[gull-annonces] Résumé SecurityFocus Newsletter #273

Marc SCHAEFER schaefer at alphanet.ch
Mon Nov 8 13:11:01 CET 2004


Mozilla Bugzilla Multiple Authentication Bypass and Informat...
BugTraq ID: 11511
Remote: Yes
Date Published: Oct 25 2004
Relevant URL: http://www.securityfocus.com/bid/11511
Summary:

Mozilla Bugzilla is affected by multiple authentication bypass and
information disclosure vulnerabilities.  These issues are due to a
failure of the application to properly validate access permissions of
a user prior to revealing or altering information.

An attacker can leverage these issues to disclose bug details that are
marked private as well as edit bug reports without requiring
authorization.

Mozilla Temporary File Insecure Permissions Information Disc...
BugTraq ID: 11522
Remote: No
Date Published: Oct 25 2004
Relevant URL: http://www.securityfocus.com/bid/11522
Summary:
Mozilla, Mozilla Firefox, and Mozilla Thunderbird are all reported
susceptible to an information disclosure vulnerability. This issue is
due to a failure of the applications to properly ensure secure file
permissions on temporary files located in world-accessible locations.

This vulnerability allows local attackers to gain access to the
contents of potentially sensitive files. This may aid them in further
attacks.

Window Maker WMGLOBAL Font Specification Format String Vulne...
BugTraq ID: 11512
Remote: No
Date Published: Oct 25 2004
Relevant URL: http://www.securityfocus.com/bid/11512
Summary:
A format string vulnerability has been reported in Window Maker
related to validation of font specifications in the WMGLOBAL
configuration file.  A user could potentially include malicious format
specifiers through font specifications in the WMGLOBAL configuration
file.

The vulnerability would be triggered when the configuration file is
read by the program, potentially allowing arbitrary code execution in
the context of the program.

OpenWFE Remote Cross-Site Scripting And Connection Proxy Vul...
BugTraq ID: 11514
Remote: Yes
Date Published: Oct 25 2004
Relevant URL: http://www.securityfocus.com/bid/11514
Summary:
OpenWFE is affected by a cross-site scripting and connection proxy
vulnerability.  These issues are due to a failure of the application
to properly sanitize user-supplied input.

An attacker may leverage the cross-site scripting issue to steal
cookie-based authentication credentials as well as carry out other
attacks by executing client-based script code in an unsuspecting
user's browser.  An attacker may leverage the connection proxy issue
to scan arbitrary network computers anonymously, facilitating further
attacks.

[ OpenWFE means Open source WorkFlow Engine. This engine is implemented
in Java. It is available under a revised BSD licence. ]

LinuxStat Remote Directory Traversal Vulnerability
BugTraq ID: 11517
Remote: Yes
Date Published: Oct 25 2004
Relevant URL: http://www.securityfocus.com/bid/11517
Summary:
It is reported that LinuxStat is vulnerable to a directory traversal
vulnerability. This issue is due to a failure of the application to
properly sanitize user-supplied input.

By including '../' directory traversal sequences in the affected URI
argument, attackers may reportedly cause the contents of arbitrary,
potentially sensitive web-server readable files to be included in the
output of the requested page. The resulting information disclosure may
aid malicious users in further attacks.

Versions prior to 2.3.1 are reported to be affected by this
vulnerability.

GD Graphics Library Remote Integer Overflow Vulnerability
BugTraq ID: 11523
Remote: Yes
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11523
Summary:
The GD Graphics Library (gdlib) is affected by an integer overflow
that facilitates a heap overflow.  This issue is due to a failure of
the library to do proper sanity checking on size values contained
within image format files.

An attacker may leverage this issue to manipulate process heap memory,
potentially leading to code execution and compromise of the computer
running the affected library.

libxml2 Multiple Remote Stack Buffer Overflow Vulnerabilitie...
BugTraq ID: 11526
Remote: Yes
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11526
Summary:
libxml2 is reported prone to multiple remote stack buffer overflow
vulnerabilities.  These issues occur due to insufficient boundary
checks performed by the application and may allow remote attackers to
execute arbitrary code on a vulnerable computer.

Multiple buffer overflow vulnerabilities exist in the URI parsing
functionality of the application.  Multiple buffer overflow
vulnerabilities also affect the DNS name resolving code of libxml2.

libxml2 versions between 2.6.12 and 2.6.14 are reported
vulnerable. Other versions may also be affected.

GNI InetUtils TFTP Client Remote Buffer Overflow Vulnerability
BugTraq ID: 11527
Remote: Yes
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11527
Summary:
InetUtils tftp client is reported prone to a remote buffer overflow
vulnerability.  This issue presents itself due to the application
failing to perform sufficient boundary checks on user-supplied data.

Successful exploitation of this vulnerability may result in process
memory corruption, ultimately leading to a compromise.

InetUtils 1.4.2 is reported vulnerable to this issue, however, it is
possible that other versions are affected as well.

Kaffeine Remote Buffer Overflow Vulnerability
BugTraq ID: 11528
Remote: Yes
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11528
Summary:
Kaffeine is reportedly affected by a remote buffer overflow
vulnerability.  The problem presents itself due to insufficient
boundary checks on user-supplied strings prior to copying them into
finite stack-based buffers.

An attacker can leverage this issue remotely to execute arbitrary code
on an affected computer with the privileges of an unsuspecting user
that executed the vulnerable software.

Slim Browser Cross-Domain Tab Window Form Field Focus Vulner...
BugTraq ID: 11530
Remote: Yes
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11530
Summary:
A cross-domain tab window form field focus vulnerability reportedly
affects Slim Browser.  This issue is due to an access validation error
that allows a web page to gain access to form fields in other web
pages rendered in different tabs of the same browser window.

This issue may be leveraged to facilitate convincing phishing style
attacks designed to reveal sensitive information such as passwords and
financial details.

Linux Kernel ReiserFS File System Local Denial Of Service Vu...
BugTraq ID: 11533
Remote: No
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11533
Summary:
The Linux kernel is affected by a local denial of service
vulnerability in its ReiserFS file system functionality.  This issue
is due to a failure of the application to properly handle files under
certain conditions.

An attacker may leverage this issue to trigger a livelock in the
affected file system, forcing a user to restart the computer to return
it to proper functionality.

pppd Remote Denial Of Service Vulnerability
BugTraq ID: 11534
Remote: Yes
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11534
Summary:
It is reported that pppd is susceptible to a remote denial of service
vulnerability. This is due to a failure of the application to properly
handle invalid input.

Due to the nature of this design flaw, it is very likely that the
application will crash when handed an invalid CBCP packet. This will
result in the denial of service to legitimate users of the network
application.

Version 2.4.1 of the package was reported vulnerable, but other
versions may also be affected.

sudosh Undisclosed SHELL Environment Variable Vulnerability
BugTraq ID: 11540
Remote: No
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11540
Summary:
sudosh is reported prone to an undisclosed vulnerability. The issue is
reported to present itself when sudosh handles the SHELL environment
variable.

This BID will be updated as soon as further information regarding this
vulnerability becomes available.

Hawking Technology HAR11A DSL Router Unauthenticated Adminis...
BugTraq ID: 11543
Remote: Yes
Date Published: Oct 26 2004
Relevant URL: http://www.securityfocus.com/bid/11543
Summary:
HAR11A DSL routers are reported susceptible to an unauthenticated
administrative console access vulnerability. This issue is due to a
failure of the device to require authentication credentials prior to
allowing administrative access to the devices CLI interface.

Remote attackers may possibly be able to gain administrative access to
affected devices.

Due to code reuse among differing hardware, other devices may also be
affected. This issue may also be related to BID 8855.

[ firmware ]

PuTTY Remote SSH2_MSG_DEBUG Buffer Overflow Vulnerability
BugTraq ID: 11549
Remote: Yes
Date Published: Oct 27 2004
Relevant URL: http://www.securityfocus.com/bid/11549
Summary:
A remote SSH2_MSG_DEBUG buffer overflow vulnerability affects PuTTY.
This issue is due to insufficient bounds checking on network data
prior to copying the data into process buffers.

An attacker may leverage this issue to execute arbitrary code on a
computer running the affected software with the privileges of the user
that activated it, facilitating unauthorized access.

KDE Konqueror IFRAME Cross-Domain Scripting Vulnerability
BugTraq ID: 11552
Remote: Yes
Date Published: Oct 27 2004
Relevant URL: http://www.securityfocus.com/bid/11552
Summary:
Konqueror is reported prone to a cross-domain scripting
vulnerability. The issue is reported to exist because Konqueror fails
to prevent JavaScript that is rendered in one frame from accessing
properties of a site contained in an alternate frame.

This vulnerability may be exploited by a malicious web site to render
JavaScript in the context of an alternate domain.

zgv Image Viewer Multiple Remote Integer Overflow Vulnerabil...
BugTraq ID: 11556
Remote: Yes
Date Published: Oct 25 2004
Relevant URL: http://www.securityfocus.com/bid/11556
Summary:
zgv is reportedly affected by multiple remote integer overflow
vulnerabilities.  These issues are due to a failure of the application
to perform adequate sanity checking on image values prior to copying
image data into process buffers.

An attacker may leverage these issues to execute arbitrary code on an
affected computer with the privileges of the user running the
vulnerable application.

Multiple Vendor Content Filtering Bypass Vulnerabilities
BugTraq ID: 11558
Remote: Yes
Date Published: Oct 28 2004
Relevant URL: http://www.securityfocus.com/bid/11558
Summary:
It has been reported that several products are vulnerable to content
filtering bypass issues.

These issues could allow a web client to access disallowed content
from behind an affected product.  Bypassing the content filter could
potentially allow malicious code to be executed on a client system
thought to be protected.

Checkpoint VPN-1 and Firewall-1 and Agnitum Outpost Pro have been
confirmed vulnerable to some or all of these issues.  Other products
are likely vulnerable.

[ vague ]

Roaring Penguin Software MIMEDefang Multiple Unspecified Vul...
BugTraq ID: 11563
Remote: Yes
Date Published: Oct 29 2004
Relevant URL: http://www.securityfocus.com/bid/11563
Summary:
MIMEDefang is reported prone to multiple remote vulnerabilities.  The
cause and impact of these issues is currently unknown.  It is
conjectured that these issues are caused by insufficient sanitization
of user-supplied data and may exist in 'mimedefang.pl.in' and
'mimedefang.c' files.

MIMEDefang 2.47 and prior versions are affected by these
vulnerabilities.

This BID will be updated as more information becomes available.

shadow Authentication Bypass Vulnerability
BugTraq ID: 11564
Remote: No
Date Published: Oct 29 2004
Relevant URL: http://www.securityfocus.com/bid/11564
Summary:
shadow is reportedly affected by an authentication bypass
vulnerability.  This issue is due to a failure of the application to
properly sanitize user-supplied input.

An attacker may leverage this issue to bypass required authentication
in order to alter or corrupt user account properties.




More information about the gull-annonces mailing list