[gull-annonces] Résumé SecurityFocus Newsletter #278

Marc SCHAEFER schaefer at alphanet.ch
Sun Dec 12 14:31:03 CET 2004 

[ Comme indiqué par Anne, la vulnérabilité Apple iCal ne concerne
  pas un logiciel libre, merci de m'en excuser.
  le logiciel libre iCal, non concerné par le problème de sécurité,
  est ici:  http://perso.wanadoo.fr/dockes/ical/
]

file ELF Header Unspecified Buffer Overflow Vulnerability
BugTraq ID: 11771
Remote: Yes
Date Published: Nov 29 2004
Relevant URL: http://www.securityfocus.com/bid/11771
Summary:
The file command is affected by a buffer overflow vulnerability.  This
issue is due to a failure of the application to properly validate
string lengths in the affected file prior to copying them into static
process buffers.

An attacker may leverage this issue to execute arbitrary code with the
privileges of a user that processes the malicious file with the
affected utility.  This may be leveraged to escalate privileges or to
gain unauthorized access.

[ file est souvent utilisé par des anti-virus ou anti-spam ]

FreeImage Interleaved Bitmap Image Buffer Overflow Vulnerabi...
BugTraq ID: 11778
Remote: Yes
Date Published: Nov 26 2004
Relevant URL: http://www.securityfocus.com/bid/11778
Summary:
A buffer overflow vulnerability exists in FreeImage.  This issue is
due to a boundary condition error that is presented when the library
handles malformed Interleaved Bitmap (ILBM) images.

This issue could potentially be exploited to execute arbitrary code in
the context of an application that uses the library.

[ ILBM est originalement un format créé par EA (Electronics Art) pour
  la plateforme Amiga, avec une compression RLE. Sauf erreur, le format
  TIFF est dérivé de l'ILBM (l'endianess est différent).
  Voir aussi http://freeimage.sourceforge.net/
]

IPCop Web Administration Interface Proxy Log HTML Injection ...
BugTraq ID: 11779
Remote: Yes
Date Published: Nov 30 2004
Relevant URL: http://www.securityfocus.com/bid/11779
Summary:
IPCop is reported susceptible to an HTML injection vulnerability in
its proxy log viewer. This issue is due to a failure of the
application to properly sanitize user-supplied input prior to
including it in dynamically generated web pages.

This vulnerability allows remote, attacker-supplied malicious HTML or
script code to be displayed to administrative users. This code would
be executed in the context of the affected Web application. It is
conjectured that it may be possible for attackers to cause
administrative actions to be executed on their behalf when an
administrator views the Squid logs. Theft of cookie-based
authentication credentials and other attacks are also likely.

Version 1.4.1 of IPCop is reportedly vulnerable. Other versions may
also be affected.

OpenSSH-portable PAM Authentication Remote Information Discl...
BugTraq ID: 11781
Remote: Yes
Date Published: Nov 30 2004
Relevant URL: http://www.securityfocus.com/bid/11781
Summary:
It is reported that OpenSSH contains an information disclosure
vulnerability. This issue exists in the portable version of
OpenSSH. The portable version is the version that is distributed for
operating systems other than its native OpenBSD platform.

This issue is related to BID 7467. It is reported that the previous
fix for BID 7476 was insufficient to completely fix the issue. It is
not confirmed at this time, but this current issue may involve
differing code paths in PAM, resulting in a new vulnerability.

This vulnerability allows remote users to test for the existence of
valid usernames. Knowledge of usernames may aid them in further
attacks.

SuSE Linux Kernel Unauthorized SCSI Command Vulnerability
BugTraq ID: 11784
Remote: No
Date Published: Dec 01 2004
Relevant URL: http://www.securityfocus.com/bid/11784
Summary:
SuSE Linux is reported susceptible to an unauthorized SCSI command
vulnerability.

Malicious users may be able to send commands to SCSI devices that
result in the overwriting of their firmware. This potentially results
in the failure of the targeted device to further operate. This may
result in the permanent, unrecoverable destruction of SCSI devices,
requiring that they be sent to the vendor for service or replacement.

SuSE Linux 9.1, and SuSE Linux Enterprise Server 9 are reported to be
vulnerable to this issue. Other versions, and other distributions of
Linux are also potentially affected.

[ impact: destruction de périphériques SCSI par envoi de modification de
firmware eronné; possible pour les utilisateurs locaux. Utilise sauf
erreur l'ioctl IOCTL SEND_COMMAND sur le raw-device. Supprimer l'accès
au raw-device devrait être suffisant comme work-around. Cela veut
dire qu'il faut un wrapper SUID pour p.ex. cdrecord, ce qui peut
poser d'autres problèmes d'ailleurs. ]

Linux NFS RPC.STATD Remote Denial Of Service Vulnerability
BugTraq ID: 11785
Remote: Yes
Date Published: Dec 01 2004
Relevant URL: http://www.securityfocus.com/bid/11785
Summary:
It is reported that rpc.statd is vulnerable to a remote denial of
service vulnerability.

This vulnerability allows remote attackers to crash the affected
application. This may result in the failure to cleanup NFS network
locks, possibly resulting in denied access to files, as they may be
considered permanently locked.

Verion 1.0.6 of nfs-utils is reported vulnerable to this issue. Other
versions may also be affected.

[ voir aussi p.ex. http://www.debian.org/security/2004/dsa-606 ]

ACPID Proxy Unspecified Local Denial Of Service Vulnerabilit...
BugTraq ID: 11786
Remote: No
Date Published: Dec 01 2004
Relevant URL: http://www.securityfocus.com/bid/11786
Summary:
An unspecified local denial of service vulnerability affected
acpid_proxy.  The underlying issue causing this vulnerability is
currently unknown, this BID will be updated as more details are
released.

A local attacker may leverage this issue to cause the affected
computer to crash, denying service to legitimate users.

[ ACPI event daemon; http://acpid.sourceforge.net/ ]

gnubiff Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 11787
Remote: Yes
Date Published: Dec 01 2004
Relevant URL: http://www.securityfocus.com/bid/11787
Summary:
It is reported that gnubiff contains multiple remote denial of service
vulnerabilities.

gnubiff is reportedly unable to properly handle unterminated responses
to certain IMAP and POP commands.

These vulnerabilities reportedly affect versions prior to 2.0.2 for
cleartext connections, and versions prior to 2.0.3 for SSL
connections.

FreeBSD Linux ProcFS Local Kernel Denial Of Service And Info...
BugTraq ID: 11789
Remote: No
Date Published: Dec 02 2004
Relevant URL: http://www.securityfocus.com/bid/11789
Summary:
A local denial of service and information disclosure vulnerability
affects the procfs and linprocfs implementation on FreeBSD.  This
issue is due to a design error that causes the mismanagement of memory
references.

An attacker may leverage this issue to cause a kernel panic on an
affected computer, denying service to legitimate users.  It is also
possible to leverage this issue to disclose kernel memory, potentially
facilitating access to sensitive information in kernel buffers.

scponly Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 11791
Remote: Yes
Date Published: Dec 02 2004
Relevant URL: http://www.securityfocus.com/bid/11791
Summary:
scponly is reported prone to a remote arbitrary command execution
vulnerability.  This issue may allow a remote attacker to execute
commands and scripts on a vulnerable computer and eventually allow an
attacker to gain elevated privileges on a vulnerable computer.

Versions prior to 4.0 are reported susceptible to this issue.

rssh Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 11792
Remote: Yes
Date Published: Dec 02 2004
Relevant URL: http://www.securityfocus.com/bid/11792
Summary:
rssh is reported prone to a remote arbitrary command execution
vulnerability. This issue may allow a remote attacker to execute
commands and scripts on a vulnerable computer and eventually allow an
attacker to gain elevated privileges on a vulnerable computer.

All versions of rssh are considered vulnerable at the moment.

Linux Kernel Unspecified Local TSS Vulnerability For AMD64 A...
BugTraq ID: 11794
Remote: No
Date Published: Dec 02 2004
Relevant URL: http://www.securityfocus.com/bid/11794
Summary:
The Linux kernel is reported prone to an unspecified local TSS-related
(Task State Segment) vulnerability. This vulnerability reportedly only
affects the AMD64, and the EMT64T CPU architectures.

This vulnerability reportedly allows local attackers to crash the kernel, or possibly gain elevated privileges.

It is reported that Linux kernels prior to version 2.4.23 are susceptible to this vulnerability.

hpsockd Unspecified Remote Buffer Overflow Vulnerability
BugTraq ID: 11800
Remote: Yes
Date Published: Dec 03 2004
Relevant URL: http://www.securityfocus.com/bid/11800
Summary:
hpsockd is reported prone to an unspecified remote buffer overflow
vulnerability.  This issue exists due to improper boundary checks
performed by the application when handling user-supplied data.  It is
reported that this vulnerability can be exploited to cause a denial of
service condition in the application.

It may be possible to leverage this issue to execute arbitrary code on
a vulnerable computer, however, this has not been confirmed.

hpsockd versions 0.5 and prior are reported prone to this vulnerability.

[ détails ici: http://www.debian.org/security/2004/dsa-604 ]

More information about the gull-annonces mailing list