[gull-annonces] Résumé SecurityFocus Newsletter #353
Marc SCHAEFER
schaefer at alphanet.ch
Sun Jun 18 19:13:18 CEST 2006
AWSTATS AWSTATS.PL CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 17621
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17621
Summary:
AWStats is prone to a cross-site scripting vulnerability. This issue
is due to a failure in the application to properly sanitize user-
supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user in the context of
the affected site. This may help the attacker steal cookie-based
authentication credentials and launch other attacks.
AWStats version 6.5 (build 1.857) and prior are vulnerable to
this issue.
ASTERISK IAX2 REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18295
Last Updated: 2006-06-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18295
Summary:
Asterisk is prone to a remote denial-of-service vulnerability. This
issue is most likely due to a design error within the application.
This vulnerability allows remote attackers to crash the server,
denying further service to legitimate users.
AWSTATS CONFIGURATION FILE REMOTE ARBITRARY COMMAND EXECUTION
BugTraq ID: 18327
Last Updated: 2006-06-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18327
Summary:
Awstats is prone to an arbitrary command-execution vulnerability.
This issue is due to a failure in the application to properly
sanitize user-supplied input. An attacker can exploit this
vulnerability to execute arbitrary shell commands in the context of
the webserver process. This may help attackers compromise the
underlying system; other attacks are also possible.
AWSTATS REMOTE ARBITRARY COMMAND EXECUTION VULNERABILITY
BugTraq ID: 17844
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17844
Summary:
Awstats is prone to an arbitrary command-execution vulnerabilit.
This issue is due to a failure in the application to properly
sanitize user-supplied input. An attacker can exploit this
vulnerability to execute arbitrary shell commands in the context of
the webserver process. This may help attackers compromise the
underlying system; other attacks are also possible.
D-LINK DWL-2100AP INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 18299
Last Updated: 2006-06-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18299
Summary:
D-Link DWL-2100AP devices are susceptible to a remote information-
disclosure vulnerability. The devices fail to properly secure
configuration information.
This issue allows remote, unauthenticated attackers to gain access
to potentially sensitive configuration information from affected
devices. This may aid them in further attacks.
[ firmware ]
DIA FILENAME REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 18078
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18078
Summary:
Dia is prone to a remote format-string vulnerability.
This issue arises when the application handles specially crafted
filenames. An attacker can exploit this vulnerability by crafting a
malicious filename that contains format specifiers and then coercing
unsuspecting users to open the malicious file with the affected
application.
A successful attack may crash the application or lead to arbitrary
code execution. This issue affects Dia versions 0.95 and earlier.
DIA MULTIPLE UNSPECIFIED REMOTE FORMAT STRING VULNERABILITIES
BugTraq ID: 18166
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18166
Summary:
Dia is prone to multiple unspecified format-string vulnerabilities.
These issues are due to the application's failure to properly
sanitize user-supplied input before including it in the format-
specifier argument of formatted-printing functions.
A successful attack may crash the application or lead to arbitrary
code execution.
Specific information regarding affected versions of Dia is not
currently available; this BID will be updated as further information
is disclosed.
FENICE REMOTE BUFFER OVERFLOW AND DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 17678
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17678
Summary:
Fenice is susceptible to multiple remote vulnerabilities:
- A buffer-overflow vulnerability. The application fails to perform
sufficient bounds checking of user-supplied data before copying
it to an insufficiently sized memory buffer. This issue
potentially allows remote attackers to execute arbitrary machine
code in the context of the affected server process. Failed
exploit attempts will likely crash the application, denying
service to legitimate users.
- A denial-of-service vulnerability due to an integer-overflow flaw.
This issue allows remote attackers to crash the affected
application, denying service to legitimate users.
Version 1.10 of Fenice is vulnerable to these issues; other versions
may also be affected.
[ libre streaming software ]
FETCHMAIL'S FETCHMAILCONF UTILITY LOCAL INFORMATION DISCLOSURE
BugTraq ID: 15179
Last Updated: 2006-06-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15179
Summary:
Fetchmail is susceptible to an information-disclosure vulnerability.
This issue is due to a race condition in the 'fetchmailconf'
configuration utility. This issue allows local attackers to gain
access to potentially sensitive information, including email
authentication credentials, aiding them in further attacks. Versions
of Fetchmail prior to 6.2.9-rc6 include a vulnerable version of
'fetchmailconf'. Versions of 'fetchmailconf' prior to 1.43.2 and
1.49 are vulnerable.
FREERADIUS EAP-MSCHAPV2 AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 17171
Last Updated: 2006-06-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17171
Summary:
FreeRADIUS is prone to an authentication-bypass vulnerability. The
issue exists in the EAP-MSCHAPv2 state machine. Bypassing
authentication could also cause the server to crash.
FreeRADIUS versions from 1.0.0 to 1.1.0 are vulnerable.
FREERADIUS MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 14775
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14775
Summary:
FreeRADIUS is susceptible to multiple remote vulnerabilities:
- Memory-handling vulnerabilities. These issues may allow remote
attackers to crash affected services or possibly execute arbitrary
machine code in the context of the vulnerable application.
- File descriptor leak. Attackers may exploit this to gain access to
files that they may not normally have access to.
- The LDAP module contains a flaw whereby attacker-specified data
may be passed on to the configured LDAP database without proper
input sanitization. These issues are all reported to affect
version 1.0.4 of FreeRADIUS; previous versions are also likely
vulnerable to one or more of these issues. **Update: The vendor
has posted a response to these issues. Please see "Response to
Suse Audit Report on FreeRADIUS" for further details.
FREETYPE TTF FILE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18326
Last Updated: 2006-06-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18326
Summary:
FreeType is prone to a buffer-overflow vulnerability. This issue is
due to an integer-underflow that results in a buffer being overrun
with attacker-supplied data.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications that use the affected library. Failed
exploit attempts will likely crash applications, denying service to
legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
FREETYPE TTF FILE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18329
Last Updated: 2006-06-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18329
Summary:
FreeType is prone to a denial-of-service vulnerability. This issue
is due to a flaw in the library that causes a NULL-pointer
dereference.
This issue allows remote attackers to crash applications that use
the affected library, denying service to legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
GD GRAPHICS LIBRARY REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18294
Last Updated: 2006-06-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18294
Summary:
The GD Graphics Library is prone to a denial-of-service
vulnerability. Attackers can trigger an infinite-loop condition when
the library tries to handle malformed image files.
This issue allows attackers to consume excessive CPU resources on
computers that use the affected software. This may deny service to
legitimate users.
GD version 2.0.33 is vulnerable to this issue; other versions may
also be affected.
GNOME FOUNDATION GDM CONFIGURE LOGIN MANAGER AUTHENTICATION BYPASS
BugTraq ID: 18332
Last Updated: 2006-06-08
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18332
Summary:
GDM is susceptible to an authentication-bypass vulnerability when
users attempt to access the 'Configure Login Manager' option.
This issue allows local attackers to execute the 'Configure Login
Manager' option with superuser privileges without entering valid
superuser credentials. This allows them to make unauthorized
configuration changes. This allows them to gain administrative
access to affected computers, facilitating the complete compromise
of affected computers.
IPSEC-TOOLS IKE MESSAGE HANDLING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15523
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15523
Summary:
IPsec-Tools is prone to a denial-of-service vulnerability. This
issue is due to a failure in the application to handle exceptional
conditions when in 'AGGRESSIVE' mode. An attacker can exploit this
issue to crash the application, thus denying service to legitimate
users. These vulnerabilities were discovered by, and may be
reproduced by, the University of Oulu Secure Programming Group
PROTOS IPSec Test Suite.
KAFFEINE REMOTE HTTP_PEEK BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17372
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17372
Summary:
Kaffeine is reportedly affected by a remote buffer-overflow
vulnerability because the application fails to perform sufficient
boundary checks on user-supplied strings before copying them into
finite stack-based buffers. An attacker can leverage this issue
remotely to execute arbitrary code on an affected computer with
the privileges of an unsuspecting user that executed the
vulnerable software.
LIBTIFF TIFF2PDF REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18331
Last Updated: 2006-06-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18331
Summary:
The tiff2pdf utility is prone to a buffer-overflow vulnerability.
This issue is due to a failure in the application to do proper
boundary checks before copying user-supplied data into a finite-
sized buffer.
This issue allows remote attackers to execute arbitrary machine
code in the context of the affected application. Failed exploit
attempts will likely crash the application, denying service to
legitimate users.
LINUX KERNEL LEASE_INIT LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17943
Last Updated: 2006-06-07
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17943
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the
'lease_init' function.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.16.
LINUX KERNEL MULTIPLE SCTP REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 17910
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17910
Summary:
The Linux kernel SCTP module is susceptible to remote denial-of-
service vulnerabilities. These issues are triggered when the kernel
handles unexpected SCTP packets.
These issues allow remote attackers to trigger kernel panics,
denying further service to legitimate users. Note that a valid SCTP
endpoint must be listening.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior
versions may also be affected.
LINUX KERNEL MULTIPLE SCTP REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 17955
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17955
Summary:
The Linux kernel SCTP module is susceptible to remote denial-of-
service vulnerabilities. These issues are triggered when the kernel
handles unexpected SCTP packets.
These issues allow remote attackers to trigger kernel deadlock and
infinite recursion, denying further service to legitimate users. The
Linux kernel version 2.6.16 is vulnerable to these issues; prior
versions may also be affected.
LINUX KERNEL SCTP MULTIPLE REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 18085
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18085
Summary:
The Linux kernel SCTP module is susceptible to remote denial-of-
service vulnerabilities. These issues are triggered when the kernel
handles unexpected SCTP packets.
These issues allow remote attackers to trigger kernel panics,
denying further service to legitimate users. The Linux kernel
version 2.6.16 is vulnerable to these issues; prior versions may
also be affected.
LINUX KERNEL SSOCKADDR_IN.SIN_ZERO KERNEL MEMORY DISCLOSURE
BugTraq ID: 17203
Last Updated: 2006-06-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17203
Summary:
The Linux kernel is affected by local memory-disclosure
vulnerabilities. These issues are due to the kernel's failure to
properly clear previously used kernel memory before returning it to
local users.
These issues allow an attacker to read kernel memory and potentially
gather information to use in further attacks.
MOZILLA SUITE, FIREFOX, SEAMONKEY, AND THUNDERBIRD MULTIPLE REMOTE
BugTraq ID: 17516
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17516
Summary:
The Mozilla Foundation has released nine security advisories
specifying security vulnerabilities in Mozilla Suite, Firefox,
SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- gain elevated privileges in JavaScript code, potentially allowing
remote machine code execution
- gain access to potentially sensitive information
- bypass security checks
- spoof window contents.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as
the information embargo on the Mozilla Bugzilla entries is lifted
and as further information becomes available. This BID will then
be retired.
These issues are fixed in:
- Mozilla Firefox versions 1.0.8 and 1.5.0.2
- Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
- Mozilla Suite version 1.7.13
- Mozilla SeaMonkey version 1.0.1
MULTIPLE BROWSER MARQUEE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18165
Last Updated: 2006-06-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18165
Summary:
Multiple browsers are prone to a denial-of-service vulnerability
when parsing certain HTML content.
Successfully exploiting this issue allows attackers to consume
excessive CPU resources in affected browsers, denying service to
legitimate users.
Mozilla Firefox version 1.5.0.3 is vulnerable to this issue; other
versions and products may also be affected.
Internet Explorer 6.0 on Microsoft Windows XP is reported vulnerable
to this issue; other versions may also be affected.
MULTIPLE MOZILLA PRODUCTS IFRAME JAVASCRIPT EXECUTION VULNERABILITY
BugTraq ID: 16770
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16770
Summary:
Multiple Mozilla products are prone to a script-execution
vulnerability.
The vulnerability presents itself when an attacker supplies a
specially crafted email to a user containing malicious script code
in an IFRAME and the user tries to reply to the mail. Arbitrary
JavaScript can be executed even if the user has disabled JavaScript
execution in the client. The following mozilla products are
vulnerable to this issue:
- Mozilla Thunderbird, versions prior to 1.5.0.2, and prior to 1.0.8
- Mozilla SeaMonkey, versions prior to 1.0.1
- Mozilla Suite, versions prior to 1.7.13
MULTIPLE VENDOR WEB BROWSER JAVASCRIPT KEY FILTERING VULNERABILITY
BugTraq ID: 18308
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18308
Summary:
Multiple web browsers are prone to a JavaScript key-filtering
vulnerability. This issue is due to the failure of the browsers to
securely handle keystroke input from users.
This issue is demonstrated to allow attackers to divert keystrokes
from one input form in a webpage to a hidden file-upload dialog in
the same page. This may allow remote attackers to initiate file
uploads from unsuspecting users. Other attacks may also be possible.
Exploiting this issue requires that users manually type the full
path of files that attackers wish to download. This may require
substantial typing from targeted users, so attackers will likely use
keyboard-based games, blogs, or other similar pages to entice users
to enter the required keyboard input to exploit this issue.
Reportedly, Mozilla Suite, Mozilla Firefox, Mozilla SeaMonkey,
Netscape Navigator, and Microsoft Internet Explorer are all
vulnerable to this issue.
MYSQL MYSQL_REAL_ESCAPE FUNCTION SQL INJECTION VULNERABILITY
BugTraq ID: 18219
Last Updated: 2006-06-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18219
Summary:
MySQL is prone to an SQL-injection vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied
input before using it in an SQL query. A successful exploit could
allow an attacker to compromise an application using a vulnerable
database or to compromise the database itself.
MySQL versions prior to 5.0.22-1-0.1 and prior to 4.1.20 are
vulnerable. Other versions may also be affected.
OPENSSH GSSAPI CREDENTIAL DISCLOSURE VULNERABILITY
BugTraq ID: 14729
Last Updated: 2006-06-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14729
Summary:
OpenSSH is susceptible to a GSSAPI credential-delegation
vulnerability.
Specifically, if a user has GSSAPI authentication configured, and
'GSSAPIDelegateCredentials' is enabled, their Kerberos credentials
will be forwarded to remote hosts. This occurs even when the user
employs authentication methods other than GSSAPI to connect, which
is not usually expected. This vulnerability allows remote attackers
to improperly gain access to GSSAPI credentials, allowing them to
use those credentials to access resources granted to the original
principal. This issue affects versions of OpenSSH prior to 4.2.
OPENSSH SCP SHELL COMMAND EXECUTION VULNERABILITY
BugTraq ID: 16369
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
OpenSSH is susceptible to an SCP shell command-execution
vulnerability. This issue is due to the application's failure to
properly sanitize user-supplied input before using it in a
'system()' function call.
This issue allows attackers to execute arbitrary shell commands with
the privileges of users executing a vulnerable version of SCP.
This issue reportedly affects version 4.2 of OpenSSH. Other versions
may also be affected.
PERL PERL_SV_VCATPVFN FORMAT STRING INTEGER WRAP VULNERABILITY
BugTraq ID: 15629
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15629
Summary:
Perl is susceptible to a format-string vulnerability. This issue is
due to the programming language's failure to properly handle format
specifiers in formatted-printing functions. An attacker may leverage
this issue to write to arbitrary process memory, facilitating code
execution in the context of the Perl interpreter process. This can
result in unauthorized remote access. Developers should treat the
formatted printing functions in Perl as equivalently vulnerable to
exploitation as the C library versions, and should properly sanitize
all data passed in the format-specifier argument. All applications
that use formatted-printing functions in an unsafe manner should be
considered exploitable.
POSTGRESQL MULTIBYTE CHARACTER ENCODING SQL INJECTION VULNERABILITIES
BugTraq ID: 18092
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18092
Summary:
PostgreSQL is prone to SQL-injection vulnerabilities. These issues
are due to a potential mismatch of multibyte character conversions
between PostgreSQL servers and client applications.
A successful exploit could allow an attacker to execute arbitrary
SQL statements on affected servers. This may allow the attacker to
compromise the targeted computer, access or modify data, or exploit
other latent vulnerabilities.
PostgreSQL versions prior to 7.3.15, 7.4.13, 8.0.8, and 8.1.4 are
vulnerable to these issues.
PYBLOSXOM CONTRIBUTED PACKAGES COMMENTS PLUGIN MULTIPLE CROSS-SITE
BugTraq ID: 18292
Last Updated: 2006-06-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18292
Summary:
PyBlosxom Contributed Packages is prone to multiple cross-site
scripting vulnerabilities. These issues are due to a failure in the
application to properly sanitize user-supplied input. An attacker
may leverage these issues to have arbitrary script code execute in
the browser of an unsuspecting user in the context of the affected
site. This may help the attacker steal cookie-based authentication
credentials and launch other attacks.
Contributed Packages for Pyblosxom version 1.2.2 is vulnerable;
other versions may also be affected.
[ weblog/blog en Python ]
SHADOW-UTILS USERADD LOCAL INSECURE PERMISSIONS VULNERABILITY
BugTraq ID: 18111
Last Updated: 2006-06-07
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18111
Summary:
The useradd utility in shadow-utils is susceptible to a local insecure-
permissions vulnerability. This issue is due to a race-condition
between when user mailboxes are created and when permissions are set
on the file.
A local, unprivileged attacker can exploit this issue to gain
access to newly created mailbox files. This may allow them to
directly inject forged email messages to aid them in social-
engineering attacks. Attackers may also be able to inject data into
the mailbox file that will cause mail applications to fail to
access the file, denying email access to targeted users. Other
attacks may also be possible.
Version 4.0.3 of shadow-utils is vulnerable to this issue; other
versions may also be affected.
SPAMASSASSIN VPOPMAIL AND PARANOID SWITCHES REMOTE COMMAND EXECUTION
BugTraq ID: 18290
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18290
Summary:
SpamAssassin is prone to an arbitrary-command-execution
vulnerability. This issue is due to an error in the application when
processing a specially formatted input message when certain switches
are set. An attacker can exploit this issue to execute arbitrary
comannds on the vulnerable computer with the privileges of the
affected application.
SUSE XSCREENSAVER PACKAGE MULTIPLE VULNERABILITIES
BugTraq ID: 9125
Last Updated: 2006-06-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/9125
Summary:
SuSE have reported that 'xscreensaver' packages shipped with SuSE
Linux 9.0 are prone to multiple vulnerabilities. These issues
include a crash when xscreensaver is handling the verification of
authentication credentials. SuSE has also reported that xscreensaver
is prone to several insecure temporary-file-creation
vulnerabilities.
TIKIWIKI MULTIPLE CROSS-SITE SCRIPTING VULNERABILITIES
BugTraq ID: 18143
Last Updated: 2006-06-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18143
Summary:
TikiWiki is prone to multiple cross-site scripting vulnerabilities.
These issues are due to a failure in the application to properly
sanitize user-supplied input. An attacker may leverage these issues
to have arbitrary script code execute in the browser of an
unsuspecting user in the context of the affected site. This may help
the attacker steal cookie-based authentication credentials and
launch other attacks.
TOR MULTIPLE BUFFER OVERFLOW/INFORMATION DISCLOSURE/DENIAL OF SERVICE
BugTraq ID: 18323
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18323
Summary:
Tor is affected by multiple vulnerabilities. These issues include an
integer overflow, denial of service, information disclosure, and a
possible log-bypass error.
An attacker can exploit these issues to access sensitive
information, crash the affected application, and potentially gain
remote access to the underlying computer.
[ protocole d'anonymisation ]
X.ORG XRENDER EXTENSION BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17795
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17795
Summary:
The X.Org X Window System is prone to a buffer-overflow
vulnerability.
An attacker can exploit this issue to execute arbitrary code with
elevated privileges. This may facilitate a compromise of the
affected computer.
XPDF DCTSTREAM BASELINE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15727
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15727
Summary:
The 'xpdf' viewer is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. This can result in
the attacker gaining unauthorized access to the vulnerable computer.
This issue is reported to present itself in the
'CTStream::readBaselineSOF' function residing in the
'xpdf/Stream.cc' file. This issue is reported to affect xpdf 3.01,
but earlier versions are likely prone to this vulnerability as well.
Applications using embedded xpdf code may also be vulnerable. The
'pdftohtml' utility also includes vulnerable versions of xpdf.
Version .36 of pdftohtml was reported prone to this issue, however,
earlier versions may also be affected. The 'kpdf' viewer reportedly
incorporates vulnerable xpdf code. Version 0.5 of kpdf is prone to
this issue, but other versions may also be affected.
XPDF DCTSTREAM PROGRESSIVE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15726
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15726
Summary:
The 'xpdf' utility is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
Reportedly, this issue presents itself in the
'DCTStream::readProgressiveSOF' function residing in the
'xpdf/Stream.cc' file. This issue is reported to affect xpdf 3.01,
but earlier versions are likely vulnerable as well. Applications
using embedded xpdf code may also be vulnerable. The 'pdftohtml'
utility also includes vulnerable versions of xpdf. Version .36 of
pdftohtml was reported prone to this issue, but earlier versions may
also be affected. Th 'kpdf' utility reportedly incorporates
vulnerable xpdf code. Version 0.5 of kpdf is prone to this issue,
but other versions may also be affected.
XPDF JPX STREAM READER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15721
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15721
Summary:
The 'xpdf' utility is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
Reportedly, this issue presents itself in the
'JPXStream::readCodestream' function residing in the
'xpdf/JPXStream.cc' file. This issue is reported to affect xpdf
3.01, but earlier versions are likely prone to this vulnerability as
well. Applications using embedded xpdf code may also be vulnerable.
The 'kpdf' utility reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XSCREENSAVER LOCAL PASSWORD DISCLOSURE VULNERABILITY
BugTraq ID: 17471
Last Updated: 2006-06-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17471
Summary:
XScreenSaver is prone to a local password-disclosure vulnerability.
This issue is due to a flaw in the application that may result in
the screen-unlock password being passed onto other applications that
are already running on the computer.
This may disclose the password used to unlock the applications. The
login password is typically used to unlock XScreenSaver, so this
issue may reveal login passwords to attackers.
This issue is currently known to affect users who are running
RDesktop on the locked computer, due to the interaction between the
applications. This may result in the disclosure of the login
password across the network. Other unknown applications in
conjunction with XScreenSaver may result in a similar issue.
Version 4.14, and 4.16 are vulnerable to this issue; other versions
may also be affected.
XINE FILENAME HANDLING REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 17769
Last Updated: 2006-06-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17769
Summary:
The xine package is susceptible to a remote format-string
vulnerability.
This issue arises when the application handles specially crafted
filenames. An attacker can exploit this vulnerability by crafting a
malicious filename that contains format specifiers and then coercing
unsuspecting users to try to execute the affected application with
the malicious filename as an argument.
A successful attack may crash the application or lead to arbitrary
code execution. Version 0.99.4 of xine is vulnerable to this issue;
other versions may also be affected.
ZLIB COMPRESSION LIBRARY BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 14162
Last Updated: 2006-06-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14162
Summary:
Zlib is susceptible to a buffer-overflow vulnerability. This issue
is due to the application's failure to properly validate input data
before using it in a memory copy operation. In certain
circumstances, malformed input data during decompression may result
in a memory buffer being overflowed. This may result in denial-of-
service conditions or may allow remote code to execute in the
context of applications that use the affected library.
ZOO MISC.C BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 16790
Last Updated: 2006-06-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16790
Summary:
Zoo is prone to a buffer-overflow vulnerability. This issue is due
to a failure in the application to do proper bounds checking on user-
supplied data before using it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary code in the
context of the victim user running the affected application.
More information about the gull-annonces
mailing list