[gull-annonces] Résumé SecurityFocus Newsletter #275

Marc SCHAEFER schaefer at alphanet.ch
Wed Nov 24 10:11:02 CET 2004


Gentoo Linux Multiple PDF EBuild Updates Unspecified Vulnera...
BugTraq ID: 11614
Remote: Yes
Date Published: Nov 06 2004
Relevant URL: http://www.securityfocus.com/bid/11614
Summary:
Gentoo Linux released updated Xpdf, CUPS, GPdf, KPDF and KOffice
eBuilds to address the vulnerability described in BID 11501 (Xpdf
PDFTOPS Multiple Integer Overflow Vulnerabilities) on October 28,
2004.

The vendor has reported that these updated eBuilds introduced an
unspecified vulnerability. The vulnerability is reported to present
itself only on 64-bit platforms.

Gentoo Portage Dispatch-Conf Insecure Temporary File Creatio...
BugTraq ID: 11616
Remote: No
Date Published: Nov 07 2004
Relevant URL: http://www.securityfocus.com/bid/11616
Summary:
The Gentoo dispatch-conf script is affected by an unspecified insecure
temporary file creation vulnerability. This issue is likely due to a
design error that causes the application to fail to verify the
existence of a file before writing to it.

An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application.

Gentoo Gentoolkit QPKG Insecure Temporary File Creation Vuln...
BugTraq ID: 11617
Remote: No
Date Published: Nov 07 2004
Relevant URL: http://www.securityfocus.com/bid/11617
Summary:
The qpkg utility is affected by an unspecified insecure temporary file
creation vulnerability.  This issue is likely due to a design error
that causes the application to fail to verify the existence of a file
before writing to it.

An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application.

Yukihiro Matsumoto Ruby CGI Module Unspecified Denial Of Ser...
BugTraq ID: 11618
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11618
Summary:
Ruby is reported prone to a remote denial of service vulnerability. It
is reported that when the Ruby CGI module handles certain requests, it
may fall into an infinite loop and consume system CPU resources.

A remote attacker may exploit this vulnerability to deny service to a
computer that is running the affected Ruby CGI module.

MiniShare Server Remote Buffer Overflow Vulnerability
BugTraq ID: 11620
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11620
Summary:
It is reported that MiniShare is susceptible to a remote buffer
overflow vulnerability. This issue is due to insufficient buffer
boundary verification prior to copying user-supplied data.

This vulnerability allows remote attackers to execute arbitrary code
in the context of the affected application.

Version 1.4.1 of MiniShare is reported vulnerable to this issue. Other
versions may also be affected.

Samba Remote Wild Card Denial Of Service Vulnerability
BugTraq ID: 11624
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11624
Summary:
A remote denial of service vulnerability affects the wild card file
name functionality of Samba.  This issue is caused due to a failure of
the application to properly validate malformed user-supplied strings.

An attacker may leverage this issue to cause the affected application
to hang, effectively denying service to legitimate users.

Pavuk Multiple Unspecified Remote Buffer Overflow Vulnerabil...
BugTraq ID: 11626
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11626
Summary:
Pavuk is reported prone to multiple unspecified remote buffer overflow
vulnerabilities.  These issue exist due to insufficient boundary
checks performed by the application.  A remote attacker may exploit
these vulnerabilities to cause a denial of service condition or
execute arbitrary code on a vulnerable computer.

In addition to these vulnerabilities, Pavuk is reported prone to other
buffer overflow vulnerabilities affecting the digest authentication
handler and the HTTP header processing functionality.  It is likely
that these issues are related to BIDS 10633 and 10797.  This
information cannot be confirmed at the moment.  This BID will be
updated as more information becomes available.

Pavuk versions 0.9pl30b and prior are affected by these
vulnerabilities.

[ wget-like ]

Up-IMAPProxy Multiple Remote Vulnerabilities
BugTraq ID: 11630
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11630
Summary:
up-imapproxy is reported prone to multiple remote vulnerabilities. The
following specific issues are reported:

It is reported that multiple denial of service conditions exist in the
way up-imapproxy handles literal values. Literal data processed by
affected functions will result in a denial of service. Additionally, a
literal value passed as a command to the affected service will result
in a denial of service if the command does not exist.

A remote attacker may exploit these vulnerabilities to crash the
affected service effectively denying service to legitimate users.

Finally, it is reported that literal value sizes are stored in signed
integer format. The discoverer of these vulnerabilities reports that
this may result in a boundary condition on 64-bit platforms.

A remote attacker may potentially exploit this condition to reveal
potentially sensitive data.

It should be noted that reports indicate that up-imapproxy may not
actually execute on 64-bit platforms.

SQLgrey Postfix Greylisting Service SQL Injection Vulnerabil...
BugTraq ID: 11633
Remote: Yes
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11633
Summary:
SQLgrey Postfix Greylisting Service is prone to an SQL injection
vulnerability.  This issue is reportedly due to insufficient
sanitization of SQL syntax from fields in email processed by the
software.

The issue could be exploited to influence SQL queries, potentially
allowing for compromise of the software or other attacks that impact
database security.

[ Anti-spam avec base de données pour Postfix; implémentation Perl,
  SGBD p.ex. PostgreSQL ]

Netgear DG834 ADSL Firewall Router Multiple Vulnerabilities
BugTraq ID: 11634
Remote: Yes
Date Published: Nov 09 2004
Relevant URL: http://www.securityfocus.com/bid/11634
Summary:
Netgear DG834 ADSL Firewall Router is reported prone to multiple
remote vulnerabilities.  These vulnerabilities can allow remote
attackers to carry out denial of service attacks against the device's
Web interface or bypass filter rules.

[ firmware ]

Samhain Labs Samhain Database Update Local Heap Overflow Vul...
BugTraq ID: 11635
Remote: No
Date Published: Nov 08 2004
Relevant URL: http://www.securityfocus.com/bid/11635
Summary:
A locally exploitable heap-based buffer overflow exists in Samhain.
This issue is exposed when the database is run in update mode and may
allow a malicious local user to execute arbitrary code with superuser
privileges if successfully exploited.

[ Central integrity detection package with a central signature server ]

MTink Insecure Temporary File Creation Vulnerability
BugTraq ID: 11640
Remote: No
Date Published: Nov 09 2004
Relevant URL: http://www.securityfocus.com/bid/11640
Summary:
The MTink package is affected by an unspecified insecure temporary
file creation vulnerability.  This issue is likely due to a design
error that causes the application to fail to verify the existence of a
file before writing to it.

An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application.

[ outil de configuration/monitoring d'imprimantes Epson ]

Multiple Vendor DNS Response Flooding Denial Of Service Vuln...
BugTraq ID: 11642
Remote: Yes
Date Published: Nov 09 2004
Relevant URL: http://www.securityfocus.com/bid/11642
Summary:
Multiple DNS vendors are reported susceptible to a denial of service
vulnerability.

This vulnerability results in vulnerable DNS servers entering into an
infinite query and response message loop, leading to the consumption
of network and CPU resources, and denying DNS service to legitimate
users.

[ attendons les informations précises. Sur les systèmes critiques,
  mettre bind dans inittab (pour redémarrage automatique) et limiter le
  CPU du processus -- si BIND est effectivement concerné.
]

Mozilla Firefox Download Dialogue Box File Name Spoofing Vul...
BugTraq ID: 11643
Remote: Yes
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11643
Summary:
A download dialogue box file name spoofing vulnerability affects
Mozilla Firefox.  This issue is due to a design error that facilitates
the spoofing of file names.

An attacker may leverage this issue to spoof downloaded file names to
unsuspecting users.  This issue may lead to a compromise of the target
computer as well as other consequences.

NOTE: This issue has been fixed by reducing the number of space
characters displayed in the dialogue box.  It should be noted that
this issue may still be triggered by using other characters to fill
the space such as non-displayable characters and even extremely long
file names.  Users should be cautious about downloading files with the
affected application.

Mozilla Firefox Insecure Default Installation Vulnerability
BugTraq ID: 11644
Remote: No
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11644
Summary:
Mozilla Firefox is a Web browser developed and supported by the
Mozilla Organization. It is freely available for most UNIX and Linux
based operating systems as well as Microsoft Windows.

An insecure default installation vulnerability affects Mozilla
Firefox.  This issue is due to a failure of the application to place
secure permissions on installed files.  It should be noted that this
issue only affects the vulnerable application installed on the Apple
Mac OS X platform.

An unsuspecting user that double-clicks on such an affected
application may have attacker-specified code executing with their
privileges, potentially facilitating privilege escalation.

Linux Kernel BINFMT_ELF Loader Local Privilege Escalation Vu...
BugTraq ID: 11646
Remote: No
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11646
Summary:
Multiple vulnerabilities have been identified in the Linux ELF binary
loader.  These issues can allow local attackers to gain elevated
privileges.  The source of these issues is present in the
'load_elf_binary' function of the 'binfmt_elf.c' file.

The first issue results from an improper check performed on the return
value of the 'kernel_read' function.  An attacker may gain control
over execution flow of a setuid binary by modifying the memory layout
of a binary.

The second issue results from improper error handling when the mmap()
function fails.

The third vulnerability results from a bad return value when the
program interpreter (linker) is mapped into memory.  It is reported
that this issue only occurs in the 2.4.x versions of the Linux kernel.

The fourth vulnerable condition presents itself because a user can
execute a binary with a malformed interpreter name string.  This issue
can lead to a system crash.

The final issue exists in the execve() code.  This issue may allow an
attacker to disclose sensitive data that can potentially be used to
gain elevated privileges.

These issues are currently undergoing further analysis.  This BID will
be updated and divided into separate BIDS in the future.

Multiple Browser IMG Tag Multiple Vulnerabilities
BugTraq ID: 11648
Remote: Yes
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11648
Summary:
Various browsers are reported prone to multiple vulnerabilities in the
image handling functionality through the <IMG> tag.  These issues can
allow remote attackers to determine the existence of local files,
cause a denial of service condition, and disclose passwords for
Windows systems via file shares.

Mozilla Firefox 0.10.1 and prior versions are reported vulnerable to
these issues.  It is alleged that Microsoft Internet Explorer and
Netscape Browsers are also vulnerable to these issues.  Due to this
vulnerable packages for Internet Explorer and Netscape have been
added.  This BID will be updated as more information becomes
available.

Cisco IOS DHCP Input Queue Blocking Denial Of Service Vulner...
BugTraq ID: 11649
Remote: Yes
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11649
Summary:
Cisco IOS is reported susceptible to a remote denial of service
vulnerability when handling specific DHCP packets.

Reportedly, DHCP packets containing certain unspecified content have
the capability to block the input queue of interfaces on affected
devices.

Once an input queue is blocked, further ARP, and routing protocol
packets will not be processed. This condition can only be corrected by
rebooting the affected device.

An attacker with the ability to send malicious DHCP packets to an
affected device may be able to interrupt the routing services of the
affected device, potentially denying further network service to
legitimate users.

[ firmware ]

WebCalendar Multiple Remote Vulnerabilities
BugTraq ID: 11651
Remote: Yes
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11651
Summary:
Multiple remote vulnerabilities are reported to exist in WebCalendar.

Multiple cross-site scripting vulnerabilites, an HTTP response
splitting vulnerability, and two authentication bypass vulnerabilities
are reported to exist in many different scripts in the affected
application.

Fixes are reported to exist in the CVS version of the software.

Multiple Vendor Server Response Filtering Weakness
BugTraq ID: 11655
Remote: Yes
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11655
Summary:
It has been reported that multiple vendor's servers are affected by a
server response splitting weakness.

An attacker may leverage these issues to have attacker-specified data
echoed back to the computer that the request originated from.  This
may facilitate various attacks including cross-site scripting attacks
in Web browsers through concurrent exploitation of the issues outlined
in BID 3181 (Multiple Vendor HTML Form Protocol Vulnerability).

JWhois Double Free Memory Corruption Vulnerability
BugTraq ID: 11656
Remote: Yes
Date Published: Nov 10 2004
Relevant URL: http://www.securityfocus.com/bid/11656
Summary:
It is reported that jwhois is susceptible to a double free
vulnerability.

If jwhois attempts to process whois requests that result in more than
one redirection, it is reported that a double free condition will
occur.

It is conjectured that it may be possible for remote attackers to
exploit this vulnerability to write to arbitrary locations in memory,
facilitating the execution of attacker-supplied code. This has not
been confirmed.

This vulnerability may not actually be exploitable. This BID will be
updated or retired as further information is disclosed.

EZ-IPupdate Remote Format String Vulnerability
BugTraq ID: 11657
Remote: Yes
Date Published: Nov 11 2004
Relevant URL: http://www.securityfocus.com/bid/11657
Summary:
EZ-IPupdate is vulnerable to a remotely exploitable format string
vulnerability when running in daemon-mode.  The vulnerability is
present even if "quiet" mode is enabled.

[ mise à jour de DNS dynamique ]

Davfs2 Insecure Temporary File Creation Vulnerability
BugTraq ID: 11661
Remote: No
Date Published: Nov 11 2004
Relevant URL: http://www.securityfocus.com/bid/11661
Summary:
Davfs2 is affected by an insecure temporary file creation
vulnerability. This issue is likely due to a design error that causes
the application to fail to verify a files existence before writing to
it.

An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application.

[ Système de fichiers WebDAV http://dav.sourceforge.net/ via Coda ]

GD Graphics Library Multiple Unspecified Remote Buffer overf...
BugTraq ID: 11663
Remote: Yes
Date Published: Nov 12 2004
Relevant URL: http://www.securityfocus.com/bid/11663
Summary:
Multiple unspecified remote buffer overflow vulnerabilities have been
identified in the GD Graphics Library.  These issues are due to a
failure of the library to do sufficient bounds checking prior to
processing user-specified strings.

An attacker may leverage these issues to remotely execute arbitrary
code on a computer with the privileges of a user that views a
malicious image file.  This may facilitate unauthorized access or
privilege escalation.

Alcatel Speed Touch Pro With Firewall ADSL Router DNS Poison...
BugTraq ID: 11664
Remote: Yes
Date Published: Nov 12 2004
Relevant URL: http://www.securityfocus.com/bid/11664
Summary:
Speed Touch Pro With Firewall ADSL Router is reported prone to a DNS
poisoning vulnerability.  This issue can allow remote attackers to
spoof addresses, carry out man-in-the-middle attacks, and trigger
potential denial of service conditions.

[ firmware ]

GratiSoft sudo Restricted Command Execution Bypass Vulnerabi...
BugTraq ID: 11668
Remote: No
Date Published: Nov 12 2004
Relevant URL: http://www.securityfocus.com/bid/11668
Summary:
A restricted command execution bypass vulnerability affects
GratiSoft's sudo application.  This issue is due to a design error
that causes the application to fail to properly sanitize user-supplied
environment variables.

An attacker with sudo privileges may leverage this issue to execute
commands that are explicitly disallowed.  This may facilitate
privileges escalation and certainly leads to a false sense of
security.



More information about the gull-annonces mailing list