[gull-annonces] Résumé SecurityFocus Newsletter #268

Marc SCHAEFER schaefer at alphanet.ch
Thu Sep 30 14:11:05 CEST 2004 

Jörg Schilling SDD Remote Tape Support  Client Undisclosed V...
BugTraq ID: 11217
Remote: Unknown
Date Published: Sep 18 2004
Relevant URL: http://www.securityfocus.com/bid/11217
Summary:
Jörg Schilling sdd is reported prone to an undisclosed
vulnerability. The issue is reported to present itself in the RMT
client.

This BID will be updated as soon as further analysis of this
vulnerability is completed.

FreeRADIUS Access-Request Denial Of Service Vulnerability
BugTraq ID: 11222
Remote: Yes
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11222
Summary:
Reportedly FreeRADIUS is affected by a remote denial of service
vulnerability.  This issue is due to a failure of the application to
handle malformed packets.

An attacker may leverage this issue to cause the affected server to
crash, denying service to legitimate users.

getmail Local Symbolic Link Vulnerability
BugTraq ID: 11224
Remote: No
Date Published: Sep 20 2004
Relevant URL: http://www.securityfocus.com/bid/11224
Summary:
Reportedly getmail is affected by a local symbolic link
vulnerability. This issue is due to a failure of the application to
validate files prior to writing to them.

An attacker may leverage this issue to cause arbitrary files to be
written to with the privileges of a user that sends messages to an
attacker-controlled file.  This may facilitate privilege escalation or
destruction of data.

OpenBSD Radius Authentication Bypass Vulnerability
BugTraq ID: 11227
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11227
Summary:
OpenBSD is reported prone to an authentication bypass vulnerability
when using Radius authentication.  This issue can be leverage by
spoofing traffic on a vulnerable network and carrying out a
man-in-the-middle attack to gain unauthorized access to an OpenBSD
computer.

This vulnerability arises if an OpenBSD computer is configured to use
Radius authentication and may allow an attacker to gain unauthorized
access to the OpenBSD computer.

The vulnerability is confirmed in OpenBSD 3.2 and OpenBSD 3.5.  Other
versions may be vulnerable as well.

Jabber Studio JabberD Remote Denial Of Service Vulnerability
BugTraq ID: 11231
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11231
Summary:
Jabber Studio jabberd is reportedly affected by a remote denial of
service vulnerability.  This issue is due to a failure of the
application to properly handle malformed network messages.

An attacker may leverage this issue by causing the affected server to
crash, denying service to legitimate users.

latex2rtf Remote Buffer Overflow Vulnerability
BugTraq ID: 11233
Remote: Yes
Date Published: Sep 21 2004
Relevant URL: http://www.securityfocus.com/bid/11233
Summary:
It is reported that latex2rtf is susceptible to a remote buffer
overflow vulnerability when handling malformed files. This
vulnerability may allow a remote attacker to execute arbitrary code on
a vulnerable computer to gain unauthorized access. This issue is due
to a failure of the application to perform proper bounds checks before
copying data into a fixed sized memory buffer.

Version 1.9.15 of latex2rtf is reported vulnerable to this
issue. Other versions may also be affected.

Symantec Enterprise Firewall/VPN Appliance Multiple Remote V...
BugTraq ID: 11237
Remote: Yes
Date Published: Sep 22 2004
Relevant URL: http://www.securityfocus.com/bid/11237
Summary:
Symantec Enterprise Firewall/VPN Appliance is affected by multiple
remote vulnerabilities.  These issues are due to a failure of the
application to handle exceptional conditions, a default configuration
issue exists as well.

An attacker can leverage a denial of service issue to cause the
affected appliance to stop responding, requiring a power off to bring
the device back to functionality.  A filter bypass issue allows an
attacker to bypass the filters on the 'tftpd', 'snmpd', and 'isakmp'
services.  An attacker can also read and write the community string of
the affected device by default, facilitating disclosure and altering
of the device's settings.

[ firmware ]

Apache Satisfy Directive Access Control Bypass Vulnerability
BugTraq ID: 11239
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11239
Summary:
Apache Web Server is reportedly affected by an access control bypass
vulnerability.  This issue presents itself due to an unspecified error
in the merging of the 'Satisfy' directive.  As a result, a remote
attacker may bypass access controls and gain unauthorized access to
restricted resources.

It is reported that this issue only affects Apache 2.0.51.

Due to a lack of details, further information is not available at the
moment.  This BID will be updated as more information becomes
available.

Red Hat redhat-config-nfs Exported Shares Configuration Vuln...
BugTraq ID: 11240
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11240
Summary:
Red Hat redhat-config-nfs is affected by an exported shares
configuration vulnerability.  These issues are due to a failure of the
application to apply proper settings to the affected network file
system (NFS) shares.

This issue would cause some NFS option, such as 'all_squash' to fail
to be applied, potentially giving administrators a false sense of
security.

Motorola WR850G Wireless Router Remote Authentication Bypass...
BugTraq ID: 11241
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11241
Summary:
Motorola WR850G wireless router is reported prone to a remote
authentication bypass vulnerability.  This issue is caused by a design
error and may allow an attacker to ultimately take complete control
over the device.

A remote attacker can gain access to the Web interface of the affected
device by periodically attempting to access restricted pages such as
the 'ver.asp' script.

Motorola wireless router WR850G running firmware version 4.03 is
reportedly affected by this issue.  It is possible that other models
and firmware versions are affected as well.

[ firmware ]

Inkra Router Virtual Service Switch Remote Denial Of Service...
BugTraq ID: 11242
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11242
Summary:
The Inkra Router Virtual Service Switch is affected by a remote denial
of service vulnerability.  This issue is due to a failure of the
application to handle exceptional network data.

An attacker may leverage this issue to cause the affected device to
crash, denying service to legitimate users.

[ firmware ]

Subversion Mod_Authz_Svn Metadata Information Disclosure Vul...
BugTraq ID: 11243
Remote: Yes
Date Published: Sep 23 2004
Relevant URL: http://www.securityfocus.com/bid/11243
Summary:
It is reported that Subversions mod_authz_svn module is susceptible to
an information disclosure vulnerability.

This vulnerability is presents itself when paths that are marked as
unreadable are accessed by particular Subversion client commands. It
is reportedly possible to disclose the existence of files that are
inaccessible to users. Under certain circumstances it may also be
possible to disclose commit log messages, or even the contents of
files that are configured to be inaccessible to users.

This vulnerability is reported to exist in versions prior to 1.0.8 and
1.1.0-rc4.

Canon ImageRUNNER 5000 Printer Email Printing Vulnerability
BugTraq ID: 11247
Remote: Yes
Date Published: Sep 24 2004
Relevant URL: http://www.securityfocus.com/bid/11247
Summary:
The Canon imageRUNNER printer is a network based printer and
photocopier designed to facilitate all small office printing
requirements.

Canon imageRUNNER 5000 is reportedly vulnerable to an email printing
vulnerability.  This issue is due to an access validation issue that
fails to require authorization to have emails printed.

Reportedly it is impossible to disable the vulnerable email server
feature.

An attacker may leverage this issue to print arbitrary text on an
affected printer, potentially consuming resources and triggering a
denial of service condition.

[ firmware ]

Zinf Malformed Playlist File Remote Buffer Overflow Vulnerab...
BugTraq ID: 11248
Remote: Yes
Date Published: Sep 24 2004
Relevant URL: http://www.securityfocus.com/bid/11248
Summary:
Zinf is reported prone to a remote buffer overflow vulnerability when
processing malformed playlist files.  This issue exists due to
insufficient boundary checks performed by the application and may
allow an attacker to gain unauthorized access to a vulnerable
computer.

Reportedly, this issue affects Zinf version 2.2.1 for Windows.  Zinf
version 2.2.5 for Linux is reportedly fixed, however, this is not
confirmed at the moment.

More information about the gull-annonces mailing list