[gull-annonces] Résumé SecurityFocus Newsletter #354

Marc SCHAEFER schaefer at alphanet.ch
Sun Jun 18 19:33:38 CEST 2006


APACHE HTTP REQUEST SMUGGLING VULNERABILITY
BugTraq ID: 14106
Last Updated: 2006-06-15
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14106
Summary:
  Apache is prone to an HTTP-request-smuggling attack.

  A specially crafted request with a 'Transfer-Encoding: chunked'
  header and a 'Content-Length' header can cause the server to forward
  a reassembled request with the original 'Content-Length' header. As
  a result, the malicious request may piggyback on the valid HTTP
  request. This attack may result in cache poisoning, cross-site
  scripting, session hijacking, and other attacks. This issue was
  originally described in BID 13873 (Multiple Vendor Multiple HTTP
  Request Smuggling Vulnerabilities). Due to the availability of more
  details and vendor confirmation, the issue is now a new BID.

APACHE MOD_SSL SSLVERIFYCLIENT RESTRICTION BYPASS VULNERABILITY
BugTraq ID: 14721
Last Updated: 2006-06-15
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14721
Summary:
  Apache 2.x mod_ssl is prone to a restriction-bypass vulnerability.
  This issue presents itself when mod_ssl is configured to be used
  with the 'SSLVerifyClient' directive. This issue allows attackers to
  bypass security policies to gain access to locations that are
  configured to be forbidden for clients without a valid client
  certificate.

APACHE MOD_INCLUDE LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 11471
Last Updated: 2006-06-15
Remote: No
Relevant URL: http://www.securityfocus.com/bid/11471
Summary:
  The problem presents itself when the affected module attempts to
  parse mod_include-specific tag values. A failure to properly
  validate the lengths of user-supplied tag strings before copying
  them into finite buffers facilitates the overflow. A local attacker
  may leverage this issue to execute arbitrary code on the affected
  computer with the privileges of the affected Apache server.

ASTERISK IAX2 REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18295
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18295
Summary:
  Asterisk is prone to a remote buffer-overflow vulnerability. This
  issue is due to the application's failure to properly bounds-check
  user-supplied data before copying it to an insufficiently sized
  memory buffer.

  This vulnerability allows remote attackers to execute arbitrary
  machine code in the context of the affected application. Failed
  exploit attempts will likely crash the server, denying further
  service to legitimate users.

BOGOFILTER MULTIPLE REMOTE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 16171
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16171
Summary:
  Multiple remote buffer-overflow vulnerabilities affect Bogofilter.
  These issues are due to the application's failure to properly handle
  invalid input sequences and to validate the length of user-supplied
  strings before copying them into static process buffers. An attacker
  may exploit these issue to cause a denial-of-service condition or
  possibly to execute arbitrary code with the privileges of the
  vulnerable application. This may facilitate unauthorized access or
  privilege escalation. Note that successful exploitation requires
  that Bogofilter be used with a Unicode database.

[ baysesian filtering, similaire à Spam Assassin, mais en C ]

CISCO VPN3K/ASA WEBVPN CLIENTLESS MODE CROSS-SITE SCRIPTING
VULNERABILITY
BugTraq ID: 18419
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18419
Summary:
  Cisco VPN 3000 Series Concentrators and ASA 5500 Series Adaptive
  Security Appliances (ASA) are prone to cross-site scripting
  attacks via the WebVPN Clientless Mode. The issue is due to
  insufficient sanitization of HTML and script code from error
  messages that are displayed to users. This vulnerability could
  result in the execution of attacker-supplied HTML and script code
  in the session of a victim user. In the worst-case scenario, the
  attacker could gain unauthorized access to the VPN by stealing the
  WebVPN session cookie.

[ le clientless VPN, c'est du marketing pour dire que tous les serveurs
  WWW non chiffrés sont accédés derrière un URL unique, style
  https://vpn.company.ch/www.othercompany.ch/index.html, ce qui signifie
  que diverses attaques, notamment de `cookie stealing' sont possibles,
  vu que le domaine, du point de vue HTTP, est commun. Un VPN réel comme
  OpenVPN est recommandé à la place.
]

FREETYPE LWFN FILES BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18034
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18034
Summary:
  FreeType is prone to a buffer-overflow vulnerability. This issue is
  due to an integer-overflow that results in a buffer being overrun
  with attacker-supplied data.

  This issue allows remote attackers to execute arbitrary machine code
  in the context of applications that use the affected library. Failed
  exploit attempts will likely crash applications, denying service to
  legitimate users.

  FreeType versions prior to 2.2.1 are vulnerable to this issue.

FREETYPE TTF FILE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18326
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18326
Summary:
  FreeType is prone to a buffer-overflow vulnerability. This issue is
  due to an integer-underflow that results in a buffer being overrun
  with attacker-supplied data.

  This issue allows remote attackers to execute arbitrary machine code
  in the context of applications that use the affected library. Failed
  exploit attempts will likely crash applications, denying service to
  legitimate users.

  FreeType versions prior to 2.2.1 are vulnerable to this issue.

FREETYPE TTF FILE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18329
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18329
Summary:
  FreeType is prone to a denial-of-service vulnerability. This issue
  is due to a flaw in the library that causes a NULL-pointer
  dereference.

  This issue allows remote attackers to crash applications that use
  the affected library, denying service to legitimate users.

  FreeType versions prior to 2.2.1 are vulnerable to this issue.

GD GRAPHICS LIBRARY REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18294
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18294
Summary:
  The GD Graphics Library is prone to a denial-of-service
  vulnerability. Attackers can trigger an infinite-loop condition when
  the library tries to handle malformed image files.

  This issue allows attackers to consume excessive CPU resources on
  computers that use the affected software. This may deny service to
  legitimate users.

  GD version 2.0.33 is vulnerable to this issue; other versions may
  also be affected.

GNOME FOUNDATION GDM CONFIGURE LOGIN MANAGER AUTHENTICATION BYPASS
BugTraq ID: 18332
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18332
Summary:
  GDM is susceptible to an authentication-bypass vulnerability when
  users try to access the 'Configure Login Manager' option.

  This issue allows local attackers to execute the 'Configure Login
  Manager' option with superuser privileges without entering valid
  superuser credentials. This allows them to make unauthorized
  configuration changes, which in turn grants them administrative
  access to affected computers, facilitating their complete
  compromise.

KDE ARTSWRAPPER LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 18429
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18429
Summary:
  KDE's artswrapper utility is susceptible to a local privilege-
  escalation vulnerability because it fails to properly implement
  privilege-dropping functionality when used in conjunction with
  Linux 2.6 kernels.

  This issue allows local attackers to gain superuser privileges,
  facilitating the complete compromise of affected computers.

KDE KDM SESSION TYPE SYMBOLIC LINK VULNERABILITY
BugTraq ID: 18431
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18431
Summary:
  KDM is prone to a vulnerability that may permit symbolic-link
  attacks when processing the user's session type.

  An attacker with local access could potentially exploit this issue
  to view files and obtain privileged information.

  A successful attack would most likely result in the loss of
  confidentiality and the theft of privileged information.

LIBTIFF TIFF2PDF REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18331
Last Updated: 2006-06-15
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18331
Summary:
  The tiff2pdf utility is prone to a buffer-overflow vulnerability.
  This issue is due to a failure in the application to do proper
  boundary checks before copying user-supplied data into a finite-
  sized buffer.

  This issue allows remote attackers to execute arbitrary machine
  code in the context of the affected application. Failed exploit
  attempts will likely crash the application, denying service to
  legitimate users.

LIBTIFF DOUBLE FREE MEMORY CORRUPTION VULNERABILITY
BugTraq ID: 17733
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17733
Summary:
  Applications using the LibTIFF library are prone to a double-free
  vulnerability; a fix is available.

  Attackers may be able to exploit this issue to cause denial-of-
  service conditions in affected applications using a vulnerable
  version of the library; arbitrary code execution may also be
  possible.

LIBTIFF MULTIPLE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 17730
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17730
Summary:
  LibTIFF is affected by multiple denial-of-service vulnerabilities.

  An attacker can exploit these vulnerabilities to cause a denial of
  service in applications using the affected library.

LIBTIFF TIFFFETCHDATA INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 17732
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17732
Summary:
  Applications using the LibTIFF library are prone to an integer-
  overflow vulnerability.

  An attacker could exploit this vulnerability to execute arbitrary
  code in the context of the vulnerable application that uses the
  affected library. Failed exploit attempts will likely cause denial-of-
  service conditions.

LIBTIFF TIFFTORGB DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17809
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17809
Summary:
  LibTIFF is affected by a denial-of-service vulnerability.

  An attacker can exploit this vulnerability to cause a denial of
  service in applications using the affected library.

LINUX KERNEL ELF FILE ENTRY POINT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16925
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16925
Summary:
  Linux kernel is prone to a denial-of-service vulnerability when
  processing a malformed ELF file. This issue occurs only on Intel
  EM64T processors.

  Linux kernel versions prior to 2.6.15.5 are affected by this issue.

LINUX KERNEL IP ID INFORMATION DISCLOSURE WEAKNESS
BugTraq ID: 17109
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17109
Summary:
  The Linux kernel is susceptible to a remote information-disclosure
  weakness. This issue is due to an implementation flaw of a zero
  'ip_id' information-disclosure countermeasure.

  This issue allows remote attackers to use affected computers in
  stealth network port and trust scans.

  The Linux kernel 2.6 series, as well as some kernels in the 2.4
  series, are affected by this weakness.

LINUX KERNEL IP_ROUTE_INPUT LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17593
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17593
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability. This issue is due to a design error in the
  'ip_route_input()' function.

  This vulnerability allows local users to panic the kernel, denying
  further service to legitimate users.

  This issue affects Linux kernel versions prior to 2.6.16.8.

LINUX KERNEL MULTIPLE SCTP REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 17910
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17910
Summary:
  The Linux kernel SCTP module is susceptible to remote denial-of-
  service vulnerabilities. These issues are triggered when the kernel
  handles unexpected SCTP packets.

  These issues allow remote attackers to trigger kernel panics,
  denying further service to legitimate users. Note that a valid SCTP
  endpoint must be listening.

  The Linux kernel version 2.6.16 is vulnerable to these issues; prior
  versions may also be affected.

LINUX KERNEL NETFILTER DO_ADD_COUNTERS LOCAL RACE CONDITION
VULNERABILITY
BugTraq ID: 18113
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18113
Summary:
  The Linux kernel is susceptible to a local race-condition
  vulnerability.

  This issue allows local attackers to gain access to potentially
  sensitive kernel memory, aiding them in further attacks. Failed
  exploit attempts may crash the kernel, denying service to
  legitimate users.

  This issue is exploitable only by local users who have superuser
  privileges or have the CAP_NET_ADMIN capability. This issue is
  therefore a security concern only if computers run virtualization
  software that allows users to have superuser access to guest
  operating systems or if the CAP_NET_ADMIN capability is given to
  untrusted users.

  Linux kernel versions prior to 2.6.16.17 in the 2.6 series are
  affected by this issue.

LINUX KERNEL NETFILTER DO_REPLACE LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17178
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17178
Summary:
  The Linux kernel is susceptible to a local buffer-overflow
  vulnerability. This issue is due to the kernel's failure to properly
  bounds-check user-supplied input before using it in a memory copy
  operation.

  This issue allows local attackers to overwrite kernel memory with
  arbitrary data, potentially allowing them to execute malicious
  machine code in the context of affected kernels. This vulnerability
  facilitates the complete compromise of affected computers.

  This issue is exploitable only by local users who have superuser
  privileges or have the CAP_NET_ADMIN capability. This issue is
  therefore a security concern only if computers run virtualization
  software that allows users to have superuser access to guest
  operating systems or if the CAP_NET_ADMIN capability is given to
  untrusted users.

  Linux kernel versions prior to 2.6.16 in the 2.6 series are affected
  by this issue.

LINUX KERNEL PTRACE CLONE_THREAD LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15642
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15642
Summary:
  Linux kernel is susceptible to a local denial-of-service
  vulnerability.

  In instances where a process is created via the 'clone()' system
  call with the 'CLONE_THREAD' argument ptraced, the kernel fails to
  properly ensure that the ptracing process is not attempting to trace
  itself. This issue allows local users to crash the kernel, denying
  service to legitimate users. Kernel versions prior to 2.6.14.2 are
  vulnerable to this issue.

LINUX KERNEL PTRACED CHILD AUTO-REAP LOCAL DENIAL OF SERVICE
BugTraq ID: 15625
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15625
Summary:
  Linux kernel is susceptible to a local denial-of-service
  vulnerability.

  The kernel improperly auto-reaps processes when they are being
  ptraced, leading to an invalid pointer. Further operations on this
  pointer result in a kernel crash. This issue allows local users to
  crash the kernel, denying service to legitimate users. Kernel
  versions prior to 2.6.15 are vulnerable to this issue.

LINUX KERNEL RNDIS_QUERY_RESPONSE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17831
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17831
Summary:
  The Linux kernel is prone to a remote buffer-overflow vulnerability.
  This issue is due to the kernel's failure to properly bounds-check
  user-supplied data before copying it to an insufficiently sized
  memory buffer.

  This issue allows remote attackers to crash affected computers.
  Presumably, attackers could execute arbitrary machine code in the
  context of affected kernels, but this has not been confirmed.

  Linux kernel versions in the 2.6 series prior to 2.6.16 are
  vulnerable to this issue.

LINUX KERNEL SCTP MULTIPLE REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 18085
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18085
Summary:
  The Linux kernel SCTP module is susceptible to remote denial-of-
  service vulnerabilities. These issues are triggered when the kernel
  handles unexpected SCTP packets.

  These issues allow remote attackers to trigger kernel panics,
  denying further service to legitimate users. The Linux kernel
  version 2.6.16 is vulnerable to these issues; prior versions may
  also be affected.

LINUX KERNEL SMBFS CHROOT SECURITY RESTRICTION BYPASS VULNERABILITY
BugTraq ID: 17735
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17735
Summary:
  The Linux Kernel is prone to a vulnerability that allows attackers
  to bypass a security restriction. This issue is due to a failure in
  the kernel to properly sanitize user-supplied data.

  The problem affects chroot inside of an SMB-mounted filesystem
  ('smbfs'). A local attacker who is bounded by the chroot can exploit
  this issue to bypass the chroot restriction and gain unauthorized
  access to the filesystem.

LINUX KERNEL SHARED MEMORY SECURITY RESTRICTION BYPASS VULNERABILITY
BugTraq ID: 17587
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17587
Summary:
  The Linux kernel is prone to a vulnerability regarding access to
  shared memory.

  A local attacker could potentially gain read and write access to
  shared memory and write access to read-only tmpfs filesystems,
  bypassing security restrictions.

  An attacker can exploit this issue to possibly corrupt
  applications and their data when the applications use temporary
  files or shared memory.

LINUX KERNEL SSOCKADDR_IN.SIN_ZERO KERNEL MEMORY DISCLOSURE
BugTraq ID: 17203
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17203
Summary:
  The Linux kernel is affected by local memory-disclosure
  vulnerabilities. These issues are due to the kernel's failure to
  properly clear previously used kernel memory before returning it to
  local users.

  These issues allow an attacker to read kernel memory and potentially
  gather information to use in further attacks.

LINUX KERNEL TIME_OUT_LEASES PRINTK LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 15627
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15627
Summary:
  Linux kernel is susceptible to a local denial-of-service
  vulnerability.

  Local attackers may trigger this issue by obtaining numerous file-
  lock leases, which will consume excessive kernel log memory. Once
  the leases timeout, the event will be logged, and kernel memory will
  be consumed. This issue allows local attackers to consume excessive
  kernel memory, eventually leading to an out-of-memory condition and
  a denial of service for legitimate users. Kernel versions prior to
  2.6.15-rc3 are vulnerable to this issue.

LINUX KERNEL DIE_IF_KERNEL LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16993
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16993
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability. This issue is due to a design error in the
  'die_if_kernel()' function.

  This vulnerability allows local users to panic the kernel, denying
  further service to legitimate users.

  This issue affects Linux kernel versions prior to 2.6.15.6 running
  on Itanium systems.

MPLAYER MULTIPLE INTEGER OVERFLOW VULNERABILITIES
BugTraq ID: 17295
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17295
Summary:
  MPlayer is susceptible to two integer-overflow vulnerabilities. An
  attacker may exploit these issues to execute arbitrary code with the
  privileges of the user that activated the vulnerable application.
  This may help the attacker gain unauthorized access or escalate
  privileges.

  MPlayer version 1.0.20060329 is affected by these issues; other
  versions may also be affected.

MULTIPLE VENDOR AMD CPU LOCAL FPU INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 17600
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17600
Summary:
  Multiple vendors' operating systems are prone to a local information-
  disclosure vulnerability. This issue is due to a flaw in the
  operating systems that fail to properly use AMD CPUs.

  Local attackers may exploit this vulnerability to gain access to
  potentially sensitive information regarding other processes
  executing on affected computers. This may aid attackers in
  retrieving information regarding cryptographic keys or other
  sensitive information.

  This issue affects Linux and FreeBSD operating systems that use
  generations 7 and 8 AMD CPUs.

MYSQL SERVER STR_TO_DATE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18439
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18439
Summary:
  MySQL is susceptible to a remote denial-of-service vulnerability.
  This issue is due to a failure of the database server to properly
  handle unexpected input.

  This issue allows remote attackers to crash affected database
  servers, denying service to legitimate users. Attackers must be able
  to execute arbitrary SQL statements on affected servers, which
  requires valid credentials to connect to affected servers.

  Attackers may exploit this issue in conjunction with latent SQL-
  injection vulnerabilities in other applications.

  Versions of MySQL prior to 4.1.18, 5.0.19, and 5.1.6 are vulnerable
  to this issue.

  13.  Horde Application Framework Multiple Cross-Site Scripting
       Vulnerabilities BugTraq ID: 18436 Remote: Yes Last Updated:
       2006-06-14 Relevant URL:
       http://www.securityfocus.com/bid/18436 Summary: Horde is prone
       to multiple cross-site scripting vulnerabilities. These issues
       are due to a failure in the application to properly sanitize
       user-supplied input. An attacker may leverage these issues to
       have arbitrary script code execute in the browser of an
       unsuspecting user in the context of the affected site. This
       may help the attacker steal cookie-based authentication
       credentials and launch other attacks.

POSTGRESQL MULTIBYTE CHARACTER ENCODING SQL INJECTION VULNERABILITIES
BugTraq ID: 18092
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18092
Summary:
  PostgreSQL is prone to SQL-injection vulnerabilities. These issues
  are due to a potential mismatch of multibyte character conversions
  between PostgreSQL servers and client applications.

  A successful exploit could allow an attacker to execute arbitrary
  SQL statements on affected servers. This may allow the attacker to
  compromise the targeted computer, access or modify data, or exploit
  other latent vulnerabilities.

  PostgreSQL versions prior to 7.3.15, 7.4.13, 8.0.8, and 8.1.4 are
  vulnerable to these issues.

[ en fait il s'agit d'un work-around visant à protéger des applications
  mal écrites. Ne concerne que les bases en UNICODE.
]

SENDMAIL MALFORMED MIME MESSAGE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18433
Last Updated: 2006-06-15
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18433
Summary:
  Sendmail is prone to a denial-of-service vulnerability. This issue
  is due to a failure in the application to properly handle malformed
  multi-part MIME messages.

  An attacker can exploit this issue to crash the sendmail process
  during delivery.

SPAMASSASSIN VPOPMAIL AND PARANOID SWITCHES REMOTE COMMAND EXECUTION
BugTraq ID: 18290
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18290
Summary:
  SpamAssassin is prone to an arbitrary-command-execution
  vulnerability. This issue is due to an error in the application when
  processing a specially formatted input message when certain switches
  are set. An attacker can exploit this issue to execute arbitrary
  comannds on the vulnerable computer with the privileges of the
  affected application.

TIKIWIKI MULTIPLE INPUT VALIDATION VULNERABILITIES
BugTraq ID: 18421
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18421
Summary:
  TikiWiki is prone to multiple input-validation vulnerabilities.
  The issues include cross-site scripting and SQL-injection
  vulnerabilities. These issues are due to a failure in the
  application to properly sanitize user-supplied input. A
  successful exploit of these vulnerabilities could allow an
  attacker to compromise the application, access or modify data,
  steal cookie-based authentication credentials, or even exploit
  vulnerabilities in the underlying database implementation. Other
  attacks are also possible.

VIXIE CRON CRONTAB FILE DISCLOSURE VULNERABILITY
BugTraq ID: 13024
Last Updated: 2006-06-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/13024
Summary:
  Vixie cron crontab is reported prone to an information-disclosure
  vulnerability that may allow local attackers to access users'
  crontab files. Reportedly, this issue arises due to a design error
  resulting in the insecure creation of a temporary file in the '/tmp'
  directory. This occurs when crontab is executed with the '-e' option
  used for editing the current crontab. Attackers may leverage this
  issue to access potentially sensitive data, which they may use to
  carry out further attacks against a computer. Vixie cron 4.1-24_FC3
  running on Fedora Core 3 is reported vulnerable. Other versions on
  different operating systems may be affected as well. This issue may
  be specific to Red Hat operating systems and may be related to BID
  1845 (HP-UX crontab /tmp File Vulnerability).

W3C LIBWWW MULTIPLE VULNERABILITIES
BugTraq ID: 15035
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15035
Summary:
  W3C Libwww is prone to multiple vulnerabilities.

  These issues include a buffer-overflow vulnerability and some issues
  related to the handling of multipart/byteranges content. Libwww
  5.4.0 is reported to be vulnerable. Other versions may be affected
  as well. These issues may also be exploited through other
  applications that implement the library.

XPDF JPX STREAM READER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15721
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15721
Summary:
  The 'xpdf' utility is reported prone to a remote buffer-overflow
  vulnerability. This issue exists because the application fails to
  perform proper boundary checks before copying user-supplied data
  into process buffers. A remote attacker may execute arbitrary code
  in the context of a user running the application. As a result, the
  attacker can gain unauthorized access to the vulnerable computer.
  Reportedly, this issue presents itself in the
  'JPXStream::readCodestream' function residing in the
  'xpdf/JPXStream.cc' file. This issue is reported to affect xpdf
  3.01, but earlier versions are likely prone to this vulnerability as
  well. Applications using embedded xpdf code may also be vulnerable.

  The 'kpdf' utility reportedly incorporates vulnerable xpdf code.
  Version 0.5 of kpdf is prone to this issue, but other versions may
  also be affected.

ZOO MISC.C BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 16790
Last Updated: 2006-06-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16790
Summary:
  Zoo is prone to a buffer-overflow vulnerability. This issue is due
  to a failure in the application to do proper bounds checking on user-
  supplied data before using it in a finite-sized buffer.

  An attacker can exploit this issue to execute arbitrary code in the
  context of the victim user running the affected application.

WV2 REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18437
Last Updated: 2006-06-15
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18437
Summary:
  The wv2 library is susceptible to a remote buffer-overflow
  vulnerability. This issue is due to the library's failure to
  properly bounds-check user-supplied input before copying it to an
  insufficiently sized memory buffer.

  This issue allows remote attackers to execute arbitrary machine code
  in the context of applications that use the affected library to
  parse malicious Microsoft Word files.

  Version 0.2.2 of the wv2 library is vulnerable to this issue; other
  versions may also be affected.




More information about the gull-annonces mailing list