[gull-annonces] Résumé SecurityFocus Newsletter #282
Marc SCHAEFER
schaefer at alphanet.ch
Thu Jan 6 16:11:03 CET 2005
netcat Exec Mode Client Request Buffer Overflow Vulnerabilit...
BugTraq ID: 12106
Remote: Yes
Date Published: Dec 27 2004
Relevant URL: http://www.securityfocus.com/bid/12106
Summary:
netcat (nc) is prone to a remotely exploitable buffer overflow. This
issue is exposed when the program handles a client request when
listening in exec mode, which is specified by the '-e' command line
option.
Successful exploitation will allow execution of arbitrary code in the
context of the program.
It is noted that this issue affects the Windows port, and is not known
or confirmed to affect the UNIX-based netcat utility.
GNU a2ps fixps.in Script Insecure Temporary File Vulnerabili...
BugTraq ID: 12108
Remote: No
Date Published: Dec 27 2004
Relevant URL: http://www.securityfocus.com/bid/12108
Summary:
GNU a2ps is prone to a vulnerability that may allow malicious local
users to corrupt files. This issue is due to the fact that the
'fixps.in' script creates temporary files in an insecure manner,
allowing symbolic link attacks.
File corruption would occur in the context of the user running the
script. It is not known if this issue could be leveraged to elevate
privileges.
GNU a2ps psmandup.in Script Insecure Temporary File Vulnerab...
BugTraq ID: 12109
Remote: No
Date Published: Dec 27 2004
Relevant URL: http://www.securityfocus.com/bid/12109
Summary:
GNU a2ps is prone to a vulnerability that may allow malicious local
users to corrupt files. This issue is due to the fact that the
'psmandup.in' script creates temporary files in an insecure manner,
allowing symbolic link attacks.
File corruption would occur in the context of the user running the
script. It is not known if this issue could be leveraged to elevate
privileges.
ViewCVS Source View Input Validation Vulnerability
BugTraq ID: 12112
Remote: Yes
Date Published: Dec 26 2004
Relevant URL: http://www.securityfocus.com/bid/12112
Summary:
ViewCVS is prone to an input validation vulnerability.
This issue exists in the script responsible for allowing users to view
source files (viewcvs.py). Due to insufficient sanitization of input
supplied through URI parameters, cross-site scripting and HTTP
response splitting attacks are possible.
Exploitation could allow for theft of cookie-based authentications and
other attacks.
This issue appears similar to BID 9291.
AStats Statistics Generator Local Insecure Temporary File Cr...
BugTraq ID: 12128
Remote: No
Date Published: Dec 29 2004
Relevant URL: http://www.securityfocus.com/bid/12128
Summary:
A local temporary file creation vulnerability reportedly affects
aStats. This issue is due to a failure of the application to create
and write to temporary files in a secure manner.
An attacker may leverage this issue to write to arbitrary files on the
affected computer with the privileges of the unsuspecting user that
activates the vulnerable utility.
Mozilla Browser Network News Transport Protocol Remote Heap ...
BugTraq ID: 12131
Remote: Yes
Date Published: Dec 29 2004
Relevant URL: http://www.securityfocus.com/bid/12131
Summary:
A remote heap overflow vulnerability affects Mozilla Browser's network
news transport protocol (NNTP) functionality. This issue is due to a
failure of the application to properly validate the length of
user-supplied strings prior to copying them into dynamically allocated
process buffers.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.
ZyXEL B-240 Wireless Ethernet Adapter Web Interface Remote C...
BugTraq ID: 12142
Remote: Yes
Date Published: Dec 31 2004
Relevant URL: http://www.securityfocus.com/bid/12142
Summary:
A remote cross-site scripting vulnerability reportedly affects the
Web-administration interface of the ZyXEL B-240 Wireless Ethernet
Adapter. This issue is due to a failure of the application to
properly sanitize URI input prior to including it in dymanic content.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user in the context of the
Web administration page. This may facilitate theft of cookie-based
authentication credentials as well as other attacks. Apparently
denial of service attacks are possible as well.
[ firmware.
Ne pas effectuer des fonctions d'administration dans le même
navigateur que le browsing général est une bonne idée
]
More information about the gull-annonces
mailing list