[gull-annonces] Résumé SecurityFocus Newsletter #243

Marc SCHAEFER schaefer at alphanet.ch
Wed Apr 7 11:51:12 CEST 2004 

OFTPD Port Argument Denial Of Service Vulnerability
BugTraq ID: 9980
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9980
Summary:
oftpd is prone to a denial of service vulnerability that may be exploited
by remote, unauthenticated attackers.  This issue is exposed when the
server receives an FTP PORT command with a value greater than 255 as an
argument.

Multiple Local Linux Kernel Vulnerabilities
BugTraq ID: 9985
Remote: No
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9985
Summary:
Multiple local vulnerabilities were reported in the Linux Kernel.  These
issues could permit information disclosure via the ext3 filesystem, system
crash through buggy SoundBlaster code, a system crash via a bug in Kernel
DRI support and a denial of service via mremap.

These issues appear to affect the 2.4 Kernel.  Few details are known at
this time.

OpenSSH SCP Client File Corruption Vulnerability
BugTraq ID: 9986
Remote: Yes
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9986
Summary:
A vulnerability has been reported in the OpenSSH scp utility.  This issue
may permit a malicious scp server to corrupt files on a client system when
files are copied.

This issue is similar to BID 1742.

Gnome Gnome-Session Local Privilege Escalation Vulnerability
BugTraq ID: 9988
Remote: No
Date Published: Mar 26 2004
Relevant URL: http://www.securityfocus.com/bid/9988
Summary:
It has been reported that gnome-session is prone to a local privilege
escalation vulnerability.  This issue is due to a problem with
initialization of the LD_LIBRARY_PATH environment variable upon session
start-up.

This issue may be leveraged locally to gain escalated privileges on the
affected system.

FreeBSD IPv6 Socket Options Handling Local Memory Disclosure...
BugTraq ID: 9992
Remote: No
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9992
Summary:
It has been reported that FreeBSD may be prone to a local memory
disclosure vulnerability that may allow an attacker to access sensitive
memory locations without proper validation.  This is a result of improper
handling of some IPv6 socket options.

FreeBSD employs the KAME Project IPv6 implementation, however, this issue
does not affect other operating systems.

FreeBSD 5.2-RELEASE is reported to be affected by this vulnerability.

Systrace Local Policy Bypass Vulnerability
BugTraq ID: 9998
Remote: No
Date Published: Mar 29 2004
Relevant URL: http://www.securityfocus.com/bid/9998
Summary:
Systrace has been reported prone to a vulnerability that may permit an
application to completely bypass a Systrace policy. The issue presents
itself because Systrace does not perform sufficient sanity checks while
handling a process that is being traced with ptrace.

This issue is reported to have been silently patch in Systrace version
1.4, previous versions are believed to be prone to this vulnerability.

TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability
BugTraq ID: 10003
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10003
Summary:
tcpdump is prone to a remotely exploitable buffer overrun vulnerability.

This issue exists in tcpdump's ISAKMP packet display functions.  This
issue affects how ISAKMP Delete payloads are handled.  This may cause a
denial of service or potentially be leveraged to execute arbitrary code.

TCPDump ISAKMP Identification Payload Integer Underflow Vuln...
BugTraq ID: 10004
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10004
Summary:
tcpdump is prone to a denial of service vulnerability due to an integer
underflow.

This issue exists in tcpdump's ISAKMP packet display functions.  This
issue affects how ISAKMP Identification payloads are handled.  This may
cause a denial of service.

Clam Anti-Virus ClamAV Arbitrary Command Execution Vulnerabi...
BugTraq ID: 10007
Remote: No
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10007
Summary:
It has been reported that ClamAV may be prone to an arbitrary command
execution vulnerability that may allow a local attacker to execute
arbitrary commands in the context of the root user.  The issue presents
itself when the 'VirusEvent' directive in the 'clamav.conf' configuration
file has been enabled and the 'Dazuko' module is used with the antivirus
software.

Although unconfirmed, all versions of the application are assumed to
vulnerable at the moment.  This information will be updated as more
details become available.

[ évidemment, qui tourne clamav sous root?  faudrait être un peu
  bête: même pour un MTA faire le scanning sous un utilisateur
  spécifique en chroot ]

MPlayer Remote HTTP Header Buffer Overflow Vulnerability
BugTraq ID: 10008
Remote: Yes
Date Published: Mar 30 2004
Relevant URL: http://www.securityfocus.com/bid/10008
Summary:
It has been reported that MPlayer is prone to a remote HTTP header buffer
overflow vulnerability.  This issue is due to a failure of the application
to properly verify buffer bounds on the 'Location' HTTP header during
parsing.

Successful exploitation would immediately produce a denial of service
condition in the affected process.  This issue may also be leveraged to
execute code on the affected system within the security context of the
user running the vulnerable process.

CDP Console CD Player PrintTOC Function Buffer Overflow Vuln...
BugTraq ID: 10021
Remote: Yes
Date Published: Mar 31 2004
Relevant URL: http://www.securityfocus.com/bid/10021
Summary:
It has been reported that cdp may be prone to a buffer overflow
vulnerability that may allow an attacker to cause a denial of service
condition in the software.  The issue exists due to insufficient boundary
checks performed by the printTOC() function.  The buffer overflow
condition may occur if when a song with a track name exceeding 200 bytes
is accessed via the application.

If an attacker is able to overwrite sensitive memory locations, it may be
possible to execute arbitrary instructions in the context of the user
running cdp.

All versions of cdp are assumed to be vulnerable to this issue.

More information about the gull-annonces mailing list