[gull-annonces] Résumé SecurityFocus Newsletter #241

Marc SCHAEFER schaefer at alphanet.ch
Wed Mar 24 23:01:07 CET 2004 

Metamail Extcompose Program Symlink Vulnerability
BugTraq ID: 9850
Remote: No
Date Published: Mar 12 2004
Relevant URL: http://www.securityfocus.com/bid/9850
Summary:
It has been reported that Metamail extcompose program may be prone to a
symbolic link vulnerability that may allow an attacker to corrupt or
overwrite sensitive files.  It has been reported that 'extcompose' writes
output to a file specified by the user via the command line.  The issue
has been reported to present itself because the program creates files
without verifying the existence of the specified files.  A local user may
leverage this condition to corrupt arbitrary files triggering a system
wide denial of service or potentially elevating their system privileges.

Although unconfirmed, it has been reported that the 'extcompose.sigh' is
also vulnerable to this issue.

Metamail 2.7 and prior may be prone to these issues.

UUDeview Insecure Temporary File Creation Vulnerability
BugTraq ID: 9857
Remote: No
Date Published: Mar 12 2004
Relevant URL: http://www.securityfocus.com/bid/9857
Summary:
UUDeview is prone to an issue that may allow malicious local users to
corrupt system files, most likely resulting in loss of data or a denial of
service.

The source of this vulnerability is that the utility creates temporary
files in an insecure manner. This type of vulnerability may potentially
allow for elevation of privileges in situations where an attacker could
influence what is written or appended during this operation. The
possibility of privilege escalation has not been confirmed in this
instance.

IP3 Networks IP3 NetAccess Appliance SQL Injection Vulnerabi...
BugTraq ID: 9858
Remote: Yes
Date Published: Mar 12 2004
Relevant URL: http://www.securityfocus.com/bid/9858
Summary:
It has been reported that the IP3 NetAccess Appliance is prone to a remote
SQL injection vulnerability.  This issue is due to a failure of the
appliance to properly sanitize user input.

This issue may allow an attacker to gain full control of the appliance
through the network administration interface. It may also be possible for
a malicious user to influence database queries in order to view or modify
sensitive information potentially compromising the system or the database.

[ firmware ]

OpenBSD httpd Access Rule Bypass Vulnerability
BugTraq ID: 9867
Remote: Yes
Date Published: Mar 14 2004
Relevant URL: http://www.securityfocus.com/bid/9867
Summary:
OpenBSD httpd access module is reported to allow unauthorized access.
This is due to an error in the parsing of Allow/Deny rules with IP
addresses without a netmask.

Apache HTAccess LIMIT Directive Bypass Configuration Error W...
BugTraq ID: 9874
Remote: Yes
Date Published: Mar 15 2004
Relevant URL: http://www.securityfocus.com/bid/9874
Summary:
LIMIT directives are commonly used in htaccess files to restrict HTTP
methods that are available for a particular resource. However it has been
reported that if the requested resource is served by an Apache module and
not by Apache Server itself, LIMIT restrictions may not apply.
Additionally, CGI/Script resources that do not sufficiently check the
calling method may potentially be invoked with methods not listed in the
LIMIT clause to evade LIMIT restrictions.

GNU SPIP Unspecified PHP Code Execution Vulnerability
BugTraq ID: 9875
Remote: Yes
Date Published: Mar 15 2004
Relevant URL: http://www.securityfocus.com/bid/9875
Summary:
It has been reported that SPIP may be prone to an unspecifed PHP code
execution vulnerability that could allow an attacker to inject arbitrary
PHP code via certain URI parameters of 'forum.php3' script.

Successful exploitation of this issue may allow an attacker to execute
malicous PHP code in the context of the vulnerable site.

Although unconfirmed, SPIP versions 1.7 and prior may be prone to these
issues.

VocalTec VGW4/8 Telephony Gateway Remote Authentication Bypa...
BugTraq ID: 9876
Remote: Yes
Date Published: Mar 15 2004
Relevant URL: http://www.securityfocus.com/bid/9876
Summary:
It has been reported that the VGW4/8 Telephony Gateway is prone to a
remote authentication bypass vulnerability via its web configuration tool.
The problem is due to a design error in the application that allows a user
to access configuration pages without prior authentication.

Successful exploitation of this issue may allow a remote attacker to gain
control of the affected appliance via its web configuration tool.

[ firmware ]

Multiple Vendor SOAP Server Undisclosed Request Denial Of Se...
BugTraq ID: 9877
Remote: Yes
Date Published: Mar 15 2004
Relevant URL: http://www.securityfocus.com/bid/9877
Summary:
A problem has been identified in several different SOAP servers when
handling certain types of requests. Because of this, it is possible for an
attacker to force a denial of service on systems using a vulnerable
implementation.

This BID will be updated as further details regarding this vulnerability
are made public.

Apache Mod_Security Module SecFilterScanPost Off-By-One Buff...
BugTraq ID: 9885
Remote: Yes
Date Published: Mar 16 2004
Relevant URL: http://www.securityfocus.com/bid/9885
Summary:
It has been reported that the Apache 2 mod_security module is affected by
an off-by-one buffer overflow condition that could potentially allow a
remote attacker to execute arbitrary code on a vulnerable system under
some circumstances.  The issue presents itself when the
'SecFilterScanPost' directive is enabled.  Specifically, malformed POST
data sent by a remote attacker may trigger an off-by-one buffer overflow
condition.

Due to a lack of details further information cannot be provided at the
moment.  This BID will be updated as more information becomes available.

mod_security 1.7.4 has been reported to be prone to this issue, however,
it is possible that other versions are affected as well.

ClamAV RAR Archive Remote Denial Of Service Vulnerability
BugTraq ID: 9897
Remote: Yes
Date Published: Mar 16 2004
Relevant URL: http://www.securityfocus.com/bid/9897
Summary:
ClamAV has been reported prone to a remote denial of service
vulnerability. The issue presents itself when a RAR archive that is
created by variants of the W32.Beagle.A at mm worm (MCID 2443) is
encountered.

OpenSSL Denial of Service Vulnerabilities
BugTraq ID: 9899
Remote: Yes
Date Published: Mar 17 2004
Relevant URL: http://www.securityfocus.com/bid/9899
Summary:
Three security vulnerabilities have been reported to affect OpenSSL.  Each
of these remotely exploitable issues may result in a denial of service in
applications which use OpenSSL.

The first vulnerability is a NULL pointer assignment that can be triggered
by attackers during SSL/TLS handshake exchanges.  The CVE candidate name
for this vulnerability is CAN-2004-0079.  Versions 0.9.6c to 0.9.6k
(inclusive) and from 0.9.7a to 0.9.7c (inclusive) are vulnerable.

The second vulnerability is also exploited during the SSL/TLS handshake,
though only when Kerberos ciphersuites are in use. The vendor has reported
that this vulnerability may not be a threat to many as it is only present
when Kerberos ciphersuites are in use, an uncommon configuration.  The CVE
candidate name for this vulnerability is CAN-2004-0112.  Versions 0.9.7a,
0.9.7b, and 0.9.7c are affected.

This entry will be retired when individual BID records are created for
each issue.

*Note: A third denial of service vulnerability included in the
announcement was discovered affecting 0.9.6 and fixed in 0.9.6d.  The CVE
candidate name for this vulnerability is CAN-2004-0081.

OpenBSD isakmpd Multiple Unspecified Remote Denial Of Servic...
BugTraq ID: 9907
Remote: Yes
Date Published: Mar 17 2004
Relevant URL: http://www.securityfocus.com/bid/9907
Summary:
OpenBSD's isakmpd daemon is reported prone to multiple issues that may
lead to a remote denial of service. These issues are reported to occur
when processing certain malformed payloads. This issue may be leveraged by
a remote attacker to cause the isakmpd to cease processing requests,
thereby effectively denying service to legitimate users.

DameWare Mini Remote Control Server Weak Encryption Implemen...
BugTraq ID: 9909
Remote: Yes
Date Published: Mar 17 2004
Relevant URL: http://www.securityfocus.com/bid/9909
Summary:
DameWare Mini Remote Control Server has been reported to be prone to a
weak encryption implementation.

It has been reported that analysis of encrypted traffic will reveal the
block cipher that is used by DameWare Mini Remote Control to encrypt the
plaintext data using ECB (Electronic Code Book) mode. This may ultimately
allow an attacker to determine the block cipher and thereby expose
plaintext credentials by reversing the process.

[ ?? ]

More information about the gull-annonces mailing list