[gull-annonces] Résumé SecurityFocus Newsletter #298/#299

Marc SCHAEFER schaefer at alphanet.ch
Sat May 7 15:04:03 CEST 2005 

Affix Bluetooth Protocol Stack Signed Buffer Index Vulnerabi...
BugTraq ID: 13347
Remote: No
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13347
Summary:
A local signed buffer index vulnerability affects Affix Bluetooth
Protocol Stack.  This issue is due to a failure of the affected
utility to properly handle user-supplied buffer size parameters.

This issue may be leveraged by a local attacker to gain escalated
privileges on an affected computer.

SNMPPD SNMP Proxy Daemon Remote Format String Vulnerability
BugTraq ID: 13348
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13348
Summary:
A remote format string vulnerability affects the SNMPPD SNMP Proxy
Daemon. This issue is due to a failure of the application to properly
sanitize user-supplied input data prior to using it in a
formatted-printing function.

A remote attacker may leverage this issue to execute arbitrary code
within the context of the affected application; this may facilitate
unauthorized access and privilege escalation.

ImageMagick PNM Image Decoding Remote Buffer Overflow Vulner...
BugTraq ID: 13351
Remote: Yes
Date Published: Apr 25 2005
Relevant URL: http://www.securityfocus.com/bid/13351
Summary:
A remote, client-side buffer overflow vulnerability affects
ImageMagick. This issue is due to a failure of the application to
properly validate the length of user-supplied strings prior to copying
them into static process buffers.

An attacker may exploit this issue to cause the affected application
to crash, potentially destroying unsaved data, ultimately denying
service to legitimate users.

MySQL MaxDB HTTP GET Request Remote Buffer Overflow Vulnerab...
BugTraq ID: 13368
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13368
Summary:
A remote buffer overflow vulnerability affects MySQL MaxDB. This issue
is due to a failure of the application to properly validate the length
of user-supplied strings prior to copying them into static process
buffers.

An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.

MySQL MaxDB WebDAV Lock Token Remote Buffer Overflow Vulnera...
BugTraq ID: 13369
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13369
Summary:
A remote buffer overflow vulnerability affects MySQL MaxDB. This issue
is due to a failure of the application to properly validate the length
of user-supplied strings prior to copying them into static process
buffers.

An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.

MySQL MaxDB WebDAV IF Parameter Remote Buffer Overflow Vulne...
BugTraq ID: 13378
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13378
Summary:
A remote buffer overflow vulnerability affects MySQL MaxDB. This issue
is due to a failure of the application to properly validate the length
of user-supplied strings prior to copying them into static process
buffers.

An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.

tcpdump BGP Decoding Routines Denial Of Service Vulnerabilit...
BugTraq ID: 13380
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13380
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker
to cause a denial of service condition in the software.  The issue
occurs due to the way tcpdump decodes Border Gateway Protocol (BGP)
packets.  A remote attacker may cause the software to enter an
infinite loop by sending malformed BGP packets resulting in the
software hanging.

tcpdump versions up to and including 3.8.3 are reported prone to this
issue.

tcpdump LDP Decoding Routines Denial Of Service Vulnerabilit...
BugTraq ID: 13389
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13389
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker
to cause a denial of service condition in the software.  The issue
occurs due to the way tcpdump decodes Label Distribution Protocol
(LDP) datagrams.  A remote attacker may cause the software to enter an
infinite loop by sending malformed LDP datagrams resulting in the
software hanging.

tcpdump versions up to and including 3.8.3 are reported prone to this
issue.

tcpdump RSVP Decoding Routines Denial Of Service Vulnerabili...
BugTraq ID: 13390
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13390
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker
to cause a denial of service condition in the software.  The issue
occurs due to the way tcpdump decodes Resource ReSerVation Protocol
(RSVP) packets.  A remote attacker may cause the software to enter an
infinite loop by sending malformed RSVP packets resulting in the
software hanging.

tcpdump versions up to and including 3.9.x/CVS are reported prone to
this issue.

Ethereal RSVP Decoding Routines Denial Of Service Vulnerabil...
BugTraq ID: 13391
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13391
Summary:
Ethereal is prone to a vulnerability that may allow a remote attacker
to cause a denial of service condition in the software.  The issue
occurs due to the way Ethereal decodes Resource ReSerVation Protocol
(RSVP) packets.  A remote attacker may cause the software to enter an
infinite loop by sending malformed RSVP packets resulting in the
software hanging.

Ethereal versions up to and including 0.10.10 are reported prone to
this issue.

tcpdump ISIS Decoding Routines Denial Of Service Vulnerabili...
BugTraq ID: 13392
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13392
Summary:
tcpdump is prone to a vulnerability that may allow a remote attacker
to cause a denial of service condition in the software.  The issue
occurs due to the way tcpdump decodes Intermediate System to
Intermediate System (ISIS) packets.  A remote attacker may cause the
software to enter an infinite loop by sending malformed ISIS packets
resulting in the software hanging.

tcpdump versions up to and including 3.9.x/CVS are reported prone to
this issue.

Rootkit Hunter Local Insecure Temporary File Creation Vulner...
BugTraq ID: 13399
Remote: No
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13399
Summary:
A local insecure file creation vulnerability affects Rootkit
Hunter. This issue is due to a design error that causes a file to be
insecurely opened or created and subsequently written to.

An attacker may leverage this issue to corrupt arbitrary files with
the privileges of an unsuspecting user that activates the affected
application.

Convert-UUlib Perl Module Buffer Overflow Vulnerability
BugTraq ID: 13401
Remote: Yes
Date Published: Apr 26 2005
Relevant URL: http://www.securityfocus.com/bid/13401
Summary:
Convert-UUlib Perl module is prone to a remotely exploitable buffer
overflow vulnerability.

This condition may be leveraged to overwrite sensitive program control
variables, allowing a remote attacker to control execution flow of the
process.

This BID will be updated as soon as further information regarding this
issue is made available.

Debian cvs-repouid Remote Authentication Bypass Vulnerabilit...
BugTraq ID: 13402
Remote: Yes
Date Published: Apr 27 2005
Relevant URL: http://www.securityfocus.com/bid/13402
Summary:
A remote authentication bypass vulnerability affects Debian CVS.  This
issue is due to an error with Debian's CVS cvs-repouid patch.

A remote attacker may leverage this issue to bypass CVS authentication
requirements and gain unauthorized access to a vulnerable repository.

Debian cvs-repouid Denial Of Service Vulnerability
BugTraq ID: 13403
Remote: Yes
Date Published: Apr 27 2005
Relevant URL: http://www.securityfocus.com/bid/13403
Summary:
A denial of service vulnerability affects Debian CVS.  This issue is
due to an error with Debian's CVS cvs-repouid patch.

A remote attacker may leverage this issue to cause the CVS process to
crash, effectively denying service to legitimate users.

LAM/MPI Runtime For Mandrake Linux Insecure Account Creation...
BugTraq ID: 13431
Remote: Yes
Date Published: Apr 28 2005
Relevant URL: http://www.securityfocus.com/bid/13431
Summary:
The LAM/MPI Runtime environment for Mandrake Linux is prone to an
insecure account creation vulnerability. The package creates an
account 'mpi' without a corresponding password during installation.

Webmin And Usermin Configuration File Unauthorized Access Vu...
BugTraq ID: 13205
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13205
Summary:
Usermin and Webmin are affected by a configuration file access
validation vulnerability. This issue is due to a design error that
causes certain configuration files to be assigned insecure
permissions.

An attacker may leverage this issue to gain access to various,
potentially sensitive system configuration files.  This may facilitate
privilege escalation or other attacks.

Mozilla Suite And Firefox Search Plug-In Remote Script Code ...
BugTraq ID: 13211
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13211
Summary:
A remote script code execution vulnerability affects Mozilla Suite and
Mozilla Firefox.  This issue is due to a failure of the application to
provide secure access validation prior to carrying out remotely
supplied script code execution.

An attacker may leverage this issue to execute arbitrary code in the
context of a Web site that is being viewed by an unsuspecting user; if
the Web page being viewed is a privileged page, remote code execution
is possible.  This may facilitate cross-site scripting as well as a
compromise of an affected computer.

It should be noted that this issue was previously reported in BID
13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting,
And Policy Bypass Vulnerabilities); it has been assigned its own BID.

Multiple Vendor TCP Session Acknowledgement Number Denial Of...
BugTraq ID: 13215
Remote: Yes
Date Published: Apr 18 2005
Relevant URL: http://www.securityfocus.com/bid/13215
Summary:
Multiple Vendor TCP/IP stack implementations are reported prone to a
denial of service vulnerability.

A report indicates that the vulnerability manifests when an erroneous
TCP acknowledgement number is encountered in an active TCP session
stream.

A successful attack may result in a degradation of the target
connection, effectively denying service for legitimate
users. Additionally, reports indicate that the computer being attacked
may suffer CPU performance degradation, potentially denying service
for local users too.

Mozilla Suite And Firefox Favicon Link Tag Remote Script Cod...
BugTraq ID: 13216
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13216
Summary:
A remote script code execution vulnerability affects Mozilla Suite and
Mozilla Firefox.  This issue is due to a failure of the application to
deny remote unauthorized access to trusted local interfaces.

An attacker may be able to exploit this issue to execute arbitrary
script code with the privileges of an unsuspecting user that activated
the affected Web browser. This may facilitate the installation and
execution of malicious applications on an affected computer.

It should be noted that this issue was previously reported in BID
13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting,
And Policy Bypass Vulnerabilities); it has been assigned its own BID.

CVS Unspecified Buffer Overflow And Memory Access Vulnerabil...
BugTraq ID: 13217
Remote: Yes
Date Published: Apr 18 2005
Relevant URL: http://www.securityfocus.com/bid/13217
Summary:
CVS is prone to unspecified buffer overflow, memory access
vulnerabilities, and a NULL pointer dereference denial of service.

It is conjectured that the issues may be leveraged by a remote
authenticated user to disclose regions of the CVS process memory, and
to corrupt CVS process memory. The two issues combined may lead to a
remote attacker reliably executing arbitrary code in the context of
the vulnerable process, although this is not confirmed.

This BID will be updated as soon as further information is made
available.

Mozilla Firefox PLUGINSPAGE Remote Script Code Execution Vul...
BugTraq ID: 13228
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13228
Summary:
A remote script code execution vulnerability affects Mozilla Firefox.
This issue is due to a failure of the application to deny remote
unauthorized access to malicious Plugin Finder Service links.

An attacker may be able to exploit this issue to execute arbitrary
script code with the privileges of an unsuspecting user that activated
the affected Web browser. This may facilitate the installation and
execution of malicious applications, subsequently facilitating
unauthorized access.

It should be noted that this issue was previously reported in BID
13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting,
And Policy Bypass Vulnerabilities); it has been assigned its own BID.

Mozilla Suite And Firefox Blocked Pop-Up Window Remote Scrip...
BugTraq ID: 13229
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13229
Summary:
A remote script code execution vulnerability affects Mozilla Suite and
Mozilla Firefox.  This issue is due to a failure of the application to
execute JavaScript in blocked pop-up windows securely.

An attacker may be able to exploit this issue to execute arbitrary
script code with the privileges of an unsuspecting user that activated
the affected Web browser. This may facilitate the installation and
execution of malicious applications, subsequently facilitating
unauthorized access.

It should be noted that this issue was previously reported in BID
13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting,
And Policy Bypass Vulnerabilities); it has been assigned its own BID.

Mozilla Suite And Firefox Global Scope Pollution Cross-Site ...
BugTraq ID: 13230
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13230
Summary:
A remote cross-site scripting vulnerability affects Mozilla Suite and
Mozilla Firefox.  This issue is due to a failure of the application to
properly clear stored parameters.

An attacker may exploit this issue to execute arbitrary script code in
the context of a page that is currently being viewed. This may
facilitate the theft of cookie based authentication credentials as
well a other attacks.

It should be noted that this issue was previously reported in BID
13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting,
And Policy Bypass Vulnerabilities); it has been assigned its own BID.

Mozilla Firefox Search Target Sidebar Panel Script Code Exec...
BugTraq ID: 13231
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13231
Summary:
A remote script code execution vulnerability affects Mozilla Firefox.
This issue is due to a failure of the application to securely run
script code targeted at the sidebar panel.

An attacker may be able to exploit this issue to execute arbitrary
script code with the privileges of an unsuspecting user that activated
the affected Web browser. This may facilitate the installation and
execution of malicious applications, subsequently facilitating
unauthorized access.

It should be noted that this issue was previously reported in BID
13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting,
And Policy Bypass Vulnerabilities); it has been assigned its own BID.

Mozilla Suite And Firefox XPInstall JavaScript Object Instan...
BugTraq ID: 13232
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13232
Summary:
Mozilla Suite and Mozilla Firefox are affected by an input validation
vulnerability.  This issue is due to a failure in the application to
verify input passed to installation objects.

An attacker may be able to exploit this issue to execute malicious
code in the context of the affected browser, subsequently facilitating
unauthorized access.

It should be noted that this issue was previously reported in BID
13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting,
And Policy Bypass Vulnerabilities); it has been assigned its own BID.

Mozilla Suite And Firefox Document Object Model Nodes Code E...
BugTraq ID: 13233
Remote: Yes
Date Published: Apr 16 2005
Relevant URL: http://www.securityfocus.com/bid/13233
Summary:
Mozilla Suite and Mozilla Firefox are affected by a code execution
vulnerability.  This issue is due to a failure in the application to
properly verify Document Object Model (DOM) property values.

An attacker may leverage this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable Web browser,
ultimately facilitating a compromise of the affected computer.

It should be noted that this issue was previously reported in BID
13208 (Mozilla Suite Multiple Code Execution, Cross-Site Scripting,
And Policy Bypass Vulnerabilities); it has been assigned its own BID.

info2www Cross-Site Scripting Vulnerability
BugTraq ID: 13252
Remote: Yes
Date Published: Apr 19 2005
Relevant URL: http://www.securityfocus.com/bid/13252
Summary:
info2www is prone to a cross-site scripting vulnerability.  This could
allow an attacker to place a link that appears safe on a Web page but
that will in fact cause script code to be executed in a user's
browser.

GeneWeb Maintainer Scripts Unspecified Insecure File Operati...
BugTraq ID: 13262
Remote: No
Date Published: Apr 19 2005
Relevant URL: http://www.securityfocus.com/bid/13262
Summary:
GeneWeb ships with maintainer scripts that are employed when upgrading
or installing the software.

The GeneWeb maintainer scripts are reported prone to an unspecified
insecure file operation.

This issue may lead to modification of arbitrary files with the
context of the user that is running the maintainer scripts.

Linux Kernel unw_unwind_to_user Local Denial of Service Vuln...
BugTraq ID: 13266
Remote: No
Date Published: Apr 19 2005
Relevant URL: http://www.securityfocus.com/bid/13266
Summary:
A local denial of service vulnerability affects the Linux kernel.

A local attacker may leverage this issue to cause an affected Linux
kernel to panic, effectively denying service to legitimate users.

Linux Kernel Fib_Seq_Start Local Denial of Service Vulnerabi...
BugTraq ID: 13267
Remote: No
Date Published: Apr 19 2005
Relevant URL: http://www.securityfocus.com/bid/13267
Summary:
A local denial of service vulnerability affects the Linux kernel.

A local attacker may leverage this issue to cause an affected Linux
kernel to panic, effectively denying service to legitimate users.

Although only the Linux kernel version 2.6.9 is reported vulnerable,
it is likely that other versions are vulnerable as well.

MPlayer RTSP Server Line Response Remote Buffer Overflow Vul...
BugTraq ID: 13270
Remote: Yes
Date Published: Apr 20 2005
Relevant URL: http://www.securityfocus.com/bid/13270
Summary:
A remote heap-based buffer overflow vulnerability affects
MPlayer. This issue is due to a failure of the application to properly
validate the length of user-supplied strings prior to copying them
into static process buffers.

An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.

MPlayer MMST Stream ID Remote Buffer Overflow Vulnerability
BugTraq ID: 13271
Remote: Yes
Date Published: Apr 20 2005
Relevant URL: http://www.securityfocus.com/bid/13271
Summary:
A remote heap-based buffer overflow vulnerability affects
MPlayer. This issue is due to a failure of the application to properly
validate the length of user-supplied strings prior to copying them
into static process buffers.

An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This
may facilitate unauthorized access or privilege escalation.

Logwatch Secure Script Denial Of Service Vulnerability
BugTraq ID: 13273
Remote: Yes
Date Published: Apr 20 2005
Relevant URL: http://www.securityfocus.com/bid/13273
Summary:
Logwatch is prone to a denial of vulnerability in the secure script.

This issue may be exploited by a local attacker who can inject a
malicious string into a log file, causing a denial of service
condition.  As a result, the utility may not detect subsequent
malicious activity.

GNU gzip Filename Directory Traversal Vulnerability
BugTraq ID: 13290
Remote: Yes
Date Published: Apr 20 2005
Relevant URL: http://www.securityfocus.com/bid/13290
Summary:
gzip is prone to a directory traversal vulnerability. The issue
manifests when gunzip is invoked on a malicious archive using the '-N'
switch.

An archive containing an absolute path for a filename that contains
'/' characters, results in the file getting written using the absolute
path contained in the filename.

A remote attacker may leverage this issue using a malicious archive to
corrupt arbitrary files with the privileges of the user that is
running the vulnerable software.

cpio Filename Directory Traversal Vulnerability
BugTraq ID: 13291
Remote: Yes
Date Published: Apr 20 2005
Relevant URL: http://www.securityfocus.com/bid/13291
Summary:
cpio is prone to a directory traversal vulnerability. The issue
manifests when cpio is invoked on a malicious archive.

An archive containing an absolute path for a filename that contains
'/' characters, results in the file getting written using the absolute
path contained in the filename.

A remote attacker may leverage this issue using a malicious archive to
corrupt arbitrary files with the privileges of the user that is
running the vulnerable software.

KDE Kommander Unspecified Arbitrary Script Execution Vulnera...
BugTraq ID: 13313
Remote: Yes
Date Published: Apr 22 2005
Relevant URL: http://www.securityfocus.com/bid/13313
Summary:
KDE Kommander is prone to a vulnerability that could allow arbitrary
script code to be executed without user interaction.  Such code would
execute in the security context of the user running Kommander.

This issue was reported to affect Quanta 3.1.x and KDE from 3.2 to
3.4.0.

More information about the gull-annonces mailing list