[gull-annonces] Résumé SecurityFocus Newsletter #272

Marc SCHAEFER schaefer at alphanet.ch
Fri Oct 29 21:11:02 CEST 2004


3Com OfficeConnect ADSL Wireless 11g Firewall Router Authent...
BugTraq ID: 11438
Remote: Yes
Date Published: Oct 18 2004
Relevant URL: http://www.securityfocus.com/bid/11438
Summary:
3Com OfficeConnect ADSL Wireless 11g Firewall Router is affected by an
authentication bypass vulnerability; This issue is due to a failure of
the device to properly validate an authenticated administrator.

An attacker could leverage this issue to gain administrative access to
the affective device facilitating disclosure of administrator
passwords, WEP encryption keys, configuration manipulation and denial
of service.

It should be noted that this issue was originally reported in
vulnerability report '3Com OfficeConnect ADSL Wireless 11g Firewall
Router Multiple Unspecified Vulnerabilities' (BID 11422).  It has been
assigned its own BID as more information has been made available.

[ firmware ]

Mozilla Multiple Memory Corruption Vulnerabilities
BugTraq ID: 11439
Remote: Yes
Date Published: Oct 18 2004
Relevant URL: http://www.securityfocus.com/bid/11439
Summary:
Multiple memory corruption vulnerabilities have been reported in
Mozilla.  These issues are related to malformed HTML involving the
TEXTAREA, INPUT, FRAMESET, and IMG tags.  These issues could cause the
browser to crash when rendering the malformed HTML, though there is an
additional possibility of leveraging the issues to execute arbitrary
code.

Although these issues were reported in the Mozilla browser, other
applications based on the same code may also be affected such as
Firefox/Thunderbird/Netscape.

Mozilla Invalid Pointer Dereference Vulnerability
BugTraq ID: 11440
Remote: Yes
Date Published: Oct 18 2004
Relevant URL: http://www.securityfocus.com/bid/11440
Summary:
A vulnerability exists in Mozilla that will most likely cause a denial
of service.  The source of the issue is that an invalid pointer is
dereferenced when the browser renders an unusual combination of visual
elements.

Although this issue was reported in the Mozilla browser, other
applications based on the same code may also be affected such as
Firefox/Thunderbird/Netscape.

Mozilla Browser Cross-Domain Dialog Box Spoofing Vulnerabili...
BugTraq ID: 11473
Remote: Yes
Date Published: Oct 20 2004
Relevant URL: http://www.securityfocus.com/bid/11473
Summary:
Mozilla Browsers are reported prone to a cross-domain dialog box
spoofing vulnerability.  This issue may allow a remote attacker to
carry out phishing style attacks as an attacker may exploit this
vulnerability to spoof an interface of a trusted web site.

Due to code similarities, Netscape Navigator is affected by this issue
as well.

Mozilla Browser Cross-Domain Tab Window Form Field Focus Vul...
BugTraq ID: 11474
Remote: Yes
Date Published: Oct 20 2004
Relevant URL: http://www.securityfocus.com/bid/11474
Summary:
A cross-domain tab window form field focus vulnerability reportedly
affects Mozilla browser and all browsers derived from it.  This issue
is due to an access validation error that allows a web page to gain
access to form fields in other web pages rendered in different tabs of
the same browser window.

This issue may be leveraged to facilitate convincing phishing style
attacks designed to reveal sensitive information such as passwords and
financial details.

Konqueror Browser Cross-Domain Dialog Box Spoofing Vulnerabi...
BugTraq ID: 11477
Remote: Yes
Date Published: Oct 20 2004
Relevant URL: http://www.securityfocus.com/bid/11477
Summary:
Konqueror Browser is reported prone to a cross-domain dialog box
spoofing vulnerability.  This issue may allow a remote attacker to
carry out phishing style attacks as an attacker may exploit this
vulnerability to spoof an interface of a trusted web site.

links Malformed Table Denial Of Service Vulnerability
BugTraq ID: 11442
Remote: Yes
Date Published: Oct 18 2004
Relevant URL: http://www.securityfocus.com/bid/11442
Summary:
Links is prone to a denial of service vulnerability when handling HTML
tables of excessive size.  This issue may cause excessive resource
consumption on the host computer.

lynx Malformed HTML Infinite Loop Denial Of Service Vulnerab...
BugTraq ID: 11443
Remote: Yes
Date Published: Oct 18 2004
Relevant URL: http://www.securityfocus.com/bid/11443
Summary:
lynx is prone to a denial of service vulnerability when handling
certain malformed HTML.  This condition could be exploited to cause
the application to enter an infinite loop.

Gnofract 4D Remote Script Code Execution Vulnerability
BugTraq ID: 11445
Remote: Yes
Date Published: Oct 18 2004
Relevant URL: http://www.securityfocus.com/bid/11445
Summary:
Gnofract 4D is affected by a remote script code execution
vulnerability.  This issue is due to a design error that allows for
the execution of code in parameter files.

A remote attacker may leverage this issue to execute arbitrary script
code with the privileges of a user that activates the vulnerable
application.

BMON Local Privilege Escalation Vulnerability
BugTraq ID: 11457
Remote: No
Date Published: Oct 18 2004
Relevant URL: http://www.securityfocus.com/bid/11457
Summary:
It is reported that bmon is susceptible to a privilege escalation
vulnerability if installed with setuid permissions.

This vulnerability allows local attackers to execute arbitrary code
with the privileges of the bmon package. It is reported that the
FreeBSD port system installs bmon with setuid superuser privileges,
allowing local attackers to execute arbitrary code with superuser
privileges.

This vulnerability is reported to exist in bmon version 1.2.1 on any
platform that installs it with setuid privileges. Other versions may
also be affected.

For FreeBSD, versions prior to 1.2.1_2 are reported susceptible. Other
platforms that install bmon with setuid privileges are unknown at this
time.

cabextract Remote Directory Traversal Vulnerability
BugTraq ID: 11460
Remote: Yes
Date Published: Oct 19 2004
Relevant URL: http://www.securityfocus.com/bid/11460
Summary:
cabextract is reported prone to a remote directory traversal
vulnerability.  This issue presents itself due to insufficient
sanitization of user-supplied data.

An attacker may exploit this issue to corrupt or manipulate sensitive
data.  This may aid in further attacks against a computer.

cabextract versions 1.0 and prior are reported prone to this issue.

Apache mod_include Local Buffer Overflow Vulnerability
BugTraq ID: 11471
Remote: No
Date Published: Oct 20 2004
Relevant URL: http://www.securityfocus.com/bid/11471
Summary:
The problem presents itself when the affected module attempts to parse
mod_include specific tag values.  A failure to properly validate the
lengths of user-supplied tag strings prior to copying them into finite
buffers facilitates the overflow.

A local attacker may leverage this issue to execute arbitrary code on
the affected computer with the privileges of the affected Apache
server.

libpng Graphics Library Image Height Integer Overflow Vulner...
BugTraq ID: 11481
Remote: Yes
Date Published: Oct 20 2004
Relevant URL: http://www.securityfocus.com/bid/11481
Summary:
libpng is the official Portable Network Graphics (PNG) reference
library.

libpng is reported susceptible to an image height integer overflow
vulnerability.

A specially crafted PNG image could reportedly overflow an integer
value, and possibly result in overwriting of critical memory regions
allowing for the alteration of proper program execution. This
vulnerability may be exploited to execute attacker-supplied code in
the context of an application that utilized the affected library.

Linux Kernel IPTables Logging Rules Integer Underflow Vulner...
BugTraq ID: 11488
Remote: Yes
Date Published: Oct 21 2004
Relevant URL: http://www.securityfocus.com/bid/11488
Summary:
It is reported that an integer underflow vulnerability is present in
the iptables logging rules of the Linux kernel 2.6 branch.

A remote attacker may exploit this vulnerability to crash a computer
that is running the affected kernel.

The 2.6 Linux kernel is reported prone to this vulnerability, the 2.4
kernel is not reported to be vulnerable.

Zinf/Freeamp Unspecified Insecure Temporary File Creation Vu...
BugTraq ID: 11490 Remote: No Date Published: Oct 21 2004 Relevant URL:
http://www.securityfocus.com/bid/11490 Summary: Zinf/Freeamp are
affected by an unspecified insecure temporary file creation
vulnerability.  This issue is likely due to a design error that causes
the application to fail to verify the existence of a file before
writing to it.

An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application.

Linux Kernel TIOCSETD Terminal Subsystem Race Condition Vuln...
BugTraq ID: 11491
Remote: No
Date Published: Oct 21 2004
Relevant URL: http://www.securityfocus.com/bid/11491
Summary:
The Linux Kernel is prone to a local vulnerability in the terminal
subsystem.  Reportedly, this issue can be triggered by issuing a
TIOCSETD ioctl to a terminal interface at the moment a read or write
operation is being performed by another thread.  This could result in
a denial of service or allow kernel memory to be read.

Linux Kernel Terminal Locking Race Condition Vulnerability
BugTraq ID: 11492
Remote: Yes
Date Published: Oct 21 2004
Relevant URL: http://www.securityfocus.com/bid/11492
Summary:
A race condition vulnerability exists in the Linux Kernel terminal
subsystem.  This issue is related to terminal locking and is exposed
when a remote user connects to the computer through a PPP dialup port.

Reportedly, when the remote user issues the switch from console to
PPP, there is a small window of opportunity to send data that will
trigger the vulnerability.  The report indicates that this may cause a
denial of service.  It is unknown if there are other impacts for this
vulnerability.

Speedtouch USB Driver Local Format String Vulnerability
BugTraq ID: 11496
Remote: No
Date Published: Oct 21 2004
Relevant URL: http://www.securityfocus.com/bid/11496
Summary:
Speedtouch USB Driver is prone to a locally exploitable format string
vulnerability. The problem occurs due to insufficient sanitization of
user-supplied data.

This vulnerability may be exploited in order to have arbitrary code
executed with superuser privileges.

[ linux kernel driver?  difficult to evaluate ]

xpdf pdftops Multiple Integer Overflow Vulnerabilities
BugTraq ID: 11501
Remote: Yes
Date Published: Oct 21 2004
Relevant URL: http://www.securityfocus.com/bid/11501
Summary:
It is reported that pdftops is susceptible to multiple integer
overflow vulnerabilities. This issue is due to a failure of the
application to properly ensure that user-supplied input does not
result in the overflowing of integer values.  This may result in data
being copied past the end of a memory buffer.

These overflows cause smaller than expected memory regions to be
allocated by the application. Subsequent operations are likely to
overwrite memory regions past the end of the allocated buffer,
allowing attackers to overwrite critical memory control
structures. This may allow attackers to control the flow of execution,
and potentially execute attacker-supplied code in the context of the
affected application.

Applications using embedded xpdf code may be vulnerable to these
issues as well.

socat Remote Format String Vulnerability
BugTraq ID: 11505
Remote: Yes
Date Published: Oct 22 2004
Relevant URL: http://www.securityfocus.com/bid/11505
Summary:
It is reported that socat is susceptible to a remote format string
vulnerability. This issue is due to a failure of the application to
properly sanitize user-supplied input before using it as the format
specifier in a formatted printing function.

This vulnerability reportedly allows remote attackers to execute
arbitrary code in the context of the socat process.

Versions prior to 1.4.0.3 are reported to be vulnerable.

[ socket relayer: p.ex. TCP to serial ]

libtiff OJPEG Heap Buffer Overflow Vulnerability
BugTraq ID: 11506
Remote: Yes
Date Published: Oct 22 2004
Relevant URL: http://www.securityfocus.com/bid/11506
Summary:
libtiff is affected by a heap buffer overflow vulnerability. This
issue is due to a failure of the application to properly perform
boundary checks prior to copying user-supplied strings into finite
process buffers.

An attacker may leverage this issue to execute arbitrary code on a
vulnerable computer with the privileges of the user running the
vulnerable application, facilitating unauthorized access.  This issue
may also be leveraged to cause an affected application to crash.



More information about the gull-annonces mailing list