[gull-annonces] Résumé SecurityFocus Newsletter #312
Marc SCHAEFER
schaefer at alphanet.ch
Sat Sep 3 17:15:50 CEST 2005
KDE Langen2KVTML Insecure Temporary File Creation Vulnerability
BugTraq ID: 14561
Remote: No
Date Published: 2005-08-15
Relevant URL: http://www.securityfocus.com/bid/14561
Summary:
KDE langen2kvtml is prone to an insecure temporary file creation
vulnerability. This issue is due to a design error that causes the
application to fail to verify the existence of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with the
privileges of an unsuspecting user that activates the vulnerable application.
Linksys WRT54GS Wireless Authentication Bypass Vulnerability
BugTraq ID: 14566
Remote: Yes
Date Published: 2005-08-15
Relevant URL: http://www.securityfocus.com/bid/14566
Summary:
Linksys WRT54GS is prone to an authentication bypass vulnerability.
Reportedly the device permits client devices that are using no encryption to
connect when an encryption setting is being used.
An attacker can exploit this vulnerability to bypass authentication and
connect to a wireless network thought to be encrypted. This results in a
false sense of security.
This issue is reported to affect firmware version 4.50.6; other firmware
versions may also be affected.
This issue also appears to have been addressed in firmware version 4.70.6;
this has not been confirmed by Symantec or the vendor.
Further information suggests this issue occurs when a firmware upgrade to
version 4.50.6 has occurred but the unit has not been reset to factory
defaults. Resetting the unit once the firmware has been upgraded is part of
the recommended Linksys upgrade procedure.
Mutt Handler.c Buffer Overflow Vulnerability
BugTraq ID: 14596
Remote: Yes
Date Published: 2005-08-18
Relevant URL: http://www.securityfocus.com/bid/14596
Summary:
In Mutt's mail attachment encoding and decoding functions, there is a flaw
which will allow a buffer overflow to occur. This could allow a remote
attacker to compromise the application and execute malicious code.
Successful exploitation of this vulnerability could allow a remote attacker
to execute malicious code within carefully crafted email message attachments.
OpenVPN Failed Authentication Denial Of Service Vulnerability
BugTraq ID: 14605
Remote: Yes
Date Published: 2005-08-19
Relevant URL: http://www.securityfocus.com/bid/14605
Summary:
OpenVPN is prone to a denial of service vulnerability. This vulnerability
results in a loss of client connectivity.
This can allow an authenticated attacker to deny service to legitimate users.
48. HAURI Anti-Virus Compressed Files Directory Traversal Vulnerability
BugTraq ID: 14606
Remote: Yes
Date Published: 2005-08-19
Relevant URL: http://www.securityfocus.com/bid/14606
Summary:
HAURI Anti-Virus is prone to a directory traversal vulnerability. This
issue is due to a failure in the application to properly sanitize
user-supplied input.
An unauthorized user can write files to arbitrary locations by supplying
directory traversal strings '../' in archived file names. Exploitation of
this vulnerability could lead to a loss of integrity and possibly
availability. An attacker can exploit this vulnerability to possibly cause
a denial of service in the affected application. This may aid in further
attacks against the underlying system once the anti-virus software has been
disabled.
OpenVPN Packet Decryption Failure Denial Of Service Vulnerability
BugTraq ID: 14607
Remote: Yes
Date Published: 2005-08-19
Relevant URL: http://www.securityfocus.com/bid/14607
Summary:
OpenVPN is prone to a denial of service vulnerability. This vulnerability
results in a loss of client connectivity.
This can allow an authenticated attacker to deny service to legitimate users.
OpenVPN MAC Address Spoofing Denial Of Service Vulnerability
BugTraq ID: 14608
Remote: Yes
Date Published: 2005-08-19
Relevant URL: http://www.securityfocus.com/bid/14608
Summary:
OpenVPN is prone to a denial of service vulnerability. This vulnerability
results in a depletion of operating system memory, and possibly a system
crash.
This can allow an authenticated attacker to deny service to legitimate
users, crash the OpenVPN server and possible cause the operating system to
crash.
Linux Kernel IPSec Policies Authorization Bypass Vulnerability
BugTraq ID: 14609
Remote: No
Date Published: 2005-08-19
Relevant URL: http://www.securityfocus.com/bid/14609
Summary:
Linux Kernel is prone to an authorization bypass vulnerability.
This issue is due to a failure in the application to perform proper
authorization before permitting access to a privileged function.
Successful exploitation will permit a local attacker to bypass intended
IPSec policies, set invalid policies and cause a denial of service when
adding policies until kernel memory is exhausted.
It should be noted an attacker can use this vulnerability enhance the
exploitation of BID 14477 (Linux Kernel XFRM Array Index Buffer Overflow
Vulnerability); that issue requires the ability to add IPSec policies.
OpenVPN Same Client Certificate Denial Of Service Vulnerability
BugTraq ID: 14610
Remote: Yes
Date Published: 2005-08-19
Relevant URL: http://www.securityfocus.com/bid/14610
Summary:
OpenVPN is prone to a denial of service vulnerability. This vulnerability
results in a race condition crashing the affected server.
This vulnerability will allow an authenticated attacker to deny service to
legitimate users and to crash the affected server application.
Linux Kernel SNMP Handler Denial of Service Vulnerability
BugTraq ID: 14611
Remote: Yes
Date Published: 2005-08-19
Relevant URL: http://www.securityfocus.com/bid/14611
Summary:
The Linux kernel is prone to a denial of service vulnerability. This issue
is due to a NULL pointer dereference that can occur when malformed UDP
packets are received by snmpd.
Elm Expires Header Remote Buffer Overflow Vulnerability
BugTraq ID: 14613
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14613
Summary:
Elm is prone to a buffer overflow vulnerability which could allow an
attacker to execute malicious code. This issue is due to a failure in the
application to perform proper bounds checking on user-supplied data.
A successful attack can result in overflowing a finite sized buffer and may
ultimately lead to arbitrary code execution in the context of the affected
application.
Linux Kernel ISO File System Denial Of Service Vulnerability
BugTraq ID: 14614
Remote: Yes
Date Published: 2005-08-19
Relevant URL: http://www.securityfocus.com/bid/14614
Summary:
The kernel driver for compressed ISO file systems is prone to a denial of
service vulnerability. This issue is due to a failure in the driver to
properly sanitize input data.
When the kernel attempts to mount a malicious compressed ISO image, the
kernel crashes.
PCRE Regular Expression Heap Overflow Vulnerability
BugTraq ID: 14620
Remote: Yes
Date Published: 2005-08-20
Relevant URL: http://www.securityfocus.com/bid/14620
Summary:
PCRE is prone to a heap overflow vulnerability. This issue is due to a
failure of the library to properly bounds check user-supplied input prior to
copying data to an internal memory buffer.
The impact of successful exploitation of this vulnerability depends on the
application and the user credentials utilizing the vulnerable library.
Successful attack may ultimately permit an attacker to control the contents
of critical memory control structures and write arbitrary data to arbitrary
memory locations.
More information about the gull-annonces
mailing list