[gull-annonces] Résumé SecurityFocus Newsletter #276

Marc SCHAEFER schaefer at alphanet.ch
Thu Nov 25 13:11:01 CET 2004 

TWiki Search Shell Metacharacter Remote Arbitrary Command Ex...
BugTraq ID: 11674
Remote: Yes
Date Published: Nov 12 2004
Relevant URL: http://www.securityfocus.com/bid/11674
Summary:
TWiki is reported prone to a shell metacharacter remote command
execution vulnerability.  This issue may allow an attacker gain
unauthorized access to a vulnerable computer by executing arbitrary
commands.

TWiki 20030201 is reported vulnerable to this issue, however, it is
likely that other versions are affected as well.

Samba QFILEPATHINFO Unicode Filename Remote Buffer Overflow ...
BugTraq ID: 11678
Remote: Yes
Date Published: Nov 15 2004
Relevant URL: http://www.securityfocus.com/bid/11678
Summary:
Samba is reported prone to a remote buffer overflow vulnerability.
This issue presents itself because the application does not perform
proper boundary checks before copying user-supplied data into finite
sized process buffers.  This issue can allow an attacker to execute
arbitrary code on a vulnerable computer to gain unauthorized access.

This vulnerability is reported to affect Samba versions 3.0.0 to 3.0.7.

fcron fcrontab/fcronsignup Multiple Local Vulnerabilities
BugTraq ID: 11684
Remote: No
Date Published: Nov 15 2004
Relevant URL: http://www.securityfocus.com/bid/11684
Summary:
Fcron is reported prone to multiple local vulnerabilities. The
following issues are reported:

A local information disclosure vulnerability is reported to affect
fcronsighup. It is reported that the affected utility will attempt to
parse configuration files that are passed to the utility as a command
line argument.

A local attacker may exploit this condition to reveal the contents of
arbitrary files that are owned by the superuser. This vulnerability is
assigned the following MITRE CVE identifier: CAN-2004-1030.

An access control bypass vulnerability is also reported to affect
fcronsighup. It is reported that the issue exists due to a design
error.

A local attacker may exploit this vulnerability to make configuration
changes to fcronsighup. This vulnerability is assigned the following
MITRE CVE identifier: CAN-2004-1031.

fcronsighup is reported prone to an arbitrary file deletion
vulnerability. By exploiting the aforementioned access control bypass
vulnerability, a local attacker may influence the fcronsighup
configuration and may cause the application to overwrite arbitrary
attacker specified files. This vulnerability is assigned the following
MITRE CVE identifier: CAN-2004-1032.

Finally it is reported that the fcrontab component of Fcron leaks file
descriptors. This can result in sensitive information
disclosure. Specifically, fcrontab leaks the file descriptors of the
'/etc/fcron.allow' and '/etc/fcron.deny' files. This vulnerability is
assigned the following MITRE CVE identifier: CAN-2004-1033.

3Com OfficeConnect ADSL Wireless 11g Firewall Router Remote ...
BugTraq ID: 11685
Remote: Yes
Date Published: Nov 16 2004
Relevant URL: http://www.securityfocus.com/bid/11685
Summary:
A remote denial of service vulnerability affects the 3Com
OfficeConnect ADSL Wireless 11g Firewall Router.  This issue is due to
a failure of the application to handle anomalous network traffic.

An attacker may leverage this issue to cause the affected router to
crash, denying service to legitimate users.

[ firmware ]

libXpm Multiple Unspecified Vulnerabilities
BugTraq ID: 11694
Remote: Yes
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11694
Summary:
libXpm is reported prone to multiple vulnerabilities. These issues may
be triggered when handling malformed XPM images. The following issues
are reported: Integer overflow vulnerabilities, out-of-bounds memory
access vulnerabilities, a shell command execution vulnerability, a
path traversal vulnerability, and endless loop vulnerabilities.

The details regarding each of these issues are not specified at the
time of writing. However, this BID will be updated as further details
regarding these vulnerabilities becomes available.

Linux Kernel smbfs Multiple Remote Vulnerabilities
BugTraq ID: 11695
Remote: Yes
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11695
Summary:
The Linux kernel is reported susceptible to multiple remote
vulnerabilities in the smbfs network file system.

These vulnerabilities may lead to the execution of attacker-supplied
machine code, information disclosure of kernel memory, or kernel
crashes, denying service to legitimate users.

Versions of the kernel in both the 2.4, and the 2.6 series are
reported susceptible to various issues.

Cscope Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 11697
Remote: No
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11697
Summary:
Cscope is reportedly affected by insecure temporary file creation
vulnerabilities. These issues are due to a design error that causes
the application to fail to verify the existence of a file before
writing to it.

It is reported that during execution the affected utility creates
temporary files in the system's temporary directory, '/tmp', with
predictable names. This allows attackers to create malicious symbolic
links that will be written to by the vulnerable utility when an
unsuspecting user executes it.

An attacker may leverage these issues to overwrite arbitrary files
with the privileges of an unsuspecting user that activates the
vulnerable application.

Versions up to and including version 15.5 are reported vulnerable.

Gentoo GIMPS EBuild Insecure Default Permissions Vulnerabili...
BugTraq ID: 11698
Remote: No
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11698
Summary:
The Gentoo GIMPS eBuild package is reported prone to a weak default
permissions vulnerability.

A local attacker may exploit this vulnerability to escalate
privileges.

Gentoo SETI at home EBuild Insecure Default Permissions Vulnera...
BugTraq ID: 11699
Remote: No
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11699
Summary:
The Gentoo SETI at home eBuild package is reported prone to a weak
default permissions vulnerability.

A local attacker may exploit this vulnerability to escalate
privileges.

Gentoo ChessBrain EBuild Insecure Default Permissions Vulner...
BugTraq ID: 11700
Remote: No
Date Published: Nov 17 2004
Relevant URL: http://www.securityfocus.com/bid/11700
Summary:
The Gentoo ChessBrain eBuild package is reported prone to a weak
default permissions vulnerability.

A local attacker may exploit this vulnerability to escalate
privileges.

FreeBSD Fetch Remote Buffer Overflow Vulnerability
BugTraq ID: 11702
Remote: Yes
Date Published: Nov 18 2004
Relevant URL: http://www.securityfocus.com/bid/11702
Summary:
A remote buffer overflow vulnerability affects the FreeBSD fetch
utility.  This issue is due to a failure of the application to carry
out sufficient bounds checks of HTTP response header data prior to
copying it into process buffers.

A malicious server may leverage this issue to execute arbitrary code
on an affected computer with the privileges of a user executing the
vulnerable client software.  This may facilitate unauthorized access
or privilege escalation.

Linux Kernel AF_UNIX Arbitrary Kernel Memory Modification Vu...
BugTraq ID: 11715
Remote: No
Date Published: Nov 19 2004
Relevant URL: http://www.securityfocus.com/bid/11715
Summary:
It is reported that a serialization error exists in the AF_UNIX
address family that creates a race condition. This race condition
reportedly allows local users to repeatedly increment arbitrary kernel
memory locations.

This vulnerability allows local users to modify arbitrary kernel
memory, facilitating privilege escalation, or possibly allowing code
execution in the context of the kernel.

Versions prior to 2.4.28 are reportedly affected by this
vulnerability.

More information about the gull-annonces mailing list