[gull-annonces] Résumé SecurityFocus Newsletter #357
Marc SCHAEFER
schaefer at alphanet.ch
Thu Jul 6 11:57:21 CEST 2006
ASTERISK IAX2 REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18295
Last Updated: 2006-06-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18295
Summary:
Asterisk is prone to a remote buffer-overflow vulnerability. This
issue is due to the application's failure to properly bounds-check
user-supplied data before copying it to an insufficiently sized
memory buffer.
This vulnerability allows remote attackers to execute arbitrary
machine code in the context of the affected application. Failed
exploit attempts will likely crash the server, denying further
service to legitimate users.
ETHEREAL MULTIPLE PROTOCOL DISSECTOR VULNERABILITIES IN VERSIONS PRIOR
BugTraq ID: 17682
Last Updated: 2006-07-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17682
Summary:
Several vulnerabilities in Ethereal have been disclosed by the vendor. The
reported issues are in various protocol dissectors. These issues include:
- Buffer-overflow vulnerabilities
- Denial-of-service vulnerabilities
- Infinite loop denial-of-service vulnerabilities
- Unspecified denial-of-service vulnerabilities
- Off-by-one overflow vulnerabilities
These issues could allow remote attackers to execute arbitrary
machine code in the context of the vulnerable application. Attackers
could also crash the affected application.
Various vulnerabilities affect different versions of Ethereal, from
0.8.5 through to 0.10.14.
GNUPG PARSE_USER_ID REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18554
Last Updated: 2006-06-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18554
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it
to an insufficiently sized memory buffer.
This issue may allow remote attackers to execute arbitrary machine
code in the context of the affected application, but this has not
been confirmed.
GnuPG versions 1.4.3 and 1.9.20 are vulnerable to this issue;
previous versions may also be affected.
HOBBIT MONITOR LOGFETCH INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 18752
Last Updated: 2006-07-04
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18752
Summary:
Hobbit is prone to an information-disclosure vulnerability. This
issue is due to a failure in the application to properly verify
access to restricted information.
An attacker can exploit this issue to retrieve potentially sensitive
information that may aid in further attacks.
IAXCLIENT MULTIPLE TRUNCATED IAX FRAMES REMOTE BUFFER OVERFLOW
BugTraq ID: 18307
Last Updated: 2006-06-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18307
Summary:
The IAXClient library is prone to multiple remote buffer-
overflow vulnerabilities because it fails to properly bounds-
check user-supplied input before copying it to insufficiently
sized memory buffers.
These issues allow remote attackers to execute arbitrary machine
code in the context of applications that use the affected library to
process IAX network datagrams.
The following packages are known to use a vulnerable version of
the library:
- IDE FISK, versions 1.35 and prior
- IaxComm, versions prior to 1.2.0
- KIAX, versions 0.8.5 and prior
- LoudHush, versions 1.3.6 and prior
Other packages may also use the affected library.
IMGSVR DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18784
Last Updated: 2006-07-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18784
Summary:
ImgSvr is prone to a denial of service vulnerability. This issue is
due to a failure in the application to properly handle user-
supplied input.
An attacker can exploit this issue to crash an affected server,
effectively denying service.
[ serveur WWW pour images; en Ada: ça vaut la peine d'être noté ]
KDE ARTSWRAPPER LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 18429
Last Updated: 2006-06-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18429
Summary:
KDE's artswrapper utility is susceptible to a local privilege-
escalation vulnerability because it fails to properly implement
privilege-dropping functionality when used in conjunction with
Linux 2.6 kernels.
This issue allows local attackers to gain superuser privileges,
facilitating the complete compromise of affected computers.
KDE KDM SESSION TYPE SYMBOLIC LINK VULNERABILITY
BugTraq ID: 18431
Last Updated: 2006-07-03
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18431
Summary:
KDM is prone to a vulnerability that may permit symbolic-link
attacks when processing the user's session type.
An attacker with local access could potentially exploit this issue
to view files and obtain privileged information.
A successful attack would most likely result in the loss of
confidentiality and the theft of privileged information.
KPDF AND KWORD MULTIPLE UNSPECIFIED BUFFER AND INTEGER OVERFLOW
BugTraq ID: 16143
Last Updated: 2006-07-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16143
Summary:
KPDF and KWord are prone to multiple buffer and integer overflows.
Successful exploitation could result in arbitrary code execution in
the context of the user running the vulnerable application.
Specific details of these issues are not currently available. This
record will be updated when more information becomes available.
The following are vulnerable:
- kdegraphics package
- KPDF versions 3.4.3 and earlier
- KOffice
- KWord versions 1.4.2 and earlier
LIBWMF WMF FILE HANDLING INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 18751
Last Updated: 2006-06-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18751
Summary:
Applications using the libwmf library are prone to an integer-
overflow vulnerability.
An attacker could exploit this vulnerability to execute arbitrary
code in the context of the vulnerable application that uses the
affected library. Failed exploit attempts will likely cause denial-of-
service conditions.
LINCOLN D. STEIN CRYPT::CBC PERL MODULE WEAK CIPHERTEXT VULNERABILITY
BugTraq ID: 16802
Last Updated: 2006-06-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16802
Summary:
Crypt::CBC is susceptible to a weak-ciphertext vulnerability. This
issue is due to a flaw in its creation of IVs (Initialization
Vectors) for ciphers with a blocksize larger than 8.
This issue results in the creation of ciphertext that contains bytes
encrypted with a constant null IV. This ciphertext is prone to
differential cryptanalysis, aiding attackers in compromising the
plaintext of encrypted data.
The level of difficulty attackers may face trying to exploit this
flaw is currently unknown, but data encrypted with vulnerable
versions of Crypt::CBC should be considered insecure.
Crypt::CBC versions prior to 2.17 are vulnerable to this issue if
they use the 'RandomIV' header style.
LINUX KERNEL NETFILTER CONNTRACK_PROTO_SCTP.C DENIAL OF SERVICE
BugTraq ID: 18755
Last Updated: 2006-07-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18755
Summary:
The Linux kernel 'netfilter' module is prone to a denial-of-service
vulnerability.
Successful exploits of this vulnerability will cause the kernel to
crash, effectively denying service to legitimate users.
[ peu probable que vous ayez besoin de SCTP. Ne le configurez pas
lors de la compilation du kernel. Moins vous avez de choses activées,
moins vous serez vulnérable
]
MOZILLA FIREFOX IFRAME.CONTENTWINDOW.FOCUS DELETED OBJECT REFERENCE
BugTraq ID: 17671
Last Updated: 2006-07-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17671
Summary:
Mozilla Firefox is prone to a vulnerability when rendering malformed
JavaScript content. An attacker could exploit this issue to cause
the browser to fail or potentially execute arbitrary code.
Firefox versions 1.5 through to 1.5.0.2 running on Windows and Linux
platforms are affected.
MOZILLA SUITE, FIREFOX, SEAMONKEY, AND THUNDERBIRD MULTIPLE REMOTE
BugTraq ID: 17516
Last Updated: 2006-07-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17516
Summary:
The Mozilla Foundation has released nine security advisories
specifying security vulnerabilities in Mozilla Suite, Firefox,
SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- gain elevated privileges in JavaScript code, potentially allowing
remote machine code execution
- gain access to potentially sensitive information
- bypass security checks
- spoof window contents.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as
the information embargo on the Mozilla Bugzilla entries is lifted
and as further information becomes available. This BID will then
be retired.
These issues are fixed in:
- Mozilla Firefox versions 1.0.8 and 1.5.0.2
- Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
- Mozilla Suite version 1.7.13
- Mozilla SeaMonkey version 1.0.1
MOZILLA THUNDERBIRD MULTIPLE REMOTE INFORMATION DISCLOSURE
BugTraq ID: 16881
Last Updated: 2006-07-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16881
Summary:
Mozilla Thunderbird is susceptible to multiple remote information-
disclosure vulnerabilities. These issues are due to the
application's failure to properly enforce the restriction for
downloading remote content in email messages.
These issues allow remote attackers to gain access to potentially
sensitive information, aiding them in further attacks. Attackers
may also exploit these issues to know whether and when users read
email messages.
Mozilla Thunderbird version 1.5 is vulnerable to these issues; other
versions may also be affected.
MULTIPLE MOZILLA PRODUCTS IFRAME JAVASCRIPT EXECUTION VULNERABILITY
BugTraq ID: 16770
Last Updated: 2006-07-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16770
Summary:
Multiple Mozilla products are prone to a script-execution
vulnerability.
The vulnerability presents itself when an attacker supplies a
specially crafted email to a user containing malicious script code
in an IFRAME and the user tries to reply to the mail. Arbitrary
JavaScript can be executed even if the user has disabled JavaScript
execution in the client.
The following mozilla products are vulnerable to this issue:
- Mozilla Thunderbird, versions prior to 1.5.0.2, and prior to 1.0.8
- Mozilla SeaMonkey, versions prior to 1.0.1
- Mozilla Suite, versions prior to 1.7.13
MULTIPLE MOZILLA PRODUCTS MEMORY CORRUPTION/CODE INJECTION/ACCESS
BugTraq ID: 16476
Last Updated: 2006-07-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16476
Summary:
Multiple Mozilla products are prone to multiple vulnerabilities.
These issues include various memory-corruption, code-injection, and
access-restriction-bypass vulnerabilities. Other undisclosed issues
may have also been addressed in the various updated vendor
applications.
Successful exploitation of these issues may permit an attacker to
execute arbitrary code in the context of the affected application.
This may facilitate a compromise of the affected computer; other
attacks are also possible.
MUTT BROWSE_GET_NAMESPACE IMAP NAMESPACE PROCESSING REMOTE BUFFER
BugTraq ID: 18642
Last Updated: 2006-07-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18642
Summary:
Mutt is prone to a remote buffer-overflow vulnerability. This
issue is due to the application's failure to properly bounds-check
user-supplied input before copying it to an insufficiently sized
memory buffer.
This issue may allow remote attackers to execute arbitrary machine
code in the context of the affected application. Failed exploit
attempts will likely crash the application, denying further service
to legitimate users.
Mutt version 1.4.2.1 is reported to be vulnerable. Other versions
may be affected as well.
NOWEB INSECURE TEMPORARY FILE CREATION VULNERABILITY
BugTraq ID: 16610
Last Updated: 2006-07-04
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16610
Summary:
Noweb creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of
service if critical files are overwritten in the attack. Other
attacks may be possible as well.
[ litterate programming (autodoc) ]
OPENOFFICE ARBITRARY MACRO EXECUTION VULNERABILITY
BugTraq ID: 18738
Last Updated: 2006-07-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18738
Summary:
OpenOffice is prone to a vulnerability that allows attackers to gain
unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows malicious
macros to gain read/write privileges to local files on a
vulnerable computer.
OPENOFFICE JAVA APPLET SYSTEM ACCESS VULNERABILITY
BugTraq ID: 18737
Last Updated: 2006-07-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18737
Summary:
OpenOffice is prone to a vulnerability that allows attackers to gain
unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows malicious
Java applets to gain read/write privileges to local files on a
vulnerable computer.
[ je l'ai laissé, même si Java n'est pas entièrement libre ]
OPENOFFICE XML FILE FORMAT BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18739
Last Updated: 2006-07-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18739
Summary:
OpenOffice is prone to a vulnerability that allows attackers to gain
unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows malicious XML
documents to cause a buffer overflow leading to read/write
privileges to local files on a vulnerable computer.
RETIRED: MOZILLA FIREFOX OUTERHTML REDIRECTION HANDLING INFORMATION
BugTraq ID: 18734
Last Updated: 2006-06-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18734
Summary:
Mozilla Firefox is prone to an information-disclosure vulnerability
because it fails to properly enforce cross-domain policies.
This issue may allow attackers to access arbitrary websites in the
context of a targeted user's browser session. This may allow
attackers to perform actions in web applications with the privileges
of exploited users or to gain access to potentially sensitive
information. This may aid attackers in further attacks.
Further reports indicate that this issue does not affect Firefox as
reported. Therefore this BID is being retired.
SENDMAIL MALFORMED MIME MESSAGE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18433
Last Updated: 2006-07-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18433
Summary:
Sendmail is prone to a denial-of-service vulnerability. This issue
is due to a failure in the application to properly handle malformed
multi-part MIME messages.
An attacker can exploit this issue to crash the sendmail process
during delivery.
UNIVERSITY OF WASHINGTON IMAP MAILBOX NAME BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 15009
Last Updated: 2006-07-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15009
Summary:
University of Washington IMAP is prone to a buffer-overflow
vulnerability. This issue is exposed when the application parses
mailbox names.
If successful, an attacker may execute arbitrary code in the context
of the server process. Note that to exploit this issue, the attacker
must first authenticate to the service.
WEBMIN/USERMIN UNSPECIFED INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 18744
Last Updated: 2006-06-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18744
Summary:
Webmin and Usermin are prone to an unspecified information-
disclosure vulnerability. This issue is due to a failure in the
applications to properly sanitize user-supplied input.
An attacker can exploit this issue to retrieve potentially sensitive
information.
This issue affects Webmin versions prior to 1.290 and Usermin
versions prior to 1.220.
XPDF DCTSTREAM BASELINE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15727
Last Updated: 2006-07-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15727
Summary:
The 'xpdf' viewer is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. This can result in
the attacker gaining unauthorized access to the vulnerable computer.
This issue is reported to present itself in the
'CTStream::readBaselineSOF' function residing in the
'xpdf/Stream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely prone to this vulnerability as well. Applications using
embedded xpdf code may also be vulnerable.
The 'pdftohtml' utility also includes vulnerable versions of xpdf.
Version .36 of pdftohtml was reported prone to this issue, however,
earlier versions may also be affected.
The 'kpdf' viewer reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XPDF DCTSTREAM PROGRESSIVE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15726
Last Updated: 2006-07-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15726
Summary:
The 'xpdf' utility is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
Reportedly, this issue presents itself in the
'DCTStream::readProgressiveSOF' function residing in the
'xpdf/Stream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely vulnerable as well. Applications using embedded xpdf code may
also be vulnerable.
The 'pdftohtml' utility also includes vulnerable versions of xpdf.
Version .36 of pdftohtml was reported prone to this issue, but
earlier versions may also be affected.
Th 'kpdf' utility reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XPDF JPX STREAM READER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15721
Last Updated: 2006-07-03
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15721
Summary:
The 'xpdf' utility is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
Reportedly, this issue presents itself in the
'JPXStream::readCodestream' function residing in the
'xpdf/JPXStream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely prone to this vulnerability as well. Applications using
embedded xpdf code may also be vulnerable.
The 'kpdf' utility reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XPDF STREAMPREDICTOR REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15725
Last Updated: 2006-07-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15725
Summary:
The 'xpdf' viewer is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
This issue is reported to present itself in the
'StreamPredictor::StreamPredictor' function residing in the
'xpdf/Stream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely prone to this vulnerability as well. Applications using
embedded xpdf code may also be vulnerable.
The 'pdftohtml' utility also includes vulnerable versions of xpdf.
Version .36 of pdftohtml was reported prone to this issue, but
earlier versions may also be affected.
The 'kpdf ' viewer reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
WV2 REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18437
Last Updated: 2006-06-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18437
Summary:
The wv2 library is prone to a remote buffer-overflow vulnerability.
This issue is due to the library's failure to properly bounds-check
user-supplied input before copying it to an insufficiently sized
memory buffer.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications that use the affected library to
parse malicious Microsoft Word files.
Version 0.2.2 of the wv2 library is vulnerable to this issue; other
versions may also be affected.
More information about the gull-annonces
mailing list