[gull-annonces] Résumé SecurityFocus Newsletter #350
Marc SCHAEFER
schaefer at alphanet.ch
Thu May 18 09:59:36 CEST 2006
DOVECOT REMOTE INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 17961
Last Updated: 2006-05-15
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17961
Summary:
Dovecot is prone to an information-disclosure vulnerability that may
allow authenticated attackers to gain access to the names of all
users with mailboxes on an affected IMAP server.
Dovecot versions 1.0 stable through 1.0 beta8 are vulnerable to
this issue.
EMACS MOVEMAIL POP3 REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 12462
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12462
Summary:
The movemail utility of Emacs is reported prone to a remote format-
string vulnerability. This issue arises because the application
fails to sanitize user-supplied data before passing it as the format
specifier to a formatted-printing function.
A remote attacker may leverage this issue to write to arbitrary
process memory, facilitating code execution. Any code execution
would take place with setgid mail privileges.
ETHEREAL MULTIPLE PROTOCOL DISSECTOR VULNERABILITIES IN VERSIONS PRIOR
BugTraq ID: 17682
Last Updated: 2006-05-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17682
Summary:
Several vulnerabilities in Ethereal have been disclosed by the vendor. The
reported issues are in various protocol dissectors. These issues include:
- Buffer-overflow vulnerabilities
- Denial-of-service vulnerabilities
- Infinite loop denial-of-service vulnerabilities
- Unspecified denial-of-service vulnerabilities
- Off-by-one overflow vulnerabilities
These issues could allow remote attackers to execute arbitrary
machine code in the context of the vulnerable application. Attackers
could also crash the affected application.
Various vulnerabilities affect different versions of Ethereal, from
0.8.5 through to 0.10.14.
FETCHMAIL UNSPECIFIED DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 8843
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/8843
Summary:
Fetchmail 6.2.4 is reported prone to a denial-of-service issue that
may allow an attacker to crash the software by sending a specially
crafted email message. Exact details of this issue are not currently
known, but attackers may be able to cause a denial-of-service
condition or execute arbitrary code in the vulnerable software.
This vulnerability may be related to known issues, but Symantec has
not confirmed this. This BID and any other applicable BIDs will be
updated as further information is available.
Fetchmail version 6.2.4 has been reported prone to this issue, but
other versions may be vulnerable as well.
FETCHMAIL MISSING EMAIL HEADER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15987
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15987
Summary:
Fetchmail is affected by a remote denial-of-service vulnerability.
This issue is due to the application's failure to handle unexpected
input. This issue occurs only when Fetchmail is configured in
'multidrop' mode.
FETCHMAIL POP3 CLIENT BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 14349
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14349
Summary:
Fetchmail POP3 client is prone to a buffer-overflow vulnerability.
This issue presents itself because the application fails to perform
boundary checks before copying user-supplied data into sensitive
process buffers. This includes POP variants such as APOP and others.
A successful attack can result in overflowing a finite-sized buffer
and can ultimately lead to arbitrary code execution in the context
of the Fetchmail process. This may allow the attacker to gain
elevated privileges.
FETCHMAIL'S FETCHMAILCONF UTILITY LOCAL INFORMATION DISCLOSURE
BugTraq ID: 15179
Last Updated: 2006-05-16
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15179
Summary:
Fetchmail is susceptible to an information-disclosure vulnerability.
This issue is due to a race condition in the 'fetchmailconf'
configuration utility.
This issue allows local attackers to gain access to potentially
sensitive information, including email authentication credentials,
aiding them in further attacks.
Versions of Fetchmail prior to 6.2.9-rc6 include a vulnerable
version of 'fetchmailconf'. Versions of 'fetchmailconf' prior to
1.43.2 and 1.49 are vulnerable.
FILEZILLA CLIENT UNSPECIFIED REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17972
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17972
Summary:
FileZilla client is prone to a remote buffer-overflow vulnerability.
This issue is due to the application's failure to properly bounds-
check user-supplied input before copying it to an insufficiently
sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code
in the context of the affected application. Failed exploit attempts
will likely crash the application, denying further service to
legitimate users.
FileZilla versions prior to 2.2.23 are vulnerable to this issue.
GNUNET EMPTY UDP DATAGRAM REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17980
Last Updated: 2006-05-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17980
Summary:
A denial-of-service vulnerability affects GNUnet. This issue is due
to the application's failure to properly handle malformed UDP
datagrams.
The vulnerability allows remote attackers from external networks to
crash the application, denying further service to legitimate users.
GNUnet versions 0.7.0d and SVN revision 2780 are affected by this
issue; other versions may also be affected.
GNUPG DETACHED SIGNATURE VERIFICATION BYPASS VULNERABILITY
BugTraq ID: 16663
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16663
Summary:
GnuPG is affected by a detached signature verification-bypass
vulnerability. This issue is due to the application's failure to
properly notify scripts that an invalid detached signature was
presented and that the verification process has failed.
This issue allows attackers to bypass the signature-verification
process used in some automated scripts. Depending on the use of
GnuPG, this may result in a false sense of security, the
installation of malicious packages, the execution of attacker-
supplied code, or other attacks.
GNUPG INCORRECT NON-DETACHED SIGNATURE VERIFICATION VULNERABILITY
BugTraq ID: 17058
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17058
Summary:
GnuPG is prone to a vulnerability involving incorrect verification
of non-detached signatures.
A successful attack can allow an attacker to simply take a signed
message, inject arbitrary data into it, and bypass verification.
Note that this issue also affects verification of signatures
embedded in encrypted messages. Scripts and applications using gpg
are affected, as are applications using the GPGME library.
GnuPG versions prior to 1.4.2.2 are vulnerable to this issue.
GRAPHVIZ INSECURE TEMPORARY FILE CREATION VULNERABILITY
BugTraq ID: 15050
Last Updated: 2006-05-17
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15050
Summary:
Graphviz creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of
service if critical files are overwritten in the attack. Other
attacks may be possible as well.
Graphviz 2.2.1 is reportedly affected, but other versions may be
vulnerable as well.
KPDF AND KWORD MULTIPLE UNSPECIFIED BUFFER AND INTEGER OVERFLOW
BugTraq ID: 16143
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16143
Summary:
KPDF and KWord are prone to multiple buffer and integer overflows.
Successful exploitation could result in arbitrary code execution in
the context of the user running the vulnerable application.
Specific details of these issues are not currently available. This
record will be updated when more information becomes available.
The following are vulnerable:
- kdegraphics package
- KPDF versions 3.4.3 and earlier
- KOffice
- KWord versions 1.4.2 and earlier
LIBUNGIF COLORMAP HANDLING MEMORY CORRUPTION VULNERABILITY
BugTraq ID: 15299
Last Updated: 2006-05-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15299
Summary:
The libungif library is prone to a memory-corruption vulnerability.
Reports indicate that due to the library's improper handling of
colormaps in GIF files, an attacker can trigger out-of-bounds writes
and corrupt memory.
This may lead to a denial-of-service condition.
Version 4.1.3 and prior are considered vulnerable to this issue.
LIBUNGIF NULL POINTER DEREFERENCE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15304
Last Updated: 2006-05-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15304
Summary:
The libungif library is prone to a denial-of-service vulnerability.
The library fails to handle exceptional conditions.
Successful exploitation of this vulnerability will cause the
application using the affected library to crash, effectively denying
service to legitimate users.
Version 4.1.3 and prior are considered vulnerable to this issue.
MULTIPLE VENDOR SSH SERVER REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17958
Last Updated: 2006-05-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17958
Summary:
Multiple SSH server implementations are prone to a remote buffer-
overflow vulnerability. The applications fail to properly bounds-
check user-supplied input before copying it to an insufficiently
sized memory buffer.
A successful attack may facilitate arbitrary code execution.
Exploiting this vulnerability may allow an attacker to gain
administrative access on targeted computers.
MULTIPLE VENDOR SSH2 IMPLEMENTATION INCORRECT FIELD LENGTH
BugTraq ID: 6405
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/6405
Summary:
A vulnerability with incorrect lengths of fields in SSH packets has
been reported for multiple products that use SSH2 for secure
communications.
The vulnerability has been reported to affect initialization, key
exchange, and negotiation phases of SSH communications. An attacker
may exploit the vulnerability to perform denial-of-service attacks
against vulnerable systems and possibly to execute malicious, attacker-
supplied code.
Further details about the vulnerability are currently unknown. This
BID will be updated as more information becomes available. This
vulnerability was originally described in Bugtraq ID 6397.
MULTIPLE VENDOR UNACEV2 ARCHIVE FILE NAME BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 14759
Last Updated: 2006-05-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14759
Summary:
Multiple products are prone to a buffer overflow when handling ACE
archives that contain files with overly long names.
This may be exploited to execute arbitrary code in the context of
the user who is running the application. The vulnerability is
considered remotely exploitable in nature because malicious ACE
archives will likely originate from an external, untrusted source.
MYSQL QUERY LOGGING BYPASS VULNERABILITY
BugTraq ID: 16850
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16850
Summary:
MySQL is susceptible to a query-logging-bypass vulnerability. This
issue is due to a discrepancy between the handling of NULL bytes in
the 'mysql_real_query()' function and in the query-logging
functionality.
This issue allows attackers to bypass the query-logging
functionality of the database so they can cause malicious SQL
queries to be improperly logged. This may help them hide the traces
of their malicious activity from administrators.
This issue affects MySQL version 5.0.18; other versions may also
be affected.
MYSQL REMOTE INFORMATION DISCLOSURE AND BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 17780
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17780
Summary:
MySQL is susceptible to multiple remote vulnerabilities:
- A buffer-overflow vulnerability due to insufficient bounds-
checking of user-supplied data before copying it to an
insufficiently sized memory buffer. This issue allows remote
attackers to execute arbitrary machine code in the context of
affected database servers. Failed exploit attempts will likely
crash the server, denying further service to legitimate users.
- Two information-disclosure vulnerabilities due to insufficient input-
sanitization and bounds-checking of user-supplied data. These
issues allow remote users to gain access to potentially sensitive
information that may aid them in further attacks.
NCPFS LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 11945
Last Updated: 2006-05-16
Remote: No
Relevant URL: http://www.securityfocus.com/bid/11945
Summary:
A local buffer overflow vulnerability affects ncpfs. This issue is
due to the application's failure to properly validate the length of
user-supplied strings before copying them into static process
buffers. A local attacker may leverage this issue to execute
arbitrary code on an affected computer with superuser privileges,
facilitating privilege escalation.
NCPFS MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 12400
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12400
Summary:
Multiple remote vulnerabilities affect ncpfs. The utility fails to
manage access privileges securely and to validate the length of user-
supplied strings before copying them into finite process buffers.
The first issue is a remote buffer-overflow vulnerability. The
second issue is an access-validation issue due to the setuid
privileges of ncpfs utilities.
An attacker may leverage these issues to execute arbitrary code with
the privileges of the affected application and to access arbitrary
files with the escalated privileges.
NAGIOS REMOTE NEGATIVE CONTENT-LENGTH BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17879
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17879
Summary:
Nagios is susceptible to a remote buffer-overflow vulnerability.
This issue is due to the application's failure to properly bounds-
check user-supplied input before copying it to an insufficiently
sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code
in the context of hosting webservers.
Nagios versions prior to 2.3 in the 2.x series, and versions prior
to 1.4 in the 1.x series are vulnerable to this issue.
QUAGGA BGPD LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17979
Last Updated: 2006-05-16
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17979
Summary:
Quagga is prone to a local denial-of-service vulnerability.
An attacker can exploit this issue by using commands that cause the
consumption of a large amount of CPU resources.
An attacker may cause the application to crash, thus denying service
to legitimate users.
Version 0.98.3 is vulnerable; other versions may also be affected.
QUAGGA INFORMATION DISCLOSURE AND ROUTE INJECTION VULNERABILITIES
BugTraq ID: 17808
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17808
Summary:
Quagga is susceptible to remote information-disclosure and route-
injection vulnerabilities. The application fails to properly
ensure that required authentication and protocol configuration
options are enforced.
These issues allow remote attackers to gain access to potentially
sensitive network-routing configuration information and to inject
arbitrary routes into the RIP routing table. This may aid malicious
users in further attacks against targeted networks.
Quagga versions 0.98.5 and 0.99.3 are vulnerable to these issues;
other versions may also be affected.
REALVNC REMOTE AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 17978
Last Updated: 2006-05-17
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17978
Summary:
RealVNC is susceptible to an authentication-bypass vulnerability.
This issue is due to a flaw in the authentication process of the
affected package.
Exploiting this issue allows attackers to gain unauthenticated,
remote access to the VNC servers.
RealVNC version 4.1.1 is vulnerable to this issue; other versions
may also be affected.
[ logiciel libre pour Microsoft Windows; cependant la source ne semble
plus être disponible suite à ce bug. Security through obscurity ?
]
XLOADIMAGE COMPRESSED IMAGE COMMAND EXECUTION VULNERABILITY
BugTraq ID: 12712
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12712
Summary:
A remote command-execution vulnerability affects xloadimage. This
issue is due to the application's failure to safely parse
compressed images.
An attacker may leverage this by distributing a malicious image file
designed to execute arbitrary commands with the privileges of an
unsuspecting users.
XPDF DCTSTREAM BASELINE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15727
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15727
Summary:
The 'xpdf' viewer is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. This can result in
the attacker gaining unauthorized access to the vulnerable computer.
This issue is reported to present itself in the
'CTStream::readBaselineSOF' function residing in the
'xpdf/Stream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely prone to this vulnerability as well. Applications using
embedded xpdf code may also be vulnerable.
The 'pdftohtml' utility also includes vulnerable versions of xpdf.
Version .36 of pdftohtml was reported prone to this issue, however,
earlier versions may also be affected.
The 'kpdf' viewer reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XPDF DCTSTREAM PROGRESSIVE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15726
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15726
Summary:
The 'xpdf' utility is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
Reportedly, this issue presents itself in the
'DCTStream::readProgressiveSOF' function residing in the
'xpdf/Stream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely vulnerable as well. Applications using embedded xpdf code may
also be vulnerable.
The 'pdftohtml' utility also includes vulnerable versions of xpdf.
Version .36 of pdftohtml was reported prone to this issue, but
earlier versions may also be affected.
Th 'kpdf' utility reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XPDF DOIMAGE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 12070
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12070
Summary:
The xpdf utility is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the applications fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
An attacker can exploit this issue by enticing a vulnerable user to
open a malformed PDF file. If the application is configured as the
default handler for PDF files, this could present a viable web or
email attack vector, because when the PDF is clicked from an
appropriate client application, xpdf will automatically be invoked.
This issue is reported to affect xpdf 3.00, but earlier versions are
likely prone to this vulnerability as well. Applications using
embedded xpdf code may be vulnerable to these issues as well.
XPDF JPX STREAM READER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15721
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15721
Summary:
The 'xpdf' utility is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
Reportedly, this issue presents itself in the
'JPXStream::readCodestream' function residing in the
'xpdf/JPXStream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely prone to this vulnerability as well. Applications using
embedded xpdf code may also be vulnerable.
The 'kpdf' utility reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XPDF STREAMPREDICTOR REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15725
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15725
Summary:
The 'xpdf' viewer is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
This issue is reported to present itself in the
'StreamPredictor::StreamPredictor' function residing in the
'xpdf/Stream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely prone to this vulnerability as well. Applications using
embedded xpdf code may also be vulnerable.
The 'pdftohtml' utility also includes vulnerable versions of xpdf.
Version .36 of pdftohtml was reported prone to this issue, but
earlier versions may also be affected.
The 'kpdf ' viewer reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XPDF PDFTOPS MULTIPLE INTEGER OVERFLOW VULNERABILITIES
BugTraq ID: 11501
Last Updated: 2006-05-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11501
Summary:
The pdftops utility is reported prone to multiple integer-overflow
vulnerabilities because it fails to properly ensure that user-
supplied input doesn't result in the overflowing of integer
values. This may result in data being copied past the end of a
memory buffer.
These overflows cause the application to allocate smaller-than-
expected memory regions. Subsequent operations are likely to
overwrite memory regions past the end of the allocated buffer,
allowing attackers to overwrite critical memory control structures.
This may allow attackers to control the flow of execution and
potentially execute attacker-supplied code in the context of the
affected application.
Applications using embedded xpdf code may be vulnerable to these
issues as well.
More information about the gull-annonces
mailing list