[gull-annonces] Résumé SecurityFocus Newsletter #251

Marc SCHAEFER schaefer at alphanet.ch
Wed Jun 2 14:11:01 CEST 2004 

BNBT BitTorrent Tracker Denial of Service Vulnerability
BugTraq ID: 10399
Remote: Yes
Date Published: May 22 2004
Relevant URL: http://www.securityfocus.com/bid/10399
Summary:
BNBT BitTorrent Tracker versions Beta 7.5 release 2 and prior are
affected by a flaw related to decoding of HTTP Basic Authentication
credentials (util.cpp).  If a client transmits to the server the
credential string "A==", the server will crash.  A check has been
introduced in version 73_20040521 that will log exploitation attempts
and return prematurely if a request is made with credentials "A==".
This may not be enough to eliminate the vulnerability entirely.
Version Beta 7.5 Release 3 removes the likely vulnerable code, but may
break authentication on Big Endian systems.

[ BitTorrent est un système de distribution de logiciel efficace
  en logiciel libre, en python, voir http://bitconjurer.org/BitTorrent/.
]

Liferay Enterprise Portal Multiple XSS Vulnerabilities
BugTraq ID: 10402
Remote: Yes
Date Published: May 22 2004
Relevant URL: http://www.securityfocus.com/bid/10402
Summary:
It has been reported that Liferay Enterprise Portal is susceptible to
multiple cross-site scripting and HTML injection vulnerabilities.
User-supplied data from many input fields is included in server
generated content without appropriate validation/encoding.  This may
allow for typical cross-site scripting attacks against other users of
the portal.

[ Portail style Yahoo implémenté en tant qu'EJB (modules Java), pour JBoss.  ]

xpcd-svga Buffer Overflow Vulnerability
BugTraq ID: 10403
Remote: No
Date Published: May 23 2004
Relevant URL: http://www.securityfocus.com/bid/10403
Summary:
The xpcd-svga utility is susceptible to a locally exploitable buffer
overflow condition.  According to the report, xpcd-svga copies
untrusted data into a buffer of predefined size without bounds
checking.  The procedure where this occurs is "pcd_open()", suggesting
that the source of the data may be in the image file or photo disk.

[ xpcd-svga - PhotoCD tool collection: SVGA Viewer ]

Netgear RP114 Content Filter Bypass Vulnerability
BugTraq ID: 10404
Remote: Yes
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10404
Summary:
It is reported that users may bypass Netgear RP114 content filter
functionality. This can be accomplished by making a URI request string
that is over 220 bytes in length.

This vulnerability may result in a false sense of security for a
network administrator, where a malicious website is believed to be
unreachable. In reality any host may contact blacklisted websites.

[ firmware ]

VocalTec VGW120/ VGW480 Telephony Gateway Remote H.225 Denia...
BugTraq ID: 10411
Remote: Yes
Date Published: May 24 2004
Relevant URL: http://www.securityfocus.com/bid/10411
Summary:
It has been reported that the VocalTec VGW120 and VGW480 Telephony
Gateways are prone to a remote denial of service vulnerability. The
issue is reported to exist in the ASN.1/H.323/H.225 stack.

A remote attacker may exploit this issue to deny service to the
affected appliances.

[ firmware ]

GNU Mailman Unspecified Password Retrieval Vulnerability
BugTraq ID: 10412
Remote: Yes
Date Published: May 25 2004
Relevant URL: http://www.securityfocus.com/bid/10412
Summary:
Mailman is prone to an unspecified password retrieval vulnerability.
This vulnerability was disclosed by the vendor.  Reportedly, a remote
attacker can gain access to user passwords, when the users subscribe
to a mailing list.

A remote attacker can use the sensitive information to hijack user
accounts or carry out other attacks.

Mailman versions 2.1.4 and prior are prone to this issue.

Due to a lack of details further information is not available at the
moment.  This BID will be updated as more information becomes
available.

HP Integrated Lights Out Remote Denial of Service Vulnerabil...
BugTraq ID: 10415
Remote: Yes
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10415
Summary:
HP Integrated Lights Out (iLO) is prone to a remote denial of service
vulnerability when LAN management products use TCP port 0 to access
the iLO service.

A successful attack can allow an attacker to cause the iLO service to
crash, affectively denying service to legitimate users.

iLO firmware prior to versions 1.55 is prone to this vulnerability.

[ firmware ]

FreeBSD msync(2) System Call Buffer Cache Implementation Vul...
BugTraq ID: 10416
Remote: No
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10416
Summary:
FreeBSD msync(2) system call is prone to a vulnerability that can
allow a local attacker to prevent modifications made to a file from
being written to disk.

Under certain circumstances, a local user with read access to a file
can prevent modifications made to a file from being written to disk.
It is conjectured that an attacker can potentially cause a denial of
service, if the attacker can influence a sensitive configuration
file. Other attacks are possible as well.  The attack would depend on
the privileges held by the attacker.

3Com OfficeConnect Remote 812 ADSL Router Telnet Buffer Over...
BugTraq ID: 10419
Remote: Yes
Date Published: May 26 2004
Relevant URL: http://www.securityfocus.com/bid/10419
Summary:
3Com OfficeConnect Remote 812 ADSL Router is prone to a remotely
exploitable buffer overflow through the telnet port.  Exploitation of
this vulnerability will likely result in a denial of service.

[ firmware ]

XFree86 XDM RequestPort Random Open TCP Socket Vulnerability
BugTraq ID: 10423
Remote: Yes
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10423
Summary:
xdm is reported prone to a potential security vulnerability that may
lead to a false sense of security. A problem reported in xdm, is
reported to result in a false sense of security because even though
DisplayManager.requestPort is set to 0, xdm will open a chooserFd TCP
socket on all interfaces.

Canon ImageRUNNER Remote Port Scan Denial of Service Vulnera...
BugTraq ID: 10425
Remote: Yes
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10425
Summary:
imageRUNNER is prone to a remote denial of service vulnerability.
This issue presents itself when a remote attacker carries out multiple
port scans against port 80, which leads to network services offered by
the printer to hang.

imageRUNNER 210 series is prone to this vulnerability.

[ firmware ]

3Com OfficeConnect Remote 812 ADSL Router Web Interface Auth...
BugTraq ID: 10426
Remote: Yes
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10426
Summary:
3Com OfficeConnect Remote 812 ADSL Router is reportedly affected by an
authentication bypass vulnerability through its web configuration
interface.

Successful exploitation of this issue  would allow an attacker to gain
administrative access to the affected device.

[ firmware ]

Subversion Pre-Commit-Hook Template Undisclosed Vulnerabilit...
BugTraq ID: 10428
Remote: No
Date Published: May 27 2004
Relevant URL: http://www.securityfocus.com/bid/10428
Summary:
Subversion is reported prone to an undisclosed vulnerability. The
issue is reported to present itself due to an insecure implementation
of the pre-commit-hook template.

This BID will be updated as soon as further information regarding this
vulnerability becomes available.

More information about the gull-annonces mailing list