[gull-annonces] Résumé SecurityFocus Newsletter #323-325
Marc SCHAEFER
schaefer at alphanet.ch
Mon Dec 5 13:11:14 CET 2005
OpenVPN Client Remote Format String Vulnerability
BugTraq ID: 15239
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15239
Summary:
OpenVPN is reported prone to a remote format string vulnerability.
A malicious server can send specially crafted command options such as
'dhcp-option' including format specifiers to a client to trigger this
vulnerability.
A remote attacker may leverage this issue to write to arbitrary
process memory, facilitating code execution. This can result in
unauthorized remote access.
This issue affects OpenVPN 2.0.x versions. OpenVPN running on Windows is
not vulnerable to this issue.
OpenVPN Server Remote Denial Of Service Vulnerability
BugTraq ID: 15270
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15270
Summary:
OpenVPN server is prone to a remote denial of service vulnerability. This is
due to a design error in which the server, running in TCP mode, will be
unable to handle exceptional conditions.
This issue affects all OpenVPN 2.0 versions; the vendor has released version
2.0.4 to address this issue.
ntop Insecure Temporary File Creation Vulnerability
BugTraq ID: 15242
Remote: No
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15242
Summary:
ntop creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service
if critical files are overwritten in the attack. Other attacks may be
possible as well.
Multiple Vendor readdir_r Buffer Overflow Vulnerability
BugTraq ID: 15259
Remote: No
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15259
Summary:
Certain uses of the 'readdir_r' function may result in a buffer overflow
vulnerability. This issue is due to a race condition between the allocation
of a memory buffer, and the usage of the buffer in further operations.
Specifically, the 'readdir_r' function fails to specify or require a
specific size of memory buffer that it returns its results into. By using a
memory buffer that is too small for the result, a buffer overflow may occur.
Attackers may exploit this issue to execute arbitrary machine code in the
context of affected applications. Failed exploit attempts will likely result
in crashes, denying service to legitimate users.
Operating systems with no difference in the maximum path lengths among
differing file systems are not affected by this issue.
[ readdir_r est la version thread-safe de readdir. A mon avis cela
concerne surtout Solaris, la plupart des autres systèmes implémentent un
readdir(3) qui n'a des problèmes que si le `directory handle' est
partagé entre thread. ]
pax File Permission Modification Race Condition Weakness
BugTraq ID: 15262
Remote: No
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15262
Summary:
pax is reported prone to a security weakness; the issue is only present when
an archive is extracted into a world or group writable directory. It is
reported that pax employs non-atomic procedures to write a file and later
change the permissions on the newly extracted file.
A local attacker may leverage this issue to modify file permissions of
target files.
[ pax est une évolution de tar/cpio ]
NetBSD Insecure Temporary File Creation Vulnerability
BugTraq ID: 15263
Remote: No
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15263
Summary:
NetBSD creates temporary files in an insecure manner in the X build process.
An attacker with local access could potentially exploit this issue to
overwrite files in the context of the victim user.
Exploitation would most likely result in loss of data or a denial of service
if critical files are overwritten in the attack. Other attacks may be
possible as well.
NetBSD KernFS Local Kernel Memory Disclosure Vulnerability
BugTraq ID: 15264
Remote: No
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15264
Summary:
The kernfs file system in NetBSD is prone to a kernel memory disclosure
vulnerability. This issue arises due to insufficient sanitization of
user-supplied arguments passed to 'kernfs_xread()'.
Information disclosed through this attack may be used to launch other
attacks against a computer and potentially aid in a complete compromise.
Cisco Airespace WLAN Controller Unauthorized Network Access Vulnerability
BugTraq ID: 15272
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15272
Summary:
Cisco Airespace WLAN (Wireless LAN) devices are prone to an issue that may
permit unauthorized parties to access a secure network.
This issue can occur when Cisco access points are configured to run in
Lightweight Access Point Protocol (LWAPP) mode.
This vulnerability may allow unauthorized parties to send unencrypted
network packets to a secure network by spoofing the MAC address of another
host that has already authenticated. This may bypass the security of the
wireless network as it may permit unauthorized access by hosts that have not
authenticated.
[ firmware ]
Cisco IOS System Timers Heap Buffer Overflow Exploitation
BugTraq ID: 15275
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15275
Summary:
Cisco IOS is prone to heap-based buffer overflow exploitation. Cisco has
released an advisory stating that IOS upgrades are available to address the
possibility of exploitation of heap-based buffer overflow vulnerabilities.
It is not known at this time if the advisory addresses a specific heap
overflow or just provides security enhancements to mitigate attempts to
exploit other heap overflow vulnerabilities.
[ firmware ]
NetBSD SO_LINGER DIAGNOSTIC Checking Local Denial of Service
Vulnerability
BugTraq ID: 15289
Remote: No
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15289
Summary:
NetBSD is susceptible to a local denial of service condition due to a
kernel-level bug in the SO_LINGER diagnostics checking code. NetBSD versions
2.x are affected.
This issue only affects NetBSD kernels compiled with the 'DIAGNOSTIC'
directive enabled.
This issue allows local attackers to panic the kernel, denying further
service to legitimate users.
NetBSD Local ptrace Privilege Escalation Vulnerability
BugTraq ID: 15290
Remote: No
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15290
Summary:
NetBSD is susceptible to a local privilege escalation vulnerability in its
'ptrace' process tracing facility. This issue is due to a failure of the
kernel to properly validate if an executable is running with elevated
privileges prior to allowing the process to be traced.
This issue allows local attackers to ptrace privileged processes. Attackers
may call arbitrary system calls, and alter the behavior of the traced
process. This likely leads to a full system compromise.
libungif Colormap Handling Memory Corruption Vulnerability
BugTraq ID: 15299
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15299
Summary:
libungif is prone to a memory corruption vulnerability.
Reports indicate that due to improper handling of colormaps in GIF files an
attacker can trigger out-of-bounds writes and corrupt memory.
This may lead to a denial of service condition.
libungif 4.1.3 and prior versions are considered to be vulnerable to this
issue.
libungif Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 15304
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15304
Summary:
libungif is prone to a denial of service vulnerability. This issue is due
to a failure in the application to handle exceptional conditions.
Successful exploitation of this vulnerability will cause the application
utilizing the affected library to crash, effectively denying service to
legitimate users.
libungif 4.1.3 and prior versions are considered to be vulnerable to this
issue.
chfn User Modification Privilege Escalation Vulnerability
BugTraq ID: 15314
Remote: No
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15314
Summary:
chfn is prone to a privilege escalation vulnerability. This issue is due to
a failure in the application to properly sanitize user-supplied input.
A local attacker can exploit this vulnerability to escalate privileges to
that of the superuser account.
clam Anti-Virus clamav TNEF File Handling Denial Of Service Vulnerability
BugTraq ID: 15316
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15316
Summary:
clamav is prone to a denial of service vulnerability. This is due to a
failure in the application to handle malformed TNEF files.
Exploitation could cause the application to enter an infinite loop,
resulting in a denial of service.
clam Anti-Virus clamav CAB File Handling Denial Of Service Vulnerability
BugTraq ID: 15317
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15317
Summary:
clamav is prone to a denial of service vulnerability. This is due to a
failure in the application to handle malformed CAB files.
Exploitation could cause the application to enter an infinite loop,
resulting in a denial of service.
clam Anti-Virus clamav FSG File Handling Buffer Overflow Vulnerability
BugTraq ID: 15318
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15318
Summary:
clamav is prone to a buffer overflow vulnerability. This issue is due to a
failure of the application to properly bounds check user-supplied data prior
to copying it to an insufficiently sized memory buffer.
This issue occurs when the application attempts to handle FSG files.
Exploitation of this issue could allow attacker-supplied machine code to be
executed in the context of the affected application. The issue would occur
when the malformed file is scanned manually or automatically in deployments
such as email gateways.
Acme thttpd Insecure Temporary File Creation Vulnerability
BugTraq ID: 15320
Remote: No
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15320
Summary:
thttpd creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to
overwrite files in the context of the Web server process.
Exploitation would most likely result in loss of data or a denial of service
if critical files are overwritten in the attack. Other attacks may be
possible as well.
Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
BugTraq ID: 15325
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15325
Summary:
A remote denial of service vulnerability affects Apache Tomcat. This issue
is due to a failure of the application to efficiently handle multiple
directory listing requests.
Once this issue has been triggered, the application fails to serve further
requests to legitimate users until the Tomcat processes have been restarted.
An attacker may leverage this issue to trigger a denial of service condition
in the affected software.
[ semblerait que n'affecte que tomcat5 ]
Multiple Vendor Web Browser Cookie Hostname Handling Weakness
BugTraq ID: 15331
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15331
Summary:
Multiple Web browsers are susceptible to a cookie hostname handling weakness
that potentially discloses sensitive information. This issue is due to a
failure of the Web browsers to properly ensure that cookies are properly
associated to domain names.
This issue presents itself when the computer running the affected Web
browser has the DNS resolver library configured with a search path.
This issue potentially allows remote attackers to gain access to potentially
sensitive information stored in browser cookies, aiding them in further
attacks. This may also aid attackers in phishing style attacks, by
obfuscating the destination of URIs.
It should be noted that this issue is only exploitable if users utilize
hostnames that are simultaneously valid regarding existing top level
domains, and internally hosted domains.
[ style http://monserveur, et monserveur.fournisseur.ch ]
Asterisk Voicemail Unauthorized Access Vulnerability
BugTraq ID: 15336
Remote: Yes
Date Published: 2005-11-07
Relevant URL: http://www.securityfocus.com/bid/15336
Summary:
Asterisk is prone to an unauthorized access vulnerability. This issue is
due to a failure in the application to properly verify user-supplied input.
Successful exploitation will grant an attacker access to a victim users
voicemail, and any '.wav/.WAV' files currently on the affected system.
[ Apparemment uniquement via l'interface WWW de démonstration vmail.cgi,
qui n'est pas installé par défaut.
]
Debian Horde Default Administrator Password Vulnerability
BugTraq ID: 15337
Remote: Yes
Date Published: 2005-11-07
Relevant URL: http://www.securityfocus.com/bid/15337
Summary:
The default Horde3 installation for Debian has a blank administrator
password.
A local or remote attacker can exploit this vulnerability to gain
administrative access to the affected application. This may aid an attacker
in further attacks against the underlying system; other attacks are also
possible.
This issue is specific to Debian Linux installations of the Horde3
application.
[ mis ici pour référence vu que c'est un bug des scripts non PHP ]
Jed Wing CHM Lib LZX Decompression Method Buffer Overflow Vulnerability
BugTraq ID: 15338
Remote: Yes
Date Published: 2005-11-07
Relevant URL: http://www.securityfocus.com/bid/15338
Summary:
CHM lib is susceptible to a buffer overflow vulnerability.
Reports indicate that this issue affects the LZX decompression method. It
is conjectured that the vulnerability is remote in nature and allows
attackers to execute arbitrary machine code in the context of the
application that utilizes the CHM lib library.
Further details are not available at the moment. This BID will be updated
when more information becomes available.
GNU gnump3d CGI And Cookie Parameter Directory Traversal Vulnerability
BugTraq ID: 15496
Remote: Yes
Date Published: 2005-11-18
Relevant URL: http://www.securityfocus.com/bid/15496
Summary:
GNU gnump3d is prone to a directory traversal vulnerability.
Very little information is available on this issue. It is conjectured an
attacker can exploit this vulnerability to retrieve or corrupt arbitrary
files, this may aid in further attacks against the underlying system; other
attacks are also possible.
GNU gnump3d Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 15341
Remote: Yes
Date Published: 2005-11-07
Relevant URL: http://www.securityfocus.com/bid/15341
Summary:
GNU gnump3d is prone to an unspecified cross-site scripting vulnerability.
An attacker may leverage this issue to have arbitrary script code executed
in the browser of an unsuspecting user in the context of the affected site.
This may facilitate the theft of cookie-based authentication credentials as
well as other attacks.
This issue is similar to that discussed in BID 15226 (GNU gnump3d Error Page
Cross-Site Scripting Vulnerability) but is a seperate issue.
linux-ftpd-ssl FTP Server Remote Buffer Overflow Vulnerability
BugTraq ID: 15343
Remote: Yes
Date Published: 2005-11-07
Relevant URL: http://www.securityfocus.com/bid/15343
Summary:
linux-ftpd-ssl FTP Server is susceptible to a remote buffer overflow
vulnerability. This issue is due to a failure of the application to properly
bounds check user-supplied input data prior to copying it to an
insufficiently sized memory buffer.
This vulnerability allows remote attackers to execute arbitrary machine code
in the context of the vulnerable server application, typically with
superuser privileges.
FileZilla Server Terminal Remote Client-Side Buffer Overflow
Vulnerability
BugTraq ID: 15346
Remote: Yes
Date Published: 2005-11-07
Relevant URL: http://www.securityfocus.com/bid/15346
Summary:
A remote, client-side buffer overflow vulnerability reportedly affects
FileZilla Server Terminal. This issue is due to a failure of the application
to properly validate the length of user-supplied strings prior to copying
them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This may
facilitate unauthorized access or privilege escalation.
Sylpheed LDIF Import Remote Buffer Overflow Vulnerability
BugTraq ID: 15363
Remote: Yes
Date Published: 2005-11-08
Relevant URL: http://www.securityfocus.com/bid/15363
Summary:
Sylpheed is prone to a buffer overflow vulnerability.
A buffer overflow condition can occur when a malicious LDIF file is imported
into an address book by a user.
Exploitation of this vulnerability may allow an attacker to gain
unauthorized access to the computer in the context of the Sylpheed client.
[ Sylpheed est un client mail léger; l'attaque n'est possible que si LDAP
est utilisé, p.ex. pour le carnet d'adresse ]
Linux Kernel sysctl() Unregistration Local Denial of Service Vulnerability
BugTraq ID: 15365
Remote: No
Date Published: 2005-11-09
Relevant URL: http://www.securityfocus.com/bid/15365
Summary:
Linux Kernel is reported prone to a local denial of service vulnerability.
This issue arises from a failure to properly unregister kernel resources
when network devices are removed.
This issue allows local attackers to deny service to legitimate users. It is
conjectured that it may also be possible to execute arbitrary code in the
context of the kernel, but this has not been confirmed.
Mike Neuman osh Environment Variable Buffer Overflow Vulnerability
BugTraq ID: 15370
Remote: No
Date Published: 2005-11-09
Relevant URL: http://www.securityfocus.com/bid/15370
Summary:
osh is susceptible to a buffer overflow vulnerability when processing
environment variables. This issue is due to a flaw in the application that
results in overwriting adjacent environment variables with user-supplied
contents.
This issue may be exploited to execute arbitrary code with superuser
privileges.
[ shell privilégié et restreint, un peu une combinaison de bash et de sudo ]
spamassassin Bus Error Spam Detection Bypass Vulnerability
BugTraq ID: 15373
Remote: Yes
Date Published: 2005-11-09
Relevant URL: http://www.securityfocus.com/bid/15373
Summary:
spamassassin is prone to a vulnerability that could bypass spam detection.
This issue is due to a failure in the application to handle exceptional
conditions.
An attacker can exploit this vulnerability to crash a child process,
effectively permitting the email to bypass detection and go through.
IPCop Backup Key Information Disclosure Vulnerability
BugTraq ID: 15377
Remote: No
Date Published: 2005-11-10
Relevant URL: http://www.securityfocus.com/bid/15377
Summary:
IPCop is prone to an information disclosure vulnerability. IPCop is prone
to an information disclosure vulnerability. The problem is due to how the
application stores the key to encrypted backup files.
An attacker can exploit this vulnerability to decrypt backup files.
Information obtained may aid in further attacks; other attacks may also be
possible.
It may be possible for an attacker to exploit this vulnerability to
overwrite arbitrary backup files. However, the attacker must have access to
the 'nobody' user account, either through legitimate means, or through some
other latent vulnerability. The attacker may also be able to overwrite
arbitrary files with superuser privileges through exploitation of this issue.
[ distribution GNU/Linux avec firewall, VPN et config par WWW ]
IPCop Backup File Replacement Race Condition Vulnerability
BugTraq ID: 15378
Remote: No
Date Published: 2005-11-10
Relevant URL: http://www.securityfocus.com/bid/15378
Summary:
IPCop is prone to a race condition that could permit the replacement of a
backup file. This issue is due to the application changing the ownership on
the file before it in encrypts it.
A local attacker must have access to the 'nobody' user account, either
through legitimate means, or through some other latent vulnerability to
exploit this issue.
Successful exploitation will replace the backup file with arbitrary
attacker-supplied data. If the backup file is restored, system information
may be overwritten with arbitrary data using superuser privileges.
Dev-Editor Virtual Directory Security Bypass Vulnerability
BugTraq ID: 15393
Remote: Yes
Date Published: 2005-11-11
Relevant URL: http://www.securityfocus.com/bid/15393
Summary:
Dev-Editor is prone to a vulnerability regarding the unauthorized access to
directories outside the root virtual directory.
The problem presents itself in the way Dev-Editor handles access to virtual
directories.
Successful exploitation will grant an attacker access to directories outside
the designated root virtual directory. This will result in information
disclosure, and access to possibly privileged information.
[ éditeur de fichiers Perl::CGI ]
Sudo Perl Environment Variable Handling Security Bypass Vulnerability
BugTraq ID: 15394
Remote: No
Date Published: 2005-11-11
Relevant URL: http://www.securityfocus.com/bid/15394
Summary:
sudo is prone to a security bypass vulnerability that could lead to
arbitrary code execution. This issue is due to an error in the application
when handling the 'PERLLIB', 'PERL5LIB' and 'PERL5OPT' environment variables
when tainting is ignored.
An attacker can exploit this vulnerability to bypass security restrictions
and include arbitrary library files.
An attacker must have the ability to run Perl scripts through sudo to
exploit this vulnerability.
lynx URI Handlers Arbitrary Command Execution Vulnerability
BugTraq ID: 15395
Remote: Yes
Date Published: 2005-11-11
Relevant URL: http://www.securityfocus.com/bid/15395
Summary:
lynx is prone to an arbitrary command execution vulnerability. This issue
is due to a failure in the application to properly sanitize user-supplied
input.
A remote attacker can exploit this vulnerability by tricking a victim user
to follow a malicious link, thus enabling the attacker to execute arbitrary
commands in the context of the victim user.
Cisco IPSec Unspecified IKE Traffic Denial Of Service Vulnerabilities
BugTraq ID: 15401
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15401
Summary:
Various Cisco IOS, PIX Firewall, Firewall Services Module (FWSM), VPN 3000
Series Concentrator, and MDS Series SanOS releases are prone to denial of
service attacks. These issues are due to security flaws in Cisco's IPSec
implementation. The vulnerabilities may be triggered by malformed IKE
traffic.
Successful attacks will cause most affected devices to restart. For Cisco
MDS Series devices, this is limited to causing the IKE process to restart.
[ firmware ]
Juniper Networks Routers ISAKMP IKE Traffic Multiple Unspecified
Vulnerabilities
BugTraq ID: 15402
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15402
Summary:
Various Juniper Networks M, T, J, and E Series Routers are affected by
multiple unspecified vulnerabilities. The reported issues include buffer
overflows, format strings, and denial of service vulnerabilities.
These issues were discovered with the PROTOS ISAKMP Test Suite and are
related to handling of malformed IKEv1 traffic.
[ firmware ]
Secgo Software Crypto IP Gateway/Client IKEv1 Traffic Multiple
Unspecified Vulnerabilities
BugTraq ID: 15403
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15403
Summary:
Secgo Software Crypto IP Gateway and Client are prone to multiple
unspecified vulnerabilities in their IKEv1 implementation. The reported
issues include buffer overflows and denial of service vulnerabilities.
These issues were discovered with the PROTOS ISAKMP Test Suite and are
related to handling of malformed IKEv1 traffic.
[ firmware ]
Cisco Adaptive Security Applicance Failover Testing Denial of Service
Weakness
BugTraq ID: 15407
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15407
Summary:
Cisco Adaptive Security Appliances are prone to a weakness that may cause a
denial of service condition in certain circumstances. This issue is due to
insufficient validation of ARP responses.
This issue reportedly affects Cisco ASA devices running 7.0(0), 7.0(2), and
7.0(4). Other versions may also be affected.
[ firmware ]
GNU Mailman Attachment Scrubber UTF8 Filename Denial Of Service
Vulnerability
BugTraq ID: 15408
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15408
Summary:
GNU Mailman is prone to denial of service attacks. This issue affects the
attachment scrubber utility.
The vulnerability could be triggered by mailing list posts and will impact
the availability of mailing lists hosted by the application.
OpenSWAN IKE Traffic Denial Of Service Vulnerabilities
BugTraq ID: 15416
Remote: Yes
Date Published: 2005-11-14
Relevant URL: http://www.securityfocus.com/bid/15416
Summary:
OpenSWAN is prone to multiple denial of service vulnerabilities in their
ISAKMP implementation.
These issues were discovered with the PROTOS ISAKMP Test Suite and are
related to handling of malformed IKEv1 traffic.
The vulnerabilities are believed to affect Openswan 2.x releases prior to
2.4.2.
Multiple Vendor Antivirus Products Obscured File Name Scan Evasion
Vulnerability
BugTraq ID: 15423
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15423
Summary:
Multiple antivirus products from various vendors are reported prone to a
vulnerability that may allow malicious files to bypass detection.
This issue arises when an affected application processes a file with an
obscured file name.
This issue could result in malicious files bypassing detection and allowing
them to be opened by a recipient.
Update: Symantec is currently investigating this issue in regards to
Symantec products. It is unclear at this time if malicious files may evade
scanning, or if the automatic removal feature fails. This BID will be
updated as further information is disclosed.
[ qu'est-ce qu'un obscured file name? tout cela semble très Microsoft-specific ]
pnmtopng Alphas_Of_Color Buffer Overflow Vulnerability
BugTraq ID: 15427
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15427
Summary:
pnmtopng is susceptible to a buffer overflow vulnerability. This issue is
due to a failure of the application to properly bounds check user-supplied
data prior to copying it to an insufficiently sized memory buffer. This
issue reportedly only occurs when the '-alpha' command line option is
utilized.
This issue allows attackers to create malicious PNM files, that when parsed
by the affected utility, allow arbitrary machine code to be executed. This
occurs in the context of the user running the affected utility.
[ fameux outils netpbm/pbmplus ]
GDK-Pixbuf XPM Images Integer Overflow Vulnerability
BugTraq ID: 15428
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15428
Summary:
A remote integer overflow vulnerability affects gdk-pixbuf.
When an application that uses the vulnerable library processes a malformed
XPM file, the application will crash, denying service to legitimate users.
It may also be possible for the attacker to exploit this issue to execute
arbitrary code with the privileges of the application utilizing the
vulnerable library.
GDK-Pixbuf/GTK XPM Images Infinite Loop Denial Of Service Vulnerability
BugTraq ID: 15429
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15429
Summary:
gdk-pixbuf and gtk2 are prone to a denial of service vulnerability. This
issue occurs when an application utilizing one of the affected libraries
handles a malformed XPM image file.
Exploitation could cause an application utilizing a vulnerable library to
enter an infinite loop, resulting in a denial of service.
GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
BugTraq ID: 15435
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15435
Summary:
gdk-pixbuf and gtk2 are prone to a buffer overflow vulnerability.
When an application that utilizes a vulnerable library processes a malformed
XPM image file, it results in a heap-based buffer overflow. An attacker can
exploit this vulnerability to execute arbitrary code in the context of the
victim user.
Belkin Wireless Routers Remote Authentication Bypass Vulnerability
BugTraq ID: 15444
Remote: Yes
Date Published: 2005-11-15
Relevant URL: http://www.securityfocus.com/bid/15444
Summary:
Certain Belkin wireless routers are susceptible to a remote authentication
bypass vulnerability. This issue is due to a flaw in the Web administration
interface authentication process.
This issue allows remote attackers to gain administrative access to affected
devices.
Belkin F5D7232-4, and F5D7230-4 routers with firmware versions 4.05.03 and
4.03.03 are affected by this issue. Other devices may also be affected due
to code reuse among devices.
[ firmware ]
Multiple Vendor lp CommandLine Application Path Vulnerability
BugTraq ID: 15448
Remote: No
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15448
Summary:
Multiple vendor applications are prone to an arbitrary local code execution
vulnerability.
This is due to a design error in which malicious code may be executed in the
context of the user running the affected application.
[ vague ]
Cisco 7920 Wireless IP Phone Fixed SNMP Community String Vulnerability
BugTraq ID: 15454
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15454
Summary:
Cisco 7920 Wireless IP Phone is prone to a fixed default SNMP community
string issue. This could allow remote attackers to retrieve and modify the
device configuration.
Cisco 7920 Wireless IP Phones running firmware version 1.0(8) and earlier
are vulnerable to this issue.
[ firmware ]
52. Cisco 7920 Wireless IP Phone VxWorks Remote Debugger Access Vulnerability
BugTraq ID: 15456
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15456
Summary:
Cisco 7920 Wireless IP Phone allows remote debugger connections. Successful
exploitation of this vulnerability could allow a remote attacker to obtain
debugging information from the device or cause a denial of service.
Cisco 7920 Wireless IP Phones running firmware version 2.0 and earlier are
vulnerable to this issue.
[ firmware ]
Nortel Switched Firewall IKE Traffic Multiple Unspecified Vulnerabilities
BugTraq ID: 15462
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15462
Summary:
Nortel Switched Firewall is prone to multiple unspecified vulnerabilities in
IKEv1.
Some of the issues could potentially allow for remote code execution and
complete compromise of affected devices. This has not been confirmed.
These issues were discovered with the PROTOS ISAKMP Test Suite and are
related to handling of malformed IKEv1 traffic.
[ firmware ]
Multiple Vendor TCP Acknowledgements Remote Denial Of Service
Vulnerability
BugTraq ID: 15468
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15468
Summary:
Multiple vendors are susceptible to a remote TCP acknowledgement denial of
service vulnerability.
This issue presents itself when the remote peer forges acknowledgment
packets prior to actually receiving packets from the sending host. As soon
as the server receives an acknowledgment for a packet that has been sent, it
assumes that the client has received it. These acknowledgment packets
influence the servers congestion control mechanism.
This vulnerability allows remote attackers to consume excessive network
resources, denying network service to legitimate users.
This issue exists in the TCP protocol specification as defined by RFC 793.
However, it is likely that a number of specific vendor implementations will
also be affected. This BID will be updated as individual implementations of
the protocol are reported to be affected.
[ oui, bon, mais cela aboutira à une surcharge du réseau, donc des pertes
de données, la personne ne pourra alors qu'exploiter cette vulnérabilité
si elle n'a pas besoin des données transmises.
]
HP Jetdirect 635n IPv6/IPsec Print Server IKE Exchange Denial Of Service
Vulnerability
BugTraq ID: 15471
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15471
Summary:
HP Jetdirect 635n IPv6/IPsec Print Server is prone to a denial of service
vulnerability. This issue is due to a security flaw in HP's IPSec
implementation. This vulnerability may be triggered by malformed IKE traffic.
This issue was discovered with the PROTOS ISAKMP Test Suite and is related
to the handling of malformed IKEv1 traffic.
[ firmware ]
Senao SI-680H VOIP WIFI Phone VxWorks Remote Debugger Access
Vulnerability
BugTraq ID: 15475
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15475
Summary:
Senao SI-680H VOIP WIFI Phone allows remote debugger connections.
Successful exploitation of this vulnerability could allow a remote attacker
to obtain debugging information from the device or cause a denial of service.
Senao SI-680H VOIP WIFI Phones running firmware version 0.03.0839 is prone
to this issue. Other versions may also be vulnerable.
[ firmware ]
UTStarcom F1000 VOIP WIFI Phone Multiple Remote Access Vulnerabilities
BugTraq ID: 15476
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15476
Summary:
UTStarcom F1000 VOIP WIFI Phone is prone to multiple remote access
vulnerabilities. These issues allow remote attackers to gain remote
administrative access to affected devices.
UTStarcom F1000 VOIP WIFI Phone with software version s2.0, firmware version
5.5.1 is affected by these issues. Other versions and devices may also be
affected.
[ firmware ]
Hitachi WirelessIP5000 Multiple Unauthorized Access Vulnerabilities
BugTraq ID: 15477
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15477
Summary:
WirelessIP5000 is prone to multiple unauthorized access vulnerabilities.
An attacker can exploit these issues to disclose sensitive or privileged
information, alter device configuration settings, and deny service to
legitimate users.
[ firmware ]
Zyxel P2000W v.1 VOIP WIFI Phone Information Disclosure Vulnerability
BugTraq ID: 15478
Remote: Yes
Date Published: 2005-11-16
Relevant URL: http://www.securityfocus.com/bid/15478
Summary:
The Zyxel P2000W v.1 VOIP WIFI Phone is prone to an information disclosure
vulnerability.
Sensitive information may be disclosed to attackers, and could be useful in
further attacks. Informataion obtained may aid an attacker to perform denial
of service attacks.
[ firmware ]
yaSSL Unspecified Certificate Chain Processing Vulnerability
BugTraq ID: 15487
Remote: Yes
Date Published: 2005-11-17
Relevant URL: http://www.securityfocus.com/bid/15487
Summary:
yaSSL is susceptible to an unspecified certificate chain processing
vulnerability. No further details regarding this issue are currently
available.
This issue may allow improper certificates to be used when authenticating
connections. An attacker may use forged certificates to carry out various
attacks.
It is conjectured that a malicious Web site could take advantage of this by
posing as a trusted Web site in phishing style attacks. This could lead to
users taking actions such as authenticating or submitting sensitive or
private information.
Further information about this issue and its impacts are not currently
available. This BID will be updated as further information becomes
available.
[ Yet Another SSL; bibliothèque SSL en licence double GPL/propriétaire ]
More information about the gull-annonces
mailing list