[linux-leman-annonces] Résumé SecurityFocus Newsletter #193
Marc SCHAEFER
schaefer at alphanet.ch
Tue Apr 22 19:42:28 CEST 2003
BitchX Trojan Horse Vulnerability
BugTraq ID: 7333
Remote: Yes
Date Published: Apr 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7333
Summary:
BitchX is a freely available, open source IRC client. It is available for
Unix, Linux, and Microsoft operating systems.
It has been announced that the server hosting BitchX, www.bitchx.org, was
compromised recently. It has been reported that the intruder made
modifications to the source code of BitchX to include trojan horse code.
Downloads of the source code of BitchX from www.bitchx.org, and mirrors,
likely contain the trojan code.
Reports say that the trojan will run once upon compilation of BitchX. Once
the trojan is executed, it attempts to connect to host 207.178.61.5 on
port 6667.
The trojan horse modifications can be found in the configure script in
BitchX 1.0c19.
Additionally, the trojan displays similarity to those found in irssi,
fragroute, fragrouter, tcpdump, libpcap, OpenSSH, and Sendmail.
This BID will be updated as more information becomes available.
LPRng PSBanner Insecure Temporary File Creation Vulnerability
BugTraq ID: 7334
Remote: No
Date Published: Apr 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7334
Summary:
LPRng psbanner is a printer filter utility that creates a PostScript
format banner and is part of LPRng.
psbanner filter has been reported prone to insecure temporary file
creation vulnerability.
Under certain circumstances, specifically when psbanner is configured as a
filter, psbanner creates temporary files for debugging purposes in an
insecure manner.
It has been reported that psbanner does not check if a previous file
exists or whether the file is symlinked to another location before using
it for a specific action. The action taken on the file will be committed
with the user id 'daemon'.
This vulnerability may lead to symbolic link attacks with in the context
of the user running the vulnerable utility.
SheerDNS Information Disclosure Vulnerability
BugTraq ID: 7336
Remote: Yes
Date Published: Apr 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7336
Summary:
SheerDNS is a master DNS server implementation for Unix and Linux
variants.
A vulnerability has been discovered in SheerDNS. Due to insufficient
sanitization of user-supplied data within DNS requests, an attacker may be
capable of viewing the contents of an arbitrary directory or file.
Specifically, SheerDNS fails to filter directory traversal sequences (../)
embedded in DNS queries.
As SheerDNS runs with root privileges, exploitation of this issue would
allow an attacker to view the contents of all system directories.
This issue was discovered in SheerDNS version 1.0.0, however, earlier
versions may also be affected.
SheerDNS CNAME Buffer Overflow Vulnerability
BugTraq ID: 7335
Remote: No
Date Published: Apr 13 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7335
Summary:
SheerDNS is a master DNS server implementation for Unix and Linux
variants.
SheerDNS is prone to a buffer overflow when constructing responses to
CNAME queries. This is due to insufficient bounds checking of lookup
information. Specifically, the static buffer for lookup results is much
larger than the buffer for queries. The program does a strcpy() operation
to copy the lookup results into the query buffer.
Lookup information which is fetched from local files. If an attacker can
influence the contents of these files, then it will be possible to trigger
this condition to corrupt adjacent regions of stack memory with malicious
data.
Exploitation could lead to a denial of service or execution of malicious
instructions.
This issue was discovered in SheerDNS version 1.0.0, however, earlier
versions may also be affected.
GS-Common PS2Epsi Insecure Temporary File Vulnerability
BugTraq ID: 7337
Remote: No
Date Published: Apr 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7337
Summary:
gs-common is a set of common files for different Ghostscript releases.
The ps2espi script included with gs-common creates temporary files in an
insecure manner when invoking Ghostscript. A malicious local user could
exploit this condition to create a symbolic link that could corrupt any
local file which is writeable by the user invoking the vulnerable script.
Exploitation may result in a denial of service if critical files are
corrupted. Privilege elevation may also be possible if the local attacker
can corrupt local files with custom data.
GTKHTML Malformed HTML Document Denial Of Service Vulnerability
BugTraq ID: 7350
Remote: Yes
Date Published: Apr 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7350
Summary:
GtkHTML is a HTML rendering and editing engine for Gnome. It is embedded
in many applications, such as Evolution personal and workgroup information
management software.
It has been reported that GtkHTML is prone to a vulnerability that may be
exploited to cause a denial of service. This issue is present in GtkHTML
with Evolution. It is possible to crash the Evolution e-mail client with
a malformed message due to this flaw in GtkHTML.
It is possible that this flaw may affect other applications that rely upon
GtkHTML, though this has not been confirmed.
Further details are not available at this time. This BID will be updated
as more details become available.
Python Documentation Server Error Page Cross-Site Scripting Vulnerability
BugTraq ID: 7353
Remote: Yes
Date Published: Apr 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7353
Summary:
Python Documentation Server is a freely available server distributed with
the Python software package. It is available for Unix, Linux, and
Microsoft Operating Systems.
It has been reported that the Python Documentation Server is vulnerable to
a cross-site scripting vulnerability.
The problem is due to insufficient sanitization of HTML and script code
from error output. When HTML and script code are passed to the vulnerable
server in a URI, the code will be displayed in the server's error page.
An attacker could exploit this issue by constructing a malicious link
which contains hostile HTML and script code and then enticing web users to
visit the link. When the error page is displayed, the attacker-supplied
code may be rendered in the user's web browser. This will occur in the
security context of the documentation server.
The server runs on port 7464 by default.
Netcomm NB1300 Modem/Router Weak Default Configuration Settings Vulnerability
BugTraq ID: 7359
Remote: Yes
Date Published: Apr 15 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7359
Summary:
Netcomm NB1300 modem/router is a device used to connect SOHO or Small
Business networks to an ADSL service provider. The ADSL Router supports IP
Packet routing and functions such as NAT and DHCP allowing users to have
their IP address assigned automatically and share a single ISP account.
It has been reported that the Netcomm NB1300 modem/router ships with weak
default configuration settings. The NB1300 has, by default, an FTP server
(VxWorks 5.4.1) exposed on the WAN interface. The default username is set
as 'admin' and the password is, by default, 'password'.
A remote user may connect to the FTP server and authenticate using default
credentials if they have not been changed. The attacker may then download
the router configuration information contained as plaintext in the
'config.reg' file. Other attacks may also be possible.
Information gathered in this may be used in further attacks launched
against the victim host/network.
It should be noted that this vulnerability has been reported to affect all
known releases of Netcomm NB1300 firmware.
[ hardware ]
Mozilla Browser Cross Domain Violation Vulnerability
BugTraq ID: 7363
Remote: Yes
Date Published: Apr 16 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7363
Summary:
Mozilla is an open source web browser available for a number of platforms,
including Microsoft Windows and Linux.
A problem has been reported in Mozilla that could allow access to
information in other browser windows. The vulnerability exists because
Mozilla does not properly sanitize links when transferring documents from
one domain to another. Specifically, malicious HTML code is not sanitized
from the 'onclick' property.
Upon the execution of code through the 'onclick' property, a violation in
browser security zone policy would occur that allows the original web site
to view the contents of web pages in other browser windows.
This problem would require a user visiting a web page that has been
designed to present malicious dialog boxes. This type of attack would most
commonly occur through social engineering.
Other browsers based on the Mozilla codebase are vulnerable to this issue.
[ Progress; Oracle; et d'autres ]
More information about the gull-annonces
mailing list