[gull-annonces] Résumé SecurityFocus Newsletter #300

Marc SCHAEFER schaefer at alphanet.ch
Wed May 11 11:15:02 CEST 2005 

Linux Kernel it87 and via686a Drivers Insecure File Creation...
BugTraq ID: 13455
Remote: No
Date Published: May 02 2005
Relevant URL: http://www.securityfocus.com/bid/13455
Summary:
The Linux kernel it87 and via686a drivers create an insecure file that
could allow a local user to cause a denial of service condition.  This
occurs because the created file's permissions allow both read and
write.

This issue was reported to affect kernel version 2.6.11.7; earlier
versions may also be affected.

[ depuis quand les pilotes kernels creent des fichiers ... ]

Joshua Chamas Crypt::SSLeay Perl Module Insecure Entropy Sou...
BugTraq ID: 13471
Remote: No
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13471
Summary:
Crypt::SSLeay is prone to a security vulnerability. Reports indicate
that the library employs a file from a world writable location for its
fallback entropy source. The module defaults to this file if a proper
entropy source is not set.

If the affected library is using the insecure file as a source of
entropy, a local attacker may replace the contents of the file with
known text. This known text is then employed to seed cryptographic
operations. This may lead to weak cryptographic operations.

Open WebMail Remote Arbitrary Shell Command Execution Vulner...
BugTraq ID: 13472
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13472
Summary:
Open WebMail is prone to a remote shell command execution
vulnerability.  This issue presents itself due to insufficient
sanitization of user-supplied data.

This issue has been addressed in releases of Open WebMail dated after
Apr 30, 2005.

LibTomCrypt El Gamal Implementation Flaw Valid Signature Gen...
BugTraq ID: 13473
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13473
Summary:
LibTomCrypt is prone to a security vulnerability that exists in the
signature generation functionality. The issue may be leveraged by an
attacker to generate legitimate signatures without requiring a valid
private key.

The vulnerability manifests due to a mathematical flaw in the
LibTomCrypt implementation of the El Gamal signature algorithm.

This vulnerability exists in LibTomCrypt versions 1.02 and earlier.

SmartList ListManager Arbitrary List Addition Vulnerability
BugTraq ID: 13474
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13474
Summary:
Smartlist could allow arbitrary email addresses to be added to a
mailing list.  This issue is due to a vulnerability in the confirm
add-on function of Smartlist.  The function can be tricked, thus
permitting the addition of arbitrary addresses to the list.

PostgreSQL TSearch2 Design Error Vulnerability
BugTraq ID: 13475
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13475
Summary:
The PostgreSQL 'contrib/tsearch2' module is prone to a security
vulnerability. The issue manifests because the module does not
correctly declare several functions.

Although unconfirmed, it is conjectured that this issue allows a
remote user that can write SQL queries to the affected database to
call these functions, when they should not be accessible directly from
SQL commands.

This vulnerability affects PostgreSQL 7.4 and later.

PostgreSQL Character Set Conversion Privilege Escalation Vul...
BugTraq ID: 13476
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13476
Summary:
PostgreSQL character set conversion functions could allow an
unprivileged user to supply malicious arguments.  This may result in
arbitrary queries executing with the privileges of the conversion
functions.

GNUTLS Padding Denial of Service Vulnerability
BugTraq ID: 13477
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13477
Summary:
GnuTLS is prone to a denial of service vulnerability.  A remote
attacker can send specifically designed data to cause a flaw in the
parsing, leading to denial of service conditions.

This issue has been addressed in GnuTLS versions 1.0.25 and 1.2.3;
earlier versions are vulnerable.

Leafnode fetchnews Client Article Header Remote Denial of Se...
BugTraq ID: 13489
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13489
Summary:
fetchnews is prone to a remote denial of service vulnerability that
may allow a remote attacker to cause the software to hang.

The vulnerability manifests when an upstream news server terminates
the connection abruptly after fetchnews has requested an article
header and before the data transfer is complete.

This vulnerability affects Leafnode 1.9.48 to 1.11.1. The vendor has
advised that versions 1.11.2 and newer are not vulnerable to this
issue.

Leafnode fetchnews Client Article Body Remote Denial of Serv...
BugTraq ID: 13492
Remote: Yes
Date Published: May 03 2005
Relevant URL: http://www.securityfocus.com/bid/13492
Summary:
fetchnews is prone to a remote denial of service vulnerability that
may allow a remote attacker to cause the software to hang.

The vulnerability manifests when an upstream news server terminates
the connection abruptly after fetchnews has requested an article body
and before the data transfer is complete.

This vulnerability affects Leafnode 1.9.48 to 1.11.1. The vendor has
advised that versions 1.11.2 and newer are not vulnerable to this
issue.

Ethereal Multiple Remote Protocol Dissector Vulnerabilities
BugTraq ID: 13504
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13504
Summary:
Many vulnerabilities in Ethereal have been disclosed by the
vendor. The reported issues are in various protocol dissectors.

These issues include:
 - Buffer overflow vulnerabilities
 - Format string vulnerabilities
 - Null pointer dereference denial of service vulnerabilities
 - Segmentation fault denial of service vulnerabilities
 - Infinite loop denial of service vulnerabilities
 - Memory exhaustion denial of service vulnerabilities
 - Double-free vulnerabilities
 - Unspecified denial of service vulnerabilities

These issues could allow remote attackers to execute arbitrary machine
code in the context of the vulnerable application. Attackers could
also crash the affected application.

Various vulnerabilities affect differing versions of Ethereal, from
0.8.14, through to 0.10.10.

This BID will be split into individual BIDs for each separate issue.

BID 13567 has been created for the DISTCC issue.

NASM IEEE_PUTASCII Remote Buffer Overflow Vulnerability
BugTraq ID: 13506
Remote: Yes
Date Published: May 05 2005
Relevant URL: http://www.securityfocus.com/bid/13506
Summary:
NASM is prone to a remote buffer overflow vulnerability.  This issue
affects the 'ieee_putascii()' function.

It is likely that an attacker exploits this issue by crafting a
malicious source file to be assembled by the application.  This file
is sent to an affected user and if the user loads the file in NASM,
the attack may result in arbitrary code execution.

The attacker may then gain unauthorized access in the context of the
user running NASM.

[ attaque locale en fait ]

FreeBSD IIR(4) Driver Incorrect Permissions Vulnerability
BugTraq ID: 13525
Remote: No
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13525
Summary:
FreeBSD iir(4) driver is prone to an incorrect permissions
vulnerability.

A local unprivileged attacker can gain access to a device and carry
out ioctl calls.  This can allow local attackers to delete or disclose
potentially sensitive data.

FreeBSD Multiple Local Kernel Memory Disclosure Vulnerabilit...
BugTraq ID: 13526
Remote: No
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13526
Summary:
FreeBSD is prone to multiple local kernel memory disclosure
vulnerabilities. These issues are due to a failure of the kernel to
properly clear previously used memory buffers prior to copying these
buffers to user-space.

These vulnerabilities allow local attackers to gain access to
potentially sensitive kernel memory. Access to this data may aid the
malicious users in further attacks.

Versions of FreeBSD prior to 5.4-RELEASE are reported vulnerable to
this issue.

FreeBSD i386_get_ldt(2) Local Kernel Memory Disclosure Vulne...
BugTraq ID: 13527
Remote: No
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13527
Summary:
The i386_get_ldt(2) system call is prone to a kernel memory disclosure
vulnerability.

An attacker can supply a negative or excessive value as an argument to
the affected system call and read arbitrary portions of kernel memory.

Information disclosed through this attack may be used to launch other
attacks against a computer and potentially aid in a complete
compromise.

QMail Alloc() Remote Integer Overflow Vulnerability
BugTraq ID: 13528
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13528
Summary:
QMail is susceptible to a remote integer overflow vulnerability in the
alloc() function.

Specifically, the alloc() function can be coerced into overflowing an
integer value, resulting in an incorrect memory allocation
occurring. This may only be possible in environments where more than 4
gigabytes of virtual memory is available, such as 64 bit systems.

It is conjectured that remote code executing may be possible.

QMail Commands() Function Remote Integer Overflow Vulnerabil...
BugTraq ID: 13535
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13535
Summary:
QMail is susceptible to a remote integer overflow vulnerability in the
commands() function.

Specifically, the commands() function can be coerced into overflowing
an integer value, resulting in overwriting an unintended location with
a NULL byte. This may only be possible in environments where more than
4 gigabytes of virtual memory is available, such as 64 bit systems.

It is conjectured that remote code executing may be possible.

QMail Substdio_Put() Function Remote Integer Overflow Vulner...
BugTraq ID: 13536
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13536
Summary:
QMail is susceptible to a remote integer overflow vulnerability in the
substdio_put() function.

Specifically, the substdio_put() function can be coerced into
overflowing an integer value, resulting in writing data to an
unintended location. This may only be possible in environments where
more than 4 gigabytes of virtual memory is available, such as 64 bit
systems.

It is conjectured that remote code executing may be possible.

Apache HTDigest Realm Command Line Argument Buffer Overflow ...
BugTraq ID: 13537
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13537
Summary:
A buffer overflow vulnerability exists in the htdigest utility
included with Apache. The vulnerability is due to improper bounds
checking when copying user-supplied realm data into local buffers.

By supplying an overly long realm value to the command line options of
htdigest, it is possible to trigger an overflow condition. This may
cause memory to be corrupted with attacker-specified values.

This issue could be exploited by a remote attacker; potentially
resulting in the execution of arbitrary system commands within the
context of the web server process.

FreeRadius RLM_SQL.C SQL Injection Vulnerability
BugTraq ID: 13540
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13540
Summary:
FreeRadius is prone to an SQL injection vulnerability.  This issue is
due to a failure in the application to properly sanitize user-supplied
input before using it in an SQL query.

Successful exploitation could result in a compromise of the
application, disclosure or modification of data, or may permit an
attacker to exploit vulnerabilities in the underlying database
implementation.

FreeRadius RLM_SQL.C Buffer Overflow Vulnerability
BugTraq ID: 13541
Remote: Yes
Date Published: May 06 2005
Relevant URL: http://www.securityfocus.com/bid/13541
Summary:
FreeRadius is prone to a buffer overflow vulnerability.  This issue is
due to a failure in the application to do proper bounds checking on
user-supplied data.

Remote code execution may be possible; this has not been confirmed.

More information about the gull-annonces mailing list