[gull-annonces] Résumé SecurityFocus Newsletter #287

Marc SCHAEFER schaefer at alphanet.ch
Wed Feb 16 19:19:02 CET 2005


NCPFS Multiple Remote Vulnerabilities
BugTraq ID: 12400
Remote: Yes
Date Published: Jan 31 2005
Relevant URL: http://www.securityfocus.com/bid/12400
Summary:
Multiple remote vulnerabilities affect ncpfs.  These issues are due to
a failure to manage access privileges securely and a failure to
validate the length of user-supplied strings prior to copying them
into finite process buffers.

The first issue is a remote buffer overflow vulnerability. The second
issue is an access validation issue due to the setuid privileges of
ncpfs utilities.

An attacker may leverage these issues to execute arbitrary code with
the privileges of the affected application and to access arbitrary
files with the escalated privileges.

Multiple Mozilla/Firefox/Thunderbird Vulnerabilities
BugTraq ID: 12407
Remote: Yes
Date Published: Jan 31 2005
Relevant URL: http://www.securityfocus.com/bid/12407
Summary:
Mozilla, Firefox, and Thunderbird applications are reported prone to
multiple vulnerabilities. The following specific issues are reported:

Mozilla and Firefox browsers are reported prone to an access control
bypass vulnerability. Although unconfirmed it is conjectured that this
vulnerability may be exploited to disclose information pertaining to a
target filesystem, for example determining whether a file exists or
not.

This vulnerability is reported to affect Mozilla Firefox versions
prior to version 1.0 and Mozilla Suite versions prior to version
1.7.5.

Mozilla and Firefox browsers are reported prone to a status bar
misrepresentation vulnerability. A remote attacker may exploit this
vulnerability to aid in phishing style attacks; for example, the
attacker may leverage this vulnerability to make a malicious site
appear authentic.

This vulnerability is reported to affect Mozilla Firefox versions
prior to version 1.0 and Mozilla Suite versions prior to version
1.7.5.

Mozilla and Firefox browsers are reported prone to another status bar
misrepresentation vulnerability. Using JavaScript to automate the
process a remote attacker may exploit this vulnerability to aid in
phishing style attacks, for example, the attacker may leverage this
vulnerability to make a malicious site appear authentic.

This vulnerability is reported to affect Mozilla Firefox versions
prior to version 1.0 and Mozilla Suite versions prior to version
1.7.5.

Mozilla and Firefox browsers provide functionality (Alt-Click) to
download files that are linked by URI's to the default download
location without requiring a user prompt. Reports indicate that a
malicious site may exploit this functionality to download a file to
the default downloads location without user interaction.

This vulnerability is reported to affect Mozilla Firefox versions
prior to version 1.0.

Mozilla and Firefox browsers are reported prone to a clipboard
information disclosure vulnerability. A remote attacker may exploit
this vulnerability to steal clipboard contents, this may reveal
potentially sensitive information to a remote attacker.

This vulnerability is reported to affect Mozilla Firefox versions
prior to version 1.0 and Mozilla Suite versions prior to version
1.7.5.

Mozilla and Firefox browsers are reported prone to an information
disclosure vulnerability. A remote malicious server may invoke a
request against a vulnerable browser and the browser will respond with
proxy authentication credentials.

This vulnerability is reported to affect Mozilla Firefox versions
prior to version 1.0 and Mozilla Suite versions prior to version
1.7.5.

It is reported that Mozilla Thunderbird erroneously responds to cookie
requests that are contained in HTML based email. It is reported that
this vulnerability may be exploited by a remote attacker to track
emails to victim users.

This vulnerability is reported to affect Thunderbird versions 0.6 to
0.9 and Mozilla Suite 1.7 to 1.7.3.

Mozilla Firefox is reported prone to a local code execution
vulnerability. The vulnerability exists in Livefeed bookmark
functionality. It is reported that if for example 'about:config' was
displayed when the Livefeed is updated then arbitrary code execution
may occur on the affected computer.

This vulnerability is reported to affect Mozilla Firefox versions
prior to version 1.0.

It is reported that Mozilla Thunderbird does not correctly handle
'javascript:' URI links. The affected application employs the default
handler for 'javascript:' URIs that is registered on the host
operating system. This is incorrect behavior and may result in
exposure to latent vulnerabilities due to a false sense of security.

This vulnerability is reported to affect Mozilla Thunderbird versions
prior to version 0.9.

This BID will be separated into individual BIDs as soon as further
research into each of the vulnerabilities is completed.

Clam Anti-Virus ClamAV ZIP File Parsing Remote Denial Of Ser...
BugTraq ID: 12408
Remote: Yes
Date Published: Jan 31 2005
Relevant URL: http://www.securityfocus.com/bid/12408
Summary:
A remote denial of service vulnerability affects ClamAV.  This issue
is due to a failure of the application to properly handle malicious
file content.

An attacker may leverage this issue to crash the Clam Anti-Virus
daemon, potentially leaving an affected computer open to infection by
malicious code.

PostgreSQL LOAD Extension Local Privilege Escalation Vulnera...
BugTraq ID: 12411
Remote: No
Date Published: Feb 01 2005
Relevant URL: http://www.securityfocus.com/bid/12411
Summary:
A local privilege escalation vulnerability affects PostgreSQL.  This
issue is due to a failure of the application to restrict critical
functionality to privileged users.

An attacker may leverage this issue to execute arbitrary code with the
privileges of the affected database, potentially facilitating
privilege escalation.

Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnera...
BugTraq ID: 12412
Remote: Yes
Date Published: Feb 01 2005
Relevant URL: http://www.securityfocus.com/bid/12412
Summary:
A remote unspecified vulnerability reportedly affects Squid Proxy.
This issue is due to a failure of the application to properly handle
malformed HTTP headers.

The impact of this issue is currently unknown.  This BID will be
updated when more information becomes available.

Newsfetch sscanf() Remote Buffer Overflow Vulnerability
BugTraq ID: 12414
Remote: Yes
Date Published: Feb 01 2005
Relevant URL: http://www.securityfocus.com/bid/12414
Summary:
Newsfetch makes several insecure sscanf(3) calls that could potentially
result in a buffer overflow.  This is a result of insufficient bounds
checking when sscanf stores data in an internal buffer.

PostgreSQL Multiple Remote Vulnerabilities
BugTraq ID: 12417
Remote: Yes
Date Published: Feb 01 2005
Relevant URL: http://www.securityfocus.com/bid/12417
Summary:
Multiple remote vulnerabilities affect PostgreSQL.  These issues are
due to design errors, buffer mismanagement errors, and issues that are
currently unspecified.

The first issue is a failure of the application to ensure function
permissions are enforced. The second issue is a buffer overflow
triggered when cursor declaration occurs. The final vulnerability is
an unspecified security issue that exists in 'contrib/intagg'. The
information currently available is not sufficient to provide a more
in-depth technical description.  This BID will be updated with the
release of further details.

An attacker may leverage these issues to execute arbitrary code with
the privileges of the vulnerable database process and to execute
functions without requiring permission.  Other attacks are also
possible.

Newspost Remote Buffer Overflow Vulnerability
BugTraq ID: 12418
Remote: Yes
Date Published: Feb 01 2005
Relevant URL: http://www.securityfocus.com/bid/12418
Summary:
Newspost is prone to a remote buffer overflow vulnerability due to an
unbounded memory copy operation.

The problem occurs in the 'socket_getline()' function of 'socket.c'
when the vulnerable client handles NNTP server responses.

Successful exploitation of this issue could potentially lead to
arbitrary code execution.

This issue was reported to affect Newspost 2.1.1 and prior, however,
other versions may be vulnerable.

Cisco IP/VC Videoconferencing System SNMP Remote Default Com...
BugTraq ID: 12424
Remote: Yes
Date Published: Feb 02 2005
Relevant URL: http://www.securityfocus.com/bid/12424
Summary:
A default community string vulnerability affects Cisco IP/VC
Videoconferencing System devices. This issue is due to a design flaw
where hard-coded community strings are stored on the device.

This issue may be leveraged to gain unauthorized administrator access
to affected devices.  This would allow an attacker to create new
services, terminate or affect existing sessions, and redirect traffic
to a different destination, among other attacks.

[ firmware ]

Perl suidperl Multiple Local Vulnerabilities
BugTraq ID: 12426
Remote: No
Date Published: Feb 02 2005
Relevant URL: http://www.securityfocus.com/bid/12426
Summary:
suidperl is reported prone to multiple vulnerabilities. The following
individual issues are reported:

It is reported that the 'PERLIO_DEBUG' SuidPerl environment variable
may be employed to corrupt arbitrary files.

A local unprivileged attacker may exploit this vulnerability to
corrupt arbitrary files with superuser privileges. This may ultimately
lead to a denial of service for legitimate users or privilege
escalation.

suidperl is reported prone to a local buffer overflow vulnerability as
well.  This buffer overflow vulnerability may be exploited by a local
attacker to gain superuser privileges.  This issue is also exploited
through the 'PERLIO_DEBUG' variable.

Newsgrab Multiple Local And Remote Vulnerabilities
BugTraq ID: 12428
Remote: Yes
Date Published: Feb 02 2005
Relevant URL: http://www.securityfocus.com/bid/12428
Summary:
Newsgrab is reported prone to multiple vulnerabilities. The following
individual issues are reported:

Newsgrab is reported prone to a directory traversal
vulnerability. This vulnerability exists because the software does not
sufficiently sanitize directory traversal sequences from filenames
before the filename is employed to store the file onto disk.

A remote attacker may exploit this vulnerability by supplying a
malicious file to a target victim. This vulnerability has been
assigned the CVE identifier CAN-2005-0153.

Newsgrab is reported prone to an unspecified insecure permissions
vulnerability.

A local attacker may exploit this vulnerability to disclose
potentially sensitive information that is contained in files that were
downloaded using newsgrab. This vulnerability has been assigned the
CVE identifier CAN-2005-0154.

Squid Proxy squid_ldap_auth Authentication Bypass Vulnerabil...
BugTraq ID: 12431
Remote: Yes
Date Published: Feb 02 2005
Relevant URL: http://www.securityfocus.com/bid/12431
Summary:
Squid Proxy is reported prone to an authentication bypass
vulnerability.  This issue seems to result of insufficient input
validation.

It is reported that the 'squid_ldap_auth' module is affected by this
issue.  A remote attacker may gain unauthorized access or gain
elevated privileges from bypassing access controls.

Squid versions 2.5 and earlier are reported prone to this
vulnerability.

Squid Proxy WCCP recvfrom() Buffer Overflow Vulnerability
BugTraq ID: 12432
Remote: Yes
Date Published: Feb 02 2005
Relevant URL: http://www.securityfocus.com/bid/12432
Summary:
The Squid proxy server is vulnerable to a remotely exploitable buffer
overflow vulnerability.  The vulnerability is in its implementation of
WCCP (web cache communication protocol), a UDP based web cache
management protocol.  The condition is triggered when it reads a
packet from the network that is larger than the size of the buffer
allocated to store it.  This can occur because recvfrom() is passed an
incorrect value for its "len" argument.

Squid Proxy Malformed HTTP Header Parsing Cache Poisoning Vu...
BugTraq ID: 12433
Remote: Yes
Date Published: Feb 02 2005
Relevant URL: http://www.securityfocus.com/bid/12433
Summary:
Squid Proxy is reported prone to a cache poisoning vulnerability when
processing malformed HTTP requests and responses.  This issue results
from insufficient sanitzation of user-supplied data.

Squid versions 2.5 and earlier are reported prone to this issue.

D-BUS Session Bus Local Privilege Escalation Vulnerability
BugTraq ID: 12435
Remote: No
Date Published: Feb 03 2005
Relevant URL: http://www.securityfocus.com/bid/12435
Summary:
A local privilege escalation vulnerability affects D-BUS. This issue
is due to a failure of the application to properly secure message bus
sessions.

An attacker may leverage this issue to send messages to the message
bus of an unsuspecting user. This may facilitate command execution
with the privileges of the unsuspecting user, ultimately leading to
privilege escalation.

Python SimpleXMLRPCServer Library Module Unauthorized Access...
BugTraq ID: 12437
Remote: Yes
Date Published: Feb 03 2005
Relevant URL: http://www.securityfocus.com/bid/12437
Summary:
A remote unauthorized access vulnerability affects Python.  This issue
is due to a failure of the API to properly secure access to sensitive
internal data or functionality of registered objects and modules.

A remote attacker may leverage this issue to gain unauthorized access
to an affected computer. Other attacks are also possible.

Linux Kernel IPV6_Setsockopt IPV6_PKTOPTIONS Integer Overflo...
BugTraq ID: 12441
Remote: No
Date Published: Feb 03 2005
Relevant URL: http://www.securityfocus.com/bid/12441
Summary:
An integer overflow vulnerability is reported in the Linux kernel
'ipv6_setsockopt()' system call. This issue is related to the code for
handling the IPV6_PKTOPTIONS socket option, which is used to provide
the kernel with IPv6 options for a designation socket.

This issue may be exploited by a local user to compromise the
system. Exploitation could also result in a denial of service.  It
should be noted that this type of vulnerability might provide a
generic means of privilege escalation across Linux distributions once
a remote attacker has gained unauthorized access as a lower privileged
user.

**Update: Conflicting reports suggest that this issue is not in fact a
vulnerability. It is reported that the 'optlen' value is sanitized in
'linux/net/socket.c' before reaching the code that is reported
vulnerable.

ht://Dig Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 12442
Remote: Yes
Date Published: Feb 03 2005
Relevant URL: http://www.securityfocus.com/bid/12442
Summary:
ht://Dig is reported prone to an unspecified cross-site scripting
vulnerability.  This issue is due to a failure of the application to
properly sanitize user-supplied URI data prior to including it in
dynamically generated Web page content.

All versions of ht://Dig are considered vulnerable at the moment.

This BID will be updated when more information becomes available.

Linksys PSUS4 PrintServer Malformed HTTP POST Request Denial...
BugTraq ID: 12443
Remote: Yes
Date Published: Feb 03 2005
Relevant URL: http://www.securityfocus.com/bid/12443
Summary:
Linksys PSUS4 PrintServer is reported prone to a remote denial of
service vulnerability while handling certain HTTP POST requests
received on TCP port 80.

An attacker may exploit this condition to deny service to the affected
PrintServer.

[ firmware ]

Postfix IPv6 Unauthorized Mail Relay Vulnerability
BugTraq ID: 12445
Remote: Yes
Date Published: Feb 04 2005
Relevant URL: http://www.securityfocus.com/bid/12445
Summary:
Postfix is prone to a vulnerability that allows the application to be
abused as a mail relay.

Arbitrary mail may be sent to any MX host with an IPv6 address.  This
could be exploited by spammers or other malicious parties.

Postfix 2.1.3 is reported prone to this issue.  It is possible that
other versions are affected as well.

PowerDNS Unspecified Remote Denial of Service Vulnerability
BugTraq ID: 12446
Remote: Yes
Date Published: Feb 04 2005
Relevant URL: http://www.securityfocus.com/bid/12446
Summary:
PowerDNS is reported prone to an unspecified remote denial of service
vulnerability.  It is conjectured that this issue likely results from
the failure of the application to handle exceptional conditions.

PowerDNS versions prior to 2.9.17 are reported vulnerable to this
issue.

Netgear DG834 ADSL Firewall Router Insecure Configuration Vu...
BugTraq ID: 12447
Remote: Yes
Date Published: Feb 04 2005
Relevant URL: http://www.securityfocus.com/bid/12447
Summary:
The Netgear DG834 ADSL Firewall Router is reported prone to a firewall
insecure configuration vulnerability. It is reported that when the
affected appliance is configured so that NAT (Network Address
Translation) is disabled the firewall becomes ineffective.

This vulnerability will result in a false sense of security where a
user may believe that their network and appliance is protected when it
is not.

[ firmware ]



More information about the gull-annonces mailing list