[gull-annonces] Résumé SecurityFocus Newsletter #289

Marc SCHAEFER schaefer at alphanet.ch
Sat Feb 26 17:57:14 CET 2005


Firefox Remote SMB Document Local File Disclosure Vulnerabil...
BugTraq ID: 12533
Remote: Yes
Date Published: Feb 12 2005
Relevant URL: http://www.securityfocus.com/bid/12533
Summary:
A vulnerability has been published that may allow for attackers to
read the contents of attacker-specified files on the client users
filesystem.  To exploit this vulnerability, the attacker must place a
HTML document containing code (the example uses XMLHttpRequest) to
read the target file on a remote SMB share.  The attacker must then
create flash content that will load the remote document via file://
URI.  It is likely that only Firefox on Windows systems is affected.

This vulnerability may be related to BID 12466.

gFTP Remote Directory Traversal Vulnerability
BugTraq ID: 12539
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12539
Summary:
A remote directory traversal vulnerability reportedly affects gFTP.
This issue is due to a failure of the application to sanitize input
supplied by malicious FTP server.

An attacker may leverage this issue to overwrite or create arbitrary
files on an affected computer with the privileges of an unsuspecting
user running the vulnerable application.  This may lead to a
compromise of the affected computer, denial of service attacks, as
well as others.

Debian Toolchain-Source Multiple Insecure Temporary File Cre...
BugTraq ID: 12540
Remote: No
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12540
Summary:
toolchain-source is reportedly affected by multiple local insecure
temporary file creation vulnerabilities. These issues are likely due
to a design error that causes the application to fail to verify the
existence of a file before writing to it. These issues affect some
Debian-specific scripts supplied with the package.

Debian toolchain-source versions prior to 3.0.4-1woody1 are reported
vulnerable to these issues.

AWStats Plugin Multiple Remote Command Execution Vulnerabili...
BugTraq ID: 12543
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12543
Summary:
Multiple remote command execution vulnerabilities reportedly affect
AWStats.  These issues are due to an input validation error that
allows a remote attacker to specify commands to be executed in the
context of the affected application.

The first problem presents itself due to the potential of malicious
use of the 'loadplugin' and 'pluginmode' parameters of the
'awstats.pl' script. The second issue arises from an insecure
implementation of the 'loadplugin' parameter functionality.

An attacker may leverage these issues to execute arbitrary commands
with the privileges of the affected web server running the vulnerable
scripts.  This may facilitate unauthorized access to the affected
computer, as well as other attacks.

Multiple sources have reported that AWStats 6.3 and subsequent
versions are not vulnerable to these issues.

AWStats Debug Remote Information Disclosure Vulnerability
BugTraq ID: 12545
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12545
Summary:
A remote information disclosure vulnerability reportedly affects
AWStats.  This issue is due to a failure of the application to
properly validate access to sensitive data.

An attacker may leverage this issue to gain access to potentially
sensitive data, possibly facilitating further attacks against an
affected computer.

Synaesthesia Local File Disclosure Vulnerability
BugTraq ID: 12546
Remote: No
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12546
Summary:
A local file disclosure vulnerability affects Synaesthesia.  This issue is due to a failure of the application to securely access files.

An attacker may leverage this issue to read arbitrary files on an affected computer.  Information gained in this way may lead to further attacks.

Open WebMail logindomain Parameter Cross-Site Scripting Vuln...
BugTraq ID: 12547
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12547
Summary:
Open WebMail is prone to a cross-site scripting vulnerability. This
issue is due to a failure of the application to properly sanitize
user-supplied URI input.

The problem presents itself when malicious HTML and script code is
sent to the application through the 'logindomain' parameter.

This vulnerability has been reported to exist in Open WebMail versions
2.50 20050212 and prior.

Squid Proxy DNS Name Resolver Remote Denial Of Service Vulne...
BugTraq ID: 12551
Remote: Yes
Date Published: Feb 14 2005
Relevant URL: http://www.securityfocus.com/bid/12551
Summary:
A remote denial of service vulnerability is reported to exist in
Squid. The issue is reported to present itself when the affected
server performs a Fully Qualify Domain Name (FQDN) lookup and receives
an unexpected response.

The vendor reports that under the above circumstances the affected
service will crash due to an assertion error, effectively denying
service to legitimate users.

Linux Kernel Multiple Local Buffer Overflow And Memory Discl...
BugTraq ID: 12555
Remote: No
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12555
Summary:
Multiple local buffer overflow and memory disclosure vulnerabilities
affect the Linux kernel. These issues are due to a failure to securely
copy user-controlled data, a race condition error, and a failure to
secure memory written by the kernel.

The first issue is a buffer overflow vulnerability in the procfs
functionality. The second issue is a kernel memory disclosure
vulnerability. The third issue is a race condition error in the Radeon
driver that leads to a potential buffer overflow condition.  The
fourth issue is a buffer overflow vulnerability in the i2c-viapro
driver.

A local attacker may leverage these issues to execute arbitrary code,
potentially facilitating privilege escalation, and to disclose
sensitive kernel memory.

lighttpd Remote CGI Script Disclosure Vulnerability
BugTraq ID: 12567
Remote: Yes
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12567
Summary:
lighttpd is reported prone to an information disclosure vulnerability.

Reports indicate that a NULL sequence appended to the filename of a
CGI or FastCGI script will result in the script contents being served
to the requestor.

Information that is harvested by exploiting this vulnerability may be
used to aid in further attacks launched against the target computer.

This vulnerability is reported to affect lighttpd 1.3.7 and previous
versions.

typespeed Local Format String Vulnerability
BugTraq ID: 12569
Remote: No
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12569
Summary:
typespeed is prone to a local format string vulnerability.  Successful could allow privilege escalation.

KDE KStars fliccd Utility Multiple Buffer Overflow Vulnerabi...
BugTraq ID: 12570
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12570
Summary:
Multiple buffer overflow vulnerabilities affect KDE KStars fliccd.
These issues are due to a failure of the utility to securely copy
user-supplied data into process memory.

An attacker may leverage these issues to gain escalated privileges
locally and, if the affected utility is run as a daemon, may
facilitate remote code execution with superuser privileges.

AWStats Logfile Parameter Remote Command Execution Vulnerabi...
BugTraq ID: 12572
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12572
Summary:
AWStats is reported prone to a remote arbitrary command execution
vulnerability.  This issue presents itself due to insufficient
sanitization of user-supplied data.

Specifically, the user-specified 'logfile' URI parameter is supplied
to the Perl open() routine.  It is beleived that this issue is
distinct from BID 10950 (AWStats Rawlog Plugin Logfile Parameter Input
Validation Vulnerability).

AWStats versions 5.4 to 6.1 are reported vulnerable to this issue.

Advanced Linux Sound Architecture libasound.so Stack-Memory ...
BugTraq ID: 12575
Remote: No
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12575
Summary:
A security weakness is reported to affect the Advanced Linux Sound
Architecture (ALSA) 'libasound.so' module; specifically the issue is
reported to be present in the ALSA mixer code. It is reported that the
weakness can be leveraged to disable stack-based memory code execution
protection on binaries that are linked to the library.

SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
BugTraq ID: 12577
Remote: Unknown
Date Published: Feb 15 2005
Relevant URL: http://www.securityfocus.com/bid/12577
Summary:
Researchers Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu have allegedly
devised attacks that will reduce the number of operations required to
compute an input that generates a collision in SHA-0/SHA-1 digests.
This weakness may threaten the integrity of digital signatures that
are generated using these algorithms, as it may be possible to create
identical signatures using different input data.

The research paper describing these attacks is not publicly available
at this time, and the results have not been vetted by others in the
field.  This BID will be updated as more information is made
available.

NewsBruiser Comment System Security Restrictions Bypass Vuln...
BugTraq ID: 12579
Remote: Yes
Date Published: Feb 17 2005
Relevant URL: http://www.securityfocus.com/bid/12579
Summary:
NewsBruiser is reported prone to a security restriction bypass
vulnerability.  A remote attacker may delete or approve comments on a
site adversely affecting the availability or integrity of data.

NewsBruiser 2.6.0 and prior versions are affected by this issue.

OpenLDAP SlapD Multiple Remote Unspecified Denial Of Service...
BugTraq ID: 12584
Remote: Yes
Date Published: Feb 16 2005
Relevant URL: http://www.securityfocus.com/bid/12584
Summary:
OpenLDAP is reported prone to multiple unspecified remotely
exploitable denial of service vulnerabilities. The vulnerabilities are
reported to exist in the 'slapd' daemon.

A remote attacker may exploit these vulnerabilities to deny LDAP
service for legitimate users.

This BID will be updated as soon as further information regarding
these issues is made available.

glFTPD ZIP Plugins Multiple Directory Traversal Vulnerabilit...
BugTraq ID: 12586
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12586
Summary:
It is reported that various ZIP related plugins supplied with the
server contain multiple directory traversal vulnerabilities.  These
issues may allow remote attackers to determine the existence of files
on a computer and also disclose arbitrary files.  The issues arise due
to insufficient sanitization of user-supplied data.

By determining the presence of files in restricted directories and
outside the server's root in addition to disclosing the contents of
arbitrary files, the attacker can launch various attacks against a
vulnerable computer.  If an attack results in the disclosure of a
password file, these issues may ultimately lead to unauthorized access
to the affected computer in the context of the server.

The affected plugins are shipped with the FTP server by default.
glFTPD 1.26 to 2.00 are reported vulnerable.

GProFTPD GProstats Remote Format String Vulnerability
BugTraq ID: 12588
Remote: Yes
Date Published: Feb 18 2005
Relevant URL: http://www.securityfocus.com/bid/12588
Summary:
GProftpd gprostats utility is reported prone to a remote format string
handling vulnerability.

A remote attacker may exploit this vulnerability to execute arbitrary
attacker-supplied code in the context of the affected utility.

This vulnerability is reported to affect GProftpd version 8.1.7 and
precious versions.




More information about the gull-annonces mailing list