[gull-annonces] Résumé SecurityFocus Newsletter #240

Marc SCHAEFER schaefer at alphanet.ch
Wed Mar 17 08:41:01 CET 2004 

NFS-Utils rpc.mountd Denial Of Service Vulnerability
BugTraq ID: 9813
Remote: No
Date Published: Mar 06 2004
Relevant URL: http://www.securityfocus.com/bid/9813
Summary:
An unspecified denial of service vulnerability exists in nfs-utils.  It
has been reported that certain DNS configurations may cause rpc.mountd to
crash, potentially impacting availability of the DNS client at mount time.

GNU Automake Insecure Temporary Directory Creation Symbolic ...
BugTraq ID: 9816
Remote: No
Date Published: Mar 08 2004
Relevant URL: http://www.securityfocus.com/bid/9816
Summary:
It has been reported that GNU Automake may be prone to a symbolic link
vulnerability that may allow an attacker to modify data or gain elevated
privileges on a vulnerable system.  This issue results due to insecure
creation of directories during compilation.  The attacker may potentially
create symbolic links in the place of files contained in the affected
directories, which may potentially lead to elevated privileges due to
modification of data.

GNU Automake versions prior to 1.8.3 are reported to be affected by this
vulnerability.


Network Time Protocol Daemon Integer Overflow Vulnerability
BugTraq ID: 9818
Remote: No
Date Published: Mar 08 2004
Relevant URL: http://www.securityfocus.com/bid/9818
Summary:
The Network Time Protocol daemon (NTPd) may be prone to an integer
overflow vulnerability that may cause integrity loss in a machine.

It has been reported that if a client issues a request to a NTP server
containing a date that is more than 34 years of the server's date, the
server may calculate an erroneous offset reply.  This issue could lead to
a loss of integrity in a machine issuing a request to the NTP server as an
erroneous time value would not correspond to logs and file creation and
modification times, possibly disrupting the audit trail for
security-related system and network events.

NTPd versions 3 and prior are reported to be affected by this issue.

Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnera...
BugTraq ID: 9826
Remote: Yes
Date Published: Mar 09 2004
Relevant URL: http://www.securityfocus.com/bid/9826
Summary:
mod_ssl has been reported to be prone to a remote denial of service
vulnerability. It has been reported that the issue is as a result of a
memory leak and will present itself when standard HTTP requests are
handled on the SSL port of an affected Apache server.

Apache Mod_Access Access Control Rule Bypass Vulnerability
BugTraq ID: 9829
Remote: Yes
Date Published: Mar 09 2004
Relevant URL: http://www.securityfocus.com/bid/9829
Summary:
Apache mod_access has been reported to be prone to an access rule bypass
vulnerability. When an Allow or Deny rule is specified and an IP address
is used in the rule without a netmask, the affected module may fail to
match the rule. As a result of this vulnerability, access controls may not
be enforced correctly.

Confixx DB Parameter SQL Injection Vulnerability
BugTraq ID: 9830
Remote: Yes
Date Published: Mar 09 2004
Relevant URL: http://www.securityfocus.com/bid/9830
Summary:
It has been reported that an input validation error with the potential for
use in a SQL injection attack is present in the "db_mysql_loeschen2.php"
script. When a user is requesting the "db_mysql_loeschen2.php" script, one
of the parameters that can be passed to the script is "db". There are no
checks on the value of this variable before it is used in an SQL query
string.

Consequently, malicious users may corrupt the resulting SQL queries by
specially crafting a value for the "db" variable.

Confixx Perl Debugger Remote Command Execution Vulnerability
BugTraq ID: 9831
Remote: Yes
Date Published: Mar 09 2004
Relevant URL: http://www.securityfocus.com/bid/9831
Summary:
The Confixx PERL debugging utility functionality has been reported to be
prone to a remote command execution vulnerability. The issue is reported
to occur when a command sequence is appended to a HTTP request for a PERL
script resource, the command sequence must contain a prefixed ';'
semi-colon character. When this request is processed, the command sequence
will be reportedly executed with the privileges of the process that
invokes the Confixx PERL debugging utility.

WU-FTPD restricted-gid Unauthorized Access Vulnerability
BugTraq ID: 9832
Remote: Yes
Date Published: Mar 09 2004
Relevant URL: http://www.securityfocus.com/bid/9832
Summary:
It has been reported that WU-FTPD FTP server is prone to an unauthorized
access vulnerability.  The issue is related to the "restricted-gid"
feature supported by WU-FTPD.  This feature allows for an administrator to
restrict FTP user access to certain directories.  The vulnerability
reportedly allows users to bypass those restrictions through modifying the
permissions on their home directory so that they themselves can no longer
access it.  Under such circumstances, the server may grant the user
unauthorized access to the root directory.

Further technical details are not known at this time.  This record will be
updated as more information becomes available.

This BID is created in response to Two Possibly New WU-FTPD
Vulnerabilities BID 9820.  BID 9820 is being retired.

Python getaddrinfo Function Remote Buffer Overflow Vulnerabi...
BugTraq ID: 9836
Remote: Yes
Date Published: Mar 10 2004
Relevant URL: http://www.securityfocus.com/bid/9836
Summary:
It has been reported that Python may be prone to a remote buffer overflow
vulnerability that may allow an attacker to execute arbitrary code on a
vulnerable system in order to gain unauthorized access.  The issue exists
due to insufficient boundary checks performed by the 'getaddrinfo'
function and occurs when an IPv6 address of excessive length is sent to a
vulnerable host via DNS.

It has been reported that this issue affects Python versions 2.2 and
2.2.1.

Due to a lack of information, further details cannot be outlined at the
moment. This BID will be updated as more information becomes available.

Sysstat Insecure Temporary File Creation Vulnerability
BugTraq ID: 9838
Remote: No
Date Published: Mar 10 2004
Relevant URL: http://www.securityfocus.com/bid/9838
Summary:
The Sysstat system monitoring utility is prone to an issue that may allow
malicious local users to corrupt system files, most likely resulting in
loss of data or a denial of service.

The source of this vulnerability is that the utility creates temporary
files in an insecure manner, facilitating creation of malicious symbolic
links in the /tmp directory.

Multiple Vendor Internet Browser Cookie Path Argument Restri...
BugTraq ID: 9841
Remote: Yes
Date Published: Mar 10 2004
Relevant URL: http://www.securityfocus.com/bid/9841
Summary:
Multiple vendor Internet Browsers have been reported to be prone to a
cookie path argument restriction bypass vulnerability. The issue presents
itself due to a failure to properly sanitize encoded URI content, this may
make it possible for an attacker to craft a URI that will contain encoded
directory traversal sequences sufficient to provide access to a supposedly
path exclusive cookie from an alternate path.

GdkPixbuf Unspecified Bitmap Handling Denial Of Service Vuln...
BugTraq ID: 9842
Remote: Yes
Date Published: Mar 10 2004
Relevant URL: http://www.securityfocus.com/bid/9842
Summary:
The GdkPixbuf library has been reported prone to an unspecified denial of
service vulnerability. This issue is reported to cause the Evolution email
client to crash when a malicious Bitmap file is handled. Other
applications that rely on the library may be similarly affected.

Sysstat Isag Temporary File Creation Vulnerability
BugTraq ID: 9844
Remote: No
Date Published: Mar 10 2004
Relevant URL: http://www.securityfocus.com/bid/9844
Summary:
The Sysstat Isag command is prone to an issue that may allow malicious
local users to corrupt system files, most likely resulting in loss of data
or a denial of service.

The source of this vulnerability is that the utility creates temporary
files in an insecure manner, facilitating creation of malicious symbolic
links in the /tmp directory.

Courier Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 9845
Remote: Yes
Date Published: Mar 11 2004
Relevant URL: http://www.securityfocus.com/bid/9845
Summary:
Multiple buffer overflow vulnerabilities have been identified in Courier
MTA, Courier SqWebMail, and Courier-IMAP.  These vulnerabilities may allow
a remote attacker to execute arbitrary code on a vulnerable system in
order to gain unauthorized access.

The issues exist in the 'SHIFT_JIS' converter in 'shiftjis.c' and
'ISO2022JP' converter in 'so2022jp.c'.  An attacker may be able to exploit
these issues by supplying Unicode characters that exceed BMP (Basic
Multilingual Plane) range.

These issues have been reported to affect Courier MTA 0.44.2 and prior,
Courier-IMAP 2.2.1 and prior, and Courier SqWebMail 3.6.2 and prior.  It
has also been reported that the vulnerable codeset mappings may be
employed by the Courier IMAP and Webmail service, however, they are not
enabled by default.

These issues are being further analyzed and this BID will be updated once
analysis is complete.

GNU MyProxy Cross-Site Scripting Vulnerability
BugTraq ID: 9846
Remote: Yes
Date Published: Mar 11 2004
Relevant URL: http://www.securityfocus.com/bid/9846
Summary:
It has been reported that GNU MyProxy may be prone to a cross-site
scripting vulnerability that may allow a remote attacker to execute HTML
or script code in a user's browser.  The issue presents itself due to
insufficient sanitization of user-supplied data.

Due to the possibility of attacker-specified HTML and script code being
rendered in a victim's browser, it is possible to steal cookie-based
authentication credentials from that user. Other attacks are possible as
well.

GNU MyProxy version 20030629 has been reported to be affected by this
issue, however, it is possible that other versions are vulnerable as well.

More information about the gull-annonces mailing list