[gull-annonces] Résumé SecurityFocus Newsletter #327/328
Marc SCHAEFER
schaefer at alphanet.ch
Thu Dec 22 19:24:38 CET 2005
Unalz Archive Filename Buffer Overflow Vulnerability
BugTraq ID: 15577
Remote: Yes
Date Published: 2005-11-28
Relevant URL: http://www.securityfocus.com/bid/15577
Summary:
unalz is prone to a buffer overflow vulnerability. This issue is exposed
when the application extracts an ALZ archive that contains a file with a
long name.
This vulnerability could be exploited to execute arbitrary code in the
context of the user who extracts a malicious archive.
ktools Remote Buffer Overflow Vulnerability
BugTraq ID: 15600
Remote: Yes
Date Published: 2005-11-28
Relevant URL: http://www.securityfocus.com/bid/15600
Summary:
ktools is prone to a remote buffer overflow vulnerability.
An attacker may execute arbitrary code with the privileges of the
application and gain unauthorized remote access.
ktools 0.3 and prior versions are vulnerable to this issue.
FreeWebStat Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15601
Remote: Yes
Date Published: 2005-11-28
Relevant URL: http://www.securityfocus.com/bid/15601
Summary:
FreeWebStat is prone to multiple cross-site scripting vulnerabilities.
These issues are due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed
in the browser of an unsuspecting user in the context of the affected site.
These may facilitate the theft of cookie-based authentication credentials as
well as other attacks.
FreeWebStat version 1.0 rev37 is reported to affected; other versions may
also be vulnerable.
Cisco IOS HTTP Service HTML Injection Vulnerability
BugTraq ID: 15602
Remote: Yes
Date Published: 2005-11-28
Relevant URL: http://www.securityfocus.com/bid/15602
Summary:
Cisco IOS HTTP service is reportedly prone to an HTML injection
vulnerability.
An attacker can submit malicious HTML and script code through the
'/level/15/exec/-/buffers/assigned' and /level/15/exec/-/buffers/all'
scripts. This code may be executed in the browser of an administrator when
they attempt to view the contents of memory buffers through the vulnerable
scripts of the HTTP service.
This vulnerable has been reported to affect versions of IOS from 11.0
through 12.4. Cisco IOS XR is not vulnerable. As this is a HTML injection
vulnerability that targets users of the IOS web interface, devices with the
HTTP service disabled are not affected.
Cisco has confirmed this advisory. See Cisco security advisory
"cisco-sa-20051201-http" in the reference section.
[ firmware ]
Linux kernel ptrace CLONE_THREAD Local Denial of Service Vulnerability
BugTraq ID: 15642
Remote: No
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15642
Summary:
Linux kernel is susceptible to a local denial of service vulnerability.
In instances where a process is created via the 'clone' system call with the
'CLONE_THREAD' argument is ptraced, the kernel fails to properly ensure that
the ptracing process is not attempting to trace itself.
This issue allows local users to crash the kernel, denying service to
legitimate users.
kernel versions prior to 2.6.14.2 are vulnerable to this issue.
Linux kernel IPv6 FlowLable Denial Of Service Vulnerability
BugTraq ID: 15729
Remote: No
Date Published: 2005-12-06
Relevant URL: http://www.securityfocus.com/bid/15729
Summary:
Linux kernel is prone to a local denial of service vulnerability.
Local attackers can exploit this to corrupt kernel memory or free
non-allocated memory. Successful exploitation will result in a crash of the
kernel, effectively denying service to legitimate users.
Linux kernel ptraced Child Auto-Reap Local Denial of Service
Vulnerability
BugTraq ID: 15625
Remote: No
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15625
Summary:
Linux kernel is susceptible to a local denial of service vulnerability.
The kernel improperly auto-reaps processes when they are being ptraced,
leading to an invalid pointer. Further operations on this pointer result in
a kernel crash.
This issue allows local users to crash the kernel, denying service to
legitimate users.
kernel versions prior to 2.6.15 are vulnerable to this issue.
Linux kernel time_out_leases printk Local Denial of Service Vulnerability
BugTraq ID: 15627
Remote: No
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15627
Summary:
Linux kernel is susceptible to a local denial of service vulnerability.
This issue is triggered by consuming excessive kernel log memory by
obtaining numerous file lock leases. Once the leases timeout, the event will
be logged, and kernel memory will be consumed.
This issue allows local attackers to consume excessive kernel memory,
eventually leading to an out-of-memory condition, and a denial of service
for legitimate users.
kernel versions prior to 2.6.15-rc3 are vulnerable to this issue.
Perl perl_sv_vcatpvfn Format String Integer Wrap Vulnerability
BugTraq ID: 15629
Remote: Yes
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15629
Summary:
Perl is susceptible to a format string vulnerability. This issue is due to a
failure of the programming language to properly handle format specifiers in
formatted printing functions.
An attacker may leverage this issue to write to arbitrary process memory,
facilitating code execution in the context of the Perl interpreter process.
This can result in unauthorized remote access.
Developers should treat the formatted printing functions in Perl as
equivalently vulnerable to exploitation as the C library versions, and
properly sanitize all data passed in the format specifier argument.
All applications that utilize formatted printing functions in an unsafe
manner should be considered exploitable.
NuFW Malformed Packet Remote Denial Of Service Vulnerability
BugTraq ID: 15645
Remote: Yes
Date Published: 2005-11-29
Relevant URL: http://www.securityfocus.com/bid/15645
Summary:
NuFW is susceptible to a remote denial of service vulnerability. This issue
is due to a failure of the application to properly handle malformed network
packets from authenticated users.
This issue results in the 'nuauth' application crashing, denying service to
further users.
NuFW versions prior to 1.0.16, as well as the development version 1.1, are
affected by this issue.
[ libre entreprise-grade firewall distribution ]
CenterICQ Malformed Packet Handling Remote Denial of Service
Vulnerability
BugTraq ID: 15649
Remote: Yes
Date Published: 2005-11-30
Relevant URL: http://www.securityfocus.com/bid/15649
Summary:
CenterICQ is prone to a remote denial of service vulnerability.
The vulnerability presents itself when the client is running on a computer
that is directly connected to the Internet and handles malformed packets on
the listening port for ICQ messages.
A successful attack can cause the client to crash.
Astaro Security Linux ISAKMP IKE Traffic Denial of Service Vulnerability
BugTraq ID: 15666
Remote: Yes
Date Published: 2005-11-30
Relevant URL: http://www.securityfocus.com/bid/15666
Summary:
Astaro Security Linux is prone to a denial of service when handling
malformed IKE traffic.
It is conjectured that the issue can occur if a packet with a malformed
payload is sent during an IKE exchange causing the daemon to crash.
Avaya TN2602AP IP Media Resource 320 Remote Denial of Service
Vulnerability
BugTraq ID: 15668
Remote: Yes
Date Published: 2005-11-30
Relevant URL: http://www.securityfocus.com/bid/15668
Summary:
Avaya TN2602AP IP Media Resource 320 is prone to a remote denial of service
vulnerability.
A successful attack can result in a memory leak and lead to a denial of
service condition due to a crash.
Avaya TN2602AP IP Media Resource 320 versions prior to vintage 9 firmware
are vulnerable to this issue.
[ firmware ]
sobexsrv dosyslog Remote Format String Vulnerability
BugTraq ID: 15692
Remote: Yes
Date Published: 2005-12-03
Relevant URL: http://www.securityfocus.com/bid/15692
Summary:
sobexsrv is prone to a remote format string vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied input.
Successful exploitation can facilitate a crash or arbitrary code execution
in the context of affected server application.
MultiTech MultiVOIP INVITE Remote Buffer Overflow Vulnerability
BugTraq ID: 15711
Remote: Yes
Date Published: 2005-12-05
Relevant URL: http://www.securityfocus.com/bid/15711
Summary:
MultiTech MultiVOIP devices are prone to a remotely exploitable buffer
overflow vulnerability. Successful exploitation could result in a denial of
service or potential arbitrary code execution.
This vulnerability may also be present in third-party devices that implement
the MultiTech VOIP Gateway and protocol stack.
[ firmware ]
xpdf JPX Stream Reader Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 15721
Remote: Yes
Date Published: 2005-12-06
Relevant URL: http://www.securityfocus.com/bid/15721
Summary:
xpdf is reported prone to a remote buffer overflow vulnerability. This issue
exists because the applications fails to perform proper boundary checks
before copying user-supplied data into process buffers. A remote attacker
may execute arbitrary code in the context of a user running the application.
This can result in the attacker gaining unauthorized access to the
vulnerable computer.
It is reported that this issue presents itself in the
'JPXStream::readCodestream' function residing in the 'xpdf/JPXStream.cc'
file.
This issue is reported to affect xpdf 3.01, however, it is likely that
earlier versions are prone to this vulnerability as well. Applications
using embedded xpdf code may be vulnerable to this issue as well.
kpdf reportedly incorporates vulnerable xpdf code. Version 0.5 of kpdf is
prone to this issue, however, other versions may also be affected.
xpdf StreamPredictor Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 15725
Remote: Yes
Date Published: 2005-12-06
Relevant URL: http://www.securityfocus.com/bid/15725
Summary:
xpdf is reported prone to a remote buffer overflow vulnerability. This issue
exists because the applications fails to perform proper boundary checks
before copying user-supplied data into process buffers. A remote attacker
may execute arbitrary code in the context of a user running the application.
This can result in the attacker gaining unauthorized access to the
vulnerable computer.
It is reported that this issue presents itself in the
'StreamPredictor::StreamPredictor' function residing in the 'xpdf/Stream.cc'
file.
This issue is reported to affect xpdf 3.01, however, it is likely that
earlier versions are prone to this vulnerability as well. Applications
using embedded xpdf code may be vulnerable to this issue as well.
pdftohtml also includes vulnerable versions of xpdf. Version 0.36 of
pdftohtml was reported prone to this issue, however, earlier versions may
also be affected.
kpdf reportedly incorporates vulnerable xpdf code. Version 0.5 of kpdf is
prone to this issue, however, other versions may also be affected.
xpdf DCTStream Progressive Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 15726
Remote: Yes
Date Published: 2005-12-06
Relevant URL: http://www.securityfocus.com/bid/15726
Summary:
xpdf is reported prone to a remote buffer overflow vulnerability. This issue
exists because the applications fails to perform proper boundary checks
before copying user-supplied data into process buffers. A remote attacker
may execute arbitrary code in the context of a user running the application.
This can result in the attacker gaining unauthorized access to the
vulnerable computer.
It is reported that this issue presents itself in the
'DCTStream::readProgressiveSOF' function residing in the 'xpdf/Stream.cc'
file.
This issue is reported to affect xpdf 3.01, however, it is likely that
earlier versions are prone to this vulnerability as well. Applications
using embedded xpdf code may be vulnerable to this issue as well.
pdftohtml also includes vulnerable versions of xpdf. Version 0.36 of
pdftohtml was reported prone to this issue, however, earlier versions may
also be affected.
kpdf reportedly incorporates vulnerable xpdf code. Version 0.5 of kpdf is
prone to this issue, however, other versions may also be affected.
xpdf DCTStream Baseline Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 15727
Remote: Yes
Date Published: 2005-12-06
Relevant URL: http://www.securityfocus.com/bid/15727
Summary:
xpdf is reported prone to a remote buffer overflow vulnerability. This issue
exists because the applications fails to perform proper boundary checks
before copying user-supplied data into process buffers. A remote attacker
may execute arbitrary code in the context of a user running the application.
This can result in the attacker gaining unauthorized access to the
vulnerable computer.
It is reported that this issue presents itself in the
'CTStream::readBaselineSOF' function residing in the 'xpdf/Stream.cc' file.
This issue is reported to affect xpdf 3.01, however, it is likely that
earlier versions are prone to this vulnerability as well. Applications
using embedded xpdf code may be vulnerable to this issue as well.
pdftohtml also includes vulnerable versions of xpdf. Version 0.36 of
pdftohtml was reported prone to this issue, however, earlier versions may
also be affected.
kpdf reportedly incorporates vulnerable xpdf code. Version 0.5 of kpdf is
prone to this issue, however, other versions may also be affected.
FFmpeg libavodec Heap Buffer Overflow Vulnerability
BugTraq ID: 15743
Remote: Yes
Date Published: 2005-12-06
Relevant URL: http://www.securityfocus.com/bid/15743
Summary:
FFmpeg's libavcodec is susceptible to a heap buffer overflow vulnerability.
This issue is due to a failure of the library to properly bounds check
user-supplied data prior to utilizing it in memory allocation and copy
operations.
Attackers may exploit this vulnerability to execute arbitrary code in the
context of applications that utilize an affected version of the libavcodec
library.
An attacker can exploit this issue by enticing a user to open a malformed
PNG file with an application that utilizes a vulnerable version of
libavcodec. If the application is configured as the default handler for PNG
files, this could present a viable Web or email attack vector as when the
PNG is clicked from an appropriate client application, the application
utilizing the vulnerable library will automatically be invoked.
Multiple Vendor BIOS Password Persistence Weakness
BugTraq ID: 15751
Remote: No
Date Published: 2005-12-06
Relevant URL: http://www.securityfocus.com/bid/15751
Summary:
Multiple BIOS (Basic Input-Output System) vendors fail to clear the keyboard
buffer after reading the BIOS password during the system startup process.
This issue is reported to affect Insyde BIOS V190, and AWARD BIOS Modular
4.50pg. Other versions and platforms are also likely affected.
Depending on the operating system running on affected computers, the memory
region may or may not be available for user-level access. With Linux
operating systems, superuser access is required. With Microsoft Windows
operating systems, non-privileged users may access the keyboard buffer
region.
Attackers that obtain the BIOS password may then utilize it for further
attacks.
cURL / libcURL URL Parser Buffer Overflow Vulnerability
BugTraq ID: 15756
Remote: Yes
Date Published: 2005-12-07
Relevant URL: http://www.securityfocus.com/bid/15756
Summary:
cURL and libcURL are prone to a buffer overflow vulnerability. This issue
is due to a failure in the library to perform proper bounds checks on user
supplied data before using it in a finite sized buffer.
The issues occur when the URL parser function handles an excessively long
URL string.
An attacker can exploit this issue to crash the affected library,
effectively denying service. Arbitrary code execution may also be possible,
this may facilitate a compromise of the underlying system.
Apache MPM worker.c Denial Of Service Vulnerability
BugTraq ID: 15762
Remote: Yes
Date Published: 2005-12-07
Relevant URL: http://www.securityfocus.com/bid/15762
Summary:
Apache is prone to a memory leak, causing a denial of service vulnerability.
Apache is prone to a memory leak, causing a denial of service vulnerability.
An attacker may consume excessive memory resources, resulting in a denial of
service condition affecting legitimate users.
Apache 2.x versions are vulnerable; other versions may also be affected.
Apache James Spooler Memory Leak Denial Of Service Vulnerability
BugTraq ID: 15765
Remote: Yes
Date Published: 2005-12-07
Relevant URL: http://www.securityfocus.com/bid/15765
Summary:
James is prone to a memory leak denial of service vulnerability.
This issue occurs during an error condition in the spooler.
An attacker can exploit this issue by creating multiple error conditions and
eventually consume system resources.
Successful exploitation will ultimately crash the application denying
service to legitimate users.
Dell TrueMobile 2300 Remote Credential Reset Vulnerability
BugTraq ID: 15770
Remote: Yes
Date Published: 2005-12-07
Relevant URL: http://www.securityfocus.com/bid/15770
Summary:
It is possible for remote attackers to gain control of a target TrueMobile
2300 running firmware versions 3.0.0.8 and 5.1.1.6. Other versions are
likely affected. The vulnerability appears to be in an administrative
component accessed through the web-based control interface. Unauthenticated
attackers can force the device to reset the administrative credentials
without authorization. Once credentials have been reset an attacker can log
in and perform malicious actions, potentially compromising the entire LAN
behind the device.
[ firmware ]
Courier Mail Server Unauthorized Access Vulnerability
BugTraq ID: 15771
Remote: Yes
Date Published: 2005-12-08
Relevant URL: http://www.securityfocus.com/bid/15771
Summary:
Courier Mail Server is prone to an unauthorized access vulnerability. This
issue occurs because accounts that have been deactivated may still be able
to log onto the server.
Mozilla Firefox Large History File Buffer Overflow Vulnerability
BugTraq ID: 15773
Remote: Yes
Date Published: 2005-12-08
Relevant URL: http://www.securityfocus.com/bid/15773
Summary:
Mozilla Firefox is reportedly prone to a remote denial of service
vulnerability.
This issue presents itself when the browser handles a large entry in the
'history.dat' file. An attacker may trigger this issue by enticing a user
to visit a malicious Web site and supplying excessive data to be stored in
the affected file.
This may cause a denial of service condition.
**UPDATE: Proof of concept exploit code has been published. The author of
the code attributes the crash to a buffer overflow condition. The alleged
flaw cannot be reproduced by Symantec.
ACME Perl-Cal Cal_make.PL Cross-Site Scripting Vulnerability
BugTraq ID: 15779
Remote: Yes
Date Published: 2005-12-08
Relevant URL: http://www.securityfocus.com/bid/15779
Summary:
Perl-Cal is prone to a cross-site scripting vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed
in the browser of an unsuspecting user in the context of the affected site.
This may facilitate the theft of cookie-based authentication credentials as
well as other attacks.
Ethereal OSPF Protocol Dissection Stack Buffer Overflow Vulnerability
BugTraq ID: 15794
Remote: Yes
Date Published: 2005-12-09
Relevant URL: http://www.securityfocus.com/bid/15794
Summary:
A remote buffer overflow vulnerability affects Ethereal. This issue is due
to a failure of the application to securely copy network-derived data into
sensitive process buffers. The specific issue exists in the OSPF dissector.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This may
facilitate unauthorized access or privilege escalation.
Motorola SB5100E Cable Modem LanD Packet Denial Of Service Vulnerability
BugTraq ID: 15795
Remote: Yes
Date Published: 2005-12-09
Relevant URL: http://www.securityfocus.com/bid/15795
Summary:
Motorola SB5100E Cable Modems are prone to a denial of service vulnerability.
These devices are susceptible to a remote denial of service vulnerability
when handling TCP 'LanD' packets.
This issue allows attackers to block network traffic to arbitrarily targeted
network services. A physical restart of the device will return it to normal
operations.
[ firmware ]
More information about the gull-annonces
mailing list