[gull-annonces] Résumé SecurityFocus Newsletter #356
Marc SCHAEFER
schaefer at alphanet.ch
Mon Jul 3 11:16:33 CEST 2006
CLAM ANTIVIRUS FRESHCLAM REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17754
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17754
Summary:
ClamAV's freshclam utility is susceptible to a remote buffer-
overflow vulnerability. The utility fails to perform sufficient
boundary checks in server-supplied HTTP data before copying it to an
insufficiently sized memory buffer.
To exploit this issue, attackers must subvert webservers in the
ClamAV database server pool. Or, they would perform DNS-based
attacks or man-in-the-middle attacks to cause affected freshclam
applications to connect to attacker-controlled webservers.
This issue allows remote attackers to execute arbitrary machine code
in the context of the freshclam utility. The affected utility may
run with superuser privileges, aiding remote attackers in the
complete compromise of affected computers.
ClamAV versions 0.88 and 0.88.1 are affected by this issue.
DIA XFIG FILE IMPORT MULTIPLE REMOTE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 17310
Last Updated: 2006-06-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17310
Summary:
Dia is affected by multiple remote buffer-overflow vulnerabilities.
These issues are due to the application's failure to properly bounds-
check user-supplied input before copying it into insufficiently
sized memory buffers.
These issues allow remote attackers to execute arbitrary machine
code in the context of the user running the affected application to
open attacker-supplied malicious XFig files.
DIG CONFIG PARAMETER CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 12442
Last Updated: 2006-06-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12442
Summary:
ht://Dig is reported prone to a cross-site scripting vulnerability.
This issue is due to the application's failure to properly sanitize
user-supplied URI data before including it in dynamically generated
web-page content.
All versions of ht://Dig are considered vulnerable at the moment.
FREETYPE LWFN FILES BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18034
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18034
Summary:
FreeType is prone to a buffer-overflow vulnerability. This issue is
due to an integer-overflow that results in a buffer being overrun
with attacker-supplied data.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications that use the affected library. Failed
exploit attempts will likely crash applications, denying service to
legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
FREETYPE TTF FILE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18326
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18326
Summary:
FreeType is prone to a buffer-overflow vulnerability. This issue is
due to an integer-underflow that results in a buffer being overrun
with attacker-supplied data.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications that use the affected library. Failed
exploit attempts will likely crash applications, denying service to
legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
FREETYPE TTF FILE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18329
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18329
Summary:
FreeType is prone to a denial-of-service vulnerability. This issue
is due to a flaw in the library that causes a NULL-pointer
dereference.
This issue allows remote attackers to crash applications that use
the affected library, denying service to legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
GNUPG PARSE_USER_ID REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18554
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18554
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it
to an insufficiently sized memory buffer.
This issue may allow remote attackers to execute arbitrary machine
code in the context of the affected application, but this has not
been confirmed.
GnuPG versions 1.4.3 and 1.9.20 are vulnerable to this issue;
previous versions may also be affected.
HASHCASH REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18659
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18659
Summary:
A buffer-overflow vulnerability exists in the generic C
implementation of Hashcash. This issue is due to the software's
failure to properly bounds-check user-supplied input before copying
it to an insufficiently sized memory buffer.
This issue may allow attackers to execute arbitrary machine code in
the context of the affected application. This may facilitate the
remote compromise of affected computers.
Hashcash versions prior to 1.21 are vulnerable to this issue.
[ anti-spam / DoS system ]
KAFFEINE REMOTE HTTP_PEEK BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17372
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17372
Summary:
Kaffiene is reportedly affected by a remote buffer-overflow
vulnerability because the application fails to perform sufficient
boundary checks on user-supplied strings before copying them into
finite stack-based buffers.
An attacker can leverage this issue remotely to execute arbitrary
code on an affected computer with the privileges of an unsuspecting
user that executed the vulnerable software.
LINUX KERNEL ATM MODULE INCONSISTENT REFERENCE COUNTS DENIAL OF
SERVICE
BugTraq ID: 17078
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17078
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability.
This vulnerability affects the ATM module and allows local users to
panic the kernel by creating inconsistent reference counts, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.14.
LINUX KERNEL CIFS CHROOT SECURITY RESTRICTION BYPASS VULNERABILITY
BugTraq ID: 17742
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17742
Summary:
The Linux Kernel is prone to a vulnerability that allows attackers
to bypass a security restriction. This issue is due to a failure in
the kernel to properly sanitize user-supplied data.
The problem affects chroot inside of an SMB-mounted filesystem
('cifs'). A local attacker who is bounded by the chroot can exploit
this issue to bypass the chroot restriction and gain unauthorized
access to the filesystem.
LINUX KERNEL ELF FILE ENTRY POINT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16925
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16925
Summary:
Linux kernel is prone to a denial-of-service vulnerability when
processing a malformed ELF file. This issue occurs only on Intel
EM64T processors.
Linux kernel versions prior to 2.6.15.5 are affected by this issue.
LINUX KERNEL IP ID INFORMATION DISCLOSURE WEAKNESS
BugTraq ID: 17109
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17109
Summary:
The Linux kernel is susceptible to a remote information-disclosure
weakness. This issue is due to an implementation flaw of a zero
'ip_id' information-disclosure countermeasure.
This issue allows remote attackers to use affected computers in
stealth network port and trust scans.
The Linux kernel 2.6 series, as well as some kernels in the 2.4
series, are affected by this weakness.
LINUX KERNEL IP_ROUTE_INPUT LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17593
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17593
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the
'ip_route_input()' function.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.8.
LINUX KERNEL INTEL EM64T SYSRET LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17541
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17541
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue arises in Intel EM64T CPUs when returning
program control using SYSRET.
This vulnerability allows local users to crash the kernel, denying
further service to legitimate users.
LINUX KERNEL MULTIPLE SCTP REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 17910
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17910
Summary:
The Linux kernel SCTP module is susceptible to remote denial-of-
service vulnerabilities. These issues are triggered when the kernel
handles unexpected SCTP packets.
These issues allow remote attackers to trigger kernel panics,
denying further service to legitimate users.
Note that a valid SCTP endpoint must be listening.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior
versions may also be affected.
LINUX KERNEL MULTIPLE SCTP REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 17955
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17955
Summary:
The Linux kernel SCTP module is susceptible to remote denial-of-
service vulnerabilities. These issues are triggered when the kernel
handles unexpected SCTP packets.
These issues allow remote attackers to trigger kernel deadlock and
infinite recursion, denying further service to legitimate users.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior
versions may also be affected.
LINUX KERNEL NFS CLIENT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16922
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16922
Summary:
Linux kernel NFS client is prone to a denial-of-service
vulnerability. An unprivileged local user can panic the NFS client
and cause it to fail.
This issue was addressed in Linux kernel 2.6.15.5; earlier versions
are vulnerable.
LINUX KERNEL NETFILTER DO_ADD_COUNTERS LOCAL RACE CONDITION
VULNERABILITY
BugTraq ID: 18113
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18113
Summary:
The Linux kernel is susceptible to a local race-condition
vulnerability.
This issue allows local attackers to gain access to potentially
sensitive kernel memory, aiding them in further attacks. Failed
exploit attempts may crash the kernel, denying service to
legitimate users.
This issue is exploitable only by local users who have superuser
privileges or have the CAP_NET_ADMIN capability. This issue is
therefore a security concern only if computers run virtualization
software that allows users to have superuser access to guest
operating systems or if the CAP_NET_ADMIN capability is given to
untrusted users.
Linux kernel versions prior to 2.6.16.17 in the 2.6 series are
affected by this issue.
LINUX KERNEL NETFILTER DO_REPLACE LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17178
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17178
Summary:
The Linux kernel is susceptible to a local buffer-overflow
vulnerability. This issue is due to the kernel's failure to properly
bounds-check user-supplied input before using it in a memory copy
operation.
This issue allows local attackers to overwrite kernel memory with
arbitrary data, potentially allowing them to execute malicious
machine code in the context of affected kernels. This vulnerability
facilitates the complete compromise of affected computers.
This issue is exploitable only by local users who have superuser
privileges or have the CAP_NET_ADMIN capability. This issue is
therefore a security concern only if computers run virtualization
software that allows users to have superuser access to guest
operating systems or if the CAP_NET_ADMIN capability is given to
untrusted users.
Linux kernel versions prior to 2.6.16 in the 2.6 series are affected
by this issue.
LINUX KERNEL POSIX-CPU-TIMERS.C LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18615
Last Updated: 2006-06-23
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18615
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a race condition arising in 'posix-cpu-
timers.c'.
This vulnerability allows local users to crash the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.21.
LINUX KERNEL PERFMON.C LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17482
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17482
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue arises in 'perfmon.c' on ia64 platforms.
This vulnerability allows local users to crash the kernel, denying
further service to legitimate users.
LINUX KERNEL RCU SIGNAL HANDLING __GROUP_COMPLETE_SIGNAL FUNCTION
BugTraq ID: 17640
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17640
Summary:
Linux Kernel is prone to a local unspecified vulnerability.
This issue exists in the '__group_complete_signal' function of the
RCU signal-handling facility.
Due to a lack of details, further information cannot be provided at
the moment. This BID will be updated when more details are
available.
LINUX KERNEL RNDIS_QUERY_RESPONSE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17831
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17831
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability.
This issue is due to the kernel's failure to properly bounds-check
user-supplied data before copying it to an insufficiently sized
memory buffer.
This issue allows remote attackers to crash affected computers.
Presumably, attackers could execute arbitrary machine code in the
context of affected kernels, but this has not been confirmed.
Linux kernel versions in the 2.6 series prior to 2.6.16 are
vulnerable to this issue.
LINUX KERNEL SCTP MULTIPLE REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 18085
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18085
Summary:
The Linux kernel SCTP module is susceptible to remote denial-of-
service vulnerabilities. These issues are triggered when the kernel
handles unexpected SCTP packets.
These issues allow remote attackers to trigger kernel panics,
denying further service to legitimate users.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior
versions may also be affected.
LINUX KERNEL SMBFS CHROOT SECURITY RESTRICTION BYPASS VULNERABILITY
BugTraq ID: 17735
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17735
Summary:
The Linux Kernel is prone to a vulnerability that allows attackers
to bypass a security restriction. This issue is due to a failure in
the kernel to properly sanitize user-supplied data.
The problem affects chroot inside of an SMB-mounted filesystem
('smbfs'). A local attacker who is bounded by the chroot can exploit
this issue to bypass the chroot restriction and gain unauthorized
access to the filesystem.
LINUX KERNEL SHARED MEMORY SECURITY RESTRICTION BYPASS VULNERABILITIES
BugTraq ID: 17587
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17587
Summary:
The Linux kernel is prone to vulnerabilities regarding access to
shared memory.
A local attacker could potentially gain read and write access to
shared memory and write access to read-only tmpfs filesystems,
bypassing security restrictions.
An attacker can exploit these issues to possibly corrupt
applications and their data when the applications use temporary
files or shared memory.
LINUX KERNEL SIGNAL_32.C LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18616
Last Updated: 2006-06-23
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18616
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in 'signal_32.c'.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.21.
LINUX KERNEL XFS FILE SYSTEM LOCAL INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 16921
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16921
Summary:
The Linux kernel's XFS filesystem is susceptible to a local information-
disclosure vulnerablity. This issue is due to a flaw in the
filesystem that may result in previously written data being returned
to local users.
This issue allows local malicious users to gain access to
potentially sensitive data, aiding them in further attacks.
Linux kernel versions prior to 2.6.15.5 are affected by this issue.
LINUX KERNEL DIE_IF_KERNEL LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16993
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16993
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the
'die_if_kernel()' function.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.15.6 running
on Itanium systems.
LINUX KERNEL SYS_MBIND SYSTEM CALL LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 16924
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16924
Summary:
The Linux kernel 'sys_mbind' system call is prone to a local denial-of-
service vulnerability. This issue is due to a lack of proper input
sanitization in the system call's arguments.
This issue allows local users to panic the kernel, denying further
service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.15.5.
MULTIPLE VENDOR AMD CPU LOCAL FPU INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 17600
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17600
Summary:
Multiple vendors' operating systems are prone to a local information-
disclosure vulnerability. This issue is due to a flaw in the
operating systems that fail to properly use AMD CPUs.
Local attackers may exploit this vulnerability to gain access to
potentially sensitive information regarding other processes
executing on affected computers. This may aid attackers in
retrieving information regarding cryptographic keys or other
sensitive information.
This issue affects Linux and FreeBSD operating systems that use
generations 7 and 8 AMD CPUs.
MUTT BROWSE_GET_NAMESPACE IMAP NAMESPACE PROCESSING REMOTE BUFFER
BugTraq ID: 18642
Last Updated: 2006-06-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18642
Summary:
Mutt is prone to a remote buffer-overflow vulnerability. This
issue is due to the application's failure to properly bounds-check
user-supplied input before copying it to an insufficiently sized
memory buffer.
This issue may allow remote attackers to execute arbitrary machine
code in the context of the affected application. Failed exploit
attempts will likely crash the application, denying further service
to legitimate users.
Mutt version 1.4.2.1 is reported to be vulnerable. Other versions
may be affected as well.
MYSQL SERVER STR_TO_DATE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18439
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18439
Summary:
MySQL is susceptible to a remote denial-of-service vulnerability.
This issue is due to the database server's failure to properly
handle unexpected input.
This issue allows remote attackers to crash affected database
servers, denying service to legitimate users. Attackers must be able
to execute arbitrary SQL statements on affected servers, which
requires valid credentials to connect to affected servers.
Attackers may exploit this issue in conjunction with latent SQL-
injection vulnerabilities in other applications.
Versions of MySQL prior to 4.1.18, 5.0.19, and 5.1.6 are vulnerable
to this issue.
REALVNC REMOTE AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 17978
Last Updated: 2006-06-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17978
Summary:
RealVNC is susceptible to an authentication-bypass vulnerability.
This issue is due to a flaw in the authentication process of the
affected package.
Exploiting this issue allows attackers to gain unauthenticated,
remote access to the VNC servers.
RealVNC version 4.1.1 is vulnerable to this issue; other versions
may also be affected.
May 25, 2006 - Reports indicate that this issue is being actively
exploited in the wild.
[ le mieux est de toujours s'assurer que l'accès à VNC est sécurisé,
par un firewall voire un tunnel SSH ou VPN, plutôt que de compter
seulement sur la sécurité du logiciel.
]
UBUNTU LINUX LOCAL INSTALLATION PASSWORD DISCLOSURE VULNERABILITY
BugTraq ID: 17086
Last Updated: 2006-06-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17086
Summary:
Ubuntu Linux is susceptible to a local password-disclosure
vulnerability. This issue is due to the installation system
improperly storing cleartext passwords in world-readable files.
This issue allows local attackers to gain access to the user account
that was created during the initial installation of Ubuntu. Since
this user is granted 'sudo' access to the superuser account, this
potentially allows local attackers to completely compromise affected
computers.
CURL / LIBCURL TFTP URL PARSER BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17154
Last Updated: 2006-06-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17154
Summary:
cURL and libcURL are prone to a buffer-overflow vulnerability.
This issue is due to a failure in the library to perform proper
bounds checks on user-supplied data before using it in a finite-
sized buffer.
The issue occurs when the URL parser handles an excessively long URL
string with a TFTP protocol prefix 'tftp://'.
An attacker can exploit this issue to crash the affected
library, effectively denying service. Arbitrary code execution
may also be possible, which may facilitate a compromise of the
underlying system.
More information about the gull-annonces
mailing list