[gull-annonces] Resume SecurityFocus Newsletter #291

Marc SCHAEFER schaefer at alphanet.ch
Thu Mar 10 17:32:04 CET 2005


Stormy Studios KNet Remote Buffer Overflow Vulnerability
BugTraq ID: 12671
Remote: Yes
Date Published: Feb 26 2005
Relevant URL: http://www.securityfocus.com/bid/12671
Summary:
A remote buffer overflow vulnerability affects Stormy Studios KNet.
This issue is due to a failure of the application to securely copy
user-supplied input into finite process buffers.

An attacker may leverage this issue to execute arbitrary code on a
computer with the privileges of the affected server, facilitating
unauthorized access.

Mozilla Firefox Address Bar Image Dragging Remote Script Exe...
BugTraq ID: 12672
Remote: Yes
Date Published: Feb 26 2005
Relevant URL: http://www.securityfocus.com/bid/12672
Summary:
A remote script execution vulnerability affects Mozilla Firefox.  This
issue is due to a failure of the application to properly validate the
origin of scripts prior to execution when loaded into a browser window
by dragging JavaScript image URIs into the address bar.

An attacker may leverage this issue to execute arbitrary script code
in the context of a target Web site in the browser of an unsuspecting
user.  This may facilitate cookie-based authentication credential
theft as well as other attacks.

Debian reportbug Multiple Information Disclosure Vulnerabili...
BugTraq ID: 12674
Remote: Yes
Date Published: Feb 28 2005
Relevant URL: http://www.securityfocus.com/bid/12674
Summary:
Multiple information disclosure vulnerabilities affect Debian
reportbug; these issues are due to a failure of the application to
properly configure sensitive data files.

An attacker may leverage these issues to email smarthost passwords,
potentially leading to further compromise.

kppp Privileged File Descriptor Leakage Vulnerability
BugTraq ID: 12677
Remote: No
Date Published: Feb 28 2005
Relevant URL: http://www.securityfocus.com/bid/12677
Summary:
kppp is reported prone to a file descriptor leakage vulnerability.
This vulnerability can allow local attackers to gain read or write
access to sensitive files such as '/etc/hosts' and '/etc/resolv.conf',
which may lead to other attacks against the computer.

This vulnerability has been confirmed in KPPP 2.1.2.  KPPP versions
included with KDE 3.1.5 and prior versions are affected as well.

NoMachine NX Server X Authority File Reading Signal Interrup...
BugTraq ID: 12681
Remote: No
Date Published: Feb 28 2005
Relevant URL: http://www.securityfocus.com/bid/12681
Summary:
A local unauthorized access vulnerability affects NoMachine NX Server.
This issue due to a failure of the application to securely carry out
its authentication procedure.

An attacker may leverage this issue to gain unauthorized access to an
affected x server.

Mitel 3300 Integrated Communications Platform Web Interface ...
BugTraq ID: 12682
Remote: Yes
Date Published: Feb 28 2005
Relevant URL: http://www.securityfocus.com/bid/12682
Summary:
A remote authentication bypass vulnerability affects the Web interface
of Mitel 3300 Integrated Communications Platform.  This issue is due
to a design error in the session IDs produced to manage authenticated
users.

This issue will allow an attacker to gain authenticated access to the
Web interface of an affected device, facilitating further attacks.

[ firmware ]

Trolltech QT Local Code Execution Vulnerability
BugTraq ID: 12695
Remote: No
Date Published: Mar 01 2005
Relevant URL: http://www.securityfocus.com/bid/12695
Summary:
A local code execution vulnerability affects Trolltech QT.  These
issues are due to a failure of the application to secure local
dynamically loaded libraries.

An attacker may leverage this issue to execute arbitrary code in the
context of an unsuspecting user that activates a QT derived product;
this will facilitate privilege escalation.

xloadimage Compressed Image Command Execution Vulnerability
BugTraq ID: 12712
Remote: Yes
Date Published: Mar 02 2005
Relevant URL: http://www.securityfocus.com/bid/12712
Summary:
A remote command execution vulnerability affects xloadimage.  This
issue is due to a failure of the application to safely parse
compressed images.

An attacker may leverage this by distributing a malicious image file
designed to execute arbitrary commands with the privileges of an
unsuspecting users.

xli Unspecified Remote Buffer Mismanagement Vulnerability
BugTraq ID: 12713
Remote: Yes
Date Published: Mar 02 2005
Relevant URL: http://www.securityfocus.com/bid/12713
Summary:
An unspecified remote buffer mismanagement vulnerability affects xli.
This issue is due to a failure of the application to securely manage
internal buffers when processing user-supplied input.

An attacker may leverage this issue to execute arbitrary code with the
privileges of the affected application, facilitating privilege
escalation or unauthorized access.

[ aucune idée ce que c'est ni de sa licence ]

libXpm bitmap_unit Integer Overflow Vulnerability
BugTraq ID: 12714
Remote: Yes
Date Published: Mar 02 2005
Relevant URL: http://www.securityfocus.com/bid/12714
Summary:
An integer overflow vulnerability is reported to affect libXpm, it is
reported that this vulnerability exists in the 'scan.c' source file
and is due to a lack of sanity checks performed on the 'bitmap_unit'
value.

A remote attacker may exploit this condition to execute arbitrary code
in the context of the application that is linked to the affected
library.

Squid Proxy Set-Cookie Headers Information Disclosure Vulner...
BugTraq ID: 12716
Remote: Yes
Date Published: Mar 03 2005
Relevant URL: http://www.securityfocus.com/bid/12716
Summary:
Squid Proxy is prone to an information disclosure vulnerability.

It is reported that remote attackers may gain access to Set-Cookie
headers related to another user.  Information gathered through
exploiting this issue may aid in further attacks against services
related to the cookie, potentially allowing for session hijacking.

Squid Proxy 2.5 STABLE7 to 2.5 STABLE9 are vulnerable to this issue.

ImageMagick File Name Handling Remote Format String Vulnerab...
BugTraq ID: 12717
Remote: Yes
Date Published: Mar 03 2005
Relevant URL: http://www.securityfocus.com/bid/12717
Summary:

ImageMagick is reported prone to a remote format string vulnerability.

Reportedly, this issue arises when the application handles malformed
file names.  An attacker can exploit this vulnerability by crafting a
malicious file with a name that contains format specifiers and sending
the file to an unsuspecting user.

It should be noted that other attack vectors also exist that may not
require user interaction as the application can be used with custom
printing systems and Web applications.

A successful attack may result in crashing the application or lead to
arbitrary code execution.

All versions of ImageMagick are considered vulnerable at the moment.

FreeBSD Unspecified x86 SMP Local Information Disclosure Vul...
BugTraq ID: 12724
Remote: No
Date Published: Mar 04 2005
Relevant URL: http://www.securityfocus.com/bid/12724
Summary:
FreeBSD is allegedly prone to an unspecified local information
disclosure vulnerability on x86 platforms.  This vulnerability is
reportedly related to SMP (Symmetric Multiprocessing).

It is also reported that other BSD-based operating systems may be
similarly affected, depending on their SMP implementation.  At the
time of writing, no other operating systems have been confirmed to be
vulnerable.

Mozilla Suite/Firefox HTTP Authentication Dialogs Tab Focus ...
BugTraq ID: 12728
Remote: Yes
Date Published: Feb 28 2005
Relevant URL: http://www.securityfocus.com/bid/12728
Summary:
Mozilla Suite and Mozilla Firefox are reported prone to a
vulnerability that may result in the loss of authentication
credentials. It is reported that HTTP authentication dialogs do not
remain focused for the tab that invoked the dialog, rather the dialog
focuses over the active tab.

A remote attacker may potentially exploit this condition to aid in
phishing attacks.

This vulnerability is reported to affect Firefox versions prior to
version 1.0.1 and Mozilla Suite versions prior to version 1.7.6.



More information about the gull-annonces mailing list