[gull-annonces] Résumé SecurityFocus Newsletter #269
Marc SCHAEFER
schaefer at alphanet.ch
Fri Oct 8 11:51:01 CEST 2004
Slava Astashonok fprobe Unspecified Local Vulnerability
BugTraq ID: 11255
Remote: No
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11255
Summary:
fprobe is reported prone to an unspecified local vulnerability. This
issue exists in the 'change user' feature of the application. Further
details are not available at the moment. This BID will be updated as
more information becomes available.
fprobe 1.0.5 and prior versions are reported to be affected.
Multiple Vendor TCP Packet Fragmentation Handling Denial Of ...
BugTraq ID: 11258
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11258
Summary:
Multiple vendor implementations of the TCP stack are reported prone to
a remote denial of service vulnerability.
The issue is reported to present itself due to inefficiencies present
when handling fragmented TCP packets.
The discoverer of this issue has dubbed the attack style the "New Dawn
attack", it is a variation of a previously reported attack that was
named the "Rose Attack".
This vulnerability may aid a remote attacker in impacting resources on
an affected computer. Specifically, a remote attacker may exploit this
vulnerability to deny service to a vulnerable computer.
Microsoft Windows 2000/XP, Linux kernel 2.4 tree and undisclosed Cisco
systems are reported prone to this vulnerability other products may
also be affected.
[ for i in INPUT FORWARD
do
iptables -I FORWARD -i $EXT_IFACE -f -j DROP
done
]
MySQL Bounded Parameter Statement Execution Remote Buffer Ov...
BugTraq ID: 11261
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11261
Summary:
It is reported that MySQL is susceptible to a buffer overflow
vulnerability. This issue is due to a failure of the application to
properly ensure the size of a buffer is sufficient to handle
user-supplied input data before performing operations that may
overflow into adjacent memory regions.
This vulnerability reportedly allows for remote attackers to crash
affected servers. It is unconfirmed, but there may be a possibility of
remote code execution in the context of the affected server. It would
likely require a complex exploit, in order to take advantage of
overwriting memory contents with NULL bytes. Attackers may be able to
take advantage of the structured, predictable nature of the memory
operations in order to control the flow of execution of the
application.
MySQL versions 4.1.3-beta and 4.1.4 are reported vulnerable, but other
versions are also likely affected.
Debian GNU/Linux Sendmail Package Default SASL Password Vuln...
BugTraq ID: 11262
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11262
Summary:
It is reported that the Sendmail package contained in the Debian
GNU/Linux operating system is prone to a default password
vulnerability, potentially allowing unauthorized use of the Sendmail
MTA. This would likely facilitate UCE (Unsolicited Commercial Email,
or SPAM) message relaying through affected installations.
Versions of the Debian Sendmail packages prior to 8.12.3-7.1 for
Debian stable (woody), and versions prior to 8.13.1-13 for Debian
unstable (sid) are reported vulnerable.
[ Debian-specific ]
XMLStarlet Command Line XML Toolkit Multiple Unspecified Buf...
BugTraq ID: 11270
Remote: Yes
Date Published: Sep 28 2004
Relevant URL: http://www.securityfocus.com/bid/11270
Summary:
XMLStarlet command line XML toolkit is affected by multiple
unspecified buffer overflow vulnerabilities. These issues are caused
by a failure of the application to validate the lengths of
user-supplied strings prior to copying them into finite process
buffers.
An attacker may leverage this issue to manipulate process memory,
potentially facilitating arbitrary code execution.
[ awk, sed, grep sur format XML ]
Freenet6 Client Default Installation Configuration File Perm...
BugTraq ID: 11280
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11280
Summary:
Freenet6 is affected by a default install configuration file
permission vulnerability. This issue is due to a default
configuration error..
An attacker may leverage this issue to steal authentication
information from the configuration file that is by default set as
world readable.
Samba Remote Arbitrary File Access Vulnerability
BugTraq ID: 11281
Remote: Yes
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11281
Summary:
Samba is affected by a remote arbitrary file access vulnerability.
This issue is due to a failure of the application to properly validate
user-supplied file names.
An attacker may leverage this issue to gain access to files outside of
a Samba share's path on a vulnerable computer. Information gained in
this way may reveal sensitive information aiding in further attacker
against the computer.
[ work-around: wide links = no ]
GNU GetText Unspecified Insecure Temporary File Creation Vul...
BugTraq ID: 11282
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11282
Summary:
GNU gettext is affected by an unspecified insecure temporary file
creation vulnerability. This issue is likely due to a design error
that causes the application to fail to verify the existance of a file
before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application. Reportedly this issue is unlikely to facilitate
privilege escalation.
ghostscript Unspecified Insecure Temporary File Creation Vul...
BugTraq ID: 11285
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11285
Summary:
ghostscript is affected by an unspecified insecure temporary file
creation vulnerability. This issue is likely due to a design error
that causes the application to fail to verify the existence of a file
before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application. Reportedly this issue is unlikely to facilitate
privilege escalation.
glibc Unspecified Insecure Temporary File Creation Vulne...
BugTraq ID: 11286
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11286
Summary:
glibc is affected by an unspecified insecure temporary file creation
vulnerability. This issue is likely due to a design error that causes
the application to fail to verify the existence of a file before
writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application. Reportedly this issue is unlikely to facilitate
privilege escalation.
GNU troff (groff) Unspecified Insecure Temporary File Creati...
BugTraq ID: 11287
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11287
Summary:
GNU troff (groff) is affected by an unspecified insecure temporary
file creation vulnerability. This issue is likely due to a design
error that causes the application to fail to verify the existance of a
file before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application. Reportedly this issue is unlikely to facilitate
privilege escalation.
gzip Unspecified Insecure Temporary File Creation Vulner...
BugTraq ID: 11288
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11288
Summar
gzip is affected by an unspecified insecure temporary file creation
vulnerability. This issue is likely due to a design error that causes
the application to fail to verify the existence of a file before
writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application. Reportedly this issue is unlikely to facilitate
privilege escalation.
[ ca ressemble fort a un non-bug ]
MIT Kerberos 5 Unspecified Insecure Temporary File Creation ...
BugTraq ID: 11289
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11289
Summary:
MIT Kerberos 5 is affected by an unspecified insecure temporary file
creation vulnerability. This issue is likely due to a design error
that causes the application to fail to verify the existence of a file
before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application. Reportedly this issue is unlikely to facilitate
privilege escalation.
Trustix LVM Utilities Unspecified Insecure Temporary File Cr...
BugTraq ID: 11290
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11290
Summary:
Trustix LVM Utilities are affected by an unspecified insecure
temporary file creation vulnerability. This issue is likely due to a
design error that causes the application to fail to verify a files
existence before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application. Reportedly this issue is unlikely to facilitate
privilege escalation.
MySQL Unspecified Insecure Temporary File Creation Vulnerabi...
BugTraq ID: 11291
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11291
Summary:
MySQL is affected by an unspecified insecure temporary file creation
vulnerability. This issue is likely due to a design error that causes
the application to fail to verify the existance of a file before
writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application. Reportedly this issue is unlikely to facilitate
privilege escalation.
NetaTalk Unspecified Insecure Temporary File Creation Vulner...
BugTraq ID: 11292
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11292
Summary:
Netatalk is affected by an unspecified insecure temporary file
creation vulnerability. This issue is likely due to a design error
that causes the application to fail to verify the existance of a file
before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application. Reportedly this issue is unlikely to facilitate
privilege escalation.
OpenSSL Unspecified Insecure Temporary File Creation Vulnera...
BugTraq ID: 11293
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11293
Summary:
OpenSSL is affected by an unspecified insecure temporary file creation
vulnerability. This issue is likely due to a design error that causes
the application to fail to verify the existance of a file before
writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application. Reportedly this issue is unlikely to facilitate
privilege escalation.
Perl Unspecified Insecure Temporary File Creation Vulnerabil...
BugTraq ID: 11294
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11294
Summary:
Perl is affected by an unspecified insecure temporary file creation
vulnerability. This issue is likely due to a design error that causes
the application to fail to verify the existance of a file before
writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application. Reportedly this issue is unlikely to facilitate
privilege escalation.
PostgreSQL Unspecified Insecure Temporary File Creation Vuln...
BugTraq ID: 11295
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11295
Summary:
PostgreSQL is affected by an unspecified insecure temporary file
creation vulnerability. This issue is likely due to a design error
that causes the application to fail to verify the existance of a file
before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application. Reportedly this issue is unlikely to facilitate
privilege escalation.
HP LaserJet 4200/4300 Printer Arbitrary Firmware Upgrade Vul...
BugTraq ID: 11297
Remote: Yes
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11297
Summary:
It is reported that HP LaserJet 4200 and 4300 printers are susceptible
to an arbitrary firmware upgrade vulnerability.
This vulnerability is due to the method of upgrading the firmware on
affected devices. According to HP upgrade documentation, these
printers can upgrade their firmware by sending them specially
formatted print jobs. This allows for firmware upgrades to be
initiated by unauthenticated FTP access, copying firmware files to the
printer via CIFS, or possibly other means as well.
It is unclear at this time what strength the in place measures are to
ensure that firmware files contain legitimate firmware data for the
printer. Simple CRC-32 checksums, or other similar means may allow
attackers to create firmware files containing data sufficient to pass
the printers built-in validity checks.
If an attacker can upgrade affected printers with arbitrary firmware
files, they may be able to either crash affected machines, replace the
firmware code with malicious executable code, or possibly render the
printer useless until the firmware is repaired or replaced. Attackers
would be able to perform this upgrade without authentication, via the
network.
Other printers may also be affected.
[ firmware ]
GNU sharutils Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 11298
Remote: Yes
Date Published: Oct 01 2004
Relevant URL: http://www.securityfocus.com/bid/11298
Summary:
GNU sharutils are affected by multiple buffer overflow
vulnerabilities. These issues are due to a failure of the affected
application to verify the length of user-supplied strings prior to
copying them into finite process buffers.
Successful exploitation would immediately produce a denial of service
condition in the affected process. This issue may also be leveraged to
execute code on the affected system with the privileges of the user
that invoked the vulnerable application.
proxytunnel Local Proxy Credential Disclosure Vulnerability
BugTraq ID: 11299
Remote: No
Date Published: Oct 01 2004
Relevant URL: http://www.securityfocus.com/bid/11299
Summary:
A vulnerability exists in proxytunnel that has the potential to expose
proxy credentials to other local users. Reportedly
proxyuser/proxypass data is not passed to the program in a secure
manner, potentially exposing this data to other users on the computer.
More information about the gull-annonces
mailing list