[gull-annonces] Résumé SecurityFocus Newsletter #271

Marc SCHAEFER schaefer at alphanet.ch
Sun Oct 24 23:01:02 CEST 2004 

MySQL Multiple Local Vulnerabilities
BugTraq ID: 11357
Remote: No
Date Published: Oct 11 2004
Relevant URL: http://www.securityfocus.com/bid/11357
Summary:
MySQL is reported prone to multiple local vulnerabilities.  These
issues may allow an attacker to bypass security restrictions or cause
a denial of service condition in the application.

It is reported that an attacker can bypass certain security
restrictions and gain access to and corrupt potentially sensitive data
due to an error in 'ALTER TABLE ... RENAME' operations.

A denial of service condition presents itself when multiple threads
ALTER MERGE tables to change the UNION.

Due to a lack of details, further information is not available at the
moment.  This BID will be updated as more information becomes
available.

Apache 2 mod_ssl SSLCipherSuite Access Validation Vulnerabilit...
BugTraq ID: 11360
Remote: Yes
Date Published: Oct 11 2004
Relevant URL: http://www.securityfocus.com/bid/11360
Summary:
Apache 2.x mod_ssl is reported prone to an access validation
vulnerability.  This issue presents itself when mod_ssl is configured
to be used with the 'SSLCipherSuite' directive.  It is reported that
this vulnerability allows a client to use any cipher suite allowed by
the virtual host configuration regardless of cipher suites specified
for a specific directory.  This can allow an attacker to bypass
security policies and access potentially sensitive data.

Apache versions 2.0.35 to 2.0.52 are reported vulnerable to this
issue.

ASN.1 Compiler Multiple Unspecified Vulnerabilities
BugTraq ID: 11370
Remote: Yes
Date Published: Oct 11 2004
Relevant URL: http://www.securityfocus.com/bid/11370
Summary:
ASN.1 Compiler is reported prone to multiple unspecified
vulnerabilities.  The following issues were reported by the vendor:

An issues affecting ASN.1 Compiler presents itself during explicitly
tagged ANY type encoding and decoding.

Another security issue involves indefinite length structures appearing
in the extensions in CHOICE code.

ASN.1 Compiler versions 0.9.4 is reported prone to these issues.  It
is probable that other versions are affected as well.

Squid Proxy SNMP ASN.1 Parser Denial Of Service Vulnerabilit...
BugTraq ID: 11385
Remote: Yes
Date Published: Oct 12 2004
Relevant URL: http://www.securityfocus.com/bid/11385
Summary:
It is reported that Squid is susceptible to a denial of service
vulnerability in its SNMP ASN.1 parser. SNMP support is not enabled by
default as provided by the vendor. It may be enabled by default when
Squid is included as a binary application in certain unconfirmed
operating systems.

This vulnerability allows remote attackers to crash affected Squid
proxies with single UDP datagrams that may be spoofed. Squid will
attempt to restart itself automatically, but an attacker sending
repeated malicious SNMP packets can effectively deny service to
legitimate users.

Squid versions 2.5-STABLE6 and earlier, as well as 3.0-PRE3-20040702
are reported vulnerable to this issue.

Research In Motion Blackberry Remote Denial of Service Vulne...
BugTraq ID: 11389
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11389
Summary:
The Research In Motion Blackberry 7230 is affected by a remote denial
of service vulnerability.  This issue is due to the device attempting
to copy a long message in to flash memory.

An attacker may leverage this issue to cause the affected device to
restart, causing a loss of all email messages saved on the device.

Update: This issue was originally identified as a buffer overflow
vulnerability.  New information suggests that it is only a remote
denial of service condition.  This BID is being updated to reflect
this information.

[ firmware ]

libtiff Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 11406
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11406
Summary:
libtiff is affected by multiple buffer overflow vulnerabilities. This
issue is due to a failure of the library to properly perform
boundary checks prior to copying user-supplied strings into finite
process buffers.

An attacker may leverage these issues to execute arbitrary code on a
vulnerable computer with the privileges of the user running the
vulnerable application, facilitating unauthorized access.  These
issues may also be leveraged to cause an affected application to
crash.

3Com 3CRADSL72 ADSL Wireless Router Information Disclosure a...
BugTraq ID: 11408
Remote: Yes
Date Published: Oct 13 2004
Relevant URL: http://www.securityfocus.com/bid/11408
Summary:
3Com 3CRADSL72 is reported prone to an information disclosure, and an
authentication bypass vulnerability.  This issue can allow a remote
attacker to disclose sensitive information such as the router name,
primary and secondary DNS servers, default gateway. Attackers could
also reportedly gain administrative access to the router.

If successful, these vulnerabilities can be used to the launch of
other attacks against the device and other users on the vulnerable
network.

[ firmware ]

unzoo Undisclosed Directory Traversal Vulnerability
BugTraq ID: 11417
Remote: No
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11417
Summary:
The unzoo utility is reported prone to an undisclosed directory
traversal vulnerability. It is conjectured that this issue may exist
due to a lack of sufficient sanitization performed on the filenames of
members contained in a zoo archive.

This BID will be updated when further information regarding this
vulnerability is released.

KDocker Unspecified Vulnerability
BugTraq ID: 11419
Remote: No
Date Published: Oct 14 2004
Relevant URL: http://www.securityfocus.com/bid/11419
Summary:
KDocker is reported prone to an unspecified vulnerability.  The vendor
reported this issue in KDocker versions 0.8 and prior.  The cause and
impact of this issue are currently unknown.  It is conjectured that
due to the nature of this issue, it may allow a local attacker to gain
elevated privileges or compromise a computer locally.

Due to a lack of details, further information is not available at the
moment.  This BID will be updated as more information becomes
available.

3Com OfficeConnect ADSL Wireless 11g Firewall Router Multipl...
BugTraq ID: 11422
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11422
Summary:
3Com OfficeConnect ADSL Wireless 11g Firewall Router is reported prone
to multiple unspecified vulnerabilities.  The following issues were
reported:

An unspecified issue affects the DHCP service.

Another issue is related to displaying two duplicate login IPs.

An unspecified denial of service vulnerability may allow remote
attackers to restart the device.  This issue occurs due to
insufficient boundary checks performed by the application.

3Com OfficeConnect ADSL Wireless 11g Firewall Router firmware versions
prior to 1.27 are vulnerable to these issues.

**UPDATE: it should be noted that the issue described as an error in
displaying two duplicate IPs has been assigned it own BID as more
information has become available.  Please see '3Com OfficeConnect ADSL
Wireless 11g Firewall Router Authentication Bypass Vulnerability' (BID
11438) for more information.

[ firmware ]

ProFTPD Authentication Delay Username Enumeration Vulnerabil...
BugTraq ID: 11430
Remote: Yes
Date Published: Oct 15 2004
Relevant URL: http://www.securityfocus.com/bid/11430
Summary:
A timing attack is described in ProFTPD that could assist a remote
user in enumerating usernames.

A remote attacker may exploit this vulnerability to determine what
usernames are valid, privileged, or do not exist on the remote system.

More information about the gull-annonces mailing list