[gull-annonces] Résumé SecurityFocus Newsletter #262

Wed Aug 25 15:51:02 CEST 2004

Linux Kernel Unspecified chown Inode Time Vulnerability
BugTraq ID: 10887
Remote: No
Date Published: Aug 09 2004
Relevant URL: http://www.securityfocus.com/bid/10887
Summary:
An unspecified vulnerability has been announced in the Linux Kernel
implementation of the chown(2) system call.  This issue is related to
how inode time data is updated by the system call.  The impact is not
known at this time, though it is speculated that this could affect
system integrity.

Linux Kernel Unspecified Signal Denial Of Service Vulnerabil...
BugTraq ID: 10888
Remote: No
Date Published: Aug 09 2004
Relevant URL: http://www.securityfocus.com/bid/10888
Summary:
An unspecified denial of service vulnerability has been reported to
exist in the Linux Kernel.  This issue could occur when signals are
handled by the kernel.  Further details are not available at this
time.

xine-lib Remote Buffer Overflow Vulnerability
BugTraq ID: 10890
Remote: Yes
Date Published: Aug 08 2004
Relevant URL: http://www.securityfocus.com/bid/10890
Summary:
It is reported that the xine media library is affected by a remote
buffer overflow vulnerability.  This issue can allow a remote attacker
to gain unauthorized access to a vulnerable computer.

xine-lib rc-5 and prior versions are reportedly affected by this issue.
xine versions 0.99.2 and prior are also vulnerable.

Linux Kernel Unspecified USB Vulnerability
BugTraq ID: 10892
Remote: No
Date Published: Aug 09 2004
Relevant URL: http://www.securityfocus.com/bid/10892
Summary:
The Linux Kernel implementation of USB is reported prone to an
unspecified vulnerability. The impact is not known at this time,
though it is speculated that this vulnerability could affect system
stability.

Bradley Chapman Tabbrowser Preferences (TBP) Mozilla Extensi...
BugTraq ID: 10896
Remote: Yes
Date Published: Aug 09 2004
Relevant URL: http://www.securityfocus.com/bid/10896
Summary:
Bradley Chapman Tabbrowser Preferences (TBP) is reported prone to an
information disclosure vulnerability. The issue is reported to exist
if certain TBP options are selected. When a URL is typed into the
browser address bar, the new page is loaded in a new tab. The
information disclosure occurs because the site in the new tab will
receive a HTTP referrer URL of the site in the previous tab even
though the domains are not related.

GNU cfengine AuthenticationDialogue Remote Denial Of Service...
BugTraq ID: 10900
Remote: Yes
Date Published: Aug 09 2004
Relevant URL: http://www.securityfocus.com/bid/10900
Summary:
GNU cfengine cfservd is reported prone to a remote denial of service
vulnerability. The vulnerability presents itself in the cfengine
cfservd AuthenticationDialogue() function that is responsible for
processing SAUTH commands and also performing RSA based
authentication.

The vulnerability presents itself because return values for several
statements within the AuthenticationDialogue() function are not
checked.

This memcpy() operation based on the return values will fail resulting
in a daemon crash. A remote attacker may exploit this vulnerability to
crash the affected daemon effectively denying service to legitimate
users.

cfservd employs an IP based access control method
(AllowConnectionsFrom). This access control must be bypassed prior to
exploitation. This may hinder exploitation attempts.

This vulnerability is reported to affect versions 2.0.0 to 2.1.7p1 of
cfengine cfservd.

Symantec Clientless VPN Gateway 4400 Series Multiple Vulnera...
BugTraq ID: 10903
Remote: Yes
Date Published: Aug 06 2004
Relevant URL: http://www.securityfocus.com/bid/10903
Summary:
Multiple vulnerabilities have been addressed in Symantec Clientless
VPN Gateway 4400 Series.

The issues include multiple vulnerabilities related to the ActiveX and
HTML file browser, cross-site scripting vulnerabilities in the end
user interface, and a vulnerability in the end user interface that
will allow an unauthorized user to change another user's single signon
information.

[ firmware ]

Genova GeNUGate Multiple Unspecified Denial Of Service Vulne...
BugTraq ID: 10912
Remote: Yes
Date Published: Aug 10 2004
Relevant URL: http://www.securityfocus.com/bid/10912
Summary:
It is reported that GeNUGate is prone to two unspecified denial of
service vulnerabilities.

The first vulnerability is reported in the ISAKMP (Internet Security
Association and Key Management Protocol) process. It is reported that
an attacker sending malicious packets to the ISAKMP process can delete
VPN security associations. This may be related to BID 10496.

The second vulnerability is reported in web applications embedded in
GeNUGate utilizing OpenSSL. An unspecified OpenSSL denial of service
vulnerability can reportedly crash the applications.

A remote attacker may exploit these vulnerabilities to deny service to
legitimate users of the affected application.

[ firewall matériel composé de deux systèmes, certifié par le
  Gouvernement allemand, apparemment composé de logiciel libre
]

KDE Konqueror Cross-Domain Frame Loading Vulnerability
BugTraq ID: 10921
Remote: Yes
Date Published: Aug 11 2004
Relevant URL: http://www.securityfocus.com/bid/10921
Summary:
Konqueror reported prone to a cross-domain frame loading
vulnerability. It is reported that if the name of a frame rendered in
a target site is known, then an attacker may potentially render
arbitrary HTML in the frame of the target site.

An attacker may exploit this vulnerability to spoof an interface of a
trusted web site.

All versions of KDE up to KDE 3.2.3 are vulnerable to this issue.

KDE Insecure Temporary Directory Symlink Vulnerability
BugTraq ID: 10922
Remote: No
Date Published: Aug 11 2004
Relevant URL: http://www.securityfocus.com/bid/10922
Summary:
KDE is reported to contain a temporary directory symlink
vulnerability. This vulnerability is due to improper validation of the
ownership of temporary directories.

Local attackers can cause KDE applications to fail, denying service to
users, or to overwrite arbitrary files with the privileges of the
target user. Privilege escalation may be possible.

Source patches have been made available by KDE to resolve this issue.

KDE DCOPServer Insecure Temporary File Creation Vulnerabilit...
BugTraq ID: 10924
Remote: No
Date Published: Aug 11 2004
Relevant URL: http://www.securityfocus.com/bid/10924
Summary:
KDEs DCOPServer is reported to contain an insecure temporary file
creation vulnerability. This is due to the use of the mktemp()
function.

Since temporary files are used by the DCOP daemon for authentication
purposes, a local attacker may possibly exploit this vulnerability to
compromise the account of a targeted user running KDE.

A local attacker may also possibly exploit this vulnerability to
execute symbolic link file overwrite attacks. This may allow an
attacker to overwrite arbitrary files with the privileges of the
targeted user. Privilege escalation may also be possible using this
method of attack.

KDE versions from 3.2.0 to 3.2.3 are reported susceptible to this
vulnerability.

Nokia IPSO Unspecified Remote Denial of Service Vulnerabilit...
BugTraq ID: 10925
Remote: Yes
Date Published: Aug 12 2004
Relevant URL: http://www.securityfocus.com/bid/10925
Summary:
An unspecified denial of service vulnerability is reported in the
Nokia IPSO operating system.  This issue can allow remote attacker to
cause a vulnerable device to crash or hang, resulting in a denial of
service condition.  Further details regarding this issue are currently
unknown, however as more information is made available this bid will
be updated accordingly.

IPSO versions 3.5, 3.5.1, 3.6, 3.7, 3.7.1, and 3.8 are affected by
this issue.

[ firmware ]

Stefan Westerfeld ARTS Unspecified Insecure Temporary File C...
BugTraq ID: 10928
Remote: No
Date Published: Aug 12 2004
Relevant URL: http://www.securityfocus.com/bid/10928
Summary:
aRts is reported prone to an unspecified insecure temporary file
creation vulnerability.  This issue may allow a local attacker to
carry out a symbolic link attack.

This issue was reported in a SUSE advisory.  Further information is
not available at the moment.  This BID will be updated as more
information becomes available.

All versions of aRts are considered vulnerable to this issue.

Mutt PGP/GnuPG Verified Email Signature Spoofing Vulnerabili...
BugTraq ID: 10929
Remote: Yes
Date Published: Aug 12 2004
Relevant URL: http://www.securityfocus.com/bid/10929
Summary:
It is reported that Mutt contains a vulnerability that allows
attackers to send email that spoofs the look of a successfully
verified PGP/GnuPG email message.

An attacker may potentially simulate the look of the PGP/GnuPG output
that Mutt usually includes when processing signed email messages. If a
user employs Mutt with a specific configuration, the attacker may make
email messages look almost identical to a properly signed and verified
email.

This may allow an attacker to create a message that falsifies a
correctly verified PGP/GnuPG signature. This could allow an attacker
to spoof email from trusted sources. This will likely greatly increase
the effectiveness of social engineering attacks.

In the index mode, messages with signatures have the 's'
flag. Verified signatures change to 'S'. Ensuring that messages have
the proper attributes will aid in the mitigation of this
vulnerability.

Versions 1.3.28 and 1.5.6 are reported affected by this
vulnerability. Other versions are also likely affected.

Netgear DG834G Zebra Process Default Account Password Vulner...
BugTraq ID: 10935
Remote: Yes
Date Published: Aug 12 2004
Relevant URL: http://www.securityfocus.com/bid/10935
Summary:
It is reported that Netgear DG834G devices contain a default password
for their Zebra process. Zebra is a dynamic routing daemon, and
contains a telnet-accessible configuration shell.

It is reported that Zebra listens on both the WAN and the internal
network interfaces.

By gaining administrative access to Zebra, an attacker has the ability
to modify network routes on the device, possibly redirecting traffic
or denying network service to legitimate users. They may also be able
to exploit latent vulnerabilities in Zebra itself.

Due to code reuse, it is possible that other devices similar to this
one are also affected.

[ firmware ]

rsync sanitize_path Function Module Path Escaping Vulnerabil...
BugTraq ID: 10938
Remote: Yes
Date Published: Aug 12 2004
Relevant URL: http://www.securityfocus.com/bid/10938
Summary:
If an rsync server is installed as a daemon with a read/write enabled
module without using the 'chroot' option, it is possible that a remote
attacker could read/write files outside of the configured module
path. Rsync does not properly sanitize the paths when not running with
chroot.  The problem exists in the 'sanitize_path' function.

This could potentially be exploited to execute arbitrary code by
corrupting or place arbitrary files on the system. Destruction of data
could also result, possibly causing a denial of service
condition. Other attacks could also occur, depending on the attacker's
motives.

Sympa List Creation Authentication Bypass Vulnerability
BugTraq ID: 10941
Remote: Yes
Date Published: Aug 13 2004
Relevant URL: http://www.securityfocus.com/bid/10941
Summary:
Sympa is reported to be prone to an authentication bypass
vulnerability when creating new mailing lists.

This vulnerability presents itself upon creating a new mailing
list. The list master approval process could reportedly be skipped by
an attacker.

An attacker may exploit this issue to create unauthorized mailing
lists. This may possibly be used to forward UCE messages, or possibly
other attacks.

Versions prior to 4.1.2 are reportedly affected by this vulnerability.