[gull-annonces] Résumé SecurityFocus Newsletter #330-#334
Marc SCHAEFER
schaefer at alphanet.ch
Tue Jan 31 11:59:50 CET 2006
MTink Home Environment Variable Buffer Overflow Vulnerability
BugTraq ID: 16095
Remote: No
Date Published: 2005-12-31
Relevant URL: http://www.securityfocus.com/bid/16095
Summary:
A buffer overflow vulnerability affects MTink. This vulnerability may
permit local attackers to execute arbitrary code with superuser privileges.
[ status monitor specific to Epson injket printers ]
File::ExtAttr Extended File Attribute Off-By-One Buffer Overflow
Vulnerability
BugTraq ID: 16118
Remote: No
Date Published: 2006-01-02
Relevant URL: http://www.securityfocus.com/bid/16118
Summary:
File::ExtAttr is prone to an off-by-one buffer overflow vulnerability. This
issue may occur when the module is used to read extended file attributes of
untrusted files.
Exploitation of the issue could potentially result in a denial of service in
the module or may allow for execution of arbitrary code.
Gentoo Pinentry Local Privilege Escalation Vulnerability
BugTraq ID: 16120
Remote: No
Date Published: 2006-01-03
Relevant URL: http://www.securityfocus.com/bid/16120
Summary:
pinentry is prone to a local privilege escalation vulnerability.
Successful exploitation can allow a pinentry user to read or write arbitrary
files with the privileges of group ID 0.
Linux Kernel set_mempolicy() Local Denial of Service Vulnerability
BugTraq ID: 16135
Remote: No
Date Published: 2006-01-04
Relevant URL: http://www.securityfocus.com/bid/16135
Summary:
Linux kernel is prone to a local denial of service vulnerability.
This issue affects the set_mempolicy() function of the 'mm/mempolicy.c' file.
Successful exploitation causes the kernel to crash, leading to a denial of
service condition.
ESRI ArcPad APM File Processing Buffer Overflow Vulnerability
BugTraq ID: 16136
Remote: Yes
Date Published: 2006-01-04
Relevant URL: http://www.securityfocus.com/bid/16136
Summary:
ArcPad is prone to a buffer overflow vulnerability. This issue is due to a
failure in the application to do proper bounds checking on user-supplied
data before copying it into an insufficiently sized memory buffer.
This issue allows an attacker to execute arbitrary machine code in the
context of the user utilizing the affected application.
[ firmware: fonctions de GPS ]
Linux Kernel fib_lookup Denial of Service Vulnerability
BugTraq ID: 16139
Remote: Yes
Date Published: 2006-01-04
Relevant URL: http://www.securityfocus.com/bid/16139
Summary:
Linux kernel is prone to a denial of service vulnerability.
This issue arises when the kernel handles specially crafted fib_lookup
netlink messages.
Successful exploitation may allow remote attackers to trigger a denial of
service condition. Local exploitation may be possible as well.
Linux Kernel sysctl_string Local Buffer Overflow Vulnerability
BugTraq ID: 16141
Remote: No
Date Published: 2006-01-04
Relevant URL: http://www.securityfocus.com/bid/16141
Summary:
Linux kernel is prone to a local buffer overflow vulnerability. This issue
is due to an off-by-one error in the sysctl subsystem.
A successful attack may result in a denial of service condition or possibly
arbitrary code execution in the context of the local kernel.
Linux kernel versions prior to 2.6.15 in the 2.6 series are considered
vulnerable to this issue.
Linux Kernel DVB Driver Local Buffer Overflow Vulnerability
BugTraq ID: 16142
Remote: No
Date Published: 2006-01-04
Relevant URL: http://www.securityfocus.com/bid/16142
Summary:
Linux kernel is prone to a local buffer overflow vulnerability. This issue
is due to a flaw in the DVB (Digital Video Broadcasting) driver subsystem.
This issue is only exploitable on computers with the affected DVB module
compiled, enabled, and accessible to local malicious users.
A successful attack may result in a denial of service condition or possibly
arbitrary code execution in the context of the local kernel.
Linux kernel versions prior to 2.6.15 in the 2.6 series are considered
vulnerable to this issue.
kpdf and kword Multiple Unspecified Buffer and Integer Overflow
Vulnerabilities
BugTraq ID: 16143
Remote: Yes
Date Published: 2006-01-05
Relevant URL: http://www.securityfocus.com/bid/16143
Summary:
kpdf and kword are prone to multiple buffer and integer overflows.
Successful exploitation could result in arbitrary code execution in the
context of the user running the vulnerable application.
Specific details of these issues are not currently available. This record
will be updated when more information becomes available.
kdegraphics and kpdf versions 3.4.3 and earlier and KOffice and kword
versions 1.4.2 and earlier are vulnerable.
OpenBSD DEV/FD Arbitrary File Access Vulnerability
BugTraq ID: 16144
Remote: No
Date Published: 2006-01-05
Relevant URL: http://www.securityfocus.com/bid/16144
Summary:
OpenBSD is prone to a vulnerability that allows local attackers to gain
access to arbitrary files.
This could allow attackers to obtain sensitive information, which may be
used to carry out other attacks against a vulnerable computer.
This issue reportedly affects OpenBSD 3.7 and 3.8. Other versions may be
vulnerable as well.
Apple AirPort Remote Denial of Service Vulnerability
BugTraq ID: 16146
Remote: Yes
Date Published: 2006-01-05
Relevant URL: http://www.securityfocus.com/bid/16146
Summary:
Apple AirPort firmware is prone to a denial of service condition. This
occurs when the device handles malformed packets.
Specific details regarding this issue are not currently known. This record
will be updated when more information becomes available.
AirPort Express firmware versions prior to 6.3 and AirPort Extreme firmware
versions prior to 5.7 are vulnerable.
[ firmware ]
HylaFAX Remote PAM Authentication Bypass Vulnerability
BugTraq ID: 16150
Remote: Yes
Date Published: 2006-01-05
Relevant URL: http://www.securityfocus.com/bid/16150
Summary:
The HylaFAX daemon is reported prone to a vulnerability that could allow
unauthorized access to the HylaFAX service. It is reported that the issue
presents itself due to a flaw in its PAM (Pluggable Authentication Modules)
usage.
A remote attacker may exploit this vulnerability to gain unauthorized access
to the affected service.
Hylafax Multiple Scripts Remote Command Execution Vulnerability
BugTraq ID: 16151
Remote: Yes
Date Published: 2006-01-05
Relevant URL: http://www.securityfocus.com/bid/16151
Summary:
Hylafax is vulnerable to multiple arbitrary command execution
vulnerabilities. This issue is due to a failure in the application to
properly sanitize user-supplied input.
These vulnerabilities allow an attacker to execute arbitrary commands in the
context of the affected application. Successful exploitation may facilitate
a compromise of the underlying system.
Apache mod_auth_pgsql Multiple Format String Vulnerabilities
BugTraq ID: 16153
Remote: Yes
Date Published: 2006-01-06
Relevant URL: http://www.securityfocus.com/bid/16153
Summary:
mod_auth_pgsql is prone to multiple format string vulnerabilities. These
issues are due to a failure of the application to properly sanitize
user-supplied input prior to including it in the format-specification
argument of formatted printing functions.
These issues could allow remote attackers to execute arbitrary code in the
context of the Web server user and gain unauthorized access.
Bugzilla syncshadowdb Insecure Temporary File Creation Vulnerability
BugTraq ID: 16061
Remote: No
Date Published: 2005-12-26
Relevant URL: http://www.securityfocus.com/bid/16061
Summary:
Bugzilla creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service
if critical files are overwritten in the attack. Other attacks may be
possible as well.
TkDiff Insecure Temporary File Creation Vulnerability
BugTraq ID: 16064
Remote: No
Date Published: 2005-12-27
Relevant URL: http://www.securityfocus.com/bid/16064
Summary:
TkDiff creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service
if critical files are overwritten in the attack. Other attacks may be
possible as well.
TkDiff 4.1 and prior versions are vulnerable to this issue.
Debian DHIS-TOOLS-DNS Insecure Temporary File Creation Vulnerability
BugTraq ID: 16065
Remote: No
Date Published: 2005-12-27
Relevant URL: http://www.securityfocus.com/bid/16065
Summary:
Debian dhis-tools-dns creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service
if critical files are overwritten in the attack. Other attacks may be
possible as well.
dhis-tools-dns 5.0 is vulnerable to this issue.
Ethereal GTP Protocol Dissector Denial of Service Vulnerability
BugTraq ID: 16076
Remote: Yes
Date Published: 2005-12-28
Relevant URL: http://www.securityfocus.com/bid/16076
Summary:
The Ethereal GTP protocol dissector is prone to remotely exploitable denial
of service vulnerability.
Successful exploitation will cause a denial of service condition in the
Ethereal application.
Further details are not currently available. This BID will be updated as
more information is disclosed.
Gentoo Linux XnView Insecure RPATH Vulnerability
BugTraq ID: 16087
Remote: No
Date Published: 2005-12-30
Relevant URL: http://www.securityfocus.com/bid/16087
Summary:
Gentoo Linux XnView is susceptible to an insecure RPATH vulnerability.
This issue may allow local attackers to execute code with the privileges of
a user that executes the application.
Gentoo Linux XnView versions prior to 1.70-r1 are vulnerable to this issue.
ImageMagick Image Filename Remote Command Execution Vulnerability
BugTraq ID: 16093
Remote: Yes
Date Published: 2005-12-30
Relevant URL: http://www.securityfocus.com/bid/16093
Summary:
ImageMagick is prone to a remote shell command execution vulnerability.
Successful exploitation can allow arbitrary commands to be executed in the
context of the affected user. It should be noted that this issue could also
be exploited through other applications that use ImageMagick as the default
image viewer.
ImageMagick 6.2.4.5 is reportedly vulnerable. Other versions may be
affected as well.
BSD SecureLevel Time Setting Security Restriction Bypass Vulnerability
BugTraq ID: 16170
Remote: No
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16170
Summary:
BSD securelevels are susceptible to a security restriction bypass
vulnerability that allows local attackers to set the system clock to any
arbitrary value.
This vulnerability allows local attackers to set the system clock to any
arbitrary value they desire, even those in the past, circumventing the
securelevel restriction. Various further attacks against time-sensitive
systems are then possible.
Bogofilter Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 16171
Remote: Yes
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16171
Summary:
Multiple remote buffer overflow vulnerabilities affect Bogofilter. These
issues are due to a failure of the application to properly handle invalid
input sequences and validate the length of user-supplied strings prior to
copying them into static process buffers.
An attacker may exploit these issue to cause a denial of service condition.
It may also be possible to execute arbitrary code with the privileges of the
vulnerable application. This may facilitate unauthorized access or privilege
escalation.
It should be noted that successful exploitation requires that Bogofilter is
used with an unicode database.
NetBSD KernFS LSEEK Local Kernel Memory Disclosure Vulnerability
BugTraq ID: 16173
Remote: No
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16173
Summary:
The kernfs file system in NetBSD is prone to a kernel memory disclosure
vulnerability. This issue arises due to insufficient sanitization of
user-supplied arguments passed to the 'lseek()' system call.
Information disclosed through this attack may be used to launch other
attacks against a computer and potentially aid in a complete compromise.
Dave Carrigan auth_ldap Remote Format String Vulnerability
BugTraq ID: 16177
Remote: Yes
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16177
Summary:
Dave Carrigan's auth_ldap is susceptible to a remote format string
vulnerability. This issue is due to a failure of the application to properly
sanitize user-supplied input prior to utilizing it in the format-specifier
of a formatted printing function.
These issues likely only arise if auth_ldap has been enabled and is used for
user authentication.
This issue allows remote attackers to execute arbitrary machine code in the
context of Apache Web servers that utilize the affected module. This may
facilitate the compromise of affected computers.
sudo Python Environment Variable Handling Security Bypass Vulnerability
BugTraq ID: 16184
Remote: No
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16184
Summary:
sudo is prone to a security bypass vulnerability that could lead to
arbitrary code execution. This issue is due to an error in the application
when handling environment variables.
A local attacker with the ability to run Python scripts can exploit this
vulnerability to gain access to an interactive Python prompt. Attackers may
then execute arbitrary code with elevated privileges, facilitating the
complete compromise of affected computers.
An attacker must have the ability to run Python scripts through Sudo to
exploit this vulnerability.
This issue is similar to BID 15394 ( Sudo Perl Environment Variable Handling
Security Bypass Vulnerability).
Stefan Frings SMS Server Tools Local Format String Vulnerability
BugTraq ID: 16188
Remote: No
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16188
Summary:
A local format string vulnerability affects Stefan Frings SMS Server Tools.
The problem presents itself when the affected application attempts to log
messages using a formatted print function. User-supplied input is improperly
sanitized prior to its inclusion in the format specifier argument of a
formatted print function.
An attacker may leverage this issue to execute arbitrary code with superuser
privileges, ultimately facilitating privilege escalation.
Version 1.14.8 of SMS Server Tools is vulnerable to this issue; other
versions may also be affected.
Clam Anti-Virus ClamAV UPX Compressed File Heap Buffer Overflow
Vulnerability
BugTraq ID: 16191
Remote: Yes
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16191
Summary:
ClamAV is prone to a heap buffer overflow vulnerability. This issue is due
to a failure of the application to properly bounds check user-supplied data
prior to copying it to an insufficiently sized memory buffer.
This issue occurs when the application attempts to handle compressed UPX
files.
Exploitation of this issue could allow attacker-supplied machine code to be
executed in the context of the affected application. The issue would occur
when the malformed file is scanned manually or automatically in deployments
such as email gateways.
Trac HTML WikiProcessor Wiki Content HTML Injection Vulnerability
BugTraq ID: 16198
Remote: Yes
Date Published: 2006-01-10
Relevant URL: http://www.securityfocus.com/bid/16198
Summary:
Trac is prone to an HTML injection vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input before
using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of
the affected Web site, potentially allowing for theft of cookie-based
authentication credentials. An attacker could also exploit this issue to
control how the site is rendered to the user; other attacks are also
possible.
Cisco IP Phone 7940 Remote Denial of Service Vulnerability
BugTraq ID: 16200
Remote: Yes
Date Published: 2006-01-10
Relevant URL: http://www.securityfocus.com/bid/16200
Summary:
Cisco IP Phone 7940 is prone to a remote denial of service vulnerability.
Successful exploitation causes the phone to restart.
Cisco is tracking this issue as Cisco bug ID CSCef33398.
[ firmware ]
FreeBSD EE Insecure Temporary File Creation Vulnerability
BugTraq ID: 16207
Remote: No
Date Published: 2006-01-11
Relevant URL: http://www.securityfocus.com/bid/16207
Summary:
ee creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service
if critical files are overwritten in the attack. Other attacks may be
possible as well.
Cisco CS-MARS Default Administrative Password Vulnerability
BugTraq ID: 16211
Remote: No
Date Published: 2006-01-11
Relevant URL: http://www.securityfocus.com/bid/16211
Summary:
Cisco Security Monitoring, Analysis and Response System (CS-MARS) sets a
default administrative password during installation. This password is
static across all installations of the software.
Users with authenticated access to the CS-MARS command line interface may
use this default password to gain unauthorized administrative access in
affected installations.
It is possible for those running software release 4.1.3 and later to change
a portion of the default administrative password, effectively addressing the
vulnerability. However, earlier versions do not provide this option.
Cisco Aironet Wireless Access Point ARP Memory Exhaustion Denial Of
Service Vulnerability
BugTraq ID: 16217
Remote: Yes
Date Published: 2006-01-12
Relevant URL: http://www.securityfocus.com/bid/16217
Summary:
Various Cisco Aironet wireless access point devices are prone to a denial of
service vulnerability. This issue is due to memory exhaustion caused by
improper handling of an excessive number of ARP requests.
This issue allows attackers that can successfully associate with a
vulnerable access point to exhaust the memory of the affected device. This
results in the device failing to pass legitimate traffic until it has been
rebooted.
[ firmware ]
GNU Mailman Large Date Data Denial Of Service Vulnerability
BugTraq ID: 16248
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16248
Summary:
GNU Mailman is prone to a denial of service attack. This issue affects the
email date parsing functionality of Mailman.
The vulnerability could be triggered by mailing list posts and will impact
the availability of mailing lists hosted by the application.
Tux Paint Insecure Temporary File Creation Vulnerability
BugTraq ID: 16250
Remote: No
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16250
Summary:
Tux Paint creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service
if critical files are overwritten in the attack. Other attacks may be
possible as well.
Faq-O-Matic Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 16251
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16251
Summary:
Faq-O-Matic is prone to multiple cross-site scripting vulnerabilities.
These issues are due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed
in the browser of an unsuspecting user in the context of the affected site.
This may facilitate the theft of cookie-based authentication credentials as
well as other attacks.
These issues may be related to those discussed in BID 4565 and BID 4023
(Faq-O-Matic Cross Site Scripting Vulnerability).
Apache Geronimo Multiple Input Validation Vulnerabilities
BugTraq ID: 16260
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16260
Summary:
Apache Geronimo is prone to multiple input validation vulnerabilities. These
issues are due to a failure in the application to properly sanitize
user-supplied input.
Successful exploitation of these vulnerabilities could result in a
compromise of the application, disclosure or modification of data, or the
theft of cookie-based authentication credentials. An attacker could also
exploit this issue to control how the site is rendered to the user; other
attacks are also possible.
GRSecurity Elevated Service Privileges Weakness
BugTraq ID: 16261
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16261
Summary:
The grsecurity patch may improperly allow services to run with elevated
privileges. This issue is due to a failure of the kernel to properly drop
administrative roles.
This issue may lead to a false sense of security by allowing network
services that are intended to have limited privileges to have administrative
privileges. The exact repercussions of this issue depend on the particular
function of the services running with elevated privileges. Privileges
granted to services depend on the configured administrative role.
Attackers may exploit latent vulnerabilities in network services, and
compromise the underlying computer. This is due to the targeted service
having elevated privileges that are not intended.
CMU SNMP SNMPTRAPD Daemon Remote Format String Vulnerability
BugTraq ID: 16267
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16267
Summary:
A remote format string vulnerability affects the CMU SNMP's snmptrapd
daemon. This issue is due to a failure of the application to properly
sanitize user-supplied input data prior to using it in a formatted-printing
function.
A remote attacker may leverage this issue to execute arbitrary code with
superuser privileges, facilitating the complete compromise of affected
computers.
It should be noted that CMU SNMP has not been actively maintained for
several years.
Mozilla Thunderbird File Attachment Spoofing Vulnerability
BugTraq ID: 16271
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16271
Summary:
Mozilla Thunderbird is prone to a file attachment spoofing vulnerability.
Successful exploitation may allow attackers to place malicious files on a
user's computer by tricking users into saving seemingly safe attachments.
If the user subsequently opens the file, this vulnerability may facilitate
arbitrary code execution in the context of the user.
Thunderbird versions prior to 1.5 are affected.
Antiword Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 16278
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16278
Summary:
Antiword creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service
if critical files are overwritten in the attack. Other attacks may be
possible as well.
Linux Kernel mq_open System Call Unspecified Denial of Service
Vulnerability
BugTraq ID: 16283
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16283
Summary:
Linux kernel mq_open system call is prone to a local denial of service
vulnerability. Further information is not currently available. This record
will be updated when more details are disclosed.
This issue affects Linux kernel 2.6.9. Earlier kernel versions may be
affected.
Linux Kernel procfs Kernel Memory Disclosure Vulnerability
BugTraq ID: 16284
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16284
Summary:
The Linux kernel is affected by a local memory disclosure vulnerability.
This issue allows an attacker to read kernel memory. Information gathered
via exploitation may aid malicious users in further attacks.
This issue affectes the 2.6 series of the Linux kernel, prior to 2.6.15.
MPM HP-180W VOIP WIFI Phone Information Disclosure Vulnerability
BugTraq ID: 16285
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16285
Summary:
The MPM HP-180W VOIP WIFI phone is prone to an information disclosure
vulnerability.
Sensitive information may be disclosed to attackers, and could be useful in
further attacks. Informataion obtained may aid an attacker to perform denial
of service attacks.
MPM HP-180W phones with firmware version WE.00.17 is vulnerable to this
issue. Due to code reuse, other devices and versions may also be affected.
This issue may also be related to BID 15478 (Zyxel P2000W VOIP WIFI Phone
Information Disclosure Vulnerability)
[ firmware ]
ACT P202S VOIP WIFI Phones Multiple Remote Vulnerabilities
BugTraq ID: 16288
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16288
Summary:
ACT P202S VOIP WIFI Phone allows remote debugger connections and remote
unauthenticated administrative access. Successful exploitation of these
vulnerabilities could allow a remote attacker to obtain debugging
information from the device or cause a denial of service. Other attacks are
also possible.
ACT P202S VOIP WIFI Phones running firmware version 1.01.21 is prone to
these issues. Due to code reuse, other devices and versions may also be
affected.
[ firmware ]
Clipcomm CPW-100E and CP-100E VOIP Phones Remote Administrative Access
Vulnerability
BugTraq ID: 16289
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16289
Summary:
Clipcomm CPW-100E and CP-100E VOIP phones allow unauthenticated, remote
administrative access.
This issue allows remote attackers to gain access to potentially sensitive
information, trace calls, perform factory resets, and corrupt memory; other
attacks are also possible. Attackers may also turn CPW-100E phones into a
remote listening device.
Clipcomm CPW-100E phones running firmware version 1.1.12, and CP-100E phones
running firmware version 1.1.60 are prone to this issue. Due to code reuse,
other devices and versions may also be affected.
[ firmware ]
Cisco IOS HTTP Service CDP Status Page HTML Injection Vulnerability
BugTraq ID: 16291
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16291
Summary:
Cisco IOS HTTP service is reportedly prone to an HTML injection
vulnerability.
Specifically the vulnerability affects the Cisco Discovery Protocol (CDP)
status page. An attacker can submit malicious HTML and script code through
CDP packets to be executed in the context of a logged in administrator.
This issue can also allow attackers to execute arbitrary commands on a
vulnerable device.
Exploitation can facilitate a variety of attacks such as manipulation of
routing information, account creation and access to all other functionality
available to administrators.
IOS 11.2(8.11)SA6 is reportedly vulnerable to this issue, however, other
versions of IOS 11 are likely affected as well. This issue does not affect
IOS 12.
[ firmware ]
FreeBSD IEEE 802.11 Network Subsystem Remote Buffer Overflow
BugTraq ID: 16296
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16296
Summary:
FreeBSD is susceptible to a remote, kernel-level buffer overflow
vulnerability. This issue is due to a failure of the kernel to properly
bounds check user-supplied network data prior to copying it to an
insufficiently sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code in the
context of the affected kernel, facilitating the complete compromise of
affected computers. As this issue is present in a low-level network
subsystem, it is likely exploitable even if the host is blocking packets
with a host-based packet filter.
Linux Kernel dm-crypt Local Information Disclosure Vulnerability
BugTraq ID: 16301
Remote: No
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16301
Summary:
The Linux kernel dm-crypt module is susceptible to a local information
disclosure vulnerability. This issue is due to a failure of the module to
properly zero sensitive memory buffers prior to freeing the memory.
This issue may allow local attackers to gain access to potentially sensitive
memory that contains information on the cryptographic key utilized for the
encrypted storage. This may aid them in further attacks.
This issue affects the 2.6 series of the Linux kernel.
Cisco IOS SGBP Remote Denial of Service Vulnerability
BugTraq ID: 16303
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16303
Summary:
Cisco IOS SGBP is prone to a remote denial of service vulnerability.
This issue arises on devices that have been configured to run SGBP.
A successful attack causes a device to hang and fail to respond to further
requests. It should be noted that a system watchdog timer will detect this
condition after a delay and restart the device.
[ firmware ]
Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access Vulnerability
BugTraq ID: 16304
Remote: No
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16304
Summary:
The Linux kernel is susceptible to a local access validation vulnerability
in the SDLA driver.
This issue allows local users with the 'CAP_NET_ADMIN' capability, but
without the 'CAP_SYS_RAWIO' capability to read and write to the SDLA device
firmware. This may cause a denial of service issue if attackers write an
invalid firmware. Other attacks may also be possibly by writing modified
firmware files.
Linksys BEFVP41 IP Options Remote Denial Of Service Vulnerability
BugTraq ID: 16307
Remote: Yes
Date Published: 2006-01-18
Relevant URL: http://www.securityfocus.com/bid/16307
Summary:
Linksys BEFVP41 routers are susceptible to a remote denial of service
vulnerability. This issue is due to a failure of the devices to properly
handle unexpected network traffic.
This issue allows remote attackers to crash affected devices, denying
service to legitimate users.
Reportedly, attackers must be located on the internal network, and be able
to pass traffic through the router to exploit this issue. It may also be
possible from the external side of the network, but this has not been
confirmed.
[ firmware ]
Cisco EIGRP Protocol HELLO Packet Replay Vulnerability
BugTraq ID: 15970
Remote: Yes
Date Published: 2005-12-19
Relevant URL: http://www.securityfocus.com/bid/15970
Summary:
The Cisco EIGRP protocol is susceptible to a vulnerability that allows HELLO
packet replay attacks.
This issue allows attackers to gain access to potentially sensitive network
information in EIGRP UPDATE reply packets, or to cause a denial of service
condition by flooding routers with HELLO packets.
The denial of service issue is described in BID 6443 (Cisco IOS EIGRP
Announcement ARP Denial Of Service Vulnerability). By utilizing replayed
HELLO packets with MD5 enabled, attackers may cause a more severe denial of
service condition.
This issue is being tracked by Cisco Bug ID CSCsc13724.
[ firmware ]
Cisco EIGRP Protocol Unauthenticated Goodbye Packet Remote Denial Of
Service Vulnerability
BugTraq ID: 15978
Remote: Yes
Date Published: 2005-12-19
Relevant URL: http://www.securityfocus.com/bid/15978
Summary:
The Cisco EIGRP protocol is susceptible to a remote denial of service
vulnerability. This issue is possible when MD5 neighbor authentication is
not in use.
This issue allows attackers to cause routing relationships to be torn down,
forcing them to be reestablished. The routing link will be unavailable
during the time that the link is torn down, until it is reestablished. By
repeating the attack, a sustained denial of network service is possible.
This issue is being tracked by Cisco Bug ID CSCsc13698.
[ firmware ]
Fetchmail Missing Email Header Remote Denial of Service Vulnerability
BugTraq ID: 15987
Remote: Yes
Date Published: 2005-12-20
Relevant URL: http://www.securityfocus.com/bid/15987
Summary:
Fetchmail is affected by a remote denial of service vulnerability. This
issue is due to a failure of the application to handle unexpected input.
This issue only occurs when Fetchmail is configured in 'multidrop' mode.
This issue affects Fetchmail versions 6.2.5.4 and 6.3.0. Previous versions
may also be affected.
RedHat Enterprise Linux UDEV Insecure Permissions Vulnerability
BugTraq ID: 15994
Remote: No
Date Published: 2005-12-20
Relevant URL: http://www.securityfocus.com/bid/15994
Summary:
RedHat Enterprise Linux is susceptible to an insecure permissions
vulnerability. This issue is due to a flaw in the udev package that
improperly creates '/dev/input' files.
This issue allows local attackers to improperly access files in
'/dev/input'. This allows them to sniff user-supplied keyboard and mouse
input. Information gathered through this issue, such as passwords, will aid
malicious users in further attacks.
NEC UNIVERGE IX1000/IX2000/IX3000 IKE Exchange Denial Of Service
Vulnerabilities
BugTraq ID: 16027
Remote: Yes
Date Published: 2005-12-21
Relevant URL: http://www.securityfocus.com/bid/16027
Summary:
NEC UNIVERGE IX1000/IX2000/IX3000 products are prone to denial of service
vulnerabilities. These issues are due to security flaws in NEC's IPSec
implementation. These vulnerabilities may be triggered by malformed IKE
traffic.
This issue was discovered with the PROTOS ISAKMP Test Suite and is related
to the handling of malformed IKEv1 traffic.
[ firmware ]
More information about the gull-annonces
mailing list