[gull-annonces] Résumé SecurityFocus Newsletter #260

Marc SCHAEFER schaefer at alphanet.ch
Thu Aug 5 17:21:03 CEST 2004


eSeSIX Thintune Thin Client Devices Multiple Vulnerabilities
BugTraq ID: 10794
Remote: Yes
Date Published: Jul 24 2004
Relevant URL: http://www.securityfocus.com/bid/10794
Summary:
Thintune Linux-based devices are reported prone to multiple
vulnerabilities.  These issues can allow remote attackers to gain
complete access to a vulnerable device.

The issues include backdoor accounts that can be accessed over the
network and an information disclosure issue that can disclose user
accounts and passwords.

Thintune devices with firmware version 2.4.38 and prior are affected
by these issues.  Reportedly, Thintune devices based on Windows CE are
not affected.

[ firmware ]

Pavuk Remote Digest Authentication Buffer Overflow Vulnerabi...
BugTraq ID: 10797
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10797
Summary:
It has been reported that Pavuk is affected by a remote digest
authentication buffer overflow vulnerability. This issue is due to a
failure of the application to validate string lengths when copying
user-supplied data into finite buffers in process memory.

Ultimately a remote malicious web site may exploit this issue to
execute arbitrary code on the affected computer with the privileges of
the user who started the affected application.

Subversion 'mod_authz_svn' Access Control Bypass Vulnerabili...
BugTraq ID: 10800
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10800
Summary:
Subversion is reported to contain access control bypass
vulnerabilities in its 'mod_authz_svn' Apache module.

These access control vulnerabilities present themselves when users
have mixed access to a repository.

These vulnerabilities exist in several server operations, such as COPY
and DELETE. These operations fail to properly implement the operator
assigned access controls, allowing users improper access to
repositories.

These issues are only present when using the WebDAV access method with
the Apache 'mod_authz_svn' module, with the 'AuthzSVNAccessFile'
configuration directive.

The vulnerabilities are present in version 1.0.5 and prior. Versions
1.0.6 and 1.1.0-rc1 have been released to address these
vulnerabilities.

MoinMoin PageEditor Unspecified Privilege Escalation Vulnera...
BugTraq ID: 10801
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10801
Summary:
MoinMoin is reported prone to an unspecified privilege escalation
vulnerability.  This issue is related to the PageEditor functionality.
Specifically this vulnerability may arise due to improper
implementation of access control lists.  A remote attacker may exploit
this to gain elevated privileges.

Due to a lack of details, further information is not available at the
moment.  This BID will be updated as more information becomes
available.

This issues is identified in MoinMoin version 1.2.2, however, other
versions may be affected as well.

MoinMoin Unspecified Privilege Escalation Vulnerability
BugTraq ID: 10805
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10805
Summary:
MoinMoin is reported prone to an unspecified privilege escalation
vulnerability. It is reported that this issue presents itself if
access control lists are not applied.  An unspecified erroneous
function allows remote attackers to carry out privileged tasks without
proper access validation.  Remote attackers may gain read and write
access to sensitive data.

Due to a lack of details, further information is not available at the
moment. This BID will be updated as more information becomes
available.

This issues is identified in MoinMoin versions 1.2.2 and prior.

[ Wiki en Python ]

Dropbear SSH Server Digital Signature Standard Unspecified A...
BugTraq ID: 10803
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10803
Summary:
Reportedly Dropbear SSH is affected by an unspecified digital signal
standard (DSS) authentication vulnerability; an upgrade is available.

The impact of this issue is currently unknown, although it is
speculated that this issue could be used to gain unauthorized access
to a computer running the vulnerable application.  It should be noted
that this is not confirmed.  This BID will be updated as more
information becomes available.

[ serveur SSH `léger' ]

SoX WAV File Buffer Overflow Vulnerability
BugTraq ID: 10819
Remote: No
Date Published: Jul 28 2004
Relevant URL: http://www.securityfocus.com/bid/10819
Summary:
The WAV header handling code in SoX is reported to contain a buffer
overflow vulnerability. This issue is due to a failure of the
application to validate string lengths when copying user-supplied data
into finite buffers in process memory.

The attacker must be able to present a malicious WAV file to an
unsuspecting user. The user must employ the affected application to
either listen to, or process the malicious file.

Ultimately a malicious attacker may exploit this issue to execute
arbitrary code on the affected computer with the privileges of the
user who started the affected application.

DansGuardian Hex Encoded File Extension URI Content Filter B...
BugTraq ID: 10823
Remote: Yes
Date Published: Jul 29 2004
Relevant URL: http://www.securityfocus.com/bid/10823
Summary:
It is reported that DansGuardian contains a content filter bypass
vulnerability when handling hex encoded file extensions in URIs.

Under some installations, this may violate security policy, or allow
users to inadvertently access malicious web content.

[ Filtre WWW utilisant Squid ou oops. Attention, GPL uniquement pour
  utilisation non-commerciale ... étrange .. la restriction est
  implémentée au téléchargement; mais d'après la GPL cela n'a
  pas vraiment de valeur, ou alors la GPL ne peut s'appliquer
  (`additional restrictions'). ]

OpenFTPD Remote Message Format String Vulnerability
BugTraq ID: 10830
Remote: Yes
Date Published: Jul 30 2004
Relevant URL: http://www.securityfocus.com/bid/10830
Summary:
Reportedly OpenFTPD is affected by a remote message format string
vulnerability.  This issue is due to a failure of the application to
properly sanitize user-supplied input before using it as the format
specifier in a formatted printing function.

Successful exploitation of this issue will allow an attacker to
execute arbitrary code on the affected computer with the privileges of
the user that invoked the affected FTP server software.

MyServer Multiple Remote math_sum.mscgi Example Script Vulne...
BugTraq ID: 10831
Remote: Yes
Date Published: Jul 30 2004
Relevant URL: http://www.securityfocus.com/bid/10831
Summary:
Reportedly MyServer is affected by multiple remote vulnerabilities in
the 'math_sum.mscgi' example script.  These issues are due to a
boundary condition error and a failure to properly sanitize
user-supplied URI input.

An attacker could exploit the boundary condition issue to execute
arbitrary code on the affected computer with the privileges of the
user that started the affected application.  The input validation
issue could be leveraged to carry out cross-site scripting attacks
against the affected computer.

These issues are reported to affect MyServer version 0.6.2, it is
likely other versions are also affected.

[ licence ? langage ? ]

Mozilla Firefox Refresh Security Property Spoofing Vulnerabi...
BugTraq ID: 10796
Remote: Yes
Date Published: Jul 26 2004
Relevant URL: http://www.securityfocus.com/bid/10796
Summary:
Mozilla Firefox may permit malicious Web pages to spoof security
properties of a trusted site.

An attacker can exploit this issue to spoof the URI and SSL
certificate of a site trusted by an unsuspecting user.  The attacker
can then use this spoofing to steal sensitive or private information,
facilitating phishing attacks

Mozilla Firefox XML User Interface Language Browser Interfac...
BugTraq ID: 10832
Remote: Yes
Date Published: Jul 30 2004
Relevant URL: http://www.securityfocus.com/bid/10832
Summary:
Mozilla Firefox is reported prone to an interface spoofing
vulnerability. The issue presents itself because JavaScript code is
allowed to hide the Mozilla Firefox interface and status bar by
default. A fake Mozilla firefox interface may be created using the XML
User Interface Language API, this interface may aid in phishing style
attacks.

This misrepresentation may fool a user into trusting a malicious site,
which would likely ask the user to submit sensitive or private
information.

Citadel/UX Username Buffer Overflow Vulnerability
BugTraq ID: 10833
Remote: Yes
Date Published: Jul 30 2004
Relevant URL: http://www.securityfocus.com/bid/10833
Summary:
A buffer overrun vulnerability is reported for Citadel/UX. The problem
occurs due to insufficient bounds checking when processing 'USER'
command arguments.

An anonymous remote attacker may be capable of exploiting this issue
to execute arbitrary code. This however has not been confirmed. Failed
exploit attempts may result in a denial of service.



More information about the gull-annonces mailing list