[gull-annonces] Résumé SecurityFocus Newsletter #350

Marc SCHAEFER schaefer at alphanet.ch
Thu May 18 09:59:36 CEST 2006


DOVECOT REMOTE INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 17961
Last Updated: 2006-05-15
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17961
Summary:
  Dovecot is prone to an information-disclosure vulnerability that may
  allow authenticated attackers to gain access to the names of all
  users with mailboxes on an affected IMAP server.

  Dovecot versions 1.0 stable through 1.0 beta8 are vulnerable to
  this issue.

EMACS MOVEMAIL POP3 REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 12462
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12462
Summary:
  The movemail utility of Emacs is reported prone to a remote format-
  string vulnerability. This issue arises because the application
  fails to sanitize user-supplied data before passing it as the format
  specifier to a formatted-printing function.

  A remote attacker may leverage this issue to write to arbitrary
  process memory, facilitating code execution. Any code execution
  would take place with setgid mail privileges.

ETHEREAL MULTIPLE PROTOCOL DISSECTOR VULNERABILITIES IN VERSIONS PRIOR
BugTraq ID: 17682
Last Updated: 2006-05-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17682
Summary:
Several vulnerabilities in Ethereal have been disclosed by the vendor. The 
reported issues are in various protocol dissectors. These issues include:

  - Buffer-overflow vulnerabilities
  - Denial-of-service vulnerabilities
  - Infinite loop denial-of-service vulnerabilities
  - Unspecified denial-of-service vulnerabilities
  - Off-by-one overflow vulnerabilities

  These issues could allow remote attackers to execute arbitrary
  machine code in the context of the vulnerable application. Attackers
  could also crash the affected application.

  Various vulnerabilities affect different versions of Ethereal, from
  0.8.5 through to 0.10.14.

FETCHMAIL UNSPECIFIED DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 8843
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/8843
Summary:
  Fetchmail 6.2.4 is reported prone to a denial-of-service issue that
  may allow an attacker to crash the software by sending a specially
  crafted email message. Exact details of this issue are not currently
  known, but attackers may be able to cause a denial-of-service
  condition or execute arbitrary code in the vulnerable software.

  This vulnerability may be related to known issues, but Symantec has
  not confirmed this. This BID and any other applicable BIDs will be
  updated as further information is available.

  Fetchmail version 6.2.4 has been reported prone to this issue, but
  other versions may be vulnerable as well.

FETCHMAIL MISSING EMAIL HEADER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15987
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15987
Summary:
  Fetchmail is affected by a remote denial-of-service vulnerability.
  This issue is due to the application's failure to handle unexpected
  input. This issue occurs only when Fetchmail is configured in
  'multidrop' mode.

FETCHMAIL POP3 CLIENT BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 14349
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14349
Summary:
  Fetchmail POP3 client is prone to a buffer-overflow vulnerability.
  This issue presents itself because the application fails to perform
  boundary checks before copying user-supplied data into sensitive
  process buffers. This includes POP variants such as APOP and others.

  A successful attack can result in overflowing a finite-sized buffer
  and can ultimately lead to arbitrary code execution in the context
  of the Fetchmail process. This may allow the attacker to gain
  elevated privileges.

FETCHMAIL'S FETCHMAILCONF UTILITY LOCAL INFORMATION DISCLOSURE
BugTraq ID: 15179
Last Updated: 2006-05-16
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15179
Summary:
  Fetchmail is susceptible to an information-disclosure vulnerability.
  This issue is due to a race condition in the 'fetchmailconf'
  configuration utility.

  This issue allows local attackers to gain access to potentially
  sensitive information, including email authentication credentials,
  aiding them in further attacks.

  Versions of Fetchmail prior to 6.2.9-rc6 include a vulnerable
  version of 'fetchmailconf'. Versions of 'fetchmailconf' prior to
  1.43.2 and 1.49 are vulnerable.

FILEZILLA CLIENT UNSPECIFIED REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17972
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17972
Summary:

  FileZilla client is prone to a remote buffer-overflow vulnerability.
  This issue is due to the application's failure to properly bounds-
  check user-supplied input before copying it to an insufficiently
  sized memory buffer.

  This issue allows remote attackers to execute arbitrary machine code
  in the context of the affected application. Failed exploit attempts
  will likely crash the application, denying further service to
  legitimate users.

  FileZilla versions prior to 2.2.23 are vulnerable to this issue.

GNUNET EMPTY UDP DATAGRAM REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17980
Last Updated: 2006-05-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17980
Summary:
  A denial-of-service vulnerability affects GNUnet. This issue is due
  to the application's failure to properly handle malformed UDP
  datagrams.

  The vulnerability allows remote attackers from external networks to
  crash the application, denying further service to legitimate users.

  GNUnet versions 0.7.0d and SVN revision 2780 are affected by this
  issue; other versions may also be affected.

GNUPG DETACHED SIGNATURE VERIFICATION BYPASS VULNERABILITY
BugTraq ID: 16663
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16663
Summary:
  GnuPG is affected by a detached signature verification-bypass
  vulnerability. This issue is due to the application's failure to
  properly notify scripts that an invalid detached signature was
  presented and that the verification process has failed.

  This issue allows attackers to bypass the signature-verification
  process used in some automated scripts. Depending on the use of
  GnuPG, this may result in a false sense of security, the
  installation of malicious packages, the execution of attacker-
  supplied code, or other attacks.

GNUPG INCORRECT NON-DETACHED SIGNATURE VERIFICATION VULNERABILITY
BugTraq ID: 17058
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17058
Summary:

  GnuPG is prone to a vulnerability involving incorrect verification
  of non-detached signatures.

  A successful attack can allow an attacker to simply take a signed
  message, inject arbitrary data into it, and bypass verification.

  Note that this issue also affects verification of signatures
  embedded in encrypted messages. Scripts and applications using gpg
  are affected, as are applications using the GPGME library.

  GnuPG versions prior to 1.4.2.2 are vulnerable to this issue.

GRAPHVIZ INSECURE TEMPORARY FILE CREATION VULNERABILITY
BugTraq ID: 15050
Last Updated: 2006-05-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15050
Summary:
  Graphviz creates temporary files in an insecure manner.

  Exploitation would most likely result in loss of data or a denial of
  service if critical files are overwritten in the attack. Other
  attacks may be possible as well.

  Graphviz 2.2.1 is reportedly affected, but other versions may be
  vulnerable as well.

KPDF AND KWORD MULTIPLE UNSPECIFIED BUFFER AND INTEGER OVERFLOW
BugTraq ID: 16143
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16143
Summary:
  KPDF and KWord are prone to multiple buffer and integer overflows.
  Successful exploitation could result in arbitrary code execution in
  the context of the user running the vulnerable application.

  Specific details of these issues are not currently available. This
  record will be updated when more information becomes available.

  The following are vulnerable:

  - kdegraphics package
  - KPDF versions 3.4.3 and earlier
  - KOffice
  - KWord versions 1.4.2 and earlier

LIBUNGIF COLORMAP HANDLING MEMORY CORRUPTION VULNERABILITY
BugTraq ID: 15299
Last Updated: 2006-05-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15299
Summary:
  The libungif library is prone to a memory-corruption vulnerability.

  Reports indicate that due to the library's improper handling of
  colormaps in GIF files, an attacker can trigger out-of-bounds writes
  and corrupt memory.

  This may lead to a denial-of-service condition.

  Version 4.1.3 and prior are considered vulnerable to this issue.

LIBUNGIF NULL POINTER DEREFERENCE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15304
Last Updated: 2006-05-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15304
Summary:
  The libungif library is prone to a denial-of-service vulnerability.
  The library fails to handle exceptional conditions.

  Successful exploitation of this vulnerability will cause the
  application using the affected library to crash, effectively denying
  service to legitimate users.

  Version 4.1.3 and prior are considered vulnerable to this issue.

MULTIPLE VENDOR SSH SERVER REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17958
Last Updated: 2006-05-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17958
Summary:
  Multiple SSH server implementations are prone to a remote buffer-
  overflow vulnerability. The applications fail to properly bounds-
  check user-supplied input before copying it to an insufficiently
  sized memory buffer.

  A successful attack may facilitate arbitrary code execution.
  Exploiting this vulnerability may allow an attacker to gain
  administrative access on targeted computers.

MULTIPLE VENDOR SSH2 IMPLEMENTATION INCORRECT FIELD LENGTH
BugTraq ID: 6405
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/6405
Summary:
  A vulnerability with incorrect lengths of fields in SSH packets has
  been reported for multiple products that use SSH2 for secure
  communications.

  The vulnerability has been reported to affect initialization, key
  exchange, and negotiation phases of SSH communications. An attacker
  may exploit the vulnerability to perform denial-of-service attacks
  against vulnerable systems and possibly to execute malicious, attacker-
  supplied code.

  Further details about the vulnerability are currently unknown. This
  BID will be updated as more information becomes available. This
  vulnerability was originally described in Bugtraq ID 6397.

MULTIPLE VENDOR UNACEV2 ARCHIVE FILE NAME BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 14759
Last Updated: 2006-05-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14759
Summary:
  Multiple products are prone to a buffer overflow when handling ACE
  archives that contain files with overly long names.

  This may be exploited to execute arbitrary code in the context of
  the user who is running the application. The vulnerability is
  considered remotely exploitable in nature because malicious ACE
  archives will likely originate from an external, untrusted source.

MYSQL QUERY LOGGING BYPASS VULNERABILITY
BugTraq ID: 16850
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16850
Summary:
  MySQL is susceptible to a query-logging-bypass vulnerability. This
  issue is due to a discrepancy between the handling of NULL bytes in
  the 'mysql_real_query()' function and in the query-logging
  functionality.

  This issue allows attackers to bypass the query-logging
  functionality of the database so they can cause malicious SQL
  queries to be improperly logged. This may help them hide the traces
  of their malicious activity from administrators.

  This issue affects MySQL version 5.0.18; other versions may also
  be affected.

MYSQL REMOTE INFORMATION DISCLOSURE AND BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 17780
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17780
Summary:
MySQL is susceptible to multiple remote vulnerabilities:

  - A buffer-overflow vulnerability due to insufficient bounds-
    checking of user-supplied data before copying it to an
    insufficiently sized memory buffer. This issue allows remote
    attackers to execute arbitrary machine code in the context of
    affected database servers. Failed exploit attempts will likely
    crash the server, denying further service to legitimate users.

  - Two information-disclosure vulnerabilities due to insufficient input-
    sanitization and bounds-checking of user-supplied data. These
    issues allow remote users to gain access to potentially sensitive
    information that may aid them in further attacks.

NCPFS LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 11945
Last Updated: 2006-05-16
Remote: No
Relevant URL: http://www.securityfocus.com/bid/11945
Summary:
  A local buffer overflow vulnerability affects ncpfs. This issue is
  due to the application's failure to properly validate the length of
  user-supplied strings before copying them into static process
  buffers. A local attacker may leverage this issue to execute
  arbitrary code on an affected computer with superuser privileges,
  facilitating privilege escalation.

NCPFS MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 12400
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12400
Summary:
  Multiple remote vulnerabilities affect ncpfs. The utility fails to
  manage access privileges securely and to validate the length of user-
  supplied strings before copying them into finite process buffers.

  The first issue is a remote buffer-overflow vulnerability. The
  second issue is an access-validation issue due to the setuid
  privileges of ncpfs utilities.

  An attacker may leverage these issues to execute arbitrary code with
  the privileges of the affected application and to access arbitrary
  files with the escalated privileges.

NAGIOS REMOTE NEGATIVE CONTENT-LENGTH BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17879
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17879
Summary:
  Nagios is susceptible to a remote buffer-overflow vulnerability.
  This issue is due to the application's failure to properly bounds-
  check user-supplied input before copying it to an insufficiently
  sized memory buffer.

  This issue allows remote attackers to execute arbitrary machine code
  in the context of hosting webservers.

  Nagios versions prior to 2.3 in the 2.x series, and versions prior
  to 1.4 in the 1.x series are vulnerable to this issue.

QUAGGA BGPD LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17979
Last Updated: 2006-05-16
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17979
Summary:
  Quagga is prone to a local denial-of-service vulnerability.

  An attacker can exploit this issue by using commands that cause the
  consumption of a large amount of CPU resources.

  An attacker may cause the application to crash, thus denying service
  to legitimate users.

  Version 0.98.3 is vulnerable; other versions may also be affected.

QUAGGA INFORMATION DISCLOSURE AND ROUTE INJECTION VULNERABILITIES
BugTraq ID: 17808
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17808
Summary:

  Quagga is susceptible to remote information-disclosure and route-
  injection vulnerabilities. The application fails to properly
  ensure that required authentication and protocol configuration
  options are enforced.

  These issues allow remote attackers to gain access to potentially
  sensitive network-routing configuration information and to inject
  arbitrary routes into the RIP routing table. This may aid malicious
  users in further attacks against targeted networks.

  Quagga versions 0.98.5 and 0.99.3 are vulnerable to these issues;
  other versions may also be affected.

REALVNC REMOTE AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 17978
Last Updated: 2006-05-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17978
Summary:
  RealVNC is susceptible to an authentication-bypass vulnerability.
  This issue is due to a flaw in the authentication process of the
  affected package.

  Exploiting this issue allows attackers to gain unauthenticated,
  remote access to the VNC servers.

  RealVNC version 4.1.1 is vulnerable to this issue; other versions
  may also be affected.

[ logiciel libre pour Microsoft Windows; cependant la source ne semble
  plus être disponible suite à ce bug. Security through obscurity ?
]

XLOADIMAGE COMPRESSED IMAGE COMMAND EXECUTION VULNERABILITY
BugTraq ID: 12712
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12712
Summary:
  A remote command-execution vulnerability affects xloadimage. This
  issue is due to the application's failure to safely parse
  compressed images.

  An attacker may leverage this by distributing a malicious image file
  designed to execute arbitrary commands with the privileges of an
  unsuspecting users.

XPDF DCTSTREAM BASELINE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15727
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15727
Summary:
  The 'xpdf' viewer is reported prone to a remote buffer-overflow
  vulnerability. This issue exists because the application fails to
  perform proper boundary checks before copying user-supplied data
  into process buffers. A remote attacker may execute arbitrary code
  in the context of a user running the application. This can result in
  the attacker gaining unauthorized access to the vulnerable computer.

  This issue is reported to present itself in the
  'CTStream::readBaselineSOF' function residing in the
  'xpdf/Stream.cc' file.

  This issue is reported to affect xpdf 3.01, but earlier versions are
  likely prone to this vulnerability as well. Applications using
  embedded xpdf code may also be vulnerable.

  The 'pdftohtml' utility also includes vulnerable versions of xpdf.
  Version .36 of pdftohtml was reported prone to this issue, however,
  earlier versions may also be affected.

  The 'kpdf' viewer reportedly incorporates vulnerable xpdf code.
  Version 0.5 of kpdf is prone to this issue, but other versions may
  also be affected.

XPDF DCTSTREAM PROGRESSIVE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15726
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15726
Summary:
  The 'xpdf' utility is reported prone to a remote buffer-overflow
  vulnerability. This issue exists because the application fails to
  perform proper boundary checks before copying user-supplied data
  into process buffers. A remote attacker may execute arbitrary code
  in the context of a user running the application. As a result, the
  attacker can gain unauthorized access to the vulnerable computer.

  Reportedly, this issue presents itself in the
  'DCTStream::readProgressiveSOF' function residing in the
  'xpdf/Stream.cc' file.

  This issue is reported to affect xpdf 3.01, but earlier versions are
  likely vulnerable as well. Applications using embedded xpdf code may
  also be vulnerable.

  The 'pdftohtml' utility also includes vulnerable versions of xpdf.
  Version .36 of pdftohtml was reported prone to this issue, but
  earlier versions may also be affected.

  Th 'kpdf' utility reportedly incorporates vulnerable xpdf code.
  Version 0.5 of kpdf is prone to this issue, but other versions may
  also be affected.

XPDF DOIMAGE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 12070
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12070
Summary:
  The xpdf utility is reported prone to a remote buffer-overflow
  vulnerability. This issue exists because the applications fails to
  perform proper boundary checks before copying user-supplied data
  into process buffers. A remote attacker may execute arbitrary code
  in the context of a user running the application. As a result, the
  attacker can gain unauthorized access to the vulnerable computer.

  An attacker can exploit this issue by enticing a vulnerable user to
  open a malformed PDF file. If the application is configured as the
  default handler for PDF files, this could present a viable web or
  email attack vector, because when the PDF is clicked from an
  appropriate client application, xpdf will automatically be invoked.

  This issue is reported to affect xpdf 3.00, but earlier versions are
  likely prone to this vulnerability as well. Applications using
  embedded xpdf code may be vulnerable to these issues as well.

XPDF JPX STREAM READER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15721
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15721
Summary:
  The 'xpdf' utility is reported prone to a remote buffer-overflow
  vulnerability. This issue exists because the application fails to
  perform proper boundary checks before copying user-supplied data
  into process buffers. A remote attacker may execute arbitrary code
  in the context of a user running the application. As a result, the
  attacker can gain unauthorized access to the vulnerable computer.

  Reportedly, this issue presents itself in the
  'JPXStream::readCodestream' function residing in the
  'xpdf/JPXStream.cc' file.

  This issue is reported to affect xpdf 3.01, but earlier versions are
  likely prone to this vulnerability as well. Applications using
  embedded xpdf code may also be vulnerable.

  The 'kpdf' utility reportedly incorporates vulnerable xpdf code.
  Version 0.5 of kpdf is prone to this issue, but other versions may
  also be affected.

XPDF STREAMPREDICTOR REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15725
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15725
Summary:

  The 'xpdf' viewer is reported prone to a remote buffer-overflow
  vulnerability. This issue exists because the application fails to
  perform proper boundary checks before copying user-supplied data
  into process buffers. A remote attacker may execute arbitrary code
  in the context of a user running the application. As a result, the
  attacker can gain unauthorized access to the vulnerable computer.

  This issue is reported to present itself in the
  'StreamPredictor::StreamPredictor' function residing in the
  'xpdf/Stream.cc' file.

  This issue is reported to affect xpdf 3.01, but earlier versions are
  likely prone to this vulnerability as well. Applications using
  embedded xpdf code may also be vulnerable.

  The 'pdftohtml' utility also includes vulnerable versions of xpdf.
  Version .36 of pdftohtml was reported prone to this issue, but
  earlier versions may also be affected.

  The 'kpdf ' viewer reportedly incorporates vulnerable xpdf code.
  Version 0.5 of kpdf is prone to this issue, but other versions may
  also be affected.

XPDF PDFTOPS MULTIPLE INTEGER OVERFLOW VULNERABILITIES
BugTraq ID: 11501
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11501
Summary:
  The pdftops utility is reported prone to multiple integer-overflow
  vulnerabilities because it fails to properly ensure that user-
  supplied input doesn't result in the overflowing of integer
  values. This may result in data being copied past the end of a
  memory buffer.

  These overflows cause the application to allocate smaller-than-
  expected memory regions. Subsequent operations are likely to
  overwrite memory regions past the end of the allocated buffer,
  allowing attackers to overwrite critical memory control structures.
  This may allow attackers to control the flow of execution and
  potentially execute attacker-supplied code in the context of the
  affected application.

  Applications using embedded xpdf code may be vulnerable to these
  issues as well.




More information about the gull-annonces mailing list