[gull-annonces] Résumé SecurityFocus Newsletter #377-379
Marc SCHAEFER
schaefer at alphanet.ch
Tue Dec 12 08:50:22 CET 2006
ABCMIDI ABC MUSIC FILES REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17704
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17704
Summary:
abcMIDI is prone to a remote buffer-overflow vulnerability.
A remote attacker can exploit this issue to execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
APACHE LOG4NET DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17095
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17095
Summary:
Log4net is prone to a remote denial-of-service vulnerability.
An attacker may cause the application to crash, thus denying service
to legitimate users.
APACHE MOD_AUTH_KERB OFF-BY-ONE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21214
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21214
Summary:
Apache mod_auth_kerb is prone to an off-by-one buffer-overflow
condition.
The vulnerability allows for potential memory corruption.
An attacker may exploit this issue to trigger a denial-of-service
condition. Arbitrary code execution may be possible, but this has
not been confirmed.
APACHE MOD_IMAP REFERER CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 15834
Last Updated: 2006-12-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15834
Summary:
Apache's mod_imap module is prone to a cross-site scripting
vulnerability. This issue is due to the module's failure to properly
sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user in the context of
the affected site. This may facilitate the theft of cookie-based
authentication credentials as well as other attacks.
APACHE MOD_REWRITE OFF-BY-ONE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19204
Last Updated: 2006-12-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19204
Summary:
Apache mod_rewrite is prone to an off-by-one buffer-overflow
condition.
The vulnerability arising in the mod_rewrite module's ldap scheme
handling allows for potential memory corruption when an attacker
exploits certain rewrite rules.
An attacker may exploit this issue to trigger a denial-of-
service condition. Reportedly, arbitrary code execution may be
possible as well.
ASTERISK CHAN_SKINNY REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20617
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20617
Summary:
Asterisk is prone to a remote heap-based buffer-overflow
vulnerability because the application fails to properly bounds-check
user-supplied data before copying it to an insufficiently sized
memory buffer.
Exploiting this vulnerability allows remote attackers to execute
arbitrary machine code in the context of the affected application.
Failed exploit attempts will likely crash the server, denying
further service to legitimate users.
ASTERISK JPEG FILE HANDLING INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 17561
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17561
Summary:
Asterisk is prone to an integer-overflow vulnerability.
This issue arises when the application handles a malformed
JPEG file.
An attacker could exploit this vulnerability to execute arbitrary
code in the context of the vulnerable application.
ASTERISK VOICEMAIL UNAUTHORIZED ACCESS VULNERABILITY
BugTraq ID: 15336
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15336
Summary:
Asterisk is prone to an unauthorized-access vulnerability. This
issue is due to a failure in the application to properly verify user-
supplied input.
Successful exploitation will grant an attacker access to a victim
user's voicemail and to any '.wav/.WAV' files currently on the
affected system.
BLUESOCKET BSC 2100 ADMIN.PL CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 21419
Last Updated: 2006-12-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21419
Summary:
BlueSocket BSC 2100 is prone to a cross-site scripting vulnerability
because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code
execute in the browser of an unsuspecting user in the context of the
affected site. This may help the attacker steal cookie-based
authentication credentials and launch other attacks.
This issue affects versions prior to 5.2 and versions without the
5.1.1-BluePatch fix.
[ firmware ]
CLAM ANTI-VIRUS PE REBUILDING HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20535
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20535
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied data before
copying it to an insufficiently sized memory buffer.
Exploiting this issue could allow attacker-supplied machine code to
execute in the context of the affected application. The issue would
occur when the malformed file is scanned manually or automatically
in deployments such as email gateways.
ClamAV version 0.88.4 is vulnerable to this issue.
CLAM ANTIVIRUS CLAMAV MULTIPLE VULNERABILITIES
BugTraq ID: 17388
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17388
Summary:
ClamAV is prone to multiple vulnerabilities:
- An integer-overflow vulnerability.
- A format-string vulnerability.
- A denial-of-service vulnerability.
The first two issues may permit attackers to execute arbitrary code,
which can facilitate a compromise of an affected computer.
If an attacker can successfully exploit the denial-of-service issue,
this may crash the affected application, which may aid an attacker
in further attacks if the antivirus software no longer works.
CLAM ANTIVIRUS FRESHCLAM REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17754
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17754
Summary:
ClamAV's freshclam utility is susceptible to a remote buffer-
overflow vulnerability. The utility fails to perform sufficient
boundary checks in server-supplied HTTP data before copying it to an
insufficiently sized memory buffer.
To exploit this issue, attackers must subvert webservers in the
ClamAV database server pool. Or, they would perform DNS-based
attacks or man-in-the-middle attacks to cause affected freshclam
applications to connect to attacker-controlled webservers.
This issue allows remote attackers to execute arbitrary machine code
in the context of the freshclam utility. The affected utility may
run with superuser privileges, aiding remote attackers in the
complete compromise of affected computers.
ClamAV versions 0.88 and 0.88.1 are affected by this issue.
CONVERT-UULIB PERL MODULE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 13401
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13401
Summary:
Convert-UUlib Perl module is prone to a remotely exploitable buffer-
overflow vulnerability.
A remote attacker may leverage this condition to overwrite sensitive
program control variables and thus gain control of the process's
execution flow.
This BID will be updated as soon as further information regarding
this issue is made available.
CYRUS SASL REMOTE DIGEST-MD5 DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17446
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17446
Summary:
Cyrus SASL is affected by a remote denial-of-service vulnerability.
This issue occurs before successful authentication, allowing
anonymous remote attackers to trigger it.
This vulnerability allows remote attackers to crash services using
the affected SASL library, denying service to legitimate users.
This issue reportedly affects version 2.1.18 of Cyrus SASL; other
versions may also be affected.
DENYHOSTS REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21468
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21468
Summary:
DenyHosts is prone to a remote denial-of-service vulnerability. This
issue is due to a failure of the application to properly ensure the
source of authentication failure messages.
Successfully exploiting this issue allows remote attackers to
add arbitrary IP addresses to the block list utilized by the
application. This allows attackers to deny further SSH network
access to arbitrary IP addresses, denying service to
legitimate users.
ETHEREAL MULTIPLE PROTOCOL DISSECTOR VULNERABILITIES IN VERSIONS
PRIOR TO 0.99.0
BugTraq ID: 17682
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17682
Summary:
The vendor has disclosed several vulnerabilities in Ethereal. The reported issues are in various protocol dissectors. These issues include:
- Buffer-overflow vulnerabilities
- Denial-of-service vulnerabilities
- Infinite loop denial-of-service vulnerabilities
- Unspecified denial-of-service vulnerabilities
- Off-by-one overflow vulnerabilities
These issues could allow remote attackers to execute arbitrary
machine code in the context of the vulnerable application. Attackers
could also crash the affected application.
Various vulnerabilities affect different versions of Ethereal, from
0.8.5 through to 0.10.14.
FFMPEG IMAGE FILE MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 20009
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20009
Summary:
FFmpeg is prone to multiple remote buffer-overflow vulnerabilities
because the application using this library fails to properly bounds-
check user-supplied input before copying it to an insufficiently
sized memory buffer.
These issues allow attackers to execute arbitrary machine code
within the context of the affected application.
Versions prior to 0.4.9_p20060530 are vulnerable to this issue.
FVWM FVWM-MENU-DIRECTORY COMMAND EXECUTION VULNERABILITY
BugTraq ID: 9161
Last Updated: 2006-11-22
Remote: No
Relevant URL: http://www.securityfocus.com/bid/9161
Summary:
It has been reported that FVWM may be prone to a command execution
vulnerability that may allow an attacker to execute malicious
commands on a vulnerable system. It has been reported that the fvwm-menu-
directory component does not properly sanitize user input and
allows a user with write permissions to a directory to execute
arbitrary commands.
FVWM versions 2.14.17 and 2.5.8 have been reported to be vulnerable
to this issue, however other versions may be affected as well.
FREETYPE LWFN FILES BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18034
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18034
Summary:
FreeType is prone to a buffer-overflow vulnerability. This issue is
due to an integer-overflow that results in a buffer being overrun
with attacker-supplied data.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications that use the affected library. Failed
exploit attempts will likely crash applications, denying service to
legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
FREETYPE TTF FILE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18326
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18326
Summary:
FreeType is prone to a buffer-overflow vulnerability. This issue is
due to an integer-underflow that results in a buffer being overrun
with attacker-supplied data.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications that use the affected library. Failed
exploit attempts will likely crash applications, denying service to
legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
FREETYPE TTF FILE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18329
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18329
Summary:
FreeType is prone to a denial-of-service vulnerability. This issue
is due to a flaw in the library that causes a NULL-pointer
dereference.
This issue allows remote attackers to crash applications that use
the affected library, denying service to legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
GD GRAPHICS LIBRARY REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18294
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18294
Summary:
The GD Graphics Library is prone to a denial-of-service
vulnerability. Attackers can trigger an infinite-loop condition when
the library tries to handle malformed image files.
This issue allows attackers to consume excessive CPU resources on
computers that use the affected software. This may deny service to
legitimate users.
GD version 2.0.33 is vulnerable to this issue; other versions may
also be affected.
GNU BINUTILS BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17950
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17950
Summary:
GNU binutils is susceptible to a buffer-overflow vulnerability
because it fails to properly bounds check user-supplied input prior
to copying it to an insufficiently-sized memory buffer.
Remote attackers may crash the strings utility, potentially making
analysis of malicious binaries more difficult. Attackers may also
execute arbitrary machine code in the context of applications that
utilize the affected library.
GNU GV STACK BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20978
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20978
Summary:
GNU gv is prone to a stack-based buffer-overflow vulnerability
because the application fails to properly bounds-check user-supplied
data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine
code in the context of users running the affected application.
Failed attempts will likely crash the application, resulting in denial-of-
service conditions.
Version 3.6.2 is reported vulnerable; other versions may also
be affected.
NOTE: Various other applications may employ embedded GNU gv code and
could also be vulnerable as a result.
GNU GZIP ARCHIVE HANDLING MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20101
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20101
Summary:
The gzip utility is prone to multiple remote buffer-overflow and denial-of-
service vulnerabilities when handling malicious archive files.
Successful exploits may allow a remote attacker to corrupt process
memory by triggering an overflow condition. This may lead to
arbitrary code execution in the context of an affected user and may
facilitate a remote compromise. Attackers may also trigger denial-of-
service conditions by crashing or hanging the application.
Specific information regarding affected versions of gzip is
currently unavailable. This BID will be updated as more information
is released.
GNU TAR GNUTYPE_NAMES REMOTE DIRECTORY TRAVERSAL VULNERABILITY
BugTraq ID: 21235
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21235
Summary:
GNU Tar is prone to a vulnerability that may allow an attacker to
place files and overwrite files in arbitrary locations on a
vulnerable computer. These issues present themselves when the
application processes malicious archives.
A successful attack can allow the attacker to place potentially
malicious files and overwrite files on a computer in the context of
the user running the affected application. Successful exploits may
aid in further attacks.
GNU TEXINFO INSECURE TEMPORARY FILE CREATION VULNERABILITY
BugTraq ID: 14854
Last Updated: 2006-11-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14854
Summary:
Texinfo creates temporary files in an insecure manner. The issue
resides in the 'textindex.c' file.
Exploitation would most likely result in loss of data or a denial of
service if critical files are overwritten in the attack. Other
attacks may be possible as well.
GIMP XCF_LOAD_VECTOR FUNCTION BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18877
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18877
Summary:
Gimp is prone to a buffer-overflow vulnerability because it fails to
properly bounds-check user-supplied input data before copying it to
an insufficiently sized memory buffer.
An attacker may cause malicious code to execute by forcing the
application to read raw data from a malicious image file, with the
privileges of the user running the GIMP application.
GNUPG MAKE_PRINTABLE_STRING REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21306
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21306
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it
to an insufficiently sized memory buffer.
Exploiting this issue may allow remote attackers to execute
arbitrary machine code in the context of the affected application,
but this has not been confirmed.
GnuPG versions 1.4.5 and 2.0.0 are vulnerable to this issue;
previous versions may also be affected.
GNUPG OPENPGP PACKET PROCESSING FUNCTION POINTER OVERWRITE
VULNERABILITY
BugTraq ID: 21462
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21462
Summary:
GnuPG is prone to a vulnerability that could permit an attacker to
overwrite a function pointer.
This issue is due to a design error when dealing with OpenPGP
packets and may be exploited to execute arbitrary code.
Successful exploits may result in the remote compromise of computers
utilizing the vulnerable application.
GPHOTOS MULTIPLE INPUT VALIDATION VULNERABILITIES
BugTraq ID: 17967
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17967
Summary:
Gphotos is prone to multiple input-validation vulnerabilities. The
issues include information-disclosure and cross-site scripting
vulnerabilities. These issues are due to a failure in the
application to properly sanitize user-supplied input.
A successful exploit of these vulnerabilities could allow an
attacker to compromise the application, access or modify data, or
steal cookie-based authentication credentials. Other attacks are
also possible.
GRAPHICSMAGICK PALM DCM BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 20707
Last Updated: 2006-11-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20707
Summary:
GraphicsMagick is prone to multiple buffer-overflow vulnerabilities
because it fails to perform adequate boundary checks on user-
supplied data before copying it to insufficiently sized buffers.
Successful exploits may allow an attacker to execute arbitrary
machine code to compromise an affected computer or to cause denial-of-
service conditions.
GraphicsMagick 1.1.7 and prior versions are vulnerable.
IMLIB2 LIBRARY MULTIPLE ARBITRARY CODE EXECUTION VULNERABILITIES
BugTraq ID: 20903
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20903
Summary:
The imlib2 library is prone to arbitrary code-execution
vulnerabilities.
An attacker can exploit these issues to execute arbitrary machine
code with the privileges of the currently logged-in user.
IMAGEMAGICK FILE NAME HANDLING REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 12717
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12717
Summary:
ImageMagick is reported prone to a remote format-string
vulnerability.
Reportedly, this issue arises when the application handles malformed
filenames. An attacker can exploit this vulnerability by crafting a
malicious file with a name that contains format specifiers and
sending the file to an unsuspecting user.
Note that there are other attack vectors that may not require user
interaction, since the application can be used with custom printing
systems and web applications.
A successful attack may crash the application or lead to arbitrary
code execution.
All versions of ImageMagick are considered vulnerable at the moment.
IMAGEMAGICK IMAGE FILENAME REMOTE COMMAND EXECUTION VULNERABILITY
BugTraq ID: 16093
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16093
Summary:
ImageMagick is prone to a remote shell command-execution
vulnerability.
Successful exploitation can allow arbitrary commands to be executed
in the context of the affected user. Note that attackers could
exploit this issue through other applications that use ImageMagick
as the default image viewer.
ImageMagick 6.2.4.5 is reportedly vulnerable. Other versions may be
affected as well.
IMAGEMAGICK SGI IMAGE FILE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19507
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19507
Summary:
ImageMagick is prone to a remote heap buffer-overflow vulnerability
because the application fails to properly bounds-check user-supplied
input before copying it to an insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary machine code in the
context of applications that use the ImageMagick library.
ImageMagick versions in the 6.x series, up to version 6.2.8, are
vulnerable to this issue.
IMAGEMAGICK SGI IMAGE FILE UNSPECIFIED REMOTE HEAP BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 21185
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21185
Summary:
ImageMagick is prone to a remote heap-based buffer-overflow
vulnerability because the application fails to properly bounds-check
user-supplied input before copying it to an insufficiently sized
memory buffer.
Exploiting this issue allows attackers to execute arbitrary
machine code in the context of applications that use the
ImageMagick library.
ImageMagick versions in the 6.x series, up to version 6.2.8, are
vulnerable to this issue.
INGO PROCMAIL DRIVER SHELL COMMAND EXECUTION VULNERABILITY
BugTraq ID: 20637
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20637
Summary:
Ingo is prone to a vulnerability that may permit the execution of
arbitrary shell commands. This issue occurs because the Ingo
procmail driver fails to properly sanitize user-supplied input.
Exploiting this issue allows attackers to execute arbitrary commands
with the privileges of users executing a vulnerable version of the
application.
This issue affects version 1.1.1 and earlier.
INTEL NETWORK DRIVERS LOCAL CODE EXECUTION VULNERABILITY
BugTraq ID: 21456
Last Updated: 2006-12-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21456
Summary:
Intel LAN drivers are prone to local code-execution vulnerability.
An attacker can trigger this issue to corrupt memory and execute
code with kernel-level privileges.
A successful attack can result in a complete compromise of the
affected computer due to privilege escalation.
All PCI, PCI-X and PCIe Intel network adapter drivers are
vulnerable.
[ firmware; apparemment uniquement ceux qui sont li?s ? l'ex?cution de
code propri?taire compatible Windows sous GNU/Linux (NDISwrapper)
]
KOFFICE PPT FILES INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 21354
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21354
Summary:
KOffice is prone to an integer-overflow vulnerability because it
fails to properly validate user-supplied data.
An attacker can exploit this vulnerability to execute arbitrary code
in the context of the application. Failed exploit attempts will
likely cause denial-of-service conditions.
KOffice versions prior to 1.6.1 are affected.
KTOOLS REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15600
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15600
Summary:
The ktools library is prone to a remote buffer-overflow
vulnerability.
An attacker may execute arbitrary code with the privileges of the
application and gain unauthorized remote access.
Version 0.3 (and prior) of ktools is vulnerable to this issue.
L2TPNS HEARTBEAT HANDLING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21443
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21443
Summary:
The l2tpns program is prone to a denial-of-service vulnerability
because it fails to properly handle user-supplied data.
Attackers can exploit this issue to crash the affected application,
effectively denying service to legitimate users. Attackers may be
able to exploit this issue to execute arbitrary code, but this has
not been confirmed.
LIBGSF REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21358
Last Updated: 2006-12-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21358
Summary:
The libgsf library is prone to a remote heap buffer-overflow
vulnerability.
Exploiting this issue may allow attackers to execute arbitrary
machine code within the context of the vulnerable application or to
cause a denial of service.
LIBTIFF TIFF2PDF REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18331
Last Updated: 2006-11-21
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18331
Summary:
The tiff2pdf utility is prone to a buffer-overflow vulnerability.
This issue is due to a failure in the application to do proper
boundary checks before copying user-supplied data into a finite-
sized buffer.
This issue allows remote attackers to execute arbitrary machine
code in the context of the affected application. Failed exploit
attempts will likely crash the application, denying service to
legitimate users.
LIBTIFF TIFFTORGB DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17809
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17809
Summary:
LibTIFF is affected by a denial-of-service vulnerability.
An attacker can exploit this vulnerability to cause a denial of
service in applications using the affected library.
LIBEXTRACTOR MULTIPLE HEAP BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 18021
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18021
Summary:
The libextractor library is affected by multiple buffer-overflow
vulnerabilities. The software fails to perform sufficient boundary
checks of user-supplied input before copying it to insufficiently
sized memory buffers.
An attacker exploits these issues by enticing a vulnerable user to
open a malformed file using an application that employs
libextractor.
This issue allows attackers to execute arbitrary machine code in the
context of applications that use the affected library, aiding them
in the remote compromise of affected computers.
Version 0.5.13 of libextractor is vulnerable to these issues; other
versions may also be affected.
LINKS ELINKS SMBCLIENT REMOTE COMMAND EXECUTION VULNERABILITY
BugTraq ID: 21082
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21082
Summary:
Links and ELinks are prone to a remote command-execution
vulnerability because the applications fail to properly process
website data containing smb commands.
An attacker can exploit this issue to execute arbitrary smb
commands on a victim computer. This may help the attacker
compromise the application and the underlying system; other attacks
are also possible.
Links version 1.00pre12 and ELinks version 0.11.1 are reportedly
vulnerable; other versions may also be affected.
NOTE: This vulnerability may be exploited only if 'smbclient' is
installed on a target computer.
LINKSYS WRT54GS POST REQUEST CONFIGURATION CHANGE AUTHENTICATION
BYPASS VULNERABILITY
BugTraq ID: 19347
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19347
Summary:
Linksys WRT54GS is prone to an authentication-bypass vulnerability.
Reportedly, the device permits changes in its configuration settings
without requring authentication.
Linksys WRT54GS is prone to an authentication-bypass vulnerability.
The problem presents itself when a victim user visits a specially
crafted web page on an attacker-controlled site. An attacker can
exploit this vulnerability to bypass authentication and modify the
configuration settings of the device.
This issue is reported to affect firmware version 1.00.9; other
firmware versions may also be affected.
LINUX KERNEL ATM MODULE INCONSISTENT REFERENCE COUNTS DENIAL OF
SERVICE VULNERABILITY
BugTraq ID: 17078
Last Updated: 2006-11-22
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17078
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability.
This vulnerability affects the ATM module and allows local users to
panic the kernel by creating inconsistent reference counts, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.14.
LINUX KERNEL ATM SKBUFF DEREFERENCE REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20363
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20363
Summary:
The Linux kernel is prone to a remote denial-of-service
vulnerability.
This issue is triggered when the kernel processes incoming ATM data.
Exploiting this vulnerability may allow remote attackers to crash
the affected kernel, resulting in denial-of-service conditions.
This issue affects only systems that have ATM hardware and are
configured for ATM kernel support.
Kernel versions from 2.6.0 up to and including 2.6.17 are vulnerable
to this issue.
LINUX KERNEL CD-ROM DRIVER LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18847
Last Updated: 2006-11-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18847
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied input before
using it in a memory copy operation.
This issue allows local attackers to overwrite kernel memory with
arbitrary data, potentially allowing them to execute malicious
machine code in the context of affected kernels. This vulnerability
facilitates the complete compromise of affected computers.
Linux kernel version 2.6.17.3 and prior are affected by this issue.
LINUX KERNEL ELF FILE ENTRY POINT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16925
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16925
Summary:
Linux kernel is prone to a denial-of-service vulnerability when
processing a malformed ELF file. This issue occurs only on Intel
EM64T processors.
Linux kernel versions prior to 2.6.15.5 are affected by this issue.
LINUX KERNEL GET_FDB_ENTRIES BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21353
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21353
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because
it fails to properly bounds-check user-supplied data before copying
it to an insufficiently sized memory buffer.
Attackers may potentially exploit this issue to execute arbitrary
code within the context of the affected kernel, but this has not
been confirmed. Successfully exploiting this issue would cause the
complete compromise of the affected computer.
Little information is currently known about this vulnerability. Due
to the fact that the affected function is in the network-bridging
code, remote attacks may be possible.
Linux kernel versions prior to 2.6.18.4 are vulnerable to this
issue.
LINUX KERNEL IP ID INFORMATION DISCLOSURE WEAKNESS
BugTraq ID: 17109
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17109
Summary:
The Linux kernel is prone to a remote information-disclosure
weakness. This issue is due to an implementation flaw of a zero
'ip_id' information-disclosure countermeasure.
This issue allows remote attackers to use affected computers in
stealth network port and trust scans.
The Linux kernel 2.6 series, as well as some kernels in the 2.4
series, are affected by this weakness.
LINUX KERNEL IP_ROUTE_INPUT LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17593
Last Updated: 2006-12-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17593
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the
'ip_route_input()' function.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.8.
LINUX KERNEL INTEL EM64T SYSRET LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17541
Last Updated: 2006-12-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17541
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue arises in Intel EM64T CPUs when returning
program control using SYSRET.
This vulnerability allows local users to crash the kernel, denying
further service to legitimate users.
LINUX KERNEL NFS CLIENT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16922
Last Updated: 2006-11-22
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16922
Summary:
Linux kernel NFS client is prone to a denial-of-service
vulnerability. An unprivileged local user can panic the NFS client
and cause it to fail.
This issue was addressed in Linux kernel 2.6.15.5; earlier versions
are vulnerable.
39. Image Gallery with Access Database Multiple SQL Injection
Vulnerabilities BugTraq ID: 21131 Remote: Yes Last Updated: 2006-11-
22 Relevant URL: http://www.securityfocus.com/bid/21131
Summary: Image gallery with Access Database is prone to
multiple SQL-injection vulnerabilities because it fails to
sufficiently sanitize user-supplied data before using it in an
SQL query.
Exploiting these issues could allow an attacker to compromise the
application, access or modify data, or exploit latent
vulnerabilities in the underlying database implementation.
LINUX KERNEL NFS AND EXT3 COMBINATION REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19396
Last Updated: 2006-12-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19396
Summary:
The Linux kernel is susceptible to a remote denial-of-service
vulnerability because the EXT3 filesystem code fails to properly
handle unexpected conditions.
Remote attackers may trigger this issue by sending crafted UDP
datagrams to affected computers that are configured as NFS servers,
causing filesystem errors. Depending on the mount-time options of
affected filesystems, this may result in remounting filesystems as
read-only or cause a kernel panic.
Linux kernel versions 2.6.14.4, 2.6.17.6, and 2.6.17.7 are
vulnerable to this issue; other versions in the 2.6 series are also
likely affected.
LINUX KERNEL PERFMON.C LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17482
Last Updated: 2006-11-22
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17482
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue arises in 'perfmon.c' on ia64 platforms.
This vulnerability allows local users to crash the kernel, denying
further service to legitimate users.
LINUX KERNEL RCU SIGNAL HANDLING __GROUP_COMPLETE_SIGNAL FUNCTION
UNSPECIFIED VULNERABILITY
BugTraq ID: 17640
Last Updated: 2006-12-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17640
Summary:
Linux Kernel is prone to a local unspecified vulnerability.
This issue exists in the '__group_complete_signal' function of the
RCU signal-handling facility.
Due to a lack of details, further information cannot be provided at
the moment. This BID will be updated when more details are
available.
LINUX KERNEL SCTP_MAKE_ABORT_USER FUNCTION BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 19666
Last Updated: 2006-11-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19666
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because
it fails to properly bounds-check user-supplied data before copying
it to an insufficiently sized memory buffer.
A local attacker can exploit this issue to execute arbitrary code
and potentially compromise the affected computer.
LINUX KERNEL SG DRIVER DIRECT IO LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18101
Last Updated: 2006-11-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18101
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the SG driver.
This vulnerability allows local users to cause a kernel panic,
denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.13.
LINUX KERNEL SMBFS CHROOT SECURITY RESTRICTION BYPASS VULNERABILITY
BugTraq ID: 17735
Last Updated: 2006-11-22
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17735
Summary:
The Linux Kernel is prone to a vulnerability that allows attackers
to bypass a security restriction. This issue is due to a failure in
the kernel to properly sanitize user-supplied data.
The problem affects chroot inside of an SMB-mounted filesystem
('smbfs'). A local attacker who is bounded by the chroot can exploit
this issue to bypass the chroot restriction and gain unauthorized
access to the filesystem.
LINUX KERNEL SNMP NAT HELPER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18081
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18081
Summary:
The Linux SNMP NAT helper is susceptible to a remote denial-of-
service vulnerability.
This issue allows remote attackers to potentially corrupt memory and
ultimately trigger a denial of service for legitimate users.
Kernel versions prior to 2.6.16.18 are vulnerable to this issue.
LINUX KERNEL SHARED MEMORY SECURITY RESTRICTION BYPASS VULNERABILITIES
BugTraq ID: 17587
Last Updated: 2006-12-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17587
Summary:
The Linux kernel is prone to vulnerabilities regarding access to
shared memory.
A local attacker could potentially gain read and write access to
shared memory and write access to read-only tmpfs filesystems,
bypassing security restrictions.
An attacker can exploit these issues to possibly corrupt
applications and their data when the applications use temporary
files or shared memory.
LINUX KERNEL __KEYRING_SEARCH_ONE LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 17451
Last Updated: 2006-12-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17451
Summary:
Linux kernel is susceptible to a local denial-of-service
vulnerability. This vulnerability arises in the
'__keyring_search_one' function. This issue allows local users to
crash the kernel, denying service to legitimate users.
Kernel versions prior to 2.6.16.3 are vulnerable to this issue.
LINUX KERNEL DIE_IF_KERNEL LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16993
Last Updated: 2006-11-22
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16993
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the
'die_if_kernel()' function.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.15.6 running
on Itanium systems.
LINUX KERNEL SYS_MBIND SYSTEM CALL LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 16924
Last Updated: 2006-11-22
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16924
Summary:
The Linux kernel 'sys_mbind' system call is prone to a local denial-of-
service vulnerability. This issue is due to a lack of proper input
sanitization in the system call's arguments.
This issue allows local users to panic the kernel, denying further
service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.15.5.
LINUXPRINTING.ORG FOOMATIC-FILTER COMMAND EXECUTION VULNERABILITY
BugTraq ID: 11184
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11184
Summary:
Reportedly, the LinuxPrinting.org Foomatic-Filter is affected by an
arbitrary command-execution vulnerability. Although unconfirmed,
this issue is likely due to the affected script's failure to
properly validate input when issuing shell commands.
An attacker may exploit this issue to execute arbitrary commands as
the printer user on a computer running the vulnerable software.
LYNX MALFORMED HTML INFINITE LOOP DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 11443
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11443
Summary:
Lynx is prone to a denial-of-service vulnerability when handling
certain malformed HTML. Attackers could exploit this condition could
to cause the application to enter an infinite loop.
LYNX NNTP ARTICLE HEADER BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15117
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15117
Summary:
Lynx is prone to a buffer overflow when handling NNTP article
headers.
This issue may be exploited when the browser handles NNTP content,
such as through 'news:' or 'nntp:' URIs. Successful exploitation
will result in code execution in the context of the program user.
MONO SYSTEM.CODEDOM.COMPILER CLASS INSECURE TEMPORARY FILE CREATION
VULNERABILITY
BugTraq ID: 20340
Last Updated: 2006-11-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20340
Summary:
The Mono 'System.CodeDom.Compiler' class creates temporary files in
an insecure manner.
An attacker with local access could potentially exploit this issue
to perform symlink attacks, overwriting arbitrary files in the
context of the affected application.
Successfully exploiting a symlink attack may allow an attacker to
overwrite or corrupt sensitive files. This may result in a denial of
service; other attacks may also be possible.
Versions 1.0 and 2.0 are vulnerable; other versions may also
be affected.
MOZILLA FIREFOX 2 PASSWORD MANAGER CROSS-SITE INFORMATION
DISCLOSURE WEAKNESS
BugTraq ID: 21240
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21240
Summary:
Mozilla Firefox is reportedly prone to an information-disclosure
weakness because it fails to properly notify users of automatic form
field population in disparate URLs deriving from the same domain.
This issue may allow attackers to obtain user credentials that have
been saved in forms deriving from the same website that attack code
resides. The most common manifestation of this condition would
typically be in blogs or forums. This may allow attackers to gain
access to potentially sensitive information that would facilitate
the success of phishing attacks.
Initial reports and preliminary testing indicate that this issue
only affects Firefox 2.
MOZILLA FIREFOX LARGE HISTORY FILE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15773
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15773
Summary:
Mozilla Firefox is reportedly prone to a remote denial-of-service
vulnerability.
This issue presents itself when the browser handles a large entry in
the 'history.dat' file. An attacker may trigger this issue by
enticing a user to visit a malicious website and by supplying
excessive data to be stored in the affected file.
This may cause a denial-of-service condition.
**UPDATE: Proof-of-concept exploit code has been published. The
author of the code attributes the crash to a buffer-overflow
condition. Symantec has not reproduced the alleged flaw.
MOZILLA FIREFOX RANGE SCRIPT OBJECT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20799
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20799
Summary:
Mozilla Firefox is prone to a remote denial-of-service
vulnerability.
An attacker may exploit this vulnerability to cause Mozilla Firefox
to crash, resulting in denial-of-service conditions.
Mozilla Firefox 1.5.0.7 (and earlier) as well as version 2.0 are
prone to this issue.
MOZILLA FIREFOX XML HANDLER RACE CONDITION MEMORY CORRUPTION
VULNERABILITY
BugTraq ID: 19534
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19534
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability
because of a race condition that may result in double-free or other
memory-corruption issues.
Attackers may likely exploit this issue to execute arbitrary machine
code in the context of the vulnerable application, but this has not
been confirmed. Failed exploit attempts will likely crash the
application.
Mozilla Firefox is vulnerable to this issue. Due to code-reuse,
other Mozilla products are also likely affected.
The Flock browser version 0.7.4.1 and the K-Meleon browser version
1.0.1 are also reported vulnerable.
MOZILLA FIREFOX/THUNDERBIRD/SEAMONKEY MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20042
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20042
Summary:
The Mozilla Foundation has released six security advisories
specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary code
- perform cross-site scripting attacks
- supply malicious data through updates
- inject arbitrary content
- execute arbitrary JavaScript
- crash affected applications and potentially execute
arbitrary code.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as more
information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.7
- Mozilla Thunderbird version 1.5.0.7
- Mozilla SeaMonkey version 1.0.5
MOZILLA SUITE, FIREFOX, SEAMONKEY, AND THUNDERBIRD MULTIPLE REMOTE
VULNERABILITIES
BugTraq ID: 17516
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17516
Summary:
The Mozilla Foundation has released nine security advisories
specifying security vulnerabilities in Mozilla Suite, Firefox,
SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- gain elevated privileges in JavaScript code, potentially allowing
remote machine code execution
- gain access to potentially sensitive information
- bypass security checks
- spoof window contents.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as
the information embargo on the Mozilla Bugzilla entries is lifted
and as further information becomes available. This BID will then
be retired.
These issues are fixed in:
- Mozilla Firefox versions 1.0.8 and 1.5.0.2
- Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
- Mozilla Suite version 1.7.13
- Mozilla SeaMonkey version 1.0.1
MOZILLA THUNDERBIRD MULTIPLE REMOTE INFORMATION DISCLOSURE
VULNERABILITIES
BugTraq ID: 16881
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16881
Summary:
Mozilla Thunderbird is susceptible to multiple remote information-
disclosure vulnerabilities. These issues are due to the
application's failure to properly enforce the restriction for
downloading remote content in email messages.
These issues allow remote attackers to gain access to potentially
sensitive information, aiding them in further attacks. Attackers
may also exploit these issues to know whether and when users read
email messages.
Mozilla Thunderbird version 1.5 is vulnerable to these issues; other
versions may also be affected.
MULTIPLE BSD VENDOR FIREWIRE IOCTL LOCAL INTEGER OVERFLOW
VULNERABILITY
BugTraq ID: 21089
Last Updated: 2006-12-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21089
Summary:
Multiple BSD operating systems are prone to a local integer-overflow
vulnerability. This issue affects the FireWire subsystem.
An attacker can exploit this vulnerability to gain access to
potentially sensitive kernel memory. Information harvested by
exploiting this issue will aid in further attacks.
TrustedBSD, FreeBSD, NetBSD, and DragonFly BSD are all vulnerable to
this issue. Specific version information is not currently available.
Update: FreeBSD and possibly other operating systems reportedly
allow only members of the 'operators' group and the superuser to
issue IOCTL commands against FireWire devices.
MULTIPLE MOZILLA PRODUCTS IFRAME JAVASCRIPT EXECUTION VULNERABILITY
BugTraq ID: 16770
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16770
Summary:
Multiple Mozilla products are prone to a script-execution
vulnerability.
The vulnerability presents itself when an attacker supplies a
specially crafted email to a user containing malicious script code
in an IFRAME and the user tries to reply to the mail. Arbitrary
JavaScript can be executed even if the user has disabled JavaScript
execution in the client.
The following mozilla products are vulnerable to this issue:
- Mozilla Thunderbird, versions prior to 1.5.0.2, and prior to 1.0.8
- Mozilla SeaMonkey, versions prior to 1.0.1
- Mozilla Suite, versions prior to 1.7.13
MULTIPLE MOZILLA PRODUCTS MEMORY CORRUPTION/CODE INJECTION/ACCESS
RESTRICTION BYPASS VULNERABILITIES
BugTraq ID: 16476
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16476
Summary:
Multiple Mozilla products are prone to multiple vulnerabilities.
These issues include various memory-corruption, code-injection, and
access-restriction-bypass vulnerabilities. Other undisclosed issues
may have also been addressed in the various updated vendor
applications.
Successful exploitation of these issues may permit an attacker to
execute arbitrary code in the context of the affected application.
This may facilitate a compromise of the affected computer; other
attacks are also possible.
MULTIPLE VENDOR AMD CPU LOCAL FPU INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 17600
Last Updated: 2006-12-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17600
Summary:
Multiple vendors' operating systems are prone to a local information-
disclosure vulnerability. This issue is due to a flaw in the
operating systems that fail to properly use AMD CPUs.
Local attackers may exploit this vulnerability to gain access to
potentially sensitive information regarding other processes
executing on affected computers. This may aid attackers in
retrieving information regarding cryptographic keys or other
sensitive information.
This issue affects Linux and FreeBSD operating systems that use
generations 7 and 8 AMD CPUs.
MYSQL QUERY LOGGING BYPASS VULNERABILITY
BugTraq ID: 16850
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16850
Summary:
MySQL is susceptible to a query-logging-bypass vulnerability. This
issue is due to a discrepancy between the handling of NULL bytes in
the 'mysql_real_query()' function and in the query-logging
functionality.
This issue allows attackers to bypass the query-logging
functionality of the database so they can cause malicious SQL
queries to be improperly logged. This may help them hide the traces
of their malicious activity from administrators.
This issue affects MySQL version 5.0.18; other versions may also
be affected.
MYSQL REMOTE INFORMATION DISCLOSURE AND BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 17780
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17780
Summary:
MySQL is susceptible to multiple remote vulnerabilities:
- A buffer-overflow vulnerability due to insufficient bounds-
checking of user-supplied data before copying it to an
insufficiently sized memory buffer. This issue allows remote
attackers to execute arbitrary machine code in the context of
affected database servers. Failed exploit attempts will likely
crash the server, denying further service to legitimate users.
- Two information-disclosure vulnerabilities due to insufficient input-
sanitization and bounds-checking of user-supplied data. These
issues allow remote users to gain access to potentially sensitive
information that may aid them in further attacks.
NAGIOS REMOTE CONTENT-LENGTH INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 18059
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18059
Summary:
Nagios is prone to a remote integer-overflow vulnerability. The
application fails to properly ensure that user-supplied input
doesn't overflow integer values. This may result in user-supplied
data being copied past the end of a memory buffer.
This issue allows remote attackers to execute arbitrary machine code
in the context of hosting webservers.
Nagios versions prior to 2.3.1 are vulnerable to this issue.
This issue is very similar to BID 17879 (Nagios Remote Negative Content-
Length Buffer Overflow Vulnerability), but is a separate issue.
NETBSD FTPD AND TNFTPD PORT REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21377
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21377
Summary:
NetBSD ftpd and tnftpd are prone to a remote buffer-overflow
vulnerability. This issue is due to an off-by-one error; it allows
attackers to corrupt memory.
Remote attackers may execute arbitrary machine code in the context
of the user running the affected application. Failed attempts will
likely result in denial-of-service conditions.
NETBSD KERNEL MULTIPLE LOCAL INFORMATION DISCLOSURE VULNERABILITIES
BugTraq ID: 21328
Last Updated: 2006-11-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21328
Summary:
The NetBSD kernel is prone to multiple local information-disclosure
vulnerabilities because the kernel fails to properly initialize
kernel memory before returning it to user-space programs.
Successfully exploiting these issues allows local attackers to gain
access to potentially sensitive information contained in kernel
memory, aiding them in further attacks.
NetBSD kernel branch 2 to branch 3 prior to 3.0.2, and current prior
to 10/27/06 are vulnerable.
OPENBSD SYSTRACE STRIOCREPLACE LOCAL INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 20392
Last Updated: 2006-11-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20392
Summary:
OpenBSD systrace is prone to a local integer-overflow vulnerability.
An attacker can exploit this vulnerability to execute arbitrary code
with elevated privileges. A successful exploit could lead to a
complete compromise of affected computers.
OpenBSD 3.8 and 3.9 are reported vulnerable; other BSD variants such
as NetBSD and FreeBSD may be affected as well.
OPENLDAP SERVER BIND REQUEST DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20939
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20939
Summary:
OpenLDAP server is prone to a denial-of-service vulnerability
because it fails to handle exceptional conditions.
An attacker can exploit this issue to cause a crash in the LDAP
server, effectively denying service to legitimate users.
OPENSSH DUPLICATED BLOCK REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20216
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because
it fails to properly handle incoming duplicate blocks.
Remote attackers may exploit this issue to consume excessive CPU
resources, potentially denying service to legitimate users.
This issue occurs only when OpenSSH is configured to accept SSH
Version One traffic.
OPENSSH SCP SHELL COMMAND EXECUTION VULNERABILITY
BugTraq ID: 16369
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
OpenSSH is prone to an SCP shell command-execution vulnerability
because the application fails to properly sanitize user-supplied
input before using it in a 'system()' function call.
This issue allows attackers to execute arbitrary shell commands with
the privileges of users executing a vulnerable version of SCP.
This issue reportedly affects version 4.2 of OpenSSH. Other versions
may also be affected.
OPENSSH-PORTABLE GSSAPI AUTHENTICATION ABORT INFORMATION
DISCLOSURE WEAKNESS
BugTraq ID: 20245
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20245
Summary:
OpenSSH-Portable is prone to an information-disclosure weakness. The
issue stems from a GSSAPI authentication abort.
Reportedly, attackers may leverage a GSSAPI authentication abort to
determine the presence and validity of usernames on unspecified
platforms.
This issue occurs when OpenSSH-Portable is configured to accept
GSSAPI authentication.
OpenSSH-Portable 4.3p1 and prior versions exhibit this weakness.
OPENSSL INSECURE PROTOCOL NEGOTIATION WEAKNESS
BugTraq ID: 15071
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15071
Summary:
OpenSSL is susceptible to a remote protocol-negotiation weakness.
This issue is due to the implementation of the
'SSL_OP_MSIE_SSLV2_RSA_PADDING' option to maintain compatibility
with third-party software.
This issue presents itself when two peers try to negotiate the
protocol they wish to communicate with. Attackers who can intercept
and modify the SSL communications may exploit this weakness to force
SSL version 2 to be chosen.
The attacker may then exploit various insecurities in SSL version 2
to gain access to or tamper with the cleartext communications
between the targeted client and server.
Note that the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option is enabled with
the frequently used 'SSL_OP_ALL' option.
SSL peers that are configured to disallow SSL version 2 are not
affected by this issue.
OPENSSL PKCS PADDING RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 19849
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to
forge an RSA signature. The attacker may be able to forge a PKCS #1
v1.5 signature when an RSA key with exponent 3 is used.
An attacker may exploit this issue to sign digital certificates or
RSA keys and take advantage of trust relationships that depend on
these credentials, possibly posing as a trusted party and signing a
certificate or key.
All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are
affected by this vulnerability. Updates are available.
OPENSSL SSL_GET_SHARED_CIPHERS BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20249
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20249
Summary:
OpenSSL is prone to a buffer-overflow vulnerability because the
library fails to properly bounds-check user-supplied input before
copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue may result in the execution of
arbitrary machine code in the context of applications that use the
affected library. Failed exploit attempts may crash applications,
denying service to legitimate users.
OPENSSL SSLV2 NULL POINTER DEREFERENCE CLIENT DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20246
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20246
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
A malicious server could cause a vulnerable client application to
crash, effectively denying service.
OPENVPN CLIENT REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 17392
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17392
Summary:
OpenVPN is reported prone to a remote code-execution vulnerability.
This issue is due to a lack of proper sanitization of server-
supplied data.
A remote attacker may exploit this issue to execute arbitrary code
with elevated privileges on a vulnerable computer to gain
unauthorized access.
To be vulnerable to this issue, client OpenVPN computers must be
configured to use 'up' or 'down' scripts and must have either the
'pull' configuration directive or a 'client' macro set up.
OpenVPN versions 2.0.0 through 2.0.5 are affected by this issue.
PAUL A. ROMBOUTS PDNSD UNSPECIFIED BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17720
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17720
Summary:
The pdnsd DNS server is prone to an unspecified buffer-overflow
vulnerability. A successful exploit may result in a denial of
service or arbitrary code execution.
Details regarding the precise nature of this vulnerability are not
currently available. This record will be updated when more
information is available.
PERL PERL_SV_VCATPVFN FORMAT STRING INTEGER WRAP VULNERABILITY
BugTraq ID: 15629
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15629
Summary:
Perl is susceptible to a format-string vulnerability. This issue is
due to the programming language's failure to properly handle format
specifiers in formatted-printing functions.
An attacker may leverage this issue to write to arbitrary process
memory, facilitating code execution in the context of the Perl
interpreter process. This can result in unauthorized remote access.
Developers should treat the formatted printing functions in Perl as
equivalently vulnerable to exploitation as the C library versions,
and should properly sanitize all data passed in the format-
specifier argument.
All applications that use formatted-printing functions in an unsafe
manner should be considered exploitable.
PLONE UNSPECIFIED GROUP SPOOFING VULNERABILITY
BugTraq ID: 21460
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21460
Summary:
Plone is prone to a spoofing vulnerability due to an
unspecified error.
An attacker can exploit this issue to spoof certain user data.
NOTE: This only affects sites which permit anonymous user
registration.
Version 2.5 and 2.5.1 are vulnerable.
PORTABLE OPENSSH GSSAPI REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 20241
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
Portable OpenSSH is prone to a remote code-execution
vulnerability. The issue derives from a race condition in a
vulnerable signal handler.
Reportedly, under specific conditions, it is theoretically possible
to execute code remotely prior to authentication when GSSAPI
authentication is enabled. This has not been confirmed; the chance
of a successful exploit of this nature is considered minimal.
On non-Portable OpenSSH implementations, this same race condition
can be exploited to cause a pre-authentication denial of service.
This issue occurs when OpenSSH and Portable OpenSSH are configured
to accept GSSAPI authentication.
POSTGRESQL MULTIBYTE CHARACTER ENCODING SQL INJECTION VULNERABILITIES
BugTraq ID: 18092
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18092
Summary:
PostgreSQL is prone to SQL-injection vulnerabilities. These issues
are due to a potential mismatch of multibyte character conversions
between PostgreSQL servers and client applications.
A successful exploit could allow an attacker to execute arbitrary
SQL statements on affected servers. This may allow the attacker to
compromise the targeted computer, access or modify data, or exploit
other latent vulnerabilities.
PostgreSQL versions prior to 7.3.15, 7.4.13, 8.0.8, and 8.1.4 are
vulnerable to these issues.
PROFTPD SREPLACE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20992
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20992
Summary:
ProFTPD is prone to an remote buffer-overflow vulnerability. This
issue is due to an off-by-one error, allowing attackers to
corrupt memory.
Exploiting this issue allows remote attackers to execute arbitrary
machine code in the context of the server application, facilitating
the compromise of affected computers.
ProFTPD versions prior to 1.3.0a are vulnerable to this issue.
Update: This BID was recently updated to state that
'CommandBufferSize' was affected by a denial-of-service issue, but
according to the vendor, that directive is not vulnerable.
SAMBA INTERNAL DATA STRUCTURES DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18927
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18927
Summary:
The smbd daemon is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to consume excessive memory
resources, ultimately crashing the affected application.
This issue affects Samba versions 3.0.1 through 3.0.22 inclusive.
SENDMAIL LONG HEADER DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19714
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19714
Summary:
Sendmail is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the Sendmail process,
causing a denial of service.
SPAMASSASSIN VPOPMAIL AND PARANOID SWITCHES REMOTE COMMAND EXECUTION
VULNERABILITY
BugTraq ID: 18290
Last Updated: 2006-11-21
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18290
Summary:
SpamAssassin is prone to an arbitrary-command-execution
vulnerability. This issue is due to an error in the application
when processing a specially formatted input message when certain
switches are set.
An attacker can exploit this issue to execute arbitrary comannds on
the vulnerable computer with the privileges of the affected
application.
SYSINFO KAMPUS MULTIPLE REMOTE FILE INCLUDE VULNERABILITIES
BugTraq ID: 21294
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21294
Summary:
Sysinfo Kampus is prone to multiple remote file-include
vulnerabilities because it fails to sufficiently sanitize user-
supplied data.
Exploiting these issues may allow an attacker to compromise
the application and the underlying system; other attacks are
also possible.
Sysinfo Kampus 0.8 and prior versions are vulnerable.
TDIARY CONF PARAMETER CROSS-SITE SCRIPTING VULNERABILITIES
BugTraq ID: 21321
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21321
Summary:
tDiary is prone to multiple cross-site scripting vulnerabilities.
An attacker may leverage these issues to have arbitrary script code
execute in the browser of an unsuspecting user in the context of the
affected site. This may help the attacker steal cookie-based
authentication credentials and launch other attacks.
tDiary versions 2.1.4.20061115 and prior are vulnerable to
these issues.
TEXINFO FILE HANDLING BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20959
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20959
Summary:
Texinfo is prone to a buffer-overflow vulnerability because the
application fails to properly bounds-check user-supplied input
before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to cause the affected
applications using Texinfo to crash, denying service to legitimate
users. Arbitrary code execution may also be possible, but this has
not been confirmed.
TYPESPEED REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18194
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18194
Summary:
Typespeed is susceptible to a remote buffer-overflow vulnerability.
This issue is due to a failure in the application to properly bounds-
check user-supplied input before copying it to an insufficiently
sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code
in the context of affected applications, aiding them in the
compromise of affected computers.
Typespeed versions 0.4.1 and 0.4.4 are vulnerable to this issue;
other versions may also be affected.
VIXIE CRON PAM_LIMITS LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 18108
Last Updated: 2006-11-28
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18108
Summary:
Vixie cron is susceptible to a local privilege-escalation
vulnerability. This issue is due to the application's failure to
properly drop superuser privileges in certain circumstances when
executing jobs.
This issue allows local attackers that have been authorized to
execute cron jobs to execute arbitrary commands with superuser
privileges. This facilitates the complete compromise of affected
computers.
Vixie cron version 4.1 is vulnerable to this issue when used in
conjunction with pam_limits. Other versions may also be affected.
WIRESHARK MULTIPLE PROTOCOL DISSECTORS DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 20762
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20762
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may permit attackers to cause crashes and
deny service to legitimate users of the application.
Wireshark versions prior to 0.99.4 are affected.
X.ORG XRENDER EXTENSION BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17795
Last Updated: 2006-12-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17795
Summary:
The X.Org X Window System is prone to a buffer-overflow
vulnerability.
An attacker can exploit this issue to execute arbitrary code with
elevated privileges. This may facilitate a compromise of the
affected computer.
XMPLAY PLAYLIST FILES REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21206
Last Updated: 2006-11-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21206
Summary:
XMPlay is prone to a remote buffer-overflow vulnerability because
the application fails to properly bounds-check user-supplied data
prior to loading malformed playlist files.
An attacker can exploit this issue to execute arbitrary code within
the context of the application or trigger a denial-of-service
condition.
XMPlay 3.3.0.4 is vulnerable to this issue; other versions may also
be affected.
XSCREENSAVER LOCAL PASSWORD DISCLOSURE VULNERABILITY
BugTraq ID: 17471
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17471
Summary:
XScreenSaver is prone to a local password-disclosure vulnerability.
This issue is due to a flaw in the application that may result in
the screen-unlock password being passed onto other applications that
are already running on the computer.
This may disclose the password used to unlock the applications. The
login password is typically used to unlock XScreenSaver, so this
issue may reveal login passwords to attackers.
This issue is currently known to affect users who are running
RDesktop on the locked computer, due to the interaction between the
applications. This may result in the disclosure of the login
password across the network. Other unknown applications in
conjunction with XScreenSaver may result in a similar issue.
Version 4.14 and 4.16 are vulnerable to this issue; other versions
may also be affected.
XZGV IMAGE VIEWER JPEG FILE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17409
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17409
Summary:
The 'xzgv' viewer is reported prone to a remote heap-overflow
vulnerability.
This issue is reported to present itself when the application
handles a specially crafted JPEG image. A remote attacker may
execute arbitrary code in the context of a user running the
application. As a result, the attacker can gain unauthorized access
to the vulnerable computer.
This issue affects 'xzgv' 0.8 and prior. 'zgv' image viewer is
vulnerable to this issue as well.
XINE-LIB HTTP RESPONSE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18187
Last Updated: 2006-11-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18187
Summary:
The xine-lib library is susceptible to a buffer-overflow
vulnerability. This issue is due to the software's failure to
properly bounds-check user-supplied input data before copying it to
an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute
arbitrary machine code in the context of application using the
affected library.
Versions of xine-lib greater than or equal to 1.0.1 are potentially
affected by this issue, but information on specific affected
versions is not currently available. Applications that use a
vulnerable version of the library may also be affected. Version
0.5.6 of gxine is reportedly vulnerable to this issue.
XINE-LIB RULEMATCHES REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21435
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21435
Summary:
xine-lib library running on real media is prone to a remote buffer-
overflow vulnerability because the application fails to properly bounds-
check user-supplied data before copying it into an insufficiently
sized buffer.
An attacker can exploit this issue to execute arbitrary code with
the privileges of the currently logged in user. Failed exploit
attempts will result in a denial-of-service.
YUKIHIRO MATSUMOTO RUBY CGI.RB LIBRARY REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21441
Last Updated: 2006-12-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21441
Summary:
Ruby is prone to a remote denial-of-service vulnerability because
the application's CGI library fails to properly handle specially
crafted HTTP requests.
Successful exploits may allow remote attackers to cause denial-of-
service conditions on computers running the affected Ruby CGI
library.
YUKIHIRO MATSUMOTO RUBY XMLRPC SERVER DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17645
Last Updated: 2006-12-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17645
Summary:
Ruby is affected by a denial-of-service vulnerability in the WEBrick
HTTP server. This issue is due to the use of blocking network
operations. Ruby's implementation of XML/RPC is also affected, since
it uses the vulnerable WEBrick server.
This issue allows remote attackers to cause affected webservers to
fail to respond to further legitimate requests.
Ruby versions prior to 1.8.3 are affected by this issue.
More information about the gull-annonces
mailing list