[gull-annonces] Résumé SecurityFocus Newsletter #249

Marc SCHAEFER schaefer at alphanet.ch
Tue May 18 19:01:03 CEST 2004 

Linux Kernel Local IO Access Inheritance Vulnerability
BugTraq ID: 10302
Remote: No
Date Published: May 07 2004
Relevant URL: http://www.securityfocus.com/bid/10302
Summary:
It has been reported that the Linux Kernel is affected by an IO access
inheritance vulnerability.  This issue is due to an access validation
error that fails to invalidate all io_bitmap pointers before a process
exits.

This issue could allow local users to lock up the affected system,
denying service to legitimate users.  This issue might also allow an
attacker to gain escalated privileges.

Icecast Server Base64 Authorization Request Remote Buffer Ov...
BugTraq ID: 10311
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10311
Summary:
It has been reported that Icecast server may be prone to a remote
buffer overflow vulnerability when processing an excessively long
base64 authentication request.  A remote attacker could execute
arbitrary code in the context of the server leading to unauthorized
access.

This issue is reported to exist in Icecast 2.0.0, however, it is
possible that previous versions are affected as well.

[ http://www.icecast.org/, un serveur de streaming MP3/Ogg ]

Squid Proxy
BugTraq ID: 10315
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10315
Summary:
Squid proxy has been reported to be affected by an Internet access
control bypass vulnerability.  This issue is caused by a failure of
the application to properly handle access controls when evaluating
malformed URI requests.

This issue is reported to affect version 2.3.STABLE5 of the software,
it is likely however that other versions are also affected.

This issue would allow users that are restricted from accessing
Internet-based resources to access arbitrary web sites.

Open Webmail Remote Command Execution Variant Vulnerability
BugTraq ID: 10316
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10316
Summary:
A vulnerability has been reported in Open Webmail that allows a remote
attacker to execute arbitrary commands on a vulnerable host. The
problem is due to insufficient sanitization of shell metacharacters
that are passed to the vulnerable software through URI parameters.

Exploitation of the vulnerability could allow a non-privileged user to
remotely execute arbitrary commands in the context of the web server
that is hosting the vulnerable application.

[ http://www.openwebmail.org, basé sur Neomail ]

eMule Web Control Panel Denial Of Service Vulnerability
BugTraq ID: 10317
Remote: Yes
Date Published: May 10 2004
Relevant URL: http://www.securityfocus.com/bid/10317
Summary:
It has been reported that eMule's Web Control Panel is susceptible to
a remote denial of service vulnerability.

This issue is reportedly triggered by sending malformed requests to
the web interface. Upon processing malformed requests, the affected
application will crash, denying service to legitimate users.

[ un client pour réseau P2P http://www.emule-project.net/ ]

NetBSD/FreeBSD Port Systrace Exit Routine Access Validation ...
BugTraq ID: 10320
Remote: No
Date Published: May 11 2004
Relevant URL: http://www.securityfocus.com/bid/10320
Summary:
A vulnerability has been reported that affects Systrace on NetBSD, as
well as the FreeBSD port by Vladimir Kotal.

The source of the issue is insufficient access validation when a
systraced process is restoring privileges.

This issue can be exploited by a local attacker to gain root
privileges on a vulnerable system.

Linux Kernel SCTP_SetSockOpt Integer Overflow Vulnerability
BugTraq ID: 10326
Remote: No
Date Published: May 11 2004
Relevant URL: http://www.securityfocus.com/bid/10326
Summary:
An integer overflow vulnerability has been reported in the
sctp_setsockopt() system call of the Linux kernel. This issue is
related to the code for handling the SCTP_SOCKOPT_DEBUG_NAME socket
option.

The issue presents itself in the sctp_setsockopt() function of the
net/sctp/socket.c source file, due to a lack of sufficient validation
performed on user supplied integer values.

This vulnerbaility may result in the allocation of a zero byte chunk
in kernel memory space. Likely resulting in a kernel panic. The issue
may also potentially be exploited however to compromise the system.

This vulnerability is reported to affect Linux kernel versions up to
and including version 2.4.25.

[ apparemment une attaque sur l'implémentation du nouveau
  protocole SCTP, ajoutée très récemment,
  voir http://www.sctp.org/ pour les détails sur le
  Stream Control Transmission Protocol, un protocole similaire à TCP
  prévu pour les applications QoS ]

Multiple Linksys Devices DHCP Information Disclosure and Den...
BugTraq ID: 10329
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10329
Summary:
It has been reported that the built-in DHCP server on these devices
are prone to an information disclosure vulnerability. When attempting
to exploit this issue, it has been reported that a denial of service
condition may occur, stopping legitimate users from using the device.

The DHCP server application on the device reportedly does not handle
BOOTP packets properly, and can disclose the contents of the devices
memory to an attacker. It may be possible for an attacker to use this
vulnerability to watch traffic on an affected device. It may also be
possible for an attacker to crash the device and deny service to
legitimate users.

[ firmware ]

Linux Kernel Serial Driver Proc File Information Disclosure ...
BugTraq ID: 10330
Remote: No
Date Published: May 12 2004
Relevant URL: http://www.securityfocus.com/bid/10330
Summary:
It has been reported that the Linux kernel is prone to a serial driver
proc file information disclosure vulnerability. This issue is due to a
design error that allows unprivileged access to potentially sensitive
information.

This issue might allow an attacker to gain access to sensitive
information such as user password lengths.

Linux Kernel strncpy() Information Leak Vulnerability
BugTraq ID: 10331
Remote: No
Date Published: May 12 2004
Relevant URL: http://www.securityfocus.com/bid/10331
Summary:
This issue is reported to affect the vulnerable kernel only on
platforms other than x86.

It has been reported that the Linux kernel is prone to a 'strncpy()'
information leak vulnerability.  This issue is due to a failure of the
libc code to properly implement the offending function on platforms
other than x86.

This issue might lead to information leakage, potentially facilitating
further attacks against an affected system or process.

Sweex Wireless Broadband Router/Access Point Unauthorized Ac...
BugTraq ID: 10339
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10339
Summary:
It has been reported that Sweex Wireless Broadband Router/Access Point
is prone to a vulnerability that may allow a remote attacker to gain
unauthorized access to a vulnerable access point.  It has been
reported that the access point has a TFTP service running that is
enabled by default.

Successful exploitation of this issue may allow a remote attacker to
gain access to sensitive information that could eventually allow an
attacker to completely compromise the access point.

Sweex Wireless Broadband Router/Access Point 11g is reported to be
prone to this issue.

[ firmware ]

Multiple Vendor IEEE 802.11 Protocol Remote Denial Of Servic...
BugTraq ID: 10342
Remote: Yes
Date Published: May 13 2004
Relevant URL: http://www.securityfocus.com/bid/10342
Summary:
It has been reported that the IEEE 802.11 wireless network protocol is
affected by a remote denial of service vulnerability.  This issue is
due to a design error that might cause an affected device to stop
transmitting network data through wireless mediums.

This issue is reported to affect only wireless hardware devices that
implement IEEE 802.11 using a DSSS physical layer.

This issue might allow an attacker to cause all nodes on a wireless
network, both access points and hosts, to stop transmitting network
data; this would effectively cause a network wide denial of service
condition.

[ sauf erreur il s'agit de prendre l'adresse MAC de l'Access Point
  de manière à mettre en place un DoS 
]

More information about the gull-annonces mailing list