[gull-annonces] Résumé SecurityFocus Newsletter #351
Marc SCHAEFER
schaefer at alphanet.ch
Wed May 24 12:13:41 CEST 2006
APACHE MOD_IMAP REFERER CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 15834
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15834
Summary:
Apache's mod_imap module is prone to a cross-site scripting
vulnerability. This issue is due to the module's failure to properly
sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user in the context of
the affected site. This may facilitate the theft of cookie-based
authentication credentials as well as other attacks.
APACHE MOD_SSL CUSTOM ERROR DOCUMENT REMOTE DENIAL OF SERVICE
BugTraq ID: 16152
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16152
Summary:
Apache's mod_ssl module is susceptible to a remote denial-of-service
vulnerability. A flaw in the module results in a NULL-pointer
dereference that causes the server to crash. This issue is present
only when virtual hosts are configured with a custom 'ErrorDocument'
statement for '400' errors or 'SSLEngine optional'.
Depending on the configuration of Apache, attackers may crash the
entire webserver or individual child processes. Repeated attacks are
required to deny service to legitimate users when Apache is
configured for multiple child processes to handle connections.
This issue affects Apache 2.x versions.
AWSTATS REMOTE ARBITRARY COMMAND EXECUTION VULNERABILITY
BugTraq ID: 17844
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17844
Summary:
Awstats is prone to an arbitrary command-execution vulnerabilit.
This issue is due to a failure in the application to properly
sanitize user-supplied input.
An attacker can exploit this vulnerability to execute arbitrary
shell commands in the context of the webserver process. This may
help attackers compromise the underlying system; other attacks are
also possible.
BLENDER BLENLOADER FILE PROCESSING INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 15981
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15981
Summary:
Blender is susceptible to an integer-overflow vulnerability. This
issue is due to the application's failure to properly sanitize user-
supplied input before using it in a memory allocation and copy
operation.
This issue allows attackers to execute arbitrary machine code in the
context of the user running the affected application.
CSCOPE INCLUDE FILENAME BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18050
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18050
Summary:
Cscope is prone to a buffer-overflow vulnerability. This issue is
due to a failure in the application to properly validate the size of
attacker-supplied data before copying it into a finite-sized buffer.
This issue allows remote attackers to execute arbitrary machine code
in the context of the user running the application. Failed exploit
attempts will likely crash the application, denying service to
legitimate users.
CYRUS IMAPD POP3D REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18056
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18056
Summary:
Cyrus IMAPD is prone to a remote buffer-overflow vulnerability. This
issue is due to a failure in the application to properly verify user-
supplied input before copying it into a finite-sized buffer.
Successful exploits may result in memory corruption leading to a denial-of-
service condition or arbitrary code execution.
Cyrus IMAPD version 2.3.2 is reported to be vulnerable. Other
versions may be affected as well.
DIA FILENAME REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 18078
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18078
Summary:
Dia is prone to a remote format-string vulnerability.
This issue arises when the application handles specially crafted
filenames. An attacker can exploit this vulnerability by crafting a
malicious filename that contains format specifiers and then coercing
unsuspecting users to open the malicious file with the affected
application.
A successful attack may crash the application or lead to arbitrary
code execution.
This issue affects Dia versions 0.95 and earlier.
ETHEREAL IRC PROTOCOL DISSECTOR DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15219
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15219
Summary:
The Ethereal IRC protocol dissector is prone to a remotely
exploitable denial-of-service vulnerability.
An attacker may exploit this issue by causing Ethereal to process a
malformed packet. Successful exploitation will cause a denial-of-
service condition in the Ethereal application.
Further details are not currently available. This BID will be
updated as more information is disclosed.
FBIDA FBGS INSECURE TEMPORARY FILE CREATION VULNERABILITY
BugTraq ID: 17436
Last Updated: 2006-05-23
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17436
Summary:
The 'fbida' utilities create temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue
to view files and obtain privileged information. The attacker may
also perform symlink attacks, overwriting arbitrary files in the
context of the affected application.
A successful attack would most likely result in loss of
confidentiality and theft of privileged information. Successful
exploitation of a symlink attack may allow an attacker to overwrite
sensitive files. This may result in a denial of service; other
attacks may also be possible.
[ view/edit pictures, http://linux.bytesex.org/fbida/
in console/X11, and CGI in C; jpeg translation tool
]
GNU STRINGS DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17950
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17950
Summary:
The strings utility is susceptible to a denial-of-service
vulnerability because it fails to properly handle unexpected user-
supplied input.
This issue allows attackers to crash the affected utility. This may
aid attackers by making analysis of binary files more difficult.
KPDF AND KWORD MULTIPLE UNSPECIFIED BUFFER AND INTEGER OVERFLOW
BugTraq ID: 16143
Last Updated: 2006-05-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16143
Summary:
KPDF and KWord are prone to multiple buffer and integer overflows.
Successful exploitation could result in arbitrary code execution in
the context of the user running the vulnerable application.
Specific details of these issues are not currently available. This
record will be updated when more information becomes available.
The following are vulnerable:
- kdegraphics package
- KPDF versions 3.4.3 and earlier
- KOffice
- KWord versions 1.4.2 and earlier
KPHONE LOCAL INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 18049
Last Updated: 2006-05-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18049
Summary:
KPhone is susceptible to a local information-disclosure
vulnerability. This issue is due to the application's failure
to ensure that files containing sensitive information are
properly secured.
This issue allows local attackers to gain access to potentially
sensitive information, including SIP configuration and passwords.
This may aid them in further attacks.
KPhone version 4.2 is vulnerable to this issue; other versions may
also be affected.
LIBXPM IMAGE DECODING MULTIPLE REMOTE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 11196
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11196
Summary:
Multiple vulnerabilities are reported to exist in the libXpm. These
issues may be triggered when the library handles malformed XPM
images. The vulnerabilities occur because the software fails to
perform sufficient boundary checks. A successful attack may allow
for unauthorized access to a vulnerable computer.
An attacker can exploit these issues by crafting a malicious XPM
file and having unsuspecting users view the file through an
application that uses the affected library.
LibXpm shipped with X.org X11R6 6.8.0 is reported vulnerable to
this issue.
This BID will be divided and updated as more information becomes
available.
LIBEXTRACTOR MULTIPLE HEAP BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 18021
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18021
Summary:
The libextractor library is affected by multiple buffer-overflow
vulnerabilities. The software fails to perform sufficient boundary
checks of user-supplied input before copying it to insufficiently
sized memory buffers.
An attacker exploits these issues by enticing a vulnerable user to
open a malformed file using an application that employs
libextractor.
This issue allows attackers to execute arbitrary machine code in the
context of applications that use the affected library, aiding them
in the remote compromise of affected computers.
Version 0.5.13 of libextractor is vulnerable to these issues; other
versions may also be affected.
LINUX KERNEL 2.4 RTC HANDLING ROUTINES MEMORY DISCLOSURE VULNERABILITY
BugTraq ID: 9154
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/9154
Summary:
The Linux kernel 2.4 tree has been reported prone to a memory
disclosure vulnerability. The issue is reported to present itself in
kernel real time clock interface procedures, and may result in
kernel memory stack data being leaked into user land. The source of
the vulnerability is that an internal real time clock structure is
not properly initialized with zeros before being read, potentially
returning random contents of kernel stack memory when this operation
occurs. This could expose sensitive information such as credentials
to unprivileged users.
LINUX KERNEL AF_UNIX ARBITRARY KERNEL MEMORY MODIFICATION
VULNERABILITY
BugTraq ID: 11715
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/11715
Summary:
A serialization error is reported to exist in the AF_UNIX address
family; the error creates a race condition. This race condition
reportedly allows local users to repeatedly increment arbitrary
kernel memory locations.
This vulnerability allows local users to modify arbitrary kernel
memory, facilitating privilege escalation; it may possibly allow
code execution in the context of the kernel.
Versions prior to 2.4.28 are reportedly affected by this
vulnerability.
LINUX KERNEL BINFMT_ELF LOADER LOCAL PRIVILEGE ESCALATION
VULNERABILITIES
BugTraq ID: 11646
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/11646
Summary:
Multiple vulnerabilities have been identified in the Linux ELF
binary loader. These issues can allow local attackers to gain
elevated privileges. The source of these issues resides in the
'load_elf_binary' function of the 'binfmt_elf.c' file.
The first issue results from an improper check performed on the
return value of the 'kernel_read()' function. An attacker may gain
control over execution flow of a setuid binary by modifying the
memory layout of a binary.
The second issue results from improper error-handling when the
'mmap()' function fails.
The third vulnerability results from a bad return value when the
program interpreter (linker) is mapped into memory. It is
reported that this issue occurs only in the 2.4.x versions of the
Linux kernel.
The fourth issue presents itself because a user can execute a binary
with a malformed interpreter name string. This issue can lead to a
system crash.
The final issue resides in the 'execve()' code. This issue may allow
an attacker to disclose sensitive data that can potentially be used
to gain elevated privileges.
These issues are currently undergoing further analysis. This BID
will be updated and divided into separate BIDS in the future.
LINUX KERNEL CODA_PIOCTL LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 14967
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14967
Summary:
Linux kernel is prone to a local buffer-overflow vulnerability.
Specifically, the vulnerability affects the 'coda_pioctl()' function
of the 'pioctl.c' file.
A successful attack may result in a denial-of-service condition or
arbitrary code execution with superuser privileges.
This issue may be related to the issues described in BID 12239
(Linux Kernel Multiple Unspecified Vulnerabilities).
LINUX KERNEL ELF BINARY LOADING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 12101
Last Updated: 2006-05-21
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12101
Summary:
The Linux kernel is affected by an ELF binary loading vulnerability.
This issue is due to a failure of the affected kernel to properly
handle malformed ELF binaries.
An attacker may leverage this issue to cause the affected kernel to
crash, denying service to legitimate users.
LINUX KERNEL FLOATING POINT REGISTER CONTENTS LEAK VULNERABILITY
BugTraq ID: 10687
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/10687
Summary:
The Linux kernel is reported prone to a data disclosure
vulnerability.
It is reported that this issue may permit a malicious executable to
disclose the contents of Floating Point registers that belong to
another process.
It is reported that this vulnerability will only affect ia64
systems.
LINUX KERNEL LEASE_INIT LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17943
Last Updated: 2006-05-23
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17943
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the
'lease_init' function.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.16.
LINUX KERNEL LOCAL DENIAL OF SERVICE AND MEMORY DISCLOSURE
BugTraq ID: 11754
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/11754
Summary:
The Linux kernel is reported prone to multiple local vulnerabilities. The
following issues are reported:
Reports indicate that a handcrafted 'a.out' file may be used to
trigger a local denial of service condition.
A local attacker may exploit this vulnerability to trigger a system-
wide denial of service, potentially resulting in a kernel panic.
A memory disclosure vulnerability is also reported to affect the
Linux kernel. This issue reportedly only affects SMP computers with
more than 4GB of memory.
A local attacker may exploit this vulnerability to disclose random
pages of physical memory.
LINUX KERNEL MULTIPLE DEVICE DRIVER VULNERABILITIES
BugTraq ID: 10566
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/10566
Summary:
It has been reported that the Linux kernel is vulnerable to multiple
device driver issues. These issues were found during a recent audit
of the Linux kernel source.
Drivers reportedly affected by these issues are: aironet, asus_acpi,
decnet, mpu401, msnd, and pss.
These issues may reportedly allow attackers to gain access to kernel
memory or gain escalated privileges on the affected computer.
LINUX KERNEL MULTIPLE LOCAL MOXA SERIAL DRIVER BUFFER OVERFLOW
BugTraq ID: 12195
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/12195
Summary:
The MOXA serial port driver in the Linux kernel is reported
susceptible to multiple buffer overflow vulnerabilities. These
issues are due to a failure of the driver to perform proper
bounds checks prior to copying user-supplied data to fixed-size
memory buffers.
These vulnerabilities exist in the 'drivers/char/moxa.c' file.
The vulnerable functions perform a 'copy_from_user()' function call
to copy user-supplied, user-space data to a fixed-size, static
kernel memory buffer (moxaBuff) of 10240 bytes in length while
utilizing the user-supplied length argument as passed from
'MoxaDriverIoctl()'. This reportedly results in improperly bounded
operations, potentially resulting in locally exploitable buffer
overflows.
Linux kernels from 2.2, through 2.4, and 2.6 are all reportedly
susceptible to these vulnerabilities.
LINUX KERNEL MULTIPLE LOCAL VULNERABILITIES
BugTraq ID: 11956
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/11956
Summary:
The Linux kernel is reported prone to multiple local vulnerabilities. The
following individual issues are reported:
- An integer overflow is reported to exist in 'ip_options_get()' of
the 'ip_options.c' kernel source file. This vulnerability is
reported to exist only in the 2.6 kernel tree. Although
unconfirmed, due to its nature this issue presumably may be
further leveraged to execute arbitrary code with ring-0
privileges.
A local attacker may exploit this vulnerability to deny service to
legitimate users. Other attacks are also likely possible.
- A second integer-overflow vulnerability is reported to exist in
the 'vc_resize()' function of the Linux kernel. This vulnerability
is reported to exist in the 2.6 and 2.4 kernel trees. Although
unconfirmed, due to its nature this issue presumably may be
further leveraged to execute arbitrary code with ring-0
privileges.
A local attacker may exploit this vulnerability to deny service to
legitimate users. Other attacks are also likely possible.
- A memory leak is reported to exist in 'ip_options_get()' of the
'ip_options.c' kernel source file. This vulnerability is reported
to exist in the 2.6, and 2.4 kernel tree.
A local attacker may exploit this vulnerability to consume kernel
heap memory resources and in doing so may impact system performance,
ultimately resulting in a denial of service to legitimate users.
LINUX KERNEL MULTIPLE SCTP REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 17910
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17910
Summary:
The Linux kernel SCTP module is susceptible to remote denial-of-
service vulnerabilities. These issues are triggered when the kernel
handles unexpected SCTP packets.
These issues allow remote attackers to trigger kernel panics,
denying further service to legitimate users.
Note that a valid SCTP endpoint must be listening.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior
versions may also be affected.
[ STCP est un protocole TCP-like modifié pour le multi-stream,
multi-homing; pour le moment encore largement expérimental ]
LINUX KERNEL MULTIPLE SCTP REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 17955
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17955
Summary:
The Linux kernel SCTP module is susceptible to remote denial-of-
service vulnerabilities. These issues are triggered when the kernel
handles unexpected SCTP packets.
These issues allow remote attackers to trigger kernel deadlock and
infinite recursion, denying further service to legitimate users.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior
versions may also be affected.
LINUX KERNEL PPP DRIVER UNSPECIFIED REMOTE DENIAL OF SERVICE
BugTraq ID: 12810
Last Updated: 2006-05-21
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12810
Summary:
Linux Kernel (Point-to-Point Protocol) PPP Driver is reported prone
to an unspecified remote denial of service vulnerability.
A successful attack can cause a denial of service condition in the
server and prevent access to legitimate users.
Linux Kernel 2.6.8 was reported vulnerable. It is possible that
subsequent versions are affected as well.
Due to a lack of details, further information is not available at
the moment. This BID will be updated when more information becomes
available.
LINUX KERNEL PANIC FUNCTION CALL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 10233
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/10233
Summary:
The panic() function call of the Linux kernel has been reported
prone to a buffer overflow vulnerability.
The vulnerability is reported to present itself when an unbounded
vsprintf() call within panic() copies user-supplied data into a
fixed buffer. It is reported that it is possible to overrun the
bounds of the affected buffer and corrupt adjacent memory. Because
this buffer resides in kernel memory space this issue may
potentially be exploited to cause kernel memory corruption,
revelation of kernel memory and although unconfirmed, arbitrary code
execution. Some reports indicate that this vulnerability is not
exploitable to any means.
LINUX KERNEL SCM_SEND LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 11921
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/11921
Summary:
Linux kernel is reported prone to a local denial of service
vulnerability. This issue presents itself in the SCM logical sub
layer of the socket API.
An unprivileged application can craft a malformed auxiliary message
and send it to a socket, which results in the kernel invoking
'__scm_send()' in a manner that leads to a crash. This issue can
allow local attackers to cause a denial of service condition on a
vulnerable computer. It is not confirmed if this vulnerability can
be leveraged to gain elevated privileges.
LINUX KERNEL SCTP MULTIPLE REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 18085
Last Updated: 2006-05-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18085
Summary:
The Linux kernel SCTP module is susceptible to remote denial-of-
service vulnerabilities. These issues are triggered when the kernel
handles unexpected SCTP packets.
These issues allow remote attackers to trigger kernel panics,
denying further service to legitimate users.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior
versions may also be affected.
LINUX KERNEL SMBFS MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 11695
Last Updated: 2006-05-21
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11695
Summary:
The Linux kernel is reported susceptible to multiple remote
vulnerabilities in the SMBFS network file system.
These vulnerabilities may lead to the execution of attacker-supplied
machine code, information disclosure of kernel memory, or kernel
crashes, denying service to legitimate users.
Versions of the kernel in both the 2.4, and the 2.6 series are
reported susceptible to various issues.
LINUX KERNEL SNMP NAT HELPER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18081
Last Updated: 2006-05-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18081
Summary:
The Linux SNMP NAT helper is susceptible to a remote denial-of-
service vulnerability.
This issue allows remote attackers to potentially corrupt memory and
ultimately trigger a denial of service for legitimate users.
Kernel versions prior to 2.6.16.18 are vulnerable to this issue.
LINUX KERNEL USB DRIVER UNINITIALIZED STRUCTURE INFORMATION DISCLOSURE
BugTraq ID: 10892
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/10892
Summary:
Certain Linux Kernel USB drivers are prone to a vulnerability that
may permit a local attacker to gain unauthorized to contents of
kernel memory. This could reportedly reveal sensitive information to
a local user.
LINUX KERNEL USB IO_EDGEPORT DRIVER LOCAL INTEGER OVERFLOW
VULNERABILITY
BugTraq ID: 12102
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/12102
Summary:
A local integer-overflow vulnerability affects the Linux kernel's
'io_edgeport' USB driver. This issue is due to the driver's failure
to validate integer bounds.
An attacker may leverage this issue to execute arbitrary
instructions or cause the affected kernel to crash.
LINUX KERNEL UNSPECIFIED LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 10783
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/10783
Summary:
Linux kernel is reported prone to an unspecified local denial of
service vulnerability. It is reported that issue only affects ia64
systems. A local attacker can exploit this issue by dereferencing a
NULL pointer and causing a kernel panic. Successful exploitation
will lead to a denial of service condition in a vulnerable computer.
No further details are available at this time. This issue will be
updated as more information becomes available.
LINUX KERNEL UNW_UNWIND_TO_USER LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 13266
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/13266
Summary:
A local denial of service vulnerability affects the Linux kernel.
A local attacker may leverage this issue to cause an affected Linux
kernel to panic, effectively denying service to legitimate users.
LINUX KERNEL USER TRIGGERABLE BUG() UNSPECIFIED LOCAL DENIAL OF
SERVICE
BugTraq ID: 12261
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/12261
Summary:
Linux Kernel is reported prone to a local denial of service
vulnerability.
It is reported that this issue presents itself when a large Virtual
Memory Area (VMA) is created by a user that overlaps with arg pages
during the exec() system call.
Successful exploitation will lead to a denial of service condition
in a vulnerable computer.
No further details are available at this time. This issue will be
updated as more information becomes available.
LINUX KERNEL USELIB() LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 12190
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/12190
Summary:
Linux kernel is reported prone to a local privilege escalation
vulnerability. This issue arises in the 'uselib()' functions of the
Linux binary format loader as a result of a race condition.
Successful exploitation of this vulnerability can allow a local
attacker to gain elevated privileges on a vulnerable computer.
The ELF and a.out loaders are reportedly affected by this
vulnerability.
LINUX KERNEL DO_FORK() MEMORY LEAKAGE VULNERABILITY
BugTraq ID: 10221
Last Updated: 2006-05-21
Remote: No
Relevant URL: http://www.securityfocus.com/bid/10221
Summary:
It has been reported that the Linux kernel may be prone to a memory
leakage vulnerability. The issue exists because memory is allocate
for child processes but never freed.
This issue has been identified in kernel versions 2.4 and 2.6.
LINUX-VSERVER LOCAL INSECURE GUEST CONTEXT CAPABILITIES VULNERABILITY
BugTraq ID: 17842
Last Updated: 2006-05-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17842
Summary:
The Linux-VServer package is susceptible to a vulnerability
regarding insecure guest-context capabilities. This issue is due to
the kernel's failure to properly enforce security restrictions in
guest hosts.
This issue allows unprivileged users in guest hosts to perform
various operations that should be restricted to superusers. By
exploiting this issue, attackers can launch various attacks in
guest hosts.
Note that this issue allows attackers to execute privileged
operations only in the guest context, not in the host context.
MULTIPLE VENDOR SSH SERVER REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17958
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17958
Summary:
Multiple SSH server implementations are prone to a remote buffer-
overflow vulnerability. The applications fail to properly bounds-
check user-supplied input before copying it to an insufficiently
sized memory buffer.
A successful attack may facilitate arbitrary code execution.
Exploiting this vulnerability may allow an attacker to gain
administrative access on targeted computers.
MYSQL QUERY LOGGING BYPASS VULNERABILITY
BugTraq ID: 16850
Last Updated: 2006-05-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16850
Summary:
MySQL is susceptible to a query-logging-bypass vulnerability. This
issue is due to a discrepancy between the handling of NULL bytes in
the 'mysql_real_query()' function and in the query-logging
functionality.
This issue allows attackers to bypass the query-logging
functionality of the database so they can cause malicious SQL
queries to be improperly logged. This may help them hide the traces
of their malicious activity from administrators.
This issue affects MySQL version 5.0.18; other versions may also
be affected.
MYSQL REMOTE INFORMATION DISCLOSURE AND BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 17780
Last Updated: 2006-05-22
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17780
Summary:
MySQL is susceptible to multiple remote vulnerabilities:
- A buffer-overflow vulnerability due to insufficient bounds-
checking of user-supplied data before copying it to an
insufficiently sized memory buffer. This issue allows remote
attackers to execute arbitrary machine code in the context of
affected database servers. Failed exploit attempts will likely
crash the server, denying further service to legitimate users.
- Two information-disclosure vulnerabilities due to insufficient input-
sanitization and bounds-checking of user-supplied data. These
issues allow remote users to gain access to potentially sensitive
information that may aid them in further attacks.
NAGIOS REMOTE CONTENT-LENGTH INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 18059
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18059
Summary:
Nagios is prone to a remote integer-overflow vulnerability. The
application fails to properly ensure that user-supplied input
doesn't overflow integer values. This may result in user-supplied
data being copied past the end of a memory buffer.
This issue allows remote attackers to execute arbitrary machine code
in the context of hosting webservers.
Nagios versions prior to 2.3.1 are vulnerable to this issue.
This issue is very similar to BID 17879 (Nagios Remote Negative Content-
Length Buffer Overflow Vulnerability), but is a separate issue.
NAGIOS REMOTE NEGATIVE CONTENT-LENGTH BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17879
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17879
Summary:
Nagios is susceptible to a remote buffer-overflow vulnerability.
This issue is due to the application's failure to properly bounds-
check user-supplied input before copying it to an insufficiently
sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code
in the context of hosting webservers.
Nagios versions prior to 2.3 in the 2.x series, and versions prior
to 1.4 in the 1.x series are vulnerable to this issue.
NETPBM PSTOPNM ARBITRARY CODE EXECUTION VULNERABILITY
BugTraq ID: 14379
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14379
Summary:
The 'pstopnm' command is susceptible to an arbitrary command-
execution vulnerability. This issue is due to the program's failure
of to ensure that GhostScript is executed in a secure manner.
This issue allows attackers to create malicious PostScript files
that allow arbitrary commands to be executed when the affected
utility parses the files. This occurs in the context of the user
running the affected utility.
This vulnerability was reported in version 10.0 of netpbm. Other
versions may also be affected.
NETWORK BLOCK DEVICE SERVER BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 16029
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16029
Summary:
NBD is prone to a remote buffer overflow vulnerability. This issue
is due to a failure in the server to do proper bounds checking on
user-supplied data before using it in finite sized buffers.
An attacker can exploit this issue to execute arbitrary code in the
context of the affected application. This may facilitate a
compromise of the underlying system.
POPFILE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16792
Last Updated: 2006-05-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16792
Summary:
A denial-of-service vulnerability has been reported in POPFile.
A remote attacker may cause a denial-of-service condition in the
application, effectively halting service to legitimate users.
PERLPODDER ARBITRARY SHELL COMMAND EXECUTION VULNERABILITY
BugTraq ID: 18067
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18067
Summary:
Perlpodder is prone to an arbitrary command-execution vulnerability.
This issue is due to a failure in the application to properly
sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary shell
commands on the vulnerable computer in the context of the running
application.
[ podcatcher en Perl ]
PRODDER ARBITRARY SHELL COMMAND EXECUTION VULNERABILITY
BugTraq ID: 18068
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18068
Summary:
Prodder is prone to an arbitrary command-execution vulnerability.
This issue is due to a failure in the application to properly
sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary shell
commands on the vulnerable computer in the context of the running
application.
[ podcast client en Perl ]
QUAGGA BGPD LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17979
Last Updated: 2006-05-23
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17979
Summary:
Quagga is prone to a local denial-of-service vulnerability.
An attacker can exploit this issue by using commands that cause the
consumption of a large amount of CPU resources.
An attacker may cause the application to crash, thus denying service
to legitimate users.
Version 0.98.3 is vulnerable; other versions may also be affected.
QUAGGA INFORMATION DISCLOSURE AND ROUTE INJECTION VULNERABILITIES
BugTraq ID: 17808
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17808
Summary:
Quagga is susceptible to remote information-disclosure and route-
injection vulnerabilities. The application fails to properly
ensure that required authentication and protocol configuration
options are enforced.
These issues allow remote attackers to gain access to potentially
sensitive network-routing configuration information and to inject
arbitrary routes into the RIP routing table. This may aid malicious
users in further attacks against targeted networks.
Quagga versions 0.98.5 and 0.99.3 are vulnerable to these issues;
other versions may also be affected.
REALVNC REMOTE AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 17978
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17978
Summary:
RealVNC is susceptible to an authentication-bypass vulnerability.
This issue is due to a flaw in the authentication process of the
affected package.
Exploiting this issue allows attackers to gain unauthenticated,
remote access to the VNC servers.
RealVNC version 4.1.1 is vulnerable to this issue; other versions
may also be affected.
SENDMAIL ASYNCHRONOUS SIGNAL HANDLING REMOTE CODE EXECUTION
VULNERABILITY
BugTraq ID: 17192
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17192
Summary:
Sendmail is prone to a remote code-execution vulnerability.
Remote attackers may leverage this issue to execute arbitrary code
with the privileges of the application, which typically runs as
superuser.
Sendmail versions prior to 8.13.6 are vulnerable to this issue.
XPDF DCTSTREAM BASELINE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15727
Last Updated: 2006-05-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15727
Summary:
The 'xpdf' viewer is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. This can result in
the attacker gaining unauthorized access to the vulnerable computer.
This issue is reported to present itself in the
'CTStream::readBaselineSOF' function residing in the
'xpdf/Stream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely prone to this vulnerability as well. Applications using
embedded xpdf code may also be vulnerable.
The 'pdftohtml' utility also includes vulnerable versions of xpdf.
Version .36 of pdftohtml was reported prone to this issue, however,
earlier versions may also be affected.
The 'kpdf' viewer reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XPDF DCTSTREAM PROGRESSIVE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15726
Last Updated: 2006-05-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15726
Summary:
The 'xpdf' utility is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
Reportedly, this issue presents itself in the
'DCTStream::readProgressiveSOF' function residing in the
'xpdf/Stream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely vulnerable as well. Applications using embedded xpdf code may
also be vulnerable.
The 'pdftohtml' utility also includes vulnerable versions of xpdf.
Version .36 of pdftohtml was reported prone to this issue, but
earlier versions may also be affected.
Th 'kpdf' utility reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XPDF JPX STREAM READER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15721
Last Updated: 2006-05-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15721
Summary:
The 'xpdf' utility is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
Reportedly, this issue presents itself in the
'JPXStream::readCodestream' function residing in the
'xpdf/JPXStream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely prone to this vulnerability as well. Applications using
embedded xpdf code may also be vulnerable.
The 'kpdf' utility reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XPDF STREAMPREDICTOR REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15725
Last Updated: 2006-05-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15725
Summary:
The 'xpdf' viewer is reported prone to a remote buffer-overflow
vulnerability. This issue exists because the application fails to
perform proper boundary checks before copying user-supplied data
into process buffers. A remote attacker may execute arbitrary code
in the context of a user running the application. As a result, the
attacker can gain unauthorized access to the vulnerable computer.
This issue is reported to present itself in the
'StreamPredictor::StreamPredictor' function residing in the
'xpdf/Stream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are
likely prone to this vulnerability as well. Applications using
embedded xpdf code may also be vulnerable.
The 'pdftohtml' utility also includes vulnerable versions of xpdf.
Version .36 of pdftohtml was reported prone to this issue, but
earlier versions may also be affected.
The 'kpdf ' viewer reportedly incorporates vulnerable xpdf code.
Version 0.5 of kpdf is prone to this issue, but other versions may
also be affected.
XTREME TOPSITES MULTIPLE INPUT VALIDATION VULNERABILITIES
BugTraq ID: 18055
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18055
Summary:
Xtreme Topsites is prone to multiple input-validation
vulnerabilities. The issues include cross-site scripting, HTML-
injection, and SQL-injection vulnerabilities. These issues are
due to a failure in the application to properly sanitize user-
supplied input.
Successful exploits of these vulnerabilities could allow an attacker
to compromise the application, access or modify data, steal cookie-
based authentication credentials, control how the site is rendered
to the user, or exploit vulnerabilities in the underlying database
implementation. Other attacks are also possible.
HOSTAPD INVALID EAPOL KEY LENGTH REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 17846
Last Updated: 2006-05-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17846
Summary:
The hostapd application is affected by a remote denial-of-service
vulnerability. This issue is due to the application's failure to
properly handle malformed EAPOL-Key packets.
This issue allows remote attackers to crash affected applications,
denying further network service to legitimate users.
Version 0.3.7 of hostapd is vulnerable to this issue; previous
versions may also be affected.
[ user-space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator ]
More information about the gull-annonces
mailing list