[gull-annonces] Résumé SecurityFocus Newsletter #310

Marc SCHAEFER schaefer at alphanet.ch
Sun Aug 14 22:26:28 CEST 2005 

No-Brainer SMTP Client log_msg() Remote Format String Vulnerability
BugTraq ID: 14441
Remote: Yes
Date Published: 2005-08-01
Relevant URL: http://www.securityfocus.com/bid/14441
Summary:
A remote format string vulnerability affects the message logging 
functionality of nbSMTP. This issue is due to a failure of the application 
to properly sanitize user-supplied input prior to passing it as the format 
specifier to a formatted printing function.

A remote attacker may leverage this issue to write to arbitrary process 
memory, facilitating code execution.

Info-ZIP unzip chmod(2) File Permission Modification Race Condition Weakness
BugTraq ID: 14450
Remote: No
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14450
Summary:
Info-ZIP unzip is reported prone to a security weakness; the issue is only 
present when an archive is extracted into a world or group writable 
directory. It is reported that unzip employs non-atomic procedures to write 
a file and later change the permissions on the newly extracted file.

A local attacker may leverage this issue to modify file permissions of 
target files.

Metasploit Framework MSFWeb Defanged Mode Restriction Bypass 
Vulnerability
BugTraq ID: 14455
Remote: Yes
Date Published: 2005-08-02
Relevant URL: http://www.securityfocus.com/bid/14455
Summary:
Metasploit Framework is susceptible to a restriction bypass vulnerability in 
msfweb. This issue is due to a failure of the application to properly 
implement access control restrictions.

This issue allows remote attackers to bypass security restrictions in the 
affected Web server. Attackers may exploit this issue to attack arbitrary 
computers using the Metasploit Framework, while originating the attacks from 
the computer hosting the vulnerable msfweb process.

Attackers may also interact with the payload features in the Metasploit 
Framework to manipulate files on the hosting computer, likely leading to 
executing arbitrary commands and then complete system compromise.

It should be noted that the Metasploit Framework documentation specifies 
that msfweb should not be globally accessible, due to potential security 
problems.

[ http://www.metasploit.com/projects/Framework/ ]

Debian apt-cacher Remote Command Execution Vulnerability
BugTraq ID: 14459
Remote: Yes
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14459
Summary:
apt-cacher is prone to a remote command execution vulnerability.

Specifically, the vulnerability can allow remote attackers to execute 
arbitrary commands on a computer that is acting as a caching host with the 
privileges of 'www-data'.

This may allow an attacker to gain unauthorized access to a vulnerable 
computer.

[ http://www.debian.org/security/2005/dsa-772 ]

Karrigell KS File Arbitrary Python Command Execution Vulnerability
BugTraq ID: 14463
Remote: Yes
Date Published: 2005-07-31
Relevant URL: http://www.securityfocus.com/bid/14463
Summary:
Karrigell is susceptible to an arbitrary Python command execution 
vulnerability. This issue is due to a design flaw that allows remote 
attackers to execute Python commands that they are not intended to have 
access to.

Attackers may exploit this vulnerability to execute arbitrary Python 
commands in the context of the Web server hosting the Karrigell framework. 
This allows remote malicious users to cause denial of service conditions, 
create or overwrite arbitrary files, and likely compromise the hosting 
computer.

[ Python WWW server, GPL ]

Linux Kernel Stack Fault Exceptions Unspecified Local Denial of Service 
Vulnerability
BugTraq ID: 14467
Remote: No
Date Published: 2005-08-03
Relevant URL: http://www.securityfocus.com/bid/14467
Summary:
Linux kernel is reported prone to an unspecified local denial of service 
vulnerability.

It was reported that this issue arises when a local user triggers stack 
fault exceptions. A local attacker may exploit this issue to carry out a 
denial of service attack against a vulnerable computer by crashing the 
kernel.

Linux Kernel NFSACL Protocol XDR Data Remote Denial of Service 
Vulnerability
BugTraq ID: 14470
Remote: Yes
Date Published: 2005-08-04
Relevant URL: http://www.securityfocus.com/bid/14470
Summary:
Linux Kernel is affected by a remote denial of service vulnerability when 
handling XDR data for the nfsacl protocol.

Specific details about this issue were not disclosed.  It is conjectured 
that an attacker crafts malformed XDR data that contains large string values 
to corrupt kernel memory.

This may result in a denial of service condition.

McDATA E/OS Remote Denial Of Service Vulnerability
BugTraq ID: 14475
Remote: Yes
Date Published: 2005-08-04
Relevant URL: http://www.securityfocus.com/bid/14475
Summary:
McDATA Sphereon 4300, and 4500 Fabric Switches, Intrepid 6064, and 6140 
Director Switches are susceptible to a remote denial of service 
vulnerability when running E/OS versions prior to 6.0.0. This issue is due 
to the affected devices failing to properly handle network broadcast storms.

Hosts utilizing the SAN for storage may loose complete access to the 
attached storage.

This vulnerability allows attackers to simultaneously deny storage service 
to potentially numerous servers connected to a SAN.

Versions of E/OS prior to 6.0.0 are affected by this vulnerability.

[ FibreChannel switches ]

Linux Kernel XFRM Array Index Buffer Overflow Vulnerability
BugTraq ID: 14477
Remote: No
Date Published: 2005-08-05
Relevant URL: http://www.securityfocus.com/bid/14477
Summary:
Linux kernel is prone to an array index buffer overflow vulnerability.  This 
issue exists due to insufficient validation of user-supplied data.  The 
vulnerability exists in the XFRM network architecture code.  
A successful attack can allow a local attacker to trigger an overflow, which 
may lead to a denial of service condition due to memory corruption.  
Arbitrary code execution may be possible, however, this has not been 
confirmed.

This issue affects Linux Kernel versions 2.6.x.

Lantronix Secure Console Server SCS820/SCS1620 Multiple Local 
Vulnerabilities
BugTraq ID: 14486
Remote: No
Date Published: 2005-08-05
Relevant URL: http://www.securityfocus.com/bid/14486
Summary:
Lantronix Secure Console Server SCS820/SCS1620 devices are susceptible to 
multiple local vulnerabilities.

The first issue is an insecure default permission vulnerability. Attackers 
may exploit this vulnerability to write data to arbitrary files with 
superuser privileges. Other attacks are also possible.

The second issue is a directory traversal vulnerability in the command-line 
interface. Attackers may exploit this vulnerability to gain inappropriate 
access to the underlying operating system.

The third issue is a privilege escalation vulnerability in the command-line 
interface. Local users with 'sysadmin' access to the device can escape the 
command-line interface to gain superuser privileges in the underlying 
operating system.

The last issue is a buffer overflow vulnerability in the 'edituser' binary. 
Attackers may exploit this vulnerability to execute arbitrary machine code 
with superuser privileges.

The reporter of these issues states that firmware versions prior to 4.4 are 
vulnerable.

[ firmware ]

More information about the gull-annonces mailing list