[gull-annonces] Résumé SecurityFocus Newsletter #374-376
Marc SCHAEFER
schaefer at alphanet.ch
Mon Nov 20 22:50:47 CET 2006
APACHE MOD_SSL CUSTOM ERROR DOCUMENT REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 16152
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16152
Summary:
Apache's mod_ssl module is susceptible to a remote denial-of-service
vulnerability. A flaw in the module results in a NULL-pointer
dereference that causes the server to crash. This issue is present
only when virtual hosts are configured with a custom 'ErrorDocument'
statement for '400' errors or 'SSLEngine optional'.
Depending on the configuration of Apache, attackers may crash the
entire webserver or individual child processes. Repeated attacks are
required to deny service to legitimate users when Apache is
configured for multiple child processes to handle connections.
This issue affects Apache 2.x versions.
APACHE STRUTS ERROR RESPONSE CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 15512
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15512
Summary:
Struts is prone to a cross-site scripting vulnerability. This issue
is due to a failure in the application to properly sanitize user-
supplied input.
An attacker may leverage this issue to have arbitrary script code
executed in the browser of an unsuspecting user in the context of
the affected site. This may facilitate the theft of cookie-based
authentication credentials as well as other attacks.
ASTERISK CHAN_SKINNY REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20617
Last Updated: 2006-10-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20617
Summary:
Asterisk is prone to a remote heap-based buffer-overflow
vulnerability because the application fails to properly bounds-check
user-supplied data before copying it to an insufficiently sized
memory buffer.
Exploiting this vulnerability allows remote attackers to execute
arbitrary machine code in the context of the affected application.
Failed exploit attempts will likely crash the server, denying
further service to legitimate users.
ASTERISK MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 19683
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19683
Summary:
Asterisk is prone to remote buffer-overflow, format-string, and
directory-traversal vulnerabilities. These issues arise because
the application fails to properly bounds-check and sanitize user-
supplied input before copying it to an insufficiently sized
memory buffer.
Exploiting these vulnerabilities allows remote attackers to execute
arbitrary machine code in the context of the affected application.
Failed exploit attempts will likely crash the server, denying
further service to legitimate users.
BUGZILLA SYNCSHADOWDB INSECURE TEMPORARY FILE CREATION VULNERABILITY
BugTraq ID: 16061
Last Updated: 2006-11-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16061
Summary:
Bugzilla creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of
service if critical files are overwritten in the attack. Other
attacks may be possible as well.
CLAM ANTI-VIRUS CHM UNPACKER DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20537
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20537
Summary:
ClamAV is prone to a denial-of-service vulnerability because of an
unspecified failure in the CHM unpacker.
Exploitation could cause the application to crash, resulting in a
denial of service.
ECI TELECOM B-FOCUS ADSL2+ COMBO332+ WIRELESS ROUTER INFORMATION
DISCLOSURE VULNERABILITY
BugTraq ID: 20834
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20834
Summary:
ECI Telecom's B-FOCuS ADSL2+ Combo332+ wireless router is prone to
an information disclosure vulnerability. The router's Web-Based
Management interface fails to authenticate users before providing
access to sensitive information.
This issue may allow an unauthenticated remote attacker to retrieve
sensitive information from the affected device that may aid in
further attacks.
[ firmware ]
FREEBSD UFS FILESYSTEM LOCAL INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 20918
Last Updated: 2006-11-07
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20918
Summary:
FreeBSD is prone to a local integer-overflow vulnerability. This
issue affects the UFS filesystem handling code.
An attacker can exploit this vulnerability to trigger a denial-of-
service condition and possibly to execute arbitrary code with
elevated privileges, but this has not been confirmed.
FreeBSD 6.1 is vulnerable to this issue.
FREETYPE LWFN FILES BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18034
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18034
Summary:
FreeType is prone to a buffer-overflow vulnerability. This issue is
due to an integer-overflow that results in a buffer being overrun
with attacker-supplied data.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications that use the affected library. Failed
exploit attempts will likely crash applications, denying service to
legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
GNU GZIP ARCHIVE HANDLING MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20101
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20101
Summary:
The gzip utility is prone to multiple remote buffer-overflow and denial-of-
service vulnerabilities when handling malicious archive files.
Successful exploits may allow a remote attacker to corrupt process
memory by triggering an overflow condition. This may lead to
arbitrary code execution in the context of an affected user and may
facilitate a remote compromise. Attackers may also trigger denial-of-
service conditions by crashing or hanging the application.
Specific information regarding affected versions of gzip is
currently unavailable. This BID will be updated as more information
is released.
GNU MAILMAN MULTIPLE SECURITY VULNERABILITIES
BugTraq ID: 19831
Last Updated: 2006-11-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19831
Summary:
Mailman is prone to multiple security vulnerabilities. The
application fails to properly sanitize user-supplied input, and
exhibits errors in MIME header handling and logging.
An attacker may leverage these issues to execute arbitrary script
code in the browser of an unsuspecting user in the context of the
affected site, to cause a denial of service, and to inject spoofed
log messages. This may help the attacker steal cookie-based
authentication credentials, deny service to users, and launch
other attacks.
These issues affect Mailman versions later than 2.0 and prior
to 2.1.9rc1.
GNU SCREEN MULTIPLE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 20727
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20727
Summary:
GNU Screen is prone to multiple denial-of-service vulnerabilities. A
remote attacker may trigger these issues and deny services to
legitimate users.
GNU Screen versions prior to 4.0.3 are affected by these
vulnerabilities.
GNU TEXINFO INSECURE TEMPORARY FILE CREATION VULNERABILITY
BugTraq ID: 14854
Last Updated: 2006-11-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14854
Summary:
Texinfo creates temporary files in an insecure manner. The issue
resides in the 'textindex.c' file.
Exploitation would most likely result in loss of data or a denial of
service if critical files are overwritten in the attack. Other
attacks may be possible as well.
GNUTLS PKCS RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 20027
Last Updated: 2006-11-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20027
Summary:
GnuTLS is prone to a vulnerability that may allow an attacker to
forge an RSA signature. The attacker may be able to forge a PKCS #1
v1.5 signature when verifying a X.509 certificate.
An attacker may exploit this issue to sign digital certificates or
RSA keys and take advantage of trust relationships that depend on
these credentials, possibly posing as a trusted party and signing a
certificate or key.
This vulnerability is a variant of the issue discussed in BID 19849
(OpenSSL PKCS Padding RSA Signature Forgery Vulnerability) and
affects GnuTLS versions prior to version 1.4.3.
GRAPHICSMAGICK PALM DCM BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 20707
Last Updated: 2006-11-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20707
Summary:
GraphicsMagick is prone to multiple buffer-overflow vulnerabilities
because it fails to perform adequate boundary checks on user-
supplied data before copying it to insufficiently sized buffers.
Successful exploits may allow an attacker to execute arbitrary
machine code to compromise an affected computer or to cause denial-of-
service conditions.
GraphicsMagick 1.1.7 and prior versions are vulnerable.
IMLIB2 LIBRARY MULTIPLE IMAGE FORMAT ARBITRARY CODE EXECUTION
VULNERABILITIES
BugTraq ID: 20903
Last Updated: 2006-11-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20903
Summary:
The imlib2 Library is prone to arbitrary code-execution
vulnerabilities.
An attacker can exploit these issues to execute arbitrary machine
code with the privileges of the currently logged in user.
ISC BIND MULTIPLE REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 19859
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19859
Summary:
ISC BIND is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to cause denial-of-service
conditions, effectively denying service to legitimate users.
IMAGEMAGICK SUN BITMAP IMAGE FILE REMOTE UNSPECIFIED BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 19699
Last Updated: 2006-11-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19699
Summary:
ImageMagick is prone to an unspecified remote buffer-overflow
vulnerability because the application fails to properly bounds-check
user-supplied input before copying it to an insufficiently sized
memory buffer.
This issue allows attackers to execute arbitrary machine code in the
context of applications that use the ImageMagick library.
This BID will be updated as further information is disclosed.
Versions of ImageMagick prior to 6.2.9-2 are vulnerable to
this issue.
LIBRPM QUERY REPORT ARBITRARY CODE EXECUTION VULNERABILITY
BugTraq ID: 20906
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20906
Summary:
The 'librpm' library is prone to an arbitrary code-execution
vulnerability.
An attacker can exploit this issue to execute arbitrary machine code
with the privileges of the currently logged-in user or to crash the
affected application.
LIBTIFF ESTIMATESTRIPBYTECOUNTS() DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19284
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19284
Summary:
LibTIFF is affected by a denial-of-service vulnerability.
An attacker can exploit this vulnerability to cause a denial of
service in applications using the affected library.
LIBTIFF LIBRARY ANONYMOUS FIELD MERGING DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19287
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19287
Summary:
The libTIFF library is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by submitting malformed
image files.
When the libTIFF library routines process a malicious TIFF file,
this could result in abnormal behavior, cause the application to
become unresponsive, or possibly allow malicious code to execute.
LIBTIFF NEXT RLE DECODER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19282
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19282
Summary:
The Next RLE Decoder for libTIFF is prone to a remote heap buffer-
overflow vulnerability.
This issue occurs because the application fails to check boundary
conditions on certain RLE decoding operations.
This issue may allow attackers to execute arbitrary machine code
within the context of the vulnerable application or to cause a
denial of service.
LIBTIFF PIXARLOG DECODER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19290
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19290
Summary:
The PixarLog Decoder for libTIFF is prone to a remote heap buffer-
overflow vulnerability.
This issue may allow attackers to execute arbitrary machine code
within the context of the vulnerable application or to cause a
denial-of-service.
LIBTIFF SANITY CHECKS MULTIPLE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 19286
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19286
Summary:
LibTIFF is affected by multiple denial-of-service vulnerabilities.
An attacker can exploit these vulnerabilities to cause a denial of
service in applications using the affected library.
LIBTIFF TIFFSCANLINESIZE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19288
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19288
Summary:
LibTIFF is prone to a buffer-overflow vulnerability because the
library fails to do proper boundary checks before copying user-
supplied data into a finite-sized buffer.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications using the affected library. Failed
exploit attempts will likely crash the application, denying service
to legitimate users.
LIBTIFF TIFF2PDF REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18331
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18331
Summary:
The tiff2pdf utility is prone to a buffer-overflow vulnerability.
This issue is due to a failure in the application to do proper
boundary checks before copying user-supplied data into a finite-
sized buffer.
This issue allows remote attackers to execute arbitrary machine
code in the context of the affected application. Failed exploit
attempts will likely crash the application, denying service to
legitimate users.
LINKSYS WRT54GS POST REQUEST CONFIGURATION CHANGE AUTHENTICATION
BYPASS VULNERABILITY
BugTraq ID: 19347
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19347
Summary:
Linksys WRT54GS is prone to an authentication-bypass vulnerability.
Reportedly, the device permits changes in its configuration settings
without requring authentication.
Linksys WRT54GS is prone to an authentication-bypass vulnerability.
The problem presents itself when a victim user visits a specially
crafted web page on an attacker-controlled site. An attacker can
exploit this vulnerability to bypass authentication and modify the
configuration settings of the device.
This issue is reported to affect firmware version 1.00.9; other
firmware versions may also be affected.
[ firmware ]
LINUX KERNEL ATM SKBUFF DEREFERENCE REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20363
Last Updated: 2006-11-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20363
Summary:
The Linux kernel is prone to a remote denial-of-service
vulnerability.
This issue is triggered when the kernel processes incoming ATM data.
Exploiting this vulnerability may allow remote attackers to crash
the affected kernel, resulting in denial-of-service conditions.
This issue affects only systems that have ATM hardware and are
configured for ATM kernel support.
Kernel versions from 2.6.0 up to and including 2.6.17 are vulnerable
to this issue.
LINUX KERNEL CD-ROM DRIVER LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18847
Last Updated: 2006-11-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18847
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied input before
using it in a memory copy operation.
This issue allows local attackers to overwrite kernel memory with
arbitrary data, potentially allowing them to execute malicious
machine code in the context of affected kernels. This vulnerability
facilitates the complete compromise of affected computers.
Linux kernel version 2.6.17.3 and prior are affected by this issue.
LINUX KERNEL ISO9660 DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20920
Last Updated: 2006-11-07
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20920
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue affects the ISO9660 filesystem
handling code.
An attacker can exploit this issue to crash the affected computer,
denying service to legitimate users.
LINUX KERNEL MULTIPLE IPV6 PACKET FILTERING BYPASS VULNERABILITIES
BugTraq ID: 20955
Last Updated: 2006-11-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20955
Summary:
The Linux kernel is prone to multiple IPv6 packet filtering
bypass vulnerabilities because of insufficient handling of
fragmented packets.
An attacker could exploit these issues to bypass ip6_table filtering
rules. This could result in a false sense of security because
filtering rules set up by system administrators can be bypassed in
order to access services which are otherwise protected.
LINUX KERNEL NFS AND EXT3 COMBINATION REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19396
Last Updated: 2006-11-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19396
Summary:
The Linux kernel is susceptible to a remote denial-of-service
vulnerability because the EXT3 filesystem code fails to properly
handle unexpected conditions.
Remote attackers may trigger this issue by sending crafted UDP
datagrams to affected computers that are configured as NFS servers,
causing filesystem errors. Depending on the mount-time options of
affected filesystems, this may result in remounting filesystems as
read-only or cause a kernel panic.
Linux kernel versions 2.6.14.4, 2.6.17.6, and 2.6.17.7 are
vulnerable to this issue; other versions in the 2.6 series are also
likely affected.
LINUX KERNEL SCTP SO_LINGER LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20087
Last Updated: 2006-11-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20087
Summary:
The Linux kernel SCTP module is prone to a local denial-of-service
vulnerability.
This issue allows local attackers to cause kernel crashes, denying
service to legitimate users.
Specific information regarding affected versions of the Linux kernel
is currently unavailable. This BID will be updated as further
information is disclosed.
LINUX KERNEL SMBFS CHROOT SECURITY RESTRICTION BYPASS VULNERABILITY
BugTraq ID: 17735
Last Updated: 2006-11-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17735
Summary:
The Linux Kernel is prone to a vulnerability that allows attackers
to bypass a security restriction. This issue is due to a failure in
the kernel to properly sanitize user-supplied data.
The problem affects chroot inside of an SMB-mounted filesystem
('smbfs'). A local attacker who is bounded by the chroot can exploit
this issue to bypass the chroot restriction and gain unauthorized
access to the filesystem.
LINUX KERNEL SNMP NAT HELPER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18081
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18081
Summary:
The Linux SNMP NAT helper is susceptible to a remote denial-of-
service vulnerability.
This issue allows remote attackers to potentially corrupt memory and
ultimately trigger a denial of service for legitimate users.
Kernel versions prior to 2.6.16.18 are vulnerable to this issue.
LINUX KERNEL SHARED MEMORY SECURITY RESTRICTION BYPASS VULNERABILITIES
BugTraq ID: 17587
Last Updated: 2006-11-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17587
Summary:
The Linux kernel is prone to vulnerabilities regarding access to
shared memory.
A local attacker could potentially gain read and write access to
shared memory and write access to read-only tmpfs filesystems,
bypassing security restrictions.
An attacker can exploit these issues to possibly corrupt
applications and their data when the applications use temporary
files or shared memory.
LINUX KERNEL SSOCKADDR_IN.SIN_ZERO KERNEL MEMORY DISCLOSURE
VULNERABILITIES
BugTraq ID: 17203
Last Updated: 2006-11-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17203
Summary:
The Linux kernel is affected by local memory-disclosure
vulnerabilities. These issues are due to the kernel's failure to
properly clear previously used kernel memory before returning it to
local users.
These issues allow an attacker to read kernel memory and potentially
gather information to use in further attacks.
MONO SYSTEM.CODEDOM.COMPILER CLASS INSECURE TEMPORARY FILE CREATION
VULNERABILITY
BugTraq ID: 20340
Last Updated: 2006-11-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20340
Summary:
The Mono 'System.CodeDom.Compiler' class creates temporary files in
an insecure manner.
An attacker with local access could potentially exploit this issue
to perform symlink attacks, overwriting arbitrary files in the
context of the affected application.
Successfully exploiting a symlink attack may allow an attacker to
overwrite or corrupt sensitive files. This may result in a denial of
service; other attacks may also be possible.
Versions 1.0 and 2.0 are vulnerable; other versions may also
be affected.
MOZILLA CLIENT PRODUCTS MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20957
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20957
Summary:
The Mozilla Foundation has released two security advisories
specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
Thunderbird.
These vulnerabilities allow attackers to:
- crash the applications and potentially execute arbitrary machine
code in the context of the vulnerable applications.
- run arbitrary JavaScript bytecode.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as more
information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.8
- Mozilla Thunderbird version 1.5.0.8
- Mozilla SeaMonkey version 1.0.6
MOZILLA FIREFOX FTP DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19678
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19678
Summary:
Mozilla Firefox is prone to a denial-of-service vulnerability when
making FTP connections.
An attacker may exploit this vulnerability to cause Mozilla Firefox
to crash, resulting in denial-of-service conditions.
Mozilla Firefox 1.5.0.6 and prior versions are prone to this issue.
MOZILLA FIREFOX RANGE SCRIPT OBJECT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20799
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20799
Summary:
Mozilla Firefox is prone to a remote denial-of-service
vulnerability.
An attacker may exploit this vulnerability to cause Mozilla Firefox
to crash, resulting in denial-of-service conditions.
Mozilla Firefox 1.5.0.7 and prior, as well as version 2.0 are prone
to this issue.
MOZILLA FIREFOX, SEAMONKEY, CAMINO, AND THUNDERBIRD MULTIPLE REMOTE
VULNERABILITIES
BugTraq ID: 18228
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18228
Summary:
The Mozilla Foundation has released thirteen security advisories
specifying security vulnerabilities in Mozilla Firefox, SeaMonkey,
Camino, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- run JavaScript code with elevated privileges, potentially allowing
the remote execution of machine code
- gain access to potentially sensitive information.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as
further information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.4
- Mozilla Thunderbird version 1.5.0.4
- Mozilla SeaMonkey version 1.0.2
- Mozilla Camino 1.0.2
MOZILLA FIREFOX/THUNDERBIRD/SEAMONKEY MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20042
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20042
Summary:
The Mozilla Foundation has released six security advisories
specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary code
- perform cross-site scripting attacks
- supply malicious data through updates
- inject arbitrary content
- execute arbitrary JavaScript
- crash affected applications and potentially execute
arbitrary code.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as more
information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.7
- Mozilla Thunderbird version 1.5.0.7
- Mozilla SeaMonkey version 1.0.5
MOZILLA MULTIPLE PRODUCTS REMOTE VULNERABILITIES
BugTraq ID: 19181
Last Updated: 2006-11-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19181
Summary:
The Mozilla Foundation has released thirteen security advisories
specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- run arbitrary script code with elevated privileges
- gain access to potentially sensitive information
- carry out cross-domain scripting attacks.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as more
information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.5
- Mozilla Thunderbird version 1.5.0.5
- Mozilla SeaMonkey version 1.0.3
MOZILLA NETWORK SECURITY SERVICES LIBRARY REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 18604
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18604
Summary:
NSS is susceptible to a remote denial-of-service vulnerability. This
issue is due to a memory leak in the library.
This issue allows remote attackers to consume excessive memory
resources on affected computers. This may lead to computer hangs or
panics, denying service to legitimate users.
NSS version 3.11 is affected by this issue.
MULTIPLE VENDOR AMD CPU LOCAL FPU INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 17600
Last Updated: 2006-11-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17600
Summary:
Multiple vendors' operating systems are prone to a local information-
disclosure vulnerability. This issue is due to a flaw in the
operating systems that fail to properly use AMD CPUs.
Local attackers may exploit this vulnerability to gain access to
potentially sensitive information regarding other processes
executing on affected computers. This may aid attackers in
retrieving information regarding cryptographic keys or other
sensitive information.
This issue affects Linux and FreeBSD operating systems that use
generations 7 and 8 AMD CPUs.
MUTT INSECURE TEMPORARY FILE CREATION MULTIPLE VULNERABILITIES
BugTraq ID: 20733
Last Updated: 2006-10-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20733
Summary:
Mutt creates temporary files in an insecure manner.
Attackers could exploit these issues to perform symlink attacks to
overwrite arbitrary files using the privileges of the user running
the vulnerable application.
Mutt 1.5.12 and prior versions are vulnerable.
NET-SNMP UNSPECIFIED REMOTE STREAM-BASED PROTOCOL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 14168
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14168
Summary:
Net-SNMP is prone to a remote denial-of-service vulnerability. The
issue is exposed when Net-SNMP is configured to have an open stream-
based protocol port, such as TCP.
The exact details describing this issue are not available. This BID
will be updated when further details are made available.
NETKIT FTP SERVER CHDIR INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 21000
Last Updated: 2006-11-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21000
Summary:
Netkit FTP Server ('ftpd') is prone to an information-disclosure
vulnerability due to a design error.
A local attacker could exploit this issue to bypass access
restrictions and gain access to the root directory of the FTP
server. Directory information gained may aid in further attacks.
Netkit FTP Server 0.17 and prior versions are affected.
OWFS OWSERVER FILE PATH DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20953
Last Updated: 2006-11-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20953
Summary:
OWFS Owserver is prone to a denial-of-service issue.
An attacker can exploit this issue to crash the affected server,
denying service to legitimate users.
This issue affects version 2.5p5; other versions may also be
affected.
[ système de fichiers représentant des ports d'ES ]
OPENBSD ISAKMPD IPSEC REPLAY VULNERABILITY
BugTraq ID: 19712
Last Updated: 2006-11-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19712
Summary:
OpenBSD's IPsec implementation is prone to remote replay
attacks. This issue is due to the improper implementation of its
replay window.
This issue allows remote attackers to replay IPsec traffic. The
exact consequences of successful attacks depend on the nature of the
traffic being replayed. This will likely affect only higher-level
protocols such as UDP, since they don't provide their own anti-
replay features.
OPENPBS MULTIPLE LOCAL AND REMOTE VULNERABILITIES
BugTraq ID: 20776
Last Updated: 2006-10-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20776
Summary:
OpenPBS is prone to multiple unspecified remote and local
vulnerabilities.
Exploiting these issues may allow both local and remote attackers to
completely compromise affected computers because portions of the
software operate with superuser privileges. Failed exploit attempts
may result in denial-of-service conditions.
Very little information is currently available; this BID will be
updated as more information is disclosed.
[ batch work ]
OPENSSH LOGINGRACETIME REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 14963
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14963
Summary:
OpenSSH is susceptible to a remote denial-of-service vulnerability.
This issue is due to a design flaw when servicing timeouts related
to the 'LoginGraceTime' server-configuration directive.
Specifically, when 'LoginGraceTime' in conjunction with
'MaxStartups' and 'UsePrivilegeSeparation' are configured and
enabled in the server, a condition may arise where the server
refuses further remote connection attempts.
This issue may be exploited by remote attackers to deny SSH service
to legitimate users.
OPENSSH-PORTABLE GSSAPI AUTHENTICATION ABORT INFORMATION
DISCLOSURE WEAKNESS
BugTraq ID: 20245
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20245
Summary:
OpenSSH-Portable is prone to an information-disclosure weakness. The
issue stems from a GSSAPI authentication abort.
Reportedly, attackers may leverage a GSSAPI authentication abort to
determine the presence and validity of usernames on unspecified
platforms.
This issue occurs when OpenSSH-Portable is configured to accept
GSSAPI authentication.
OpenSSH-Portable 4.3p1 and prior versions exhibit this weakness.
OPENSSL ASN.1 STRUCTURES DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20248
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20248
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
An attacker may exploit this issue to cause applications that use
the vulnerable library to consume excessive CPU and memory resources
and crash, denying further service to legitimate users.
OPENSSL PKCS PADDING RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 19849
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to
forge an RSA signature. The attacker may be able to forge a PKCS #1
v1.5 signature when an RSA key with exponent 3 is used.
An attacker may exploit this issue to sign digital certificates or
RSA keys and take advantage of trust relationships that depend on
these credentials, possibly posing as a trusted party and signing a
certificate or key.
All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are
affected by this vulnerability. Updates are available.
OPENSSL PUBLIC KEY PROCESSING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20247
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20247
Summary:
OpenSSL is prone to a denial-of-service vulnerability because it
fails to validate the lengths of public keys being used.
An attacker can exploit this issue to crash an affected server
using OpenSSL.
OPENSSL SSL_GET_SHARED_CIPHERS BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20249
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20249
Summary:
OpenSSL is prone to a buffer-overflow vulnerability because the
library fails to properly bounds-check user-supplied input before
copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue may result in the execution of
arbitrary machine code in the context of applications that use the
affected library. Failed exploit attempts may crash applications,
denying service to legitimate users.
OPENSSL SSLV2 NULL POINTER DEREFERENCE CLIENT DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20246
Last Updated: 2006-10-31
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20246
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
A malicious server could cause a vulnerable client application to
crash, effectively denying service.
PADL SOFTWARE PAM_LDAP PASSWORDPOLICYRESPONSE AUTHENTICATION BYPASS
VULNERABILITY
BugTraq ID: 20880
Last Updated: 2006-11-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20880
Summary:
The pam_ldap module is prone to an authentication-bypass
vulnerability.
An attacker can exploit this issue to bypass authentication. This
occurs in applications using pam_ldap authentication for locked-
out accounts.
PCRE REGULAR EXPRESSION HEAP OVERFLOW VULNERABILITY
BugTraq ID: 14620
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14620
Summary:
PCRE is prone to a heap-overflow vulnerability. This issue is due to
the library's failure to properly perform boundary checks on user-
supplied input before copying data to an internal memory buffer.
The impact of successful exploitation of this vulnerability depends
on the application and the user credentials using the vulnerable
library. A successful attack may ultimately permit an attacker to
control the contents of critical memory control structures and write
arbitrary data to arbitrary memory locations.
[ Perl Compatible Regular Expression, C ]
POSTGRESQL MULTIPLE LOCAL DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 20717
Last Updated: 2006-10-31
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20717
Summary:
PostgreSQL is prone to multiple local denial-of-service
vulnerabilities because of various errors in the application when
handling user-supplied data.
A local authenticated attacker can exploit these issues to crash the
server, effectively denying service to legitimate users.
PROFTPD UNSPECIFIED REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 20992
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20992
Summary:
ProFTPD is prone to an unspecified remote code-execution
vulnerability.
Presumably, a remote attacker can exploit this issue to gain
unauthorized access to a computer in the context of the server.
This issue is reported to affected version 1.3.0; other versions may
be vulnerable as well.
SAMBA INTERNAL DATA STRUCTURES DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18927
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18927
Summary:
The smbd daemon is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to consume excessive memory
resources, ultimately crashing the affected application.
This issue affects Samba versions 3.0.1 through 3.0.22 inclusive.
SENDMAIL MALFORMED MIME MESSAGE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18433
Last Updated: 2006-10-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18433
Summary:
Sendmail is prone to a denial-of-service vulnerability because
the application fails to properly handle malformed multi-part
MIME messages.
An attacker can exploit this issue to crash the sendmail process
during delivery.
TWIKI VIEWFILE DIRECTORY TRAVERSAL VULNERABILITY
BugTraq ID: 19907
Last Updated: 2006-11-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19907
Summary:
Twiki is prone to a directory-traversal vulnerability because it
fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary
files from the vulnerable system in the context of the affected
application. Information obtained may aid in further attacks.
Twiki versions 4.00 to 4.04 are vulnerable to this issue.
TEXINFO FILE HANDLING BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20959
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20959
Summary:
Texinfo is prone to a buffer-overflow vulnerability because the
application fails to properly bounds-check user-supplied input
before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to cause the affected
applications using Texinfo to crash, denying service to legitimate
users. Arbitrary code execution may also be possible, but this has
not been confirmed.
TROLLTECH QT PIXMAP IMAGES INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 20599
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20599
Summary:
Qt is prone to an integer-overflow vulnerability because the library
fails to do proper bounds checking on user-supplied data.
An attacker can exploit this vulnerability to execute arbitrary code
in the context of the application using the vulnerable library.
Failed exploit attempts will likely cause denial-of-service
conditions.
WFTPD SERVER APPE COMMAND BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20942
Last Updated: 2006-11-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20942
Summary:
WFTPD is prone to a buffer-overflow vulnerability. This issue is due
to a failure in the application to do proper bounds checking on user-
supplied data before storing it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary machine code
in the context of the affected server application.
Version 3.23 is reportedly affected by this issue; other versions
may also be affected.
WIRESHARK MULTIPLE PROTOCOL DISSECTORS DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 20762
Last Updated: 2006-11-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20762
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may permit attackers to cause crashes and
deny service to legitimate users of the application.
Wireshark versions prior to 0.99.4 are affected.
X.ORG LIBXFONT CID FONT FILE MULTIPLE INTEGER OVERFLOW VULNERABILITIES
BugTraq ID: 19974
Last Updated: 2006-11-07
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19974
Summary:
The libXfont library is prone to multiple integer-overflow
vulnerabilities.
Attackers can exploit this issue to execute arbitrary code with
superuser privileges. A successful exploit will result in the
complete compromise of affected computers. Failed exploit attempts
will result in a denial of service.
X.ORG X WINDOW SERVER LIBX11 XINPUT FILE DESCRIPTOR LEAK VULNERABILITY
BugTraq ID: 20845
Last Updated: 2006-11-07
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20845
Summary:
X.Org X Window Server libX11 library 'Xinput' module is prone to a
file-descriptor leak due to a design error.
The vulnerability arises because the application fails to close a
file descriptor after file operations. An attacker can exploit this
issue to open files with elevated privileges.
Versions 1.0.2 and 1.0.3 of libX11 are reported affected; other
versions may be affected as well.
YUKIHIRO MATSUMOTO RUBY CGI MODULE MIME DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20777
Last Updated: 2006-11-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20777
Summary:
Ruby is prone to a remote denial-of-service vulnerability because
the application's CGI module fails to properly handle specific HTTP
requests that contain invalid information.
Successful exploits may allow remote attackers to cause denial-of-
service conditions on computers running the affected Ruby CGI
Module.
More information about the gull-annonces
mailing list