[gull-annonces] Résumé SecurityFocus Newsletter #359/#360
Marc SCHAEFER
schaefer at alphanet.ch
Sun Jul 23 16:36:11 CEST 2006
APACHE HTTP REQUEST SMUGGLING VULNERABILITY
BugTraq ID: 14106
Last Updated: 2006-07-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14106
Summary:
Apache is prone to an HTTP-request-smuggling attack.
A specially crafted request with a 'Transfer-Encoding: chunked'
header and a 'Content-Length' header can cause the server to
forward a reassembled request with the original 'Content-Length'
header. As a result, the malicious request may piggyback on the
valid HTTP request.
This attack may result in cache poisoning, cross-site scripting,
session hijacking, and other attacks.
This issue was originally described in BID 13873 (Multiple Vendor
Multiple HTTP Request Smuggling Vulnerabilities). Due to the
availability of more details and vendor confirmation, the issue is
now a new BID.
APACHE MOD_SSL SSLVERIFYCLIENT RESTRICTION BYPASS VULNERABILITY
BugTraq ID: 14721
Last Updated: 2006-07-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14721
Summary:
Apache 2.x mod_ssl is prone to a restriction-bypass vulnerability.
This issue presents itself when mod_ssl is configured to be used
with the 'SSLVerifyClient' directive.
This issue allows attackers to bypass security policies to gain
access to locations that are configured to be forbidden for clients
without a valid client certificate.
APACHE MOD_AUTH_PGSQL MULTIPLE FORMAT STRING VULNERABILITIES
BugTraq ID: 16153
Last Updated: 2006-07-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16153
Summary:
The mod_auth_pgsql module is prone to multiple format-string
vulnerabilities. These issues are due to the application's failure
to properly sanitize user-supplied input before including it in the
format-specification argument of formatted printing functions.
These issues could allow remote attackers to execute arbitrary code
in the context of the webserver user and gain unauthorized access.
ASTERISK IAX2 REQUEST FLOOD REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19009
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19009
Summary:
Asterisk is prone to a remote denial-of-service vulnerability
because it fails to efficiently handle numerous remote requests.
This issue allows remote attackers to consume excessive CPU
resources, denying service to legitimate users. The software will
become unresponsive to further calls.
Asterisk versions prior to 1.2.10 are vulnerable to this issue.
DUMB IMPULSE TRACKER FILES REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19025
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19025
Summary:
A buffer-overflow vulnerability occurs in the DUMB application.
This issue is due to the software's failure to properly bounds-
check user-supplied input before copying it to an insufficiently
sized memory buffer.
This issue may allow attackers to execute arbitrary machine code in
the context of the affected application, which may facilitate the
remote compromise of affected computers.
DEBIAN GNU/LINUX RSSH SECURITY BYPASS VULNERABILITY
BugTraq ID: 18999
Last Updated: 2006-07-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18999
Summary:
A programming error in the 'util.c' file of the rssh package in
Debian GNU/Linux allows rdist and rsync to bypass security.
This vulnerability may facilitate privilege escalation, because the
error allows rssh's check for CVS to always succeed. An attacker
could use this vulnerability to their advantage and bypass existing
security limitations and access controls.
[ version restreinte de SSH n'autorisant normalement pas de login
interactif
]
FLEXWATCH NETWORK CAMERA CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 18936
Last Updated: 2006-07-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18936
Summary:
FlexWATCH Network Camera is prone to a cross-site scripting
vulnerability. This issue is due to a failure in the application to
properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code
execute in the browser of an unsuspecting user in the context of the
affected site. This may help the attacker steal cookie-based
authentication credentials and launch other attacks.
Versions 3.0 and prior are affected.
[ firmware ]
FREETYPE LWFN FILES BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18034
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18034
Summary:
FreeType is prone to a buffer-overflow vulnerability. This issue is
due to an integer-overflow that results in a buffer being overrun
with attacker-supplied data.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications that use the affected library. Failed
exploit attempts will likely crash applications, denying service to
legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
FREETYPE TTF FILE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18326
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18326
Summary:
FreeType is prone to a buffer-overflow vulnerability. This issue is
due to an integer-underflow that results in a buffer being overrun
with attacker-supplied data.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications that use the affected library. Failed
exploit attempts will likely crash applications, denying service to
legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
FREETYPE TTF FILE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18329
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18329
Summary:
FreeType is prone to a denial-of-service vulnerability. This issue
is due to a flaw in the library that causes a NULL-pointer
dereference.
This issue allows remote attackers to crash applications that use
the affected library, denying service to legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
GNU WGET MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 11871
Last Updated: 2006-07-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11871
Summary:
Multiple remote vulnerabilities reportedly affect GNU wget.
These issues are due to the application's failure to properly
sanitize user-supplied input and to properly validate the presence
of files before writing to them. The issues include:
- a potential directory-traversal issue
- an arbitrary file-overwriting vulnerability
- a weakness caused by the application's failure to filter
potentially malicious characters from server-supplied input.
Via a malicious server, an attacker may exploit these issues to
arbitrarily overwrite files within the current directory and
potentially outside of it. This may let the attacker corrupt files,
cause a denial of service, and possibly launch further attacks
against the affected computer. Overwriting of files would take place
with the privileges of the user that activates the vulnerable
application.
GNUTLS LIBTASN1 DER DECODING DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 16568
Last Updated: 2006-07-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16568
Summary:
Libtasn1 is prone to multiple denial-of-service vulnerabilities. A
remote attacker can send specifically crafted data to trigger these
flaws, leading to denial-of-service condition.
These issues have been addressed in Libtasn1 versions 0.2.18;
earlier versions are vulnerable.
GIMP XCF_LOAD_VECTOR FUNCTION BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18877
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18877
Summary:
Gimp is prone to a buffer-overflow vulnerability. This issue is
due to the software's failure to properly bounds-check user-
supplied input data before copying it to an insufficiently sized
memory buffer.
An attacker may cause malicious code to execute by forcing the
application to read raw data from a malicious image file, with the
privileges of the user running the GIMP application.
GNUPG PARSE_USER_ID REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18554
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18554
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it
to an insufficiently sized memory buffer.
This issue may allow remote attackers to execute arbitrary machine
code in the context of the affected application, but this has not
been confirmed.
GnuPG versions 1.4.3 and 1.9.20 are vulnerable to this issue;
previous versions may also be affected.
IBM NETWORK APPLIANCE DATA ONTAP SECURITY RESTRICTION BYPASS
VULNERABILITY
BugTraq ID: 18951
Last Updated: 2006-07-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18951
Summary:
The IBM Data ONTAP operating system is prone to a security-bypass
vulnerability that may permit information disclosure.
Little is known with regards to this vulnerability; this BID will be
updated when information becomes available.
It is conjectured that attackers may be able to execute SNMP-related
commands, allowing them to gain access to potentially sensitive
information.
Versions of IBM Data ONTAP in the 7.1 and 7.1.0.1 series, prior to
version 7.1.1 are vulnerable to this issue.
[ firmware (?) ]
INFO-ZIP UNZIP FILE NAME BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15968
Last Updated: 2006-07-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15968
Summary:
Info-ZIP 'unzip' is susceptible to a filename buffer-overflow
vulnerability. The application fails to properly bounds-check user-
supplied data before copying it into an insufficiently sized
memory buffer.
This issue allows attackers to execute arbitrary machine code in the
context of users running the affected application.
JUNIPER NETWORKS DX WEB LOGIN HTML INJECTION VULNERABILITY
BugTraq ID: 18926
Last Updated: 2006-07-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18926
Summary:
Juniper Networks DX is prone to an HTML-injection vulnerability.
This vulnerability exists because the application fails to properly
sanitize user-supplied input before using it in dynamically
generated content.
Attacker-supplied HTML and script code would be executed in the
context of the affected website, potentially allowing for theft of
cookie-based authentication credentials. An attacker could also
exploit this issue to control how the site is rendered to the user;
other attacks are also possible.
Version 5.1 is vulnerable; other versions may also be affected.
[ firmware ]
JUNIPER NETWORKS JUNOS IPV6 PACKET PROCESSING REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 18930
Last Updated: 2006-07-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18930
Summary:
JUNOS is prone to a remote denial-of-service vulnerability.This
issue arises when the application consistently handles specially
crafted IPv6 packets.
All versions of JUNOS Internet Software built prior to May 10, 2006
running on M-series, T-series, and J-series routers are vulnerable.
[ firmware ]
KDE KONQUEROR REPLACECHILD DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18978
Last Updated: 2006-07-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18978
Summary:
KDE Konqueror is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to
visit a malicious website.
Remote attackers may exploit this issue to crash Konqueror,
effectively denying service to legitimate users.
LIBPNG GRAPHICS LIBRARY CHUNK ERROR PROCESSING BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 18698
Last Updated: 2006-07-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18698
Summary:
LibPNG is reported prone to a buffer-overflow vulnerability. The
library fails to perform proper bounds-checking of user-supplied
input before copying it to an insufficiently sized memory buffer.
This vulnerability may be exploited to execute attacker-supplied
code in the context of an application that relies on the
affected library.
LIBTIFF TIFF2PDF REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18331
Last Updated: 2006-07-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18331
Summary:
The tiff2pdf utility is prone to a buffer-overflow vulnerability.
This issue is due to a failure in the application to do proper
boundary checks before copying user-supplied data into a finite-
sized buffer.
This issue allows remote attackers to execute arbitrary machine
code in the context of the affected application. Failed exploit
attempts will likely crash the application, denying service to
legitimate users.
LIBWMF WMF FILE HANDLING INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 18751
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18751
Summary:
Applications using the libwmf library are prone to an integer-
overflow vulnerability.
An attacker could exploit this vulnerability to execute arbitrary
code in the context of the vulnerable application that uses the
affected library. Failed exploit attempts will likely cause denial-of-
service conditions.
LINUX KERNEL NETFILTER CONNTRACK_PROTO_SCTP.C DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 18755
Last Updated: 2006-07-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18755
Summary:
The Linux kernel 'netfilter' module is prone to a denial-of-service
vulnerability.
Successful exploits of this vulnerability will cause the kernel to
crash, effectively denying service to legitimate users.
[ STCP, protocole rarement utilisé; déconfigurer ]
LINUX KERNEL NETFILTER DO_ADD_COUNTERS LOCAL RACE CONDITION
VULNERABILITY
BugTraq ID: 18113
Last Updated: 2006-07-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18113
Summary:
The Linux kernel is susceptible to a local race-condition
vulnerability.
This issue allows local attackers to gain access to potentially
sensitive kernel memory, aiding them in further attacks. Failed
exploit attempts may crash the kernel, denying service to
legitimate users.
This issue is exploitable only by local users who have superuser
privileges or have the CAP_NET_ADMIN capability. This issue is
therefore a security concern only if computers run virtualization
software that allows users to have superuser access to guest
operating systems or if the CAP_NET_ADMIN capability is given to
untrusted users.
Linux kernel versions prior to 2.6.16.17 in the 2.6 series are
affected by this issue.
LINUX KERNEL POSIX-CPU-TIMERS.C LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18615
Last Updated: 2006-07-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18615
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a race condition arising in 'posix-cpu-
timers.c'.
This vulnerability allows local users to crash the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.21.
LINUX KERNEL PRCTL CORE DUMP HANDLING PRIVILEGE ESCALATION
VULNERABILITY
BugTraq ID: 18874
Last Updated: 2006-07-18
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18874
Summary:
Linux kernel is prone to a local privilege-escalation vulnerability.
A local attacker may gain elevated privileges by creating a coredump
file in a directory that they do not have write access to.
A successful attack may result in a complete compromise.
Linux kernel versions prior to 2.6.17.4 are vulnerable.
LINUX KERNEL PROC FILESYSTEM LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 18992
Last Updated: 2006-07-18
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18992
Summary:
The Linux kernel is susceptible to a local privilege-escalation
vulnerability. This issue is due to a race-condition in the 'proc'
filesystem.
This issue allows local attackers to gain superuser privileges,
facilitating the complete compromise of affected computers.
The 2.6 series of the Linux kernel is vulnerable to this issue.
LINUX KERNEL SIGNAL_32.C LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18616
Last Updated: 2006-07-11
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18616
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in 'signal_32.c'.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.21.
LINUX KERNEL USB DRIVER DATA QUEUE LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19033
Last Updated: 2006-07-18
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19033
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the USB FTDI
SIO driver.
This vulnerability allows local users to consume all available
memory resources, denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.27.
LINUX VSERVER PROJECT CHROOT BREAKOUT VULNERABILITY
BugTraq ID: 9596
Last Updated: 2006-07-18
Remote: No
Relevant URL: http://www.securityfocus.com/bid/9596
Summary:
VServer is reported prone to a breakout vulnerability that allows a
malicious user to escape from the context of the chrooted root
directory of the virtual server. This issue is due to the VServer
application failing to secure itself against a "chroot-again" style
vulnerability. Successful exploitation of this issue may allow an
attacker to gain access to the filesystem outside of the chrooted
root directory.
MICO OBJECT KEY REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18869
Last Updated: 2006-07-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18869
Summary:
MICO is susceptible to a remote denial-of-service vulnerability.
This issue is due to a failure of the application to properly handle
unexpected input.
This issue allows remote attackers to crash affected applications,
denying further service to legitimate users.
MICO versions 2.3.12RC3 and 2.3.12 are vulnerable to this issue;
other versions may also be affected.
[ CORBA ]
MOZILLA NETWORK SECURITY SERVICES LIBRARY REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 18604
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18604
Summary:
NSS is susceptible to a remote denial-of-service vulnerability. This
issue is due to a memory leak in the library.
This issue allows remote attackers to consume excessive memory
resources on affected computers. This may lead to computer hangs or
panics, denying service to legitimate users.
NSS version 3.11 is affected by this issue.
MOZILLA SUITE, FIREFOX, SEAMONKEY, AND THUNDERBIRD MULTIPLE REMOTE
VULNERABILITIES
BugTraq ID: 17516
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17516
Summary:
The Mozilla Foundation has released nine security advisories
specifying security vulnerabilities in Mozilla Suite, Firefox,
SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- gain elevated privileges in JavaScript code, potentially allowing
remote machine code execution
- gain access to potentially sensitive information
- bypass security checks
- spoof window contents.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as
the information embargo on the Mozilla Bugzilla entries is lifted
and as further information becomes available. This BID will then
be retired.
These issues are fixed in:
- Mozilla Firefox versions 1.0.8 and 1.5.0.2
- Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
- Mozilla Suite version 1.7.13
- Mozilla SeaMonkey version 1.0.1
MULTIPLE BROWSER MARQUEE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18165
Last Updated: 2006-07-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18165
Summary:
Multiple browsers are prone to a denial-of-service vulnerability
when parsing certain HTML content.
Successfully exploiting this issue allows attackers to consume
excessive CPU resources in affected browsers, denying service to
legitimate users.
Mozilla Firefox version 1.5.0.3 is vulnerable to this issue; other
versions and products may also be affected.
Internet Explorer 6.0 on Microsoft Windows XP is reported vulnerable
to this issue; other versions may also be affected.
MULTIPLE D-LINK ROUTERS UPNP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19006
Last Updated: 2006-07-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19006
Summary:
D-Link wired and wireless routers are prone to a buffer-overflow
vulnerability. This issue is due because these devices fail to
properly bounds-check user-supplied input before copying it to an
insufficiently large memory buffer.
Successful exploits can allow remote attackers to execute arbitrary
machine code in the context of the affected device.
[ firmware. UPNP est un protocole de détection par broadcast Ethernet ]
MULTIPLE VENDOR NIS SERVER YPSERV DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 8031
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/8031
Summary:
A vulnerability has been reported for ypserv that may result in a
denial of service when certain TCP packets are processed.
MULTIPLE VENDOR UNACEV2 ARCHIVE FILE NAME BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 14759
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14759
Summary:
Multiple products are prone to a buffer overflow when handling ACE
archives that contain files with overly long names.
This may be exploited to execute arbitrary code in the context of
the user who is running the application. The vulnerability is
considered remotely exploitable in nature because malicious ACE
archives will likely originate from an external, untrusted source.
[ libre? ]
MUTT BROWSE_GET_NAMESPACE IMAP NAMESPACE PROCESSING REMOTE BUFFER
OVERFLOW VULNERABILITY
BugTraq ID: 18642
Last Updated: 2006-07-15
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18642
Summary:
Mutt is prone to a remote buffer-overflow vulnerability. This
issue is due to the application's failure to properly bounds-check
user-supplied input before copying it to an insufficiently sized
memory buffer.
This issue may allow remote attackers to execute arbitrary machine
code in the context of the affected application. Failed exploit
attempts will likely crash the application, denying further service
to legitimate users.
Mutt version 1.4.2.1 is reported to be vulnerable. Other versions
may be affected as well.
MYSQL SERVER DATE_FORMAT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19032
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19032
Summary:
MySQL is prone to a remote denial-of-service vulnerability because
the database server fails to properly handle unexpected input.
This issue allows remote attackers to crash affected database
servers, denying service to legitimate users. Attackers must be able
to execute arbitrary SQL statements on affected servers, which
requires valid credentials to connect to affected servers.
Attackers may exploit this issue in conjunction with latent SQL-
injection vulnerabilities in other applications.
Versions of MySQL prior to 4.1.18, 5.0.19, and 5.1.6 are vulnerable
to this issue.
MYSQL SERVER STR_TO_DATE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18439
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18439
Summary:
MySQL is susceptible to a remote denial-of-service vulnerability.
This issue is due to the database server's failure to properly
handle unexpected input.
This issue allows remote attackers to crash affected database
servers, denying service to legitimate users. Attackers must be able
to execute arbitrary SQL statements on affected servers, which
requires valid credentials to connect to affected servers.
Attackers may exploit this issue in conjunction with latent SQL-
injection vulnerabilities in other applications.
Versions of MySQL prior to 4.1.18, 5.0.19, and 5.1.6 are vulnerable
to this issue.
MYSQL USER-DEFINED FUNCTION BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 14509
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14509
Summary:
MySQL is prone to a buffer-overflow vulnerability. The application
fails to perform sufficient boundary checks on data supplied as an
argument in a user-defined function.
A database user with sufficient access to create a user-defined
function can exploit this issue. Attackers may also be able to
exploit this issue through latent SQL-injection vulnerabilities in
third-party applications that use the database as a backend.
Successful exploitation will result in the execution of arbitrary
code in the context of the database server process.
OPENOFFICE ARBITRARY MACRO EXECUTION VULNERABILITY
BugTraq ID: 18738
Last Updated: 2006-07-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18738
Summary:
OpenOffice is prone to a vulnerability that allows attackers to gain
unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows malicious
macros to gain read/write privileges to local files on a
vulnerable computer.
OPENOFFICE JAVA APPLET SYSTEM ACCESS VULNERABILITY
BugTraq ID: 18737
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18737
Summary:
OpenOffice is prone to a vulnerability that allows attackers to gain
unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows malicious
Java applets to gain read/write privileges to local files on a
vulnerable computer.
OPENOFFICE XML FILE FORMAT BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18739
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18739
Summary:
OpenOffice is prone to a vulnerability that allows attackers to gain
unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows malicious XML
documents to cause a buffer overflow leading to read/write
privileges to local files on a vulnerable computer.
PPPD WINBIND PLUGIN LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 18849
Last Updated: 2006-07-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18849
Summary:
The 'winbind' plugin of 'pppd' can allow local attackers to gain
elevated privileges, which may lead to a complete compromise.
Version 2.4.3 of 'pppd' is reported vulnerable. Other versions may
be affected as well.
POSTGRESQL MULTIBYTE CHARACTER ENCODING SQL INJECTION VULNERABILITIES
BugTraq ID: 18092
Last Updated: 2006-07-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18092
Summary:
PostgreSQL is prone to SQL-injection vulnerabilities. These issues
are due to a potential mismatch of multibyte character conversions
between PostgreSQL servers and client applications.
A successful exploit could allow an attacker to execute arbitrary
SQL statements on affected servers. This may allow the attacker to
compromise the targeted computer, access or modify data, or exploit
other latent vulnerabilities.
PostgreSQL versions prior to 7.3.15, 7.4.13, 8.0.8, and 8.1.4 are
vulnerable to these issues.
ROCKS CLUSTERS LOCAL PRIVILEGE ESCALATION VULNERABILITIES
BugTraq ID: 19003
Last Updated: 2006-07-18
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19003
Summary:
Rocks Clusters is prone to multiple local privilege-escalation
vulnerabilities. These issues are due to a lack of proper
sanitization of user-supplied input..
These issues allow local attackers to gain superuser privileges,
facilitating the complete compromise of affected computers.
Rocks Clusters versions 4.1 and prior are vulnerable to these
issues.
SIPFOUNDRY SIPXTAPI CSEQ PROCESSING REMOTE BUFFER-OVERFLOW
VULNERABILITY
BugTraq ID: 18906
Last Updated: 2006-07-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18906
Summary:
The sipXtapi product is reported to be prone to a remote buffer-
overflow vulnerability. This issue presents itself when the
application handles a specially crafted 'CSeq' value.
A successful attack may lead to unauthorized remote access in the
context of a user running an affected application that uses the
vulnerable library.
Reports indicate that sipXtapi versions that were released prior to
March 24, 2006 are vulnerable to this issue. Certain PingTel
products and versions of AOL Triton may be affected because they
employ the vulnerable library.
[ firmware ]
SAMBA INTERNAL DATA STRUCTURES DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18927
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18927
Summary:
The smbd daemon is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to consume excessive memory
resources, ultimately crashing the affected application.
This issue affects Samba versions 3.0.1 through 3.0.22 inclusive.
SENDMAIL ASYNCHRONOUS SIGNAL HANDLING REMOTE CODE EXECUTION
VULNERABILITY
BugTraq ID: 17192
Last Updated: 2006-07-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17192
Summary:
Sendmail is prone to a remote code-execution vulnerability.
Remote attackers may leverage this issue to execute arbitrary code
with the privileges of the application, which typically runs as
superuser.
Sendmail versions prior to 8.13.6 are vulnerable to this issue.
SENDMAIL MALFORMED MIME MESSAGE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18433
Last Updated: 2006-07-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18433
Summary:
Sendmail is prone to a denial-of-service vulnerability. This issue
is due to a failure in the application to properly handle malformed
multi-part MIME messages.
An attacker can exploit this issue to crash the sendmail process
during delivery.
TWIKI ARBITRARY FILE UPLOAD VULNERABILITY
BugTraq ID: 18854
Last Updated: 2006-07-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18854
Summary:
TWiki is prone to an arbitrary file-upload vulnerability.
The issue is due to a failure in the application to properly
sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote
file containing malicious PHP code and to execute it in the context
of the webserver process. This may allow the attacker to compromise
the application and the underlying system.
TRAC INFORMATION DISCLOSURE AND DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 18323
Last Updated: 2006-07-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18323
Summary:
Trac is affected by multiple vulnerabilities. These issues include
denial-of-service and information disclosure vulnerabilities.
An attacker can exploit these issues to access sensitive
information or crash the affected application. Other attacks may
also be possible.
Trac versions prior to 0.9.6 are affected by these issues.
[ cvsweb pour SVN mais en Python ]
UTIL-VSERVER UNKNOWN LINUX CAPABILITIES VULNERABILITY
BugTraq ID: 17180
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17180
Summary:
The util-vserver package for the Linux-VServer project is
susceptible to an unknown Linux capability vulnerability. The
package fails to properly handle unknown Linux capabilities.
The exact consequences of this issue are currently unknown. They
depend on the nature of the unknown capabilities and on the nature
of the applications that use them. Hosted virtual servers may
possibly gain inappropriate access to the hosting operating system.
WU-FTPD RESTRICTED-GID UNAUTHORIZED ACCESS VULNERABILITY
BugTraq ID: 9832
Last Updated: 2006-07-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/9832
Summary:
WU-FTPD FTP server is reported prone to an unauthorized-access
vulnerability. The issue is related to the "restricted-gid" feature
supported by WU-FTPD. This feature allows an administrator to
restrict FTP user access to certain directories. The vulnerability
reportedly allows users to bypass those restrictions through
modifying the permissions on their home directory so that they
themselves can no longer access it. Under such circumstances, the
server may grant the user unauthorized access to the root directory.
Further technical details are not known at this time. This record
will be updated as more information becomes available.
This BID is created in response to Two Possibly New WU-FTPD
Vulnerabilities BID 9820, which is being retired.
WEBMIN/USERMIN UNSPECIFED INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 18744
Last Updated: 2006-07-11
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18744
Summary:
Webmin and Usermin are prone to an unspecified information-
disclosure vulnerability. This issue is due to a failure in the
applications to properly sanitize user-supplied input.
An attacker can exploit this issue to retrieve potentially sensitive
information.
This issue affects Webmin versions prior to 1.290 and Usermin
versions prior to 1.220.
Unconfirmed reports suggest that this issue is the same as the one
discussed in BID 18613 (Webmin Remote Directory Traversal
Vulnerability). However, the fixes associated with that issue did
not completely solve the vulnerability.
WIRESHARK PROTOCOL DISSECTORS MULTIPLE VULNERABILITIES
BugTraq ID: 19051
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19051
Summary:
Wireshark is prone to multiple vulnerabilities:
- A format string vulnerability.
- An off-by-one vulnerability.
- An infinite loop vulnerability.
- A memory allocation vulnerability.
These may permit attackers to execute arbitrary code, which can
facilitate a compromise of an affected computer or cause a denial-of-
service condition to legitimate users of the application.
[ ex-ethereal ]
XINE BUG REPORTING SCRIPT INSECURE TEMPORARY FILE CREATION
VULNERABILITY
BugTraq ID: 9939
Last Updated: 2006-07-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/9939
Summary:
The xine bug-reporting scripts (xine-bugreport and xine-check)
create temporary files in an insecure manner. A malicious local user
could take advantage of this issue by mounting a symbolic-link
attack to corrupt other system files, most likely resulting in the
destruction of data. Privilege escalation is also possible. This
issue occurs only when the vulnerable scripts are run to submit a
bug report to the vendor.
Note that xine-bugreport and xine-check are separate instances of
the same script.
XINE-LIB DVD SUBPICTURE DECODER HEAP OVERFLOW VULNERABILITY
BugTraq ID: 11205
Last Updated: 2006-07-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11205
Summary:
A buffer overflow in the DVD subpicture component, exploitable
through malicious DVD or MPEG content, may allow for the execution
of arbitrary code. The Xine-lib decoder converts subpicture data
into an internal representation and stores it in dynamically
allocated memory. A flaw in the calculation of required buffer space
may result in the allocation of a buffer that is too small.
Consequently, neighboring data in the heap may be corrupted when
data is written to the buffer.
Attackers could exploit this vulnerability to write arbitrary words
to nearly arbitrary locations in memory. The Linux and Windows
dynamic memory-allocation subsystems may be more susceptible than
BSD-based systems.
ZOPE DOCUTILS INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 18856
Last Updated: 2006-07-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18856
Summary:
Zope is prone to an information-disclosure vulnerability.
This issue is due to an error in the 'docutils' module when parsing
and rendering text.
An attacker can exploit this issue by creating a web page with
restructured text to access arbitrary files..
Versions 2.7.0 to 2.9.3 are vulnerable.
More information about the gull-annonces
mailing list