[gull-annonces] Résumé SecurityFocus Newsletter #361/#360
Marc SCHAEFER
schaefer at alphanet.ch
Wed Aug 2 11:08:06 CEST 2006
AWSTATS REMOTE ARBITRARY COMMAND EXECUTION VULNERABILITY
BugTraq ID: 17844
Last Updated: 2006-07-21
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17844
Summary:
AWStats is prone to an arbitrary command-execution vulnerability.
This issue is due to a failure in the application to properly
sanitize user-supplied input.
An attacker can exploit this vulnerability to execute arbitrary
shell commands in the context of the webserver process. This may
help attackers compromise the underlying system; other attacks are
also possible.
[ impact uniquement AllowToUpdateStatsFromBrowser autorisé (interdit
par défaut) et si FTP possible vers le serveur WWW, voir
ttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365909
]
ADPLUG MULTIPLE REMOTE FILE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 18859
Last Updated: 2006-07-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18859
Summary:
The AdPlug library is affected by multiple remote buffer-overflow
vulnerabilities. These issues are due to the library's failure to
properly bounds-check user-supplied input before copying it into
insufficiently sized memory buffers.
These issues allow remote attackers to execute arbitrary machine
code in the context of the user running applications that use the
affected library to open attacker-supplied malicious files.
The AdPlug library version 2.0 is vulnerable to these issues;
previous versions may also be affected.
[ libre sound file library ]
APACHE MOD_REWRITE OFF-BY-ONE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19204
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19204
Summary:
Apache mod_rewrite is prone to an off-by-one buffer-overflow
condition.
The vulnerability arising in the mod_rewrite module's ldap scheme
handling allows for potential memory corruption when an attacker
exploits certain rewrite rules.
An attacker may exploit this issue to trigger a denial-of-
service condition. Reportedly, arbitrary code execution may be
possible as well.
APACHE TOMCAT INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 19106
Last Updated: 2006-07-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19106
Summary:
Apache Tomcat is prone to an information-disclosure vulnerability
because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to reveal a complete directory
listing from any directory. Information obtained may aid in
further attacks.
Versions 5.028, 5.5.23, 5.5.9, and 5.5.7 are vulnerable to this
issue; other versions of Apache Tomcat 5 may also be affected.
APPLE SAFARI KHTMLPARSER::POPONEBLOCK DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19250
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19250
Summary:
Safari is prone to a denial-of-service vulnerability. This issue is
triggered when an attacker entices a victim user to visit a
malicious website or to open a malicious HTML file.
A remote attacker may exploit this issue to crash the application,
effectively denying service to legitimate users. Remote code
execution may be possible, but this has not been confirmed.
[ kpart est censé être GPL ]
BARRACUDA NETWORKS SPAM FIREWALL MULTIPLE VULNERABILITIES
BugTraq ID: 19276
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19276
Summary:
Spam Firewall is prone to multiple vulnerabilities. The issues
include a directory-traversal vulnerability and a access-validation
vulnerability.
An attacker can exploit these issues to gain access to
potentially sensitive information. Information obtained may aid
in further attacks.
Versions 3.3.01.0001 to 3.3.03.053 are vulnerable to this issue.
[ `firmware' ]
CYRUS IMAPD POP3D REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18056
Last Updated: 2006-07-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18056
Summary:
Cyrus IMAPD is prone to a remote buffer-overflow vulnerability. This
issue is due to a failure in the application to properly verify user-
supplied input before copying it into a finite-sized buffer.
Successful exploits may result in memory corruption leading to a denial-of-
service condition or arbitrary code execution.
Cyrus IMAPD version 2.3.2 is reported to be vulnerable. Other
versions may be affected as well.
HTDIG CONFIG PARAMETER CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 12442
Last Updated: 2006-07-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12442
Summary:
ht://Dig is reported prone to a cross-site scripting vulnerability. This issue is due to the application's failure to properly sanitize user-supplied URI data before including it in dynamically generated web-page content.
All versions of ht://Dig are considered vulnerable at the moment.
ETHEREAL ETHERIC/GPRS-LLC/IAPP/JXTA/SFLOW DISSECTOR VULNERABILITIES
BugTraq ID: 12762
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12762
Summary:
Multiple buffer-overflow and denial-of-service vulnerabilities
affect various Ethereal protocol dissectors, including the Etheric,
GPRS-LLC, IAPP, JXTA, and sFlow dissectors.
These issues may be triggered when the software is used to monitor
live network traffic or when a dump is viewed. In the worst-case
scenario, an attacker may be able to execute arbitrary code as the
superuser. Exploiting the other vulnerabilities will cause the
software to crash when an affected dissector processes live network
traffic or a dump.
[ wireshark ]
ETHEREAL MULTIPLE PROTOCOL DISSECTOR VULNERABILITIES
BugTraq ID: 14399
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14399
Summary:
Many vulnerabilities in Ethereal have been disclosed by the vendor.
The reported issues are in various protocol dissectors.
These issues include:
- Buffer-overflow vulnerabilities
- Format-string vulnerabilities
- NULL-pointer dereference denial-of-service vulnerabilities
- Infinite-loop denial-of-service vulnerabilities
- Memory-exhaustion denial-of-service vulnerabilities
- Unspecified denial-of-service vulnerabilities
These issues could allow remote attackers to execute arbitrary
machine code in the context of the vulnerable application. Attackers
could also crash the affected application.
Various vulnerabilities affect several versions of Ethereal, from
0.8.5 through to 0.10.11.
ETHEREAL MULTIPLE PROTOCOL DISSECTOR VULNERABILITIES IN VERSIONS PRIOR
TO 0.10.13
BugTraq ID: 15148
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15148
Summary:
Several vulnerabilities in Ethereal have been disclosed by the
vendor. The reported issues are in various protocol dissectors.
These issues include:
- Buffer-overflow vulnerabilities
- Null-pointer dereference denial-of-service vulnerabilities
- Infinite loop denial-of-service vulnerabilities
- Memory exhaustion denial-of-service vulnerabilities
- Division by zero denial-of-service vulnerabilities
- Invalid pointer free() attempt denial-of-service vulnerabilities
- Unspecified denial-of-service vulnerabilities
These issues could allow remote attackers to execute arbitrary
machine code in the context of the vulnerable application. Attackers
could also crash the affected application.
Various vulnerabilities affect different versions of Ethereal, from
0.7.7 through to 0.10.12.
ETHEREAL MULTIPLE REMOTE PROTOCOL DISSECTOR VULNERABILITIES
BugTraq ID: 13504
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13504
Summary:
Many vulnerabilities in Ethereal have been disclosed by the vendor.
The reported issues are in various protocol dissectors.
These issues include:
- Buffer-overflow vulnerabilities
- Format-string vulnerabilities
- NULL-pointer dereference denial-of-service vulnerabilities
- Segmentation fault denial-of-service vulnerabilities
- Infinite-loop denial-of-service vulnerabilities
- Memory exhaustion denial-of-service vulnerabilities
- Double-free vulnerabilities
- Unspecified denial-of-service vulnerabilities
These issues could allow remote attackers to execute arbitrary
machine code in the context of the vulnerable application. Attackers
could also crash the affected application.
Various vulnerabilities affect several versions of Ethereal, from
0.8.14 through to 0.10.10.
This BID will be split into individual BIDs for each separate issue.
BID 13567 has been created for the DISTCC issue.
ETHEREAL MULTIPLE UNSPECIFIED DENIAL OF SERVICE AND POTENTIAL CODE
EXECUTION VULNERABILITIES
BugTraq ID: 11943
Last Updated: 2006-07-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11943
Summary:
Ethereal 0.10.8 has been released to address multiple
vulnerabilities. These issues are reported to cause denial-of-
service conditions in the application; some issues may allow
arbitrary code execution.
The following specific issues were specified:
- A denial-of-service vulnerability presents itself in the DICOM
dissector.
- Another denial-of-service vulnerability occurs when handling a
malformed RTP timestamp.
- Another denial of service arises when Ethereal processes a
specially crafted SMB packet.
- The HTTP dissector may allow a remote attacker to access memory
that was previously freed.
This BID will be updated as more information becomes available.
ETHEREAL RADIUS AUTHENTICATION DISSECTION BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 12759
Last Updated: 2006-07-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12759
Summary:
A remote buffer-overflow vulnerability reportedly affects Ethereal
because it fails to securely copy network-derived data into
sensitive process buffers. The specific issue resides in the 3GPP2
A11 dissector.
An attacker may exploit this issue to execute arbitrary code with
the privileges of the user that activated the vulnerable
application. This may facilitate unauthorized access or privilege
escalation.
ETHEREAL SERVICE LOCATION PROTOCOL DISSECTION STACK BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 15158
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15158
Summary:
A remote buffer-overflow vulnerability affects Ethereal. This issue
is due to the application's failure to securely copy network-derived
data into sensitive process buffers. The specific issue resides in
the Service Location Protocol dissector.
An attacker may exploit this issue to execute arbitrary code with
the privileges of the user that activated the vulnerable
application. This may facilitate unauthorized access or privilege
escalation.
This issue may be exploited by a single TCP packet to port 427,
since Ethereal does not keep track of connection states. This
allows malicious users to spoof the origin of attacks and to
exploit this vulnerability when no services are actively listening
on TCP port 427.
Note that this issue was originally disclosed in BID 15148
"Ethereal Multiple Protocol Dissector Vulnerabilities In Versions
Prior To 0.10.13".
FBGS POSTSCRIPT FILTER BYPASS VULNERABILITY
BugTraq ID: 19131
Last Updated: 2006-07-25
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19131
Summary:
The 'fbgs' utility is prone to a filter-bypass vulnerability. This
issue occurs because the application fails to filter malicious
PostScript commands properly.
An attacker can exploit this issue by deleting user data while
displaying a PostScript file.
[ package fbida ]
FREETYPE LWFN FILES BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18034
Last Updated: 2006-07-21
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18034
Summary:
FreeType is prone to a buffer-overflow vulnerability. This issue is
due to an integer-overflow that results in a buffer being overrun
with attacker-supplied data.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications that use the affected library. Failed
exploit attempts will likely crash applications, denying service to
legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
FREETYPE TTF FILE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18326
Last Updated: 2006-07-21
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18326
Summary:
FreeType is prone to a buffer-overflow vulnerability. This issue is
due to an integer-underflow that results in a buffer being overrun
with attacker-supplied data.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications that use the affected library. Failed
exploit attempts will likely crash applications, denying service to
legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
FREETYPE TTF FILE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18329
Last Updated: 2006-07-21
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18329
Summary:
FreeType is prone to a denial-of-service vulnerability. This issue
is due to a flaw in the library that causes a NULL-pointer
dereference.
This issue allows remote attackers to crash applications that use
the affected library, denying service to legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
GD GRAPHICS LIBRARY REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18294
Last Updated: 2006-07-21
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18294
Summary:
The GD Graphics Library is prone to a denial-of-service
vulnerability. Attackers can trigger an infinite-loop condition when
the library tries to handle malformed image files.
This issue allows attackers to consume excessive CPU resources on
computers that use the affected software. This may deny service to
legitimate users.
GD version 2.0.33 is vulnerable to this issue; other versions may
also be affected.
GDB MULTIPLE VULNERABILITIES
BugTraq ID: 13697
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13697
Summary:
GDB is reportedly affected by multiple vulnerabilities. These issues
can allow an attacker to execute arbitrary code and commands on an
affected computer. A successful attack may allow the attacker to
gain elevated privileges or unauthorized access.
The following specific issues were identified:
- a remote heap-overflow vulnerability when loading malformed
object files.
- a local privilege-escalation vulnerability.
GDB 6.3 is reportedly affected by these issues; other versions are
likely vulnerable as well. GNU binutils 2.14 and 2.15 are affected
by the heap-overflow issue as well.
GIMP XCF_LOAD_VECTOR FUNCTION BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18877
Last Updated: 2006-07-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18877
Summary:
Gimp is prone to a buffer-overflow vulnerability because it fails to
properly bounds-check user-supplied input data before copying it to
an insufficiently sized memory buffer.
An attacker may cause malicious code to execute by forcing the
application to read raw data from a malicious image file, with the
privileges of the user running the GIMP application.
GNUPG DETACHED SIGNATURE VERIFICATION BYPASS VULNERABILITY
BugTraq ID: 16663
Last Updated: 2006-07-21
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16663
Summary:
GnuPG is affected by a detached signature verification-bypass
vulnerability. This issue is due to the application's failure to
properly notify scripts that an invalid detached signature was
presented and that the verification process has failed.
This issue allows attackers to bypass the signature-verification
process used in some automated scripts. Depending on the use of
GnuPG, this may result in a false sense of security, the
installation of malicious packages, the execution of attacker-
supplied code, or other attacks.
GNUPG INCORRECT NON-DETACHED SIGNATURE VERIFICATION VULNERABILITY
BugTraq ID: 17058
Last Updated: 2006-07-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17058
Summary:
GnuPG is prone to a vulnerability involving incorrect verification
of non-detached signatures.
A successful attack can allow an attacker to simply take a signed
message, inject arbitrary data into it, and bypass verification.
Note that this issue also affects verification of signatures
embedded in encrypted messages. Scripts and applications using gpg
are affected, as are applications using the GPGME library.
GnuPG versions prior to 1.4.2.2 are vulnerable to this issue.
GNUPG PARSE_COMMENT REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19110
Last Updated: 2006-07-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19110
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it
to an insufficiently sized memory buffer.
This issue may allow remote attackers to execute arbitrary machine
code in the context of the affected application, but this has not
been confirmed.
GnuPG version 1.4.4 is vulnerable to this issue; previous versions
may also be affected.
GNUPG PARSE_USER_ID REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18554
Last Updated: 2006-07-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18554
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it
to an insufficiently sized memory buffer.
This issue may allow remote attackers to execute arbitrary machine
code in the context of the affected application, but this has not
been confirmed.
GnuPG versions 1.4.3 and 1.9.20 are vulnerable to this issue;
previous versions may also be affected.
HIKI DIFF DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18785
Last Updated: 2006-07-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18785
Summary:
Hiki is prone to a denial-of-service vulnerability. This
vulnerability exists due to an error when processing a comparison
between two pages.
An attacker can exploit this vulnerability to cause the application
to stop responding due to excessive use of system resources, denying
service to legitimate users.
[ Wiki in Ruby, not Perl ]
KDE DESKTOP SCREENSAVER LOCK ACTIVATION FAILURE VULNERABILITY
BugTraq ID: 19152
Last Updated: 2006-07-25
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19152
Summary:
The KDE desktop is prone to a vulnerability that can cause the
manual locking of the desktop to fail, or stop the screensaver from
activating.
These issues could have a security impact if the user depends on the
locking mechanism to secure the desktop.
KDE KONQUEROR REPLACECHILD DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18978
Last Updated: 2006-07-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18978
Summary:
KDE Konqueror is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to
visit a malicious website.
Remote attackers may exploit this issue to crash Konqueror,
effectively denying service to legitimate users.
KPDF AND KWORD MULTIPLE UNSPECIFIED BUFFER AND INTEGER OVERFLOW
VULNERABILITIES
BugTraq ID: 16143
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16143
Summary:
KPDF and KWord are prone to multiple buffer and integer overflows.
Successful exploitation could result in arbitrary code execution in
the context of the user running the vulnerable application.
Specific details of these issues are not currently available. This
record will be updated when more information becomes available.
The following are vulnerable:
- kdegraphics package
- KPDF versions 3.4.3 and earlier
- KOffice
- KWord versions 1.4.2 and earlier
LIBXPM BITMAP_UNIT INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 12714
Last Updated: 2006-07-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12714
Summary:
An integer-overflow vulnerability is reported to affect libXpm.
Reportedly, this vulnerability occurs in the 'scan.c' source file
and is due to a lack of sanity checks performed on the
'bitmap_unit' value.
A remote attacker may exploit this condition to execute arbitrary
code in the context of the application that is linked to the
affected library.
LIBMIKMOD XCOM HANDLER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19134
Last Updated: 2006-07-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19134
Summary:
A buffer-overflow vulnerability occurs in the libmikmod library.
This issue is due to the software's failure to properly bounds-check
user-supplied input before copying it to an insufficiently sized
memory buffer.
This issue may allow attackers to execute arbitrary machine code in
the context of the affected application, which may facilitate the
remote compromise of affected computers.
Versions 3.2.2 and prior are vulnerable; versions 2.x (which do not
support the GT2 file format) are not vulnerable.
LINUX KERNEL PRCTL CORE DUMP HANDLING PRIVILEGE ESCALATION
VULNERABILITY
BugTraq ID: 18874
Last Updated: 2006-07-25
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18874
Summary:
Linux kernel is prone to a local privilege-escalation vulnerability.
A local attacker may gain elevated privileges by creating a coredump
file in a directory that they do not have write access to.
A successful attack may result in a complete compromise.
Linux kernel versions prior to 2.6.17.4 are vulnerable.
LINUX KERNEL PROC FILESYSTEM LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 18992
Last Updated: 2006-07-25
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18992
Summary:
The Linux kernel is prone to a local privilege-escalation
vulnerability because of a race-condition in the 'proc' filesystem.
This issue allows local attackers to gain superuser privileges,
facilitating the complete compromise of affected computers.
The 2.6 series of the Linux kernel is vulnerable to this issue.
LINUX KERNEL USB DRIVER DATA QUEUE LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19033
Last Updated: 2006-07-25
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19033
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the USB FTDI
SIO driver.
This vulnerability allows local users to consume all available
memory resources, denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.27.
MOZILLA BROWSER/FIREFOX ARBITRARY HTTP REQUEST INJECTION VULNERABILITY
BugTraq ID: 14923
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14923
Summary:
Mozilla and Firefox browsers are prone to a vulnerability that
permits the injection of arbitrary HTTP requests. This issue is
due to a failure in the application to properly sanitize user-
supplied input.
An attacker can use this issue to exploit server or proxy flaws from
the user's machine, or to fool a server or proxy into thinking a
single request is a stream of separate requests.
MOZILLA BROWSER/FIREFOX CHROME PAGE LOADING RESTRICTION BYPASS
PRIVILEGE ESCALATION WEAKNESS
BugTraq ID: 14920
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14920
Summary:
Mozilla Browser/Firefox are prone to a potential arbitrary code-
execution weakness.
Specifically, an attacker can load privileged 'chrome' pages from an
unprivileged 'about:' page. This issue does not pose a threat unless
it is combined with a same-origin violation issue.
If successfully exploited, this issue may allow a remote attacker
to execute arbitrary code and gain unauthorized remote access to
a computer. This would occur in the context of the user running
the browser.
MOZILLA BROWSER/FIREFOX CHROME WINDOW SPOOFING VULNERABILITY
BugTraq ID: 14919
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14919
Summary:
Mozilla and Firefox browsers are prone to a window-spoofing
vulnerability.
An attacker can exploit this vulnerability to enhance phishing-
style attacks.
MOZILLA BROWSER/FIREFOX DOM OBJECTS SPOOFING VULNERABILITY
BugTraq ID: 14921
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14921
Summary:
Mozilla and Firefox are prone to a DOM object spoofing
vulnerability. Successful exploitation could allow a remote attacker
to execute arbitrary script code with elevated privileges.
MOZILLA BROWSER/FIREFOX JAVASCRIPT ENGINE INTEGER OVERFLOW
VULNERABILITY
BugTraq ID: 14917
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14917
Summary:
Mozilla Browser/Firefox are affected by an integer-overflow
vulnerability in their JavaScript engine. A remote attacker may
exploit this issue by creating a malicious site and enticing users
to visit it.
A successful attack may facilitate unauthorized remote access to a
vulnerable computer.
Netscape Browser 8.0.3.3, Netscape 7.2, and K-Meleon 0.9 are also
vulnerable.
MOZILLA BROWSER/FIREFOX XBM IMAGE PROCESSING HEAP OVERFLOW
VULNERABILITY
BugTraq ID: 14916
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14916
Summary:
Mozilla and Firefox browsers are prone to a heap overflow when
processing malformed XBM images. Successful exploitation can result
in arbitrary code execution.
MOZILLA BROWSER/FIREFOX ZERO-WIDTH NON-JOINER STACK CORRUPTION
VULNERABILITY
BugTraq ID: 14918
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14918
Summary:
Mozilla and Firefox are prone to a stack-corruption vulnerability.
Successful exploitation could potentially result in arbitrary code
execution.
MOZILLA FIREFOX, SEAMONKEY, CAMINO, AND THUNDERBIRD MULTIPLE REMOTE
VULNERABILITIES
BugTraq ID: 18228
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18228
Summary:
The Mozilla Foundation has released thirteen security advisories
specifying security vulnerabilities in Mozilla Firefox, SeaMonkey,
Camino, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- run JavaScript code with elevated privileges, potentially allowing
the remote execution of machine code
- gain access to potentially sensitive information.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as
further information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.4
- Mozilla Thunderbird version 1.5.0.4
- Mozilla SeaMonkey version 1.0.2
- Mozilla Camino 1.0.2
MOZILLA MULTIPLE PRODUCTS REMOTE VULNERABILITIES
BugTraq ID: 19181
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19181
Summary:
The Mozilla Foundation has released thirteen security advisories
specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- run arbitrary script code with elevated privileges
- gain access to potentially sensitive information.
- carry out cross-domain scripting attacks
Other attacks may also be possible.
The issues described here will be split into individual BIDs as
further information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.5
- Mozilla Thunderbird version 1.5.0.5
- Mozilla SeaMonkey version 1.0.3
MOZILLA NETWORK SECURITY SERVICES LIBRARY REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 18604
Last Updated: 2006-07-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18604
Summary:
NSS is susceptible to a remote denial-of-service vulnerability. This
issue is due to a memory leak in the library.
This issue allows remote attackers to consume excessive memory
resources on affected computers. This may lead to computer hangs or
panics, denying service to legitimate users.
NSS version 3.11 is affected by this issue.
MOZILLA SUITE, FIREFOX, SEAMONKEY, AND THUNDERBIRD MULTIPLE REMOTE
VULNERABILITIES
BugTraq ID: 17516
Last Updated: 2006-07-21
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17516
Summary:
The Mozilla Foundation has released nine security advisories
specifying security vulnerabilities in Mozilla Suite, Firefox,
SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- gain elevated privileges in JavaScript code, potentially allowing
remote machine code execution
- gain access to potentially sensitive information
- bypass security checks
- spoof window contents.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as
the information embargo on the Mozilla Bugzilla entries is lifted
and as further information becomes available. This BID will then
be retired.
These issues are fixed in:
- Mozilla Firefox versions 1.0.8 and 1.5.0.2
- Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
- Mozilla Suite version 1.7.13
- Mozilla SeaMonkey version 1.0.1
MOZILLA/NETSCAPE/FIREFOX BROWSERS DOMAIN NAME REMOTE BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 14784
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14784
Summary:
Mozilla/Netscape/Firefox are reported prone to a remote buffer-
overflow vulnerability when handling a malformed URI.
A successful attack may result in a crash of the application or the
execution of arbitrary code.
Firefox 1.0.6 and 1.5 Beta 1 are vulnerable to this issue. Mozilla
1.7.11 and Netscape 8.0.3.3 and 7.2 are affected as well.
MULTIPLE BROWSER PROXY AUTO-CONFIG SCRIPT HANDLING REMOTE DENIAL OF
SERVICE VULNERABILITY
BugTraq ID: 14924
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14924
Summary:
Multiple browsers are affected by a remote denial-of-service
vulnerability when handling proxy auto-config scripts. This can
cause a crash in an instance of an affected browser.
Firefox 1.0.6 and prior versions, Netscape Browser 8.0.3.3, and
Mozilla 1.7.11 and prior versions are affected by this issue.
MULTIPLE VENDOR TCP PACKET FRAGMENTATION HANDLING DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 11258
Last Updated: 2006-07-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11258
Summary:
Multiple vendor implementations of the TCP stack are reported prone
to a remote denial-of-service vulnerability.
The issue is reported to present itself due to inefficiencies
present when handling fragmented TCP packets.
The discoverer of this issue has dubbed the attack style the "New
Dawn attack"; it is a variation of a previously reported attack that
was named the "Rose Attack".
A remote attacker may exploit this vulnerability to deny service to
an affected computer.
Microsoft Windows 2000/XP, Linux kernel 2.4 tree, and undisclosed
Cisco systems are reported prone to this vulnerability; other
products may also be affected.
[ disable fragmentation, enable PMTU discovery ]
MYSQL SERVER DATE_FORMAT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19032
Last Updated: 2006-07-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19032
Summary:
MySQL is prone to a remote denial-of-service vulnerability because
the database server fails to properly handle unexpected input.
This issue allows remote attackers to crash affected database
servers, denying service to legitimate users. Attackers must be able
to execute arbitrary SQL statements on affected servers, which
requires valid credentials to connect to affected servers.
Attackers may exploit this issue in conjunction with latent SQL-
injection vulnerabilities in other applications.
Versions of MySQL prior to 4.1.18, 5.0.19, and 5.1.6 are vulnerable
to this issue.
OPENOFFICE ARBITRARY MACRO EXECUTION VULNERABILITY
BugTraq ID: 18738
Last Updated: 2006-07-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18738
Summary:
OpenOffice is prone to a vulnerability that allows attackers to gain
unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows malicious
macros to gain read/write privileges to local files on a
vulnerable computer.
OPENSSH REVERSE DNS LOOKUP ACCESS CONTROL BYPASS VULNERABILITY
BugTraq ID: 7831
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/7831
Summary:
A vulnerability has been reported for OpenSSH that may allow
unauthorized access to an OpenSSH server's login mechanism.
The vulnerability occurs because of the way OpenSSH restricts
access. It's possible to configure OpenSSH to restrict access based
on certain patterns. When a numeric IP address is provided as the
host that is attempting a connection, an attacker can trick the
OpenSSH server to allow access.
OPENSSH SCP SHELL COMMAND EXECUTION VULNERABILITY
BugTraq ID: 16369
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
OpenSSH is prone to an SCP shell command-execution vulnerability
because the application fails to properly sanitize user-supplied
input before using it in a 'system()' function call.
This issue allows attackers to execute arbitrary shell commands with
the privileges of users executing a vulnerable version of SCP.
This issue reportedly affects version 4.2 of OpenSSH. Other versions
may also be affected.
ROB BROWN NET-SERVER PERL MODULE LOGGING FUNCTION FORMAT STRING
VULNERABILITY
BugTraq ID: 13193
Last Updated: 2006-07-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13193
Summary:
Net-Server API is prone to a remote format-string vulnerability. The
issue resides in the 'log' subroutine of the 'Server.pm' module.
This vulnerability may occur when an application uses the 'log'
subroutine of the affected module to handle malicious data passed
through a network request.
A successful attack may crash the server or lead to arbitrary code
execution. This may facilitate unauthorized access or privilege
escalation in the context the server.
SAMBA INTERNAL DATA STRUCTURES DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18927
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18927
Summary:
The smbd daemon is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to consume excessive memory
resources, ultimately crashing the affected application.
This issue affects Samba versions 3.0.1 through 3.0.22 inclusive.
SENDMAIL ASYNCHRONOUS SIGNAL HANDLING REMOTE CODE EXECUTION
VULNERABILITY
BugTraq ID: 17192
Last Updated: 2006-07-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17192
Summary:
Sendmail is prone to a remote code-execution vulnerability.
Remote attackers may leverage this issue to execute arbitrary code
with the privileges of the application, which typically runs as
superuser.
Sendmail versions prior to 8.13.6 are vulnerable to this issue.
SENDMAIL MALFORMED MIME MESSAGE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18433
Last Updated: 2006-07-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18433
Summary:
Sendmail is prone to a denial-of-service vulnerability. This issue
is due to a failure in the application to properly handle malformed
multi-part MIME messages.
An attacker can exploit this issue to crash the sendmail process
during delivery.
SIEMENS SPEEDSTREAM WIRELESS ROUTER DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19132
Last Updated: 2006-07-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19132
Summary:
Siemens SpeedStream Wireless Routers are prone to a remote denial-of-
service vulnerability.
This may permit an attacker to crash affected devices, denying
further network services to legitimate users.
Firmware version 2624 is vulnerable; other versions may also
be affected.
WEBMIN/USERMIN UNSPECIFED INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 18744
Last Updated: 2006-07-21
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18744
Summary:
Webmin and Usermin are prone to an unspecified information-
disclosure vulnerability. This issue is due to a failure in the
applications to properly sanitize user-supplied input.
An attacker can exploit this issue to retrieve potentially sensitive
information.
This issue affects Webmin versions prior to 1.290 and Usermin
versions prior to 1.220.
Unconfirmed reports suggest that this issue is the same as the one
discussed in BID 18613 (Webmin Remote Directory Traversal
Vulnerability). However, the fixes associated with that issue did
not completely solve the vulnerability.
WIRESHARK PROTOCOL DISSECTORS MULTIPLE VULNERABILITIES
BugTraq ID: 19051
Last Updated: 2006-07-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19051
Summary:
Wireshark is prone to multiple vulnerabilities:
- A format string vulnerability.
- An off-by-one vulnerability.
- An infinite loop vulnerability.
- A memory allocation vulnerability.
These may permit attackers to execute arbitrary code, which can
facilitate a compromise of an affected computer or cause a denial-of-
service condition to legitimate users of the application.
[ aka ethereal ]
XPDF DCTSTREAM BASELINE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15727
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15727
Summary:
The 'xpdf' viewer is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. This can result in
the attacker gaining unauthorized access to the vulnerable computer.
This issue is reported to present itself in the
'CTStream::readBaselineSOF' function residing in the
'xpdf/Stream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely prone to this vulnerability as well. Applications using
embedded xpdf code may also be vulnerable.
The 'pdftohtml' utility also includes vulnerable versions of xpdf.
Version 0.36 of pdftohtml was reported prone to this issue, however,
earlier versions may also be affected.
The 'kpdf' viewer reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XPDF DCTSTREAM PROGRESSIVE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15726
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15726
Summary:
The 'xpdf' utility is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
Reportedly, this issue presents itself in the
'DCTStream::readProgressiveSOF' function residing in the
'xpdf/Stream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely vulnerable as well. Applications using embedded xpdf code may
also be vulnerable.
The 'pdftohtml' utility also includes vulnerable versions of xpdf.
Version 0.36 of pdftohtml was reported prone to this issue, but
earlier versions may also be affected.
Th 'kpdf' utility reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XPDF JPX STREAM READER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15721
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15721
Summary:
The 'xpdf' utility is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
Reportedly, this issue presents itself in the
'JPXStream::readCodestream' function residing in the
'xpdf/JPXStream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely prone to this vulnerability as well. Applications using
embedded xpdf code may also be vulnerable.
The 'kpdf' utility reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XPDF STREAMPREDICTOR REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15725
Last Updated: 2006-08-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15725
Summary:
The 'xpdf' viewer is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
This issue is reported to present itself in the
'StreamPredictor::StreamPredictor' function residing in the
'xpdf/Stream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely prone to this vulnerability as well. Applications using
embedded xpdf code may also be vulnerable.
The 'pdftohtml' utility also includes vulnerable versions of xpdf.
Version 0.36 of pdftohtml was reported prone to this issue, but
earlier versions may also be affected.
The 'kpdf ' viewer reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
YUKIHIRO MATSUMOTO RUBY MULTIPLE SAFE LEVEL RESTRICTION BYPASS
VULNERABILITIES
BugTraq ID: 18944
Last Updated: 2006-07-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18944
Summary:
Ruby is prone to multiple vulnerabilities that let attackers bypass
SAFE-level restrictions.
These issues allow attackers to bypass the expected SAFE-level
restrictions, possibly allowing them to execute unauthorized script
code in the context of affected applications. The specific impact of
these issues depends on the implementation of scripts that use SAFE-
level security checks.
More information about the gull-annonces
mailing list