[gull-annonces] Résumé SecurityFocus #389-393

Marc SCHAEFER schaefer at alphanet.ch
Wed Apr 25 09:15:56 CEST 2007


AMAROK MAGNATURE SHELL COMMAND INJECTION VULNERABILITY
BugTraq ID: 22568
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22568
Summary:
  Amarok Magnature is prone to a shell command-injection
  vulnerability.

  Commands executed through this vulnerability could permit an
  attacker to gain access to a vulnerable system.

APACHE HTTP SERVER TOMCAT DIRECTORY TRAVERSAL VULNERABILITY
BugTraq ID: 22960
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22960
Summary:
  Apache HTTP servers running with the Tomcat servlet container are
  prone to a directory-traversal vulnerability because it fails to
  sufficiently sanitize user-supplied input data.

  Exploiting this issue allows attackers to access arbitrary files in
  the Tomcat webroot. This can expose sensitive information that could
  aid in further attacks.

  Versions in the 5.0 series prior to 5.5.22 and versions in the 6.0
  series prior to 6.0.10 are vulnerable.

APACHE TOMCAT MOD_JK.SO ARBITRARY CODE EXECUTION VULNERABILITY
BugTraq ID: 22791
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22791
Summary:
  Apache Tomcat is prone to a vulnerability that will allow remote
  attackers to execute arbitrary code on an affected computer. A
  successful attack may result in a complete compromise.

APACHE MOD_PYTHON OUTPUT FILTER MODE INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 22849
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22849
Summary:
  The Apache mod_python module is prone to an information-disclosure
  vulnerability because of a design error in the affected application.

  An attacker can exploit this issue to gain access to sensitive
  information that may lead to further attacks.

ASTERISK CHAN_SIP.C UNSPECIFIED REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20835
Last Updated: 2007-03-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20835
Summary:
  Asterisk is prone to a remote denial-of-service vulnerability.

  Exploiting this issue allows remote attackers to consume excessive
  system resources until the software becomes unresponsive to further
  calls, effectively denying service to legitimate users.

  Asterisk versions prior to 1.2.13 and to 1.4.0-beta3 are vulnerable
  to this issue.

ASTERISK SIP CHANNEL DRIVER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22838
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22838
Summary:
  Asterisk is prone to a remote denial-of-service vulnerability.

  Exploiting this issue allows remote attackers to cause the
  application to crash, effectively denying service to
  legitimate users.

  Asterisk versions prior to 1.2.16 and 1.4.1 are vulnerable to
  this issue.

ASTERISK SIP INVITE MESSAGE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23031
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23031
Summary:
  Asterisk is prone to a remote denial-of-service vulnerability.

  Exploiting this issue allows remote attackers to cause the
  application to crash, effectively denying service to
  legitimate users.

CAPI4HYLAFAX REMOTE ARBITRARY COMMAND EXECUTION VULNERABILITY
BugTraq ID: 19801
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19801
Summary:
  CAP4Hylafax is prone to an arbitrary command-execution
  vulnerability.

  An attacker can exploit this vulnerability to execute arbitrary
  commands in the context of the affected application.

CHM LIB MULTIPLE UNSPECIFIED BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 22258
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22258
Summary:
  CHM Lib is prone to multiple buffer-overflow vulnerabilities because
  it fails to properly bounds-check user-supplied input prior to
  copying it to insufficiently sized memory buffers.

  Successfully exploiting these issues may allow remote attackers to
  execute arbitrary machine code in the context of users running
  applications that uses the affected library.

  Versions prior to 0.39 are vulnerable to these issues.

CPIO FILENAME DIRECTORY TRAVERSAL VULNERABILITY
BugTraq ID: 13291
Last Updated: 2007-03-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13291
Summary:
  The cpio utility is prone to a directory-traversal vulnerability.
  The issue occurs when cpio is invoked on a malicious archive.

  An archive containing an absolute path for a filename that contains
  '/' characters results in the file getting written using the
  absolute path contained in the filename.

  A remote attacker may leverage this issue using a malicious archive
  to corrupt arbitrary files with the privileges of the user that is
  running the vulnerable software.

CISCO 7940/7960 PHONE SIP INVITE REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 23047
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23047
Summary:
  Cisco 7940/7960 phones are prone to a remote denial-of-service
  vulnerability.

  Exploiting this issue allows remote attackers to cause the device to
  reboot, effectively denying service to legitimate users.

[ firmware ]

CISCO MULTIPLE PRODUCTS MULTIPLE REMOTE DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 22561
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22561
Summary:
  Multiple Cisco products are prone to multiple denial-of-service
  vulnerabilities.

  Attackers can exploit these issues to cause vulnerable devices to
  reload, potentially causing denial-of-service conditions.

[ firmware ]

CLAM ANTI-VIRUS CLAMAV MAC OS X COMMAND EXECUTION VULNERABILITY
BugTraq ID: 13795
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13795
Summary:
  Clam Anti-Virus ClamAV running on Mac OS X is affected by a command-
  execution vulnerability.

  Reportedly, when the application handles a suspected infected file,
  it cannot be removed. The application may attempt to copy the file
  to another location using the Mac OS X 'ditto' utility. Since the
  'ditto' utility is called in an insecure manner and since the
  responsible function fails to sanitize the filename, an attacker can
  include arbitrary commands in the filename that will be executed in
  the context of ClamAV.

  An attacker can exploit this issue to gain unauthorized access to an
  affected computer. Note that exploitation is possible only when a
  malicious file is copied.

  ClamAV versions 0.80rc4 to 0.84rc2 are affected by this issue.

CLAM ANTI-VIRUS CLAMAV UNSPECIFIED QUANTUM DECOMPRESSOR DENIAL OF
SERVICE VULNERABILITY
BugTraq ID: 14058
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14058
Summary:
  ClamAV is prone to a denial-of-service vulnerability. The issue
  resides in the Quantum decompressor; the exact cause is not known.

  Presumably, a remote attacker may exploit this condition using a
  malicious file to crash a target ClamAV server.

CLAMAV CAB FILE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22580
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22580
Summary:
  ClamAV is prone to a denial-of-service vulnerability.

  An attacker can exploit this vulnerability to prevent the software
  from scanning certain types of data. When it encounters the data,
  the application will reject it. This can result in denial-of-service
  conditions.

  Versions prior to 0.90 stable are vulnerable.

CLAMAV MIME HEADER ID PARAMETER STRING DIRECTORY TRAVERSAL
VULNERABILITY
BugTraq ID: 22581
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22581
Summary:
  ClamAV is prone to a directory-traversal vulnerability because it
  fails to properly sanitize user-supplied input.

  An attacker can exploit this vulnerability to create or overwrite
  arbitrary files on vulnerable computers in the context of the
  affected application. This may aid in further attacks.

  This issue affects ClamAV versions prior to the 0.90 stable release.

D-BUS SESSION BUS LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 12435
Last Updated: 2007-03-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/12435
Summary:
  A local privilege-escalation vulnerability affects D-BUS because it
  fails to properly secure message-bus sessions.

  An attacker may leverage this issue to send messages to the message
  bus of an unsuspecting user. This may facilitate command execution
  with the privileges of the unsuspecting user, ultimately leading to
  privilege escalation.

EKIGA GM_MAIN_WINDOW_FLASH_MESSAGE REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 22613
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22613
Summary:
  Ekiga is prone to a remote format-string vulnerability because the
  application fails to properly sanitize user-supplied input before
  including it in the format-specifier argument of a formatted-
  printing function.

  A remote attacker may execute arbitrary code with the privileges of
  the currently logged in user. Failed exploit attempts will result in
  a denial-of-service.

  This issue affects versions prior to 2.0.5.

ETHEREAL MULTIPLE REMOTE PROTOCOL DISSECTOR VULNERABILITIES
BugTraq ID: 13504
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13504
Summary:
  Many vulnerabilities in Ethereal have been disclosed by the vendor.
  The reported issues are in various protocol dissectors.

  These issues include:

  - Buffer-overflow vulnerabilities
  - Format-string vulnerabilities
  - NULL-pointer dereference denial-of-service vulnerabilities
  - Segmentation fault denial-of-service vulnerabilities
  - Infinite-loop denial-of-service vulnerabilities
  - Memory exhaustion denial-of-service vulnerabilities
  - Double-free vulnerabilities
  - Unspecified denial-of-service vulnerabilities

  These issues could allow remote attackers to execute arbitrary
  machine code in the context of the vulnerable application. Attackers
  could also crash the affected application.

  Various vulnerabilities affect several versions of Ethereal, from
  0.8.14 through to 0.10.10.

  This BID will be split into individual BIDs for each separate issue.

  BID 13567 has been created for the DISTCC issue.

FETCHMAIL MISSING EMAIL HEADER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15987
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15987
Summary:
  Fetchmail is affected by a remote denial-of-service vulnerability.
  This issue is due to the application's failure to handle unexpected
  input. This issue occurs only when Fetchmail is configured in
  'multidrop' mode.

FETCHMAIL MULTIPLE PASSWORD INFORMATION DISCLOSURE VULNERABILITIES
BugTraq ID: 21903
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21903
Summary:
  Fetchmail is prone to multiple information-disclosure
  vulnerabilities because the application discloses information about
  user passwords.

  An attacker can exploit these issue to access sensitive information
  that may aid the attacker in other attacks.

  These issues affect versions prior to 6.3.6-rc4

FETCHMAIL REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21902
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21902
Summary:
  Fetchmail is prone to a denial-of-service vulnerability because the
  application fails to handle exceptional conditions.

  An attacker can exploit this issue to crash the affected
  application, denying service to legitimate users.

FILE(1) COMMAND FILE_PRINTF INTEGER UNDERFLOW VULNERABILITY
BugTraq ID: 23021
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23021
Summary:
  The file(1) command is prone to an integer-underflow vulnerability
  because the command fails to adequately handle user-supplied data.

  An attacker can leverage this issue to corrupt heap memory and
  execute arbitrary code with the privileges of a user running the
  command. A successful attack may result in the compromise of
  affected computers. Failed attempts will likely cause denial-of-
  service conditions.

  Versions prior to 4.20 are vulnerable.

GD GRAPHICS LIBRARY JIS-ENCODED FONT BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22289
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22289
Summary:
  The GD graphics library is prone to a buffer-overflow vulnerability.

  An attacker can exploit this issue to cause denial-of-service
  conditions in applications implementing the affected library.
  Arbitrary code execution may also be possible; this has not been
  confirmed.

GD GRAPHICS LIBRARY MULTIPLE UNSPECIFIED REMOTE BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 11663
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11663
Summary:
  Multiple unspecified remote buffer-overflow vulnerabilities have
  been identified in the GD Graphics Library. These issues are due to
  the library's failure to do sufficient bounds-checking before
  processing user-specified strings.

  An attacker may leverage these issues to remotely execute arbitrary
  code on a computer with the privileges of a user that views a
  malicious image file. This may facilitate unauthorized access or
  privilege escalation.

GD GRAPHICS LIBRARY REMOTE INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 11523
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11523
Summary:
  The GD Graphics Library (gdlib) is affected by an integer overflow
  that facilitates a heap overflow. This issue is due to the library's
  failure to do proper sanity checking on size values contained within
  image-format files.

  An attacker may leverage this issue to manipulate process heap
  memory, potentially leading to code execution and compromise of the
  computer running the affected library.

GDB MULTIPLE VULNERABILITIES
BugTraq ID: 13697
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13697
Summary:
  GDB is reportedly affected by multiple vulnerabilities. These issues
  can allow an attacker to execute arbitrary code and commands on an
  affected computer. A successful attack may allow the attacker to
  gain elevated privileges or unauthorized access.

  The following specific issues were identified:

  - a remote heap-overflow vulnerability when loading malformed
    object files.
  - a local privilege-escalation vulnerability.

  GDB 6.3 is reportedly affected by these issues; other versions are
  likely vulnerable as well. GNU binutils 2.14 and 2.15 are affected
  by the heap-overflow issue as well.

GNU FILEUTILS DIRECTORY REMOVAL RACE CONDITION VULNERABILITY
BugTraq ID: 4266
Last Updated: 2007-03-07
Remote: No
Relevant URL: http://www.securityfocus.com/bid/4266
Summary:
  GNU fileutils is a freely available, open-source file manager. It is
  designed for use on Linux and other UNIX-like operating systems.

  Under some circumstances, a local user may be able to remove the
  root directory of the system. Due to inadequate file locking and an
  insecure 'chdir' call, an attacker could move files from the '/tmp'
  directory into the root directory. The problem occurs with a
  directory tree that has several single subdirectories in '/tmp' when
  the root user tries to remove the directories recursively. If the
  root user tries to recursively remove the directory tree from '/tmp'
  and if the directory tree is writable by another user, then the user
  could move a high-level directory into '/tmp' after the 'rm' program
  has descended the tree. The 'rm' program would then ascend from the
  '/tmp' directory to the root directory, recursively removing the
  contents of the root directory.

GNU GZIP ARCHIVE HANDLING MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20101
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20101
Summary:
  The gzip utility is prone to multiple remote buffer-overflow and denial-of-
  service vulnerabilities when handling malicious archive files.

  Successful exploits may allow a remote attacker to corrupt process
  memory by triggering an overflow condition. This may lead to
  arbitrary code execution in the context of an affected user and may
  facilitate a remote compromise. Attackers may also trigger denial-of-
  service conditions by crashing or hanging the application.

  Specific information regarding affected versions of gzip is
  currently unavailable. This BID will be updated as more information
  is released.

GNU TAR GNUTYPE_NAMES REMOTE DIRECTORY TRAVERSAL VULNERABILITY
BugTraq ID: 21235
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21235
Summary:
  GNU Tar is prone to a vulnerability that may allow an attacker to
  place files and overwrite files in arbitrary locations on a
  vulnerable computer. These issues present themselves when the
  application processes malicious archives.

  A successful attack can allow the attacker to place potentially
  malicious files and overwrite files on a computer in the context of
  the user running the affected application. Successful exploits may
  aid in further attacks.

GNU TAR INVALID HEADERS BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 16764
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16764
Summary:
  GNU Tar is prone to a buffer overflow when handling invalid headers.
  Successful exploitation could potentially lead to arbitrary code
  execution, but this has not been confirmed.

  Tar versions 1.14 and above are vulnerable.

GNUPG MAKE_PRINTABLE_STRING REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21306
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21306
Summary:
  GnuPG is prone to a remote buffer-overflow vulnerability because it
  fails to properly bounds-check user-supplied input before copying it
  to an insufficiently sized memory buffer.

  Exploiting this issue may allow remote attackers to execute
  arbitrary machine code in the context of the affected application,
  but this has not been confirmed.

  GnuPG versions 1.4.5 and 2.0.0 are vulnerable to this issue;
  previous versions may also be affected.

GNUPG OPENPGP PACKET PROCESSING FUNCTION POINTER OVERWRITE
VULNERABILITY
BugTraq ID: 21462
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21462
Summary:
  GnuPG is prone to a vulnerability that could permit an attacker to
  overwrite a function pointer.

  This issue occurs because of a design error when dealing with
  OpenPGP packets. Attackers may exploit this issue to execute
  arbitrary code.

  Successful exploits may result in the remote compromise of computers
  using the vulnerable application.

GNUPG PARSE_COMMENT REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19110
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19110
Summary:
  GnuPG is prone to a remote buffer-overflow vulnerability because it
  fails to properly bounds-check user-supplied input before copying it
  to an insufficiently sized memory buffer.

  This issue may allow remote attackers to execute arbitrary machine
  code in the context of the affected application, but this has not
  been confirmed.

  GnuPG version 1.4.4 is vulnerable to this issue; previous versions
  may also be affected.

GNUPG PARSE_USER_ID REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18554
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18554
Summary:
  GnuPG is prone to a remote buffer-overflow vulnerability because it
  fails to properly bounds-check user-supplied input before copying it
  to an insufficiently sized memory buffer.

  This issue may allow remote attackers to execute arbitrary machine
  code in the context of the affected application, but this has not
  been confirmed.

  GnuPG versions 1.4.3 and 1.9.20 are vulnerable to this issue;
  previous versions may also be affected.

GNUPG SIGNED MESSAGE ARBITRARY CONTENT INJECTION WEAKNESS
BugTraq ID: 22757
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22757
Summary:
  GnuPG is prone to a weakness that may allow an attacker to add
  arbitrary content into a message without the end user knowing.

  An attacker may be able to exploit this issue in applications
  using GnuPG to add arbitrary content into a signed and/or
  encrypted message.

  Exploiting this issue depends on the individual application's use of
  GnuPG. Individual records will be created detailing this issue in
  affected applications.

GRAPHICSMAGICK PALM DCM BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 20707
Last Updated: 2007-03-08
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20707
Summary:
  GraphicsMagick is prone to multiple buffer-overflow vulnerabilities
  because it fails to perform adequate boundary checks on user-
  supplied data before copying it to insufficiently sized buffers.

  Successful exploits may allow an attacker to execute arbitrary
  machine code to compromise an affected computer or to cause denial-of-
  service conditions.

  GraphicsMagick 1.1.7 and prior versions are vulnerable.

ISC BIND REMOTE DNSSEC VALIDATION DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22231
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22231
Summary:
  ISC BIND is prone to a remote denial-of-service vulnerability
  because the application fails to properly handle malformed DNSSEC
  validation requests.

  Successfully exploiting this issue allows remote attackers to crash
  affected DNS servers, denying further service to legitimate users.

ISC BIND REMOTE FETCH CONTEXT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22229
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22229
Summary:
  ISC BIND is prone to a remote denial-of-service vulnerability
  because the application fails to properly handle unexpected
  DNS requests.

  Successfully exploiting this issue allows remote attackers to crash
  affected DNS servers, denying further service to legitimate users.

IMAGEMAGICK AND GRAPHICSMAGICK XWD DECODER DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 13705
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13705
Summary:
  A remote, client-side denial-of-service vulnerability affects
  ImageMagick and GraphicsMagick because the applications fail to
  handle malformed XWD image files.

  A remote attacker may leverage this issue to cause the affected
  software to enter into an infinite loop, consuming CPU resources on
  the affected computer and denying service to legitimate users.

IMAGEMAGICK PNM IMAGE DECODING REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 13351
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13351
Summary:
  A remotely exploitable client-side buffer-overflow vulnerability
  affects ImageMagick. This issue occurs because the application fails
  to properly validate the length of user-supplied strings before
  copying them into static process buffers.

  An attacker may exploit this issue to cause the affected application
  to crash, potentially destroying unsaved data, ultimately denying
  service to legitimate users.

KDE / KONQUEROR EMBEDDED COMMON NAME CERTIFICATE VALIDATION
VULNERABILITY
BugTraq ID: 7520
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/7520
Summary:
  Konqueror Embedded web browser does not correctly validate that
  Common Name (CN) field for X.509 certificates when a SSL/TLS session
  is negotiated. The browser is not able to detect cases where the CN
  does not match the hostname of the server. This could lead to a
  variety of attacks, including the possibility of allowing a
  malicious server to masquerade as a trusted server.

  The non-embedded Konqueror distribution is reportedly not affected
  by this issue.

KDE DCOPSERVER LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 12820
Last Updated: 2007-02-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/12820
Summary:
  KDE's Desktop Communication Protocol (DCOP) daemon is affected by a
  local denial-of-service vulnerability.

  Reportedly, a user's DCOPServer can be locked up by causing the
  authentication process to stall.

  All versions of KDE prior to 3.4 are affected by this issue.

  This BID will be updated when more information is available.

KDE KONQUEROR KHTML LIBRARY TITLE CROSS SITE SCRIPTING VULNERABILITY
BugTraq ID: 22428
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22428
Summary:
  Konquerer is prone to a cross-site scripting vulnerability because
  the application fails to sufficiently sanitize user-supplied data.

  Exploiting this issue may help the attacker steal cookie-based
  authentication credentials and launch other attacks.

  All versions of KDE up to and including KDE 3.5.6 are vulnerable
  to this issue. Apple Safari web browser is also vulnerable to
  this issue.

KDE PCX IMAGE FILE HANDLING BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 13096
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13096
Summary:
  KDE is reported prone to a buffer-overflow vulnerability when
  handling PCX image files because the 'kimgio' image library fails to
  properly validate PCX image data.

  This vulnerability was reported to reside in PCX image-handling
  routines, but the vendor has patched other image handlers, which
  may mean that other image formats may also be affected by
  similar problems.

  Attackers may exploit this vulnerability to crash applications using
  the affected library or possibly to execute arbitrary machine code
  in the context of the affected application.

KOFFICE PPT FILES INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 21354
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21354
Summary:
  KOffice is prone to an integer-overflow vulnerability because it
  fails to properly validate user-supplied data.

  An attacker can exploit this vulnerability to execute arbitrary code
  in the context of the application. Failed exploit attempts will
  likely cause denial-of-service conditions.

  KOffice versions prior to 1.6.1 are affected.

KTORRENT MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 22930
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22930
Summary:
  KTorrent is prone to multiple remote vulnerabilities, including a
  directory-traversal vulnerability and an unspecified vulnerability
  when processing messages with invalid chunk indexes.

  Very little information is known about one of these issues. This BID
  will be updated as soon as more information becomes available.

  An attacker can exploit the directory-traversal issue to overwrite
  arbitrary files on the user's system. Presumably, the unspecified
  vulnerability when processing messages with invalid chunk indexes
  will allow attackers to execute arbitrary code or to cause a denial
  of service, but this has not been confirmed.

  Versions prior to 2.1.2 are vulnerable to these issues.

LEDGERSMB/SQL-LEDGER LOGIN PARAMETER LOCAL FILE INCLUDE AND
AUTHENTICATION BYPASS VULNERABILITIES
BugTraq ID: 23034
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23034
Summary:
  LedgerSMB/SQL-Ledger are prone to a local file-include vulnerability
  because the application fails to sufficiently sanitize user-supplied
  input. SQL-Ledger is also prone to an authentication-bypass
  vulnerability.

  A successful exploit would allow an attacker to view files and
  execute arbitrary local scripts within the context of the webserver
  and potentially gain unauthorized access to the affected
  application.

  Note that the authentication-bypass issue affects only SQL-Ledger.

  These issues affect LedgerSMB prior to 1.1.10 and SQL-Ledger prior
  to 2.6.27.

[ Compta en Perl + PostgreSQL ]

LIBTIFF TIFFOPEN BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 13585
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13585
Summary:
  LibTIFF is prone to a buffer-overflow vulnerability. The issue
  occurs in the 'TIFFOpen()' function when malformed TIFF files are
  opened. Successful exploitation could lead to arbitrary code
  execution.

LIBVNCSERVER REMOTE AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 18977
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18977
Summary:
  LibVNCServer is prone to an authentication-bypass vulnerability.
  This issue is due to a flaw in the authentication process of the
  affected package.

  Exploiting this issue may allow attackers to gain unauthenticated,
  remote access to the VNC servers.

  All versions of LibVNCServer are considered vulnerable to this
  issue.

  Reports indicate that this issue is similar to the issue described
  in BID 17978 (RealVNC Remote Authentication Bypass Vulnerability).
  Note that since LibVNCServer and RealVNC do not share code, this
  issue is being assigned a separate BID.

LIBWPD LIBRARY MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 23006
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23006
Summary:
  The libwpd library is prone to multiple buffer-overflow
  vulnerabilities because it fails to adequately check boundaries on
  user-supplied input.

  A successful exploit could let a remote attacker execute arbitrary
  code in the context of an application using the affected library.

  Version 0.8.7 is vulnerable; other versions prior to 0.8.9 may also
  be affected.

LIBEVENT DNS PARSING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22606
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22606
Summary:
  Libevent is prone to a denial-of-service vulnerability.

  A remote attacker may exploit this issue to cause the application to
  crash, denying further service to legitimate users.

  Versions 1.2 to 1.2a are vulnerable to this issue.

LIBMIKMOD XCOM HANDLER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19134
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19134
Summary:
  A buffer-overflow vulnerability occurs in the libmikmod library.
  This issue is due to the software's failure to properly bounds-check
  user-supplied input before copying it to an insufficiently sized
  memory buffer.

  This issue may allow attackers to execute arbitrary machine code in
  the context of the affected application, which may facilitate the
  remote compromise of affected computers.

  Versions 3.2.2 and prior are vulnerable; versions 2.x (which do not
  support the GT2 file format) are not vulnerable.

LINUX KERNEL AIO_SETUP_RING LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22193
Last Updated: 2007-02-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22193
Summary:
  The Linux kernel is prone to a local denial-of-service vulnerability
  because the kernel fails to properly initialize a variable.

  Exploiting this issue allows local attackers to cause kernel
  crashes, denying service to legitimate users.

LINUX KERNEL ATM SKBUFF DEREFERENCE REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20363
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20363
Summary:
  The Linux kernel is prone to a remote denial-of-service
  vulnerability.

  This issue is triggered when the kernel processes incoming ATM data.

  Exploiting this vulnerability may allow remote attackers to crash
  the affected kernel, resulting in denial-of-service conditions.

  This issue affects only systems that have ATM hardware and are
  configured for ATM kernel support.

  Kernel versions from 2.6.0 up to and including 2.6.17 are vulnerable
  to this issue.

LINUX KERNEL AUDIT SUBSYSTEMS LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22737
Last Updated: 2007-03-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22737
Summary:
  The Linux Kernel is prone to a denial-of-service vulnerability.

  A local attacker can exploit this issue to crash the kernel.

  Linux kernel versions 2.6.x are vulnerable to this issue.

LINUX KERNEL BINFMT_ELF PT_INTERP LOCAL INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 22903
Last Updated: 2007-03-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22903
Summary:
  The Linux kernel is prone to a vulnerability in the Linux ELF binary
  loader. Exploiting this issue can allow local attackers to gain
  access to privileged information.

  An attacker may be able to obtain sensitive data that can
  potentially be used to gain elevated privileges.

  This issue is a variant of the vulnerability assigned CVE candidate
  ID CAN-2004-1073, which is documented in BID 11646.

  Linux Kernel versions in the 2.6.0 branch prior to 2.6.20 are
  vulnerable; versions in the 2.4.0 branch may also be affected.

LINUX KERNEL BLUETOOTH CAPI PACKET REMOTE BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 21604
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21604
Summary:
  The Linux kernel is prone to a remote buffer-overflow vulnerability
  because the kernel fails to bounds-check user-supplied data before
  copying it into an insufficiently sized buffer.

  An attacker may exploit this issue to execute arbitrary code with
  kernel-level privileges, facilitating the complete compromise of
  affected computers. Failed exploit attempts will result in denial-of-
  service conditions.

  Versions prior to 2.4.33.5 are vulnerable to this issue.

LINUX KERNEL CD-ROM DRIVER LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18847
Last Updated: 2007-02-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18847
Summary:
  The Linux kernel is prone to a local buffer-overflow vulnerability
  because it fails to properly bounds-check user-supplied input before
  using it in a memory copy operation.

  This issue allows local attackers to overwrite kernel memory with
  arbitrary data, potentially allowing them to execute malicious
  machine code in the context of affected kernels. This vulnerability
  facilitates the complete compromise of affected computers.

  Linux kernel version 2.6.17.3 and prior are affected by this issue.

LINUX KERNEL DEV_QUEUE_XMIT LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22317
Last Updated: 2007-02-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22317
Summary:
  The Linux Kernel is prone to a denial-of-service vulnerability.

  A local attacker can exploit this issue to corrupt data and cause
  the kernel to become unresponsive, denying further service to
  legitimate users.

LINUX KERNEL ELF CORE DUMP LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 13589
Last Updated: 2007-03-07
Remote: No
Relevant URL: http://www.securityfocus.com/bid/13589
Summary:
  The Linux kernel is susceptible to a local buffer-overflow
  vulnerability when attempting to create ELF coredumps. This issue is
  due to an integer-overflow flaw that results in a kernel buffer
  overflow during a 'copy_from_user()' call.

  To exploit this vulnerability, a malicious user creates a malicious
  ELF executable designed to create a negative 'len' variable in
  'elf_core_dump()'.

  Local users may exploit this vulnerability to execute arbitrary
  machine code in the context of the kernel, facilitating privilege
  escalation.

  **Update: This vulnerability does not exist in the 2.6 kernel tree.

LINUX KERNEL FS/BUFFER.C LOCAL INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 21522
Last Updated: 2007-02-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21522
Summary:
  The Linux kernel is prone to a local information-disclosure
  vulnerability because the kernel fails to properly clear kernel
  memory after certain errors.

  Successfully exploiting this issue allows local attackers to gain
  access to potentially sensitive information contained in kernel
  memory, aiding them in further attacks.

  Linux kernel versions prior to 2.6.13 are vulnerable to this issue.

LINUX KERNEL GET_FDB_ENTRIES BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21353
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21353
Summary:
  The Linux kernel is prone to a buffer-overflow vulnerability because
  it fails to properly bounds-check user-supplied data before copying
  it to an insufficiently sized memory buffer.

  Attackers may potentially exploit this issue to execute arbitrary
  code within the context of the affected kernel, but this has not
  been confirmed. Successfully exploiting this issue would cause the
  complete compromise of the affected computer.

  Little information is currently known about this vulnerability.
  Since the affected function is in the network-bridging code, remote
  attacks may be possible.

LINUX KERNEL IPV6 SEQFILE HANDLING LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20847
Last Updated: 2007-02-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20847
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability. This issue is due to a design error in the way
  seqfiles are handled in the kernel.

  This vulnerability allows local users to cause an infinite
  loop, resulting in a crash and denying further service to
  legitimate users.

  This issue affects the Linux kernel 2.6 series up to 2.6.18-stable.

LINUX KERNEL IPV6_GETSOCKOPT_STICKY MEMORY LEAK INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 22904
Last Updated: 2007-03-13
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22904
Summary:
  Linux Kernel is prone to an information-disclosure vulnerability
  because it fails to handle unexpected user-supplied input.

  Successful exploits will allow attackers to obtain portions of
  kernel memory. Information harvested may be used in further attacks.

  Kernel versions 2.6.0 up to 2.6.20.1 are vulnerable to this issue.

LINUX KERNEL ISDN PPP CCP RESET STATE TIMER DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21883
Last Updated: 2007-03-16
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21883
Summary:
  The Linux kernel is prone to a denial-of-service vulnerability
  because it fails to handle exceptional conditions.

  An attacker can exploit this issue to crash the affected kernel,
  denying service to legitimate users.

LINUX KERNEL ISDN PPP REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21835
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21835
Summary:
  The Linux kernel is prone to a denial-of-service vulnerability.

  An attacker can exploit this issue to cause an affected kernel to
  crash, effectively denying service to legitimate users.

  Versions prior to 2.4.34 are vulnerable to this issue.

LINUX KERNEL ISO9660 DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20920
Last Updated: 2007-02-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20920
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability. This issue affects the code that handles the ISO9660
  filesystem.

  An attacker can exploit this issue to crash the affected computer,
  denying service to legitimate users.

LINUX KERNEL KEY_ALLOC_SERIAL() LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22539
Last Updated: 2007-03-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22539
Summary:
  The Linux Kernel is prone to a denial-of-service vulnerability.

  A successful attack can allow local attackers to trigger a crash and
  deny service to legitimate users.

  Kernel versions 2.6.x are vulnerable.

LINUX KERNEL LISTXATTR LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22316
Last Updated: 2007-03-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22316
Summary:
  The Linux Kernel is prone to a denial-of-service vulnerability.

  Successful exploits will result in denial-of-service conditions or
  potentially privilege escalation.

LINUX KERNEL MINCORE USER SPACE ACCESS LOCKING LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21663
Last Updated: 2007-03-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21663
Summary:
  The Linux Kernel is prone to a denial-of-service vulnerability due
  to a design error.

  A local attacker can exploit this issue to cause the kernel to
  become unresponsive, denying further service to legitimate users.

  Linux Kernel versions prior to 2.4.33.6 are vulnerable.

LINUX KERNEL NFSACL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22625
Last Updated: 2007-03-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22625
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability.

  An attacker can exploit this issue to crash the affected computer,
  denying service to legitimate users.

  This issue affects the Linux kernel 2.6 series up to 2.6.20.

LINUX KERNEL NETFILTER NFNETLINK_LOG MULTIPLE NULL POINTER DEREFERENCE
VULNERABILITIES
BugTraq ID: 22946
Last Updated: 2007-03-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22946
Summary:
  The Linux kernel is prone to multiple NULL-pointer dereference
  vulnerabilities.

  A local attacker can exploit these issues to crash the affected
  kernel, denying service to legitimate users.

LINUX KERNEL S/390 COPY_FROM_USER LOCAL INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 20379
Last Updated: 2007-02-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20379
Summary:
  The Linux kernel is prone to a local information-disclosure
  vulnerability on the S/390 architecture because the kernel fails
  to properly initialize kernel memory before returning it to user-
  space programs.

  Successfully exploiting this issue allows local attackers to gain
  access to potentially sensitive information contained in kernel
  memory, aiding them in further attacks.

  Linux kernel versions prior to 2.6.19-rc1 on the S/390 architecture
  are vulnerable to this issue.

LINUX KERNEL SUBTHREAD EXEC LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 14054
Last Updated: 2007-03-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14054
Summary:
  The Linux kernel is prone to a local denial-of-service vulnerability
  that occurs when a call to 'exec()' is made for a subthread that has
  a timer pending.

  A local attacker may exploit this issue to crash the kernel,
  effectively denying service for legitimate users.

LINUX KERNEL USB DRIVER DATA QUEUE LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19033
Last Updated: 2007-03-16
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19033
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability. This issue is due to a design error in the USB FTDI
  SIO driver.

  This vulnerability allows local users to consume all available
  memory resources, denying further service to legitimate users.

  This issue affects Linux kernel versions prior to 2.6.16.27.

LINUX SECURITY AUDITING TOOL INSECURE TEMPORARY FILE CREATION
VULNERABILITY
BugTraq ID: 23014
Last Updated: 2007-03-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23014
Summary:
  The Linux Security Auditing Tool creates temporary files in an
  insecure manner.

  An attacker with local access could potentially exploit this issue
  to perform symlink attacks, overwriting arbitrary files in the
  context of the affected application.

  Successfully mounting a symlink attack may allow the attacker to
  overwrite or corrupt sensitive files, which may result in a denial
  of service. Other attacks may also be possible.

  Version 0.9.2 is vulnerable to this issue; other versions may also
  be affected.

LINUX-PAM PAM_UNIX.SO AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 22204
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22204
Summary:
  Linux-PAM is prone to an authentication-bypass vulnerability because
  it fails to effectively verify user passwords during the
  authentication process.

  Exploiting this issue could allow an attacker to gain unauthorized
  access to an affected computer.

  Version 0.99.7.0 is vulnerable.

LOOKUP INSECURE TEMPORARY FILE CREATION VULNERABILITY
BugTraq ID: 23026
Last Updated: 2007-03-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23026
Summary:
  Lookup creates temporary files in an insecure manner.

  An attacker with local access could potentially exploit this issue
  to perform symlink attacks, overwriting arbitrary files in the
  context of the affected application.

  Successfully exploiting a symlink attack may allow the attacker to
  overwrite or corrupt sensitive files. This may result in a denial of
  service; other attacks may also be possible.

  Lookup version 1.4 is vulnerable to this issue; other versions may
  also be affected.

[ interactive utility to search text files quickly ]

MPLAYER DMO FILE PARSING BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22771
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22771
Summary:
  MPlayer is susceptible to a buffer-overflow vulnerability when it
  attempts to process malformed video files. This issue occurs
  because the application fails to perform proper bounds-checking on
  user-supplied data before copying it to an insufficiently sized
  memory buffer.

  An attacker may exploit this issue to execute arbitrary code with
  the privileges of the user that activated the vulnerable
  application. This may facilitate unauthorized access or privilege
  escalation.

  MPlayer version 1.0rc1 is vulnerable to this issue; previous
  versions may also be affected.

MOD_SECURITY ASCIIZ BYTE POST BYPASS VULNERABILITY
BugTraq ID: 22831
Last Updated: 2007-03-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22831
Summary:
  Mod_Security is prone to a POST-parsing-bypass vulnerability.
  Successful attacks could allow an attacker to bypass mod_security
  restrictions and successfully submit malicious input to mod_security-
  protected sites.

  The issue derives from a difference in the way the mod_security HTTP
  request parser and protected backend web-scripting languages process
  incoming data following ASCIIZ bytes.

  This issue is reported to affect all iterations of mod_security
  below 2.1.0.

MOZILLA FIREFOX 2 PASSWORD MANAGER CROSS-SITE INFORMATION
DISCLOSURE WEAKNESS
BugTraq ID: 21240
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21240
Summary:
  Mozilla Firefox is reportedly prone to an information-disclosure
  weakness because it fails to properly notify users of the
  automatic population of form fields in disparate URLs deriving
  from the same domain.

  Exploiting this issue may allow attackers to obtain user credentials
  that have been saved in forms deriving from the same website where
  attack code resides. The most common manifestation of this condition
  would typically be in blogs or forums. This may allow attackers to
  access potentially sensitive information that would facilitate the
  success of phishing attacks.

  Initial reports and preliminary testing indicate that this issue
  affects only Firefox 2.

MOZILLA FIREFOX ABOUT:BLANK SPOOF VULNERABILITY
BugTraq ID: 22601
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22601
Summary:
  Mozilla Firefox is prone to a vulnerability that may allow attackers
  to spoof browser windows. This occurs because of a flaw in the
  security model of the application's JavaScript engine.

  Successfully exploiting this issue may allow attackers to spoof
  legitimate websites in a manner that may be difficult for
  unsuspecting users to differentiate between them. This may aid in
  phishing or other social-engineering attacks.

MOZILLA FIREFOX HTML PARSING NULL POINTER DEREFERENCE DENIAL OF
SERVICE VULNERABILITY
BugTraq ID: 17499
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17499
Summary:
  Mozilla Firefox is prone to a denial-of-service condition when
  parsing certain malformed HTML content. Successful exploitation will
  cause the browser to fail or hang.

  Mozilla Firefox versions 1.5.0.1 and prior are prone to this issue.

MOZILLA FIREFOX JAVASCRIPT URI REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 22826
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22826
Summary:
  Mozilla Firefox is prone to a remote code-execution vulnerability
  due to a design error.

  Attackers may exploit this issue by enticing victims into visiting a
  malicious site.

  Successful exploits may allow an attacker to crash the application
  or execute arbitrary code in the context of the affected
  application.

MOZILLA FIREFOX LOCATION.HOSTNAME DOM PROPERTY COOKIE THEFT
VULNERABILITY
BugTraq ID: 22566
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22566
Summary:
  Mozilla Firefox is prone to a vulnerability that allows attackers to
  steal cookies. This issue occurs because the application fails to
  sufficiently sanitize user-supplied input.

  An attacker can exploit this issue to manipulate cookie-based
  authentication credentials for third-party web pages or to control
  how the site is rendered to the user. Exploiting this issue may
  allow the attacker to bypass the same-origin policy for cross-window/cross-
  frame data access; other attacks are also possible.

  This issue affects version 2.0.0.1; prior versions may also be
  affected.

MOZILLA FIREFOX ONUNLOAD JAVASCRIPT BROWSER ENTRAPMENT VULNERABILITY
BugTraq ID: 22688
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22688
Summary:
  Mozilla Firefox is prone to a vulnerability that allows attackers to
  trap users at a particular webpage and spoof page transitions.

  Attackers may exploit this via a malicious page to spoof the
  contents and origin of a page that the victim may trust. This
  vulnerability may be useful in phishing or other attacks that rely
  on content spoofing.

MOZILLA FIREFOX ONUNLOAD MEMORY CORRUPTION VULNERABILITY
BugTraq ID: 22679
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22679
Summary:
  Mozilla Firefox is prone to a remote memory-corruption
  vulnerability.

  Successfully exploiting this issue may allow remote attackers to
  execute arbitrary machine code in the context of the affected
  application. This could facilitate the remote compromise of affected
  computers.

  Mozilla Firefox version 2.0.0.1 is vulnerable to this issue; other
  versions are also likely affected.

MOZILLA FIREFOX POPUP BLOCKER CROSS ZONE SECURITY BYPASS WEAKNESS
BugTraq ID: 22396
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22396
Summary:
Mozilla Firefox is prone to a cross-zone security-bypass weakness. This issue allows attackers to open 'file://' URIs from remote websites.

  By exploiting this issue in conjunction with other weaknesses or
  vulnerabilities, attackers may be able to execute arbitrary script
  code with the elevated privileges that are granted to scripts when
  they are executed from local sources.

  Mozilla Firefox 1.5.0.9 is affected by this issue; other versions
  may be affected as well.

MOZILLA FIREFOX/SEAMONKEY/THUNDERBIRD MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 21668
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
  The Mozilla Foundation has released nine security advisories
  specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

  These vulnerabilities allow attackers to:

  - execute arbitrary code
  - perform cross-site scripting attacks
  - inject arbitrary content
  - gain escalated privileges
  - crash affected applications and potentially execute
    arbitrary code.

  Other attacks may also be possible.

MOZILLA THUNDERBIRD/SEAMONKEY/FIREFOX MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 22694
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22694
Summary:
  The Mozilla Foundation has released six security advisories
  specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

  These vulnerabilities allow attackers to:

  - Execute arbitrary code
  - Cause denial-of-service conditions
  - Perform cross-site scripting attacks
  - Obtain potentially sensitive information
  - Spoof legitimate content

  Other attacks may also be possible.

MOZILLA THUNDERBIRD/SEAMONKEY RICH TEXT INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 22845
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22845
Summary:
  Thunderbird and Seamonkey are prone to an integer-overflow
  vulnerability because they fail to handle excessively large
  specially formatted email messages.

  A remote attacker can exploit this issue to execute arbitrary code;
  failed exploit attempts will likely result in denial-of-service
  conditions.

  This issue affects Thunderbird versions prior to 1.5.0.10 and
  Seamonkey versions prior to 1.0.8.

MULTIPLE PDF READERS MULTIPLE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21910
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21910
Summary:
  Multiple PDF readers are prone to multiple remote buffer-overflow
  vulnerabilities because the applications fail to bounds-check user-
  supplied data before copying it into an insufficiently sized buffer.

  An attacker may be able exploit this issue to execute arbitrary code
  within the context of the affected application. In some
  circumstances, the vulnerability can be exploited only to cause a
  denial of service.

MYSQL COMMANDER REMOTE FILE INCLUDE VULNERABILITY
BugTraq ID: 22941
Last Updated: 2007-03-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22941
Summary:
  MySQL Commander is prone to a remote file-include vulnerability
  because it fails to sufficiently sanitize user-supplied data.

  Exploiting this issue may allow an attacker to compromise the
  application and the underlying system; other attacks are also
  possible.

  This issue affects MySQL Commander 2.7 and prior versions.

MYSQL MERGE PRIVILEGE REVOKE BYPASS VULNERABILITY
BugTraq ID: 19279
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19279
Summary:
  MySQL is prone to a vulnerability that allows users with revoked
  privileges to a particular table to access these tables without
  permission.

  Exploiting this issue allows attackers to access data when access
  privileges have been revoked. The specific impact of this issue
  depends on the data that the attacker may retrieve.

MYSQL MYSQL_REAL_ESCAPE FUNCTION SQL INJECTION VULNERABILITY
BugTraq ID: 18219
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18219
Summary:
  MySQL is prone to an SQL-injection vulnerability because it fails
  to properly sanitize user-supplied input before using it in an
  SQL query.

  A successful exploit could allow an attacker to compromise an
  application using a vulnerable database or to compromise the
  database itself.

  MySQL versions prior to 5.0.22-1-0.1 and prior to 4.1.20 are
  vulnerable. Other versions may also be affected.

MYSQL PRIVILEGE ELEVATION AND SECURITY BYPASS VULNERABILITIES
BugTraq ID: 19559
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19559
Summary:
MySQL is prone to these vulnerabilities:

  - A privilege-elevation vulnerability. A user with privileges to
    execute SUID routines may gain elevated privileges by executing
    certain commands and code with higher privileges.

  - A security-bypass vulnerability. A user can bypass restrictions
    and create new databases.

  MySQL 5.0.24 and prior versions are affected by these issues.

MYSQL REMOTE INFORMATION DISCLOSURE AND BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 17780
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17780
Summary:
MySQL is prone to multiple remote vulnerabilities:

  - A buffer-overflow vulnerability due to insufficient bounds-
    checking of user-supplied data before copying it to an
    insufficiently sized memory buffer. This issue allows remote
    attackers to execute arbitrary machine code in the context of
    affected database servers. Failed exploit attempts will likely
    crash the server, denying further service to legitimate users.

  - Two information-disclosure vulnerabilities due to insufficient input-
    sanitization and bounds-checking of user-supplied data. These
    issues allow remote users to gain access to potentially sensitive
    information that may aid them in further attacks.

MYSQL SERVER DATE_FORMAT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19032
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19032
Summary:
  MySQL is prone to a remote denial-of-service vulnerability because
  the database server fails to properly handle unexpected input.

  This issue allows remote attackers to crash affected database
  servers, denying service to legitimate users. Attackers must be able
  to execute arbitrary SQL statements on affected servers, which
  requires valid credentials to connect to affected servers.

  Attackers may exploit this issue in conjunction with latent SQL-
  injection vulnerabilities in other applications.

  Versions of MySQL prior to 4.1.18, 5.0.19, and 5.1.6 are vulnerable
  to this issue.

MYSQL SERVER STR_TO_DATE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18439
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18439
Summary:
  MySQL is susceptible to a remote denial-of-service vulnerability.
  This issue is due to the database server's failure to properly
  handle unexpected input.

  This issue allows remote attackers to crash affected database
  servers, denying service to legitimate users. Attackers must be able
  to execute arbitrary SQL statements on affected servers, which
  requires valid credentials to connect to affected servers.

  Attackers may exploit this issue in conjunction with latent SQL-
  injection vulnerabilities in other applications.

  Versions of MySQL prior to 4.1.18, 5.0.19, and 5.1.6 are vulnerable
  to this issue.

NESSUS LIBNASL ARBITRARY CODE EXECUTION VULNERABILITY
BugTraq ID: 7664
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/7664
Summary:
  Nessus has reported that various flaws have been discovered in the
  'libnasl' library used by the Nessus application. As a result, a
  malicious NASL script may be able to break outside of the
  established sandbox environment and execute arbitrary commands on
  the local system.

  Note that this malicious script must be a legitimate plugin that has
  been uploaded to the Nessus server. Furthermore, the affected Nessus
  application must have enabled the 'plugins_upload' option (which is
  disabled by default).

NETBSD KERNEL UNSPECIFIED LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22945
Last Updated: 2007-03-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22945
Summary:
  NetBSD is prone to an unspecified kernel heap-based buffer-overflow
  vulnerability.

  Attackers may exploit this issue to execute arbitrary machine code
  in the context of the affected kernel. Failed attempts may result in
  denial-of-service conditions. Successful exploits will likely result
  in a complete compromise of the affected computer.

  Reportedly, this issue also affects older versions of OpenBSD
  and FreeBSD.

NETPROXY SECURITY RESTRICTION BYPASS VULNERABILITY
BugTraq ID: 22741
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22741
Summary:
  NetProxy is prone to a security-restriction-bypass vulnerability
  because the software fails to properly sanitize user-supplied input.

  Attackers can exploit this issue to bypass the security restrictions
  and gain unauthorized access to restricted sites. This may allow
  attackers to bypass the security restrictions enforced by the
  application.

  NetProxy version 4.03 is vulnerable; other versions may also
  be affected.

NETWORK AUDIO SYSTEM LOCAL PRIVILEGE ESCALATION AND DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 23017
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23017
Summary:
  Network Audio System is prone to local privilege-escalation and denial-of-
  service vulnerabilities.

  An attacker can exploit these issues to execute arbitrary commands
  with root privileges or to overwrite arbitrary system files,
  resulting in denial-of-service conditions.

  Network Audio System version 1.8a is affected; other versions may
  also be vulnerable.

OPENBSD ICMPV6 PACKET HANDLING REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22901
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22901
Summary:
  OpenBSD is prone to a remote buffer-overflow vulnerability because
  the software fails to bounds-check user-supplied data before copying
  it into an insufficiently sized buffer.

  A remote attacker can exploit this issue to execute arbitrary code
  with kernel-level privileges or to crash the affected computer.
  Successful exploits will result in a complete compromise of
  vulnerable computers or cause denial-of-service conditions.

OPENSLP MULTIPLE UNSPECIFIED BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 12792
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12792
Summary:
  OpenSLP is prone to multiple unspecified buffer-overflow
  vulnerabilities that may be triggered by malformed SLP (Service
  Location Protocol) packets.

  If successfully exploited, these issues could allow remote code
  execution in the context of the software.

OPENSSH DUPLICATED BLOCK REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20216
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
  OpenSSH is prone to a remote denial-of-service vulnerability because
  it fails to properly handle incoming duplicate blocks.

  Remote attackers may exploit this issue to consume excessive CPU
  resources, potentially denying service to legitimate users.

  This issue occurs only when OpenSSH is configured to accept SSH
  Version One traffic.

OPENSSH SCP SHELL COMMAND EXECUTION VULNERABILITY
BugTraq ID: 16369
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
  OpenSSH is prone to an SCP shell command-execution vulnerability
  because the application fails to properly sanitize user-supplied
  input before using it in a 'system()' function call.

  This issue allows attackers to execute arbitrary shell commands with
  the privileges of users executing a vulnerable version of SCP.

  This issue reportedly affects version 4.2 of OpenSSH. Other versions
  may also be affected.

[ attaque très relative ]

OPENSSH-PORTABLE GSSAPI AUTHENTICATION ABORT INFORMATION
DISCLOSURE WEAKNESS
BugTraq ID: 20245
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20245
Summary:
  OpenSSH-Portable is prone to an information-disclosure weakness. The
  issue stems from a GSSAPI authentication abort.

  Reportedly, attackers may leverage a GSSAPI authentication abort to
  determine the presence and validity of usernames on unspecified
  platforms.

  This issue occurs when OpenSSH-Portable is configured to accept
  GSSAPI authentication.

  OpenSSH-Portable 4.3p1 and prior versions exhibit this weakness.

OPENSSH-PORTABLE ENABLED PAM DELAY INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 7467
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/7467
Summary:
  OpenSSH-portable with PAM support enabled has been reported prone to
  an information-disclosure vulnerability under certain configurative
  circumstances.

  By analyzing the response time during authentication, remote
  attackers may be able to determine whether or not the supplied
  username is valid.

  This issue may be related to the issues described in BID 7342 and
  BID 7343. BID 11781 may also be pertinent; it describes an issue
  very similar to this one.

OPENSSL PKCS PADDING RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 19849
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
  OpenSSL is prone to a vulnerability that may allow an attacker to
  forge an RSA signature. The attacker may be able to forge a PKCS #1
  v1.5 signature when an RSA key with exponent 3 is used.

  An attacker may exploit this issue to sign digital certificates or
  RSA keys and take advantage of trust relationships that depend on
  these credentials, possibly posing as a trusted party and signing a
  certificate or key.

  All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are
  affected by this vulnerability. Updates are available.

PORTABLE OPENSSH GSSAPI REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 20241
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
  Portable OpenSSH is prone to a remote code-execution
  vulnerability. The issue derives from a race condition in a
  vulnerable signal handler.

  Reportedly, under specific conditions, it is theoretically possible
  to execute code remotely prior to authentication when GSSAPI
  authentication is enabled. This has not been confirmed; the chance
  of a successful exploit of this nature is considered minimal.

  On non-Portable OpenSSH implementations, this same race condition
  can be exploited to cause a pre-authentication denial of service.

  This issue occurs when OpenSSH and Portable OpenSSH are configured
  to accept GSSAPI authentication.

POSTGRESQL INFORMATION DISCLOSURE AND DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 22387
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22387
Summary:
  PostgreSQL is prone to information-disclosure and denial-of-service
  vulnerabilities; fixes are available.

  An attacker can exploit these vulnerabilities to cause the backend
  database to crash and reveal sensitive information. This may lead to
  other attacks.

  These issues affect versions 8.0, 8.1, and 8.2. The second issue
  described also affects version 7.3 and 7.4.

POSTGRESQL TSEARCH2 DESIGN ERROR VULNERABILITY
BugTraq ID: 13475
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13475
Summary:
  The PostgreSQL 'contrib/tsearch2' module is prone to a security
  vulnerability. The issue occurs because the module doesn't correctly
  declare several functions.

  Although unconfirmed, presumably this issue allows a remote user who
  can write SQL queries to the affected database to call these
  functions, which shouldn't be accessible directly from SQL commands.

  This vulnerability affects PostgreSQL 7.4 and later.

PROFTPD CONTROLS MODULE LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21587
Last Updated: 2007-02-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21587
Summary:
  ProFTPD is prone to a local stack-based buffer-overflow
  vulnerability.

  Attackers may exploit this issue to corrupt memory and execute
  arbitrary code in the context of the server application, resulting
  in a complete compromise of affected computers.

  NOTE: ProFTPD is vulnerable only when compiled with 'mod_ctrls'
        support and the module is enabled.

ROCKS CLUSTERS LOCAL PRIVILEGE ESCALATION VULNERABILITIES
BugTraq ID: 19003
Last Updated: 2007-03-08
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19003
Summary:
  Rocks Clusters is prone to multiple local privilege-escalation
  vulnerabilities. These issues are due to a lack of proper
  sanitization of user-supplied input..

  These issues allow local attackers to gain superuser privileges,
  facilitating the complete compromise of affected computers.

  Rocks Clusters versions 4.1 and prior are vulnerable to these
  issues.

SQL-LEDGER/LEDGERSMB REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 22828
Last Updated: 2007-03-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22828
Summary:
  SQL-Ledger/LedgerSMB products are prone to vulnerability that lets
  remote attackers execute arbitrary code.

  Remote attackers could exploit this issue to execute arbitrary code
  in the context of the affected application. This could lead to the
  compromise of a vulnerable system.

  SQL-Ledger versions prior to 2.6.25 and LedgerSMB versions prior to
  1.1.5 are vulnerable.

STLPORT LIBRARY MULTIPLE UNSPECIFIED BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 22423
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22423
Summary:
  The STLport library is prone to multiple unspecified buffer-
  overflow vulnerabilities because the library fails to properly bounds-
  check user-supplied input before copying it to insufficiently sized
  memory buffers.

  Exploiting these issues may allow attackers to execute arbitrary
  machine code in the context of applications that use the library.
  Depending on the nature of the applications using the library, these
  issues may be locally or remotely exploited. Failed exploit attempts
  may crash the affected applications.

  STLport versions prior to 5.0.3 are affected by these issues.

SUSE LINUX MULTIPLE LOCAL PRIVILEGE ESCALATION VULNERABILITIES
BugTraq ID: 15040
Last Updated: 2007-03-08
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15040
Summary:
  Multiple SUSE Linux applications are prone to a local privilege-
  escalation vulnerability because affected binaries handle the
  'LD_LIBRARY_PATH' variable in an unsafe manner.

  A local attacker may exploit this vulnerability to execute arbitrary
  code in shared libraries in the context of a user that runs the
  affected application.

  Other unspecified packages are affected; if these other packages
  contain setuid-superuser privileges, then local escalation of
  privileges may be possible.

SAMBA DEFERRED CIFS FILE OPEN DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22395
Last Updated: 2007-03-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22395
Summary:
  The smbd daemon is prone to a denial-of-service vulnerability.

  An attacker can exploit this issue to consume excessive memory
  resources, ultimately crashing the affected application.

  This issue affects Samba versions 3.0.6 through 3.0.23d, inclusive.

SAMBA SERVER VFS PLUGIN AFSACL.SO REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 22403
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22403
Summary:
  Samba is prone to a remote format-string vulnerability because the
  application fails to properly sanitize user-supplied input before
  including it in the format-specifier argument of a formatted-
  printing function.

  Successfully exploiting this issue allows remote attackers to
  execute arbitrary machine code in the context of users running the
  affected application. This facilitates the remote compromise of
  affected computers.

  Samba versions 3.06 to 3.0.23d are vulnerable.

SNAPGEAR UNSPECIFIED DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22835
Last Updated: 2007-03-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22835
Summary:
  SnapGear is prone to a denial-of-service vulnerability because the
  device fails to handle exceptional conditions.

  An attacker can exploit this issue to cause the affected device to
  stop processing packets, denying service to legitimate users.

  This issue affects the 560, 585, 580, 640, 710, and 720 models.

[ firmware ]

SNORT BACKTRACKING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21991
Last Updated: 2007-03-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21991
Summary:
  Snort is prone to a denial-of-service vulnerability because the
  network intrusion detection (NID) system fails to handle specially
  crafted network packets.

  An attacker can exploit this issue to cause the affected NID system
  to consume 100% CPU resources, allowing malicious network traffic to
  avoid detection.

  This issue affects versions prior to 2.6.1.

SNORT/SOURCEFIRE DCE/RPC PACKET REASSEMBLY STACK BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 22616
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22616
Summary:
  Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based
  buffer overflow vulnerability because the network intrusion
  detection (NID) systems fail to handle specially crafted 'DCE' and
  'RPC' network packets.

  An attacker can exploit this issue to execute malicious code in the
  context of the user running the affected application. Failed
  attempts will likely cause these applications to crash.

SPAMASSASSIN LONG URI HANDLING REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22584
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22584
Summary:
  SpamAssassin is prone to a remote denial-of-service vulnerability.

  This issue arises when the application handles excessively
  long URIs.

  SpamAssassin versions prior to 3.1.8 are vulnerable to this issue.

SPAMASSASSIN MALFORMED EMAIL HEADER REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 13978
Last Updated: 2007-03-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13978
Summary:
  SpamAssassin is prone to a remote denial-of-service vulnerability
  because the application fails to properly handle overly long
  email headers.

  Further details regarding this vulnerability are currently not
  available. This BID will be updated as more information is
  disclosed.

  An attacker may cause SpamAssassin to take inordinate amounts of
  time to check a specially crafted email message. By sending many
  malicious messages, the attacker may be able to cause extremely
  large delays in email delivery, denying service to legitimate users.

SQUID PROXY ACL QUEUE OVERLOAD REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22203
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22203
Summary:
  Squid is prone to a remote denial-of-service vulnerability because
  the proxy server fails to handle excessive data.

  Successfully exploiting this issue allows remote attackers to
  crash affected proxy applications, denying further service to
  legitimate users.

SQUID PROXY FTP URI REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22079
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22079
Summary:
  Squid is prone to a remote denial-of-service vulnerability because
  the proxy server fails to handle certain FTP requests.

  Successfully exploiting this issue allows remote attackers to
  crash affected proxy applications, denying futher service to
  legitimate users.

  Squid versions from 2.5.STABLE11 to 2.6.STABLE6 are vulnerable to
  this issue.

SQUID PROXY MALFORMED HTTP HEADER PARSING CACHE POISONING
VULNERABILITY
BugTraq ID: 12433
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12433
Summary:
  Squid Proxy is reported prone to a cache-poisoning vulnerability
  when processing malformed HTTP requests and responses. This issue
  results from insufficient sanitization of user-supplied data.

  Squid versions 2.5 and earlier are reported prone to this issue.

SQUID PROXY NTLM FAKEAUTH_AUTH MEMORY LEAK REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 12324
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12324
Summary:
  Squid is reported to be susceptible to a denial-of-service
  vulnerability in its NTLM authentication module.

  This vulnerability presents itself when an attacker sends
  unspecified NTLM data to Squid. The issue is caused by a memory leak
  -- memory allocated to store a base64-decoded string is not freed.

  Presumably, this issue allows an attacker to cause the NTLM helper
  application to run out of memory and fail.

SQUID PROXY OVERSIZE HTTP HEADERS UNSPECIFIED REMOTE VULNERABILITY
BugTraq ID: 12412
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12412
Summary:
  A remote unspecified vulnerability reportedly affects Squid Proxy.
  This issue is due to the application's failure to properly handle
  malformed HTTP headers.

  The impact of this issue is currently unknown. This BID will be
  updated when more information becomes available.

SQUID PROXY SET-COOKIE HEADERS INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 12716
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12716
Summary:
  Squid Proxy is prone to an information-disclosure vulnerability.

  Reportedly, remote attackers may gain access to Set-Cookie headers
  related to another user. Information gathered through exploiting
  this issue may aid in further attacks against services related to
  the cookie, potentially allowing for session hijacking.

  Squid Proxy 2.5 STABLE7 to 2.5 STABLE9 are vulnerable to this issue.

SQUID PROXY UNSPECIFIED DNS SPOOFING VULNERABILITY
BugTraq ID: 13592
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13592
Summary:
  Squid Proxy is prone to an unspecified DNS-spoofing vulnerability.
  This could allow malicious users to perform DNS-spoofing attacks on
  Squid Proxy clients on unprotected networks.

  This issue affects Squid Proxy versions 2.5 and earlier.

SQUID PROXY WCCP RECVFROM() BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 12432
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12432
Summary:
  The Squid proxy server is vulnerable to a remotely exploitable buffer-
  overflow vulnerability. The vulnerability resides in Squid's
  implementation of WCCP (web cache communication protocol), a UDP-
  based web cache management protocol. The condition is triggered when
  the server reads a packet that is larger than the size of the buffer
  allocated to store it. This can occur because 'recvfrom()' is passed
  an incorrect value for its 'len' argument.

SQUID PROXY SQUID_LDAP_AUTH AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 12431
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12431
Summary:
  Squid Proxy is reported prone to an authentication-bypass
  vulnerability. This issue seems to result from insufficient input
  validation.

  The 'squid_ldap_auth' module is reported affected by this issue. A
  remote attacker may gain unauthorized access or gain elevated
  privileges from bypassing access controls.

  Squid versions 2.5 and earlier are reported prone to this
  vulnerability.

TCPDUMP IEEE802.11 PRINTER REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22772
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22772
Summary:
  The 'tcpdump' utility is prone to a heap-based buffer-overflow
  vulnerability because it fails to bounds-check user-supplied input
  before copying it into an insufficiently sized memory buffer.

  An attacker can exploit this issue to execute arbitrary malicious
  code in the context of the user running the affected application.
  Failed exploit attempts will likely crash the affected application.

  This issue affects tcpdump 3.9.5 and prior versions.

TCPDUMP ISIS DECODING ROUTINES DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 13392
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13392
Summary:
  The tcpdump utility is prone to a vulnerability that may allow a
  remote attacker to cause a denial-of-service condition in the
  software. The issue occurs due to the way tcpdump decodes
  Intermediate System to Intermediate System (ISIS) packets. A remote
  attacker may cause the software to enter an infinite loop by sending
  malformed ISIS packets, resulting in the software hanging.

  Versions up to and including 3.9.x/CVS of tcpdump are reported prone
  to this issue.

TODD MILLER SUDO LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 15191
Last Updated: 2007-03-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15191
Summary:
  Sudo is prone to a local privilege-escalation vulnerability.

  The vulnerability presents itself because the application fails to
  properly sanitize malicious data supplied through environment
  variables.

  A successful attack may result in a complete compromise.

TODD MILLER SUDO LOCAL RACE CONDITION VULNERABILITY
BugTraq ID: 13993
Last Updated: 2007-03-08
Remote: No
Relevant URL: http://www.securityfocus.com/bid/13993
Summary:
  Sudo is prone to a local race-condition vulnerability. The issue
  manifests itself only under certain conditions, specifically, when
  the 'sudoers' configuration file contains a pseudo-command 'ALL'
  that directly follows a user's 'sudoers' entry.

  When such a configuration exists, local attackers may leverage
  this issue to execute arbitrary executables with escalated
  privileges. Attackers may achieve this by creating symbolic links
  to target files.

ULOGD UNSPECIFIED BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22139
Last Updated: 2007-03-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22139
Summary:
  Ulogd is prone to a buffer-overflow vulnerability because it fails
  to properly bounds-check user-supplied data before copying it into
  an insufficiently sized memory buffer.

  Exploiting this issue allows attackers to execute arbitrary machine
  code in the context of the affected daemon. Failed attempts will
  likely result in denial-of-service conditions.

UNRARLIB URARLIB_GET FUNCTION BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22942
Last Updated: 2007-03-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22942
Summary:
  The 'unrarlib' library is prone to a buffer-overflow
  vulnerability because the library fails to perform proper bounds-
  checking of user-supplied input before copying it to an
  insufficiently sized memory buffer.

  Attackers can exploit this vulnerability to execute attacker-
  supplied code in the context of an application that relies on the
  affected library.

UTIL-LINUX UMOUNT FILESYSTEM NULL POINTER DEREFERENCE VULNERABILITY
BugTraq ID: 22850
Last Updated: 2007-03-08
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22850
Summary:
  Util-Linux 'umount' is prone to a NULL-pointer dereference
  vulnerability.

  A local attacker can exploit this issue to crash the affected
  application, denying service to legitimate users. The attacker may
  also be able to obtain sensitive information, including the contents
  of core files.

  Util-Linux Umount implemented on Linux kernel 2.6.15 is reported
  vulnerable to this issue.

VIPUL RAZOR-AGENTS MULTIPLE UNSPECIFIED DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 13984
Last Updated: 2007-03-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13984
Summary:
Vipul Razor-agents is prone to multiple unspecified denial-of-service vulnerabilities:

  - An issue resides in the discovery logic of Razor-agents.
  - Another issue resides in the preprocessing code of Razor-agents.

  Attackers may exploit both issues to cause a denial of service for
  the vulnerable application.

WIRESHARK MULTIPLE PROTOCOL DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 22352
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22352
Summary:
  Wireshark is prone to multiple denial-of-service vulnerabilities.

  Exploiting these issues may permit attackers to cause crashes and
  deny service to legitimate users of the application.

  Wireshark versions prior to 0.99.5 are affected.

[ aka Ethereal ]

XFREE86 MULTIPLE UNSPECIFIED INTEGER OVERFLOW VULNERABILITIES
BugTraq ID: 8514
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/8514
Summary:
  Multiple integer-overflow vulnerabilities have been discovered in
  the XFree86 font libraries. The problem occurs because of
  insufficient sanity checks on integers passed to clients from an X
  font server. As a result, an unexpected buffer overrun may occur
  within the stack or heap space of process memory. An attacker
  could potentially exploit this to execute arbitrary code within a
  target X client.

  Precise technical details regarding these vulnerabilities are
  currently unavailable; as further information is released, this BID
  will be updated accordingly.

XEN QEMU VNC SERVER ARBITRARY INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 22967
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22967
Summary:
  Xen is prone to an unspecified vulnerability that lets attackers
  obtain arbitrary information. The issue stems from a flaw in the VNC
  server code in QEMU.

  An attacker can exploit this issue to access sensitive information
  that may aid in further attacks.

XINE DIRECTSHOW LOADER REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22933
Last Updated: 2007-03-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22933
Summary:
  Xine is prone to a remote buffer-overflow vulnerability because the
  application fails to perform boundary checks before copying user-
  supplied input into finite-sized buffers.

  Successfully exploiting this issue allows remote attackers to
  execute arbitrary machine code in the context of the application and
  to compromise affected computers.

XINE-LIB RULEMATCHES REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21435
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21435
Summary:
  The 'xine-lib' library running on Real media is prone to a remote
  buffer-overflow vulnerability because the application fails to
  properly bounds-check user-supplied data before copying it into an
  insufficiently sized buffer.

  An attacker can exploit this issue to execute arbitrary code with
  the privileges of the currently logged-in user. Failed exploit
  attempts will result in a denial of service.

YUKIHIRO MATSUMOTO RUBY CGI.RB LIBRARY REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21441
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21441
Summary:
  Ruby is prone to a remote denial-of-service vulnerability because
  the application's CGI library fails to properly handle specially
  crafted HTTP requests.

  Successful exploits may allow remote attackers to cause denial-of-
  service conditions on computers running the affected Ruby CGI
  library.

ZZIPLIB ZZIP_OPEN_SHARED_IO STACK BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 23013
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23013
Summary:
  ZZIPlib is prone to a remote stack-based buffer-overflow
  vulnerability because it fails to properly bounds-check user-
  supplied input before copying it to an insufficiently sized
  memory buffer.

  Exploiting this issue may allow attackers to execute arbitrary
  machine code in the context of applicaitons using the library.
  Failed exploit attempts will likely result in a denial-of-service
  condition.

  Versions prior to 0.13.49 are vulnerable.

UTORRENT TORRENT FILE HANDLING REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22530
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22530
Summary:
  uTorrent is prone to a remote stack-based buffer-overflow
  vulnerability because the application fails to properly bounds-check
  user-supplied input before copying it to an insufficiently sized
  memory buffer.

  Exploiting this issue allows attackers to execute arbitrary machine
  code in the context of the application.

  This issue affects version 1.6; other versions may also be affected.




More information about the gull-annonces mailing list