[gull-annonces] Résumé SecurityFocus Newsletter #355
Marc SCHAEFER
schaefer at alphanet.ch
Mon Jul 3 11:04:40 CEST 2006
AWSTATS REMOTE ARBITRARY COMMAND EXECUTION VULNERABILITY
BugTraq ID: 17844
Last Updated: 2006-06-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17844
Summary:
AWStats is prone to an arbitrary command-execution vulnerability.
This issue is due to a failure in the application to properly
sanitize user-supplied input. An attacker can exploit this
vulnerability to execute arbitrary shell commands in the context of
the webserver process. This may help attackers compromise the
underlying system; other attacks are also possible.
AWSTATS CONFIGURATION FILE REMOTE ARBITRARY COMMAND EXECUTION
BugTraq ID: 18327
Last Updated: 2006-06-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18327
Summary:
Awstats is prone to an arbitrary command-execution vulnerability.
This issue is due to a failure in the application to properly
sanitize user-supplied input. An attacker can exploit this
vulnerability to execute arbitrary shell commands in the context of
the webserver process. This may help attackers compromise the
underlying system; other attacks are also possible.
[ seulement dans des cas très particuliers ]
APACHE MOD_IMAP REFERER CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 15834
Last Updated: 2006-06-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15834
Summary:
Apache's mod_imap module is prone to a cross-site scripting
vulnerability. This issue is due to the module's failure to properly
sanitize user-supplied input. An attacker may leverage this issue to
have arbitrary script code executed in the browser of an
unsuspecting user in the context of the affected site. This may
facilitate the theft of cookie-based authentication credentials as
well as other attacks.
DHCDBD REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18459
Last Updated: 2006-06-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18459
Summary:
DHCDBD is prone to a remote denial-of-service vulnerability.
The issue presents itself when the application handles malformed
data and accesses out-of-bounds memory. DHCDBD 1.10 and 1.22 are
vulnerable to this issue; other versions may also be affected.
[ interface dbus à dhclient pour intégration desktop ]
DAVE CARRIGAN AUTH_LDAP REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 16177
Last Updated: 2006-06-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16177
Summary:
Dave Carrigan's auth_ldap is susceptible to a remote format-string
vulnerability. This issue is due to the application's failure to
properly sanitize user-supplied input before using it in the format-
specifier of a formatted printing function. This issue likely arises
only if auth_ldap has been enabled and is used for user
authentication. This issue allows remote attackers to execute
arbitrary machine code in the context of Apache webservers that use
the affected module. This may facilitate the compromise of affected
computers.
GNOME FOUNDATION GDM .ICEAUTHORITY IMPROPER FILE PERMISSIONS
BugTraq ID: 17635
Last Updated: 2006-06-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17635
Summary:
GDM is prone to an improper file-permissions vulnerability.
An attacker can exploit this issue to gain access to sensitive or
privileged information that may facilitate a complete compromise of
the vulnerable computer.
GNU TAR INVALID HEADERS BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 16764
Last Updated: 2006-06-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16764
Summary:
GNU Tar is prone to a buffer overflow when handling invalid headers.
Successful exploitation could potentially lead to arbitrary code
execution, but this has not been confirmed.
Tar versions 1.14 and above are vulnerable.
LINUX KERNEL XT_SCTP-NETFILTER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18550
Last Updated: 2006-06-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18550
Summary:
The Linux kernel SCTP netfilter module is susceptible to a remote
denial-of-service vulnerability. This issue allows remote attackers
to cause affected kernels to enter into an infinite-loop condition,
denying service to legitimate users. Kernel versions prior to
2.6.17.1 are vulnerable to this issue.
This issue is reportedly similar to the one documented in BID 17806
(Linux Kernel SCTP-netfilter Remote Denial of Service
Vulnerability).
[ SCTP n'est en général pas nécessaire (version orientée streaming de
TCP), ne pas hésiter à prendre quelques minutes pour configurer son
kernel de manière à enlever les modules non nécessaires, voire
désactiver tout chargement automatique et ne charger que ceux listés
dans /etc/modules, en particulier sur un serveur.
]
MOZILLA FIREFOX, SEAMONKEY, AND THUNDERBIRD MULTIPLE REMOTE
BugTraq ID: 18228
Last Updated: 2006-06-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18228
Summary:
The Mozilla Foundation has released thirteen security advisories
specifying security vulnerabilities in Mozilla Firefox, SeaMonkey,
and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- run JavaScript code with elevated privileges, potentially allowing
the remote execution of machine code - gain access to potentially
sensitive information.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as
further information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.4
- Mozilla Thunderbird version 1.5.0.4
- Mozilla SeaMonkey version 1.0.2
NETPBM PAMTOFITS REMOTE OFF-BY-ONE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18525
Last Updated: 2006-06-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18525
Summary:
Netpbm 'pnmtofits' is prone to an off-by-one buffer-overflow
vulnerability.
The issue presents itself when the application processes a malicious
file. A remote attacker may exploit this issue to trigger a denial-of-
service condition. The attacker might also be able to execute
arbitrary code, but this has not been confirmed.
Netpbm versions 10.30 to 10.33 are vulnerable to this issue.
OPENSSH DYNAMICFORWARD INADVERTENT GATEWAYPORTS ACTIVATION
VULNERABILITY
BugTraq ID: 14727
Last Updated: 2006-06-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14727
Summary:
OpenSSH is susceptible to a vulnerability that causes improper
activation of the 'GatewayPorts' option, allowing unintended hosts
to use the SSH SOCKS proxy. Specifically, if the 'DynamicForward'
option is activated, 'GatewayPorts' is also unconditionally enabled.
This vulnerability allows remote attackers to use the SOCKS proxy to
make arbitrary TCP connections through the configured SSH session,
allowing them to attack computers and services through a connection
that was wrongly thought to be secure. This issue affects OpenSSH
4.0, and 4.1.
[ par défaut, les ports TCP relayés le sont sur l'adresse locale, ce qui
signifie que seuls les utilisateurs locaux peuvent ouvrir réellement des
sessions; l'option DynamicForward (très récente) permet de faire des
redirections dynamique, mais force le bind(2)ing global, ce qui est
un problème de sécurité. Par défaut non activé / non disponible.
]
OPENSSH GSSAPI CREDENTIAL DISCLOSURE VULNERABILITY
BugTraq ID: 14729
Last Updated: 2006-06-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14729
Summary:
OpenSSH is susceptible to a GSSAPI credential-delegation
vulnerability.
Specifically, if a user has GSSAPI authentication configured, and
'GSSAPIDelegateCredentials' is enabled, their Kerberos credentials
will be forwarded to remote hosts. This occurs even when the user
employs authentication methods other than GSSAPI to connect, which
is not usually expected. This vulnerability allows remote attackers
to improperly gain access to GSSAPI credentials, allowing them to
use those credentials to access resources granted to the original
principal. This issue affects versions of OpenSSH prior to 4.2.
OPENSSH SCP SHELL COMMAND EXECUTION VULNERABILITY
BugTraq ID: 16369
Last Updated: 2006-06-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
OpenSSH is susceptible to an SCP shell command-execution
vulnerability. This issue is due to the application's failure to
properly sanitize user-supplied input before using it in a
'system()' function call.
This issue allows attackers to execute arbitrary shell commands with
the privileges of users executing a vulnerable version of SCP.
This issue reportedly affects version 4.2 of OpenSSH. Other versions
may also be affected.
OPENVPN CLIENT REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 17392
Last Updated: 2006-06-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17392
Summary:
OpenVPN is reported prone to a remote code-execution vulnerability.
This issue is due to a lack of proper sanitization of server-
supplied data.
A remote attacker may exploit this issue to execute arbitrary code
with elevated privileges on a vulnerable computer to gain
unauthorized access.
To be vulnerable to this issue, client OpenVPN computers must be
configured to use 'up' or 'down' scripts and must have either the
'pull' configuration directive or a 'client' macro set up.
OpenVPN versions 2.0.0 through 2.0.5 are affected by this issue.
POSTGRESQL MULTIBYTE CHARACTER ENCODING SQL INJECTION VULNERABILITIES
BugTraq ID: 18092
Last Updated: 2006-06-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18092
Summary:
PostgreSQL is prone to SQL-injection vulnerabilities. These issues
are due to a potential mismatch of multibyte character conversions
between PostgreSQL servers and client applications.
A successful exploit could allow an attacker to execute arbitrary
SQL statements on affected servers. This may allow the attacker to
compromise the targeted computer, access or modify data, or exploit
other latent vulnerabilities.
PostgreSQL versions prior to 7.3.15, 7.4.13, 8.0.8, and 8.1.4 are
vulnerable to these issues.
[ bug potentiel des clients, corrigé par un work-around dans PostgreSQL ]
SENDMAIL ASYNCHRONOUS SIGNAL HANDLING REMOTE CODE EXECUTION
VULNERABILITY
BugTraq ID: 17192
Last Updated: 2006-06-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17192
Summary:
Sendmail is prone to a remote code-execution vulnerability.
Remote attackers may leverage this issue to execute arbitrary code
with the privileges of the application, which typically runs as
superuser.
Sendmail versions prior to 8.13.6 are vulnerable to this issue.
SENDMAIL MALFORMED MIME MESSAGE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18433
Last Updated: 2006-06-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18433
Summary:
Sendmail is prone to a denial-of-service vulnerability. This issue
is due to a failure in the application to properly handle malformed
multi-part MIME messages.
An attacker can exploit this issue to crash the sendmail process
during delivery.
TWIKI HOMEPAGE CREATION PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 18506
Last Updated: 2006-06-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18506
Summary:
TWiki is prone to a vulnerability that could permit privilege
escalation. This issue is due to a design error in the application;
it fails to properly reset security settings. An attacker with a
valid account can exploit this vulnerability to elevate privileges
to that of an administrator of the application. This may permit the
attacker to alter site content; other attacks are also possible.
TODD MILLER SUDO LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 15191
Last Updated: 2006-06-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15191
Summary:
Sudo is prone to a local privilege-escalation vulnerability.
The vulnerability presents itself because the application fails to
properly sanitize malicious data supplied through environment
variables. A successful attack may result in a complete compromise.
TUX PAINT INSECURE TEMPORARY FILE CREATION VULNERABILITY
BugTraq ID: 16250
Last Updated: 2006-06-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16250
Summary:
Tux Paint creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of
service if critical files are overwritten in the attack. Other
attacks may be possible as well.
TYPESPEED REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18194
Last Updated: 2006-06-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18194
Summary:
Typespeed is susceptible to a remote buffer-overflow vulnerability.
This issue is due to a failure in the application to properly bounds-
check user-supplied input before copying it to an insufficiently
sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code
in the context of affected applications, aiding them in the
compromise of affected computers.
Typespeed versions 0.4.1 and 0.4.4 are vulnerable to this issue;
other versions may also be affected.
XSCREENSAVER LOCAL PASSWORD DISCLOSURE VULNERABILITY
BugTraq ID: 17471
Last Updated: 2006-06-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17471
Summary:
XScreenSaver is prone to a local password-disclosure vulnerability.
This issue is due to a flaw in the application that may result in
the screen-unlock password being passed onto other applications that
are already running on the computer.
This may disclose the password used to unlock the applications. The
login password is typically used to unlock XScreenSaver, so this
issue may reveal login passwords to attackers.
This issue is currently known to affect users who are running
RDesktop on the locked computer, due to the interaction between the
applications. This may result in the disclosure of the login
password across the network. Other unknown applications in
conjunction with XScreenSaver may result in a similar issue.
Version 4.14, and 4.16 are vulnerable to this issue; other versions
may also be affected.
More information about the gull-annonces
mailing list