[gull-annonces] Résumé SecurityFocus Newsletter #269

Fri Oct 8 11:51:01 CEST 2004

Slava Astashonok fprobe Unspecified Local Vulnerability
BugTraq ID: 11255
Remote: No
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11255
Summary:
fprobe is reported prone to an unspecified local vulnerability.  This
issue exists in the 'change user' feature of the application.  Further
details are not available at the moment.  This BID will be updated as
more information becomes available.

fprobe 1.0.5 and prior versions are reported to be affected.

Multiple Vendor TCP Packet Fragmentation Handling Denial Of ...
BugTraq ID: 11258
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11258
Summary:
Multiple vendor implementations of the TCP stack are reported prone to
a remote denial of service vulnerability.

The issue is reported to present itself due to inefficiencies present
when handling fragmented TCP packets.

The discoverer of this issue has dubbed the attack style the "New Dawn
attack", it is a variation of a previously reported attack that was
named the "Rose Attack".

This vulnerability may aid a remote attacker in impacting resources on
an affected computer. Specifically, a remote attacker may exploit this
vulnerability to deny service to a vulnerable computer.

Microsoft Windows 2000/XP, Linux kernel 2.4 tree and undisclosed Cisco
systems are reported prone to this vulnerability other products may
also be affected.

[ for i in INPUT FORWARD
  do
     iptables -I FORWARD -i $EXT_IFACE -f -j DROP
  done
]

MySQL Bounded Parameter Statement Execution Remote Buffer Ov...
BugTraq ID: 11261
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11261
Summary:
It is reported that MySQL is susceptible to a buffer overflow
vulnerability. This issue is due to a failure of the application to
properly ensure the size of a buffer is sufficient to handle
user-supplied input data before performing operations that may
overflow into adjacent memory regions.

This vulnerability reportedly allows for remote attackers to crash
affected servers. It is unconfirmed, but there may be a possibility of
remote code execution in the context of the affected server. It would
likely require a complex exploit, in order to take advantage of
overwriting memory contents with NULL bytes. Attackers may be able to
take advantage of the structured, predictable nature of the memory
operations in order to control the flow of execution of the
application.

MySQL versions 4.1.3-beta and 4.1.4 are reported vulnerable, but other
versions are also likely affected.

Debian GNU/Linux Sendmail Package Default SASL Password Vuln...
BugTraq ID: 11262
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11262
Summary:
It is reported that the Sendmail package contained in the Debian
GNU/Linux operating system is prone to a default password
vulnerability, potentially allowing unauthorized use of the Sendmail
MTA. This would likely facilitate UCE (Unsolicited Commercial Email,
or SPAM) message relaying through affected installations.

Versions of the Debian Sendmail packages prior to 8.12.3-7.1 for
Debian stable (woody), and versions prior to 8.13.1-13 for Debian
unstable (sid) are reported vulnerable.

[ Debian-specific ]

XMLStarlet Command Line XML Toolkit Multiple Unspecified Buf...
BugTraq ID: 11270
Remote: Yes
Date Published: Sep 28 2004
Relevant URL: http://www.securityfocus.com/bid/11270
Summary:
XMLStarlet command line XML toolkit is affected by multiple
unspecified buffer overflow vulnerabilities.  These issues are caused
by a failure of the application to validate the lengths of
user-supplied strings prior to copying them into finite process
buffers.

An attacker may leverage this issue to manipulate process memory,
potentially facilitating arbitrary code execution.

[ awk, sed, grep sur format XML ]

Freenet6 Client Default Installation Configuration File Perm...
BugTraq ID: 11280
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11280
Summary:
Freenet6 is affected by a default install configuration file
permission vulnerability.  This issue is due to a default
configuration error..

An attacker may leverage this issue to steal authentication
information from the configuration file that is by default set as
world readable.

Samba Remote Arbitrary File Access Vulnerability
BugTraq ID: 11281
Remote: Yes
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11281
Summary:
Samba is affected by a remote arbitrary file access vulnerability.
This issue is due to a failure of the application to properly validate
user-supplied file names.

An attacker may leverage this issue to gain access to files outside of
a Samba share's path on a vulnerable computer.  Information gained in
this way may reveal sensitive information aiding in further attacker
against the computer.

[ work-around: wide links = no ]

GNU GetText Unspecified Insecure Temporary File Creation Vul...
BugTraq ID: 11282
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11282
Summary:
GNU gettext is affected by an unspecified insecure temporary file
creation vulnerability.  This issue is likely due to a design error
that causes the application to fail to verify the existance of a file
before writing to it.