[gull-annonces] Résumé SecurityFocus Newsletter #270

Marc SCHAEFER schaefer at alphanet.ch
Fri Oct 15 17:11:02 CEST 2004


Mozilla Firefox DATA URI File Deletion Vulnerability
BugTraq ID: 11311
Remote: Yes
Date Published: Oct 02 2004
Relevant URL: http://www.securityfocus.com/bid/11311
Summary:
It is reported that Mozilla Firefox is susceptible to a file deletion
vulnerability.

This vulnerability allows attackers that can lure unsuspecting users
to view malicious HTML or script code to cause the recursive deletion
of the victim users configured download directory. They can achieve
this by crafting malicious web pages containing either HTML or script
code that utilizes the 'data:' URI scheme.

This vulnerability is reported to exist in Mozilla Firefox in versions
prior to 0.10.1.

Xerces C++ Duplicated Attributes XML Parsing Denial Of Servi...
BugTraq ID: 11312
Remote: Yes
Date Published: Oct 02 2004
Relevant URL: http://www.securityfocus.com/bid/11312
Summary:
It is reported that Xerces C++ is susceptible to a denial of service
vulnerability. This issue is due to a failure of the application to
properly handle exceptional XML input.

This vulnerability allows remote attackers to consume all available
CPU resources by passing maliciously crafted XML data to an
application that utilizes the affected library.

Version 2.5.0 of Xerces C++ is reported to be affected by this
vulnerability. Other prior versions may also be affected.

Debian GNU/Linux telnetd Invalid Memory Handling Vulnerabili...
BugTraq ID: 11313
Remote: Yes
Date Published: Oct 03 2004
Relevant URL: http://www.securityfocus.com/bid/11313
Summary:
Telnetd as provided by Debian/GNU Linux is reported susceptible to an
invalid memory handling vulnerability. This issue is due to a failure
of the application to ensure that memory buffers are properly
allocated and deallocated.

It is conjectured that attackers may potentially leverage this
vulnerability to execute code in the context of the telnetd
process. Debian GNU/Linux runs the process as the unprivileged
'telnetd' user by default.

Versions of telnetd prior to 0.17-18woody1 for the stable branch, and
0.17-26 for the unstable branch are reported to be affected by this
vulnerability.

Roaring Penguin PPPoE Arbitrary File Overwrite Vulnerability
BugTraq ID: 11315
Remote: No
Date Published: Oct 04 2004
Relevant URL: http://www.securityfocus.com/bid/11315
Summary:
Roaring Penguin PPPoE is vulnerable to a local arbitrary file
overwrite vulnerability.  This issue is due to a failure of the
affected driver to properly validate the existence of temporary files
prior to writing to them.

An attacker may exploit this vulnerability to overwrite any file on
the affected computer if the setuid superuser bit is set privileges.
It should be noted that this application is not installed with the
setuid bit set by default.

DistCC Access Control Bypass Vulnerability
BugTraq ID: 11319
Remote: Yes
Date Published: Oct 04 2004
Relevant URL: http://www.securityfocus.com/bid/11319
Summary:
It is reported that the distcc access controls may malfunction under
certain circumstances. This may result in access controls not being
enforced.

A remote attacker may potentially exploit this vulnerability to gain
access to the affected distcc service regardless of access control
rules that are set in place.

This vulnerability is addressed in distcc 2.16.

[ frontend a gcc/g++ pour compilation distribuee ]

FreeBSD syscons CONS_SCRSHOT Kernel Memory Disclosure Vulner...
BugTraq ID: 11321
Remote: No
Date Published: Oct 04 2004
Relevant URL: http://www.securityfocus.com/bid/11321
Summary:
It is reported that it is possible to trigger a memory disclosure
vulnerability in the FreeBSD syscons driver.

An attacker may leverage this issue to read portions of kernel memory.
This could allow an attacker to read sensitive data such as a file
cache or terminal buffers that may contain a password.  Data harvested
through exploiting this vulnerability may be used to aid in further
attacks launched against the affected computer.

Apple Mac OS X Postfix Release SMTPD AUTH Username Denial Of...
BugTraq ID: 11323
Remote: Yes
Date Published: Oct 04 2004
Relevant URL: http://www.securityfocus.com/bid/11323
Summary:
A vulnerability exists in the Postfix release distributed with Mac OS
X that is related to the handling of usernames supplied through SMTPD
AUTH.  This may potentially be exploited to deny certain users access
to the server.

This condition may only occur if SMTPD AUTH has been enabled.

This issue reportedly does not affect the upstream release of Postfix
but rather only the version distributed with Apple Mac OS X Panther.

CUPS Error_Log Local Password Disclosure Vulnerability
BugTraq ID: 11324
Remote: No
Date Published: Oct 04 2004
Relevant URL: http://www.securityfocus.com/bid/11324
Summary:
CUPS is reported prone to a local password disclosure
vulnerability. This issue is reported to present itself when an
authenticated user carries out certain methods of remote
printing. Reportedly, local attackers can disclose user passwords in
the printing system log files.

CUPS 1.1.21 and prior are considered vulnerable to this issue.

Due to a lack of detail, further information is not available at the
moment.  This BID will be updated as more information becomes
available.

[ voir aussi http://www.debian.org/security/2004/dsa-566 ]

Jetty Directory Traversal Vulnerability
BugTraq ID: 11330
Remote: Yes
Date Published: Oct 05 2004
Relevant URL: http://www.securityfocus.com/bid/11330
Summary:
It is reported that Jetty is susceptible to a directory traversal
vulnerability. This issue is due to a failure of the application to
properly sanitize HTTP request URIs.

This vulnerability allows remote attackers to retrieve the contents of
arbitrary, potentially sensitive files located on the serving computer
with the credentials of the affected process.

It is unclear at this time exactly which versions of Jetty are
affected by this vulnerability. This BID will be updated as further
information is disclosed.

This vulnerability may be related to BID 4360.

MySQL MaxDB WebDBM Server Name Denial of Service Vulnerabili...
BugTraq ID: 11346
Remote: Yes
Date Published: Oct 07 2004
Relevant URL: http://www.securityfocus.com/bid/11346
Summary:
A remotely exploitable denial of service vulnerability exists in
MaxDB.  The cause of this condition is an input validation error that
is exposed when an internal function in the WebDBM handles a
client-supplied 'Server' name in an HTTP request that includes
specific values.

This will reportedly trigger an exception due to an assert directive
failing, resulting in a denial of service condition in the web agent.

This issue was reportedly tested on Windows and Linux versions.  Other
versions could also be affected.

Cyrus SASL Multiple Remote And Local Vulnerabilities
BugTraq ID: 11347
Remote: Yes
Date Published: Oct 07 2004
Relevant URL: http://www.securityfocus.com/bid/11347
Summary:
Cyrus SASL is affected by multiple critical vulnerabilities that may
be remotely exploitable.  The first issue is due to a boundary
condition error, the second issue is due to a failure of the
application to properly handle environment variables.

Information currently available regarding these issues is insufficient
to provide a more detailed analysis. This BID will be updated and
split into separate BIDs when more information becomes available.

An attacker can leverage the boundary condition issue to exploit
arbitrary code on the affected computer.  The impact of the
environment variable issue is currently unknown.



More information about the gull-annonces mailing list