[gull-annonces] Résumé SecurityFocus Newsletter #295

Marc SCHAEFER schaefer at alphanet.ch
Sat Apr 16 16:25:03 CEST 2005 

Linux Kernel Bluetooth Signed Buffer Index Vulnerability
BugTraq ID: 12911
Remote: No
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12911
Summary:
A local signed buffer index vulnerability affects the Linux
kernel. This issue is due to a failure of the affected kernel to
securely handle signed values when validating memory indexes.

This issue may be leverage by a local attacker to gain escalated
privileges on an affected computer.

Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Bu...
BugTraq ID: 12918
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12918
Summary:
A remote buffer overflow vulnerability affects Multiple vendor's
Telnet client.  This issue is due to a failure of the application to
properly validate the length of user-supplied strings prior to copying
them into static process buffers.

An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.

[ qui utilise encore telnet? ]

Multiple Vendor Telnet Client env_opt_add Heap-Based Buffer ...
BugTraq ID: 12919
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12919
Summary:
Multiple vendor's Telnet client applications are reported prone to a
remote buffer overflow vulnerability. It is reported that the
vulnerability exists in a function 'env_opt_add()' in the 'telnet.c'
source file, which is apparently common source for all of the affected
vendors.

A remote attacker may exploit this vulnerability to execute arbitrary
code on some of the affected platforms in the context of a user that
is using the vulnerable Telnet client to connect to a malicious
server.

Smail-3 Unspecified Remote Vulnerability
BugTraq ID: 12922
Remote: Yes
Date Published: Mar 28 2005
Relevant URL: http://www.securityfocus.com/bid/12922
Summary:
Smail-3 is reported prone to an unspecified vulnerability that may be
related to the issues that are described in BID 12899 (Smail-3
Multiple Remote and Local Vulnerabilities).

It is reported that the vulnerability manifests because insufficient
boundary checks are performed on certain pointer values. It is
conjectured that this may result in memory corruption ultimately
leading to arbitrary code execution.

Few details are known in regards to this issue, this BID will be
updated as soon as further information is made available.

Midnight Commander insert_text() Buffer Overflow Vulnerability
BugTraq ID: 12928
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12928
Summary:
A buffer overflow vulnerability exists in Midnight Commander.  The
vulnerability is caused by insufficient bounds checking of external
data supplied to the 'insert_text()' function.

This issue may allow local attackers to execute arbitrary code in the
context of another user.

Linux Kernel ext2 File System Information Leak Vulnerability
BugTraq ID: 12932
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12932
Summary:
The Linux kernel ext2 filesystem handling code is reported prone to a
local information leakage vulnerability.

This issue may be leveraged by a local attacker to gain access to
potential sensitive kernel memory.  Information gained in this way may
lead to further attacks against the affected computer.

Sylpheed MIME-Encoded Attachment Name Buffer Overflow Vulner...
BugTraq ID: 12934
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12934
Summary:
Sylpheed is prone to a buffer overflow when handling email attachments
with MIME-encoded file names.

Succesful exploitation may allow arbitrary code execution in the
security context of the application.

Linux Kernel ELF Binary Loading Local Denial of Service Vuln...
BugTraq ID: 12935
Remote: No
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12935
Summary:
Linux Kernel is prone to a potential local denial of service
vulnerability.

It is reported that issue exists in the 'load_elf_library()' function.

Linux Kernel 2.6.11.5 and prior versions are affected by this issue.

WebAPP Unspecified File Disclosure Vulnerability
BugTraq ID: 12938
Remote: Yes
Date Published: Mar 29 2005
Relevant URL: http://www.securityfocus.com/bid/12938
Summary:
WebAPP is reported prone to an unspecified file disclosure
vulnerability.

It is reported that this issue may allow remote attackers to disclose
contents of certain files.  Information gathered through a successful
attack may aid in other attacks against a vulnerable computer.

All versions of WebAPP are considered vulnerable to this issue.

This BID will be updated when more information is available.

Mailreader Remote HTML Injection Vulnerability
BugTraq ID: 12945
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12945
Summary:
A remote HTML injection vulnerability affects Mailreader. This issue
is due to a failure of the application to properly sanitize
user-supplied input prior to including it in dynamically generated Web
content.

An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user.  This may facilitate
the theft of cookie-based authentication credentials as well as other
attacks.

Cisco VPN 3000 Concentrator Remote Denial of Service Vulnera...
BugTraq ID: 12948
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12948
Summary:
Cisco VPN 3000 Concentrator products are reported prone to a remote
denial of service vulnerability.

A remote unauthenticated attacker may trigger this vulnerability to
cause an affected device to reload or drop connections.  Specifically,
an attacker can target the HTTPS service running on a vulnerable
device to trigger this vulnerability.

Cisco VPN 3000 Concentrator products running software version 4.1.7.A
and prior are affected by this issue.

[ firmware ]

Linux Kernel File Lock Local Denial Of Service Vulnerability
BugTraq ID: 12949
Remote: No
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12949
Summary:
A local denial of service vulnerability reportedly affects the Linux
kernel.  This issue arises due to a failure of the kernel to properly
handle malicious, excessive file locks.

An attacker may leverage this issue to crash or hang the affected
kernel and deny service to legitimate users.

It should be noted that Symantec has been unable to reproduce this
issue after testing.  It is possible that this vulnerability is linked
to the reporter's specific configuration.  More information will be
added as it becomes available.

GDK-Pixbuf BMP Image Processing Double Free Remote Denial of...
BugTraq ID: 12950
Remote: Yes
Date Published: Mar 30 2005
Relevant URL: http://www.securityfocus.com/bid/12950
Summary:
gdk-pixbuf library is reported prone to a denial of service
vulnerability.  This issue arises due to a double free condition.

It is reported that this vulnerability presents itself when an
application that is linked against the library handles malformed
Bitmap (.bmp) image files.

A successful attack may result in a denial of service condition.  It
is not confirmed whether this vulnerability could be leveraged to
execute arbitrary code.

gdk-pixbuf 0.22.0 and gtk2 2.4.14 packages are known to be vulnerable
to this issue.  It is likely that other versions are affected as well.

This BID will be updated when more information becomes available.

OpenBSD TCP Stack Remote Denial Of Service Vulnerability
BugTraq ID: 12951
Remote: Yes
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12951
Summary:
A remote denial of service vulnerability affects the OpenBSD operating
system.  This issue is due to implementation errors in the TCP stack,
causing it to fail on malicious requests.

A remote attacker may leverage this issue to cause an affected
computer to exhaust memory or crash, denying service to legitimate
users.

bzip2 chmod File Permission Modification Race Condition Weak...
BugTraq ID: 12954
Remote: No
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12954
Summary:
bzip2 is reported prone to a security weakness, the issue is only
present when an archive is extracted into a world or group writeable
directory. It is reported that bzip2 employs non-atomic procedures to
write a file and later change the permissions on the newly extracted
file.

A local attacker may leverage this issue to modify file permissions of
target files.

This weakness is reported to affect bzip2 version 1.0.2 and previous
versions.

Linux Kernel futex Local Deadlock Denial Of Service Vulnerab...
BugTraq ID: 12959
Remote: No
Date Published: Mar 31 2005
Relevant URL: http://www.securityfocus.com/bid/12959
Summary:
The Linux kernel futex functions are reported prone to a local denial
of service vulnerability. The issue is reported to manifest because
several unspecified futex functions perform 'get_user()' calls and at
the same time hold mmap_sem for reading purposes.

A local attacker may potentially leverage this issue to trigger a
kernel deadlock and potentially deny service for legitimate users.

This vulnerability is reported to exist in the 2.6 Linux kernel tree.

RUMBA Profile Handling Multiple Buffer Overflow Vulnerabilit...
BugTraq ID: 12965
Remote: Yes
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12965
Summary:
RUMBA is reported prone to multiple buffer overflow
vulnerabilities. Theses issues are reported to manifest when RTO and
WPA profiles are loaded by the software.

Ultimately it is conjectured that this issue may be exploited by a
remote attacker to execute arbitrary attacker-supplied code in the
context of the vulnerable software.

RUMBA version 7.3 is reported prone to this issue, previous versions
are also reported to be affected.

Linux Kernel tmpfs Driver Local Denial Of Service Vulnerabil...
BugTraq ID: 12970
Remote: No
Date Published: Apr 01 2005
Relevant URL: http://www.securityfocus.com/bid/12970
Summary:
The Linux kernel is reported prone to a local denial of service
vulnerability. The issue is reported to exist in the Linux kernel
tmpfs driver, and is because of a lack of sanitization performed on
the address argument of 'shm_nopage()'.

More information about the gull-annonces mailing list