[gull-annonces] Résumé SecurityFocus Newsletter #281

Marc SCHAEFER schaefer at alphanet.ch
Thu Dec 30 17:51:03 CET 2004 

htget URI Buffer Overflow Vulnerability
BugTraq ID: 12039
Remote: Yes
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12039
Summary:
htget is prone to a buffer overflow vulnerability.  This vulnerability
is exposed when the software handles a malformed URI.

Successful exploitation may result in execution of arbitrary code in
the context of the client user.

KDE Konqueror Multiple Remote Java Sandbox Bypass Vulnerabil...
BugTraq ID: 12046
Remote: Yes
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12046
Summary:
KDE Konqueror is a freely available, open source web browser
distributed and maintained by the KDE project. It is available for the
UNIX and Linux operating systems.

Multiple remote Java sandbox bypass vulnerabilities affect KDE
Konqueror.  These issues are due to a failure of the application to
properly secure the Java web plug-in.

The first issue is a failure of the application to restrict access to
sensitive Java classes from the Java browser plug-in.  The second
issue is a failure of the application to restrict access to sensitive
Java classes from JavaScript scripts.

These issues may be leveraged to carry out a variety of unspecified
attacks including sensitive information disclosure and denial of
service attacks. Any successful exploitation would take place with the
privileges of the user running the affected browser application.

Tlen.pl Instant Messenger Remote Script Execution Vulnerabil...
BugTraq ID: 12050
Remote: Yes
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12050
Summary:
Tlen.pl is reported prone to a potential script execution
vulnerability.  It is reported that this issue may allow remote
attackers to execute arbitrary script code on a vulnerable computer,
which may lead to various attacks.

Tlen.pl 5.23.4.1 and prior versions are affected by this
vulnerability.

Email Sanitizer MIME Type Parsing Remote Denial Of Service V...
BugTraq ID: 12051
Remote: Yes
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12051
Summary:
A remote denial of service vulnerability affects the MIME type parsing
functionality of Email Sanitizer.  This issue is due to a failure of
the application to properly handle malformed MIME type specifiers.

An attacker may leverage this issue to cause the affected sanitizer to
hang and stop responding, effectively denying service to legitimate
users.

[ je suppose que c'est celui-là:
     http://www.impsec.org/email-tools/procmail-security.html
]

chpox Unspecified Vulnerability
BugTraq ID: 12055
Remote: Unknown
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12055
Summary:
chpox is affected by an unspecified vulnerability; it is not known if
this issue is local or remote.  The underlying cause of this issue is
currently unknown.

The potential impact of this issue is also unknown.  Users are advised
to upgrade to the latest version of the affected software.

More information is not currently available.  This BID will be updated
as more details are released.

[ Freshmeat nous dit: chpox provides transparent checkpointing and
restarting of processes on Linux clusters. It was originally designed
for recovering of tasks that takes long execution time (i.e. numerical
simulations) in case of system crashes, power failures, etc. It may work
with openMosix, is SMP safe, works as a kernel module, does not require
kernel patches or program recompiling/relinking, and supports virtual
memory, regular open files, pipes, Unix domain sockets, current
directory, and child processes.
http://freshmeat.net/redir/chpox/22073/url_homepage/chpx.html
]

GNU troff (groff) Insecure Temporary File Creation Vulnerabi...
BugTraq ID: 12058
Remote: No
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12058
Summary:
GNU troff (groff) is affected by multiple insecure temporary file
creation vulnerabilities.  These issues are due to a design error that
causes the application to fail to verify the existence of a file
before writing to it.

An attacker may leverage these issues to overwrite arbitrary files
with the privileges of an unsuspecting user that activates the
vulnerable application.

GNU troff (groff) 1.18 is reported vulnerable to these issues.  Other
versions are likely to be vulnerable as well.  This BID will be
updated when more information becomes available.

MIT Kerberos 5 Administration Library add_to_history() Heap-Ba...
BugTraq ID: 12059
Remote: No
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12059
Summary:
It is reported that the MIT Kerberos 5 administration library is
affected by a heap-based buffer overflow vulnerability. The
vulnerability presents itself in the 'add_to_history()' function of
the 'svr_principal.c' source file. The vulnerability exists due to an
indexing error that occurs under certain circumstances.

An authenticated attacker may potentially exploit this vulnerability
on a Key Distribution Center (KDC) to execute arbitrary code in the
context of the vulnerable service, ultimately resulting in the
compromise of an entire Kerberos realm.

LibVNCServer Multiple Unspecified Vulnerabilities
BugTraq ID: 12068
Remote: Yes
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12068
Summary:
Multiple, unspecified vulnerabilities reportedly affect LibVNCServer.
The underlying cause of these issues is currently unknown.

The potential impacts of these issues are unknown.  Due to the nature
of the affected software it is possible that these issues may be
leveraged to conduct denial of service and even system compromise,
although this is not confirmed.

xpdf DoImage Remote Buffer Overflow Vulnerability
BugTraq ID: 12070
Remote: Yes
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12070
Summary:
xpdf is reported prone to a remote buffer overflow vulnerability.
This issue exists because the applications fails to perform proper
boundary checks before copying user-supplied data in to process
buffers.  A remote attacker may execute arbitrary code in the context
of a user running the application.  This can result in the attacker
gaining unauthorized access to the vulnerable computer.

An attacker can exploit this issue by enticing a vulnerable user to
open a malformed PDF file.  If the application is configured as the
default handler for PDF files, this could present a viable Web or
email attack vector as when the PDF is clicked from an appropriate
client application, xpdf will automatically be invoked.

This issue is reported to affect xpdf 3.00, however, it is likely that
earlier versions are prone to this vulnerability as well.
Applications using embedded xpdf code may be vulnerable to these
issues as well.

Perl rmtree() Local Race Condition Vulnerability
BugTraq ID: 12072
Remote: No
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12072
Summary:
Perl is reported prone to a local race condition. The vulnerability is
present in the 'rmtree()' function provided by the 'File::Path'
module.

A local attacker may exploit this condition to disclose potentially
sensitive data, or to launch other attacks against an application that
employs the vulnerable function.

libtiff Heap Corruption Integer Overflow Vulnerabilities
BugTraq ID: 12075
Remote: Yes
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12075
Summary:
It has been reported that libtiff is affected by two heap corruption
vulnerabilities due to integer overflow errors that can be triggered
when malicious or malformed image files are processed.  Theoretically,
an attacker can exploit the vulnerabilities to execute arbitrary code
in the context of an application linked to the library, when TIFF
image data is processed (i.e. displayed).  Because image data is
frequently external in origin, these vulnerabilities are considered
remotely exploitable.

mplayer And xine pnm_get_chunk() Multiple Remote Client-Side B...
BugTraq ID: 12076
Remote: Yes
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12076
Summary:
Multiple buffer overflow vulnerabilities are reported to exist in the
xine and mplayer utilities. The following issues are reported:

Several buffer overflow vulnerabilities are reported to exist in the
'pnm_get_chunk()' function.

Reports indicate that the vulnerabilities present themselves in the
RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG and CONT_TAG handling code of
'pnm_get_chunk()'.

A remote attacker may potentially leverage this memory corruption to
execute arbitrary code in the context of a user that uses the
vulnerable utility to connect to a malicious PNM server.

An additional buffer overflow vulnerability is reported to exist in
the PNA_TAG handling code of the 'pnm_get_chunk()' function.

It is reported that supplied PNA_TAG data is copied into a finite
buffer without sufficient boundary checks. This results in memory
corruption. A remote attacker may potentially leverage this memory
corruption to execute arbitrary code in the context of a user that
uses the vulnerable utility to connect to a malicious PNM server.

Debian debmake Local Insecure Temporary File Creation Vulner...
BugTraq ID: 12078
Remote: No
Date Published: Dec 22 2004
Relevant URL: http://www.securityfocus.com/bid/12078
Summary:
A local insecure file creation vulnerability affects Debian's debmake.
This issue is due to a design error that causes the affected
application to create temporary files insecurely.

An attacker may leverage this issue to corrupt arbitrary files with
the privileges of the user that activates the affected application.

[ mkdir -p ~user/tmp && chmod 700 ~user/tmp/ && export TMPDIR=~user/tmp ]

Linux kernel 32 Bit Compatibility System Call Handler AMD64 ...
BugTraq ID: 12079
Remote: No
Date Published: Dec 22 2004
Relevant URL: http://www.securityfocus.com/bid/12079
Summary:
Linux kernel is reported prone to a local privilege escalation
vulnerability.  This issue may allow an attacker to gain elevated
privileges leading to a complete compromise of a vulnerable computer.

It is reported that this issue arises as the 32 bit compatibility
system call handler fails to verify an unspecified argument properly.
This vulnerability only presents itself on the AMD64 platform.

This issue reportedly affects 2.4.x versions of the kernel.

Further details about this issue are currently unavailable.  This BID
will be updated if more information is released.

snort DecodeTCPOptions() Remote Denial Of Service Vulnerabilit...
BugTraq ID: 12084
Remote: Yes
Date Published: Dec 22 2004
Relevant URL: http://www.securityfocus.com/bid/12084
Summary:
snort is reported prone to a remote denial of service
vulnerability. The vulnerability is reported to exist in the
DecodeTCPOptions() function of 'decode.c', and is as a result of a
failure to sufficiently handle malicious TCP packets.

A remote attacker may trigger this vulnerability to crash a remote
Snort server and in doing so may prevent subsequent malicious attacks
from being detected.

SSLTelnetd Unspecified Format String Vulnerability
BugTraq ID: 12085
Remote: Yes
Date Published: Dec 23 2004
Relevant URL: http://www.securityfocus.com/bid/12085
Summary:
Reportedly SSLTelnetd is affected by an unspecified format string
vulnerability.  This issue is due to an improper implementation of a
formatted string function.

Specific technical details about this issue were not disclosed.  It is
conjectured that due to the nature of the affected application, this
issue is remotely exploitable.

This vulnerability is reported to affect Linux Netkit
netkit-telnet-ssl 0.17.17, however, it is likely that other versions
are affected as well.

This BID will be updated when more information becomes available.

docbook-to-man Insecure Temporary File Creation Vulnerabilit...
BugTraq ID: 12087
Remote: No
Date Published: Dec 23 2004
Relevant URL: http://www.securityfocus.com/bid/12087
Summary:
A temporary file creation vulnerability reportedly affects
Docbook-To-Man.  This issue is due to a design error that causes the
affected application to insecurely create files on affected computers.

An attacker may leverage this issue to corrupt arbitrary files with
the privileges of an unsuspecting user that activates the affected
application.

lprng lprng_certs.sh Local Insecure Temporary File Creation ...
BugTraq ID: 12088
Remote: No
Date Published: Dec 23 2004
Relevant URL: http://www.securityfocus.com/bid/12088
Summary:
A temporary file creation vulnerability reportedly affects the
'lprng_certs.sh' script of LPRng.  This issue is due to a design error
that causes the affected application to insecurely create files on
affected computers.

An attacker may leverage this issue to corrupt arbitrary files with
the privileges of an unsuspecting user that activates the affected
application.

Linux Security Modules Process Capabilities Design Error
BugTraq ID: 12093
Remote: No
Date Published: Dec 23 2004
Relevant URL: http://www.securityfocus.com/bid/12093
Summary:
It has been reported that Linux Security Modules suffers from a design
error that could result in host compromise.  According to the report,
when LSM is loaded as a kernel module, existing processes on the
system will be granted unauthorized capabilities.  This includes
non-root processes.  A malicious user on the system at this time will
have effectively gained administrative access.

Reported affected are versions of LSM for Linux kernels 2.5.x and
2.6.x.  LSM on Linux 2.4.x is reportedly not vulnerable.

Debian tetex-bin xdvizilla Insecure Temporary File Creation ...
BugTraq ID: 12100
Remote: No
Date Published: Dec 23 2004
Relevant URL: http://www.securityfocus.com/bid/12100
Summary:
xdvizilla is a script that integrates DVI file viewing in
Mozilla-based browsers.  It is implemented with Debian tetex-bin
package.

xdvizilla is reported prone to an insecure temporary file creation
vulnerability.  This issue is due to a design error that causes the
application to fail to verify the existence of a file before writing
to it.

An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application.

tetex-bin 2.0.2 is reported prone to this issue.  It is likely that
other versions are affected as well.

Linux Kernel ELF Binary Loading Denial Of Service Vulnerabil...
BugTraq ID: 12101
Remote: Yes
Date Published: Dec 24 2004
Relevant URL: http://www.securityfocus.com/bid/12101
Summary:
The Linux kernel is affected by an ELF binary loading vulnerability.
This issue is due to a failure of the affected kernel to properly
handle malformed ELF binaries.

An attacker may leverage this issue to cause the affected kernel to
crash, denying service to legitimate users.

More information about the gull-annonces mailing list