[gull-annonces] Résumé SecurityFocus Newsletter #302
Marc SCHAEFER
schaefer at alphanet.ch
Wed Jun 8 20:42:02 CEST 2005
PServ Symbolic Link Information Disclosure Vulnerability
BugTraq ID: 13634
Remote: No
Date Published: May 16 2005
Relevant URL: http://www.securityfocus.com/bid/13634
Summary:
pServ is prone to an information disclosure vulnerability through
symbolic link files. This occurs because the application will follow
symbolic links to files outside the Web root.
This issue was reported to affect pServ 3.2 and 3.3; other versions
are likely vulnerable.
PServ Remote Source Code Disclosure Vulnerability
BugTraq ID: 13638
Remote: Yes
Date Published: May 16 2005
Relevant URL: http://www.securityfocus.com/bid/13638
Summary:
pServ is affected by a remote source code disclosure vulnerability.
When handling a specially-crafted URI request, the application
discloses the source code of scripts in the 'cgi-bin' directory.
Information gathered through this attack could be used to launch
further attacks against a system.
Pserv Directory Traversal Vulnerability
BugTraq ID: 13642
Remote: Yes
Date Published: May 16 2005
Relevant URL: http://www.securityfocus.com/bid/13642
Summary:
pServ is prone to a directory traversal vulnerability. This occurs
because the application does not implement a proper method for
filtering directory traversal sequences from URIs. Since this can be
done from the cgi-bin directory, it is possible to execute commands to
which the Web server has permission.
This issue was reported to affect pServ version 3.2; earlier versions
are like vulnerable.
Pserv completedPath Remote Buffer Overflow Vulnerability
BugTraq ID: 13648
Remote: Yes
Date Published: May 16 2005
Relevant URL: http://www.securityfocus.com/bid/13648
Summary:
pServ is prone to a remotely exploitable buffer overflow
vulnerability. The issue occurs because proper boundary checks are
not performed allowing an internal buffer to be overrun. This
vulnerability could potentially be exploited to execute arbitrary code
in the context of the Web server.
This issue was fixed in pServ 3.3; earlier versions are likely
vulnerable.
[ petit serveur WWW efficace en C ]
WebAPP Apage.CGI Remote Command Execution Vulnerability
BugTraq ID: 13637
Remote: Yes
Date Published: May 16 2005
Relevant URL: http://www.securityfocus.com/bid/13637
Summary:
WebAPP is prone to a remote command execution vulnerability. This
issue is due to a failure in the application to properly sanitize
user-supplied input.
[ Portail WWW en Perl ]
Mozilla Suite And Firefox Multiple Script Manager Security B...
BugTraq ID: 13641
Remote: Yes
Date Published: May 16 2005
Relevant URL: http://www.securityfocus.com/bid/13641
Summary:
Multiple issues exist in Mozilla Suite and Firefox. These issues allow
attackers to bypass security checks in the script security manager.
Security checks in the script security manager are designed to prevent
script injection vulnerabilities.
An attacker sending certain undisclosed JavaScript in 'view-source:',
and 'jar:' pseudo protocol URIs, may bypass these security checks.
An undisclosed, nested URI, as well as a variant of BID 13216 are
reportedly also able to bypass security checks.
These vulnerabilities allow remote attackers to execute script code
with elevated privileges, leading to the installation and execution of
malicious applications on an affected computer. Cross-site scripting,
and other attacks are also likely possible.
The vendor has not provided enough information to determine how many
specific instances of the issue were addressed, and has not clarified
whether or not they have addressed a single general vulnerability or
multiple specific vulnerabilities. This BID may be split into its
separate issues as further information is disclosed.
Further details are scheduled to be released in the future. This BID
will be updated at that time.
Multiple Linux Kernel IOCTL Handlers Local Memory Corruption...
BugTraq ID: 13651
Remote: No
Date Published: May 17 2005
Relevant URL: http://www.securityfocus.com/bid/13651
Summary:
The Linux kernel raw device and pktcdvd block device ioctl handlers
are reported prone to local kernel-based memory corruption
vulnerabilities. The issues manifest due to a lack of sanity checks
performed on argument values that are passed to the 'raw_ioctl()' and
'pkt_ioctl()' functions.
A local attacker, that has read access to a sufficient block device,
may leverage this memory corruption to execute arbitrary
attacker-supplied code in the context of the system kernel (ring-0).
bzip2 Remote Denial of Service Vulnerability
BugTraq ID: 13657
Remote: Yes
Date Published: May 17 2005
Relevant URL: http://www.securityfocus.com/bid/13657
Summary:
bzip2 is prone to a remote denial of service vulnerability. This
issue arises when the application processes malformed archives.
A successful attack can result in resource exhaustion and trigger a
denial of service condition.
bzip2 version 1.0.2 is reportedly affected by this issue. Other
version are likely vulnerable as well.
MySQL mysql_install_db Insecure Temporary File Creation Vuln...
BugTraq ID: 13660
Remote: No
Date Published: May 17 2005
Relevant URL: http://www.securityfocus.com/bid/13660
Summary:
MySQL is reportedly affected by a vulnerability that can allow local
attackers to gain unauthorized access to the database or gain elevated
privileges. This issue results from a design error due to the
creation of temporary files in an insecure manner.
The vulnerability affects the 'mysql_install_db' script.
Due to the nature of the script it may be possible to create database
accounts or gain elevated privileges.
MySQL versions prior to 4.0.12 and MySQL 5.x releases 5.0.4 and prior
versions are reported to be affected.
Cheetah Local Privilege Escalation Vulnerability
BugTraq ID: 13662
Remote: No
Date Published: May 17 2005
Relevant URL: http://www.securityfocus.com/bid/13662
Summary:
Cheetah is prone to a local privilege escalation vulnerability.
The issue arises because the application imports modules from the
'/tmp' directory before searching for the path from the 'PYTHONPATH'
variable.
This can result in arbitrary code execution granting elevated
privileges to an attacker.
Cheetah versions prior to 0.9.17-rc1 are affected by this issue.
[ Client WWW rapide et efficace ]
Multiple Vendor TCP Timestamp PAWS Remote Denial Of Service ...
BugTraq ID: 13676
Remote: Yes
Date Published: May 18 2005
Relevant URL: http://www.securityfocus.com/bid/13676
Summary:
A denial of service vulnerability exists for the TCP RFC 1323. The
issue exists in the Protection Against Wrapped Sequence Numbers (PAWS)
technique that was included to increase overall TCP performance.
When TCP 'timestamps' are enabled, both hosts at the endpoints of a
TCP connection employ internal clocks to mark TCP headers with a 'time
stamp' value.
When TCP PAWS is configured to employ timestamp values, this
functionality exposes TCP PAWS implementations to a denial of service
vulnerability.
The issue manifests if an attacker transmits a sufficient TCP PAWS
packet to a vulnerable computer. A large value is set by the attacker
as the packet timestamp. When the target computer processes this
packet, the internal timer is updated to the large attacker supplied
value. This causes all other valid packets that are received
subsequent to an attack to be dropped as they are deemed to be too
old, or invalid. This type of attack will effectively deny service for
a target connection.
D-Link DSL Router Remote Authentication Bypass Vulnerability
BugTraq ID: 13679
Remote: Yes
Date Published: May 19 2005
Relevant URL: http://www.securityfocus.com/bid/13679
Summary:
Various D-Link DSL routers are susceptible to a remote authentication
bypass vulnerability. This issue is due to a failure of the devices to
require authentication in certain circumstances.
This vulnerability allows remote attackers to gain complete
administrative access to affected devices.
Various D-Link devices with the following firmware revisions are
affected by this issue:
- V1.00B01T16.EN.20040211
- V1.00B01T16.EU.20040217
- V0.00B01T04.UK.20040220
- V1.00B01T16.EN.20040226
- V1.00B02T02.EU.20040610
- V1.00B02T02.UK.20040618
- V1.00B02T02.EU.20040729
- V1.00B02T02.DE.20040813
- V1.00B02T02.RU.20041014
Due to the common practice of code reuse, other devices are also
likely affected by this issue.
[ firmware ]
Linux Kernel 64 Bit ext3 Filesystem Extended Attribute Denia...
BugTraq ID: 13680
Remote: No
Date Published: May 19 2005
Relevant URL: http://www.securityfocus.com/bid/13680
Summary:
The Linux Kernel is prone to a local denial of service
vulnerability. Reports indicate the issue manifests on 64-bit
platforms and is because of a flaw present in offset handling for the
extended attribute file system code.
A local attacker may trigger this issue to crash the system kernel.
PPXP Local Privilege Escalation Vulnerability
BugTraq ID: 13681
Remote: No
Date Published: May 19 2005
Relevant URL: http://www.securityfocus.com/bid/13681
Summary:
ppxp is prone to a local privilege escalation vulnerability. An
attacker may abuse the issue to open a shell with superuser
privileges.
[ autre impl?mentation de PPP ]
gdb Multiple Vulnerabilities
BugTraq ID: 13697
Remote: Yes
Date Published: May 20 2005
Relevant URL: http://www.securityfocus.com/bid/13697
Summary:
gdb is reportedly affected by multiple vulnerabilities. These issues
can allow an attacker to execute arbitrary code and commands on an
affected computer. A successful attack may result in the attacker
gaining elevated privileges or unauthorized access.
The following specific issues were identified:
The application is affected by a remote heap overflow vulnerability
when loading malformed object files.
Another vulnerability affecting the application may allow local
attackers to gain elevated privileges.
gdb 6.3 is reportedly affected by these issues. Other versions are
likely vulnerable as well.
Picasm Error Generation Remote Buffer Overflow Vulnerability
BugTraq ID: 13698
Remote: Yes
Date Published: May 20 2005
Relevant URL: http://www.securityfocus.com/bid/13698
Summary:
Picasm is affected by a remote buffer overflow vulnerability.
An attacker can exploit this issue by supplying an excessive 'error'
directive.
If successfully exploited, this issue can allow a remote attacker to
gain access to the affected computer in the context of the user
running the application.
Picasm 1.12b and prior versions are vulnerable to this issue.
Gedit Filename Format String Vulnerability
BugTraq ID: 13699
Remote: Yes
Date Published: May 30 2005
Relevant URL: http://www.securityfocus.com/bid/13699
Summary:
gEdit is prone to a format string vulnerability. Exploitation may
occur when the program is invoked with a filename that includes
malicious format specifiers. This issue could be exploited to corrupt
arbitrary regions of memory with attacker-supplied data, potentially
resulting in execution of arbitrary code in the context of the user
running the program.
Zyxel Prestige 650R-31 Router Remote Denial of Service Vulne...
BugTraq ID: 13703
Remote: Yes
Date Published: May 20 2005
Relevant URL: http://www.securityfocus.com/bid/13703
Summary:
Zyxel Prestige 650R-31 router is affected by a remote denial of
service vulnerability.
The router fails to handle specially crafted fragmented IP packets and
stops responding.
Prestige 650R-31 router running ZyNOS Firmware 3.40 (KO.1) is affected
by this issue.
[ firmware ]
ImageMagick And GraphicsMagick XWD Decoder Denial Of Service...
BugTraq ID: 13705
Remote: Yes
Date Published: May 21 2005
Relevant URL: http://www.securityfocus.com/bid/13705
Summary:
A remote, client-side denial of service vulnerability affects
ImageMagick and GraphicsMagick. This issue is due to a failure of the
application to handle malformed XWD image files.
A remote attacker may leverage this issue to cause the affected
application to enter into an infinite loop condition, consuming CPU
resources on the affected computer, denying service to legitimate
users.
More information about the gull-annonces
mailing list