[gull-annonces] Résumé SecurityFocus Newsletter #304

Marc SCHAEFER schaefer at alphanet.ch
Sat Jun 25 11:04:01 CEST 2005 

Pico Server File Access Vulnerability
BugTraq ID: 13935
Remote: Yes
Date Published: 2005-06-11
Relevant URL: http://www.securityfocus.com/bid/13935
Summary:
Pico Server is a small web server written in C.

A vulnerability in Pico Server may allow for remote attackers to view
file contents or execute programs outside of the web root directory.
The vulnerability appears to be due to a design failure in a feature
meant to prevent unauthorized access outside of the web root.  The
vulnerability can be exploited to obtain the contents of files outside
of the web root directory.  It may also be exploited to run commands
via the "/cgi-bin/" virtual directory.

RedHat Linux sysreport Proxy Information Disclosure Vulnerability
BugTraq ID: 13936
Remote: Yes
Date Published: 2005-06-13
Relevant URL: http://www.securityfocus.com/bid/13936
Summary:
sysreport is susceptible to an information disclosure
vulnerability. This issue is due to a failure of the application to
ensure that sensitive information is not included in its generated
reports.

This vulnerability may result in sending unencrypted proxy
authentication usernames and passwords to potentially malicious
people. This may aid them in further attacks.

JamMail jammail.pl Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 13937
Remote: Yes
Date Published: 2005-06-12
Relevant URL: http://www.securityfocus.com/bid/13937
Summary:
JamMail is prone to a remote arbitrary command execution
vulnerability.

This vulnerability may allow an attacker to supply arbitrary commands
through the 'jammail.pl' script.

This can lead to various attacks including unauthorized access to an
affected computer.

JamMail 1.8 is affected by this issue.

Multiple Vendor Telnet Client Remote Information Disclosure Vulnerability
BugTraq ID: 13940
Remote: Yes
Date Published: 2005-06-14
Relevant URL: http://www.securityfocus.com/bid/13940
Summary:
Telnet clients provided by multiple vendors are susceptible to a
remote information disclosure vulnerability.

Any information stored in the environment of clients utilizing the
affected telnet application is available for attackers to
retrieve. The contents of the environment variables may be sensitive
in nature, allowing attackers to gain information that may aid them in
further system compromise.

OpenBSD Kernel IP_CTLoutput Local Denial Of Service Vulnerability
BugTraq ID: 13977
Remote: No
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13977
Summary:
A local denial of service vulnerability affects OpenBSD.

The vendor reports that a local user may invoke 'getsockopt()' on an
existing socket to trigger this vulnerability.

A local attacker may exploit this issue to trigger a kernel panic and
deny service for legitimate users.

SpamAssassin Malformed Email Header Remote Denial Of Service 
Vulnerability
BugTraq ID: 13978
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13978
Summary:
SpamAssassin is prone to a remote denial of service
vulnerability. This issue is due to a failure of the application to
properly handle overly long email headers.  Further details regarding
this vulnerability are currently not available.  This BID will be
updated as more information is disclosed.

An attacker may cause SpamAssassin to take inordinate amounts of time
to check a specially crafted email message. By sending many malicious
messages, it may be possible for attackers to cause extremely large
delays in email delivery, denying service to legitimate users.

SuSE Linux GPG2 S/MIME Signing Unspecified Vulnerability
BugTraq ID: 13980
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13980
Summary:
SuSE Linux is affected by an unspecified vulnerability related to
S/MIME signing using gpg2.  The cause and impact of this issue is
currently unknown.

Due to a lack of details, it cannot be confirmed whether this issue
poses a security threat or results in an adverse affect on the
functionality of the application.  It is conjectured that this issue
is remote in nature.

SUSE Linux 9.3 is affected by this issue.

[ probablement affecte toutes les versions de GPG, mais on n'a pas
  encore les informations qu'il faudrait. Assez peu de gens utilisent
  les signatures s/MIME par rapport aux OpenPGP.
]

Yaws Remote Source Code Disclosure Vulnerability
BugTraq ID: 13981
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13981
Summary:
A vulnerability has been reported in Yaws that may result in the
disclosure of script files' source code.  Information obtained in this
manner may be used by the attacker to launch further attacks against a
vulnerable system.  Yaws 1.55 and prior versions are affected.

[ Serveur HTTP/1.1 écrit en Erlang, http://yaws.hyber.org/ ]

Vipul razor-agents Multiple Unspecified Denial Of Service Vulnerability
BugTraq ID: 13984
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13984
Summary:
Vipul razor-agents is prone to multiple unspecified denial of service
vulnerabilities. The following issues are reported:

The first denial of service vulnerability exists in the discovery logic of 
razor-agents.

The second issue exists in the preprocessing code of razor-agents.

Both issues may be exploited to cause a denial of service for the
vulnerable application.

[ anti-spamming ]

JBoss Malformed HTTP Request Remote Information Disclosure Vulnerability
BugTraq ID: 13985
Remote: Yes
Date Published: 2005-06-17
Relevant URL: http://www.securityfocus.com/bid/13985
Summary:
JBoss is prone to a remote information disclosure vulnerability. The
issue exists in the 'org.jboss.web.WebServer' class and is due to a
lack of sufficient sanitization of user-supplied request data.

Information that is harvested through leveraging of this issue may be
used to aid in further attacks that are launched against the affected
service.

[ message bus pour Java ]

Ajax-Spell HTML Tag Script Injection Vulnerability
BugTraq ID: 13986
Remote: Yes
Date Published: 2005-06-16
Relevant URL: http://www.securityfocus.com/bid/13986
Summary:
ajax-spell is prone to a script injection vulnerability.  This could
permit an attacker to inject hostile HTML and script code into the
session of a user of the Web site hosting the application.

Successful exploitation could let an attacker steal cookie-based
authentication credentials or launch other attacks.

[ en Javascript ]

More information about the gull-annonces mailing list