[gull-annonces] Résumé SecurityFocus Newsletter #311

Marc SCHAEFER schaefer at alphanet.ch
Sun Aug 21 20:14:44 CEST 2005 

Wine WineLauncher.IN Local Insecure File Creation Vulnerability
BugTraq ID: 14496
Remote: No
Date Published: 2005-08-08
Relevant URL: http://www.securityfocus.com/bid/14496
Summary:
A local insecure file creation vulnerability affects Wine. This issue is 
likely due to a design error that causes the application to fail to verify 
the existence of a file before writing to it.

The details available regarding this issue are not sufficient to provide an 
in depth technical description. This BID will be updated when more 
information becomes available.

An attacker may leverage this issue to overwrite arbitrary files with the 
privileges of an unsuspecting user that activates the vulnerable application.

This issue is reported in version 20050725; other version may also be 
affected.

FFTW Insecure Temporary File Creation Vulnerability
BugTraq ID: 14501
Remote: No
Date Published: 2005-08-08
Relevant URL: http://www.securityfocus.com/bid/14501
Summary:
FFTW creates temporary files in an insecure manner. An attacker with local 
access could potentially exploit this issue to overwrite files in the 
context of the application. The vulnerability is due to the program creating 
temporary files with a predictable name in the '/tmp' directory.

A local attacker most likely takes advantage of this vulnerability by 
creating a malicious symbolic link in a directory where the temporary files 
will be created. When the program attempts to perform an operation on a 
temporary file, it will instead perform the operation on the file pointed to 
by the malicious symbolic link. 
Exploitation would most likely result in loss of data or a denial of service 
if critical files are overwritten in the attack. Other attacks may be 
possible as well.

This issue is reported in version 3.0.1 of the FFTW library; other versions 
may also be affected.

[ semble être ça: http://www.fftw.org/, mais c'est étrange. Bibliothèque
pour FFT (Fast Fourier Transform) ]

MySQL User-Defined Function Buffer Overflow Vulnerability
BugTraq ID: 14509
Remote: Yes
Date Published: 2005-08-08
Relevant URL: http://www.securityfocus.com/bid/14509
Summary:
MySQL is prone to a buffer overflow vulnerability.  This issue is due to 
insufficient bounds checking of data supplied as an argument in a 
user-defined function.

This issue could be exploited by a database user with sufficient access to 
create a user-defined function.  It may also be possible to exploit this 
issue trhough latent SQL injection vulnerabilities in third-party 
applications that use the database as a backend.

Successful exploitation will result in execution of arbitrary code in the 
context of the database server process.

Linux Kernel Non-Zero Keyring Local Denial of Service Vulnerability
BugTraq ID: 14517
Remote: No
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14517
Summary:
The Linux kernel is reported prone to a local denial of service 
vulnerability.

This issue arises if a user attempts to add a keyring that does not contain 
an empty payload.

A successful attack can allow a local attacker to deny service to legitimate 
users due to a kernel oops.

Linux Kernel Session Keyring Allocation Local Denial of Service 
Vulnerability
BugTraq ID: 14521
Remote: No
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14521
Summary:
The Linux kernel is reported prone to a local denial of service 
vulnerability.

Specifically, the vulnerability presents itself when a user attempts to 
allocate a new session keyring and some exceptional conditions arise.

This can allow a local attacker to deny service to legitimate users.

Inkscape Insecure Temporary File Creation Vulnerability
BugTraq ID: 14522
Remote: No
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14522
Summary:
Inkscape creates temporary files in the '/tmp' directory in an insecure 
manner. An attacker with local access may overwrite or create files using 
symbolic link attacks.

This type of attack can result in denial of service or loss of data within 
the context of the affected application. Other attacks may be possible.

[ implémentation éditeur SVG libre, compatible Adobe Illustrator ]

AWStats Referrer Arbitrary Command Execution Vulnerability
BugTraq ID: 14525
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14525
Summary:
AWStats is affected by an arbitrary command execution vulnerability.  This 
issue is due to a failure in the application to properly sanitize 
user-supplied input.

Successful exploitation of this vulnerability will permit an attacker to 
execute arbitrary Perl code on the system hosting the affected application 
in the security context of the Web server process.  This may aid in further 
attacks against the underlying system; other attacks are also possible.

It should be noted this vulnerability is only possible if the affected 
application has at least one URLPlugin enabled.

Mozilla Firefox And Thunderbird Long URI Obfuscation Weakness
BugTraq ID: 14526
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14526
Summary:
A weakness is reported in Mozilla Firefox and Thunderbird that may allow an 
attacker to obfuscate the URI of a link. This could facilitate the 
impersonation of legitimate Web sites in order to steal sensitive 
information from unsuspecting users. 

It is reported that the weakness exists when URIs presented to the 
vulnerable application are overly long. When a URI as described is 
displayed, it is reported that the text in the address bar goes completely 
white, making the URI invisible to the user.

This may facilitate other attacks by hiding the URI from the targeted user.

Mozilla Firefox 1.0.6, and Thunderbird 1.0 are affected by this issue. Other 
versions and products may also be affected.

Easy Software Products CUPS Denial of Service Vulnerability
BugTraq ID: 14527
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14527
Summary:
CUPS is affected by a denial of service vulnerability.  This issue manifests 
when the application fails to do proper bounds checking when handling 
malformed PDF files.  

An attacker can exploit this vulnerability by supplying a malformed PDF file 
to the affected application resulting in an endless loop, thus denying 
service to legitimate users.

XPDF Loca Table Verification Remote Denial of Service Vulnerability
BugTraq ID: 14529
Remote: Yes
Date Published: 2005-08-09
Relevant URL: http://www.securityfocus.com/bid/14529
Summary:
XPDF is prone to a remote denial of service vulnerability.

The vulnerability presents itself when the application attempts to verify 
the validity of a malformed 'loca' table in PDF files.

This issue can result in disk consumption and ultimately lead to a denial of 
service condition.

kpdf, gpdf and CUPS are vulnerable to this issue as well.

GNOME Evolution Multiple Format String Vulnerabilities
BugTraq ID: 14532
Remote: Yes
Date Published: 2005-08-10
Relevant URL: http://www.securityfocus.com/bid/14532
Summary:
Evolution is affected by multiple format string vulnerabilities.

These issues can allow remote attackers to execute arbitrary code in the 
context of the client.

Evolution versions 1.5 to 2.3.6.1 are affected.

Grandstream BudgeTone Denial Of  Service Vulnerability
BugTraq ID: 14539
Remote: Yes
Date Published: 2005-08-10
Relevant URL: http://www.securityfocus.com/bid/14539
Summary:
Grandstream BudgeTone telephones are prone to a denial of service 
vulnerability. 
This particular attack will cause a Grandstream Budge Tone telephone to 
malfunction by aborting any call currently in progress, rendering the 
display on the telephone inoperable, and causing the integrated HTTP server 
to stop responding. Switching the telephone off and on again will resume 
normal operation.

[ firmware ]

HP Proliant DL585 Server Unauthorized Remote Access Vulnerability
BugTraq ID: 14540
Remote: Yes
Date Published: 2005-08-10
Relevant URL: http://www.securityfocus.com/bid/14540
Summary:
HP Proliant DL585 Server is affected by an unauthorized access vulnerability.

When the server is powered down, a remote attacker can gain access to the 
server controls.  
Very little information is available on this issue; this BID will be updated 
as more information becomes available.

[ firmware/BIOS/wake-on-LAN probably ]

Mentor ADSL-FR4II Multiple Vulnerabilities
BugTraq ID: 14557
Remote: Yes
Date Published: 2005-08-13
Relevant URL: http://www.securityfocus.com/bid/14557
Summary:
Mentor ADSL-FR4II is prone to multiple vulnerabilities which could allow 
unauthorized remote access or result in a denial of service.

Specifically, the backup configuration files downloaded from the device 
contain the administrator password in clear text.

The device is also prone to a denial of service when a number of connections 
to various ports on the device are made.

[ firmware ]

More information about the gull-annonces mailing list