[gull-annonces] Résumé SecurityFocus Newsletter #247

Marc SCHAEFER schaefer at alphanet.ch
Tue May 4 09:01:02 CEST 2004 

Linux Kernel cpufreq /proc Handler Integer Handling Vulnerabi...
BugTraq ID: 10201
Remote: No
Date Published: Apr 23 2004
Relevant URL: http://www.securityfocus.com/bid/10201
Summary:
A local integer handling vulnerability has been announced in the Linux
kernel. It is reported that this vulnerability may be exploited by an
unprivileged local user to obtain kernel memory contents. Additionally
it is reported that a root user may exploit this issue to write to
arbitrary regions of kernel memory, which may be a vulnerability in
non-standard security enhanced systems where uid 0 does not have this
privilege.

The vulnerability presents itself due to integer handling errors in
the proc handler for cpufreq.

Linux kernel i810 DRM driver Unspecified Vulnerability
BugTraq ID: 10210
Remote: No
Date Published: Apr 22 2004
Relevant URL: http://www.securityfocus.com/bid/10210
Summary:
An unspecified vulnerability has been identified in the Linux kernel
that may allow an attacker to potentially cause a denial of service
vulnerability or gain elevated privileges.

Due to a lack of details, further information cannot be provided at
the moment.  This BID will be updated as more information becomes
available.

This issue has been identified in kernel version 2.4.22.

Linux kernel framebuffer Code Unspecified Vulnerability
BugTraq ID: 10211
Remote: No
Date Published: Apr 22 2004
Relevant URL: http://www.securityfocus.com/bid/10211
Summary:
An unspecified vulnerability has been identified in the Linux kernel.
This vulnerability was reported in a security advisory
(FEDORA-2004-111) issued by RedHat for the Fedora operating system. It
has been reported that the issue exists in the framebuffer code
accessing userspace directly instead of using correct interfaces.  The
impact of this issue cannot be confirmed at the moment due to a lack
of information.

This issue has been identified in kernel version 2.4.22.

Apache mod_auth Malformed Password Potential Memory Corrupti...
BugTraq ID: 10212
Remote: Yes
Date Published: Apr 24 2004
Relevant URL: http://www.securityfocus.com/bid/10212
Summary:
It has been reported that Apache may be prone to a memory corruption
vulnerability when parsing malformed password values during
authentication.  The issue is reported to exist in the authentication
modules (mod_auth, mod_auth3, mod_auth4) employed by Apache.  All
versions of Apache running on 16-bit and 64-bit systems could
potentially be vulnerable to this issue.

[ pas clair du tout, la démonstration a été discutée dans bug-traq et
n'a pas été convaincante ]

Samsung SmartEther Switch Firmware Authentication Bypass Vul...
BugTraq ID: 10219
Remote: Yes
Date Published: Apr 26 2004
Relevant URL: http://www.securityfocus.com/bid/10219
Summary:
When accessing a Samsung SmartEther switch, via the telnet service or
serial connection, authentication is required and the user is
presented with a logon screen. It has been reported that it is
possible to bypass this authentication procedure.

An attacker may potentially exploit this condition to, for example,
modify static MAC address mapping and perhaps enable man-in-the-middle
style attacks. Other attacks are certainly possible.

[ firmware ]

Linux kernel do_fork() Memory Leakage Vulnerability
BugTraq ID: 10221
Remote: No
Date Published: Apr 26 2004
Relevant URL: http://www.securityfocus.com/bid/10221
Summary:
It has been reported that the Linux kernel may be prone to a memory
leakage vulnerability.  The issue exists because memory is allocate
for child processes but never freed.

This issue has been identified in kernel versions 2.4 and 2.6.

Zonet Wireless Router NAT Implementation Design Flaw Vulnera...
BugTraq ID: 10225
Remote: Yes
Date Published: Apr 23 2004
Relevant URL: http://www.securityfocus.com/bid/10225
Summary:
A vulnerability has been reported to affect the implementation of NAT
for the ZSR1104WE model Zonet Wireless Router. NAT for the wireless
interface on the ZSR1104WE appliance is reported to modify IP data so
that on the internal network, the origin address of forwarded traffic
is that of the affected appliance. This issue may render the
implementation of access controls on an internal host impossible.

[ firmware ]

Siemens S55 Cellular Telephone SMS Confirmation Message Bypa...
BugTraq ID: 10227
Remote: Yes
Date Published: Apr 27 2004
Relevant URL: http://www.securityfocus.com/bid/10227
Summary:

Reportedly the Siemens S55 is affected by an SMS confirmation message
bypass vulnerability.  This issue is due to a race condition error
that allows a malicious programmer to send SMS messages from
unsuspecting cellular telephone user's telephones while obscuring the
confirmation request.

This issue may allow a malicious programmer to develop an application
that can send SMS messages without the cellular telephone user's
knowledge.

[ firmware ]

Linux Kernel Panic Function Call Undisclosed Buffer Overflow...
BugTraq ID: 10233
Remote: No
Date Published: Apr 29 2004
Relevant URL: http://www.securityfocus.com/bid/10233
Summary:
The panic() function call of the Linux kernel has been reported prone
to a buffer overflow vulnerability. The exact details of the overflow
are currently unspecified, however it has been reported that this
issue cannot be exploited. Other reports suggest that the issue may be
exploited to reveal portions of kernel memory space.

[ well ]

More information about the gull-annonces mailing list