[gull-annonces] Résumé SecurityFocus Newsletter #308

Sun Jul 31 18:07:03 CEST 2005

PowerDNS LDAP Backend Query Escape Failure Vulnerability
BugTraq ID: 14290
Remote: Yes
Date Published: 2005-07-17
Relevant URL: http://www.securityfocus.com/bid/14290
Summary:
The PowerDNS LDAP back-end did not adequately escape requests prior to 
version 2.9.18.   As a result, it was possible for requests to fail without 
answering questions.  This may have security implications in environments 
where PowerDNS and LDAP are used.  The vendor has fixed this in version 
2.9.18.

PowerDNS Recursive Query Denial of Service Vulnerability
BugTraq ID: 14291
Remote: Yes
Date Published: 2005-07-17
Relevant URL: http://www.securityfocus.com/bid/14291
Summary:
A denial of service vulnerability affects PowerDNS.  The vulnerability 
allows for remote attackers from external networks to cause lookups for 
authorized hosts to fail.  The technical details of this vulnerability are 
not yet available.  The condition occurs when PowerDNS is configured to 
allow only hosts from specific IP address ranges to perform recursive 
queries. 

Shorewall MACLIST Firewall Rules Bypass Vulnerability
BugTraq ID: 14292
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14292
Summary:
Shorewall is susceptible to a firewall rules bypass vulnerability. This 
issue is due to a failure of the software to properly implement expected 
firewall rules for MAC address-based filtering.

This issue arrises when 'MACLIST_TTL' is greater than 0, or 
'MACLIST_DISPOSITION' is configured as 'ACCEPT'.

This vulnerability allows attackers to bypass firewall rules, letting them 
attack protected services and computers without further restriction.

This also issue leads to a false sense of security by firewall 
administrators.

KDE Kate, KWrite Local Backup File Information Disclosure Vulnerability
BugTraq ID: 14297
Remote: No
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14297
Summary:
KDE kate, and kwrite are susceptible to a local information disclosure 
vulnerability. This issue is due to a failure of the applications to 
maintain secure file permissions when creating backup files.

This vulnerability allows local attackers to gain access to the contents of 
potentially sensitive files.

Note: Since these applications are network-aware, under some unknown 
circumstances, this issue may not be restricted to local attackers.

MRV Communications In-Reach Console Servers Access Control Bypass 
Vulnerability
BugTraq ID: 14300
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14300
Summary:
In-Reach console servers are affected by an access control bypass 
vulnerability.

Under certain circumstances, the vulnerable devices fail to verify port 
based access controls and allows a user to access any port or console.

This issue affects In-Reach LX-8000, 4000 and 1000 series devices running 
software version 3.5.0.  Other models may be vulnerable as well.

[ firmware ]

EKG Insecure Temporary File Creation Vulnerability
BugTraq ID: 14307
Remote: No
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14307
Summary:
ekg is reported prone to an unspecified insecure temporary file creation 
vulnerability.  This issue is likely due to a design error that causes the 
application to fail to verify the existence of a file before writing to it. 
The details available regarding this issue are not sufficient to provide an 
in depth technical description. This BID will be updated when more 
information becomes available. 
An attacker may leverage this issue to overwrite arbitrary files with the 
privileges of an unsuspecting user that activates the vulnerable 
application. 

EKG Unspecified Command Execution Vulnerability
BugTraq ID: 14308
Remote: Yes
Date Published: 2005-07-18
Relevant URL: http://www.securityfocus.com/bid/14308
Summary:
ekg is affected by an unspecified command execution vulnerability.

A successful attack would involve executing shell commands in the context of 
the application.  It may be possible for an attacker to gain unauthorized 
access to an affected computer by exploiting this issue.  

Mozilla Firefox Weak Authentication Mechanism Vulnerability
BugTraq ID: 14325
Remote: Yes
Date Published: 2005-07-19
Relevant URL: http://www.securityfocus.com/bid/14325
Summary:
Firefox is affected by a vulnerability that may result in sending 
authentication credentials across the network in plaintext format.

By default, the browser chooses basic authentication even if other 
authentication schemas such as Digest or NTLM are available from the server.

Mozilla Firefox 1.0.4 and 1.0.5 running on Windows are confirmed to be 
vulnerable.  Other versions on different platforms may be affected as well.

FreeBSD Jail() Devfs Ruleset Bypass Vulnerability
BugTraq ID: 14334
Remote: No
Date Published: 2005-07-20
Relevant URL: http://www.securityfocus.com/bid/14334
Summary:
FreeBSD is prone to a vulnerability that may allow local attackers to gain 
access to restricted resources on a computer. 
This issue allows local attackers to access hidden device nodes on devfs 
file systems from within a jail.  The attacker can create sensitive device 
nodes in the jail with default access permissions.

A successful attack can lead to information disclosure and privilege 
escalation.

Greasemonkey Multiple Remote Information Disclosure Vulnerabilities
BugTraq ID: 14336
Remote: Yes
Date Published: 2005-07-20
Relevant URL: http://www.securityfocus.com/bid/14336
Summary:
Greasemonkey is susceptible to multiple remote information disclosure 
vulnerabilities. These issues are due to a design error allowing insecure 
JavaScript functions to be executed by remote Web sites.

The specified issues exist in the 'GM_xmlhttpRequest()', 'GM_setValue()', 
and 'GM_scripts()' functions.

Other GM_* functions also likely to be affected, but the exact functions are 
not known at this time.

These vulnerabilities allow remote attackers to retrieve the contents of 
arbitrary files, retrieve directory listings from arbitrary locations, and 
retrieve the contents of various private Greasemonkey data structures. This 
aids them in further attacks.

Zlib Compression Library Decompression Denial Of Service Vulnerability
BugTraq ID: 14340
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14340
Summary:
Zlib is susceptible to a denial of service vulnerability. This issue is due 
to a failure of the library to properly handle unexpected input to its 
decompression routines.

Certain values used during decompression are incorrectly specified, allowing 
invalid inflate input to crash the library.

This vulnerability allows attackers to crash applications that utilize the 
affected library.

EKG LIbGadu Multiple Remote Integer Overflow Vulnerabilities
BugTraq ID: 14345
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14345
Summary:
EKG libgadu is susceptible to multiple remote integer overflow 
vulnerabilities. These issues are due to a failure of the application to 
properly sanitize user-supplied input data prior to using it in memory 
allocation and copy operations.

Attackers may exploit these vulnerabilities to execute arbitrary machine 
code in the context of applications that utilize the affected library. 
Failed exploitation attempts likely result in crashed applications.

Fetchmail POP3 Client Buffer Overflow Vulnerability
BugTraq ID: 14349
Remote: Yes
Date Published: 2005-07-21
Relevant URL: http://www.securityfocus.com/bid/14349
Summary:
Fetchmail POP3 client is prone to a buffer overflow vulnerability.  This 
issue presents itself because the application fails to perform boundary 
checks prior to copying user-supplied data into sensitive process buffers. 
This includes POP variants such as APOP, and others.

A successful attack can result in overflowing a finite sized buffer and 
ultimately leading to arbitrary code execution in the context of the 
fetchmail process.  This may allow the attacker to gain elevated privileges.