[linux-leman-annonces] Résumé SecurityFocus Newsletter #190

Marc SCHAEFER schaefer at alphanet.ch
Tue Apr 1 18:37:29 CEST 2003 

Check Point FW-1 Syslog Daemon Unfiltered Escape Sequence Vulnerability
BugTraq ID: 7161
Remote: Yes
Date Published: Mar 21 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7161
Summary:

Check Point Firewall-1 is a popular firewall package available from
Checkpoint Software Technologies.

An issue has been discovered in Check Point FW-1 syslog daemon when
attempting to process a malicious, remotely supplied, syslog message.
Specifically, the syslog service does not properly filter out messages
that include escape sequences.

This issue may be exploitable by a remote attacker to cause the Check
Point syslog service to behave in an unpredictable manner. As well,
exploitation of this vulnerability will result in a remote attacker being
able to arbitrarily add syslog entries. This will ensure that any Check
Point syslog entries on the firewall host would be suspect.

It should be noted that this issue exists only when an administrator
attempts to view Check Point syslog messages via the console.

The technical details regarding this issue are currently unknown. This BID
will be updated when further information becomes available.

Mozilla Bonsai Parameters Page Unauthenticated Access Weakness
BugTraq ID: 7163
Remote: Yes
Date Published: Mar 21 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7163
Summary:

Mozilla Bonsai is a tool that allows a user to perform queries on the
contents of a CVS archive.

A weakness has been reported for Bonsai that may allow remote attackers to
obtain unauthorized access to the parameters page. This page is accessed
through the editparams.cgi.

The parameters page is used by Bonsai to set several options for the tool.
Users by default are able to view this page but are unable to change any
parameters unless a password is entered.

Any information obtained in this manner may be used by an attacker to
launch further attacks against a system using Bonsai.

This vulnerability has been reported for Mozilla Bonsai 1.3 (including all
current and CVS versions).

Mozilla Bonsai Remote Command Execution Vulnerability
BugTraq ID: 7162
Remote: Yes
Date Published: Mar 21 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7162
Summary:

Mozilla Bonsai is a tool that allows a user to perform queries on the
contents of a CVS archive.

A vulnerability has been discovered in Mozilla Bonsai. This issue is
reported to affect all current and CVS versions of the utility.

Exploitation of this issue may allow an attacker to remotely execute
arbitrary commands with 'www-data' privileges.

The details regarding this vulnerability are currently unknown. This BID
will be updated as further information becomes available.

Netgear ProSafe VPN Firewall Web Interface Login Denial Of Service Vulnerability
BugTraq ID: 7166
Remote: Yes
Date Published: Mar 21 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7166
Summary:

The ProSafe VPN Firewall is a home and small office firewall and virtual
private network device distributed by Netgear.

A problem with the device could make it possible for a remote user to deny
service.

It has been reported that some ProSafe VPN Firewall devices do not
properly handle some types of input.  Because of this, a remote user could
potentially send malicious input to the device that would result in a
crash, and potential denial of service.

The problem is in the handling of authentication information of excessive
length.  When a user passes both a username and password to the web
administration interface of the device, the system can be caused to crash.

It is likely that this issue is a memory corruption vulnerability, and
potentially an exploitable boundary condition error.  There is no
confirmation of this.  However, if this issue does prove to be an
exploitable boundary condition error, an attacker could potentially
execute arbitrary code on the vulnerable device with the privileges of the
web interface.

It should also be noted that this vulnerability is likely only exploitable
via the internal interface of the device, though this also is not
confirmed.

3Com SuperStack II RAS 1500 Malicious IP Header Denial of Service Vulnerability
BugTraq ID: 7175
Remote: Yes
Date Published: Mar 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7175
Summary:

3com SuperStack II Remote Access System (RAS) 1500 is a routing device
designed to service dialup users.

It has been reported that RAS 1500 routers are prone to a vulnerability
that may cause a denial of service. The problem occurs when processing
packets with malformed IP headers. Specifically, an IP header with a 'len'
field of 0 may crash an affected device, causing it to reboot.

An attacker effectively denying service to legitimate users of the device
could exploit this vulnerability.

3Com SuperStack II RAS 1500 Unauthorized Access Vulnerability
BugTraq ID: 7176
Remote: Yes
Date Published: Mar 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7176
Summary:

3com SuperStack II Remote Access System (RAS) 1500 is a routing device
designed to service dialup users.

A vulnerability has been reported in 3Com RAS 1500 router that may allow
attackers to access sensitive data. Specifically, RAS 1500 devices do not
carry out sufficient authentication of users requesting files via the web
interface.

Successful exploitation of this vulnerability may allow an attacker to
obtain sensitive configuration files. Access to this information may make
it possible for an attacker to carry out further attacks on a target
system or device.

Joel Palmius Mod_Survey Data Injection Vulnerability
BugTraq ID: 7192
Remote: Yes
Date Published: Mar 23 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7192
Summary:

Mod_Survey is a mod_perl module for Apache which allows web users to
create online questionaires.  It is maintained by Joel Palmius and will
run on Linux and Unix variants as well as Microsoft Windows.

Mod_Survey does not sufficiently sanitize data supplied via ENV tags.
ENV tags are a feature included with Mod_Survey to import values supplied
from environment variables into the data repository.

It has been reported by the vendor that this may allow for injection of
malicious data, including delimiter characters, into the data repository.
Exploitation may allow for manipulation of environment variables or the
possibility of executing database commands through injection of SQL
syntax.  Other attacks may also be possible.

This is only an issue with surveys that use ENV tags.  This issues occurs
with ENV tags which import data from environment variables that may be
potentially specified or influenced by a remote user (such as
'HTTP_USER_AGENT').

The consequences of exploitation could depend on the underlying database
implementation and configuration or other factors.

More information about the gull-annonces mailing list