[gull-annonces] Résumé SecurityFocus Newsletter #265

Mon Sep 13 13:11:01 CEST 2004

Rappel des règles de filtrage:

   - pas de jeux, chat ou autres programme de ce genre
   - pas de logiciel non libre au sens DFSG
        exception: `firmware' (p.ex. code contenu dans un
                               modem, etc)
   - pas de scripts PHP

Il est très difficile (de plus en plus!), malheureusement,
de déterminer les licences des logiciels dans les informations
que donne SecurityFocus, donc quelques erreurs peuvent
malheureusement se glisser.

Ma recommandation pour l'administrateur est de n'installer que des
logiciels supportés par sa distribution -- de préférence libres -- et
d'administrer lui-même les autres logiciels en s'abonnant à toutes les
listes d'annonces de ces logiciels.

D-Link Securicam Network DCS-900 Internet Camera Remote Conf...
BugTraq ID: 11072
Remote: Yes
Date Published: Aug 31 2004
Relevant URL: http://www.securityfocus.com/bid/11072
Summary:
D-Link Securicam Network DCS-900 Internet Camera is reportedly
affected by a remote configuration vulnerability.  This issue is due
to a design error that allow remote, unauthorized users to update the
IP address of the vulnerable camera.

An attacker may leverage this issue to hijack the vulnerable camera,
ultimately triggering a denial of service condition, as the
unsuspecting user will be unable to connect to the device without
having its IP address.

[ firmware ]

cdrtools rsh Environment Variable Privilege Escalation Vulne...
BugTraq ID: 11075
Remote: No
Date Published: Aug 31 2004
Relevant URL: http://www.securityfocus.com/bid/11075
Summary:
cdrtools is reportedly vulnerable to an rsh environment variable
privilege escalation vulnerability.  This issue is due to a failure of
the application to properly implement security controls when executing
an application specified by the rsh environment variable.

An attacker may leverage this issue to gain superuser privileges on a
computer running the affected software.

[ uniquement si on utilise le gravage à distance via rsh ou ssh, je
suppose ]

bsdmainutils calendar Information Disclosure Vulnerability
BugTraq ID: 11077
Remote: No
Date Published: Aug 31 2004
Relevant URL: http://www.securityfocus.com/bid/11077
Summary:
The calendar utility contained in the bsdmainutils package on Debian
GNU/Linux systems is reported susceptible to an information disclosure
vulnerability. This is due to a lack of proper file authorization
checks by the application.

The application fails to enforce permissions of included files when
run as the superuser with the '-a' argument, therefore it is possible
for a local attacker to create a calendar file that will disclose the
contents of arbitrary, potentially sensitive files. This may aid them
in further attacks against the affected computer.

By default, the package is installed with a crontab file that will not
call the calendar utility. Systems are only affected if the crontab is
enabled by administrators.

Debian GNU/Linux computers with bsdmainutils versions prior to 6.0.15
are reported to be vulnerable.

MIT Kerberos 5 Multiple Double-Free Vulnerabilities
BugTraq ID: 11078
Remote: Yes
Date Published: Aug 31 2004
Relevant URL: http://www.securityfocus.com/bid/11078
Summary:
There are multiple double-free vulnerabilities reported to exist in
MIT Kerberos 5.

All vulnerabilities stem from inconsistent memory handling routines in
the krb5 library.

These vulnerabilities are exploitable in various ways:

   - An attacker can execute arbitrary code in the context of a KDC
     server process, potentially compromising the entire Kerberos realm.

   - An attacker can execute arbitrary code in the context of a krb524d
     server process, potentially compromising the entire Kerberos realm if
     it is running on the same computer as a KDC.

   - An attacker can execute arbitrary code in the context of various
     other server processes utilizing the krb5 library.

   - An attacker impersonating a KDC or application server may be able to
     execute arbitrary code in the context of a client process attempting
     to authenticate.

Versions up to and including 1.3.4 are reported vulnerable.

MIT Kerberos 5 ASN.1 Decoder Denial Of Service Vulnerability
BugTraq ID: 11079
Remote: Yes
Date Published: Aug 31 2004
Relevant URL: http://www.securityfocus.com/bid/11079
Summary:
It is reported that MIT Kerberos V is susceptible to a denial of
service vulnerability in its ASN.1 decoder.

This vulnerability presents itself when the krb5 library attempts to
decode a malformed ASN.1 buffer.

As a result of this vulnerability, a remote attacker may be able to
deny all Kerberos service in a realm by sending malicious UDP packets
to all KDCs (Key Distribution Center). The affected KDCs would then
stop servicing further authentication requests. All services utilizing
Kerberos for authentication would fail to allow further requests.

MIT Kerberos V versions 1.2.2 through to 1.3.4 are reportedly affected
by this vulnerability.

SuSE Linux PTMX Unspecified Local Denial Of Service Vulnerab...
BugTraq ID: 11081
Remote: No
Date Published: Sep 01 2004
Relevant URL: http://www.securityfocus.com/bid/11081
Summary:
Reportedly SuSE Linux is vulnerable to a local ptmx denial of service
vulnerability; fixes are available.  The underlying cause of this
issue is currently unknown; this BID will be updated as more
information is released.

An attacker may leverage this issue to cause the affected computer to
hang or crash, denying service to legitimate users.

[ /dev/ptmx: un périphérique spécial qui permet de créer des
  tty dynamiquements, remplace les anciens /dev/pty[pqr]*
  et /dev/tty[pqr]* et leurs problèmes de sécurité.
]

imlib/imlib2 Multiple BMP Image Decoding Buffer Overflow Vul...
BugTraq ID: 11084
Remote: Yes
Date Published: Sep 01 2004
Relevant URL: http://www.securityfocus.com/bid/11084
Summary:
Multiple buffer overflow vulnerabilities are reported to exist in the
immlib/imlib2 libraries. These issues may be triggered when handling
malformed bitmap images.

These vulnerabilities could be exploited by a remote attacker to cause
a denial of service in applications that use the vulnerable library to
render images. It is also reported that these vulnerabilities may be
exploited to execute code arbitrary code.

LHA Multiple Code Execution Vulnerabilities
BugTraq ID: 11093
Remote: Yes
Date Published: Sep 01 2004
Relevant URL: http://www.securityfocus.com/bid/11093
Summary:
LHA is reported prone to multiple vulnerabilities.  These issues
include multiple local and remote buffer overflow vulnerabilities and
a remote command execution vulnerability.  Successful exploitation of
these issues may allow an attacker to execute arbitrary code and gain
unauthorized access to a vulnerable computer.

The application is prone to a stack overflow vulnerability when
processing a malicious archive.

Multiple local buffer overflow vulnerabilities were reported as well.
These issues can be triggered by supplying an excessive string value
to the application through the command line.

Additionally, a remote command execution issue affects the
application.  This issue is triggered when LHA processes a directory
with a malformed name.

LHA versions 1.14 and prior are affected by these issues.

Apache mod_ssl Denial Of Service Vulnerability
BugTraq ID: 11094
Remote: Yes
Date Published: Sep 02 2004
Relevant URL: http://www.securityfocus.com/bid/11094
Summary:
Apache mod_ssl is reported susceptible to a denial of service
vulnerability.

This issue presents itself during SSL connections to a vulnerable
Apache server. The affected software may enter into an infinite loop
in certain circumstances. This will consume CPU resources and
potentially cause further connections to the affected server to fail.

All Apache versions from 2.0 through to 2.0.50 are reported
vulnerable.

Squid Proxy NTLM Authentication Denial Of Service Vulnerabil...
BugTraq ID: 11098
Remote: Yes
Date Published: Sep 02 2004
Relevant URL: http://www.securityfocus.com/bid/11098
Summary:
Squid is reported to be susceptible to a denial of service
vulnerability in its NTLM authentication module.

This vulnerability presents itself when attacker supplied input data
is passed to the affected NTLM module without proper sanitization.

This vulnerability allows an attacker to crash the NTLM helper
application. Squid will respawn new helper applications, but with a
sustained, repeating attack, it is likely that proxy authentication
depending on the NTLM helper application would fail. Failure of NTLM
authentication would result in the Squid application denying access to
legitimate users of the proxy.

Squid versions 2.x and 3.x are all reported to be vulnerable to this
issue. A patch is available from the vendor.

Dynalink RTA 230 ADSL Router Default Backdoor Account Vulner...
BugTraq ID: 11102
Remote: Yes
Date Published: Sep 03 2004
Relevant URL: http://www.securityfocus.com/bid/11102
Summary:
The Dynalink RTA 230 ADSL router is reported susceptible to a default
backdoor account vulnerability.

It is reported that the firmware contains a backdoor account. This
account is not visible or modifiable from the web administration
interface. Both the web configuration application and the telnet
service are not listening on the WAN interface by default.

Attackers with network access to internal interfaces of the device can
gain complete access to a vulnerable access point by using the default
credentials.

Other devices utilizing similar firmware may also be affected, but
this has not been confirmed. Other potential devices reported are:
   - US Robotics 9105 and 9106
   - Siemens SE515
   - Buffalo WMR-G54

[ firmware ]

Engenio Storage Controller Remote Denial Of Service Vulnerab...
BugTraq ID: 11108
Remote: Yes
Date Published: Sep 04 2004
Relevant URL: http://www.securityfocus.com/bid/11108
Summary:
It is reported that hardware based on Engenio Storage Controllers are
prone to a remote denial of service vulnerability.  This could also
result reportedly result in unrecoverable corruption of data.

Affected hardware includes Storagetek D280, and IBM DS4100 (formerly
FastT 100) and Brocade SilkWorm Switches.  Other devices may be
affected such as other Storagetek and IBM FastT storage controllers,
SGI, and Teradata storage controllers though this has not confirmed.
The problem may exist in the underlying vxWorks operating system
though this has also not been confirmed.

[ firmware. Ne mettez pas votre réseau de données sur un réseau
général. ]