[gull-annonces] Résumé SecurityFocus Newsletter #349
Marc SCHAEFER
schaefer at alphanet.ch
Thu May 11 19:59:45 CEST 2006
APACHE MOD_IMAP REFERER CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 15834
Last Updated: 2006-05-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15834
Summary:
Apache's mod_imap module is prone to a cross-site scripting
vulnerability. This issue is due to the module's failure to properly
sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user in the context of
the affected site. This may facilitate the theft of cookie-based
authentication credentials as well as other attacks.
AVAHI BUFFER OVERFLOW AND DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 17884
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17884
Summary:
Avahi is susceptible to multiple remote vulnerabilities.
A buffer-overflow vulnerability and denial-of-service vulnerability
affect Avahi, and potentially allow remote attackers to execute
arbitrary machine code and to crash the affected application.
Versions prior to 0.6.10 are vulnerable to these issues.
[ découverte automatique de services compatible Apple et autres ]
CYRUS SASL REMOTE DIGEST-MD5 DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17446
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17446
Summary:
Cyrus SASL is affected by a remote denial-of-service vulnerability.
This issue occurs before successful authentication, allowing
anonymous remote attackers to trigger it.
This vulnerability allows remote attackers to crash services using
the affected SASL library, denying service to legitimate users.
This issue reportedly affects version 2.1.18 of Cyrus SASL; other
versions may also be affected.
DROPBEAR SSH SERVER REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15923
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15923
Summary:
Dropbear SSH Server is prone to a remote buffer-overflow
vulnerability.
Specifically, the vulnerability presents itself when the application
handles excessive string data supplied by an authenticated user.
A successful attack may facilitate arbitrary code execution.
Exploitation of this vulnerability may allow an attacker to gain
superuser access to the computer.
Dropbear SSH Server versions prior to 0.47 are affected.
FETCHMAIL MISSING EMAIL HEADER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15987
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15987
Summary:
Fetchmail is affected by a remote denial-of-service vulnerability.
This issue is due to the application's failure to handle unexpected
input. This issue occurs only when Fetchmail is configured in
'multidrop' mode.
GDK-PIXBUF BMP IMAGE PROCESSING DOUBLE FREE REMOTE DENIAL OF SERVICE
BugTraq ID: 12950
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12950
Summary:
The gdk-pixbuf library is reported prone to a denial-of-service
vulnerability. This issue arises due to a double-free condition.
Reportedly, this vulnerability presents itself when an application
that is linked against the library handles malformed bitmap (.bmp)
image files.
A successful attack may result in a denial-of-service condition. It
is not confirmed whether this vulnerability could be leveraged to
execute arbitrary code.
The gdk-pixbuf 0.22.0 and gtk2 2.4.14 packages are known to be
vulnerable to this issue. Other versions are likely affected as
well.
This BID will be updated when more information becomes available.
GDK-PIXBUF MULTIPLE VULNERABILITIES
BugTraq ID: 11195
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11195
Summary:
Multiple vulnerabilities have been reported in gdk-pixbuf.
The first vulnerability in the library presents itself when the
library tries to decode BMP images. In certain circumstances, the
library may enter into an infinite loop and consume CPU resources,
thus halting further execution of applications using the library.
The second and third vulnerabilities occur when the library tries to
decode XPM images. Specially crafted image files could either crash
applications using the affected library, or allow for the execution
of attacker-supplied code.
The fourth and last vulnerability occurs when the library tries to
decode ICO images. Specially crafted ICO files could cause
applications to crash.
These vulnerabilities allow attackers to crash applications or to
execute arbitrary code in the context of applications that use the
affected library.
GNU TAR INVALID HEADERS BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 16764
Last Updated: 2006-05-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16764
Summary:
GNU Tar is prone to a buffer overflow when handling invalid headers.
Successful exploitation could potentially lead to arbitrary code
execution, but this has not been confirmed.
Tar versions 1.14 and above are vulnerable.
GHOSTSCRIPT INSECURE TEMPORARY FILE CREATION VULNERABILITY
BugTraq ID: 11285
Last Updated: 2006-05-09
Remote: No
Relevant URL: http://www.securityfocus.com/bid/11285
Summary:
Ghostscript creates temporary files in an insecure manor. This issue
is likely due to a design error that causes the application to fail
to verify the presence of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary files
with the privileges of an unsuspecting user that activates the
vulnerable application. Reportedly, this issue is unlikely to
facilitate privilege escalation.
GRAPHVIZ INSECURE TEMPORARY FILE CREATION VULNERABILITY
BugTraq ID: 15050
Last Updated: 2006-05-09
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15050
Summary:
Graphviz creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of
service if critical files are overwritten in the attack. Other
attacks may be possible as well.
Graphviz 2.2.1 is reportedly affected, however, other versions may
be vulnerable as well.
IPSEC-TOOLS IKE MESSAGE HANDLING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15523
Last Updated: 2006-05-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15523
Summary:
IPsec-Tools is prone to a denial-of-service vulnerability. This
issue is due to a failure in the application to handle exceptional
conditions when in 'AGGRESSIVE' mode.
An attacker can exploit this issue to crash the application, thus
denying service to legitimate users.
These vulnerabilities were discovered by, and may be reproduced
by, the University of Oulu Secure Programming Group PROTOS IPSec
Test Suite.
INTER7 VPOPMAIL AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 17894
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17894
Summary:
Inter7 vpopmail is susceptible to a remote authentication-bypass
vulnerability. This issue is due to a logic flaw in the application
while handling plaintext password authentication during SMTP AUTH or
APOP connections.
This issue allows remote attackers to bypass authentication checks
and to gain unauthorized access to SMTP and POP servers. This may
aid them in further attacks.
Versions 5.4.14 and 5.4.15 of vpopmail are vulnerable to this issue;
other versions may also be affected.
[ POP pour Postfix avec virtual domain, GPL ]
LIBTIFF DOUBLE FREE MEMORY CORRUPTION VULNERABILITY
BugTraq ID: 17733
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17733
Summary:
Applications using the LibTIFF library are prone to a double-free
vulnerability; a fix is available.
Attackers may be able to exploit this issue to cause denial-of-
service conditions in affected applications using a vulnerable
version of the library; arbitrary code execution may also be
possible.
LIBTIFF MULTIPLE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 17730
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17730
Summary:
LibTIFF is affected by multiple denial-of-service vulnerabilities.
An attacker can exploit these vulnerabilities to cause a denial of
service in applications using the affected library.
LIBTIFF TIFFFETCHDATA INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 17732
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17732
Summary:
Applications using the LibTIFF library are prone to an integer-
overflow vulnerability.
An attacker could exploit this vulnerability to execute arbitrary
code in the context of the vulnerable application that uses the
affected library. Failed exploit attempts will likely cause denial-of-
service conditions.
LIBTIFF TIFFTORGB DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17809
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17809
Summary:
LibTIFF is affected by a denial-of-service vulnerability.
An attacker can exploit this vulnerability to cause a denial of
service in applications using the affected library.
LINUX KERNEL 64-BIT SMP ROUTING_IOCTL() LOCAL DENIAL OF SERVICE
BugTraq ID: 14902
Last Updated: 2006-05-09
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14902
Summary:
A local denial-of-service vulnerability affects the Linux kernel on
64-bit Symmetric Multi-Processor (SMP) platforms.
Specifically, the vulnerability presents itself due to an omitted
call to the 'sockfd_put()' function in the 32-bit-compatible
'routing_ioctl()' function.
The 32-bit-compatible 'tiocgdev ioctl()' function on x86-64
platforms is affected by this issue as well.
LINUX KERNEL CONSOLE KEYMAP LOCAL COMMAND INJECTION VULNERABILITY
BugTraq ID: 15122
Last Updated: 2006-05-09
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15122
Summary:
The Linux kernel is susceptible to a local command-injection
vulnerability via console keymap modifications. This issue occurs
because unprivileged users can alter the system-wide console keymap.
Local users may modify the console keymap to include scripted macro
commands. This allows attackers to execute arbitrary commands with
the privileges of the user that uses the console after them,
potentially facilitating privilege escalation.
LINUX KERNEL IP_VS_CONN_FLUSH LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15528
Last Updated: 2006-05-09
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15528
Summary:
Linux Kernel is reported prone to a local denial-of-service
vulnerability.
Reports indicate that the 'ip_vs_conn_flush' function may allow
local users to cause a denial of service due to a NULL-pointer
dereference.
Kernel versions prior to 2.6.13 and 2.4.32-pre2 are affected.
LINUX KERNEL MULTIPLE MEMORY LEAK LOCAL DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 15076
Last Updated: 2006-05-09
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15076
Summary:
Two local denial-of-service vulnerabilities affect the Linux kernel.
These issues are due to a design flaw that creates memory leaks.
Local attackers may exploit these vulnerabilities to consume
excessive kernel resources, likely triggering a kernel crash and
denying service to legitimate users.
These issues affect Linux kernel versions prior to 2.6.14-rc4.
LINUX KERNEL MULTIPLE SCTP REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 17910
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17910
Summary:
The Linux kernel SCTP module is susceptible to remote denial-of-
service vulnerabilities. These issues are triggered when unexpected
SCTP packets are handled by the kernel.
These issues allow remote attackers to trigger kernel panics,
denying further service to legitimate users.
A valid SCTP endpoint must be listening in order to exploit
these issues.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior
versions may also be affected.
LINUX KERNEL NETFILTER IPT_RECENT REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 14791
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14791
Summary:
Linux Kernel is reported prone to a local denial-of-service
vulnerability.
An attacker can exploit this issue by sending specially crafted
packets to a vulnerable computer employing the 'ipt_recent' module.
A successful attack can cause a denial-of-service condition.
LINUX KERNEL RAW_SENDMSG() KERNEL MEMORY ACCESS VULNERABILITY
BugTraq ID: 14787
Last Updated: 2006-05-09
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14787
Summary:
Linux Kernel is prone to a kernel memory-access vulnerability.
This issue affects the 'raw_sendmsg()' function and can allow a
local attacker to access kernel memory or manipulate the hardware
state due to unauthorized access to I/O ports.
Linux kernel 2.6.10 is reportedly vulnerable, but other versions are
likely to be affected as well.
LINUX KERNEL SENDMSG() LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 14785
Last Updated: 2006-05-09
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14785
Summary:
Linux kernel is prone to a local buffer-overflow vulnerability.
The vulnerability affects 'sendmsg()' when malformed user-supplied
data is copied from userland to kernel memory.
A successful attack can allow a local attacker to trigger an
overflow, which may lead to a denial-of-service condition due to
memory corruption. Arbitrary code execution resulting in privilege
escalation is possible as well.
LINUX KERNEL USB SUBSYSTEM LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 14955
Last Updated: 2006-05-09
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14955
Summary:
A local denial-of-service vulnerability affects the Linux kernel's
USB subsystem. This issue is due to the kernel's failure to
properly handle unexpected conditions when trying to handle URBs
(USB Request Blocks).
Local attackers may exploit this vulnerability to trigger a kernel
'oops' on computers where the vulnerable USB subsystem is enabled.
This would deny service to legitimate users.
LINUX KERNEL WORLD WRITABLE SYSFS DRM DEBUG FILE VULNERABILITY
BugTraq ID: 15154
Last Updated: 2006-05-09
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15154
Summary:
Linux kernel is prone to an issue where a world writable file is
created in SYSFS. Exploitation could allow an attacker to obtain
sensitive information.
LINUX ORINOCO DRIVER REMOTE INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 15085
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15085
Summary:
The Orinoco drivers for Linux kernels are susceptible to a remote
information-disclosure vulnerability. This issue is due to the
driver sending uninitialized kernel memory in small network packets.
Remote attackers may exploit this issue to access potentially
sensitive kernel memory, aiding them in further attacks.
LYNX NNTP ARTICLE HEADER BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15117
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15117
Summary:
Lynx is prone to a buffer overflow when handling NNTP article
headers.
This issue may be exploited when the browser handles NNTP content,
such as through 'news:' or 'nntp:' URIs. Successful exploitation
will result in code execution in the context of the program user.
LYNX URI HANDLERS ARBITRARY COMMAND EXECUTION VULNERABILITY
BugTraq ID: 15395
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15395
Summary:
Lynx is prone to an arbitrary command-execution vulnerability. This
issue is due to the application's failure to properly sanitize user-
supplied input.
A remote attacker can exploit this vulnerability by tricking a
victim user into following a malicious link, thus enabling the
attacker to execute arbitrary commands in the context of the
victim user.
MOZILLA FIREFOX IFRAME.CONTENTWINDOW.FOCUS DELETED OBJECT REFERENCE
BugTraq ID: 17671
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17671
Summary:
Mozilla Firefox is prone to a vulnerability when rendering malformed
JavaScript content. An attacker could exploit this issue to cause
the browser to fail or potentially execute arbitrary code.
Firefox versions 1.5 through to 1.5.0.2 running on Windows and Linux
platforms are affected.
MOZILLA SUITE, FIREFOX, SEAMONKEY, AND THUNDERBIRD MULTIPLE REMOTE
BugTraq ID: 17516
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17516
Summary:
The Mozilla Foundation has released nine security advisories
specifying security vulnerabilities in Mozilla Suite, Firefox,
SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- gain elevated privileges in JavaScript code, potentially allowing
remote machine code execution
- gain access to potentially sensitive information
- bypass security checks
- spoof window contents.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as
the information embargo on the Mozilla Bugzilla entries is lifted
and as further information becomes available. This BID will then
be retired.
These issues are fixed in:
- Mozilla Firefox versions 1.0.8 and 1.5.0.2
- Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
- Mozilla Suite version 1.7.13
- Mozilla SeaMonkey version 1.0.1
MULTIPLE CISCO PRODUCTS WEBSENSE CONTENT FILTERING BYPASS
VULNERABILITY
BugTraq ID: 17883
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17883
Summary:
Multiple Cisco products are susceptible to a content-filtering
bypass vulnerability. This issue is due to a failure of the software
to properly recognize HTTP request traffic.
This issue allows users to bypass content-filtering and access
forbidden websites.
Cisco is tracking this issue as Bug IDs CSCsc67612, CSCsc68472, and
CSCsd81734.http://www.cisco.com/pcgi-
bin/Support/Bugtool/onebug.pl?bugid=CSCsd81734
[ firmware ]
MULTIPLE MOZILLA PRODUCTS MEMORY CORRUPTION/CODE INJECTION/ACCESS
BugTraq ID: 16476
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16476
Summary:
Multiple Mozilla products are prone to multiple vulnerabilities.
These issues include various memory-corruption, code-injection, and
access-restriction-bypass vulnerabilities. Other undisclosed issues
may have also been addressed in the various updated vendor
applications.
Successful exploitation of these issues may permit an attacker to
execute arbitrary code in the context of the affected application.
This may facilitate a compromise of the affected computer; other
attacks are also possible.
MULTIPLE VENDOR UNACEV2 ARCHIVE FILE NAME BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 14759
Last Updated: 2006-05-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14759
Summary:
Multiple products are prone to a buffer overflow when handling ACE
archives that contain files with overly long names.
This may be exploited to execute arbitrary code in the context of
the user who is running the application. The vulnerability is
considered remotely exploitable in nature because malicious ACE
archives will likely originate from an external, untrusted source.
MYSQL REMOTE INFORMATION DISCLOSURE AND BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 17780
Last Updated: 2006-05-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17780
Summary:
MySQL is susceptible to multiple remote vulnerabilities:
- A buffer-overflow vulnerability due to insufficient bounds-
checking of user-supplied data before copying it to an
insufficiently sized memory buffer. This issue allows remote
attackers to execute arbitrary machine code in the context of
affected database servers. Failed exploit attempts will likely
crash the server, denying further service to legitimate users.
- Two information-disclosure vulnerabilities due to insufficient input-
sanitization and bounds-checking of user-supplied data. These
issues allow remote users to gain access to potentially sensitive
information that may aid them in further attacks.
NAGIOS REMOTE NEGATIVE CONTENT-LENGTH BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17879
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17879
Summary:
Nagios is susceptible to a remote buffer-overflow vulnerability.
This issue is due to the application's failure to properly bounds-
check user-supplied input before copying it to an insufficiently
sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code
in the context of hosting webservers.
Nagios versions prior to 2.3 in the 2.x series, and versions prior
to 1.4 in the 1.x series are vulnerable to this issue.
OPENSWAN IKE TRAFFIC DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 15416
Last Updated: 2006-05-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15416
Summary:
Openswan is prone to multiple denial-of-service vulnerabilities in
their ISAKMP implementation. Only attackers with access to the pre-
shared key may exploit these issues, and only when the affected IKE
daemon is configured to use aggressive mode.
These issues were discovered with the PROTOS ISAKMP Test Suite and
are related to the handling of malformed IKEv1 traffic.
The vulnerabilities are believed to affect Openswan 2.x
releases prior to
2.4.2.
PSTOTEXT ARBITRARY SCRIPT CODE EXECUTION VULNERABILITY
BugTraq ID: 17897
Last Updated: 2006-05-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17897
Summary:
The pstotext utility is susceptible to an arbitrary command-
execution vulnerability. This issue is due to the application's
failure to properly sanitize user-supplied input.
If pstotext is called with command-line arguments containing user-
supplied data, attackers can execute arbitrary script code in the
context of the application calling the vulnerable utility. This may
aid attackers in the remote compromise of computers that use the
utility in CGI scripts or in a printer-queue application.
Version 1.9 of pstotext is vulnerable to this issue; other versions
may also be affected.
PAUL A. ROMBOUTS PDNSD DNS QUERY DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17694
Last Updated: 2006-05-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17694
Summary:
The pdnsd DNS server is prone to a remote denial-of-service
vulnerability. This issue is due to a failure in the application to
properly handle DNS queries.
An attacker can exploit this issue to consume excessive memory, and
then to crash the affected service, effectively denying service to
legitimate users.
The vendor has addressed this issue in version 1.2.4-par; earlier
versions are reportedly vulnerable.
PAUL A. ROMBOUTS PDNSD UNSPECIFIED BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17720
Last Updated: 2006-05-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17720
Summary:
The pdnsd DNS server is prone to an unspecified buffer-overflow
vulnerability. A successful exploit may result in a denial of
service or arbitrary code execution.
Details regarding the precise nature of this vulnerability are not
currently available. This record will be updated when more
information is available.
PERL PERL_SV_VCATPVFN FORMAT STRING INTEGER WRAP VULNERABILITY
BugTraq ID: 15629
Last Updated: 2006-05-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15629
Summary:
Perl is susceptible to a format-string vulnerability. This issue is
due to the programming language's failure to properly handle format
specifiers in formatted-printing functions.
An attacker may leverage this issue to write to arbitrary process
memory, facilitating code execution in the context of the Perl
interpreter process. This can result in unauthorized remote access.
Developers should treat the formatted printing functions in Perl as
equivalently vulnerable to exploitation as the C library versions,
and should properly sanitize all data passed in the format-
specifier argument.
All applications that use formatted-printing functions in an unsafe
manner should be considered exploitable.
RED HAT REDHAT-CONFIG-NFS EXPORTED SHARES CONFIGURATION VULNERABILITY
BugTraq ID: 11240
Last Updated: 2006-05-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11240
Summary:
Red Hat redhat-config-nfs is affected by a vulnerability when
exporting share configurations. The application fails to apply
proper settings to the affected network file system (NFS) shares.
This issue would cause some NFS option, such as 'all_squash', to
fail to be applied, potentially giving administrators a false sense
of security.
SUDO PERL ENVIRONMENT VARIABLE HANDLING SECURITY BYPASS VULNERABILITY
BugTraq ID: 15394
Last Updated: 2006-05-09
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15394
Summary:
Sudo is prone to a security-bypass vulnerability that could lead to
arbitrary code execution. This issue is due to an error in the
application when handling the 'PERLLIB', 'PERL5LIB', and 'PERL5OPT'
environment variables when tainting is ignored.
An attacker can exploit this vulnerability to bypass security
restrictions and include arbitrary library files.
To exploit this vulnerability, an attacker must be able to run Perl
scripts through Sudo.
UTIL-LINUX UMOUNT REMOUNTING FILESYSTEM OPTION CLEARING VULNERABILITY
BugTraq ID: 14816
Last Updated: 2006-05-09
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14816
Summary:
Util-linux is susceptible to a filesystem-option-clearing
vulnerability. This issue is due to a design flaw that improperly
clears mounted-filesystem options in certain circumstances.
This vulnerability allows attackers to clear mounted-filesystem
options, allowing them to execute setuid applications to gain
elevated privileges. Other attacks are also possible.
YUKIHIRO MATSUMOTO RUBY XMLRPC SERVER DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17645
Last Updated: 2006-05-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17645
Summary:
Ruby is affected by a denial-of-service vulnerability in the WEBrick
HTTP server. This issue is due to the use of blocking network
operations. Ruby's implementation of XML/RPC is also affected, since
it uses the vulnerable WEBrick server.
This issue allows remote attackers to cause affected webservers to
fail to respond to further legitimate requests.
Ruby versions prior to 1.8.3 are affected by this issue.
More information about the gull-annonces
mailing list