[gull-annonces] Résumé SecurityFocus Newsletter #313

Marc SCHAEFER schaefer at alphanet.ch
Sat Sep 3 17:15:46 CEST 2005 

Elm Expires Header Remote Buffer Overflow Vulnerability
BugTraq ID: 14613
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14613
Summary:
Elm is prone to a buffer overflow vulnerability which could allow an 
attacker to execute malicious code.  This issue is due to a failure in the 
application to perform proper bounds checking on user-supplied data.

A successful attack can result in overflowing a finite sized buffer and may 
ultimately lead to arbitrary code execution in the context of the affected 
application.

PCRE Regular Expression Heap Overflow Vulnerability
BugTraq ID: 14620
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14620
Summary:
PCRE is prone to a heap overflow vulnerability.  This issue is due to a 
failure of the library to properly bounds check user-supplied input prior to 
copying data to an internal memory buffer. 
The impact of successful exploitation of this vulnerability depends on the 
application and the user credentials utilizing the vulnerable library.  
Successful attack may ultimately permit an attacker to control the contents 
of critical memory control structures and write arbitrary data to arbitrary 
memory locations.

lm_sensors pwmonfig Insecure Temporary File Creation Vulnerability
BugTraq ID: 14624
Remote: No
Date Published: 2005-08-22
Relevant URL: http://www.securityfocus.com/bid/14624
Summary:
lm_sensors creates temporary files in an insecure manner. The issue exists 
in the 'pwmconfig' script.

Exploitation would most likely result in loss of data or a denial of service 
if critical files are overwritten in the attack. Other attacks may be 
possible as well.

lm_sensors version 2.9.1 is reportedly affected, however, other versions may 
be vulnerable as well.

slLocate Local Database Corruption Vulnerability
BugTraq ID: 14640
Remote: No
Date Published: 2005-08-23
Relevant URL: http://www.securityfocus.com/bid/14640
Summary:
slocate is susceptible to a local database corruption vulnerability. This 
issue is due to a failure of the application to handle unexpected directory 
and filename input.

This issue presents itself when the affected utility attempts to index 
specially crafted directory structures. The utility fails to handle the 
directory structure, and fails to complete the indexing process.

This vulnerability allows local attackers to cause the premature failure of 
the index process, resulting in an incomplete database. If the database is 
used in further security, backup, or other critical functions, incomplete 
data may result in the failure of services dependent on it.

This issue is reported in version 2.7 of slocate, but other versions may 
also be affected.

PADL Software pam_ldap Authentication Bypass Vulnerability
BugTraq ID: 14649
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14649
Summary:
pam_ldap is prone to an authentication bypass vulnerability when handling 
new password policy control.  This could allow an unauthorized user to 
bypass authentication.

This vulnerability was reported to affect pam_ldap builds 169 through 179.

MPlayer Audio Header Buffer Overflow Vulnerability
BugTraq ID: 14652
Remote: Yes
Date Published: 2005-08-24
Relevant URL: http://www.securityfocus.com/bid/14652
Summary:
A buffer overflow vulnerability affects MPlayer. This issue is due to a 
failure of the application to properly validate the length of user-supplied 
strings prior to copying them into static process buffers.

The problem presents itself when the affected application attempts to 
process audio streams that contain overly large values in their header.

An attacker may exploit this issue to execute arbitrary code with the 
privileges of the user that activated the vulnerable application. This may 
facilitate unauthorized access or privilege escalation.

Tor Cryptographic Handshake Remote Information Disclosure Vulnerability
BugTraq ID: 14659
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14659
Summary:
Tor is susceptible to a remote information disclosure vulnerability. This 
issue is due to a flaw in the implementation of the Diffie-Hellman key 
exchange protocol.

Specifically, certain values used during the Diffie-Hellman key exchange 
protocol are insecure, and when used, lead to the ability of attackers to 
access the negotiated encryption keys.

This vulnerability allows attackers to gain access to the negotiated keys 
used to encrypt the communications between Tor servers and clients. This 
allows attackers to read or modify all the traffic that is sent from the 
targeted user over the Tor network. The anonymity, confidentiality, and 
integrity guarantees of the network are lost through the exploitation of 
this issue.

[ r?seau ? acc?s de contenu proxifi? de telle mani?re ? ce que le fait
  que deux machines ?changent du contenu, m?me ind?termin?, ne soit pas
  d?tectable.
]

Apache CGI Byterange Request Denial of Service Vulnerability
BugTraq ID: 14660
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14660
Summary:
Apache is prone to a denial of service when handling large CGI byterange 
requests.  
44. Linux Kernel 64 Bit ELF Header Processing Memory Leak Local Denial Of 
Service Vulnerability
BugTraq ID: 14661
Remote: No
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14661
Summary:
A local denial of service vulnerability affects the Linux kernel's ELF 
header processing functionality on 64 bit x86 platforms.

A successful attack can allow a local attacker to trigger a denial of 
service condition in the kernel.

This issue may be related to BID 11846 (Linux Kernel 64 Bit ELF Header Local 
Denial Of Service Vulnerability).  Due to a lack of information, this cannot 
be confirmed at the moment.  This BID will be retired if further analysis 
reveals that the issues are identical.

Astaro Security Linux HTTP CONNECT Unauthorized Access Weakness
BugTraq ID: 14665
Remote: Yes
Date Published: 2005-08-25
Relevant URL: http://www.securityfocus.com/bid/14665
Summary:
Astaro Security Linux is prone to a weakness that may allow remote attackers 
to connect to arbitrary ports on a vulnerable computer.

This weakness may be combined with other attacks to exploit latent 
vulnerabilities.  An attacker can bypass access controls implemented by the 
application through this attack.

Astaro Security Linux 6.001 is prone to this weakness.

simpleproxy Remote Syslog() Format String Vulnerability
BugTraq ID: 14666
Remote: Yes
Date Published: 2005-08-26
Relevant URL: http://www.securityfocus.com/bid/14666
Summary:
It is reported that simpleproxy contains a format string vulnerability. This 
issue is due to a failure of the applications to properly sanitize 
user-supplied input before using it as the format specifier in a formatted 
printing function.

Successful exploitation of this issue will allow an attacker to execute 
arbitrary code on the affected computer with the privileges of the affected 
package. This application may be run as the superuser in order to proxy 
privileged TCP ports.

Versions of simpleproxy prior to 3.4 are reported susceptible to this 
vulnerability.

ntpd Insecure Privileges Vulnerability
BugTraq ID: 14673
Remote: Yes
Date Published: 2005-08-27
Relevant URL: http://www.securityfocus.com/bid/14673
Summary:
ntpd is prone to an insecure privileges vulnerability.

The application may be started with the effective permissions of a 
privileged user, and if the application is compromised by some other means, 
may allow an attacker to conduct further exploits.

More information about the gull-annonces mailing list