[gull-annonces] Résumé SecurityFocus Newsletter #257

[Marc SCHAEFER]

Enterasys XSR Security Router Record Route Denial Of Service...
BugTraq ID: 10653
Remote: Yes
Date Published: Jul 02 2004
Relevant URL: http://www.securityfocus.com/bid/10653
Summary:
Enterasys XSR Security Routers are reported prone to a denial of
service vulnerability.

When these devices pass packets with the IP record route option, they
will reportedly crash.

This vulnerability was found in the XSR-1800 series of routers with
firmware version 7.0.0.0. Other device models and firmware versions
may also be affected.

[ firmware ]

MySQL Authentication Bypass Vulnerability
BugTraq ID: 10654
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10654
Summary:
MySQL is prone to a vulnerability that may permit remote clients to
bypass authentication.

This is due to a logic error in the server when handling
client-supplied length values for password strings.

Successful exploitation will yield unauthorized access to the
database.

This issue is known to exist in MySQL 4.1 releases prior to 4.1.3 and
MySQL 5.0.

MySQL Password Length Remote Buffer Overflow Vulnerability
BugTraq ID: 10655
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10655
Summary:
MySQL is prone to a remotely exploitable stack-based buffer overflow
vulnerability.

This issue exists in the password checking routines and may be
triggered by a malicious authentication packet.

Exploitation will be complicated by the fact that the exploit string
will be scrambled with a random number generator and may also require
a valid password hash.  However, if successfully exploited, the
attacker may execute arbitrary code in the context of the server.

This issue is known to exist in MySQL 4.1 releases prior to 4.1.3 and
MySQL 5.0.

Symantec Brightmail Anti-spam Unauthorized Message Disclosur...
BugTraq ID: 10657
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10657
Summary:
Symantec Brightmail anti-spam is reported prone to an unauthorized
message disclosure vulnerability.

This issue exists in the Brightmail anti-spam control center.  Due to
improper access validation a remote attacker can read users' filtered
email.

Symantec Brightmail anti-spam 6.0 is reported prone to this issue,
however, other versions may be affected as well.

[ firmware ]

Fastream NetFile FTP/Web Server Directory Traversal Vulnerab...
BugTraq ID: 10658
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10658
Summary:
The NetFile FTP/Web Server is reported prone to a directory traversal
vulnerability due to insufficient sanitization of user-supplied data.
This can allow an attacker to create, view, and delete arbitrary files
outside the web root.

Fastream NetFILE FTP/Web Server versions 6.7.2.1085 and prior are
reported prone to this issue.

[ firmware ]

Linux VServer Project ProcFS Weak Sharing Permissions Vulner...
BugTraq ID: 10660
Remote: No
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10660
Summary:
It is reported that VServer may be used in order to disclose memory
contents and to deny service to the host operating system and other
virtual servers. The vulnerability exists due to weak sharing
permissions on procfs mounted directories. It is reported that a user
residing in a VServer may make changes to a procfs mounted directory
any changes made will affect the host operating system and all
VServers that exist.

An attacker may exploit this issue to disclose information or initiate
a denial of service.

Multiple Vendor Internet Browser User Action Prediction/Inte...
BugTraq ID: 10661
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10661
Summary:
Multiple vendor Internet Browsers are reported prone to a weakness
where user actions may be used to commit unintentional actions. It is
reported that if a malicious website can control or predict a user
action, then a malicious site may popup a dialog and have the user
unintentionally commit an action to that dialog.

The issue is reported to be exploitable through the XPInstall dialog
feature of Mozilla and Mozilla Firefox. Other browsers are also
vulnerable.

Linux Kernel chown() System Call Group Ownership Alteration ...
BugTraq ID: 10662
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10662
Summary:
It is reported that the Linux kernel version 2.6 contains a flaw which
allows users to improperly change the group ownership on arbitrary
files that they do not own. For the Linux kernel 2.4.X this issue is
only exploitable when the kernel NFS server is active, for the 2.6.X
kernel this issue is always exploitable.

An attacker may reportedly be able to exploit this issue to gain
superuser privileges.

This issue was reported in version 2.6.6, but other versions,
including 2.4.X, are also likely vulnerable.

PureFTPd Accept_Client Remote Denial of Service Vulnerabilit...
BugTraq ID: 10664
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10664
Summary:
PureFTPd is reported prone to a remote undisclosed denial of service
vulnerability. The vulnerability is reported to exist due to a bug in
the accept_client function used to setup new connections. It is
reported that when the maximum number of connections is reached an
attacker may be able to deny service to the affected daemon.

It is reported that all versions of cPanel are also affected by this
issue because cPanel ships with PureFTPd 1.0.12.

Open WebMail Email Header HTML Injection Vulnerability
BugTraq ID: 10667
Remote: Yes
Date Published: Jul 05 2004
Relevant URL: http://www.securityfocus.com/bid/10667
Summary:
Open WebMail is reported to be prone to an email header HTML injection
vulnerability. This issue is due to a failure of the application to
properly sanitize user-supplied email header strings.

An attacker can exploit this issue to gain access to an unsuspecting
user's cookie based authentication credentials; disclosure of personal
email is possible. Other attacks are also possible.

OpenWebmail 2.32 and prior are prone to this issue.

Zoom Model 5560 X3 ETHERNET ADSL Modem Default Backdoor Acco...
BugTraq ID: 10669
Remote: Yes
Date Published: Jul 06 2004
Relevant URL: http://www.securityfocus.com/bid/10669
Summary:
The Zoom Model 5560 X3 ETHERNET ADSL Modem is reported to contain a
default backdoor account.

A remote attacker can gain unauthorized access to the vulnerable
appliance and then carry out other attacks against the users of the
network.

[ firmware ]

JAWS Multiple Input Validation Vulnerabilities
BugTraq ID: 10670
Remote: Yes
Date Published: Jul 06 2004
Relevant URL: http://www.securityfocus.com/bid/10670
Summary:
JAWS is reported prone to multiple vulnerabilities. The issues result
from insufficient sanitization of user-supplied data. The following
specific issues can affect the application:

JAWS is prone to a cross-site scripting vulnerability.

This cross-site scripting issue can permit a remote attacker to create
a malicious URI link that includes hostile HTML and script code. If a
user follows the malicious link, the attacker-supplied code executes
in the Web browser of the victim computer. This attack can allow for
theft of cookie-based authentication credentials and other attacks.

JAWS is reported to be prone to a file disclosure vulnerability. The
vulnerability presents itself because directory traversal sequences
"../.." are not correctly sanitized from user-supplied data. It is
reported that an attacker may disclose a target file by including a
relative path including directory traversal sequences to the target
file as a value for URI parameters passed to the a JAWS script.

An authentication bypass vulnerability is reported to affect the JAWS
authentication system. It is reported that an authentication cookie is
derived from a known value, a remote attacker may create a cookie and
use this cookie to authenticate to the system.

[ aucune idée de ce que c'est, quel langage et quel licence ]

Ethereal Multiple Unspecified iSNS, SMB and SNMP  Protocol D...
BugTraq ID: 10672
Remote: Yes
Date Published: Jul 07 2004
Relevant URL: http://www.securityfocus.com/bid/10672
Summary:
Ethereal 0.10.5 has been released to address multiple vulnerabilities,
including an iSNS protocol dissector vulnerability, a SMB protocol
dissector vulnerability, and a SNMP protocol dissector vulnerability.
These issues are due to a failure of the application to properly
handle malformed packets.

Successful exploitation of these issues will allow an attacker to
cause a denial of service condition in the affected application, it
has also been reported that these issues may facilitate arbitrary code
execution.

Mbedthis Software AppWeb HTTP Server Multiple Vulnerabilitie...
BugTraq ID: 10673
Remote: Yes
Date Published: Jul 07 2004
Relevant URL: http://www.securityfocus.com/bid/10673
Summary:
Mbedthis Software AppWeb HTTP Server is reported prone to multiple
vulnerabilities that may allow a remote attacker to disclose sensitive
information and gain unauthorized access to potentially sensitive
resources.

Mbedthis Software AppWeb HTTP Server versions 1.1.2 and prior are
affected by these vulnerabilities.

[ serveur HTTP embarqué, open source apparemment ]

Nokia 3560 Handset Text Message Remote Denial of Service Vul...
BugTraq ID: 10680
Remote: Yes
Date Published: Jul 08 2004
Relevant URL: http://www.securityfocus.com/bid/10680
Summary:
Nokia 3560 handset is reported prone to a remote denial of service
vulnerability.  This issue occurs when the handset receives and
processes a specially crafted text message from a remote source.
Furthermore, it is reported that this message does not emit a 'new
message' signal in the phone and is not stored on the phone.  Users
are required to disconnect the battery and reboot the phone to retain
normal functionality.

This issue is reported to affect Nokia 3560 handset, however, it is
possible that other Nokia phones are vulnerable as well.

A similar issue was reported in Nokia 6210 Handset.  More information
is available from BID 6952 (Nokia 6210 vCard Denial of Service
Vulnerability).  It is not currently known whether this issue is
related to BID 6952.

Due to a lack of information, further details cannot be provided at
the moment.  This BID will be updated as more information becomes
available.

[ firmware ]

Mozilla External Protocol Handler Weakness
BugTraq ID: 10681
Remote: Yes
Date Published: Jul 08 2004
Relevant URL: http://www.securityfocus.com/bid/10681
Summary:
Mozilla Internet Browser is reported prone to a weakness that may
permit an external protocol to be called without any user
interaction. This may expose Mozilla users to vulnerabilities that
exist in the underlying operating system or in the software that is
the default handler for a registered protocol.

Vulnerabilities in the applications that are invoked by a protocol,
and vulnerabilities in the way a called protocol is handled by the
host operating system may be exploited using this weakness in the
Mozilla browser.

[ en particulier sous Win32 ]

SSLTelnetd Remote Syslog Format String Vulnerability
BugTraq ID: 10684
Remote: Yes
Date Published: Jul 09 2004
Relevant URL: http://www.securityfocus.com/bid/10684
Summary:
Reportedly SSLTelnetd, which is available as a FreeBSD port, is
affected by a remote format string vulnerability.  This issue is due
to an improper implementation of the 'syslog()' formatted string
function.

As a result of this issue, malicious log entries containing format
specifiers will be interpreted literally when logs are written; this
may result in attacker-specified memory being corrupted or disclosed,
leading to arbitrary code execution.

Linux Kernel Floating Point Register Contents Leak Vulnerabi...
BugTraq ID: 10687
Remote: No
Date Published: Jul 09 2004
Relevant URL: http://www.securityfocus.com/bid/10687
Summary:
The Linux kernel is reported prone to a data disclosure vulnerability.

It is reported that this issue may permit a malicious executable to
disclose the contents of Floating Point registers that belong to
another process.

It is reported that this vulnerability will only affect ia64 systems.