[gull-annonces] Résumé SecurityFocus Newsletter #319/320/321/322
Marc SCHAEFER
schaefer at alphanet.ch
Mon Nov 7 12:06:24 CET 2005
ProZilla Buffer Overflow Vulnerability
BugTraq ID: 14993
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14993
Summary:
ProZilla is prone to a buffer overflow vulnerability. This issue is due to
the failure of the application to properly bounds check user-supplied input
prior to copying it to an insufficiently sized memory buffer.
Arbitrary code execution in the context of the user running the application
is possible.
GNU cfengine Insecure Temporary File Creation Vulnerability
BugTraq ID: 14994
Remote: No
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14994
Summary:
GNU cfengine is prone to an insecure temporary file creation vulnerability.
Exploitation may allow arbitrary files to be overwritten.
Bugzilla config.cgi Information Disclosure Vulnerability
BugTraq ID: 14995
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14995
Summary:
Bugzilla is prone to an information disclosure issue exposed through
config.cgi. This may allow an unauthorized user to access product names
that are supposed to be confidential.
Bugzilla versions 2.18rc1 to 2.18.3, 2.19 to 2.20rc2, and 2.21 are affected.
Bugzilla User-Matching Information Disclosure Vulnerability
BugTraq ID: 14996
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14996
Summary:
Bugzilla is prone to an information disclosure vulnerability when
user-matching is turned on. This could allow an attacker to enumerate
usernames on the system.
Bugzilla 2.19.1 to 2.20rc2 and 2.21 are prone to this vulnerability.
Procom Technology NetFORCE 800 Information Disclosure Vulnerability
BugTraq ID: 14997
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14997
Summary:
Procom Technology NetFORCE 800 is prone to an information disclosure issue.
The operating system sends password hashes in plaintext diagnostic email
messages.
This issue was reported to exist in NetFORCE 800 v4.02 M10 (Build 20).
Other versions may also be affected.
Weex log_glush() Function Remote Format String Vulnerability
BugTraq ID: 14999
Remote: Yes
Date Published: 2005-10-02
Relevant URL: http://www.securityfocus.com/bid/14999
Summary:
Weex is affected by a remote format string vulnerability.
The vulnerability presents itself in the 'log_flush()' function of the
'log.c' file and is exposed when the application attempts to write an error
log entry containing format specifiers.
Weex versions 2.6.1 and 2.6.1.5 are reported to be vulnerable.
DIA SVG File Import Remote Arbitrary Code Execution Vulnerability
BugTraq ID: 15000
Remote: Yes
Date Published: 2005-10-03
Relevant URL: http://www.securityfocus.com/bid/15000
Summary:
DIA is affected by an arbitrary code execution vulnerability.
This vulnerability presents itself when the application handles a
malicious Scalable Vector Graphics (SVG) file. A successful attack
can allow remote attackers to execute arbitrary python code in the
context of the application. This may facilitate a remote compromise.
All versions of DIA are suspected to be vulnerable at the moment.
Berkeley MPEG Tools Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 15002
Remote: No
Date Published: 2005-10-03
Relevant URL: http://www.securityfocus.com/bid/15002
Summary:
Berkeley MPEG Tools creates temporary files in an insecure manner.
Successful exploitation may result in sensitive data or configuration files
being overwritten. This may result in a denial of service due to data
corruption; other attacks may also be possible.
Berkeley MPEG Tools 1.5b is known to be vulnerable at the moment. Other
versions may be affected as well.
gnome-pty-helper UTMP Hostname Spoofing Vulnerability
BugTraq ID: 15004
Remote: No
Date Published: 2005-10-03
Relevant URL: http://www.securityfocus.com/bid/15004
Summary:
'gnome-pty-helper' is susceptible to a local UTMP hostname spoofing
vulnerability. This issue is due to the failure of the application to
properly validate user-supplied data prior to using it to update UTMP
records.
This vulnerability allows users to spoof remote hostname information in UTMP
records. This may aid attackers by misdirecting administrators and users as
to the correct origin of the attacker.
libuim Environment Variables Privilege Escalation Weakness
BugTraq ID: 15007
Remote: No
Date Published: 2005-10-04
Relevant URL: http://www.securityfocus.com/bid/15007
Summary:
uim is reported prone to a privilege escalation weakness.
An attacker that has local interactive access to a system that has a
vulnerable application installed may potentially exploit this weakness to
escalate privileges.
This issue is reported to affect all stable versions prior to 0.4.9.1, and
in development versions prior to 0.5.0.1.
University Of Washington IMAP Mailbox Name Buffer Overflow Vulnerability
BugTraq ID: 15009
Remote: Yes
Date Published: 2005-10-04
Relevant URL: http://www.securityfocus.com/bid/15009
Summary:
University Of Washington imap is prone to a buffer overflow vulnerability.
This issue is exposed when the application parses mailbox names.
Successful exploitation will permit arbitrary code execution in the context
of the server process. Exploitation requires the attacker to authenticate
to the service.
Mozilla Firefox IFRAME Handling Denail Of Service Vulnerability
BugTraq ID: 15015
Remote: Yes
Date Published: 2005-10-05
Relevant URL: http://www.securityfocus.com/bid/15015
Summary:
Mozilla Firefox is prone to a remote denial of service vulnerability.
The vulnerability presents itself when an affected browser handles a
specially crafted IFRAME.
A successful attack may result in crashing the application, or consuming
excessive CPU and memory resources of computers running the affected
application.
It should be noted that this issue was reported to affect Firefox 1.0.6 and
1.0.7 running on Linux. Other versions running on different platforms may
be vulnerable as well.
Debian Linux Mason Init.d Firewall Loading Failure Vulnerability
BugTraq ID: 15019
Remote: Yes
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15019
Summary:
The Debian Linux Mason package is prone to an issue that may cause the
firewall not to load at system startup. A startup script is missing from the
installation package which performs a required function.
A false sense of security is held by the application owner when the affected
computer is restarted.
A remote attacker may exploit this configuration error by connecting to
ports that would otherwise be remotely unavailable.
SuSE YaST Package Repositories Insecure Permissions Vulnerability
BugTraq ID: 15026
Remote: No
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15026
Summary:
SuSE YaST is affected by an insecure permissions vulnerability that may
allow local users to overwrite package meta files.
The application copies remote repositories including ownership and
permissions of the owner of the packages to the local system. If insecure
permissions are associated with the packages, this issue could lead to data
corruption and other attacks.
This vulnerability can aid in the exploitation of BID 14861 (SuSE YaST Local
Buffer Overflow Vulnerability), which requires an attacker to overwrite YaST
package meta files prior to exploitation.
Mozilla Firefox Multiple Unspecified Vulnerabilities
BugTraq ID: 15029
Remote: Unknown
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15029
Summary:
Firefox is affected by multiple unspecified vulnerabilities. These issues
may allow remote attackers to execute arbitrary code to gain access to an
affected computer. Some issues may lead to denial of service attacks.
Mozilla Firefox 1.5 beta 2 has been released to address these issues.
This BID will be updated and divided into separate BIDs when more
information is available.
W3C libwww Multiple Unspecified Vulnerabilities
BugTraq ID: 15035
Remote: Yes
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15035
Summary:
W3C libwww is prone to multiple unspecified vulnerabilities.
These issues include a buffer overflow vulnerability and some issues related
to the handling of multipart/byteranges content.
Due to a lack of details, further information is not available at the
moment. This BID will be updated when more details are released.
libwww 5.4.0 is reported to be vulnerable. Other versions may be affected
as well. These issues may also be exploited through other applications that
implement the library.
SuSE ResMgr Unauthorized USB Device Access Vulnerabilities
BugTraq ID: 15037
Remote: No
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15037
Summary:
resmgr is prone to multiple vulnerabilities that permit unauthorized access
to USB devices.
Exploitation of these issues would result in a bypass of access controls
leading to a false sense of security and a possible loss of confidentiality
if data is intercepted; other attacks are also possible.
SuSE Linux Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 15040
Remote: No
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15040
Summary:
Multiple SUSE Linux applications are prone to a local privilege escalation
vulnerability. The issue exists because affected binaries handle the
'LD_LIBRARY_PATH' variable in an unsafe manner.
A local attacker may exploit this vulnerability to execute arbitrary code in
shared libraries in the context of a user that runs the affected application.
Other unspecified packages are affected; if these other packages contain
setuid-superuser privileges, then local escalation of privileges may be
possible.
SuSE Linux PowerSave Daemon Local Denial Of Service Vulnerability
BugTraq ID: 15042
Remote: No
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15042
Summary:
SUSE Linux powersave daemon is susceptible to a local denial of service
vulnerability. This issue is due to a flaw in the installed permissions of
the daemon.
Local attackers may exploit this issue to control the power management
daemon, to suspend the computer, denying service to legitimate users. Other
attacks may also be possible.
HylaFAX Insecure UNIX Domain Socket Usage Vulnerability
BugTraq ID: 15043
Remote: No
Date Published: 2005-10-07
Relevant URL: http://www.securityfocus.com/bid/15043
Summary:
HylaFAX is susceptible to a local insecure UNIX domain socket usage
vulnerability. This issue is due to a failure of the application to securely
implement UNIX domain network communication.
Attackers may gain access to the contents of fax messages containing
potentially sensitive information, or deny fax services to legitimate users.
Other attacks may also be possible.
Xine-Lib Remote CDDB Information Format String Vulnerability
BugTraq ID: 15044
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15044
Summary:
Xine-lib is susceptible to a remote format string vulnerability. This issue
is due to a failure of the application to securely implement a formatted
printing function.
Successful exploitation of this vulnerability allows remote attackers to
execute arbitrary machine code in the context of the affected application.
Xine-lib versions 0.9.13, 1.0, 1.0.1, 1.0.2, and 1.1.0 are reported to be
affected. Other versions may also be affected, as well as all applications
that utilize a vulnerable version of the library.
Multiple Vendor Antivirus Products Malformed Archives Scan Evasion
Vulnerability
BugTraq ID: 15046
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15046
Summary:
Multiple antivirus products from various vendors are reported prone to a
vulnerability that may allow malformed archive files to bypass detection.
This issue arises when an affected application processes a specially altered
archive file that contains a fake, misleading MS-DOS executable MZ header.
This issue could result in malicious archives bypassing detection and
allowing the contents to be opened by a recipient.
It should be noted that specific information regarding affected packages and
versions is currently unavailable. The reporter of this issue used the EICAR
test message stored in multiple different malformed archives. It may be
possible that some of the reportedly affected packages may actually be
immune to this issue.
This BID will be updated as further information is disclosed.
Xine-Lib Remote CDDB Information Format String Vulnerability
BugTraq ID: 15044
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15044
Summary:
Xine-lib is susceptible to a remote format string vulnerability. This issue
is due to a failure of the application to securely implement a formatted
printing function.
Successful exploitation of this vulnerability allows remote attackers to
execute arbitrary machine code in the context of the affected application.
Xine-lib versions 0.9.13, 1.0, 1.0.1, 1.0.2, and 1.1.0 are reported to be
affected. Other versions may also be affected, as well as all applications
that utilize a vulnerable version of the library.
Multiple Vendor Antivirus Products Malformed Archives Scan Evasion
Vulnerability
BugTraq ID: 15046
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15046
Summary:
Multiple antivirus products from various vendors are reported prone to a
vulnerability that may allow malformed archive files to bypass detection.
This issue arises when an affected application processes a specially altered
archive file that contains a fake, misleading MS-DOS executable MZ header.
This issue could result in malicious archives bypassing detection and
allowing the contents to be opened by a recipient.
It should be noted that specific information regarding affected packages and
versions is currently unavailable. The reporter of this issue used the EICAR
test message stored in multiple different malformed archives. It may be
possible that some of the reportedly affected packages may actually be
immune to this issue.
This BID will be updated as further information is disclosed.
up-IMAPProxy Multiple Unspecified Remote Format String Vulnerabilities
BugTraq ID: 15048
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15048
Summary:
up-IMAPProxy is reported prone to multiple unspecified remote format string
vulnerabilities.
Successful exploitation could result in a failure of the application or
arbitrary code execution in the context of the application.
Specific details of these issues are not currently known. This BID will be
updated when further information becomes available.
Linux Kernel Multiple Security Vulnerabilities
BugTraq ID: 15049
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15049
Summary:
Linux kernel is prone to multiple vulnerabilities. These issues may allow
local and remote attackers to trigger denial of service conditions or
disclose sensitive kernel memory.
Linux kernel 2.6.x versions are known to be vulnerable at the moment. Other
versions may be affected as well.
Graphviz Insecure Temporary File Creation Vulnerability
BugTraq ID: 15050
Remote: No
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15050
Summary:
Graphviz creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service
if critical files are overwritten in the attack. Other attacks may be
possible as well.
Graphviz 2.2.1 is reportedly affected, however, other versions may be
vulnerable as well.
XLoadImage Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 15051
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15051
Summary:
xloadimage is affected by multiple remotely exploitable buffer overflow
vulnerabilities.
The problems present themselves when the application processes malformed
image titles.
An attacker may exploit these issues to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This may
facilitate unauthorized access.
KDE KOffice kword RTF Import Remote Buffer Overflow Vulnerability
BugTraq ID: 15060
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15060
Summary:
KWord is prone to a remote buffer overflow vulnerability.
The vulnerability arises when the application handles a malformed RTF file.
A successful attack may result in arbitrary code execution facilitating
remote unauthorized access in the context of the user running KWord.
KOffice versions 1.2.0 to 1.4.1 are vulnerable to this issue.
OpenSSL Insecure Protocol Negotiation Weakness
BugTraq ID: 15071
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15071
Summary:
OpenSSL is susceptible to a remote protocol negotiation weakness. This issue
is due to the implementation of the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option
to maintain compatibility with third party software.
This issue presents itself when two peers attempt to negotiate the protocol
they wish to communicate with. Attackers able to intercept and modify the
SSL communications may exploit this weakness to force SSL version 2 to be
chosen.
The attacker may then exploit various insecurities in SSL version 2 to gain
access to, or tamper with the cleartext communications between the targeted
client and server.
It should be noted that the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option is
enabled with the frequently used 'SSL_OP_ALL' option.
SSL peers configured not to permit SSL version 2 are not affected by this
issue.
OpenVMPS Logging Function Format String Vulnerability
BugTraq ID: 15072
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15072
Summary:
OpenVMPS is affected by a remote format string vulnerability. This issue is
due to a failure of the application to properly sanitize user-supplied input
before using it as the format specifier in a system log entry.
Reports indicate that the immediate consequence of successful exploitation
is a denial of service.
Linux Kernel Multiple Memory Leak Local Denial Of Service Vulnerabilities
BugTraq ID: 15076
Remote: No
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15076
Summary:
Two local denial of service vulnerabilities affects the Linux kernel. These
issues are due to a design flaw that creates memory leaks.
These vulnerabilities may be exploited by local users to consume excessive
kernel resources, likely triggering a kernel crash, denying service to
legitimate users.
These issues affect Linux kernel versions prior to 2.6.14-rc4.
Zope RestructuredText Unspecified Security Vulnerability
BugTraq ID: 15082
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15082
Summary:
Zope is prone to an unspecified vulnerability in the docutils module.
No other information has been provided; this BID will be updated when
further details are available.
WebGUI Arbitrary Command Execution Vulnerability
BugTraq ID: 15083
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15083
Summary:
WebGUI is prone to an arbitrary command execution vulnerability. This is due
to insufficient sanitization of user-supplied data.
This issue can facilitate unauthorized remote access.
Linux Orinoco Driver Remote Information Disclosure Vulnerability
BugTraq ID: 15085
Remote: Yes
Date Published: 2005-10-12
Relevant URL: http://www.securityfocus.com/bid/15085
Summary:
The Orinoco drivers for Linux kernels is susceptible to a remote information
disclosure vulnerability. This issue is due to the driver sending
uninitialized kernel memory in small network packets.
Remote attackers may exploit this issue to gain access to potentially
sensitive kernel memory, aiding them in further attacks.
AbiWord Stack-Based Buffer Overflow Vulnerabilities
BugTraq ID: 15096
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15096
Summary:
AbiWord is susceptible to multiple stack-based buffer overflow
vulnerabilities; fixes are available. These issues are due to a failure of
the application to properly bounds check user-supplied data prior to copying
it to an insufficiently sized memory buffer while importing RTF files.
These issues likely allow attackers to execute arbitrary machine code in the
context of the user running the affected application.
Though similar to the vulnerability described in BID 14971 (AbiWord RTF File
Processing Buffer Overflow Vulnerability), these vulnerabilities are a
separate issue.
Clam Anti-Virus ClamAV OLE2 File Handling Denial Of Service Vulnerability
BugTraq ID: 15101
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15101
Summary:
ClamAV is prone to a denial of service vulnerability. This is due to a
failure in the application to handle malformed OLE2 files.
Exploitation could cause the application to enter an infinite loop,
resulting in a denial of service.
55. Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability
BugTraq ID: 15102
Remote: Yes
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15102
Summary:
GNU wget and curl are prone to a buffer overflow vulnerability. This issue
is due to a failure in the applications to do proper bounds checking on user
supplied data before using it in a memory copy operation.
An attacker can exploit this vulnerability to execute arbitrary code in the
context of the user utilizing the vulnerable application.
Exploitation of this vulnerability requires that NTLM authentication is
enabled in the affected clients.
XMail Local Buffer Overflow Vulnerability
BugTraq ID: 15103
Remote: No
Date Published: 2005-10-13
Relevant URL: http://www.securityfocus.com/bid/15103
Summary:
XMail is prone to a local buffer overflow vulnerability.
A successful attack can facilitate arbitrary code execution with elevated
privileges. An attacker can gain superuser or group mail privileges
depending on the underlying operating system and distribution.
XMail 1.21 is reported to be vulnerable. Other versions may be affected as
well.
Mozilla Thunderbird Insecure SMTP Authentication Protocol Negotiation
Weakness
BugTraq ID: 15106
Remote: Yes
Date Published: 2005-10-14
Relevant URL: http://www.securityfocus.com/bid/15106
Summary:
Mozilla Thunderbird is prone to an insecure SMTP authentication protocol
negotiation weakness.
Reports indicate that the application uses PLAIN authentication if CRAM-MD5
or STARTTLS between a client and a server cannot be established. This can
allow an attacker to obtain credentials by sniffing network traffic.
This issue can also allow an attacker to carry out man in the middle attacks
by establishing a malicious server and causing CRAM-MD5 or STARTTLS to fail
followed by harvesting authentication credentials of vulnerable users.
Mozilla Thunderbird 1.0.7 and 1.5 Beta 2 were reported to be vulnerable.
Other versions may be affected as well.
1. Sun Solaris Proc Filesystem Local Denial Of Service Vulnerability
BugTraq ID: 15115
Remote: No
Date Published: 2005-10-16
Relevant URL: http://www.securityfocus.com/bid/15115
Summary:
Sun Solaris is prone to a local denial of service vulnerability.
A local unauthorized user can cause a system panic in the '/proc' filesystem
and cause a denial of service.
Flexbackup Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 15116
Remote: No
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15116
Summary:
Flexbackup creates several temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service
if critical files are overwritten in the attack. Other attacks may be
possible as well.
Flexbackup 1.2.1 and earlier versions are affected.
lynx NNTP Article Header Buffer Overflow Vulnerability
BugTraq ID: 15117
Remote: Yes
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15117
Summary:
lynx is prone to a buffer overflow when handling NNTP article headers.
This issue may be exploited when the browser handles NNTP content, such as
through 'news:' or 'nntp:' URIs. Successful exploitation will result in
code execution in the context of the program user.
Gentoo Linux Multiple Packages Insecure RUNPATH Vulnerability
BugTraq ID: 15120
Remote: No
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15120
Summary:
Multiple packages in Gentoo Linux are susceptible to an insecure RUNPATH
vulnerability. This issue is due to a flaw in the build system that results
in insecure RUNPATHs being included in certain binaries.
This vulnerability may result in arbitrary code being executed in the
context of users executing the vulnerable executables. This may facilitate
privilege escalation.
This issue is only exploitable by users that are members of the 'portage'
group.
Linux Kernel Console Keymap Local Command Injection Vulnerability
BugTraq ID: 15122
Remote: No
Date Published: 2005-10-17
Relevant URL: http://www.securityfocus.com/bid/15122
Summary:
The Linux kernel is susceptible to a local command injection vulnerability
via console keymap modifications. This issue is due to the ability of
unprivileged users to alter the system-wide console keymap.
Local users may modify the console keymap to include scripted macro
commands. This allows attackers to execute arbitrary commands with the
privileges of the user that uses the console after them, potentially
facilitating privilege escalation.
NetPBM PNMToPNG Buffer Overflow Vulnerability
BugTraq ID: 15128
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15128
Summary:
pnmtopng is susceptible to a buffer overflow vulnerability. This issue is
due to a failure of the application to properly bounds check user-supplied
data prior to copying it to an insufficiently sized memory buffer. This
issue reportedly only occurs when the '-trans' command line option is
utilized.
This issue allows attackers to create malicious PNM files, that when parsed
by the affected utility, allow arbitrary machine code to be executed. This
occurs in the context of the user running the affected utility.
This vulnerability was reported in version 10.0 of NetPBM. Other versions
may also be affected.
Snort Back Orifice Preprocessor Remote Stack Buffer Overflow
Vulnerability
BugTraq ID: 15131
Remote: Yes
Date Published: 2005-10-18
Relevant URL: http://www.securityfocus.com/bid/15131
Summary:
Snort is susceptible to a remote buffer overflow vulnerability. This issue
is due to a failure of the application to securely copy network-derived data
into sensitive process buffers. The specific issue exists in the Back
Orifice preprocessor.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This may
facilitate unauthorized access or privilege escalation.
Due to the nature of this issue, attackers may exploit it by sending a
single UDP packet with a potentially spoofed source address to an arbitrary
destination address and port. As long as the application can sniff the
packet, it may be exploited. These aspects of this issue may aid attackers
in bypassing firewalls in order to compromise a wider number of computers.
Reportedly, this issue is difficult to reliably exploit across differing
operating systems and compiler versions. Failed exploit attempts likely
result in crashing the application, thereby disabling detection of other
attacks.
Snort versions 2.4.0 through 2.4.2 are affected by this issue. Other
versions may also be affected, but this has not been confirmed.
Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior
To 0.10.13
BugTraq ID: 15148
Remote: Yes
Date Published: 2005-10-19
Relevant URL: http://www.securityfocus.com/bid/15148
Summary:
Several vulnerabilities in Ethereal have been disclosed by the vendor. The
reported issues are in various protocol dissectors.
These issues include:
- Buffer overflow vulnerabilities
- Null pointer dereference denial of service vulnerabilities
- Infinite loop denial of service vulnerabilities
- Memory exhaustion denial of service vulnerabilities
- Division by zero denial of service vulnerabilities
- Invalid pointer free() attempt denial of service vulnerabilities
- Unspecified denial of service vulnerabilities
These issues could allow remote attackers to execute arbitrary machine code
in the context of the vulnerable application. Attackers could also crash the
affected application.
Various vulnerabilities affect differing versions of Ethereal, from 0.7.7,
through to 0.10.12.
Debian Module-Assistant Insecure Temporary File Creation Vulnerability
BugTraq ID: 15151
Remote: No
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15151
Summary:
Debian module-assistant creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service
if critical files are overwritten in the attack. Other attacks may be
possible as well.
Linux Kernel World Writable sysfs DRM Debug File Vulnerability
BugTraq ID: 15154
Remote: No
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15154
Summary:
Linux kernel is prone to an issue where a world writable file is created in
sysfs. Exploitation could allow an attacker to obtain sensitive information.
Linux Kernel IPV6 Unspecified Denial of Service Vulnerability
BugTraq ID: 15156
Remote: Unknown
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15156
Summary:
Linux Kernel is reported prone to an unspecified denial of service
vulnerability.
Reports indicate that this issue arises from an infinite loop and affects
the routines responsible for handling IPv6.
No further details are available at the moment. This BID will be updated
when more information becomes available.
Squid FTP Server Response Denial Of Service Vulnerability
BugTraq ID: 15157
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15157
Summary:
Squid is prone to a remote denial of service vulnerability.
This is due to a flaw in the way that Squid communicates with ftp servers.
This issue has been reported in Squid version 2.5 and prior.
Ethereal Service Location Protocol Dissection Stack Buffer Overflow
Vulnerability
BugTraq ID: 15158
Remote: Yes
Date Published: 2005-10-20
Relevant URL: http://www.securityfocus.com/bid/15158
Summary:
A remote buffer overflow vulnerability affects Ethereal. This issue is due
to a failure of the application to securely copy network-derived data into
sensitive process buffers. The specific issue exists in the Service Location
Protocol dissector.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This may
facilitate unauthorized access or privilege escalation.
This issue may be exploited by a single TCP packet to port 427, as Ethereal
does not keep track of connection states. This allows malicious users to
spoof the origin of attacks, as well as exploit this vulnerability when no
services are actively listening on TCP port 427.
Note that this issue was originally disclosed in BID 15148 "Ethereal
Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.10.13".
SuSE Linux Squid Proxy SSL Handling Denial of Service Vulnerability
BugTraq ID: 15165
Remote: Yes
Date Published: 2005-10-21
Relevant URL: http://www.securityfocus.com/bid/15165
Summary:
Squid Proxy running on SuSE Linux is affected by a denial of service
vulnerability.
Reports indicate that this issue arises when the application handles
specially crafted HTTPS data. Due to the nature of the application, it is
conjectured that this vulnerability poses a remote threat.
Successful exploitation may cause the service to crash.
SuSE Linux 9.0 is reported to be vulnerable to this issue.
This BID will be updated when more information is available.
SuSE Linux Permissions Package chkstat Insecure Permissions Handling
Vulnerability
BugTraq ID: 15182
Remote: No
Date Published: 2005-10-24
Relevant URL: http://www.securityfocus.com/bid/15182
Summary:
The SuSE Linux 'permissions' package is susceptible to a local information
disclosure vulnerability. This issue is due to improper handling of file
permissions by the 'chkstat' utility.
This issue is due to the inherent insecurity of attempting to modify files
contained in world-writable directories.
Local attackers may gain access to the contents of potentially sensitive
files, aiding them in further attacks.
Multiple Vendor Anti-Virus Magic Byte Detection Evasion Vulnerability
BugTraq ID: 15189
Remote: Yes
Date Published: 2005-10-25
Relevant URL: http://www.securityfocus.com/bid/15189
Summary:
Multiple vendor anti-virus software is prone to a detection evasion
vulnerability.
The problem presents itself in the way various anti-virus software
determines the type of file it is scanning.
An attacker can exploit this vulnerability to pass malicious files passed
the anti-virus software. This results in a false sense of security, and
ultimately could lead to the execution of arbitrary code on the victim
user's machine.
Todd Miller sudo Local Privilege Escalation Vulnerability
BugTraq ID: 15191
Remote: No
Date Published: 2005-10-25
Relevant URL: http://www.securityfocus.com/bid/15191
Summary:
sudo is prone to a local privilege escalation vulnerability.
The vulnerability presents itself because the application does not properly
sanitize malicious data provided through environment variables.
A successful attack may result in a complete compromise.
Network Appliance iSCSI Authentication Bypass Vulnerability
BugTraq ID: 15197
Remote: Yes
Date Published: 2005-10-25
Relevant URL: http://www.securityfocus.com/bid/15197
Summary:
Network Appliance's iSCSI implementation is susceptible to an authentication
bypass vulnerability.
This issue allows attackers to bypass iSCSI authentication, allowing them to
read/write arbitrary data contained in iSCSI volumes. Access to potentially
sensitive information will aid them in further attacks. Data destruction and
alteration is also possible.
Unmapped LUNs, and LUNs mapped for use by only Fibre Channel initiators are
not vulnerable to this issue.
Versions 6.4, 6.5, and 7.0 are reported vulnerable to this issue; other
versions may also be affected.
[ firmware. iSCSI est du SCSI en TCP; aka cheap SAN ]
PAM unix_xhkpwd Unauthorized Access Vulnerability
BugTraq ID: 15217
Remote: No
Date Published: 2005-10-26
Relevant URL: http://www.securityfocus.com/bid/15217
Summary:
The PAM unix_chkpwd command is prone to an unauthorized access vulnerability.
(well, PAM module)
A local attacker can exploit this vulnerability to perform brute force
attacks to obtain the valid passwords of other local users.
Ethereal IRC Protocol Dissector Denial of Service Vulnerability
BugTraq ID: 15219
Remote: Yes
Date Published: 2005-10-26
Relevant URL: http://www.securityfocus.com/bid/15219
Summary:
The Ethereal IRC protocol dissector is prone to remotely exploitable denial
of service vulnerability.
The issue may be exploited by causing Ethereal to process a malformed
packet. Successful exploitation will cause a denial of service condition in
the Ethereal application.
Further details are not currently available. This BID will be updated as
more information is disclosed.
Apache mod_auth_shadow Authentication Bypass Vulnerability
BugTraq ID: 15224
Remote: Yes
Date Published: 2005-10-27
Relevant URL: http://www.securityfocus.com/bid/15224
Summary:
mod_auth_shadow is prone to a vulnerability that may bypass expected
authentication routines.
An attacker can exploit this vulnerability to bypass security restrictions
and gain access to possibly sensitive or privileged information.
Information obtained may be used in further attacks against the underlying
system; other attacks are also possible.
GNU gnump3d Error Page Cross-Site Scripting Vulnerability
BugTraq ID: 15226
Remote: Yes
Date Published: 2005-10-28
Relevant URL: http://www.securityfocus.com/bid/15226
Summary:
GNU gnump3d is prone to a cross-site scripting vulnerability. An attacker
may leverage this issue to have arbitrary script code executed in the
browser of an unsuspecting user in the context of the affected site. This
may facilitate the theft of cookie-based authentication credentials as well
as other attacks.
GNU gnump3d Directory Traversal Vulnerability
BugTraq ID: 15228
Remote: Yes
Date Published: 2005-10-28
Relevant URL: http://www.securityfocus.com/bid/15228
Summary:
GNU gnump3d is prone to a directory traversal vulnerability. Information
obtained may be used in further attacks.
More information about the gull-annonces
mailing list