[gull-annonces] Résumé SecurityFocus Newsletter #294

Marc SCHAEFER schaefer at alphanet.ch
Thu Apr 7 09:48:02 CEST 2005


Xzabite dyndnsupdate Multiple Remote Buffer Overflow Vulnera...
BugTraq ID: 12858
Remote: Yes
Date Published: Mar 21 2005
Relevant URL: http://www.securityfocus.com/bid/12858
Summary:
Multiple remote buffer overflow vulnerabilities affect Xzabite's
dyndnsupdate.  These issues are due to a failure of the application to
properly validate the length of user-supplied strings prior to copying
them into static process buffers.

An attacker may exploit these issues to execute arbitrary code with
the privileges of a user that activated the vulnerable
application. This may facilitate unauthorized access or privilege
escalation.

Samsung DSL Modem Multiple Remote Vulnerabilities
BugTraq ID: 12864
Remote: Yes
Date Published: Mar 21 2005
Relevant URL: http://www.securityfocus.com/bid/12864
Summary:
Multiple vulnerabilities are reported to exist in Samsung DSL modems.

The first issue is an information disclosure issue due to a failure of
the device to block access to potentially sensitive files.

The second issue is a default backdoor account vulnerability. It is
reported that multiple accounts exist on the modem by default,
allowing remote attackers to gain administrative privileges on the
modem.

These vulnerabilities may allow remote attackers to gain access to
potentially sensitive information, or to gain administrative access to
the affected device.

Samsung DSL modems running software version SMDK8947v1.2 are reported
to be affected. Other devices and software versions are also likely
affected.

[ firmware ]

ImageMagick SGI Parser Heap Overflow Vulnerability
BugTraq ID: 12873
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12873
Summary:
ImageMagick is prone to a heap-based buffer overflow vulnerability.
This vulnerability exists in the SGI image file parser.

Successful exploitation may result in execution of arbitrary code.
This issue may potentially be exploited through the ImageMagick
application or in other applications that import the SGI image file
parser component.

It is noted that the SGI codec is enabled by default in ImageMagick.

ImageMagick TIFF Image File Unspecified Denial Of Service Vu...
BugTraq ID: 12874
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12874
Summary:
A remote, client-side denial of service vulnerability affects
ImageMagick.  This issue is likely due to a failure of the application
to handle malformed TIFF image files.

A remote attacker may leverage this issue to cause the affected
application to crash, potentially causing a loss of data denying
service to legitimate users.

ImageMagick TIFF Image Tag Denial Of Service Vulnerability
BugTraq ID: 12875
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12875
Summary:
A remote, client-side denial of service vulnerability affects
ImageMagick.  This issue is likely due to a failure of the application
to handle malformed TIFF image files.

A remote attacker may leverage this issue to cause the affected
application to crash, potentially causing a loss of data, and denying
service to legitimate users.

Imagemagick Photoshop Document Parsing Unspecified Denial of...
BugTraq ID: 12876
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12876
Summary:
A remote, client-side denial of service vulnerability affects
ImageMagick.  This issue is likely due to a failure of the application
to handle malformed PSD files.

A remote attacker may leverage this issue to cause the affected
application to crash, potentially causing a loss of data denying
service to legitimate users.

Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Servic...
BugTraq ID: 12877
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12877
Summary:
mod_ssl is prone to a remote denial of service vulnerability. The
issue exists in the 'ssl_io_filter_cleanup' function.

A remote attacker can exploit this issue to cause a denial of service
condition in an affected Apache server.

Apache 2.0.49 and prior versions are considered to be affected by this
vulnerability.

Mozilla GIF Image Processing Library Remote Heap Overflow Vu...
BugTraq ID: 12881
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12881
Summary:
Multiple Mozilla products are affected by a remote heap overflow
vulnerability.  This issue affects the GIF image processing library
used by Mozilla Firefox, Mozilla Browser, and Mozilla Thunderbird Mail
client.

A successful attack can result in arbitrary code execution and result
in unauthorized access to the affected computer.  Arbitrary code
execution will take place in the context of a user running a
vulnerable application.

Mathopd Dump Files Local Insecure File Creation Vulnerabilit...
BugTraq ID: 12882
Remote: No
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12882
Summary:
A local insecure file creation vulnerability affects Mathopd. This
issue is due to a design error that causes the insecure creation and
writing of files.

An attacker may leverage this issue to corrupt arbitrary files with
the privileges of an unsuspecting user that activates and uses the
vulnerable software.

[ Very small and fast HTTP server for UNIX, BSD-like advertising license ]

Mozilla Firefox Sidebar Panel Script Injection Vulnerability
BugTraq ID: 12884
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12884
Summary:
Mozilla Firefox is prone to a vulnerability that could allow remote
code execution.

This may occur if a malicious Web page is bookmarked as a sidebar
panel.  The malicious page may then reportedly open a privileged page
and inject JavaScript.  This may be leveraged to execute arbitrary
code as the victim client user.

Mozilla Browser Remote Insecure XUL Start Up Script Loading ...
BugTraq ID: 12885
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12885
Summary:
Mozilla Suite and Mozilla Firefox are affected by a remote insecure
XUL script loading vulnerability.  This issue is due to an access
validation issue that causes the script to be loaded with elevated
privileges.

An attacker may leverage this issue to execute XUL startup scripts
with elevated privileges.  The vendor has reported that the security
impact of this is currently limited.

cdrtools cdrecord Local Insecure File Creation Vulnerability
BugTraq ID: 12891
Remote: No
Date Published: Mar 24 2005
Relevant URL: http://www.securityfocus.com/bid/12891
Summary:
A local insecure file creation vulnerability affects cdrtools
cdrecord.  This issue is due to a failure of the application to
securely create and write to various files.

An attacker may leverage this issue to corrupt arbitrary files with
the privileges of an unsuspecting user that activates the application.

Dnsmasq Multiple Remote Vulnerabilities
BugTraq ID: 12897
Remote: Yes
Date Published: Mar 25 2005
Relevant URL: http://www.securityfocus.com/bid/12897
Summary:
Dnsmasq is reported prone to multiple remote vulnerabilities.  These
issues can allow an attacker to exploit an off-by-one overflow
condition and carry out DNS cache poisoning attacks.

An attacker may leverage these issues to manipulate cache data,
potentially facilitating man-in-the-middle, site impersonation, or
denial of service attacks.  A denial of service condition or potential
code execution may occur due to the off-by-one overflow vulnerability.

These issues affect Dnsmasq 2.20 and prior versions.

Due to a lack of details, further information is not available at the
moment.  This BID will be updated when more information becomes
available.

[ DNS forwarder et serveur DHCP ]

Smail-3 Multiple Remote and Local Vulnerabilities
BugTraq ID: 12899
Remote: Yes
Date Published: Mar 25 2005
Relevant URL: http://www.securityfocus.com/bid/12899
Summary:
Smail-3 is reported prone to multiple vulnerabilities.  These issues
can allow a local or remote attacker to execute arbitrary code on a
vulnerable computer.  A successful attack may lead to a complete
compromise.

The following specific issues were identified:

Smail-3 is vulnerable to a remote heap overflow vulnerability.  An
attacker can leverage this vulnerability to execute arbitrary code
with superuser privileges.  Attack attempts may also trigger a denial
of service condition.

The application is also reported prone to various potential
vulnerabilities arising from insecure handling of heap memory by
signal handlers.  These issues are not confirmed at the moment.

Smail-3 3.2.0.120 is affected by these issues.  Other versions may be
vulnerable.

This BID will be updated when more information becomes available.

Netcomm NB1300 Modem/Router Remote Denial of Service Vulnera...
BugTraq ID: 12901
Remote: Yes
Date Published: Mar 25 2005
Relevant URL: http://www.securityfocus.com/bid/12901
Summary:
Netcomm NB1300 Modem/Router is reported prone to a remote denial of
service vulnerability.

An attacker can exploit this condition by sending a large amount of
ping requests to the device.

A successful attack can deny service to legitimate users.

[ firmware ]

OpenMosixview Multiple Insecure Temporary File Creation Vuln...
BugTraq ID: 12902
Remote: No
Date Published: Mar 25 2005
Relevant URL: http://www.securityfocus.com/bid/12902
Summary:
openMosixview is reported prone to multiple local insecure temporary
file creation vulnerabilities.  These issues are due to design errors
that cause the application to fail to verify the existence of files
before writing to them.

An attacker may leverage these issues to overwrite and delete
arbitrary files with the privileges of an unsuspecting user that
activates the vulnerable application.

All versions of openMosixView are reported vulnerable.

[ OpenMosix est un système de répartition de charge basé sur le
  déplacement de processus dans un réseau de machines, sous
  certaines conditions.
]




More information about the gull-annonces mailing list