz at mathgen.ch (Frederic Schutz) Date: Wed Feb 16 12:51:02 2005 Subject: [gull-annonces] Assemblee Generale du GULL le 3 mars Message-ID: <1108554557.4213333db9cee@mail.hebweb.net> Bonjour, tous les membres du GULL ont du recevoir par courrier une convocation pour l'assemblee generale qui aura lieu le 3 mars a Morges. L'ordre du jour est annexe a la convocation; parmi les points importants: - l'actuel president ne se represente pas - une modification des statuts est proposee concernant l'implication du GULL dans les projets de vote electronique. Il a ete propose que les candidats au comite (nouveaux ou existants) postent un petit texte de motivation dans la liste gull-org. De meme, la proposition de modification de statuts peut egalement etre discutee dans cette liste pour raccourcir la discussion de l'assemblee. Frederic From robert at prolibre.com Wed Feb 16 12:53:03 2005 From: robert at prolibre.com (Gilbert Robert) Date: Wed Feb 16 12:53:03 2005 Subject: [gull-annonces] CD d'installation d'OpenOffice Message-ID: <421333D4.9070009@prolibre.com> Un ami a confectionn? un CD d'installation d'OpenOffice. C'est tr?s int?ressant et devrait distribu? sur d'autres sites mirroirs. ----------------------------------------- J'ai confectionn? il y a quelques temps pour les ?tudiants et personnels de l'?cole d'ing?nieurs pour laquelle je travaille (ESIL - http://www.esil.univ-mrs.fr) un CD avec tout ce qui va bien pour installer OpenOffice.org 1.1.3. : les installeurs pour Windows, Linux, FreeBSD, MacOSX ainsi que les docs (un gros paquet), les packages linguistiques (dictionnaires) pour ceux qui n'installent pas en ligne, les macros DicOOo,InstallVirgule... Tout ceci est r?f?renc? depuis un fichier d'index LISEZ_MOI_EN_PREMIER.html. Autant qu'il serve ? tout le monde... Il est donc disponible sur le serveur ftp de l'universit? de la M?diterran?e ? : http://ftp.univ-mrs.fr/pub1/images-iso/ESIL_OpenOfficeCD_11-2004.iso Pour ceux qui essaient comme moi de convaincre pour la migration, voil? ce que j'ai r?dig? pour les utilisateurs ESIL au sujet d'OpenOffice.org et du CD: http://www.esil.univ-mrs.fr/~lafirme/website/article.php3?id_article=47 --------------------------------------- G. -- -- ProLibre S?rl - Gilbert ROBERT ** OpenPGP key: F0487CD2 18, Rue des Moraines - CH-1227 Carouge ** t?l: +41 (22) 301 5383 robert at prolibre.com ** http://www.prolibre.com "I hear and I forget. I see and I believe. I do and I understand." Confucius From schaefer at alphanet.ch Wed Feb 16 18:59:01 2005 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Wed Feb 16 18:59:01 2005 Subject: [gull-annonces] [/ch/open] 10.3.05: Open Business Lunch Bern Message-ID: <20050216164244.GA5502@defian.alphanet.ch> Prochain OBL ? Bern le 10.3.05: 11:45 : F?d?ral Entrec?te Caf?, B?renplatz 31, Bern/BE (devant le palais f?d?ral) Corinne Kassapoglou Faist, EPFL, presents a talk on the following theme: An Integrated Platform for Location-based Services built on Java Technologies Abstract: In the context of a EU project, an integrated platform that caters for the full range of issues related to location-based services (service development, deployment and provisioning) has been developed and demonstrated. The platform serves as an execution environment for service instances, integrates various positioning systems (GPS, GSM-based, WLAN-based), and supports multiple end-user intefaces. In addition, a service creation environment enables high-level service specification in an XML-based language, service deployment and testing. The platform is based on open technologies, mainly J2EE and Web Services. The service creation envitronment is based on the Eclipse Project. The speach will be in English. Bio: Corinne Kassapoglou Faist obtained a EE diploma at EPFL (1985) and a M.S. in Mathematics at Rutgers University (1997). From 1985 to 1989 she worked as a R.and T.A at the EE. Department and later at the Mathematics Department at EPFL, respectively on the implementation of control algorithms on DSPs and on the dynamics of recursive digital filters. From schaefer at alphanet.ch Wed Feb 16 19:06:02 2005 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Wed Feb 16 19:06:02 2005 Subject: [gull-annonces] =?iso-8859-1?Q?R=E9sum?= =?iso-8859-1?Q?=E9?= SecurityFocus Newsletter #286 Message-ID: <20050216175106.GA5875@defian.alphanet.ch> FireHOL Insecure Local Temporary File Creation Vulnerability BugTraq ID: 12336 Remote: No Date Published: Jan 24 2005 Relevant URL: http://www.securityfocus.com/bid/12336 Summary: FireHOL is prone to a local insecure temporary file creation vulnerability. This could allow arbitrary files to be overwritten. Linux Kernel Device Driver Virtual Memory Flags Unspecified ... BugTraq ID: 12338 Remote: No Date Published: Jan 24 2005 Relevant URL: http://www.securityfocus.com/bid/12338 Summary: An unspecified vulnerability affects unspecified Linux kernel device drivers. This issue is due to a failure of certain unspecified drivers to implement all the required virtual memory access flags. The potential impact of this issue is currently unknown, however it is likely that when successfully exploited it may give an attacker access to the virtual memory space of a device's I/O. Nokia Series 60 Embedded OS Automatic File Execution Vulnera... BugTraq ID: 12340 Remote: Yes Date Published: Jan 24 2005 Relevant URL: http://www.securityfocus.com/bid/12340 Summary: A vulnerability is reported to affect the Series 60 OS on Nokia devices. It is reported that executable files that have a modified file extension will execute immediately when downloaded. The vendor reports that the user is prompted if the downloaded file is a 'sis' package, but it is not known whether other file types execute automatically and without a prompt. This BID will be updated, as further information in regards to this vulnerability is made available. [ firmware ] OpenH323 select() Bitmap Remote Buffer Overflow Vulnerabilit... BugTraq ID: 12341 Remote: Yes Date Published: Jan 24 2005 Relevant URL: http://www.securityfocus.com/bid/12341 Summary: OpenH323 Gatekeeper is prone to a remote buffer overflow due to implementation of the select() system call. This issue could be exploited to cause a denial of service or potentially execute arbitrary code. ZHCon Unauthorized File Disclosure Vulnerability BugTraq ID: 12343 Remote: No Date Published: Jan 24 2005 Relevant URL: http://www.securityfocus.com/bid/12343 Summary: zhcon is reportedly affected by a vulnerability allowing reading of arbitrary files with escalated privileges. This could permit an unauthorized user to read arbitrary files owned by other users without authorization. Disclosure of sensitive information may lead to a system compromise, or aid in other attacks. This issue is reported to affect zhcon version 0.2.3; earlier versions may also be affected. [ affichage langues chinoises et d?riv?es ] Citadel/UX select() Bitmap Remote Buffer Overflow Vulnerabil... BugTraq ID: 12344 Remote: Yes Date Published: Jan 24 2005 Relevant URL: http://www.securityfocus.com/bid/12344 Summary: Citadel/UX is prone to a remote buffer overflow due to implementation of the select() system call. This issue could be exploited to cause a denial of service or potentially execute arbitrary code. This vulnerability is reported to affect Citadel/UX versions prior to 6.29. rinetd select() Bit-Array Remote Buffer Overflow Vulnerabili... BugTraq ID: 12345 Remote: Yes Date Published: Jan 24 2005 Relevant URL: http://www.securityfocus.com/bid/12345 Summary: rinetd is prone to a remote buffer overflow due to implementation of the 'select()' system call. This issue could be exploited to cause a denial of service or potentially execute arbitrary code. Jabber select() Bitmap Remote Buffer Overflow Vulnerability BugTraq ID: 12346 Remote: Yes Date Published: Jan 24 2005 Relevant URL: http://www.securityfocus.com/bid/12346 Summary: Jabber is prone to a remote buffer overflow due to implementation of the select() system call. This issue could be exploited to cause a denial of service or potentially execute arbitrary code. Blacklist Daemon BLD select() Bit-Array Remote Buffer Overfl... BugTraq ID: 12347 Remote: Yes Date Published: Jan 24 2005 Relevant URL: http://www.securityfocus.com/bid/12347 Summary: Blacklist Daemon BLD is prone to a remote buffer overflow due to implementation of the 'select()' system call. This issue could be exploited to cause a denial of service or potentially execute arbitrary code. Inferno Nettverk Dante select() Bitmap Remote Buffer Overflo... BugTraq ID: 12349 Remote: Yes Date Published: Jan 24 2005 Relevant URL: http://www.securityfocus.com/bid/12349 Summary: Dante is prone to a remote buffer overflow due to implementation of the select() system call. This issue could be exploited to cause a denial of service or potentially execute arbitrary code. [ socks implementation (BSD license) ] NEC Socks5 select() Bit-Array Remote Buffer Overflow Vulnera... BugTraq ID: 12350 Remote: Yes Date Published: Jan 24 2005 Relevant URL: http://www.securityfocus.com/bid/12350 Summary: NEC Socks5 is prone to a remote buffer overflow due to implementation of the 'select()' system call. This issue could be exploited to cause a denial of service or potentially execute arbitrary code. 3proxy select() Bitmap Remote Buffer Overflow Vulnerability BugTraq ID: 12351 Remote: Yes Date Published: Jan 24 2005 Relevant URL: http://www.securityfocus.com/bid/12351 Summary: 3proxy is prone to a remote buffer overflow due to implementation of the select() system call. This issue could be exploited to cause a denial of service or potentially execute arbitrary code. Novell Evolution Camel-Lock-Helper Application Remote Intege... BugTraq ID: 12354 Remote: Yes Date Published: Jan 24 2005 Relevant URL: http://www.securityfocus.com/bid/12354 Summary: The Evolution camel-lock-helper application is reported prone to an integer overflow vulnerability. The issue is reported to exist in the main() function of the 'camel-lock-helper.c' source file. A remote attacker may exploit this vulnerability to execute arbitrary code. VDR Daemon Unspecified Remote File Access Vulnerability BugTraq ID: 12356 Remote: Yes Date Published: Jan 25 2005 Relevant URL: http://www.securityfocus.com/bid/12356 Summary: An unspecified remote file access vulnerability affects the vdr daemon. The underlying issue that causes this vulnerability is likely a failure to abide by file access restrictions, although this is unconfirmed.This BID will be updated as more details are released. An attacker may leverage this issue to overwrite arbitrary files on an affected computer. This can lead to a superuser compromise of the affected computer, corruption of data, as well as other attacks. [ vdr-daemon ] libdbi-perl Unspecified Insecure Temporary File Creation Vul... BugTraq ID: 12360 Remote: No Date Published: Jan 25 2005 Relevant URL: http://www.securityfocus.com/bid/12360 Summary: libdbi-perl is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Debian has reported that this vulnerability affects libdbi-perl 1.21 running on Debian GNU/Linux 3.0 alias woody. It is possible that other versions are affected as well. ISC BIND Q_UseDNS Remote Buffer Overflow Vulnerability BugTraq ID: 12364 Remote: Yes Date Published: Jan 26 2005 Relevant URL: http://www.securityfocus.com/bid/12364 Summary: A remote buffer overflow vulnerability affects BIND. This issue is due to a failure of the application to properly validate the length of user-supplied input prior to copying it into static process buffers. An attacker may leverage this issue to trigger a denial of service condition. It should be noted that this issue may also facilitate code execution with the privileges of the affected utility, however this is not confirmed. [ BIND8 ] BIND Validator Self Checking Remote Denial Of Service Vulner... BugTraq ID: 12365 Remote: Yes Date Published: Jan 26 2005 Relevant URL: http://www.securityfocus.com/bid/12365 Summary: A remote denial of service vulnerability affects BIND. This issue is due to a failure of the application to handle exceptional network data. It should be noted that this issue requires that DNSSEC validation is enabled, which is not the case by default. A remote attacker may leverage this issue to cause the affected server to crash, denying service to legitimate users. [ BIND8 + DNSSEC ] Cisco IOS IPv6 Processing Remote Denial Of Service Vulnerabi... BugTraq ID: 12368 Remote: Yes Date Published: Jan 26 2005 Relevant URL: http://www.securityfocus.com/bid/12368 Summary: A remote denial of service vulnerability affects the IPv6 processing functionality of Cisco IOS. This issue is due to a failure of the affected operating system to properly handle specially crafted network data. It is possible for an attacker to produce a sustained denial of service condition against an affected device by continually sending the malicious network data. An attacker may leverage this issue to cause an affected device to reload, denying service to legitimate users. [ firmware ] Cisco IOS Multi Protocol Label Switching Remote Denial Of Se... BugTraq ID: 12369 Remote: Yes Date Published: Jan 26 2005 Relevant URL: http://www.securityfocus.com/bid/12369 Summary: Cisco IOS based routers that are configured with support for Multi Protocol Label Switching (MPLS) are reported prone to a remote denial of service vulnerability. It is reported that the vulnerability presents itself when an affected router handles an unspecified malicious packet on a MPLS disabled interface. A remote attacker that resides on the same network segment as the vulnerable router may exploit this vulnerability continuously to effectively deny network-based services to legitimate users. [ firmware ] Cisco IOS Border Gateway Protocol Processing Remote Denial O... BugTraq ID: 12370 Remote: Yes Date Published: Jan 26 2005 Relevant URL: http://www.securityfocus.com/bid/12370 Summary: A remote denial of service vulnerability affects the Border Gateway Protocol (BGP) processing functionality of Cisco IOS. This issue is due to a failure of the application to handle malformed network data. An attacker may leverage this issue to trigger a denial of service condition in the affected device. It is currently unknown whether the denial of service condition is persistent, although it is likely that it is. [ firmware ] Berlios GPSD Remote Format String Vulnerability BugTraq ID: 12371 Remote: Yes Date Published: Jan 26 2005 Relevant URL: http://www.securityfocus.com/bid/12371 Summary: Multiple instances of format string handling bugs are reported to exist in gpsd, but only one of these issues is reported to be an exploitable vulnerability. Ultimately this issue may be leveraged by a remote attacker to influence execution flow of the affected daemon and reliably execute arbitrary code. KDE Screensaver Lock Bypass Vulnerability BugTraq ID: 12373 Remote: No Date Published: Jan 26 2005 Relevant URL: http://www.securityfocus.com/bid/12373 Summary: Debian has reported that a vulnerability in the screensaver was discovered. According to the report, a malicious user with console access (i.e. physical) can cause the screensaver to crash. The feature will fail-open, allowing access to the desktop after it terminates. Debian PAM Radius Auth File Information Disclosure Vulnerabi... BugTraq ID: 12375 Remote: No Date Published: Jan 26 2005 Relevant URL: http://www.securityfocus.com/bid/12375 Summary: Debian Linux is reportedly affected by a local file information disclosure vulnerability. This issue is due to the application setting a PAM radius configuration file as world-readable during the installation of the affected package. This issue is specific to Debian Linux. X.org X Window Server Local Socket Hijacking Vulnerability BugTraq ID: 12376 Remote: No Date Published: Jan 26 2005 Relevant URL: http://www.securityfocus.com/bid/12376 Summary: A local socket hijacking vulnerability affects X.org X Windows Server. This issue is due to a failure of the application to securely create socket directories. An attacker may leverage this issue to hijack socket sessions, potentially facilitating arbitrary read and write access with the privileges of the user that started the vulnerable server. Xelerance Corporation Openswan XAUTH/PAM Remote Buffer Overf... BugTraq ID: 12377 Remote: Yes Date Published: Jan 26 2005 Relevant URL: http://www.securityfocus.com/bid/12377 Summary: A remote buffer overflow vulnerability reportedly affects Xelerance Corporation Openswan. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into finite process buffers. It should be noted that Openswan is only affected by this issue when it is compiled with XAUTH and PAM support, which is not the default configuration. An attacker may leverage this issue to execute arbitrary code with the privileges of the affected application; this may facilitate unauthorized access or privilege escalation. Juniper Networks JUNOS Unspecified Remote Denial Of Service ... BugTraq ID: 12379 Remote: Yes Date Published: Jan 27 2005 Relevant URL: http://www.securityfocus.com/bid/12379 Summary: Juniper Networks routers running JUNOS are reported prone to an unspecified remote denial of service vulnerability. It is reported that this vulnerability exists in all releases of Juniper JUNOS that were built prior to January 7th 2005. A remote attacker may exploit this vulnerability to effectively deny network-based services to legitimate users. This BID will be updated as soon as further information regarding this vulnerability is made public. [ firmware ] f2c Multiple Local Insecure Temporary File Creation Vulnerab... BugTraq ID: 12380 Remote: No Date Published: Jan 27 2005 Relevant URL: http://www.securityfocus.com/bid/12380 Summary: Multiple local insecure temporary file creation vulnerabilities affect f2c. These issues are due to a design error causing failure of the application to write to temporary files securely. An attacker may leverage these issues to corrupt arbitrary files with the privileges of an unsuspecting user that executes the affected applications. Ingate Firewall Persistent PPTP Tunnel Vulnerability BugTraq ID: 12383 Remote: Yes Date Published: Jan 27 2005 Relevant URL: http://www.securityfocus.com/bid/12383 Summary: Ingate Firewall does not remove PPTP tunnels created by a user that has been disabled by the firewall administrator. Even if the user has been disabled, any PPTP tunnels they have created will persist. [ firmware ] trn Local Buffer Overflow Vulnerability BugTraq ID: 12389 Remote: No Date Published: Jan 27 2005 Relevant URL: http://www.securityfocus.com/bid/12389 Summary: A local buffer overflow vulnerability reportedly affects trn. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into finite process buffers. An attacker may leverage this issue to execute arbitrary code with superuser privileges, facilitating privilege escalation. University Of Washington IMAP Server CRAM-MD5 Remote Authent... BugTraq ID: 12391 Remote: Yes Date Published: Jan 28 2005 Relevant URL: http://www.securityfocus.com/bid/12391 Summary: A remote authentication bypass vulnerability affects the CRAM-MD5 authentication functionality of the University of Washington IMAP server. This issue is due to a logic error that fails to properly validate authentication attempts. It should be noted that this issue only affects servers with CRAM-MD5 authentication enabled, which is not the case by default. A remote attacker may leverage this issue to authenticate to the affected server as any user. From schaefer at alphanet.ch Wed Feb 16 19:19:02 2005 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Wed Feb 16 19:19:02 2005 Subject: [gull-annonces] =?iso-8859-1?Q?R=E9sum?= =?iso-8859-1?Q?=E9?= SecurityFocus Newsletter #287 Message-ID: <20050216181550.GA6171@defian.alphanet.ch> NCPFS Multiple Remote Vulnerabilities BugTraq ID: 12400 Remote: Yes Date Published: Jan 31 2005 Relevant URL: http://www.securityfocus.com/bid/12400 Summary: Multiple remote vulnerabilities affect ncpfs. These issues are due to a failure to manage access privileges securely and a failure to validate the length of user-supplied strings prior to copying them into finite process buffers. The first issue is a remote buffer overflow vulnerability. The second issue is an access validation issue due to the setuid privileges of ncpfs utilities. An attacker may leverage these issues to execute arbitrary code with the privileges of the affected application and to access arbitrary files with the escalated privileges. Multiple Mozilla/Firefox/Thunderbird Vulnerabilities BugTraq ID: 12407 Remote: Yes Date Published: Jan 31 2005 Relevant URL: http://www.securityfocus.com/bid/12407 Summary: Mozilla, Firefox, and Thunderbird applications are reported prone to multiple vulnerabilities. The following specific issues are reported: Mozilla and Firefox browsers are reported prone to an access control bypass vulnerability. Although unconfirmed it is conjectured that this vulnerability may be exploited to disclose information pertaining to a target filesystem, for example determining whether a file exists or not. This vulnerability is reported to affect Mozilla Firefox versions prior to version 1.0 and Mozilla Suite versions prior to version 1.7.5. Mozilla and Firefox browsers are reported prone to a status bar misrepresentation vulnerability. A remote attacker may exploit this vulnerability to aid in phishing style attacks; for example, the attacker may leverage this vulnerability to make a malicious site appear authentic. This vulnerability is reported to affect Mozilla Firefox versions prior to version 1.0 and Mozilla Suite versions prior to version 1.7.5. Mozilla and Firefox browsers are reported prone to another status bar misrepresentation vulnerability. Using JavaScript to automate the process a remote attacker may exploit this vulnerability to aid in phishing style attacks, for example, the attacker may leverage this vulnerability to make a malicious site appear authentic. This vulnerability is reported to affect Mozilla Firefox versions prior to version 1.0 and Mozilla Suite versions prior to version 1.7.5. Mozilla and Firefox browsers provide functionality (Alt-Click) to download files that are linked by URI's to the default download location without requiring a user prompt. Reports indicate that a malicious site may exploit this functionality to download a file to the default downloads location without user interaction. This vulnerability is reported to affect Mozilla Firefox versions prior to version 1.0. Mozilla and Firefox browsers are reported prone to a clipboard information disclosure vulnerability. A remote attacker may exploit this vulnerability to steal clipboard contents, this may reveal potentially sensitive information to a remote attacker. This vulnerability is reported to affect Mozilla Firefox versions prior to version 1.0 and Mozilla Suite versions prior to version 1.7.5. Mozilla and Firefox browsers are reported prone to an information disclosure vulnerability. A remote malicious server may invoke a request against a vulnerable browser and the browser will respond with proxy authentication credentials. This vulnerability is reported to affect Mozilla Firefox versions prior to version 1.0 and Mozilla Suite versions prior to version 1.7.5. It is reported that Mozilla Thunderbird erroneously responds to cookie requests that are contained in HTML based email. It is reported that this vulnerability may be exploited by a remote attacker to track emails to victim users. This vulnerability is reported to affect Thunderbird versions 0.6 to 0.9 and Mozilla Suite 1.7 to 1.7.3. Mozilla Firefox is reported prone to a local code execution vulnerability. The vulnerability exists in Livefeed bookmark functionality. It is reported that if for example 'about:config' was displayed when the Livefeed is updated then arbitrary code execution may occur on the affected computer. This vulnerability is reported to affect Mozilla Firefox versions prior to version 1.0. It is reported that Mozilla Thunderbird does not correctly handle 'javascript:' URI links. The affected application employs the default handler for 'javascript:' URIs that is registered on the host operating system. This is incorrect behavior and may result in exposure to latent vulnerabilities due to a false sense of security. This vulnerability is reported to affect Mozilla Thunderbird versions prior to version 0.9. This BID will be separated into individual BIDs as soon as further research into each of the vulnerabilities is completed. Clam Anti-Virus ClamAV ZIP File Parsing Remote Denial Of Ser... BugTraq ID: 12408 Remote: Yes Date Published: Jan 31 2005 Relevant URL: http://www.securityfocus.com/bid/12408 Summary: A remote denial of service vulnerability affects ClamAV. This issue is due to a failure of the application to properly handle malicious file content. An attacker may leverage this issue to crash the Clam Anti-Virus daemon, potentially leaving an affected computer open to infection by malicious code. PostgreSQL LOAD Extension Local Privilege Escalation Vulnera... BugTraq ID: 12411 Remote: No Date Published: Feb 01 2005 Relevant URL: http://www.securityfocus.com/bid/12411 Summary: A local privilege escalation vulnerability affects PostgreSQL. This issue is due to a failure of the application to restrict critical functionality to privileged users. An attacker may leverage this issue to execute arbitrary code with the privileges of the affected database, potentially facilitating privilege escalation. Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnera... BugTraq ID: 12412 Remote: Yes Date Published: Feb 01 2005 Relevant URL: http://www.securityfocus.com/bid/12412 Summary: A remote unspecified vulnerability reportedly affects Squid Proxy. This issue is due to a failure of the application to properly handle malformed HTTP headers. The impact of this issue is currently unknown. This BID will be updated when more information becomes available. Newsfetch sscanf() Remote Buffer Overflow Vulnerability BugTraq ID: 12414 Remote: Yes Date Published: Feb 01 2005 Relevant URL: http://www.securityfocus.com/bid/12414 Summary: Newsfetch makes several insecure sscanf(3) calls that could potentially result in a buffer overflow. This is a result of insufficient bounds checking when sscanf stores data in an internal buffer. PostgreSQL Multiple Remote Vulnerabilities BugTraq ID: 12417 Remote: Yes Date Published: Feb 01 2005 Relevant URL: http://www.securityfocus.com/bid/12417 Summary: Multiple remote vulnerabilities affect PostgreSQL. These issues are due to design errors, buffer mismanagement errors, and issues that are currently unspecified. The first issue is a failure of the application to ensure function permissions are enforced. The second issue is a buffer overflow triggered when cursor declaration occurs. The final vulnerability is an unspecified security issue that exists in 'contrib/intagg'. The information currently available is not sufficient to provide a more in-depth technical description. This BID will be updated with the release of further details. An attacker may leverage these issues to execute arbitrary code with the privileges of the vulnerable database process and to execute functions without requiring permission. Other attacks are also possible. Newspost Remote Buffer Overflow Vulnerability BugTraq ID: 12418 Remote: Yes Date Published: Feb 01 2005 Relevant URL: http://www.securityfocus.com/bid/12418 Summary: Newspost is prone to a remote buffer overflow vulnerability due to an unbounded memory copy operation. The problem occurs in the 'socket_getline()' function of 'socket.c' when the vulnerable client handles NNTP server responses. Successful exploitation of this issue could potentially lead to arbitrary code execution. This issue was reported to affect Newspost 2.1.1 and prior, however, other versions may be vulnerable. Cisco IP/VC Videoconferencing System SNMP Remote Default Com... BugTraq ID: 12424 Remote: Yes Date Published: Feb 02 2005 Relevant URL: http://www.securityfocus.com/bid/12424 Summary: A default community string vulnerability affects Cisco IP/VC Videoconferencing System devices. This issue is due to a design flaw where hard-coded community strings are stored on the device. This issue may be leveraged to gain unauthorized administrator access to affected devices. This would allow an attacker to create new services, terminate or affect existing sessions, and redirect traffic to a different destination, among other attacks. [ firmware ] Perl suidperl Multiple Local Vulnerabilities BugTraq ID: 12426 Remote: No Date Published: Feb 02 2005 Relevant URL: http://www.securityfocus.com/bid/12426 Summary: suidperl is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that the 'PERLIO_DEBUG' SuidPerl environment variable may be employed to corrupt arbitrary files. A local unprivileged attacker may exploit this vulnerability to corrupt arbitrary files with superuser privileges. This may ultimately lead to a denial of service for legitimate users or privilege escalation. suidperl is reported prone to a local buffer overflow vulnerability as well. This buffer overflow vulnerability may be exploited by a local attacker to gain superuser privileges. This issue is also exploited through the 'PERLIO_DEBUG' variable. Newsgrab Multiple Local And Remote Vulnerabilities BugTraq ID: 12428 Remote: Yes Date Published: Feb 02 2005 Relevant URL: http://www.securityfocus.com/bid/12428 Summary: Newsgrab is reported prone to multiple vulnerabilities. The following individual issues are reported: Newsgrab is reported prone to a directory traversal vulnerability. This vulnerability exists because the software does not sufficiently sanitize directory traversal sequences from filenames before the filename is employed to store the file onto disk. A remote attacker may exploit this vulnerability by supplying a malicious file to a target victim. This vulnerability has been assigned the CVE identifier CAN-2005-0153. Newsgrab is reported prone to an unspecified insecure permissions vulnerability. A local attacker may exploit this vulnerability to disclose potentially sensitive information that is contained in files that were downloaded using newsgrab. This vulnerability has been assigned the CVE identifier CAN-2005-0154. Squid Proxy squid_ldap_auth Authentication Bypass Vulnerabil... BugTraq ID: 12431 Remote: Yes Date Published: Feb 02 2005 Relevant URL: http://www.securityfocus.com/bid/12431 Summary: Squid Proxy is reported prone to an authentication bypass vulnerability. This issue seems to result of insufficient input validation. It is reported that the 'squid_ldap_auth' module is affected by this issue. A remote attacker may gain unauthorized access or gain elevated privileges from bypassing access controls. Squid versions 2.5 and earlier are reported prone to this vulnerability. Squid Proxy WCCP recvfrom() Buffer Overflow Vulnerability BugTraq ID: 12432 Remote: Yes Date Published: Feb 02 2005 Relevant URL: http://www.securityfocus.com/bid/12432 Summary: The Squid proxy server is vulnerable to a remotely exploitable buffer overflow vulnerability. The vulnerability is in its implementation of WCCP (web cache communication protocol), a UDP based web cache management protocol. The condition is triggered when it reads a packet from the network that is larger than the size of the buffer allocated to store it. This can occur because recvfrom() is passed an incorrect value for its "len" argument. Squid Proxy Malformed HTTP Header Parsing Cache Poisoning Vu... BugTraq ID: 12433 Remote: Yes Date Published: Feb 02 2005 Relevant URL: http://www.securityfocus.com/bid/12433 Summary: Squid Proxy is reported prone to a cache poisoning vulnerability when processing malformed HTTP requests and responses. This issue results from insufficient sanitzation of user-supplied data. Squid versions 2.5 and earlier are reported prone to this issue. D-BUS Session Bus Local Privilege Escalation Vulnerability BugTraq ID: 12435 Remote: No Date Published: Feb 03 2005 Relevant URL: http://www.securityfocus.com/bid/12435 Summary: A local privilege escalation vulnerability affects D-BUS. This issue is due to a failure of the application to properly secure message bus sessions. An attacker may leverage this issue to send messages to the message bus of an unsuspecting user. This may facilitate command execution with the privileges of the unsuspecting user, ultimately leading to privilege escalation. Python SimpleXMLRPCServer Library Module Unauthorized Access... BugTraq ID: 12437 Remote: Yes Date Published: Feb 03 2005 Relevant URL: http://www.securityfocus.com/bid/12437 Summary: A remote unauthorized access vulnerability affects Python. This issue is due to a failure of the API to properly secure access to sensitive internal data or functionality of registered objects and modules. A remote attacker may leverage this issue to gain unauthorized access to an affected computer. Other attacks are also possible. Linux Kernel IPV6_Setsockopt IPV6_PKTOPTIONS Integer Overflo... BugTraq ID: 12441 Remote: No Date Published: Feb 03 2005 Relevant URL: http://www.securityfocus.com/bid/12441 Summary: An integer overflow vulnerability is reported in the Linux kernel 'ipv6_setsockopt()' system call. This issue is related to the code for handling the IPV6_PKTOPTIONS socket option, which is used to provide the kernel with IPv6 options for a designation socket. This issue may be exploited by a local user to compromise the system. Exploitation could also result in a denial of service. It should be noted that this type of vulnerability might provide a generic means of privilege escalation across Linux distributions once a remote attacker has gained unauthorized access as a lower privileged user. **Update: Conflicting reports suggest that this issue is not in fact a vulnerability. It is reported that the 'optlen' value is sanitized in 'linux/net/socket.c' before reaching the code that is reported vulnerable. ht://Dig Unspecified Cross-Site Scripting Vulnerability BugTraq ID: 12442 Remote: Yes Date Published: Feb 03 2005 Relevant URL: http://www.securityfocus.com/bid/12442 Summary: ht://Dig is reported prone to an unspecified cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI data prior to including it in dynamically generated Web page content. All versions of ht://Dig are considered vulnerable at the moment. This BID will be updated when more information becomes available. Linksys PSUS4 PrintServer Malformed HTTP POST Request Denial... BugTraq ID: 12443 Remote: Yes Date Published: Feb 03 2005 Relevant URL: http://www.securityfocus.com/bid/12443 Summary: Linksys PSUS4 PrintServer is reported prone to a remote denial of service vulnerability while handling certain HTTP POST requests received on TCP port 80. An attacker may exploit this condition to deny service to the affected PrintServer. [ firmware ] Postfix IPv6 Unauthorized Mail Relay Vulnerability BugTraq ID: 12445 Remote: Yes Date Published: Feb 04 2005 Relevant URL: http://www.securityfocus.com/bid/12445 Summary: Postfix is prone to a vulnerability that allows the application to be abused as a mail relay. Arbitrary mail may be sent to any MX host with an IPv6 address. This could be exploited by spammers or other malicious parties. Postfix 2.1.3 is reported prone to this issue. It is possible that other versions are affected as well. PowerDNS Unspecified Remote Denial of Service Vulnerability BugTraq ID: 12446 Remote: Yes Date Published: Feb 04 2005 Relevant URL: http://www.securityfocus.com/bid/12446 Summary: PowerDNS is reported prone to an unspecified remote denial of service vulnerability. It is conjectured that this issue likely results from the failure of the application to handle exceptional conditions. PowerDNS versions prior to 2.9.17 are reported vulnerable to this issue. Netgear DG834 ADSL Firewall Router Insecure Configuration Vu... BugTraq ID: 12447 Remote: Yes Date Published: Feb 04 2005 Relevant URL: http://www.securityfocus.com/bid/12447 Summary: The Netgear DG834 ADSL Firewall Router is reported prone to a firewall insecure configuration vulnerability. It is reported that when the affected appliance is configured so that NAT (Network Address Translation) is disabled the firewall becomes ineffective. This vulnerability will result in a false sense of security where a user may believe that their network and appliance is protected when it is not. [ firmware ] From schaefer at alphanet.ch Sat Feb 26 17:57:03 2005 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Sat Feb 26 17:57:03 2005 Subject: [gull-annonces] =?iso-8859-1?Q?R=E9sum?= =?iso-8859-1?Q?=E9?= SecurityFocus Newsletter #288 Message-ID: <20050226163226.GA788@defian.alphanet.ch> WWWBoard Password Database Disclosure Vulnerability BugTraq ID: 12453 Remote: Yes Date Published: Feb 05 2005 Relevant URL: http://www.securityfocus.com/bid/12453 Summary: WWWBoard does not sufficiently secure the password database file. This issue is due to lack of access controls to prevent remote users from requesting the database file. It is possible for remote attackers to request the database file and gain access to sensitive information such as encrypted administrative credentials for WWWBoard. Mike Neuman OSH Command Line Argument Buffer Overflow Vulner... BugTraq ID: 12455 Remote: No Date Published: Feb 05 2005 Relevant URL: http://www.securityfocus.com/bid/12455 Summary: A buffer overflow vulnerability is reported for osh when processing superfluous command line arguments. The problem likely occurs due to insufficient bounds checking when copying command line argument data into an internal memory buffer. This buffer overflow may be exploited to execute arbitrary code with superuser privileges. Linux Kernel ntfs_warning() and ntfs_error() Local Denial of... BugTraq ID: 12460 Remote: No Date Published: Feb 07 2005 Relevant URL: http://www.securityfocus.com/bid/12460 Summary: Linux Kernel is reported prone to a local denial of service vulnerability. It is reported that this vulnerability exists in the 'ntfs_warning()' and 'ntfs_error()' functions when compiled without debug. Further details are not currently available. This BID will be updated when more information becomes available. Linux Kernel 2.6.11-rc2 is reported vulnerable to this issue. All 2.6 versions are likely vulnerable as well. Multiple Web Browser International Domain Name Handling Site... BugTraq ID: 12461 Remote: Yes Date Published: Feb 07 2005 Relevant URL: http://www.securityfocus.com/bid/12461 Summary: Multiple Web browsers are reported prone to vulnerabilities that surround the handling of International Domain Names. The vulnerabilities exist due to inconsistencies in how International Domain Names are processed. Reports indicate that this inconsistency can be leveraged to spoof address bar, status-bar, and SSL certificate values. These vulnerabilities may be exploited by a remote attacker to aid in phishing style attacks. This may result in the voluntary disclosure of sensitive information to a malicious website due to a false sense of trust. Although these vulnerabilities are reported to affect Web browsers, mail clients that depend on the Web browser to generate HTML code may also be affected. [ le probl?me est p.ex. que blabla.ch peut ?tre ?crit blabla.ch, avec le a ayant la m?me t?te que le a usuel mais cod? diff?remment via un jeu UNICODE ?trange. Son codage DNS (punycode) xn-- sera donc diff?rent. Ce domaine peut avoir ?t? certifi? ind?pendamment et ne cr?era donc pas de mise en garde par le client WWW. Work-around: supprimer le support international. SOLUTION REELLE ? toute cette classe de probl?mes: consulter les informations du certificat, v?rifier le nom de l'organisme ? qui le certificat a ?t? v?rifi? *et v?rifier l'empreinte du certificat* par un autre moyen: r?seau de confiance, t?l?phone, courrier, etc. ] Emacs Movemail POP3 Remote Format String Vulnerability BugTraq ID: 12462 Remote: Yes Date Published: Feb 07 2005 Relevant URL: http://www.securityfocus.com/bid/12462 Summary: The movemail utility of Emacs is reported prone to a remote format string vulnerability. This issue arises because the application fails to sanitize user-supplied data prior to passing it as the format specifier to a formatted printing function. A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution. Any code execution would take place with setgid mail privileges. 3Com 3CServer Multiple Remote Buffer Overflow Vulnerabilitie... BugTraq ID: 12463 Remote: Yes Date Published: Feb 07 2005 Relevant URL: http://www.securityfocus.com/bid/12463 Summary: Multiple remote buffer overflow vulnerabilities affect 3Com 3CServer. These issues are due to a failure of the application to securely copy user-supplied input into process buffers. An attacker may leverage this issue to execute arbitrary code on an affected computer with SYSTEM privileges. This may facilitate unauthorized access or privilege escalation. [ firmware ] Mozilla Mozilla/Firefox Cross-Domain Tab Window Script Execu... BugTraq ID: 12465 Remote: Yes Date Published: Feb 07 2005 Relevant URL: http://www.securityfocus.com/bid/12465 Summary: Mozilla Mozilla/Firefox are reported prone to a cross-domain script execution vulnerability. The issue is reported to exist because the browsers fail to prevent JavaScript that originates from one tab from accessing properties of a site contained in another tab. Typically, the Javascript security manager prevents a 'javascript:' URI from one domain to be opened in the context of a site from another window, however tabbed browsing can be used to bypass this security restriction. This issue is reported to affect Firefox 1.0, however, it is possible that other versions are affected as well. Mozilla 1.7.5 was also reported vulnerable. Mozilla Firefox About Configuration Hidden Frame Remote Conf... BugTraq ID: 12466 Remote: Yes Date Published: Feb 07 2005 Relevant URL: http://www.securityfocus.com/bid/12466 Summary: A remote configuration manipulation vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to properly secure sensitive configuration scripts from being activated by remote attackers. An attacker may leverage this issue to alter an unsuspecting user's configuration settings; this may lead to a false sense of security as sensitive settings may be manipulated without the user's knowledge. Mozilla Firefox Drag And Drop Security Policy Bypass Vulnera... BugTraq ID: 12468 Remote: Yes Date Published: Feb 07 2005 Relevant URL: http://www.securityfocus.com/bid/12468 Summary: Mozilla Firefox is reported prone to a security vulnerability that could allow a malicious website to bypass drag-and-drop functionality security policies. It is demonstrated that it is possible to exploit this vulnerability with an image that renders correctly in the Firefox browser but that, when dragged and dropped onto the local file system, will be saved with a '.bat' file extension. Because the batch file interpreter on Microsoft Windows is particularly lenient when it comes to syntax, batch commands appended to the image file will be executed if the image that was dragged and dropped is invoked. Update: Netscape 7.2 is reported vulnerable to this issue as well. It is possible that other versions may also be affected. Multiple Mozilla Browser enable.IDN Setting Weakness BugTraq ID: 12470 Remote: Yes Date Published: Feb 07 2005 Relevant URL: http://www.securityfocus.com/bid/12470 Summary: Mozilla, Firefox, and Camino browsers contain a weakness in certain configuration settings. When the International Domain Name (IDN) setting is disabled in the Web browser, the setting is not retained after the browser is closed and started again. The browser configuration will still show the setting as being disabled. This weakness could lead to a false sense of security if it is used as a workaround for BID 12461. PerlDesk SQL Injection Vulnerability BugTraq ID: 12471 Remote: Yes Date Published: Feb 07 2005 Relevant URL: http://www.securityfocus.com/bid/12471 Summary: PerlDesk is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation. Frox Access Control List Bypass Vulnerability BugTraq ID: 12493 Remote: Yes Date Published: Feb 08 2005 Relevant URL: http://www.securityfocus.com/bid/12493 Summary: It is reported that an ACL bypass vulnerability exists in frox because frox fails to parse 'Deny' ACL entries correctly. This may lead to a false sense of security because ftp clients may use the frox proxy to access services that a network administrator intended to block. This vulnerability is reported to exist in frox versions 0.7.16 and 0.7.17. [ proxy FTP ] Ulrik Petersen Emdros Database Engine MQL Parsing Denial Of ... BugTraq ID: 12498 Remote: Yes Date Published: Feb 09 2005 Relevant URL: http://www.securityfocus.com/bid/12498 Summary: A denial of service vulnerability affects Emdros. This issue is due to a failure of the application to properly manage memory. Apparently this issue is distinct from that reported in BID 11143 (Ulrik Petersen Emdros Database Engine Denial Of Service Vulnerability). It should also be noted that if the affected application is run as a daemon, a remote attacker could exploit this issue. An attacker may leverage this issue to cause the affected application to crash, denying service to legitimate users. [ text database engine for annotated or analyzed text ] XView Multiple Unspecified Local Buffer Overflow Vulnerabili... BugTraq ID: 12500 Remote: No Date Published: Feb 09 2005 Relevant URL: http://www.securityfocus.com/bid/12500 Summary: It is reported that a number of unspecified buffer overflow vulnerabilities exist in the xview library. These issues could allow a local user to execute arbitrary code via linked executables that are installed with setuid privileges. Debian has identified these issues in xview-3.2p1.4. Other versions affecting various platforms may be vulnerable as well. GNU Mailman Remote Directory Traversal Vulnerability BugTraq ID: 12504 Remote: Yes Date Published: Feb 09 2005 Relevant URL: http://www.securityfocus.com/bid/12504 Summary: Mailman, when hosted on a web server that does not strip extra slashes from URLs (i.e. Apache 1.3.x), is reported prone to a remote directory traversal vulnerability. The remote attacker may exploit this vulnerability to disclose the contents of web server readable files. Symantec has received reports of the username and password databases of public mailing lists being compromised through the exploitation of this vulnerability. Information that is harvested by leveraging this vulnerability may be used to aid in further attacks against a target computer or victim user. Conexant AccessRunner DSL Console Default Backdoor Account V... BugTraq ID: 12507 Remote: Yes Date Published: Feb 09 2005 Relevant URL: http://www.securityfocus.com/bid/12507 Summary: It has been reported that Conexant AccessRunner DSL Console software has built-in administrative access that cannot be disabled. This vulnerability reportedly allows remote attackers to reset the router to default settings, denying legitimate users network access. Other attacks are also likely possible. It is unknown at this time if remote attackers can access the administrative interface via the WAN interface of affected devices. Mentor MR4C/UK devices are reported susceptible to this vulnerability. Due to code reuse across products, it is likely that other devices are also affected. [ firmware ] Yongguang Zhang hztty Local Arbitrary Command Execution Vuln... BugTraq ID: 12518 Remote: No Date Published: Feb 10 2005 Relevant URL: http://www.securityfocus.com/bid/12518 Summary: A local, arbitrary command execution vulnerability affects Yongguang Zhang hztty. The underlying cause of this issue is currently unknown. This BID will be updated as more information is released. An attacker may leverage this issue to execute arbitrary commands with the privileges of the 'utmp' group, potentially facilitating privilege escalation. Apache mod_python Module Publisher Handler Information Discl... BugTraq ID: 12519 Remote: Yes Date Published: Feb 10 2005 Relevant URL: http://www.securityfocus.com/bid/12519 Summary: The mod_python module publisher handler is prone to a remote information disclosure vulnerability. This issue may allow remote unauthorized attackers to gain access to sensitive objects. Information disclosed through the exploitation of this issue may aid in launching further attacks against an affected server. All versions of mod_python are considered vulnerable at the moment. xpcd Local Buffer Overflow Vulnerability BugTraq ID: 12523 Remote: No Date Published: Feb 11 2005 Relevant URL: http://www.securityfocus.com/bid/12523 Summary: A local buffer overflow vulnerability affects xpcd pcdsvgaview. This issue is due to a failure of the application to securely copy user-supplied input into finite process buffers. An attacker may leverage this issue to execute arbitrary code with superuser privileges. Netkit rwho Packet Size Denial Of Service Vulnerability BugTraq ID: 12524 Remote: Yes Date Published: Feb 11 2005 Relevant URL: http://www.securityfocus.com/bid/12524 Summary: The Netkit rwho daemon is prone to a denial of service vulnerability. This condition occurs when the server processes packets with malformed sizes. The vulnerability is only reported to affect the software running on little endian platforms. It is not known if this condition is due to a boundary condition error or if it may further be leveraged to execute arbitrary code. KDE Library dcopidling Insecure Temporary File Creation Vuln... BugTraq ID: 12525 Remote: No Date Published: Feb 11 2005 Relevant URL: http://www.securityfocus.com/bid/12525 Summary: A local insecure file creation vulnerability affects KDE Library 'dcopidling'. This issue is due to a failure of the application to validate the existence of a file prior to writing to it. An attacker may leverage this issue to corrupt arbitrary files with the privileges of a user that activates an application that implements the affected script. OpenPGP Cipher Feedback Mode Chosen-Ciphertext Partial Plain... BugTraq ID: 12529 Remote: Yes Date Published: Feb 11 2005 Relevant URL: http://www.securityfocus.com/bid/12529 Summary: OpenPGP is reported prone to a vulnerability that may theoretically allow attackers to retrieve partial plaintexts from encrypted OpenPGP messages. It is reported that a proof of concept chosen-ciphertext attack method has been developed that exploits a flaw in OpenPGP to retrieve partial plaintexts from OpenPGP messages encrypted with symmetric encryption. Apparently when messages are encrypted with the CFB mode, a design flaw in an integrity check feature can be exploited. The attack is also limited in the amount of information that can be disclosed from an encrypted message. Apparently, only partial disclosure of a message is possible. The OpenPGP standard is reported vulnerable to this issue. It is not known whether PGP or GNU Privacy Guard or other implementations are vulnerable. This BID will be updated when more information becomes available. Gentoo Portage-Built Webmin Binary Package Build Host Root P... BugTraq ID: 12532 Remote: Yes Date Published: Feb 11 2005 Relevant URL: http://www.securityfocus.com/bid/12532 Summary: It is reported that the Gentoo Portage-built Webmin binary package discloses the build host's root password to remote users. Any users who build the affected Webmin binary and share it with other users are at a risk of compromise. Gentoo app-admin/webmin packages prior to 1.170-r3 are vulnerable to this issue. From schaefer at alphanet.ch Sat Feb 26 17:57:14 2005 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Sat Feb 26 17:57:14 2005 Subject: [gull-annonces] =?iso-8859-1?Q?R=E9sum?= =?iso-8859-1?Q?=E9?= SecurityFocus Newsletter #289 Message-ID: <20050226165227.GA1088@defian.alphanet.ch> Firefox Remote SMB Document Local File Disclosure Vulnerabil... BugTraq ID: 12533 Remote: Yes Date Published: Feb 12 2005 Relevant URL: http://www.securityfocus.com/bid/12533 Summary: A vulnerability has been published that may allow for attackers to read the contents of attacker-specified files on the client users filesystem. To exploit this vulnerability, the attacker must place a HTML document containing code (the example uses XMLHttpRequest) to read the target file on a remote SMB share. The attacker must then create flash content that will load the remote document via file:// URI. It is likely that only Firefox on Windows systems is affected. This vulnerability may be related to BID 12466. gFTP Remote Directory Traversal Vulnerability BugTraq ID: 12539 Remote: Yes Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12539 Summary: A remote directory traversal vulnerability reportedly affects gFTP. This issue is due to a failure of the application to sanitize input supplied by malicious FTP server. An attacker may leverage this issue to overwrite or create arbitrary files on an affected computer with the privileges of an unsuspecting user running the vulnerable application. This may lead to a compromise of the affected computer, denial of service attacks, as well as others. Debian Toolchain-Source Multiple Insecure Temporary File Cre... BugTraq ID: 12540 Remote: No Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12540 Summary: toolchain-source is reportedly affected by multiple local insecure temporary file creation vulnerabilities. These issues are likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. These issues affect some Debian-specific scripts supplied with the package. Debian toolchain-source versions prior to 3.0.4-1woody1 are reported vulnerable to these issues. AWStats Plugin Multiple Remote Command Execution Vulnerabili... BugTraq ID: 12543 Remote: Yes Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12543 Summary: Multiple remote command execution vulnerabilities reportedly affect AWStats. These issues are due to an input validation error that allows a remote attacker to specify commands to be executed in the context of the affected application. The first problem presents itself due to the potential of malicious use of the 'loadplugin' and 'pluginmode' parameters of the 'awstats.pl' script. The second issue arises from an insecure implementation of the 'loadplugin' parameter functionality. An attacker may leverage these issues to execute arbitrary commands with the privileges of the affected web server running the vulnerable scripts. This may facilitate unauthorized access to the affected computer, as well as other attacks. Multiple sources have reported that AWStats 6.3 and subsequent versions are not vulnerable to these issues. AWStats Debug Remote Information Disclosure Vulnerability BugTraq ID: 12545 Remote: Yes Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12545 Summary: A remote information disclosure vulnerability reportedly affects AWStats. This issue is due to a failure of the application to properly validate access to sensitive data. An attacker may leverage this issue to gain access to potentially sensitive data, possibly facilitating further attacks against an affected computer. Synaesthesia Local File Disclosure Vulnerability BugTraq ID: 12546 Remote: No Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12546 Summary: A local file disclosure vulnerability affects Synaesthesia. This issue is due to a failure of the application to securely access files. An attacker may leverage this issue to read arbitrary files on an affected computer. Information gained in this way may lead to further attacks. Open WebMail logindomain Parameter Cross-Site Scripting Vuln... BugTraq ID: 12547 Remote: Yes Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12547 Summary: Open WebMail is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. The problem presents itself when malicious HTML and script code is sent to the application through the 'logindomain' parameter. This vulnerability has been reported to exist in Open WebMail versions 2.50 20050212 and prior. Squid Proxy DNS Name Resolver Remote Denial Of Service Vulne... BugTraq ID: 12551 Remote: Yes Date Published: Feb 14 2005 Relevant URL: http://www.securityfocus.com/bid/12551 Summary: A remote denial of service vulnerability is reported to exist in Squid. The issue is reported to present itself when the affected server performs a Fully Qualify Domain Name (FQDN) lookup and receives an unexpected response. The vendor reports that under the above circumstances the affected service will crash due to an assertion error, effectively denying service to legitimate users. Linux Kernel Multiple Local Buffer Overflow And Memory Discl... BugTraq ID: 12555 Remote: No Date Published: Feb 15 2005 Relevant URL: http://www.securityfocus.com/bid/12555 Summary: Multiple local buffer overflow and memory disclosure vulnerabilities affect the Linux kernel. These issues are due to a failure to securely copy user-controlled data, a race condition error, and a failure to secure memory written by the kernel. The first issue is a buffer overflow vulnerability in the procfs functionality. The second issue is a kernel memory disclosure vulnerability. The third issue is a race condition error in the Radeon driver that leads to a potential buffer overflow condition. The fourth issue is a buffer overflow vulnerability in the i2c-viapro driver. A local attacker may leverage these issues to execute arbitrary code, potentially facilitating privilege escalation, and to disclose sensitive kernel memory. lighttpd Remote CGI Script Disclosure Vulnerability BugTraq ID: 12567 Remote: Yes Date Published: Feb 15 2005 Relevant URL: http://www.securityfocus.com/bid/12567 Summary: lighttpd is reported prone to an information disclosure vulnerability. Reports indicate that a NULL sequence appended to the filename of a CGI or FastCGI script will result in the script contents being served to the requestor. Information that is harvested by exploiting this vulnerability may be used to aid in further attacks launched against the target computer. This vulnerability is reported to affect lighttpd 1.3.7 and previous versions. typespeed Local Format String Vulnerability BugTraq ID: 12569 Remote: No Date Published: Feb 16 2005 Relevant URL: http://www.securityfocus.com/bid/12569 Summary: typespeed is prone to a local format string vulnerability. Successful could allow privilege escalation. KDE KStars fliccd Utility Multiple Buffer Overflow Vulnerabi... BugTraq ID: 12570 Remote: Yes Date Published: Feb 16 2005 Relevant URL: http://www.securityfocus.com/bid/12570 Summary: Multiple buffer overflow vulnerabilities affect KDE KStars fliccd. These issues are due to a failure of the utility to securely copy user-supplied data into process memory. An attacker may leverage these issues to gain escalated privileges locally and, if the affected utility is run as a daemon, may facilitate remote code execution with superuser privileges. AWStats Logfile Parameter Remote Command Execution Vulnerabi... BugTraq ID: 12572 Remote: Yes Date Published: Feb 16 2005 Relevant URL: http://www.securityfocus.com/bid/12572 Summary: AWStats is reported prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. Specifically, the user-specified 'logfile' URI parameter is supplied to the Perl open() routine. It is beleived that this issue is distinct from BID 10950 (AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability). AWStats versions 5.4 to 6.1 are reported vulnerable to this issue. Advanced Linux Sound Architecture libasound.so Stack-Memory ... BugTraq ID: 12575 Remote: No Date Published: Feb 16 2005 Relevant URL: http://www.securityfocus.com/bid/12575 Summary: A security weakness is reported to affect the Advanced Linux Sound Architecture (ALSA) 'libasound.so' module; specifically the issue is reported to be present in the ALSA mixer code. It is reported that the weakness can be leveraged to disable stack-based memory code execution protection on binaries that are linked to the library. SHA-0/SHA-1 Reduced Operation Digest Collision Weakness BugTraq ID: 12577 Remote: Unknown Date Published: Feb 15 2005 Relevant URL: http://www.securityfocus.com/bid/12577 Summary: Researchers Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu have allegedly devised attacks that will reduce the number of operations required to compute an input that generates a collision in SHA-0/SHA-1 digests. This weakness may threaten the integrity of digital signatures that are generated using these algorithms, as it may be possible to create identical signatures using different input data. The research paper describing these attacks is not publicly available at this time, and the results have not been vetted by others in the field. This BID will be updated as more information is made available. NewsBruiser Comment System Security Restrictions Bypass Vuln... BugTraq ID: 12579 Remote: Yes Date Published: Feb 17 2005 Relevant URL: http://www.securityfocus.com/bid/12579 Summary: NewsBruiser is reported prone to a security restriction bypass vulnerability. A remote attacker may delete or approve comments on a site adversely affecting the availability or integrity of data. NewsBruiser 2.6.0 and prior versions are affected by this issue. OpenLDAP SlapD Multiple Remote Unspecified Denial Of Service... BugTraq ID: 12584 Remote: Yes Date Published: Feb 16 2005 Relevant URL: http://www.securityfocus.com/bid/12584 Summary: OpenLDAP is reported prone to multiple unspecified remotely exploitable denial of service vulnerabilities. The vulnerabilities are reported to exist in the 'slapd' daemon. A remote attacker may exploit these vulnerabilities to deny LDAP service for legitimate users. This BID will be updated as soon as further information regarding these issues is made available. glFTPD ZIP Plugins Multiple Directory Traversal Vulnerabilit... BugTraq ID: 12586 Remote: Yes Date Published: Feb 18 2005 Relevant URL: http://www.securityfocus.com/bid/12586 Summary: It is reported that various ZIP related plugins supplied with the server contain multiple directory traversal vulnerabilities. These issues may allow remote attackers to determine the existence of files on a computer and also disclose arbitrary files. The issues arise due to insufficient sanitization of user-supplied data. By determining the presence of files in restricted directories and outside the server's root in addition to disclosing the contents of arbitrary files, the attacker can launch various attacks against a vulnerable computer. If an attack results in the disclosure of a password file, these issues may ultimately lead to unauthorized access to the affected computer in the context of the server. The affected plugins are shipped with the FTP server by default. glFTPD 1.26 to 2.00 are reported vulnerable. GProFTPD GProstats Remote Format String Vulnerability BugTraq ID: 12588 Remote: Yes Date Published: Feb 18 2005 Relevant URL: http://www.securityfocus.com/bid/12588 Summary: GProftpd gprostats utility is reported prone to a remote format string handling vulnerability. A remote attacker may exploit this vulnerability to execute arbitrary attacker-supplied code in the context of the affected utility. This vulnerability is reported to affect GProftpd version 8.1.7 and precious versions. From schaefer at alphanet.ch Sun Feb 27 20:53:02 2005 From: schaefer at alphanet.ch (Marc SCHAEFER) Date: Sun Feb 27 20:53:02 2005 Subject: [gull-annonces] f3miticgpil / =?iso-8859-1?Q?Conf=E9renc?= =?iso-8859-1?Q?e?= BIMO / CTI-Leclerc Message-ID: <20050227190622.GB4209@defian.alphanet.ch> Le Centre d'Emulation Informatique de la R?publique et Canton du Jura (CEIJ) en partenariat avec l'Ecole de Culture G?n?rale (ECG) met sur pied dans le cadre de la BIMO et de son "cycle de conf?rences 2005" une conf?rence: Titre: "L'information comme nouvelle ressource strat?gique" Par: Jean-Marie LECLERC, directeur du centre des technologies de l'information du Canton de Gen?ve. Date: mercredi 9 mars 2005 ? 20h15 Lieu: Salle multim?dia (2-11) du Centre Professionnel de Del?mont Vous trouverez de plus amples renseignements ainsi que l'affiche et le programme en consultant le lien suivant : http://www.f3miticbjn.ch/spip/article.php3?id_article=510 Nous nous r?jouissons de vous revoir lors de cette conf?rence. [ pour Roberto Segalla ]