[gull-annonces] Résumé SecurityFocus Newsletter #266

[Marc SCHAEFER]

Engenio Storage Controller Remote Denial Of Service Vulnerab...
BugTraq ID: 11108
Remote: Yes
Date Published: Sep 04 2004
Relevant URL: http://www.securityfocus.com/bid/11108
Summary:
It is reported that hardware based on Engenio Storage Controllers are
prone to a remote denial of service vulnerability.  This could also
result reportedly result in unrecoverable corruption of data.

Affected hardware includes Storagetek D280, and IBM DS4100 (formerly
FastT 100) and Brocade SilkWorm Switches.  Other devices may be
affected such as other Storagetek and IBM FastT storage controllers,
SGI, and Teradata storage controllers though this has not confirmed.
The problem may exist in the underlying vxWorks operating system
though this has also not been confirmed.

[ firmware ]

OpenCA HTML Injection Vulnerability
BugTraq ID: 11113
Remote: Yes
Date Published: Sep 06 2004
Relevant URL: http://www.securityfocus.com/bid/11113
Summary:
It has been reported that OpenCA is vulnerable to a HTML injection
attack due to inadequate validation / filtering of user input into a
web form frontend.  The vulnerability is present in the OpenCA PKI
software.  According to the report, malicious user-data containing
embedded HTML will persist in the system after it is injected.

[ X.509 / PKI Open Certificate Authority Server ]

Multi Gnome Terminal Information Leak Vulnerability
BugTraq ID: 11117
Remote: No
Date Published: Sep 06 2004
Relevant URL: http://www.securityfocus.com/bid/11117
Summary:
It has been reported that Multi Gnome Terminal may output active user
keystrokes to a file that is potentially world readable.  According to
the report, Gnome Multi Terminal "has been known to" (i.e. under some
circumstances, which are unclear at this time) write keystroke data to
~/.xsession-errors.  As this file can be world readable, this may
result in a leak of confidential information to other local users.

Webmin / Usermin HTML Email Command Execution Vulnerability
BugTraq ID: 11122
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11122
Summary:
Webmin / Usermin are reportedly affected by a command execution
vulnerability when rendering HTML email messages. This issue is due to
a failure to sanitize HTML email messages and may allow an attacker to
execute arbitrary commands on a vulnerable computer.

This issue is reported to affect Usermin versions 1.080 and prior.

gnubiff Multiple Remote POP3 Protocol Vulnerabilities
BugTraq ID: 11123
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11123
Summary:
Reportedly gnubiff is affected by multiple pop3 protocol
vulnerabilities.  The first issue is due to a design error in the pop3
protocol implementation that causes the application the crash.  The
second issue is a buffer overflow in the pop3 implementation.

An attacker might leverage these issues to cause the affected
application to crash and to manipulate process memory ultimately
facilitating arbitrary code execution.

Net-Acct Symbolic Link Vulnerability
BugTraq ID: 11125
Remote: No
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11125
Summary:
Net-Acct is reportedly affected by a symbolic link vulnerability. This
issue is due to a design error that fails to properly verify files
prior to writing to them.

This issue will allow an attacker to overwrite arbitrary
files. Reportedly, this issue could be leveraged to facilitate
privilege escalation.

[ Logs network traffic to a (?) MySQL database for analysis ]

OpenLDAP Ambiguous Password Attribute Weakness
BugTraq ID: 11137
Remote: Yes
Date Published: Sep 07 2004
Relevant URL: http://www.securityfocus.com/bid/11137
Summary:
It is reported that in certain undisclosed cases, OpenLDAP is
susceptible to an ambiguous password attribute weakness.

If an attacker is able to retrieve a password hash as contained in the
OpenLDAP database, they are possibly able to directly authenticate to
the LDAP database. An attacker is able to gain unauthorized access if
they can sniff password hashes from the network, or retrieve the
contents of the 'userPassword' attribute from a database backup, or
through weak permissions on the database.

The OpenLDAP that is included with Apple Mac OS X, versions 10.3.4 and
10.3.5 is reported to be affected. Versions of OpenLDAP included in
other operating systems are also possibly affected.

Ulrik Petersen Emdros Database Engine Denial Of Service Vuln...
BugTraq ID: 11143
Remote: Yes
Date Published: Sep 08 2004
Relevant URL: http://www.securityfocus.com/bid/11143
Summary:
It is reported that Emdros is prone to a denial of service
vulnerability, due to a memory leak while running as a daemon.

This vulnerability is present in the 'mql' process. This process
contains a memory leak, and if it is run as a daemon, a remote
attacker has the ability to consume all available memory until the
process crashes.

[ http://emdros.org/, GPL, with other licences available for special
projects, the database engine for analyzed or annotated text ]

Versions prior to 1.1.20 are reported susceptible to this
vulnerability.

OpenOffice/StarOffice Local File Disclosure Vulnerability
BugTraq ID: 11151
Remote: No
Date Published: Sep 10 2004
Relevant URL: http://www.securityfocus.com/bid/11151
Summary:
StarOffice and OpenOffice are reported prone to a local file
disclosure vulnerability.  This issue presents itself because the
application creates insecure temporary files.  Each time a user saves
a file, a compressed copy of the file is saved in a temporary
direcotry.  This can allow a local attacker to disclose files of other
users.

OpenOffice 1.1.2 and StarOffice 7.0 are reported prone to this
vulnerability.

[ StarOffice est proprietaire ]