[gull-annonces] Résumé SecurityFocus Newsletter #367/368
Marc SCHAEFER
schaefer at alphanet.ch
Thu Sep 28 22:49:05 CEST 2006
ALSAPLAYER MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 19450
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19450
Summary:
AlsaPlayer is prone to multiple buffer-overflow vulnerabilities
because the application fails to check the size of the data before
copying it into a finite-sized internal memory buffer.
An attacker can exploit these issues to execute arbitrary code
within the context of the application or cause a denial-of-service
condition.
AlsaPlayer 0.99.76, the CVS version as of 9 Aug 2006, and prior
versions are vulnerable to this issue; other versions may also
be affected.
APACHE HTTP SERVER ARBITRARY HTTP REQUEST HEADERS SECURITY WEAKNESS
BugTraq ID: 19661
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19661
Summary:
Apache HTTP server is prone to an HTTP request header security
weakness.
An attacker may exploit this issue to steal cookie-based
authentication credentials and launch other attacks.
BLOJSOM CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 20026
Last Updated: 2006-09-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20026
Summary:
Blojsom is prone to a cross-site scripting vulnerability because it
fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to have arbitrary script code
execute in the browser of an unsuspecting user in the context of the
affected site. This may help the attacker steal cookie-based
authentication credentials and launch other attacks.
BUSYBOX HTTPD DIRECTORY TRAVERSAL VULNERABILITY
BugTraq ID: 20067
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20067
Summary:
The httpd daemon of BusyBox is prone to a directory-traversal
vulnerability because it fails to properly sanitize user-
supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary
files from the vulnerable system in the context of the affected
application. Information obtained may aid in further attacks.
This issue affects version 1.01; other versions may also be
vulnerable.
CISCO IOS MULTIPLE VLAN TRUNKING PROTOCOL VULNERABILITIES
BugTraq ID: 19998
Last Updated: 2006-09-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19998
Summary:
Cisco IOS is prone to multiple vulnerabilities when handling VLAN
Trunking Protocol (VTP) packets.
These issues include two denial-of-service vulnerabilities and a buffer-
overflow vulnerability.
Attackers require access to trunk ports on affected devices for
VTP packets to be accepted. Attackers may reportedly use the
Dynamic Trunk Protocol (DTP) to become a trunking peer to gain
required access.
By exploiting these issues, attackers may crash affected routers,
cause further VTP packets to be ignored, or potentially execute
arbitrary machine code in the context of affected devices.
Cisco IOS 12.1(19) is vulnerable to these issues; other versions are
also likely affected.
[ firmware ]
FFMPEG IMAGE FILE UNSPECIFIED MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 20009
Last Updated: 2006-09-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20009
Summary:
FFmpeg is prone to multiple unspecified remote buffer-overflow
vulnerabilities because the application using this library fails to
properly bounds-check user-supplied input before copying it to an
insufficiently sized memory buffer.
These issues allow attackers to execute arbitrary machine code
within the context of the affected application.
This BID will be updated as more information is disclosed.
Versions prior to 0.4.9_p20060530 are vulnerable to this issue.
FFMPEG LIBAVCODEC HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15743
Last Updated: 2006-09-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15743
Summary:
FFmpeg's 'libavcodec' is prone to a heap buffer-overflow
vulnerability. This issue is due to the library's failure to
properly bounds-check user-supplied data before using it in memory
allocation and copy operations.
Attackers may exploit this vulnerability to execute arbitrary code
in the context of applications that use an affected version of the
libavcodec library.
An attacker can exploit this issue by enticing a user to open a
malformed PNG file with an application that uses a vulnerable
version of libavcodec. If the application is configured as the
default handler for PNG files, this could present a viable web or
email attack vector -- when the PNG is clicked from an appropriate
client application, the application using the vulnerable library
will automatically be invoked.
FREETYPE LWFN FILES BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18034
Last Updated: 2006-09-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18034
Summary:
FreeType is prone to a buffer-overflow vulnerability. This issue is
due to an integer-overflow that results in a buffer being overrun
with attacker-supplied data.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications that use the affected library. Failed
exploit attempts will likely crash applications, denying service to
legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
GNU GZIP ARCHIVE HANDLING MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20101
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20101
Summary:
The gzip utility is prone to multiple remote buffer-overflow and denial-of-
service vulnerabilities when handling malicious archive files.
Successful exploits may allow a remote attacker to corrupt process
memory by triggering an overflow condition. This may lead to
arbitrary code execution in the context of an affected user and
facilitate a remote compromise. Attackers may also trigger denial-of-
service conditions by crashing or hanging the application.
Specific information regarding affected versions of gzip is
currently unavailable. This BID will be updated as more information
is released.
GNU MAILMAN MULTIPLE SECURITY VULNERABILITIES
BugTraq ID: 19831
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19831
Summary:
Mailman is prone to multiple security vulnerabilities. The
application fails to properly sanitize user-supplied input, and
exhibits errors in MIME header handling and logging.
An attacker may leverage these issues to execute arbitrary script
code in the browser of an unsuspecting user in the context of the
affected site, to cause a denial of service, and to inject spoofed
log messages. This may help the attacker steal cookie-based
authentication credentials, deny service to users, and launch
other attacks.
These issues affect Mailman versions later than 2.0 and prior
to 2.1.9rc1.
GNUTLS PKCS RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 20027
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20027
Summary:
GnuTLS is prone to a vulnerability that may allow an attacker to
forge an RSA signature. The attacker may be able to forge a PKCS #1
v1.5 signature when verifying a X.509 certificate.
An attacker may exploit this issue to sign digital certificates or
RSA keys and take advantage of trust relationships that depend on
these credentials, possibly posing as a trusted party and signing a
certificate or key.
This vulnerability is a variant of the issue discussed in BID 19849
(OpenSSL PKCS Padding RSA Signature Forgery Vulnerability) and
affects GnuTLS versions prior to version 1.4.3.
ISC BIND MULTIPLE REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 19859
Last Updated: 2006-09-15
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19859
Summary:
ISC BIND is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues to cause denial-of-service
conditions, effectively denying service to legitimate users.
IODINE UNSPECIFIED SECURITY VULNERABILITY
BugTraq ID: 20017
Last Updated: 2006-09-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20017
Summary:
Iodine is prone to an unspecified security vulnerability.
Very little information is available on this issue; this BID will be
updated as more information becomes available.
[ IP tunnel through DNS ]
JIRA CONFIGURERELEASENOTE.JSPA CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 18575
Last Updated: 2006-09-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18575
Summary:
Jira is prone to a cross-site scripting vulnerability because the
application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code
execute in the browser of an unsuspecting user in the context of the
affected site. This may help the attacker steal cookie-based
authentication credentials and launch other attacks.
LINUX KERNEL 2.6.16.13 MULTIPLE SCTP REMOTE DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 17955
Last Updated: 2006-09-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17955
Summary:
The Linux kernel SCTP module is susceptible to remote denial-of-
service vulnerabilities. These issues are triggered when the kernel
handles unexpected SCTP packets.
These issues allow remote attackers to trigger kernel deadlock and
infinite recursion, denying further service to legitimate users.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior
versions may also be affected.
LINUX KERNEL CD-ROM DRIVER LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18847
Last Updated: 2006-09-18
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18847
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied input before
using it in a memory copy operation.
This issue allows local attackers to overwrite kernel memory with
arbitrary data, potentially allowing them to execute malicious
machine code in the context of affected kernels. This vulnerability
facilitates the complete compromise of affected computers.
Linux kernel version 2.6.17.3 and prior are affected by this issue.
LINUX KERNEL CHOOSE_NEW_PARENT LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18099
Last Updated: 2006-09-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18099
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the
'choose_new_parent' function.
This vulnerability allows local users to cause a kernel panic,
denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.11.12.
LINUX KERNEL ELF FILE CROSS REGION MAPPING LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19702
Last Updated: 2006-09-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19702
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue could cause an affected computer to crash.
LINUX KERNEL ELF FILE ENTRY POINT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16925
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16925
Summary:
Linux kernel is prone to a denial-of-service vulnerability when
processing a malformed ELF file. This issue occurs only on Intel
EM64T processors.
Linux kernel versions prior to 2.6.15.5 are affected by this issue.
LINUX KERNEL IP ID INFORMATION DISCLOSURE WEAKNESS
BugTraq ID: 17109
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17109
Summary:
The Linux kernel is prone to a remote information-disclosure
weakness. This issue is due to an implementation flaw of a zero
'ip_id' information-disclosure countermeasure.
This issue allows remote attackers to use affected computers in
stealth network port and trust scans.
The Linux kernel 2.6 series, as well as some kernels in the 2.4
series, are affected by this weakness.
LINUX KERNEL INTEL EM64T SYSRET LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17541
Last Updated: 2006-09-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17541
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue arises in Intel EM64T CPUs when returning
program control using SYSRET.
This vulnerability allows local users to crash the kernel, denying
further service to legitimate users.
LINUX KERNEL LEASE_INIT LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 17943
Last Updated: 2006-09-15
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17943
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the
'lease_init' function.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.16.
LINUX KERNEL MULTIPLE SECURITY VULNERABILITIES
BugTraq ID: 15049
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15049
Summary:
Linux kernel is prone to multiple vulnerabilities. These issues may
allow local and remote attackers to trigger denial-of-service
conditions or to access sensitive kernel memory.
Linux kernel 2.6.x versions are known to be vulnerable at the
moment. Other versions may be affected as well.
LINUX KERNEL NFS AND EXT3 COMBINATION REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19396
Last Updated: 2006-09-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19396
Summary:
The Linux kernel is susceptible to a remote denial-of-service
vulnerability because the EXT3 filesystem code fails to properly
handle unexpected conditions.
Remote attackers may trigger this issue by sending crafted UDP
datagrams to affected computers that are configured as NFS servers,
causing filesystem errors. Depending on the mount-time options of
affected filesystems, this may result in remounting filesystems as
read-only or cause a kernel panic.
Linux kernel versions 2.6.14.4, 2.6.17.6, and 2.6.17.7 are
vulnerable to this issue; other versions in the 2.6 series are also
likely affected.
LINUX KERNEL NETFILTER CONNTRACK_PROTO_SCTP.C DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 18755
Last Updated: 2006-09-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18755
Summary:
The Linux kernel 'netfilter' module is prone to a denial-of-service
vulnerability.
Successful exploits of this vulnerability will cause the kernel to
crash, effectively denying service to legitimate users.
LINUX KERNEL PPC970 SYSTEMS LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19615
Last Updated: 2006-09-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19615
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability.
An attacker can exploit this issue to crash the kernel, denying
further service to legitimate users.
LINUX KERNEL PRCTL CORE DUMP HANDLING PRIVILEGE ESCALATION
VULNERABILITY
BugTraq ID: 18874
Last Updated: 2006-09-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18874
Summary:
Linux kernel is prone to a local privilege-escalation vulnerability.
A local attacker may gain elevated privileges by creating a coredump
file in a directory that they do not have write access to.
A successful attack may result in a complete compromise.
Linux kernel versions prior to 2.6.17.4 are vulnerable.
LINUX KERNEL PROC FILESYSTEM LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 18992
Last Updated: 2006-09-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18992
Summary:
The Linux kernel is prone to a local privilege-escalation
vulnerability because of a race-condition in the 'proc' filesystem.
This issue allows local attackers to gain superuser privileges,
facilitating the complete compromise of affected computers.
The 2.6 series of the Linux kernel is vulnerable to this issue.
LINUX KERNEL SCTP MULTIPLE REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 18085
Last Updated: 2006-09-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18085
Summary:
The Linux kernel SCTP module is prone to remote denial-of-service
vulnerabilities. These issues are triggered when the kernel handles
unexpected SCTP packets.
These issues allow remote attackers to trigger kernel panics,
denying further service to legitimate users.
The Linux kernel version 2.6.16 is vulnerable to these issues; prior
versions may also be affected.
LINUX KERNEL SCTP SO_LINGER LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20087
Last Updated: 2006-09-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20087
Summary:
The Linux kernel SCTP module is prone to a local denial-of-service
vulnerability.
This issue allows local attackers to cause kernel crashes, denying
service to legitimate users.
Specific information regarding affected versions of the Linux kernel
is currently unavailable. This BID will be updated as further
information is disclosed.
LINUX KERNEL SCTP_MAKE_ABORT_USER FUNCTION BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 19666
Last Updated: 2006-09-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19666
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because
it fails to properly bounds-check user-supplied data before copying
it to an insufficiently sized memory buffer.
A local attacker can exploit this issue to execute arbitrary code
and potentially compromise the affected computer.
LINUX KERNEL SEARCH_BINARY_HANDLER LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 16320
Last Updated: 2006-09-18
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16320
Summary:
Linux kernel is susceptible to a local denial-of-service
vulnerability.
This issue presents itself in the 'search_binary_handler' function
of 'exec.c'.
This issue allows local users to crash the kernel due to a panic,
denying service to legitimate users.
Linux kernel 2.4 versions on 64-bit x86 architectures prior to 2.4.33-
pre1 are affected.
LINUX KERNEL SG DRIVER DIRECT IO LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18101
Last Updated: 2006-09-18
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18101
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the SG driver.
This vulnerability allows local users to cause a kernel panic,
denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.13.
LINUX KERNEL SNMP NAT HELPER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18081
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18081
Summary:
The Linux SNMP NAT helper is susceptible to a remote denial-of-
service vulnerability.
This issue allows remote attackers to potentially corrupt memory and
ultimately trigger a denial of service for legitimate users.
Kernel versions prior to 2.6.16.18 are vulnerable to this issue.
LINUX KERNEL SENDMSG() LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 14785
Last Updated: 2006-09-18
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14785
Summary:
Linux kernel is prone to a local buffer-overflow vulnerability.
The vulnerability affects 'sendmsg()' when malformed user-supplied
data is copied from userland to kernel memory.
A successful attack can allow a local attacker to trigger an
overflow, which may lead to a denial-of-service condition due to
memory corruption. Arbitrary code execution resulting in privilege
escalation is possible as well.
LINUX KERNEL SHARED MEMORY SECURITY RESTRICTION BYPASS VULNERABILITIES
BugTraq ID: 17587
Last Updated: 2006-09-18
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17587
Summary:
The Linux kernel is prone to vulnerabilities regarding access to
shared memory.
A local attacker could potentially gain read and write access to
shared memory and write access to read-only tmpfs filesystems,
bypassing security restrictions.
An attacker can exploit these issues to possibly corrupt
applications and their data when the applications use temporary
files or shared memory.
LINUX KERNEL SSOCKADDR_IN.SIN_ZERO KERNEL MEMORY DISCLOSURE
VULNERABILITIES
BugTraq ID: 17203
Last Updated: 2006-09-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17203
Summary:
The Linux kernel is affected by local memory-disclosure
vulnerabilities. These issues are due to the kernel's failure to
properly clear previously used kernel memory before returning it to
local users.
These issues allow an attacker to read kernel memory and potentially
gather information to use in further attacks.
LINUX KERNEL SYSCTL UNREGISTRATION LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 15365
Last Updated: 2006-09-18
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15365
Summary:
Linux Kernel is reported prone to a local denial-of-service
vulnerability. This issue arises from a failure to properly
unregister kernel resources when network devices are removed.
This issue allows local attackers to deny service to legitimate
users. Attackers may also be able to execute arbitrary code in the
context of the kernel, but this has not been confirmed.
LINUX KERNEL UDF DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19562
Last Updated: 2006-09-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19562
Summary:
The Linux kernel UDF file module is prone to a denial-of-service.
An attacker can exploit this issue to crash the kernel, denying
further service to legitimate users.
LINUX KERNEL USB DRIVER DATA QUEUE LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19033
Last Updated: 2006-09-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19033
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the USB FTDI
SIO driver.
This vulnerability allows local users to consume all available
memory resources, denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.27.
LINUX KERNEL USB SUBSYSTEM LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 14955
Last Updated: 2006-09-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14955
Summary:
A local denial-of-service vulnerability affects the Linux kernel's
USB subsystem. This issue is due to the kernel's failure to
properly handle unexpected conditions when trying to handle URBs
(USB Request Blocks).
Local attackers may exploit this vulnerability to trigger a kernel
'oops' on computers where the vulnerable USB subsystem is enabled.
This would deny service to legitimate users.
LINUX KERNEL __SETLEASE LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18033
Last Updated: 2006-09-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18033
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the
'__setlease' function.
This vulnerability allows local users to leak kernel memory,
potentially resulting in a kernel panic, denying further service to
legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.16.
LINUX KERNEL DIE_IF_KERNEL LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16993
Last Updated: 2006-09-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16993
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the
'die_if_kernel()' function.
This vulnerability allows local users to panic the kernel, denying
further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.15.6 running
on Itanium systems.
LINUX ORINOCO DRIVER REMOTE INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 15085
Last Updated: 2006-09-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15085
Summary:
The Orinoco drivers for Linux kernels are susceptible to a remote
information-disclosure vulnerability. This issue is due to the
driver sending uninitialized kernel memory in small network packets.
Remote attackers may exploit this issue to access potentially
sensitive kernel memory, aiding them in further attacks.
MOZILLA FIREFOX JAVASCRIPT HANDLER RACE CONDITION MEMORY CORRUPTION
VULNERABILITY
BugTraq ID: 19488
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19488
Summary:
Mozilla Firefox is prone to a remote memory-corruption
vulnerability. This issue is due to a race condition that may result
in double-free or other memory-corruption issues.
Attackers may likely exploit this issue to execute arbitrary machine
code in the context of the vulnerable application, but this has not
been confirmed. Failed exploit attempts will likely crash the
application.
Mozilla Firefox is vulnerable to this issue. Due to code-reuse,
other Mozilla products are also likely affected.
MOZILLA FIREFOX XML HANDLER RACE CONDITION MEMORY CORRUPTION
VULNERABILITY
BugTraq ID: 19534
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19534
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability
because of a race condition that may result in double-free or other
memory-corruption issues.
Attackers may likely exploit this issue to execute arbitrary machine
code in the context of the vulnerable application, but this has not
been confirmed. Failed exploit attempts will likely crash the
application.
Mozilla Firefox is vulnerable to this issue. Due to code-reuse,
other Mozilla products are also likely affected.
It has been reported that the Flock web browser version 0.7.4.1 and
the K-Meleon web browser version 1.0.1 are also vulnerable.
MOZILLA FIREFOX/THUNDERBIRD/SEAMONKEY MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20042
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20042
Summary:
The Mozilla Foundation has released six security advisories
specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary code
- perform cross-site scripting attacks
- supply malicious data through updates
- inject arbitrary content
- execute arbitrary JavaScript
- crash affected applications and potentially execute
arbitrary code.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as more
information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.7
- Mozilla Thunderbird version 1.5.0.7
- Mozilla SeaMonkey version 1.0.5
MOZILLA MULTIPLE PRODUCTS REMOTE VULNERABILITIES
BugTraq ID: 19181
Last Updated: 2006-09-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19181
Summary:
The Mozilla Foundation has released thirteen security advisories
specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- run arbitrary script code with elevated privileges
- gain access to potentially sensitive information
- carry out cross-domain scripting attacks.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as more
information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.5
- Mozilla Thunderbird version 1.5.0.5
- Mozilla SeaMonkey version 1.0.3
MULTIPLE VENDOR AMD CPU LOCAL FPU INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 17600
Last Updated: 2006-09-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17600
Summary:
Multiple vendors' operating systems are prone to a local information-
disclosure vulnerability. This issue is due to a flaw in the
operating systems that fail to properly use AMD CPUs.
Local attackers may exploit this vulnerability to gain access to
potentially sensitive information regarding other processes
executing on affected computers. This may aid attackers in
retrieving information regarding cryptographic keys or other
sensitive information.
This issue affects Linux and FreeBSD operating systems that use
generations 7 and 8 AMD CPUs.
NETGEAR DG834GT LONG USERNAME DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19973
Last Updated: 2006-09-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19973
Summary:
The NetGear DG834GT device is prone to a denial-of-service
vulnerability because it fails to properly validate user-
supplied input.
This issue allows attackers to cause the device to stop
responding to network requests, effectively denying service to
legitimate users.
[ firmware ]
NOKIA PHONES FIRMWARE MMC LOCAL AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 20003
Last Updated: 2006-09-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20003
Summary:
Nokia Mobile Phones are prone to an authentication-bypass
vulnerability due to a design error.
Successful exploits may allow an attacker with local access to a
vulnerable mobile device to bypass the application's authentication
methods and gain full access to the affected device.
We currently have no information regarding specific details of the
affected devices. This BID will be updated when more information
becomes available.
[ firmware ]
OSU HTTP SERVER MULTIPLE INFORMATION DISCLOSURE VULNERABILITIES
BugTraq ID: 20098
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20098
Summary:
OSU (Ohio State University) HTTP server is prone to multiple information-
disclosure vulnerabilities.
This may allow a malicious user to gain access to sensitive data;
information gained may aid in further attacks.
Versions 3.11a and 3.10a are vulnerable; other versions may also
be affected.
OPENBSD ISAKMPD IPSEC REPLAY VULNERABILITY
BugTraq ID: 19712
Last Updated: 2006-09-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19712
Summary:
OpenBSD's IPsec implementation is prone to remote replay
attacks. This issue is due to the improper implementation of its
replay window.
This issue allows remote attackers to replay IPsec traffic. The
exact consequences of successful attacks depend on the nature of the
traffic being replayed. This will likely affect only higher-level
protocols such as UDP, since they don't provide their own anti-
replay features.
OPENSSL PKCS PADDING RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 19849
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to
forge an RSA signature. The attacker may be able to forge a PKCS #1
v1.5 signature when an RSA key with exponent 3 is used.
An attacker may exploit this issue to sign digital certificates or
RSA keys and take advantage of trust relationships that depend on
these credentials, possibly posing as a trusted party and signing a
certificate or key.
All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are
affected by this vulnerability. Updates are available.
OSIRIS LOGGING.C FORMAT STRING VULNERABILITY
BugTraq ID: 19213
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19213
Summary:
Osiris is prone to a format-string vulnerability because it fails to
properly sanitize user-supplied input before using it in a formatted-
printing function.
A successful exploit could allow an attacker to execute arbitrary
code or to crash the application.
Version 4.2.0 is vulnerable to this issue; other versions may also
be affected.
[ host integrity system, network based ]
RSSOWL ATOM FEED SCRIPT HTML INJECTION VULNERABILITY
BugTraq ID: 20110
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20110
Summary:
RSSOwl is prone to an HTML-injection vulnerability because the
application fails to properly sanitize user-supplied input before
using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the
context of the My Computer, potentially allowing an attacker to
steal cookie-based authentication credentials or to control how the
site is rendered to the user. Other attacks are also possible.
Versions 1.2.1 and 1.2.2 are vulnerable to this issue; other
versions may also be affected.
VERSO NETPERFORMER FRAME RELAY ACCESS DEVICE ICMP DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19990
Last Updated: 2006-09-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19990
Summary:
Verso NetPerformer Frame Relay Access Device (FRAD) is prone to a
denial-of-service vulnerability.
A remote attacker can exploit this issue to potentially crash the
affected device, denying service to legitimate users. The atttacker
may be able to terminate current TCP sessions being handled by the
device, potentially without incurring a reboot.
[ firmware ]
VERSO NETPERFORMER FRAME RELAY ACCESS DEVICE TELNET BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 19989
Last Updated: 2006-09-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19989
Summary:
Verso NetPerformer Frame Relay Access Device (FRAD) is prone to a
remotely exploitable buffer overflow in the telnet service.
A remote attacker can exploit this issue to execute arbitrary code
on the affected device. Failed exploit attempts will likely crash
the device, denying service to legitimate users.
[ firmware ]
X.ORG LIBXFONT CID FONT FILE MULTIPLE INTEGER OVERFLOW VULNERABILITIES
BugTraq ID: 19974
Last Updated: 2006-09-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19974
Summary:
The libXfont library is prone to multiple integer-overflow
vulnerabilities.
Attackers can exploit this issue to execute arbitrary code with
superuser privileges. A successful exploit will result in the
complete compromise of affected computers. Failed exploit attempts
will result in a denial of service.
X.ORG X WINDOW SERVER LIBX11 XKEYBOARD EXTENSION LOCAL BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 19905
Last Updated: 2006-09-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19905
Summary:
X.Org X Window Server libX11 library is prone to a local buffer-
overflow vulnerability because it fails to properly validate the
size of attacker-supplied data before copying it into a finite-
sized buffer.
The issue allows local attackers to execute arbitrary machine code
in the context of a user running an application that is dynamically
linked against the library. Failed exploit attempts will likely
crash the application, denying service to legitimate users.
X11R6 4.0 and prior versions are reported affected by this
vulnerability.
XINE-LIB HTTP RESPONSE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18187
Last Updated: 2006-09-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18187
Summary:
The xine-lib library is susceptible to a buffer-overflow
vulnerability. This issue is due to the software's failure to
properly bounds-check user-supplied input data before copying it to
an insufficiently sized memory buffer.
Successful exploits allow remote attackers to execute
arbitrary machine code in the context of application using the
affected library.
Versions of xine-lib greater than or equal to 1.0.1 are potentially
affected by this issue, but information on specific affected
versions is not currently available. Applications that use a
vulnerable version of the library may also be affected. Version
0.5.6 of gxine is reportedly vulnerable to this issue.
YUKIHIRO MATSUMOTO RUBY MULTIPLE SAFE LEVEL RESTRICTION BYPASS
VULNERABILITIES
BugTraq ID: 18944
Last Updated: 2006-09-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18944
Summary:
Ruby is prone to multiple vulnerabilities that let attackers bypass
SAFE-level restrictions.
These issues allow attackers to bypass the expected SAFE-level
restrictions, possibly allowing them to execute unauthorized script
code in the context of affected applications. The specific impact of
these issues depends on the implementation of scripts that use SAFE-
level security checks.
ZOPE CSV_TABLE INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 20022
Last Updated: 2006-09-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20022
Summary:
Zope is prone to an information-disclosure vulnerability because the
application fails to properly secure potentially sensitive
information.
A remote attacker can exploit this issue to retrieve potentially
sensitive information that may aid the attacker in further attacks.
More information about the gull-annonces
mailing list