[gull-annonces] Résumé SecurityFocus Newsletter #277

Marc SCHAEFER schaefer at alphanet.ch
Thu Dec 2 14:11:02 CET 2004 

W-Channel TC-IDE Embedded Linux Local Privilege Escalation V...
BugTraq ID: 11718
Remote: No
Date Published: Nov 20 2004
Relevant URL: http://www.securityfocus.com/bid/11718
Summary:
Multiple local privilege escalation vulnerabilities reportedly exist
in W-Channel TC-IDE.  These issues are due to input handling errors
that allow a local attacker to start applications with escalated
privileges.

A local attacker may leverage these issues to gain superuser access to
the affected computer, facilitating privilege escalation.

[ Linux sur Flash, accessible via IDE, offrant un service de client
terminal RDP ou serveur X11 ]

ZyXEL Prestige Router HTTP Remote Administration Configurati...
BugTraq ID: 11723
Remote: Yes
Date Published: Nov 22 2004
Relevant URL: http://www.securityfocus.com/bid/11723
Summary:
ZyXEL Prestige router series is reported prone to an access validation
vulnerability. The vulnerability exists because the firmware of the
router fails to restrict access to a configuration page that is a part
of the ZyXEL Prestige HTTP based remote administration service.

A remote attacker may exploit this vulnerability to reset the
configuration of the router.

[ firmware ]

Plain Black Software WebGUI Unspecified Remote Vulnerability
BugTraq ID: 11727
Remote: Unknown
Date Published: Nov 22 2004
Relevant URL: http://www.securityfocus.com/bid/11727
Summary:
An unspecified remote vulnerability affects Plain Black Software
WebGUI.  The underlying issue causing this vulnerability is currently
unknown.  This BID will be updated as more information becomes
available.

The potential impact of this issue is currently unknown.  Due to
nature of this issue it may facilitate theft of authentication
credentials, however this is not confirmed.

[ Open Source Perl CMS ]

Apple iCal Calendar Import Alarm Notification Failure Vulner...
BugTraq ID: 11728
Remote: Yes
Date Published: Nov 22 2004
Relevant URL: http://www.securityfocus.com/bid/11728
Summary:
It is reported that when importing an Apple iCal calendar, iCal fails
to warn an end user if the calendar contains an alarm. This may result
in a victim importing a calendar that is believed to be safe when in
reality the calendar contains malicious alarm entries.

[ ical est un programme libre; mais je ne sais pas si c'est la même
  chose qu'Apple iCal, donc je laisse ]

ProZilla Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 11734
Remote: Yes
Date Published: Nov 23 2004
Relevant URL: http://www.securityfocus.com/bid/11734
Summary:
It is reported that multiple buffer overflow vulnerabilities exist in
ProZilla. These issues are due to a failure of the application to
properly bounds check user-supplied input prior to copying it into
fixed sized memory buffers.

These vulnerabilities allow remote attackers to execute arbitrary code
in the context of a user running the affected application. A victim
user is required to attempt to download files from an
attacker-controlled server for an exploit to succeed.

[ client FTP ou HTTP qui ouvre de nombreuses connexions et utilise
  des requêtes de `range' pour à la fois surcharger de nombreux
  serveurs et rendre votre download plus rapide
]

Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
BugTraq ID: 11738
BugTraq ID: 11729
Remote: Yes
Date Published: Nov 24 2004
Relevant URL: http://www.securityfocus.com/bid/11738
Relevant URL: http://www.securityfocus.com/bid/11729
Summary:
Cyrus IMAPD is reported prone to multiple remote unspecified buffer
overflow vulnerabilities. The following issues are reported:

It is reported that the first issue exists in the 'IMAPMAGICPLUS'
functionality provided by Cyrus IMAPD. This vulnerability exists prior
to authentication, and is therefore reportedly exploitable by
anonymous remote attackers.

Additionally a buffer overflow vulnerability is reported to exist in
the 'mysasl_canon_user' Cyrus IMAPD function.

These vulnerabilities reportedly may allow remote, attacker-supplied
machine code to be executed in the context of the affected server
process.

WMFrog Weather Monitor Symbolic Link Vulnerability
BugTraq ID: 11743
Remote: No
Date Published: Nov 24 2004
Relevant URL: http://www.securityfocus.com/bid/11743
Summary:
A local symbolic link vulnerability affects wmFrog.  This issue is due
to a failure of the application to securely handle temporary files.

An attacker may leverage this issue to corrupt or overwrite arbitrary
files with the privileges of an unsuspecting user that activated the
affected application.  It has been reported that this issue can be
exploited to escalate privileges.

Zwiki Cross-Site Scripting Vulnerability
BugTraq ID: 11745
Remote: Yes
Date Published: Nov 24 2004
Relevant URL: http://www.securityfocus.com/bid/11745
Summary:
It is reported that Zwiki is susceptible to a cross-site scripting
vulnerability. This issue is due to a failure of the application to
properly sanitize user-supplied URI input prior to including it in
dynamic web page content.

This issue could permit a remote attacker to create a malicious URI
link that includes hostile HTML and script code. If this link were to
be followed, the hostile code may be rendered in the web browser of
the victim user.

[ Zope ]

Open DC Hub Remote Buffer Overflow Vulnerability
BugTraq ID: 11747
Remote: Yes
Date Published: Nov 24 2004
Relevant URL: http://www.securityfocus.com/bid/11747
Summary:
A remote buffer overflow vulnerability reportedly affects the Open DC
Hub.  This issue is due to a failure of the application to properly
validate the length of user-supplied strings prior to copying them
into finite process buffers.

An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application.
This may facilitate unauthorized access or privilege escalation.

[ P2P ]

Yard Radius Remote Buffer Overflow Vulnerability
BugTraq ID: 11753
Remote: Yes
Date Published: Nov 25 2004
Relevant URL: http://www.securityfocus.com/bid/11753
Summary:
Yard Radius is prone to a remotely exploitable stack-based buffer
overflow.  This issue could reportedly be exploited prior to
authentication.  Successful exploitation may result in execution of
arbitrary code in the context of the server, which may be running as
the superuser.

[ concerne les implémentations libres et non libres voir
  http://icat.nist.gov/icat.cfm?cvename=CAN-2001-1376
]

Linux Kernel Unspecified Local Denial Of Service And Memory ...
BugTraq ID: 11754
Remote: No
Date Published: Nov 25 2004
Relevant URL: http://www.securityfocus.com/bid/11754
Summary:
The Linux kernel is reported prone to multiple local
vulnerabilities. The following issues are reported:

Reports indicate that a handcrafted 'a.out' file may be used to
trigger a local denial of service condition.

A local attacker may exploit this vulnerability to trigger a
system-wide denial of service, potentially resulting in a kernel
panic.

A memory disclosure vulnerability is also reported to affect the Linux
kernel.

A local attacker may exploit this vulnerability to disclose random
pages of physical memory.

This BID will be updated, as further details regarding these
vulnerabilities are made available.

[ work-around: supprimer le support obsolète a.out dans le kernel. Sinon
il y a des patches et certaines distributions ont sorti des mises à
jour. Il y a aussi des attaques sur ELF. ]

Mozilla Firefox Infinite Array Sort Denial Of Service Vulner...
BugTraq ID: 11752
Remote: Yes
Date Published: Nov 25 2004
Relevant URL: http://www.securityfocus.com/bid/11752
Summary:
Mozilla Firefox is prone to a vulnerability that may result in a
browser crash.  This issue is exposed when the browser performs an
infinite JavaScript array sort operation.  It is conjectured that this
will only result in a denial of service and is not further exploitable
to execute arbitrary code, though this has not been confirmed.

It is not known if other Mozilla products or Gecko-based browsers are
affected by this vulnerability.

Mozilla Browser Infinite Array Sort Denial Of Service Vulner...
BugTraq ID: 11760
Remote: Yes
Date Published: Nov 25 2004
Relevant URL: http://www.securityfocus.com/bid/11760
Summary:
Mozilla Browser is prone to a vulnerability that may result in a
browser crash.  This issue is exposed when the browser performs an
infinite JavaScript array sort operation.  It is conjectured that this
will only result in a denial of service and is not further exploitable
to execute arbitrary code, though this has not been confirmed.

Mozilla Camino Web Browser Infinite Array Sort Denial Of Ser...
BugTraq ID: 11761
Remote: Yes
Date Published: Nov 25 2004
Relevant URL: http://www.securityfocus.com/bid/11761
Summary:
Mozilla Camino Web browser is prone to a vulnerability that may result
in a browser crash.  This issue is exposed when the browser performs
an infinite JavaScript array sort operation.  It is conjectured that
this will only result in a denial of service and is not further
exploitable to execute arbitrary code, though this has not been
confirmed.

YaBB Shadow BBCode Tag JavaScript Injection Vulnerability
BugTraq ID: 11764
Remote: Yes
Date Published: Nov 26 2004
Relevant URL: http://www.securityfocus.com/bid/11764
Summary:
YaBB is reported prone to a JavaScript injection vulnerability. It is
reported that the BBCode 'shadow' tag is not sufficiently sanitized of
malicious script content.

An attacker that has an account on the affected bulletin board may
exploit this vulnerability to inject arbitrary JavaScript code into
forum posts through the 'shadow' tag.

More information about the gull-annonces mailing list