[gull-annonces] Résumé SecurityFocus Newsletter #286
Marc SCHAEFER
schaefer at alphanet.ch
Wed Feb 16 19:06:02 CET 2005
FireHOL Insecure Local Temporary File Creation Vulnerability
BugTraq ID: 12336
Remote: No
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12336
Summary:
FireHOL is prone to a local insecure temporary file creation
vulnerability. This could allow arbitrary files to be overwritten.
Linux Kernel Device Driver Virtual Memory Flags Unspecified ...
BugTraq ID: 12338
Remote: No
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12338
Summary:
An unspecified vulnerability affects unspecified Linux kernel device
drivers. This issue is due to a failure of certain unspecified
drivers to implement all the required virtual memory access flags.
The potential impact of this issue is currently unknown, however it is
likely that when successfully exploited it may give an attacker access
to the virtual memory space of a device's I/O.
Nokia Series 60 Embedded OS Automatic File Execution Vulnera...
BugTraq ID: 12340
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12340
Summary:
A vulnerability is reported to affect the Series 60 OS on Nokia
devices. It is reported that executable files that have a modified
file extension will execute immediately when downloaded. The vendor
reports that the user is prompted if the downloaded file is a 'sis'
package, but it is not known whether other file types execute
automatically and without a prompt.
This BID will be updated, as further information in regards to this
vulnerability is made available.
[ firmware ]
OpenH323 select() Bitmap Remote Buffer Overflow Vulnerabilit...
BugTraq ID: 12341
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12341
Summary:
OpenH323 Gatekeeper is prone to a remote buffer overflow due to
implementation of the select() system call. This issue could be
exploited to cause a denial of service or potentially execute
arbitrary code.
ZHCon Unauthorized File Disclosure Vulnerability
BugTraq ID: 12343
Remote: No
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12343
Summary:
zhcon is reportedly affected by a vulnerability allowing reading of
arbitrary files with escalated privileges. This could permit an
unauthorized user to read arbitrary files owned by other users without
authorization. Disclosure of sensitive information may lead to a
system compromise, or aid in other attacks.
This issue is reported to affect zhcon version 0.2.3; earlier versions
may also be affected.
[ affichage langues chinoises et dérivées ]
Citadel/UX select() Bitmap Remote Buffer Overflow Vulnerabil...
BugTraq ID: 12344
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12344
Summary:
Citadel/UX is prone to a remote buffer overflow due to implementation
of the select() system call. This issue could be exploited to cause a
denial of service or potentially execute arbitrary code.
This vulnerability is reported to affect Citadel/UX versions prior to
6.29.
rinetd select() Bit-Array Remote Buffer Overflow Vulnerabili...
BugTraq ID: 12345
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12345
Summary:
rinetd is prone to a remote buffer overflow due to implementation of
the 'select()' system call. This issue could be exploited to cause a
denial of service or potentially execute arbitrary code.
Jabber select() Bitmap Remote Buffer Overflow Vulnerability
BugTraq ID: 12346
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12346
Summary:
Jabber is prone to a remote buffer overflow due to implementation of
the select() system call. This issue could be exploited to cause a
denial of service or potentially execute arbitrary code.
Blacklist Daemon BLD select() Bit-Array Remote Buffer Overfl...
BugTraq ID: 12347
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12347
Summary:
Blacklist Daemon BLD is prone to a remote buffer overflow due to
implementation of the 'select()' system call. This issue could be
exploited to cause a denial of service or potentially execute
arbitrary code.
Inferno Nettverk Dante select() Bitmap Remote Buffer Overflo...
BugTraq ID: 12349
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12349
Summary:
Dante is prone to a remote buffer overflow due to implementation of
the select() system call. This issue could be exploited to cause a
denial of service or potentially execute arbitrary code.
[ socks implementation (BSD license) ]
NEC Socks5 select() Bit-Array Remote Buffer Overflow Vulnera...
BugTraq ID: 12350
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12350
Summary:
NEC Socks5 is prone to a remote buffer overflow due to implementation
of the 'select()' system call. This issue could be exploited to cause
a denial of service or potentially execute arbitrary code.
3proxy select() Bitmap Remote Buffer Overflow Vulnerability
BugTraq ID: 12351
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12351
Summary:
3proxy is prone to a remote buffer overflow due to implementation of
the select() system call. This issue could be exploited to cause a
denial of service or potentially execute arbitrary code.
Novell Evolution Camel-Lock-Helper Application Remote Intege...
BugTraq ID: 12354
Remote: Yes
Date Published: Jan 24 2005
Relevant URL: http://www.securityfocus.com/bid/12354
Summary:
The Evolution camel-lock-helper application is reported prone to an
integer overflow vulnerability. The issue is reported to exist in the
main() function of the 'camel-lock-helper.c' source file.
A remote attacker may exploit this vulnerability to execute arbitrary
code.
VDR Daemon Unspecified Remote File Access Vulnerability
BugTraq ID: 12356
Remote: Yes
Date Published: Jan 25 2005
Relevant URL: http://www.securityfocus.com/bid/12356
Summary:
An unspecified remote file access vulnerability affects the vdr
daemon. The underlying issue that causes this vulnerability is likely
a failure to abide by file access restrictions, although this is
unconfirmed.This BID will be updated as more details are released.
An attacker may leverage this issue to overwrite arbitrary files on an
affected computer. This can lead to a superuser compromise of the
affected computer, corruption of data, as well as other attacks.
[ vdr-daemon ]
libdbi-perl Unspecified Insecure Temporary File Creation Vul...
BugTraq ID: 12360
Remote: No
Date Published: Jan 25 2005
Relevant URL: http://www.securityfocus.com/bid/12360
Summary:
libdbi-perl is affected by an unspecified insecure temporary file
creation vulnerability. This issue is likely due to a design error
that causes the application to fail to verify the existence of a file
before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable
application.
Debian has reported that this vulnerability affects libdbi-perl 1.21
running on Debian GNU/Linux 3.0 alias woody. It is possible that
other versions are affected as well.
ISC BIND Q_UseDNS Remote Buffer Overflow Vulnerability
BugTraq ID: 12364
Remote: Yes
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12364
Summary:
A remote buffer overflow vulnerability affects BIND. This issue is
due to a failure of the application to properly validate the length of
user-supplied input prior to copying it into static process buffers.
An attacker may leverage this issue to trigger a denial of service
condition. It should be noted that this issue may also facilitate
code execution with the privileges of the affected utility, however
this is not confirmed.
[ BIND8 ]
BIND Validator Self Checking Remote Denial Of Service Vulner...
BugTraq ID: 12365
Remote: Yes
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12365
Summary:
A remote denial of service vulnerability affects BIND. This issue is
due to a failure of the application to handle exceptional network
data.
It should be noted that this issue requires that DNSSEC validation is
enabled, which is not the case by default.
A remote attacker may leverage this issue to cause the affected server
to crash, denying service to legitimate users.
[ BIND8 + DNSSEC ]
Cisco IOS IPv6 Processing Remote Denial Of Service Vulnerabi...
BugTraq ID: 12368
Remote: Yes
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12368
Summary:
A remote denial of service vulnerability affects the IPv6 processing
functionality of Cisco IOS. This issue is due to a failure of the
affected operating system to properly handle specially crafted network
data.
It is possible for an attacker to produce a sustained denial of
service condition against an affected device by continually sending
the malicious network data.
An attacker may leverage this issue to cause an affected device to
reload, denying service to legitimate users.
[ firmware ]
Cisco IOS Multi Protocol Label Switching Remote Denial Of Se...
BugTraq ID: 12369
Remote: Yes
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12369
Summary:
Cisco IOS based routers that are configured with support for Multi
Protocol Label Switching (MPLS) are reported prone to a remote denial
of service vulnerability.
It is reported that the vulnerability presents itself when an affected
router handles an unspecified malicious packet on a MPLS disabled
interface.
A remote attacker that resides on the same network segment as the
vulnerable router may exploit this vulnerability continuously to
effectively deny network-based services to legitimate users.
[ firmware ]
Cisco IOS Border Gateway Protocol Processing Remote Denial O...
BugTraq ID: 12370
Remote: Yes
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12370
Summary:
A remote denial of service vulnerability affects the Border Gateway
Protocol (BGP) processing functionality of Cisco IOS. This issue is
due to a failure of the application to handle malformed network data.
An attacker may leverage this issue to trigger a denial of service
condition in the affected device. It is currently unknown whether the
denial of service condition is persistent, although it is likely that
it is.
[ firmware ]
Berlios GPSD Remote Format String Vulnerability
BugTraq ID: 12371
Remote: Yes
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12371
Summary:
Multiple instances of format string handling bugs are reported to
exist in gpsd, but only one of these issues is reported to be an
exploitable vulnerability.
Ultimately this issue may be leveraged by a remote attacker to
influence execution flow of the affected daemon and reliably execute
arbitrary code.
KDE Screensaver Lock Bypass Vulnerability
BugTraq ID: 12373
Remote: No
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12373
Summary:
Debian has reported that a vulnerability in the screensaver was
discovered. According to the report, a malicious user with console
access (i.e. physical) can cause the screensaver to crash. The
feature will fail-open, allowing access to the desktop after it
terminates.
Debian PAM Radius Auth File Information Disclosure Vulnerabi...
BugTraq ID: 12375
Remote: No
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12375
Summary:
Debian Linux is reportedly affected by a local file information
disclosure vulnerability. This issue is due to the application
setting a PAM radius configuration file as world-readable during the
installation of the affected package.
This issue is specific to Debian Linux.
X.org X Window Server Local Socket Hijacking Vulnerability
BugTraq ID: 12376
Remote: No
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12376
Summary:
A local socket hijacking vulnerability affects X.org X Windows Server.
This issue is due to a failure of the application to securely create
socket directories.
An attacker may leverage this issue to hijack socket sessions,
potentially facilitating arbitrary read and write access with the
privileges of the user that started the vulnerable server.
Xelerance Corporation Openswan XAUTH/PAM Remote Buffer Overf...
BugTraq ID: 12377
Remote: Yes
Date Published: Jan 26 2005
Relevant URL: http://www.securityfocus.com/bid/12377
Summary:
A remote buffer overflow vulnerability reportedly affects Xelerance
Corporation Openswan. This issue is due to a failure of the
application to properly validate the length of user-supplied strings
prior to copying them into finite process buffers.
It should be noted that Openswan is only affected by this issue when
it is compiled with XAUTH and PAM support, which is not the default
configuration.
An attacker may leverage this issue to execute arbitrary code with the
privileges of the affected application; this may facilitate
unauthorized access or privilege escalation.
Juniper Networks JUNOS Unspecified Remote Denial Of Service ...
BugTraq ID: 12379
Remote: Yes
Date Published: Jan 27 2005
Relevant URL: http://www.securityfocus.com/bid/12379
Summary:
Juniper Networks routers running JUNOS are reported prone to an
unspecified remote denial of service vulnerability. It is reported
that this vulnerability exists in all releases of Juniper JUNOS that
were built prior to January 7th 2005.
A remote attacker may exploit this vulnerability to effectively deny
network-based services to legitimate users.
This BID will be updated as soon as further information regarding this
vulnerability is made public.
[ firmware ]
f2c Multiple Local Insecure Temporary File Creation Vulnerab...
BugTraq ID: 12380
Remote: No
Date Published: Jan 27 2005
Relevant URL: http://www.securityfocus.com/bid/12380
Summary:
Multiple local insecure temporary file creation vulnerabilities affect
f2c. These issues are due to a design error causing failure of the
application to write to temporary files securely.
An attacker may leverage these issues to corrupt arbitrary files with
the privileges of an unsuspecting user that executes the affected
applications.
Ingate Firewall Persistent PPTP Tunnel Vulnerability
BugTraq ID: 12383
Remote: Yes
Date Published: Jan 27 2005
Relevant URL: http://www.securityfocus.com/bid/12383
Summary:
Ingate Firewall does not remove PPTP tunnels created by a user that
has been disabled by the firewall administrator. Even if the user has
been disabled, any PPTP tunnels they have created will persist.
[ firmware ]
trn Local Buffer Overflow Vulnerability
BugTraq ID: 12389
Remote: No
Date Published: Jan 27 2005
Relevant URL: http://www.securityfocus.com/bid/12389
Summary:
A local buffer overflow vulnerability reportedly affects trn. This
issue is due to a failure of the application to properly validate the
length of user-supplied strings prior to copying them into finite
process buffers.
An attacker may leverage this issue to execute arbitrary code with
superuser privileges, facilitating privilege escalation.
University Of Washington IMAP Server CRAM-MD5 Remote Authent...
BugTraq ID: 12391
Remote: Yes
Date Published: Jan 28 2005
Relevant URL: http://www.securityfocus.com/bid/12391
Summary:
A remote authentication bypass vulnerability affects the CRAM-MD5
authentication functionality of the University of Washington IMAP
server. This issue is due to a logic error that fails to properly
validate authentication attempts.
It should be noted that this issue only affects servers with CRAM-MD5
authentication enabled, which is not the case by default.
A remote attacker may leverage this issue to authenticate to the
affected server as any user.
More information about the gull-annonces
mailing list