[gull-annonces] Résumé SecurityFocus Newsletter #337/#338/#339
Marc SCHAEFER
schaefer at alphanet.ch
Fri Mar 3 00:29:09 CET 2006
MySQL mysql_install_db Insecure Temporary File Creation Vulnerability
BugTraq ID: 13660
Remote: No
Last Updated: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/13660
Summary:
MySQL is reportedly affected by a vulnerability that can allow local
attackers to gain unauthorized access to the database or gain elevated
privileges. This issue results from a design error due to the creation of
temporary files in an insecure manner.
The vulnerability affects the 'mysql_install_db' script.
Due to the nature of the script, an attacker may create database accounts or
gain elevated privileges.
MySQL versions prior to 4.0.12 and MySQL 5.x releases 5.0.4 and prior are
reported to be affected.
powerd Remote Format String Vulnerability
BugTraq ID: 16582
Remote: Yes
Last Updated: 2006-02-12
Relevant URL: http://www.securityfocus.com/bid/16582
Summary:
A remote format-string vulnerability affects powerd. The application fails
to properly sanitize user-supplied input data before using it in a
formatted-printing function.
A remote attacker may leverage this issue to execute arbitrary code with
superuser privileges, facilitating the complete compromise of an affected
computer.
HP PSC 1210 All-in-One Driver Unspecified Vulnerability
BugTraq ID: 16583
Remote: No
Last Updated: 2006-02-10
Relevant URL: http://www.securityfocus.com/bid/16583
Summary:
HP PSC 1210 All-in-One printer driver is reportedly prone to an unspecified
vulnerability.
The cause and impact of this issue are currently unknown.
HP PSC 1210 All-in-One driver versions prior to 1.0.06 are vulnerable.
SUSE ld Insecure RPATH / RUNPATH Arbitrary Code Execution Vulnerability
BugTraq ID: 16581
Remote: No
Last Updated: 2006-02-10
Relevant URL: http://www.securityfocus.com/bid/16581
Summary:
SUSE ld is susceptible to an insecure RPATH / RUNPATH vulnerability.
This issue can allow attackers to place malicious libraries in a directory
and to trick users to execute an application from that directory, which
would be dynamically linked at run time when the application is executed.
This would result in the execution of arbitrary code with the privileges of
a user that executes the application.
Note that this issue is specific to SUSE.
OpenVMPS Logging Function Format String Vulnerability
BugTraq ID: 15072
Remote: Yes
Last Updated: 2006-02-10
Relevant URL: http://www.securityfocus.com/bid/15072
Summary:
OpenVMPS is affected by a remote format-string vulnerability. The
application fails to properly sanitize user-supplied input before using it
as the format specifier in a system-log entry.
Remote attackers may exploit this issue to execute arbitrary machine code in
the context of the affected service.
[ Open VLAN Policy Management Server ]
Linux Kernel Multiple Vulnerabilities
BugTraq ID: 12598
Remote: No
Last Updated: 2006-02-10
Relevant URL: http://www.securityfocus.com/bid/12598
Summary:
Linux Kernel is reported prone to multiple vulnerabilities. These issues may
allow a local attacker to carry out denial-of-service attacks, disclose
kernel memory, and potentially gain elevated privileges.
The following specific issues were identified:
- Reportedly, the filesystem Native Language Support ASCII translation table
is affected by a vulnerability that results from the use of incorrect tables
sizes. This issue can lead to a crash.
- Another issue affecting the kernel may allow users to unlock arbitrary
shared-memory segments.
- Another vulnerability is reported to affect the 'netfilter/iptables'
module. An attacker can exploit this issue to crash the kernel or bypass
firewall rules.
- Reportedly, a vulnerability affects the OUTS instruction on the AMD64 and
Intel EM64T architecture. This issue may lead to privilege escalation.
These issues reportedly affect Linux kernel 2.6.x versions.
Due to lack of details, further information is not available at the moment.
This BID will be updated when more information becomes available.
Info-ZIP UnZip File Name Buffer Overflow Vulnerability
BugTraq ID: 15968
Remote: Yes
Last Updated: 2006-02-10
Relevant URL: http://www.securityfocus.com/bid/15968
Summary:
Info-ZIP unzip is susceptible to a filename buffer-overflow vulnerability.
The application fails to properly bounds-check user-supplied data before
copying it into an insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary machine code in the context
of users running the affected application.
CGI.pm Start_Form Cross-Site Scripting Vulnerability
BugTraq ID: 8231
Remote: Yes
Last Updated: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/8231
Summary:
CGI.pm is prone to cross-site scripting attacks under some circumstances.
This issue occurs because the 'start_form()' function (or other functions
that use this function) does not sufficiently sanitize HTML and script code
when a form action isn't specified. This could expose scripts that use the
function to cross-site scripting attacks.
Safe.PM Unsafe Code Execution Vulnerability
BugTraq ID: 6111
Remote: No
Last Updated: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/6111
Summary:
When Perl code is executed within a Safe compartment, it cannot access
variables outside of the compartment unless the outside code chooses to
share the variables with the code inside the compartment.
If code inside a Safe compartment is executed via 'Safe->reval()' twice, it
can change its operation mask the second time. This could allow the code to
access variables outside the Safe compartment.
LibPNG Graphics Library PNG_Set_Strip_Alpha Buffer Overflow Vulnerability
BugTraq ID: 16626
Remote: Yes
Last Updated: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16626
Summary:
LibPNG is reported susceptible to a buffer-overflow vulnerability. The
library fails to perform proper bounds-checking of user-supplied input
before copying it to an insufficiently sized memory buffer.
This vulnerability may be exploited to execute attacker-supplied code in the
context of an application that relies on the affected library.
Gzip Zgrep Arbitrary Command Execution Vulnerability
BugTraq ID: 13582
Remote: Yes
Last Updated: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/13582
Summary:
The 'zgrep' utility is reportedly affected by an arbitrary command-execution
vulnerability.
An attacker may execute arbitrary commands through zgrep command arguments
to potentially gain unauthorized access to the affected computer. Note that
this issue poses a security threat only if the arguments originate from a
malicious source.
Version 1.2.4 was reported vulnerable. Other versions may be affected as
well.
bzip2 Remote Denial of Service Vulnerability
BugTraq ID: 13657
Remote: Yes
Last Updated: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/13657
Summary:
The 'bzip2' utility is prone to a remote denial-of-service vulnerability.
This issue arises when the application processes malformed archives.
A successful attack can exhaust system resources and trigger a
denial-of-service condition.
Version 1.0.2 is reportedly affected by this issue. Other version are likely
vulnerable as well.
BZip2 CHMod File Permission Modification Race Condition Weakness
BugTraq ID: 12954
Remote: No
Last Updated: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/12954
Summary:
The 'bzip2' utility is reported prone to a security weakness. The issue is
present only when an archive is extracted into a world- or group-writeable
directory. It is reported that bzip2 employs non-atomic procedures to write
a file and later changes the permissions on the newly extracted file.
A local attacker may leverage this issue to modify file permissions of
target files.
This weakness is reported to affect bzip2 version 1.0.2 and previous
versions.
Multiple D-Link Products IP Fragment Reassembly Denial of Service Vulnerability
BugTraq ID: 16621
Remote: Yes
Last Updated: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16621
Summary:
Multiple D-Link devices are susceptible to a remote denial-of-service
vulnerability. This issue is due to a flaw in affected devices that causes
them to fail when attempting to reassemble certain IP packets.
This issue allows remote attackers to crash and reboot affected devices,
denying service to legitimate users.
D-Link DI-524, DI-624, and Di-784 devices are affected by this issue. Due to
code reuse among routers, other devices may also be affected.
It is reported that US Robotics USR8054 devices are also affected.
[ firmware ]
Mozilla Suite, Firefox And Thunderbird Multiple Vulnerabilities
BugTraq ID: 14242
Remote: Yes
Last Updated: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/14242
Summary:
The Mozilla Foundation has released 12 security advisories specifying
security vulnerabilities in Mozilla Suite, Firefox, and Thunderbird.
These vulnerabilities allow attackers to execute arbitrary machine code in
the context of the vulnerable application, to bypass security checks, and to
execute script code in the context of targeted websites to disclose
confidential information; other attacks are also possible.
These vulnerabilities have been addressed in Firefox version 1.0.5 and in
Mozilla Suite 1.7.9. At this time, Mozilla Thunderbird has not been fixed.
The issues described here will be split into individual BIDs as further
analysis is completed. This BID will then be retired.
Reportedly, Netscape is also vulnerable to the issue described in MFSA
2005-47. Due to the nature of Netscape's fork from the Mozilla codebase,
Netscape is also likely affected by most if not all of the issues that
affect Mozilla Firefox. This has not been confirmed at this time.
NeoMail Neomail-prefs.PL Security Bypass Vulnerability
BugTraq ID: 16651
Remote: Yes
Last Updated: 2006-02-14
Relevant URL: http://www.securityfocus.com/bid/16651
Summary:
NeoMail is prone to a vulnerability that bypasses security settings.
An attacker can exploit this issue to create and delete arbitrary user
account directories.
This may aid an attacker in further attacks and may give users a false sense
of security, and lead to loss of data integrity.
Multiple Vendor C Library realpath() Off-By-One Buffer Overflow
Vulnerability
BugTraq ID: 8315
Remote: Yes
Last Updated: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/8315
Summary:
The 'realpath()' function is a C-library procedure to resolve the canonical,
absolute pathname of a file based on a path that may contain values such as
'/', './', '../', or symbolic links. A vulnerability that was reported to
affect the implementation of 'realpath()' in WU-FTPD has lead to the
discovery that at least one implementation of the C library is also
vulnerable. FreeBSD has announced that the off-by-one stack- buffer-overflow
vulnerability is present in their libc. Other systems are also likely
vulnerable.
Reportedly, this vulnerability has been successfully exploited against
WU-FTPD to execute arbitrary instructions.
** NOTE: Patching the C library alone may not remove all instances of this
vulnerability. Statically linked programs may need to be re-built with a
patched version of the C library. Also, some applications may implement
their own version of 'realpath()'. These applications would require their
own patches. FreeBSD has published a large list of applications that use
'realpath()'. Administrators of FreeBSD and other systems are urged to
review it. The advisory, FreeBSD-SA-03:08.realpath, is available in the
reference section.
SCPOnly Multiple Local Vulnerabilities
BugTraq ID: 16051
Remote: No
Last Updated: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16051
Summary:
The 'scponly' program is prone to multiple local vulnerabilities. These
issues can allow local attackers to gain elevated privileges.
The application is affected by a design error affecting the 'scponlyc'
binary.
An attacker can also issue malicious command-line arguments to 'rsync' or
scp to execute arbitrary applications with elevated privileges.
Successful exploitation of these issues can facilitate a complete compromise.
Honeyd IP Reassembly Remote Virtual Host Detection Vulnerability
BugTraq ID: 16595
Remote: Yes
Last Updated: 2006-02-13
Relevant URL: http://www.securityfocus.com/bid/16595
Summary:
Honeyd is prone to a virtual host-detection vulnerability.
The vulnerability presents itself in the IP reassembly code.
A successful attack may allow remote attackers to enumerate the existence of
simulated Honeyd hosts and then either target specific attacks against these
hosts or avoid them altogether.
This issue affects all versions of Honeyd prior to 1.5.
Squid Proxy Client NTLM Authentication Denial Of Service Vulnerability
BugTraq ID: 14977
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/14977
Summary:
Squid Proxy is prone to a denial-of-service vulnerability. This issue may
occur when the proxy handles certain client NTLM-authentication request
sequences.
Squid Proxy SSLConnectTimeout Remote Denial Of Service Vulnerability
BugTraq ID: 14731
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/14731
Summary:
A remote denial-of-service vulnerability affects the Squid Proxy. The
application fails to properly handle exceptional network requests.
A remote attacker may leverage this issue to crash the affected Squid Proxy,
denying service to legitimate users.
Apache MPM Worker.C Denial Of Service Vulnerability
BugTraq ID: 15762
Remote: Yes
Last Updated: 2006-02-18
Relevant URL: http://www.securityfocus.com/bid/15762
Summary:
Apache is prone to a memory leak, causing a denial-of-service vulnerability.
An attacker may consume excessive memory resources, resulting in a denial of
service for legitimate users.
Apache 2.x versions are vulnerable; other versions may also be affected.
OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
BugTraq ID: 14963
Remote: Yes
Last Updated: 2006-02-18
Relevant URL: http://www.securityfocus.com/bid/14963
Summary:
OpenSSH is susceptible to a remote denial of service vulnerability. This
issue is due to a design flaw when servicing timeouts related to the
'LoginGraceTime' server configuration directive.
Specifically, when 'LoginGraceTime', in conjunction with 'MaxStartups' and
'UsePrivilegeSeparation' are configured and enabled in the server, a
condition may arise where the server refuses further remote connection
attempts.
This issue may be exploited by remote attackers to deny SSH service to
legitimate users.
Squid Proxy NTLM Authentication Denial Of Service Vulnerability
BugTraq ID: 11098
Remote: Yes
Last Updated: 2006-02-18
Relevant URL: http://www.securityfocus.com/bid/11098
Summary:
Squid is reported to be susceptible to a denial of service vulnerability in
its NTLM authentication module.
This vulnerability presents itself when attacker supplied input data is
passed to the affected NTLM module without proper sanitization.
This vulnerability allows an attacker to crash the NTLM helper application.
Squid will respawn new helper applications, but with a sustained, repeating
attack, it is likely that proxy authentication depending on the NTLM helper
application would fail. Failure of NTLM authentication would result in the
Squid application denying access to legitimate users of the proxy.
Squid versions 2.x and 3.x are all reported to be vulnerable to this issue.
A patch is available from the vendor.
Linux Kernel ICMP_Send Remote Denial Of Service Vulnerability
BugTraq ID: 16532
Remote: Yes
Last Updated: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/16532
Summary:
Linux kernel is prone to a remote denial-of-service vulnerability.
Remote attackers can exploit this vulnerability to crash affected kernels,
effectively denying service to legitimate users.
Linux kernel versions 2.6.15.2 and prior in the 2.6 series are vulnerable to
this issue.
Linux Kernel DM-Crypt Local Information Disclosure Vulnerability
BugTraq ID: 16301
Remote: No
Last Updated: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/16301
Summary:
The Linux kernel 'dm-crypt' module is susceptible to a local
information-disclosure vulnerability. This issue is due to the module's
failure to properly zero-sensitive memory buffers before freeing the memory.
This issue may allow local attackers to gain access to potentially sensitive
memory that contains information on the cryptographic key used for the
encrypted storage. This may aid attackers in further attacks.
This issue affects the 2.6 series of the Linux kernel.
ClamAV FSG Compressed Executable Infinite Loop Denial Of Service
Vulnerability
BugTraq ID: 14867
Remote: Yes
Last Updated: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/14867
Summary:
ClamAV is prone to a remote denial-of-service vulnerability. This issue
occurs when the application handles a malformed FSG-compressed executable.
Exploitation could cause the application to enter an infinite loop,
resulting in a denial of service.
Linux Kernel DVB Driver Local Buffer Overflow Vulnerability
BugTraq ID: 16142
Remote: No
Last Updated: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/16142
Summary:
Linux kernel is prone to a local buffer-overflow vulnerability. This issue
is due to a flaw in the DVB (Digital Video Broadcasting) driver subsystem.
This issue is exploitable only on computers with the affected DVB module
compiled, enabled, and accessible to local malicious users.
A successful attack may result in a denial-of-service condition or possibly
arbitrary code execution in the context of the local kernel.
Linux kernel versions prior to 2.6.15 in the 2.6 series are considered
vulnerable to this issue.
Linux Kernel Sysctl_String Local Buffer Overflow Vulnerability
BugTraq ID: 16141
Remote: No
Last Updated: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/16141
Summary:
Linux kernel is prone to a local buffer-overflow vulnerability. This issue
is due to an off-by-one error in the 'sysctl' subsystem.
A successful attack may result in a denial-of-service condition or possibly
arbitrary code execution in the context of the local kernel.
Linux kernel versions prior to 2.6.15 in the 2.6 series are considered
vulnerable to this issue.
ClamAV UPX Compressed Executable Buffer Overflow Vulnerability
BugTraq ID: 14866
Remote: Yes
Last Updated: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/14866
Summary:
ClamAV is prone to a remote buffer-overflow vulnerability. This condition
occurs when the program processes malformed UPX-compressed executables.
Successful exploitation may result in the execution of arbitrary code in the
context of the application.
Linux Kernel mq_open System Call Unspecified Denial of Service
Vulnerability
BugTraq ID: 16283
Remote: No
Last Updated: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/16283
Summary:
Linux kernel 'mq_open()' system call is prone to a local denial-of-service
vulnerability. Further information is not currently available. This record
will be updated when more details are disclosed.
This issue affects Linux kernel 2.6.9. Earlier kernel versions may be
affected.
Linux Kernel IPV6 Local Denial of Service Vulnerability
BugTraq ID: 15156
Remote: No
Last Updated: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/15156
Summary:
Linux Kernel is reported prone to a local denial-of-service vulnerability.
This issue arises from an infinite loop when binding IPv6 UDP ports.
Apache libapreq2 Quadratic Behavior Denial of Service Vulnerability
BugTraq ID: 16710
Remote: Yes
Last Updated: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/16710
Summary:
libapreq2 is prone to a vulnerability that may allow attackers to trigger a
denial-of-service condition.
libapreq2 versions prior to 2.0.7 are vulnerable.
XFree86 Pixmap Allocation Local Privilege Escalation Vulnerability
BugTraq ID: 14807
Remote: No
Last Updated: 2006-02-17
Relevant URL: http://www.securityfocus.com/bid/14807
Summary:
XFree86 is prone to a buffer overrun in its pixmap-processing code.
This issue can potentially allow an attacker to execute arbitrary code and
to escalate privileges. An attacker may possibly gain superuser privileges
by exploiting this issue.
Squid Proxy Aborted Requests Remote Denial Of Service Vulnerability
BugTraq ID: 14761
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/14761
Summary:
A remote denial-of-service vulnerability affects the Squid Proxy.
The problem arises under certain circumstances while handling aborted
requests.
A remote attacker may leverage this issue to crash the affected Squid Proxy,
denying service to legitimate users.
Squid Proxy Failed DNS Lookup Random Error Messages Information
Disclosure Vulnerability
BugTraq ID: 11865
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/11865
Summary:
Squid Proxy is reported prone to an information-disclosure vulnerability.
This issue may allow an attacker to gain access to potentially sensitive
information.
An attacker can trigger this condition by supplying malformed host names to
the proxy. The attacker may use information gathered through exploiting this
condition to carry out further attacks against the application or other
users.
This vulnerability is reported to affect Squid 2.5, but other versions may
be affected as well.
Squid Proxy Unspecified DNS Spoofing Vulnerability
BugTraq ID: 13592
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/13592
Summary:
Squid Proxy is prone to an unspecified DNS-spoofing vulnerability. This
could allow malicious users to perform DNS-spoofing attacks on Squid Proxy
clients on unprotected networks.
This issue affects Squid Proxy versions 2.5 and earlier.
Squid cachemgr.cgi Unauthorized Connection Vulnerability
BugTraq ID: 2059
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/2059
Summary:
The 'cachemgr.cgi' module is a management interface for the Squid proxy
service. It was installed by default in '/cgi-bin' by Red Hat Linux 5.2 and
6.0 installed with Squid. This script prompts for a host and port, which it
then tries to connect to. If a webserver such as Apache is running, this can
be used to connect to arbitrary hosts and ports, allowing for potential use
as an intermediary in denial-of-service attacks, proxied port scans, etc.
Interpreting the output of the script can allow the attacker to determine
whether or not a connection was established.
Squid Proxy Aborted Connection Remote Denial Of Service Vulnerability
BugTraq ID: 13166
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/13166
Summary:
A remote denial-of-service vulnerability affects the Squid Proxy. The
application fails to properly handle exceptional network requests. The
problem presents itself when a remote attacker prematurely aborts a
connection during a PUT or POST request.
A remote attacker may leverage this issue to crash the affected Squid Proxy,
denying service to legitimate users.
GNU Tar Hostile Destination Path Variant Vulnerability
BugTraq ID: 5834
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/5834
Summary:
GNU Tar 1.13.25 contains a vulnerability in the handling of pathnames for
archived files.
By specifying a path for an archived item which points outside the expected
directory scope, the creator of the archive can cause the file to be
extracted to arbitrary locations on the filesystem - including paths
containing system binaries and other sensitive or confidential information.
This can be used to create or overwrite binaries in any desired location.
This issue is a variant of the vulnerability described in BID 3024. It is
not known whether earlier versions are also affected by this variant.
Squid Proxy Set-Cookie Headers Information Disclosure Vulnerability
BugTraq ID: 12716
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/12716
Summary:
Squid Proxy is prone to an information-disclosure vulnerability.
Reportedly, remote attackers may gain access to Set-Cookie headers related
to another user. Information gathered through exploiting this issue may aid
in further attacks against services related to the cookie, potentially
allowing for session hijacking.
Squid Proxy 2.5 STABLE7 to 2.5 STABLE9 are vulnerable to this issue.
Squid Proxy DNS Name Resolver Remote Denial Of Service Vulnerability
BugTraq ID: 12551
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/12551
Summary:
A remote denial-of-service vulnerability is reported to exist in Squid. The
issue is reported to present itself when the affected server performs a
Fully Qualify Domain Name (FQDN) lookup and receives an unexpected response.
The vendor reports that under the above circumstances, the affected service
will crash due to an assertion error, effectively denying service to
legitimate users.
SuSE xscreensaver Package Multiple Vulnerabilities
BugTraq ID: 9125
Remote: No
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/9125
Summary:
SuSE have reported that xscreensaver packages shipped with SuSE Linux 9.0,
are prone to multiple vulnerabilities. These issues include a crash when
xscreensaver is handling the verification of authentication credentials.
SuSE has also reported that xscreensaver is prone to several insecure
temporary file creation vulnerabilities.
Linux Kernel SDLA IOCTL Unauthorized Local Firmware Access Vulnerability
BugTraq ID: 16304
Remote: No
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16304
Summary:
The Linux kernel is susceptible to a local access validation vulnerability
in the SDLA driver.
This issue allows local users with the 'CAP_NET_ADMIN' capability, but
without the 'CAP_SYS_RAWIO' capability to read and write to the SDLA device
firmware. This may cause a denial of service issue if attackers write an
invalid firmware. Other attacks may also be possibly by writing modified
firmware files.
Linux Kernel IPv6 FlowLable Denial Of Service Vulnerability
BugTraq ID: 15729
Remote: No
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/15729
Summary:
Linux Kernel is prone to a local denial-of-service vulnerability.
Local attackers can exploit this vulnerability to corrupt kernel memory or
free non-allocated memory. Successful exploitation will result in a crash of
the kernel, effectively denying service to legitimate users.
Linux Kernel NAT Handling Memory Corruption Denial of Service
Vulnerability
BugTraq ID: 15531
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/15531
Summary:
Linux Kernel is reported prone to a denial of service vulnerability.
Due to a design error in the kernel an attacker can cause a memory
corruption, utilmately crashing the kernel, denying service to legitimate
users.
Squid Proxy WCCP recvfrom() Buffer Overflow Vulnerability
BugTraq ID: 12432
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/12432
Summary:
The Squid proxy server is vulnerable to a remotely exploitable
buffer-overflow vulnerability. The vulnerability resides in Squid's
implementation of WCCP (web cache communication protocol), a UDP-based web
cache management protocol. The condition is triggered when the server reads
a packet that is larger than the size of the buffer allocated to store it.
This can occur because 'recvfrom()' is passed an incorrect value for its
'len' argument.
Linux Kernel IP_VS_CONN_FLUSH Local Denial of Service Vulnerability
BugTraq ID: 15528
Remote: No
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/15528
Summary:
Linux Kernel is reported prone to a local denial-of-service vulnerability.
Reports indicate that the 'ip_vs_conn_flush' function may allow local users
to cause a denial of service due to a NULL-pointer dereference.
Kernel versions prior to 2.6.13 and 2.4.32-pre2 are affected.
Squid Proxy Malformed HTTP Header Parsing Cache Poisoning Vulnerability
BugTraq ID: 12433
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/12433
Summary:
Squid Proxy is reported prone to a cache-poisoning vulnerability when
processing malformed HTTP requests and responses. This issue results from
insufficient sanitization of user-supplied data.
Squid versions 2.5 and earlier are reported prone to this issue.
GNU wget Multiple Remote Vulnerabilities
BugTraq ID: 11871
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/11871
Summary:
Mutliple remote vulnerabilities reported affects GNU wget. These issues are
due to a failure of the application to properly sanitize user-supplied input
and to properly validate the existence of files prior to writing to them..
The first issue is a potential directory traversal issue. The second issue
is an arbitrary file overwriting vulnerability. The final issue is weakness
caused by a failure of the application to filter potentially malicious
characters from server-supplied input.
These issues may be exploited by a malicious server to arbitrarily overwrite
files in the current directory and potentially write outside of the current
directory. This may facilitate file corruption, denial of service and
further attacks against the affected computer. Any file overwriting would
take place with the privileges of the user that activates the vulnerable
application.
Squid Proxy Oversize HTTP Headers Unspecified Remote Vulnerability
BugTraq ID: 12412
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/12412
Summary:
A remote unspecified vulnerability reportedly affects Squid Proxy. This
issue is due to the application's failure to properly handle malformed HTTP
headers.
The impact of this issue is currently unknown. This BID will be updated when
more information becomes available.
Squid Proxy squid_ldap_auth Authentication Bypass Vulnerability
BugTraq ID: 12431
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/12431
Summary:
Squid Proxy is reported prone to an authentication-bypass vulnerability.
This issue seems to result from insufficient input validation.
The 'squid_ldap_auth' module is reported affected by this issue. A remote
attacker may gain unauthorized access or gain elevated privileges from
bypassing access controls.
Squid versions 2.5 and earlier are reported prone to this vulnerability.
Squid Proxy Malformed NTLM Type 3 Message Remote Denial of Service
Vulnerability
BugTraq ID: 12220
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/12220
Summary:
Squid is reported to be susceptible to a denial-of-service vulnerability in
its NTLM authentication module. This vulnerability presents itself when an
attacker sends a malformed NTLM Type 3 message to Squid.
Failure of NTLM authentication would result in the Squid application denying
access to legitimate users of the proxy.
This vulnerability affects Squid 2.5.
Squid Proxy NTLM Fakeauth_Auth Memory Leak Remote Denial Of Service
Vulnerability
BugTraq ID: 12324
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/12324
Summary:
Squid is reported to be susceptible to a denial-of-service vulnerability in
its NTLM authentication module.
This vulnerability presents itself when an attacker sends unspecified NTLM
data to Squid. The issue is caused by a memory leak -- memory allocated to
store a base64-decoded string is not freed.
Presumably, this issue allows an attacker to cause the NTLM helper
application to run out of memory and fail.
Linux Kernel Stack Fault Exceptions Unspecified Local Denial of Service
Vulnerability
BugTraq ID: 14467
Remote: No
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/14467
Summary:
Linux kernel is reported prone to an unspecified local denial of service
vulnerability.
It was reported that this issue arises when a local user triggers stack
fault exceptions. A local attacker may exploit this issue to carry out a
denial of service attack against a vulnerable computer by crashing the
kernel.
Squid Proxy Web Cache Communication Protocol Denial Of Service
Vulnerability
BugTraq ID: 12275
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/12275
Summary:
A remote denial-of-service vulnerability affects the Web Cache Communication
Protocol (WCCP) functionality of Squid Proxy. This issue is due to the
application's failure to handle unexpected network data.
A remote attacker may leverage this issue to crash the affected Squid Proxy,
denying service to legitimate users.
UPDATE: This issue was thought to result from a call to the 'recvfrom()'
function. This has turned out to be incorrect; the buffer overflow from the
call to 'recvfrom()' has been determined to be a new vulnerability (BID
12432).
Squid Proxy Gopher To HTML Remote Buffer Overflow Vulnerability
BugTraq ID: 12276
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/12276
Summary:
A remote buffer-overflow vulnerability affects the Gopher-to-HTML
functionality of Squid Proxy. This issue is due to the application's failure
to properly validate the length of user-supplied strings before copying them
into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the vulnerable application. This may facilitate unauthorized
access or privilege escalation.
Metamail Message Processing Remote Buffer Overflow Vulnerability
BugTraq ID: 16611
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16611
Summary:
Metamail is prone to a remote buffer overflow vulnerability.
This issue arises when the application handles messages with large string
values for boundaries.
This can cause memory corruption and trigger a crash in the application.
Although unconfirmed, this issue may lead to arbitrary code execution.
Metamail 2.7 is reportedly vulnerable, however, other versions may be
affected as well.
Squid Proxy SNMP ASN.1 Parser Denial Of Service Vulnerability
BugTraq ID: 11385
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/11385
Summary:
Squid is reported susceptible to a denial-of-service vulnerability in its
SNMP ASN.1 parser. SNMP support is not enabled by default as provided by the
vendor, but may be enabled by default when Squid is included as a binary
application in certain unconfirmed operating systems.
This vulnerability allows remote attackers to crash affected Squid proxies
with single UDP datagrams that may be spoofed. Squid will attempt to restart
itself automatically, but an attacker sending repeated malicious SNMP
packets can effectively deny service to legitimate users.
Squid versions 2.5-STABLE6 and earlier, as well as 3.0-PRE3-20040702, are
reported vulnerable to this issue.
Squid Proxy NTLM Authentication Buffer Overflow Vulnerability
BugTraq ID: 10500
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/10500
Summary:
Squid Web Proxy Cache is reportedly affected by a buffer-overflow
vulnerability when processing NTLM authentication credentials. The
application fails to properly validate buffer boundaries when copying
user-supplied input.
This would allow an attacker to modify stack-based process memory to cause a
denial-of-service condition and execute arbitrary code in the context of the
vulnerable web proxy. This will most likely facilitate unauthorized access
to the affected computer.
Mozilla Thunderbird Address Book Import Remote Denial of Service Vulnerability
BugTraq ID: 16716
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16716
Summary:
Mozilla Thunderbird is prone to a remote denial-of-service vulnerability.
The issue presents itself when the application handles a specially crafted
address book file.
Mozilla Thunderbird 1.5 is reportedly affected by this issue. Other versions
may be vulnerable as well.
Todd Miller sudo Local Privilege Escalation Vulnerability
BugTraq ID: 15191
Remote: No
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/15191
Summary:
Sudo is prone to a local privilege-escalation vulnerability.
The vulnerability presents itself because the application fails to properly
sanitize malicious data supplied through environment variables.
A successful attack may result in a complete compromise.
awstats Referrer Arbitrary Command Execution Vulnerability
BugTraq ID: 14525
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/14525
Summary:
AWStats is affected by an arbitrary command-execution vulnerability. This
issue is due to a failure in the application to properly sanitize
user-supplied input.
Successful exploitation of this vulnerability will permit an attacker to
execute arbitrary Perl code on the system hosting the affected application
in the security context of the webserver process. This may aid in further
attacks against the underlying system; other attacks are also possible.
Note that this vulnerability is possible only if the affected application
has at least one URLPlugin enabled.
LibTIFF TIFFOpen Buffer Overflow Vulnerability
BugTraq ID: 13585
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/13585
Summary:
LibTIFF is prone to a buffer-overflow vulnerability. The issue occurs in the
'TIFFOpen()' function when malformed TIFF files are opened. Successful
exploitation could lead to arbitrary code execution.
Linux Kernel SDLA_XFER Kernel Memory Disclosure Vulnerability
BugTraq ID: 16759
Remote: No
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16759
Summary:
The Linux kernel is affected by a local memory-disclosure vulnerability.
This issue allows an attacker to read kernel memory. Information gathered
via exploitation may aid malicious users in further attacks.
This issue affects kernel versions 2.4.x up to 2.4.29-rc1, and 2.6.x up to
2.6.5.
PEAR::Auth Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 16758
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16758
Summary:
PEAR::Auth is prone to multiple unspecified SQL injection vulnerabilities.
This vulnerability could permit remote attackers to pass malicious input to
database queries, resulting in modification of query logic or other attacks.
Successful exploitation could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
PEAR::Auth versions prior to 1.2.4 and prior to 1.3.0r4 are vulnerable.
Bugzilla User Credentials Information Disclosure Vulnerability
BugTraq ID: 16745
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16745
Summary:
Bugzilla is prone to an information disclosure vulnerability. This issue is
due to a design error in the application.
An attacker can exploit this issue by tricking a victim user into following
a malicious URI and retrieve the victim user's login credentials.
Successful exploitation of this issue requires the name of the path where
the login page resides, resolves to a computer on the local network of the
victim user.
Mozilla Firefox HTML Parsing Denial of Service Vulnerability
BugTraq ID: 16741
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16741
Summary:
Mozilla Firefox is prone to a denial of service condition when parsing
certain malformed HTML content. Successful exploitation will cause the
browser to fail or hang.
This issue may be related to BID 11440 Mozilla Invalid Pointer Dereference
Vulnerability, however, this has not been confirmed.
Mozilla Firefox versions prior to 1.5.0.1 are prone to this issue.
Bugzilla Whinedays SQL Injection Vulnerability
BugTraq ID: 16738
Remote: Yes
Last Updated: 2006-02-21
Relevant URL: http://www.securityfocus.com/bid/16738
Summary:
Bugzilla is prone to an SQL-injection vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input before
using it in an SQL query.
Successful exploitation could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
Exploitation of this issue requires the attacker to have administrative
access to the affected application.
OpenSSH SCP Shell Command Execution Vulnerability
BugTraq ID: 16369
Remote: Yes
Last Updated: 2006-02-20
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
OpenSSH is susceptible to an SCP shell command-execution vulnerability. This
issue is due to the application's failure to properly sanitize user-supplied
input before using it in a 'system()' function call.
This issue allows attackers to execute arbitrary shell commands with the
privileges of users executing a vulnerable version of SCP.
This issue reportedly affects version 4.2 of OpenSSH. Other versions may
also be affected.
PostgreSQL Remote SET ROLE Privilege Escalation Vulnerability
BugTraq ID: 16649
Remote: Yes
Last Updated: 2006-02-20
Relevant URL: http://www.securityfocus.com/bid/16649
Summary:
PostgreSQL is susceptible to a remote privilege-escalation vulnerability.
This issue is due to a flaw in the error path of the 'SET ROLE' function.
This issue allows remote attackers with database access to gain
administrative access to affected database servers. Since such access also
allows filesystem access, other attacks against the underlying operating
system may also be possible.
Fedora Directory Server Password Information Disclosure Vulnerability
BugTraq ID: 16729
Remote: Yes
Last Updated: 2006-02-20
Relevant URL: http://www.securityfocus.com/bid/16729
Summary:
Fedora Directory Server is prone to an information disclosure vulnerability.
This issue is due to a failure in the application to do proper access
validation before granting access to sensitive and privileged information.
An attacker can exploit this vulnerability to obtain escalated privileges
within the context of the server application. Information obtained may aid
in further attacks against the underlying system; other attacks are also
possible.
Tin News Reader Buffer Overflow Vulnerability
BugTraq ID: 16728
Remote: Yes
Last Updated: 2006-02-20
Relevant URL: http://www.securityfocus.com/bid/16728
Summary:
The Tin news reader is prone to a buffer-overflow vulnerability. This issue
is due to a failure in the application to do proper boundary checks on
user-supplied data before using it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary code on the victim
userâ??s computer in the context of the victim user. This may facilitate a
compromise of the affected computer.
Versions 1.8.0 and earlier are vulnerable.
Thomson SpeedTouch 500 Series Cross-Site Scripting Vulnerability
BugTraq ID: 16839
Remote: Yes
Last Updated: 2006-02-25
Relevant URL: http://www.securityfocus.com/bid/16839
Summary:
The SpeedTouch 500 series are prone to a cross-site scripting vulnerability.
This issue is due to a failure in the devices to properly sanitize
user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed
in the browser of an unsuspecting user in the context of the affected site.
This may facilitate the compromise of the device.
[ firmware ]
DCI-Taskeen Multiple SQL Injection Vulnerabilities
BugTraq ID: 16828
Remote: Yes
Last Updated: 2006-02-25
Relevant URL: http://www.securityfocus.com/bid/16828
Summary:
DCI-Taskeen is prone to multiple SQL-injection vulnerabilities. These issues
are due to a failure in the application to properly sanitize user-supplied
input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in the
underlying database implementation.
Ethereal GTP Protocol Dissector Denial of Service Vulnerability
BugTraq ID: 16076
Remote: Yes
Last Updated: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/16076
Summary:
The Ethereal GTP protocol dissector is prone to a remotely exploitable
denial-of-service vulnerability.
Successful exploitation will cause a denial-of-service condition in the
Ethereal application.
Further details are not currently available. This BID will be updated as
more information is disclosed.
Ethereal OSPF Protocol Dissection Stack Buffer Overflow Vulnerability
BugTraq ID: 15794
Remote: Yes
Last Updated: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/15794
Summary:
A remote buffer-overflow vulnerability affects Ethereal. This issue is due
to the application's failure to securely copy network-derived data into
sensitive process buffers. The specific issue occurs in the OSPF dissector.
An attacker may exploit this issue to execute arbitrary code with the
privileges of the user that activated the vulnerable application. This may
facilitate unauthorized access or privilege escalation.
Apache mod_ssl Custom Error Document Remote Denial Of Service
Vulnerability
BugTraq ID: 16152
Remote: Yes
Last Updated: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/16152
Summary:
Apache's mod_ssl module is susceptible to a remote denial-of-service
vulnerability. A flaw in the module results in a NULL-pointer dereference
that causes the server to crash. This issue is present only when virtual
hosts are configured with a custom 'ErrorDocument' statement for '400'
errors or 'SSLEngine optional'.
Depending on the configuration of Apache, attackers may crash the entire
webserver or individual child processes. Repeated attacks are required to
deny service to legitimate users when Apache is configured for multiple
child processes to handle connections.
This issue affects Apache 2.x versions.
Apache mod_imap Referer Cross-Site Scripting Vulnerability
BugTraq ID: 15834
Remote: Yes
Last Updated: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/15834
Summary:
Apache's mod_imap module is prone to a cross-site scripting vulnerability.
This issue is due to the module's failure to properly sanitize user-supplied
input.
An attacker may leverage this issue to have arbitrary script code executed
in the browser of an unsuspecting user in the context of the affected site.
This may facilitate the theft of cookie-based authentication credentials as
well as other attacks.
sudo Python Environment Variable Handling Security Bypass Vulnerability
BugTraq ID: 16184
Remote: No
Last Updated: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/16184
Summary:
sudo is prone to a security-bypass vulnerability that could lead to
arbitrary code execution. This issue is due to an error in the application
when handling environment variables.
A local attacker with the ability to run Python scripts can exploit this
vulnerability to gain access to an interactive Python prompt. That attacker
may then execute arbitrary code with elevated privileges, facilitating the
complete compromise of affected computers.
An attacker must have the ability to run Python scripts through Sudo to
exploit this vulnerability.
This issue is similar to BID 15394 (Sudo Perl Environment Variable Handling
Security Bypass Vulnerability).
GNUTLS libtasn1 DER Decoding Denial of Service Vulnerabilities
BugTraq ID: 16568
Remote: Yes
Last Updated: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/16568
Summary:
libtasn1 is prone to multiple denial-of-service vulnerabilities. A remote
attacker can send specifically crafted data to trigger these flaws, leading
to denial-of-service condition.
These issues have been addressed in Libtasn1 versions 0.2.18; earlier
versions are vulnerable.
GnuPG Detached Signature Verification Bypass Vulnerability
BugTraq ID: 16663
Remote: Yes
Last Updated: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/16663
Summary:
GnuPG is affected by a detached signature verification-bypass vulnerability.
This issue is due to the application's failure to properly notify scripts
that an invalid detached signature was presented and that the verification
process has failed.
This issue allows attackers to bypass the signature-verification process
used in some automated scripts. Depending on the use of GnuPG, this may
result in a false sense of security, the installation of malicious packages,
the execution of attacker-supplied code, or other attacks.
Todd Miller sudo Local Race Condition Vulnerability
BugTraq ID: 13993
Remote: No
Last Updated: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/13993
Summary:
sudo is prone to a local race-condition vulnerability. The issue manifests
itself only under certain conditions, specifically, when the 'sudoers'
configuration file contains a pseudo-command 'ALL' that directly follows a
user's 'sudoers' entry.
When such a configuration exists, local attackers may leverage this issue to
execute arbitrary executables with escalated privileges. Attackers may
achieve this by creating symbolic links to target files.
zoo misc.c Buffer Overflow Vulnerability
BugTraq ID: 16790
Remote: Yes
Last Updated: 2006-02-24
Relevant URL: http://www.securityfocus.com/bid/16790
Summary:
zoo is prone to a buffer-overflow vulnerability. This issue is due to a
failure in the application to do proper bounds checking on user-supplied
data before using it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary code in the context
of the victim user running the affected application.
Linux Kernel procfS Kernel Memory Disclosure Vulnerability
BugTraq ID: 16284
Remote: No
Last Updated: 2006-02-28
Relevant URL: http://www.securityfocus.com/bid/16284
Summary:
The Linux kernel is affected by a local memory-disclosure vulnerability.
This issue allows an attacker to read kernel memory. Information gathered
via exploitation may aid malicious users in further attacks.
This issue affects the 2.6 series of the Linux kernel, prior to 2.6.15.
Linux Kernel ipv6_input_finish() Remote Denial Of Service Vulnerability
BugTraq ID: 16043
Remote: Yes
Last Updated: 2006-02-28
Relevant URL: http://www.securityfocus.com/bid/16043
Summary:
Linux kernel is prone to a remote denial of service vulnerability.
Remote attackers can exploit this to leak kernel memory. Successful
exploitation will result in a crash of the kernel, effectively denying
service to legitimate users.
Linux kernel versions 2.6.12.5 and prior in the 2.6 series are vulnerable to
this issue.
Linux Kernel icmp_push_reply() Remote Denial Of Service Vulnerability
BugTraq ID: 16044
Remote: Yes
Last Updated: 2006-02-28
Relevant URL: http://www.securityfocus.com/bid/16044
Summary:
Linux kernel is prone to a remote denial of service vulnerability.
Remote attackers can exploit this to leak kernel memory. Successful
exploitation will result in a crash of the kernel, effectively denying
service to legitimate users.
Linux kernel versions 2.6.12.5 and prior in the 2.6 series are vulnerable to
this issue.
Linux Kernel NFS ACL Access Control Bypass Vulnerability
BugTraq ID: 16570
Remote: Yes
Last Updated: 2006-02-28
Relevant URL: http://www.securityfocus.com/bid/16570
Summary:
The Linux kernel's NFS implementation is susceptible to a remote
access-control-bypass vulnerability. This issue is due to a failure to
validate the privileges of remote users before setting ACLs.
This issue allows remote attackers to improperly alter ACLs on NFS
filesystems, allowing them to bypass access controls. Disclosure of
sensitive information, modification of arbitrary files, and other attacks
are possible.
Kernel versions prior to 2.6.14.5 in the 2.6 kernel series are vulnerable to
this issue.
Linux Kernel set_mempolicy() Local Denial of Service Vulnerability
BugTraq ID: 16135
Remote: No
Last Updated: 2006-02-28
Relevant URL: http://www.securityfocus.com/bid/16135
Summary:
Linux kernel is prone to a local denial-of-service vulnerability.
This issue affects the 'set_mempolicy()' function of the 'mm/mempolicy.c'
file.
Successful exploitation causes the kernel to crash, leading to a
denial-of-service condition.
Linux Kernel find_target Local Denial Of Service Vulnerability
BugTraq ID: 14965
Remote: No
Last Updated: 2006-02-28
Relevant URL: http://www.securityfocus.com/bid/14965
Summary:
A local denial-of-service vulnerability affects the 'find_target()' function
of the Linux kernel. This issue is due to this function's failure to
properly handle unexpected conditions when trying to handle a NULL return
value from another function.
Local attackers may exploit this vulnerability to trigger a kernel crash,
denying service to legitimate users.
This issue likely affects only the x86_64 architecture.
Linux NFS rpc.statd Remote Denial Of Service Vulnerability
BugTraq ID: 11785
Remote: Yes
Last Updated: 2006-02-28
Relevant URL: http://www.securityfocus.com/bid/11785
Summary:
It is reported that 'rpc.statd' is vulnerable to a remote denial-of-service
vulnerability.
This vulnerability allows remote attackers to crash the affected
application. This may result in the failure to clean up NFS network locks,
possibly resulting in denied access to files, because they may be considered
permanently locked.
Version 1.0.6 of nfs-utils is reported vulnerable to this issue. Other
versions may also be affected.
Mozilla Browser/Firefox XBM Image Processing Heap Overflow Vulnerability
BugTraq ID: 14916
Remote: Yes
Last Updated: 2006-02-28
Relevant URL: http://www.securityfocus.com/bid/14916
Summary:
Mozilla and Firefox browsers are prone to a heap overflow when processing
malformed XBM images. Successful exploitation can result in arbitrary code
execution.
Linux Kernel procfs Local Information Disclosure Vulnerability
BugTraq ID: 11937
Remote: No
Last Updated: 2006-02-28
Relevant URL: http://www.securityfocus.com/bid/11937
Summary:
The Linux kernel /proc filesystem is reported susceptible to an
information-disclosure vulnerability. This issue is due to a race-condition
allowing unauthorized access to potentially sensitive process information.
This vulnerability may allow malicious local users to gain access to
potentially sensitive environment variables in other users processes. Since
some programs pass passwords and other sensitive information in environment
variables, this may aid a malicious user in further attacks.
Further details are unavailable at this time. This BID will be updated as
further analysis is completed.
PerlBlog Multiple Input Validation and Information Disclosure
Vulnerabilities
BugTraq ID: 16707
Remote: Yes
Last Updated: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16707
Summary:
PerlBlog is prone to multiple input-validation and information-disclosure
vulnerabilities. These issues are due to a failure in the application to
properly sanitize user-supplied input.
An attacker can exploit these issues to execute arbitrary attacker-supplied
HTML and script code in the browser of a victim user, read arbitrary '.txt'
files, and create arbitrary files on the affected computer all in the
context of the webserver process.
Successful exploitation of these issues may allow an attacker to steal
cookie-based authentication credentials, to control how the site is rendered
to the user, to retrieve sensitive information, and to execute arbitrary
script code in the context of the webserver process; other attacks are also
possible.
xpdf Multiple Unspecified Vulnerabilities
BugTraq ID: 16748
Remote: Yes
Last Updated: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16748
Summary:
The 'xpdf' utility is reportedly prone to multiple unspecified security
vulnerabilities. The cause and impact of these issues are currently unknown.
All versions of xpdf are considered vulnerable at the moment. This BID will
update when more information becomes available.
Linux NFS 64-Bit Architecture Remote Buffer Overflow Vulnerability
BugTraq ID: 11911
Remote: Yes
Last Updated: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/11911
Summary:
A remote buffer overflow reportedly affects the disk quota functionality of
the Linux NFS utilities. This issue is due to the software's failure to
properly validate the length of user-supplied strings before copying them
into static process buffers.
An attacker may leverage this issue to execute arbitrary code on an affected
computer with superuser privileges. This may be exploited to gain
unauthorized access or privilege escalation.
Mozilla Firefox Large History File Buffer Overflow Vulnerability
BugTraq ID: 15773
Remote: Yes
Last Updated: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/15773
Summary:
Mozilla Firefox is reportedly prone to a remote denial-of-service
vulnerability.
This issue presents itself when the browser handles a large entry in the
'history.dat' file. An attacker may trigger this issue by enticing a user to
visit a malicious website and by supplying excessive data to be stored in
the affected file.
This may cause a denial-of-service condition.
**UPDATE: Proof-of-concept exploit code has been published. The author of
the code attributes the crash to a buffer-overflow condition. Symantec has
not reproduced the alleged flaw.
Heimdal rshd Local Privilege Escalation Vulnerability
BugTraq ID: 16524
Remote: No
Last Updated: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16524
Summary:
Heimdal rshd is prone to a local privilege-escalation vulnerability.
A local attacker can gain ownership of a file by overwriting its credential
cache. This may lead to various attacks, including privilege escalation.
Heimdal versions prior to 0.7.2 and 0.6.6 are vulnerable.
[ Kerberos ]
Heimdal relnetd Denial Of Service Vulnerability
BugTraq ID: 16676
Remote: Yes
Last Updated: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16676
Summary:
Heimdal telnetd is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause telnetd to crash, subsequently
triggering 'inetd' to temporarily limit further telnetd requests,
effectively denying service to legitimate users.
PostgreSQL Set Session Authorization Denial of Service Vulnerability
BugTraq ID: 16650
Remote: Yes
Last Updated: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16650
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause a loss of service to other
database users. Repeated attacks will result in a prolonged
denial-of-service condition.
Successful exploitation of this issue requires that the application be
compiled with 'Asserts' enabled; this is not the default setting.
MySQL Query Logging Bypass Vulnerability
BugTraq ID: 16850
Remote: Yes
Last Updated: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16850
Summary:
MySQL is susceptible to a query logging bypass vulnerability. This issue is
due to a discrepency between the handling of NULL bytes in input data.
This issue allows attackers to bypass the query logging functionality of
the database, so they can cause malicious SQL queries to be improperly
logged. This may aid them in hiding the traces of malicious activity from
administrators.
This issue affects MySQL version 5.0.18; other versions may also be
affected.
FreeBSD Remote NFS Mount Request Denial of Service Vulnerability
BugTraq ID: 16838
Remote: Yes
Last Updated: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16838
Summary:
FreeBSD is susceptible to a remote denial-of-service vulnerability. This
issue is due to a flaw in affected kernels that potentially results in a
crash when handling malformed NFS mount requests.
This issue allows remote attackers to cause affected kernels to crash,
denying further network service to legitimate users.
Netgear WGT624 Wireless Firewall Router Information Disclosure
Vulnerability
BugTraq ID: 16837
Remote: Yes
Last Updated: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16837
Summary:
A vulnerability has been reported in NetGear WGT624 Wireless Firewall
Routers.
When configured to backup configuration settings, the device will store
various information in cleartext. Accessing this file could allow an
attacker to obtain sensitive information which could aid the attacker in
compromising the web administration interface of the device.
It should be noted that the backup option is not enabled by default, but is
a common feature used by administrators.
[ firmware ]
Netgear WGT624 Wireless Access Point Default Backdoor Account
Vulnerability
BugTraq ID: 16835
Remote: Yes
Last Updated: 2006-02-27
Relevant URL: http://www.securityfocus.com/bid/16835
Summary:
Netgear WGT624 reportedly contains a default administrative account. This
issue can allow a remote attacker to gain administrative access to the
device.
[ firmware ]
ImageMagick File Name Handling Remote Format String Vulnerability
BugTraq ID: 12717
Remote: Yes
Last Updated: 2006-02-26
Relevant URL: http://www.securityfocus.com/bid/12717
Summary:
ImageMagick is reported prone to a remote format-string vulnerability.
Reportedly, this issue arises when the application handles malformed
filenames. An attacker can exploit this vulnerability by crafting a
malicious file with a name that contains format specifiers and sending the
file to an unsuspecting user.
Note that there are other attack vectors that may not require user
interaction, since the application can be used with custom printing systems
and web applications.
A successful attack may crash the application or lead to arbitrary code
execution.
All versions of ImageMagick are considered vulnerable at the moment.
Noweb Insecure Temporary File Creation Vulnerability
BugTraq ID: 16610
Remote: No
Last Updated: 2006-02-26
Relevant URL: http://www.securityfocus.com/bid/16610
Summary:
Noweb creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service
if critical files are overwritten in the attack. Other attacks may be
possible as well.
Perl perl_sv_vcatpvfn Format String Integer Wrap Vulnerability
BugTraq ID: 15629
Remote: Yes
Last Updated: 2006-02-25
Relevant URL: http://www.securityfocus.com/bid/15629
Summary:
Perl is susceptible to a format-string vulnerability. This issue is due to
the programming language's failure to properly handle format specifiers in
formatted printing functions.
An attacker may leverage this issue to write to arbitrary process memory,
facilitating code execution in the context of the Perl interpreter process.
This can result in unauthorized remote access.
Developers should treat the formatted printing functions in Perl as
equivalently vulnerable to exploitation as the C library versions, and
should properly sanitize all data passed in the format specifier argument.
All applications that use formatted printing functions in an unsafe manner
should be considered exploitable.
EKG Libgadu Multiple Memory Alignment Remote Denial of Service
Vulnerabilities
BugTraq ID: 14415
Remote: Yes
Last Updated: 2006-02-25
Relevant URL: http://www.securityfocus.com/bid/14415
Summary:
EKG libgadu is susceptible to multiple remote denial of service
vulnerabilities.
A malformed incoming message can trigger a bus error and lead to a crash.
It should be noted that these issues do not affect the application running
on x86 architecture.
Lincoln D. Stein Crypt::CBC Perl Module Weak Ciphertext Vulnerability
BugTraq ID: 16802
Remote: Yes
Last Updated: 2006-02-25
Relevant URL: http://www.securityfocus.com/bid/16802
Summary:
Crypt::CBC is susceptible to a weak ciphertext vulnerability. This issue is
due to a flaw in its creation of IVs (Initialization Vectors) for ciphers
with a blocksize larger than 8.
This issue results in the creation of ciphertext that contains bytes
encrypted with a constant null IV. This ciphertext is prone to differential
cryptanalysis, aiding attackers in compromising the plaintext of encrypted
data.
The level of difficulty attackers may face trying to exploit this flaw is
currently unknown, but data encrypted with vulnerable versions of Crypt::CBC
should be considered insecure.
Crypt::CBC versions prior to 2.17 are vulnerable to this issue if they use
the 'RandomIV' header style.
More information about the gull-annonces
mailing list