[gull-annonces] Résumé SecurityFocus Newsletter #285

Marc SCHAEFER schaefer at alphanet.ch
Fri Jan 28 19:35:02 CET 2005 

AWStats Multiple Unspecified Remote Input Validation Vulnera...
BugTraq ID: 12270
Remote: Yes
Date Published: Jan 15 2005
Relevant URL: http://www.securityfocus.com/bid/12270
Summary:
Multiple unspecified remote input validation vulnerabilities affect
AWStats.  These issues are due to a failure of the application to
perform proper validation on user-supplied input prior to using it to
carry out some critical function.

Although unconfirmed an attacker may leverage these issues to execute
commands and disclose sensitive information with the privileges of the
underlying Web server.

Gatos xatitv Unspecified Buffer Overflow Vulnerability
BugTraq ID: 12273
Remote: Unknown
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12273
Summary:
An unspecified buffer overflow vulnerability affects the gatos xatitv
utility, which is setuid by default. This issue is due to a failure of
the application to properly validate the length of user-supplied
strings prior to copying them into static process buffers.

The details currently available surrounding this issue are
insufficient to provide and accurate technical description.  It is not
known if this issue is triggered by an excessively long command line
argument, or by some configuration file parameter, or by some
multimedia file parameter.

This BID will be updated as more details are released.

An attacker may leverage this issue to execute arbitrary instructions
with the privileges of the superuser.  This may potentially lead to
privilege escalation or unauthorized access.

PlayMidi Local Buffer Overflow Vulnerability
BugTraq ID: 12274
Remote: No
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12274
Summary:
A local buffer overflow vulnerability affects Playmidi.  This issue is
due to a failure of the an unspecified setuid utility that is packaged
with the Playmidi suite to properly validate the length of
user-supplied strings prior to copying them into static process
buffers.

This BID will be updated as more information becomes available.

A local attacker may leverage this issue to execute arbitrary
instructions with the privileges of the superuser.  This may
facilitate privilege escalation and potentially unauthorized access.

MySQL Database MySQLAccess Local Insecure Temporary File Cre...
BugTraq ID: 12277
Remote: No
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12277
Summary:
A local insecure temporary file creation vulnerability affects the
MySQL Database.  This issue is due to a failure of a script bundled
with the application to securely create temporary files in globally
accessible locations.

An attacker may leverage this issue to corrupt arbitrary files with
the privileges of the user that activates the vulnerable script.

NetGear FVS318 ProSafe VPN Firewall Switch Multiple Vulnerab...
BugTraq ID: 12278
Remote: Yes
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12278
Summary:
NetGear FVS318 is reported prone to multiple vulnerabilities.  These
issues result from insufficient sanitization of user-supplied data and
may allow an attacker to bypass URI filters and carry out cross-site
scripting attacks.

The following issues were identified:

It is reported that an attacker can bypass URI filters of the device.

The URI filter log viewer is reported prone to a cross-site scripting
vulnerability.

The research report specified that FVS318 devices with firmware 2.4
are vulnerable to these issues.  FVS318 and FVS318v2 are shipped with
firmware 2.4, however, it is possible that FVS318v3 and other firmware
versions are affected as well.  This BID will be updated when more
information about affected packages is available.

[ firmware ]

ImageMagick Photoshop Document Parsing Remote Client-Side Bu...
BugTraq ID: 12287
Remote: Yes
Date Published: Jan 17 2005
Relevant URL: http://www.securityfocus.com/bid/12287
Summary:
A client-side buffer overflow vulnerability affects the Photoshop
document (PSD) parsing functionality of ImageMagick. This issue is due
to a failure of the application to properly validate the length of
user-supplied strings prior to copying them into static process
buffers.

An attacker may exploit this issue remotely by sending a malicious
file through email or some other means to an unsuspecting user and
enticing them to process it with the affected application.

An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.

GNU Queue Multiple Unspecified Buffer Overflow Vulnerabiliti...
BugTraq ID: 12293
Remote: Unknown
Date Published: Jan 18 2005
Relevant URL: http://www.securityfocus.com/bid/12293
Summary:
Multiple unspecified buffer overflow vulnerabilities affect GNU
Queue. This issue is due to a failure of the application to properly
validate the length of user-supplied strings prior to copying them
into static process buffers.

An attacker may leverage these issues to execute instructions with the
privileges of the affected application. Although unconfirmed this may
facilitate unauthorized access or privilege escalation.

This BID will be updated as more information becomes available.

AWStats Remote Command Execution Vulnerability
BugTraq ID: 12298
Remote: Yes
Date Published: Jan 15 2005
Relevant URL: http://www.securityfocus.com/bid/12298
Summary:
AWStats is reported prone to a remote arbitrary command execution
vulnerability.  This issue presents itself due to insufficient
sanitization of user-supplied data.

An attacker can prefix arbitrary commands with the '|' character and
have them executed in the context of the server through a URI
parameter.

This issue was originally specified in BID 12270 (AWStats Multiple
Unspecified Remote Input Validation Vulnerabilities).  Due to the
availability of further details, it is being assigned a new BID.

xpdf Remote Buffer Overflow Vulnerabil...
BugTraq ID: 12302
Remote: Yes
Date Published: Jan 18 2005
Relevant URL: http://www.securityfocus.com/bid/12302
Summary:
xpdf is reported prone to a remote buffer overflow vulnerability. This
issue exists because the applications fails to perform proper boundary
checks before copying user-supplied data in to process buffers. A
remote attacker may execute arbitrary code in the context of a user
running the application. This can result in the attacker gaining
unauthorized access to the vulnerable computer.

It is reported that this issue presents itself in the
'Decrypt::makeFileKey2' function residing in the 'xpdf/Decrypt.cc' file.

This issue is reported to affect xpdf 3.00, however, it is likely that
earlier versions are prone to this vulnerability as well.
Applications using embedded xpdf code may be vulnerable to this issue as well.

Cisco IOS Skinny Call Control Protocol Handler Remote Denial...
BugTraq ID: 12307
Remote: Yes
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12307
Summary:
Cisco IOS when configured for Cisco IOS Telephony Service (ITS), Cisco
CallManager Express (CME), or Survivable Remote Site Telephony (SRST)
services is reported prone to a remote denial of service
vulnerability.

The issue is reported to exist in the Skinny Call Control Protocol
(SCCP) handler.

A remote attacker may exploit this vulnerability continuously to
effectively deny network-based services to legitimate users.

[ firmware ]

Apache Utilities Insecure Temporary File Creation Vulnerabil...
BugTraq ID: 12308
Remote: No
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12308
Summary:
A local insecure temporary file creation vulnerability reportedly
affects Apache Software Foundation Apache Utilities.  This issue is
due to a failure of the affected utility to securely create temporary
files in world writable locations.

An attacker may leverage this issue to corrupt, write to or create
arbitrary files with the privileges of the user or process running the
vulnerable script.

Linux Kernel Audit Subsystem Local Denial Of Service Vulnera...
BugTraq ID: 12309
Remote: No
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12309
Summary:
An unspecified local denial of service vulnerability is reported to
affect the system call filtering code in the audit subsystem of the
Linux kernel.

Originally, it was believed that this vulnerability was isolated to
the kernel that is distributed with Red Hat Enterprise Linux. This is
not the case and this BID is updated accordingly.

MySQL MaxDB WebAgent Remote Denial of Service Vulnerabilitie...
BugTraq ID: 12313
Remote: Yes
Date Published: Jan 19 2005
Relevant URL: http://www.securityfocus.com/bid/12313
Summary:
MaxDB WebAgent is reported prone to multiple remote denial of service
vulnerabilities.  These issues arise as the application fails to
handle exceptional conditions properly.

The following specific issues were identified:

The first vulnerability exists due to a NULL pointer dereference.

The second vulnerability arises when the application handles malformed
HTTP headers.

MaxDB versions prior to 7.5.0.21 are likely to be vulnerable to these
issues.  This issue has been confirmed in version 7.5.0.0.

xtrlock Unspecified Local Buffer Overflow Vulnerability
BugTraq ID: 12316
Remote: No
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12316
Summary:
xtrlock is reported prone to an unspecified local buffer overflow
vulnerability.  This issue exists due to insufficient boundary checks
performed by the application when copying user-supplied data in to
process buffers.

xtrlock is likely to be executed with superuser privileges, allowing
the attacker to gain elevated privileges.

Due to a lack of information, further details cannot be provided at
the moment.  This BID will be updated when more information is
available.

fkey Remote Arbitrary File Disclosure Vulnerability
BugTraq ID: 12321
Remote: Yes
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12321
Summary:
fkey is reported prone to a remote arbitrary file disclosure
vulnerability.  This issue can allow an attacker to disclose sensitive
files on a computer, which may aid in various attacks.

fkey 0.0.2 and prior versions are affected by this issue.

3Com OfficeConnect Wireless 11g Access Point 3CRWE454G72 Inf...
BugTraq ID: 12322
Remote: Yes
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12322
Summary:
It is reported that this issue arises due to an access validation
error and may allow remote unauthorized attackers to gain access to
sensitive hidden Web pages through the product's Web management
interface.

3Com OfficeConnect Wireless 11g Access Point 3CRWE454G72 firmware
versions prior to 1.03.07A are reported prone to this vulnerability.

[ firmware ]

Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of ...
BugTraq ID: 12324
Remote: Yes
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12324
Summary:
Squid is reported to be susceptible to a denial of service
vulnerability in its NTLM authentication module.

This vulnerability presents itself when an attacker sends unspecified
NTLM data to Squid.  The issue exists due to a memory leak that occurs
because memory allocated to store a base64-decoded string is not
freed.

It is conjectured that this issue allows an attacker to cause the NTLM
helper application to run out of memory and fail.

Advanced Linux Sound Architecture Library Stack Protection D...
BugTraq ID: 12325
Remote: No
Date Published: Jan 20 2005
Relevant URL: http://www.securityfocus.com/bid/12325
Summary:
The Advanced Linux Sound Architecture (ALSA) library contains a
weakness that disables stack protection schemes for its children.

If a child application of the ALSA library contains an exploitable
stack overflow, it will not be protected against by any stack
protection schemes that may be in place, potentially allowing
arbitrary code to be executed on the computer.

Multiple Ethereal Unspecified Dissector Vulnerabilities
BugTraq ID: 12326
Remote: Yes
Date Published: Jan 21 2005
Relevant URL: http://www.securityfocus.com/bid/12326
Summary:
Ethereal is prone to multiple vulnerabilities ranging from denial of
service to arbitrary code execution.

The first issue could cause the COPS dissector to go into an infinite
loop.

The second issue could cause the DLSw dissector to force Ethereal to
exit prematurely.

The third issue could cause the DNP dissector to corrupt memory.

The fourth issue could cause the Gnutella dissector to force Ethereal
to exit prematurely.

The fifth issue could cause the MMSE dissector to free statically
allocated memory.

The sixth issue could cause a buffer overflow in the X11 dissector.

Ghostscript Multiple Local Insecure Temporary File Creation ...
BugTraq ID: 12327
Remote: No
Date Published: Jan 21 2005
Relevant URL: http://www.securityfocus.com/bid/12327
Summary:
Ghostscript is reportedly affected by multiple local insecure
temporary file creation vulnerabilities.  These issues are likely due
to a design error that causes the application to fail to verify the
existence of a file before writing to it.

An attacker may leverage these issues to overwrite arbitrary files
with the privileges of an unsuspecting user that activates a
vulnerable application.

AFPL Ghostscript version 8.50, and GNU Ghostscript 8.01 are reportedly
affected by these vulnerabilities. Other versions may also be
affected.

GNU Enscript Multiple Vulnerabilities
BugTraq ID: 12329
Remote: Yes
Date Published: Jan 21 2005
Relevant URL: http://www.securityfocus.com/bid/12329
Summary:
Multiple vulnerabilities are reported in GNU enscript.

The first issues are reportedly due to insufficient sanitization of
user-supplied input data, leading to the possibility of arbitrary
command execution.

There are also reportedly multiple unspecified buffer overflow
vulnerabilities present in the utility. These issues are due to a
failure of the application to properly bounds check user-supplied data
prior to copying it into insufficiently sized memory buffers.

These issues are all locally exploitable, as enscript does not contain
any network support. By combining enscript in network-based
applications such as 'viewcvs', and possibly others, these issues
could likely be remotely exploited.

Enscript is not installed with setuid privileges, but it may be
utilized as a part of print spooler systems. By exploiting these
issues, attackers may be able to execute arbitrary commands or machine
code in the context of the affected system that is utilizing the
affected utility. Other attacks are also possible depending on how the
utility is utilized.

Linux Kernel Unspecified Local NFS I/O Denial of Service Vul...
BugTraq ID: 12330
Remote: No
Date Published: Jan 21 2005
Relevant URL: http://www.securityfocus.com/bid/12330
Summary:
The Linux kernel is reported prone to an unspecified local denial of
service vulnerability.  It is reported that issue exists locally and
is exploitable through direct I/O access to NFS file systems.

Successful exploitation will lead to a kernel panic on a computer with
NFS mounts. This would effectively deny service to legitimate users.

More information about the gull-annonces mailing list