[gull-annonces] Résumé SecurityFocus Newsletter #242

Marc SCHAEFER schaefer at alphanet.ch
Wed Mar 31 11:01:02 CEST 2004 

Jetty Unspecified Denial Of Service Vulnerability
BugTraq ID: 9917
Remote: Yes
Date Published: Mar 18 2004
Relevant URL: http://www.securityfocus.com/bid/9917
Summary:
An unspecified denial of service vulnerability has been reported in Jetty
Java HTTP Servlet Server.  It is conjectured that this may be exploited
remotely.

SquidGaurd NULL URL Character Unauthorized Access Vulnerabil...
BugTraq ID: 9919
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9919
Summary:
Reportedly SquidGaurd is prone to a remote NULL URL character unauthorized
access vulnerability.  This issue is due to a failure of the application
to properly filter out invalid URIs.

Successful exploitation of this issue may allow a remote attacker to
bypass access controls resulting in unauthorized access to
attacker-specified resources. This may allow the attacker to gain
unauthorized access to sensitive resources.

Although it has not been confirmed, this issue may be related to the issue
defined in BID 9778.

[ SquidGuard? ]

Apache Connection Blocking Denial Of Service Vulnerability
BugTraq ID: 9921
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9921
Summary:
Apache is prone to an issue that may permit remote attackers to cause a
denial of service issue via a listening socket on a rarely accessed port.
This will reportedly block out new connections to the server until another
connection on the rarely accessed socket is initiated.

The functionality that exposes this issue is reportedly enabled by default
on all platforms except Windows.

FVWM fvwm_make_browse_menu.sh Scripts Command Execution Vuln...
BugTraq ID: 9922
Remote: No
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9922
Summary:
It has been reported that the FVWM fvwm_make_browse_menu.sh script is
prone to a command execution vulnerability. This issue is due to the
script allowing a user to define which application should be used to
execute the file via its filename.

An attacker may be able to leverage this issue to cause arbitrary commands
to be executed with the privileges of a victim user.

This issue is related to the issue described in BID 9161.

FVWM fvwm_make_directory_menu.sh Scripts Command Execution V...
BugTraq ID: 9925
Remote: No
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9925
Summary:
It has been reported that the FVWM 'fvwm_make_directory_menu.sh' script is
prone to a command execution vulnerability. This issue is due to the
script allowing a user to define which application should be used to
execute the file via its filename.

An attacker may be able to leverage this issue to cause arbitrary commands
to be executed with the privileges of a victim user.

This issue is related to the issue described in BID 9161.

Samba SMBPrint Sample Script Insecure Temporary File Handlin...
BugTraq ID: 9926
Remote: No
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9926
Summary:
It has been reported that the 'smbprint-new.sh' sample Samba script is
prone to a local insecure temporary file handling symbolic link
vulnerability.  This issue is due to a design error that allows the
application to insecurely write to a temporary file that is created with a
predictable file name.

An attacker may exploit this issue to corrupt arbitrary files. This
corruption may potentially result in the elevation of privileges, or in a
system wide denial of service.

It should be noted that the 'smbprint-new.sh' is a sample script located
in the 'examples' directory.  This script is not intended for commercial
use.  The 'smbprint' script included in the 'packaging' directory is not
vulnerable to this issue.  Individual package distributions may vary.

Borland Interbase Database User Privilege Escalation Vulnera...
BugTraq ID: 9929
Remote: No
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9929
Summary:
By default, insecure permissions are set on the file storing the user
database that is shipped with Borland Interbase.  The permissions, 0666,
permit all users to write to the file.  This configuration error can be
exploited to gain administrative access within the database.  The
consequences of this flaw may extend further if the database supports
applications.

Apache Error Log Escape Sequence Injection Vulnerability
BugTraq ID: 9930
Remote: Yes
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9930
Summary:
It has been reported that the Apache web server is prone to a remote error
log escape sequence injection vulnerability.  This issue is due to an
input validation error that may allow escape character sequences to be
injected into apache log files.

This may facilitate exploitation of issues such as those found in BIDs
6936 and 6938.

This issue may allow an attacker to carry out a number of actions
including arbitrary file creation and code execution on the affected
system.

Apache mod_disk_cache Module Client Authentication Credentia...
BugTraq ID: 9933
Remote: Yes
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9933
Summary:
It has been reported that Apache mod_disk_cache module may be prone to a
weakness that could result in an attacker gaining access to proxy or
standard authentication credentials.  The mod_disk_cache module is
reported to store HTTP Hop-by-hop headers including user login and
password information in plaintext format on disk.

This issue could be used in conjunction with other possible
vulnerabilities in a host to gain access to user authentication
credentials.  Successful exploitation of this issue may lead to further
attacks agains vulnerable users of the affected host.

Apache versions 2.0.49 and prior with mod_disk_cache enabled are assumed
to be affected by this issue.

Xine Bug Reporting Script Insecure Temporary File Creation V...
BugTraq ID: 9939
Remote: No
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9939
Summary:
The xine bug reporting scripts (xine-bugreport and xine-check) create
temporary files in an insecure manner.  A malicious local user could take
advantage of this issue by mounting a symbolic link attack to corrupt
other system files, most likely resulting in destruction of data.
Privilege escalation is also theoretically possible.  This issue is only
exposed when the vulnerable scripts are run to submit a bug report to the
vendor.

It should be noted that xine-bugreport and xine-check are separate
instances of the same script.

Ethereal Multiple Vulnerabilities
BugTraq ID: 9952
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9952
Summary:
Ethereal 0.10.3 has been released to address multiple vulnerabilities.
These issues include:

- Thirteen stack-based buffer overruns in various protocol dissectors
(NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP).

- A denial of service that is triggered by a zero length Presentation
protocol selector.

- Specially crafted RADIUS packets may cause a crash in Ethereal.

- Corrupt color filter files may cause a crash in Ethereal.

These issues may result in a denial of service or potentially be leveraged
to execute arbitrary code in the instance of the buffer overruns.

rident.pl Symbolic Link Vulnerability
BugTraq ID: 9968
Remote: No
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9968
Summary:
It has been reported that rident.pl may be prone to a symbolic link
vulnerability that may allow an attacker to corrupt or overwrite arbitrary
files.  This issue exists because the script writes output to a temporary
file as 'rident.pid' in 'tmp' directory.

It has been reported that a user will require root privileges to invoke
the affected script; this may increase the impact of this vulnerability.

More information about the gull-annonces mailing list