[gull-annonces] Résumé SecurityFocus Newsletter #309
Marc SCHAEFER
schaefer at alphanet.ch
Sun Aug 14 13:17:21 CEST 2005
ClamAV Multiple Integer Overflow Vulnerabilities
BugTraq ID: 14359
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14359
Summary:
ClamAV is susceptible to multiple integer overflow vulnerabilities.
Specifically, the vulnerabilities present themselves when the ClamAV
antivirus library handles malformed files.
This may allow attackers to control the flow of execution, and potentially
execute attacker-supplied code in the context of the affected application.
ClamAV 0.86.1 and prior versions are reported to be affected.
Beehive Forum Webtag Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14363
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14363
Summary:
Beehive Forum is prone to multiple cross-site scripting vulnerabilities.
These issues are due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the
affected site. This may facilitate the theft of cookie-based authentication
credentials as well as other attacks.
[ Java/Struts; donc contrib ]
ECI Telecom B-FOCuS Router 312+ Unauthorized Access Vulnerability
BugTraq ID: 14364
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14364
Summary:
B-FOCuS Router 312+ is affected by a vulnerability that can allow
unauthorized attackers to gain access to an affected device.
An attacker can disclose the administrator password through the Web
interface of the device.
This can lead to a complete compromise of the router.
[ firmware ]
Hobbit Monitor Remote Denial Of Service Vulnerability
BugTraq ID: 14365
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14365
Summary:
Hobbit Monitor is affected by a remote denial of service vulnerability.
This issue is due to a failure in the application to handle exceptional
conditions.
The application fails to deal with data received in a proper manner. An
attacker can exploit this vulnerability by sending malicious data to the
affected application and crash it, denying service to legitimate users.
[ Système de monitoring de serveurs, un peu comme Big Brother, libre ]
FTPLocate Remote Command Execution Vulnerability
BugTraq ID: 14367
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14367
Summary:
FtpLocate is prone to a remote arbitrary command execution vulnerability.
This issue presents itself due to insufficient sanitization of user-supplied
data.
An attacker can supply arbitrary commands and have them executed in the
context of the server.
This issue may facilitate unauthorized remote access to the computer running
the hosting Web server.
[ FTP search engine en Perl,
http://turtle.ee.ncku.edu.tw/ftplocate/readme.english.html, utilisant
Glimpse ]
3Com OfficeConnect Wireless 11g Access Point Remote Information
Disclosure Vulnerability
BugTraq ID: 14370
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14370
Summary:
3Com OfficeConnect Wireless 11g Access Point 3CRWE454G72 is reported prone
to an information disclosure vulnerability.
Information gathered through this attack may allow an attacker to carry out
further attacks against the device or other network users.
3Com OfficeConnect Wireless 11g Access Point 3CRWE454G72 firmware versions
prior to 1.03.12 are reported prone to this vulnerability.
[ firmware ]
Siemens Santis 50 Wireless Router Web Interface Denial Of Service
Vulnerability
BugTraq ID: 14372
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14372
Summary:
Siemens Santis 50 Wireless router Web interface is affected by a remote
denial of service vulnerability.
An attacker can exploit this issue to deny service to the Web interface and
gain access to privileged functions of the telnet CLI. These functions
enable the attacker to discover information about the configuration of the
device and connections. The attacker can also erase the FLASH contents.
Information obtained may be used in further attacks against the vulnerable
device or the network it operates on.
This issue may also affect the Ericsson HN294dp and Dynalink RTA300W
routers. Both devices are believed to use the same hardware as the Siemens
Santis 50 Wireless router; this has not been confirmed by Symantec.
[ firmware ]
Vim ModeLines Further Variant Arbitrary Command Execution Vulnerability
BugTraq ID: 14374
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14374
Summary:
Vim is susceptible to an arbitrary command execution vulnerability with
ModeLines. This issue is due to insufficient sanitization of user-supplied
input.
By modifying a text file to include ModeLines containing the 'glob()', or
'expand()' functions with shell metacharacters, attackers may cause
arbitrary commands to be executed.
This vulnerability allows an attacker to execute arbitrary commands with the
privileges of the vim user. This gives an attacker the ability to gain
remote access to computers running the vulnerable software.
This issue is similar to BIDs 6384 and 11941.
Gentoo Sandbox Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 14375
Remote: No
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14375
Summary:
Sandbox is reported prone to multiple local insecure temporary file creation
vulnerabilities. These issues are due to design errors that cause the
application to fail to verify the existence of files before writing to them.
This application runs with superuser privileges, allowing local attackers to
overwrite arbitrary files. This may cause system-wide crashes, denying
service to legitimate users. It may also be possible to gain elevated
privileges by exploiting this vulnerability, but this has not been confirmed.
pstotext Arbitrary Code Execution Vulnerability
BugTraq ID: 14378
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14378
Summary:
pstotext is susceptible to an arbitrary command execution vulnerability.
This issue is due to a failure of the application to ensure that GhostScript
is executed in a secure manner.
This issue allows attackers to create malicious PostScript files, that when
parsed by the affected utility, allow arbitrary commands to be executed.
This occurs in the context of the user running the affected utility.
netpbm pstopnm Arbitrary Code Execution Vulnerability
BugTraq ID: 14379
Remote: Yes
Date Published: 2005-07-25
Relevant URL: http://www.securityfocus.com/bid/14379
Summary:
pstopnm is susceptible to an arbitrary command execution vulnerability. This
issue is due to a failure of the application to ensure that GhostScript is
executed in a secure manner.
This issue allows attackers to create malicious PostScript files, that when
parsed by the affected utility, allow arbitrary commands to be executed.
This occurs in the context of the user running the affected utility.
This vulnerability was reported in version 10.0 of netpbm. Other versions
may also be affected.
ProFTPD SQLShowInfo SQL Output Format String Vulnerability
BugTraq ID: 14380
Remote: Yes
Date Published: 2005-07-26
Relevant URL: http://www.securityfocus.com/bid/14380
Summary:
A format string vulnerability exists in ProFTPD. This issue is exposed when
the SQLShowInfo directive is enabled. If the attacker can influence data in
the backend SQL database, it is possible to exploit this issue by inserting
a malicious format string into data that will be queried by ProFTPD.
Successful exploitation will result in arbitrary code execution in the
context of the server.
ProFTPD Shutdown Message Format String Vulnerability
BugTraq ID: 14381
Remote: Yes
Date Published: 2005-07-26
Relevant URL: http://www.securityfocus.com/bid/14381
Summary:
A format string vulnerability exists in ProFTPD. This issue is exposed when
the server prints a shutdown message containing certain variables such as
the current directory. If an attacker could create a directory on the
server, it may be possible to trigger this issue.
Successful exploitation will result in arbitrary code execution in the
context of the server.
Fetchmail POP3 Client Remote Denial of Service Vulnerabilities
BugTraq ID: 14384
Remote: Yes
Date Published: 2005-07-26
Relevant URL: http://www.securityfocus.com/bid/14384
Summary:
Fetchmail is affected by multiple remote denial of service vulnerabilities.
These issues were introduced due to a fix that was released for BID 14349
(Fetchmail POP3 Client Buffer Overflow Vulnerability).
Specifically, malformed responses from a malicious server can cause the
client to crash.
These issues affect Fetchmail 6.2.5.1.
FreeBSD IPsec Session AES-XCBC-MAC Authentication Constant Key Usage
Vulnerability
BugTraq ID: 14394
Remote: Yes
Date Published: 2005-07-27
Relevant URL: http://www.securityfocus.com/bid/14394
Summary:
FreeBSD is affected by a vulnerability that may allow remote unauthorized
attackers to establish an IPsec session.
The vulnerability presents itself when the 'AES-XCBC-MAC' algorithm is used
for authentication without any other method of IPsec encryption.
A successful attack can allow an attacker to forge packets and potentially
establish an IPsec session. This can lead to various other attacks.
Ethereal Multiple Protocol Dissector Vulnerabilities
BugTraq ID: 14399
Remote: Yes
Date Published: 2005-07-27
Relevant URL: http://www.securityfocus.com/bid/14399
Summary:
Many vulnerabilities in Ethereal have been disclosed by the vendor. The
reported issues are in various protocol dissectors.
These issues include:
- Buffer overflow vulnerabilities
- Format string vulnerabilities
- Null pointer dereference denial of service vulnerabilities
- Infinite loop denial of service vulnerabilities
- Memory exhaustion denial of service vulnerabilities
- Unspecified denial of service vulnerabilities
These issues could allow remote attackers to execute arbitrary machine code
in the context of the vulnerable application. Attackers could also crash the
affected application.
Various vulnerabilities affect differing versions of Ethereal, from 0.8.5,
through to 0.10.11.
Gforge Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 14405
Remote: Yes
Date Published: 2005-07-28
Relevant URL: http://www.securityfocus.com/bid/14405
Summary:
Gforge is prone to multiple cross-site scripting vulnerabilities. These
issues are due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage any of these issues to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the
affected site. These may facilitate the theft of cookie-based
authentication credentials as well as other attacks.
Linksys WRT54G Wireless Router Default SSL Certificate and Private Key
Vulnerability
BugTraq ID: 14407
Remote: Yes
Date Published: 2005-07-28
Relevant URL: http://www.securityfocus.com/bid/14407
Summary:
Linksys WRT54G wireless routers contain a default SSL certificate and
private key.
This constant certificate/key pair is always used to access the device.
This can allow an attacker to obtain the certificate/key pair and carry out
various attacks.
A complete compromise of the device is possible.
[ firmware ]
Cisco IOS IPv6 Processing Arbitrary Code Execution Vulnerability
BugTraq ID: 14414
Remote: Yes
Date Published: 2005-07-27
Relevant URL: http://www.securityfocus.com/bid/14414
Summary:
A remote arbitrary code execution vulnerability affects the IPv6 processing
functionality of Cisco IOS.
A successful attack may allow a remote attacker to execute arbitrary code
and gain unauthorized access to the device. An attacker can also leverage
this issue to cause an affected device to reload, denying service to
legitimate users.
This issue may be related to BID 12368 (Cisco IOS IPv6 Processing Remote
Denial Of Service Vulnerability).
Cisco has stated that exploitation of this vulnerability in Cisco IOS XR may
cause the IPv6 neighbor discovery process to restart. If exploited
repeatedly, this could result in a prolonged denial of service affecting
IPv6 traffic travelling through the device.
[ firmware ]
libtiff Tiff Image Header Divide By Zero Denial of Service Vulnerability
BugTraq ID: 14417
Remote: Yes
Date Published: 2005-07-29
Relevant URL: http://www.securityfocus.com/bid/14417
Summary:
libtiff is affected by a vulnerability that may cause a denial of service in
applications utilizing the library. This issue is due to a failure in the
library to sufficiently validate specific header values.
An attacker can exploit this vulnerability to cause a denial of service, or
loss of data in applications utilizing the affected library.
This issue is known to affect the CUPS printing system and the Evolution
email client; other applications using the LibTIFF library may also be
affected.
This issue may be related to BID 12874 - ImageMagick TIFF Image File
Unspecified Denial Of Service Vulnerability.
Gopher Insecure Temporary File Creation Vulnerability
BugTraq ID: 14420
Remote: No
Date Published: 2005-07-29
Relevant URL: http://www.securityfocus.com/bid/14420
Summary:
Gopher is prone to an unspecified insecure temporary file creation
vulnerability. This issue is likely due to a design error that causes the
application to fail to verify the existence of a file before writing to it.
The details available regarding this issue are not sufficient to provide an
in depth technical description. This BID will be updated when more
information becomes available.
An attacker may leverage this issue to overwrite arbitrary files with the
privileges of an unsuspecting user that activates the vulnerable application.
[ j'ai arrêté de faire du Gopher en 1992 ... qui utilise encore ce
système ? :) ]
Kismet Multiple Unspecified Remote Vulnerabilities
BugTraq ID: 14430
Remote: Yes
Date Published: 2005-07-29
Relevant URL: http://www.securityfocus.com/bid/14430
Summary:
Kismet is prone to three unspecified remote vulnerabilities. These issues
could be exploited to completely compromise a computer running Kismet to
sniff wireless network traffic.
There is no further information available at this time.
Metasploit Framework Unspecified Remote Vulnerability
BugTraq ID: 14431
Remote: Yes
Date Published: 2005-07-30
Relevant URL: http://www.securityfocus.com/bid/14431
Summary:
Metasploit Framework is prone to an unspecified vulnerability. This issue
allows remote attackers to compromise the computer of users using the
affected application.
This vulnerability is likely exploited by returning malicious data to the
application in unknown network connections, causing arbitrary code to be
executed in the context of the scanning application.
UPDATE: This BID has been retired as it been determined that the issue is
not a vulnerability. Additional information has been provided that states
the issue is a due to insufficient filtering of potentially malicious
terminal escape sequences when logging external input. These escape
sequences are not interpreted at any point by the application, and only pose
a threat if rendered with an external viewer within a terminal emulator
program that will interpret them. In that instance, this presents a
security vulnerability in the terminal emulator program. As Metasploit does
not interpret the malicious input itself, it is not within the scope of the
application to filter this type of input. This is not a vulnerability in
Metasploit since it does not impact security properties of the application
itself.
More information about the gull-annonces
mailing list