[gull-annonces] Résumé SecurityFocus #389-393
Marc SCHAEFER
schaefer at alphanet.ch
Wed Apr 25 09:15:56 CEST 2007
AMAROK MAGNATURE SHELL COMMAND INJECTION VULNERABILITY
BugTraq ID: 22568
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22568
Summary:
Amarok Magnature is prone to a shell command-injection
vulnerability.
Commands executed through this vulnerability could permit an
attacker to gain access to a vulnerable system.
APACHE HTTP SERVER TOMCAT DIRECTORY TRAVERSAL VULNERABILITY
BugTraq ID: 22960
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22960
Summary:
Apache HTTP servers running with the Tomcat servlet container are
prone to a directory-traversal vulnerability because it fails to
sufficiently sanitize user-supplied input data.
Exploiting this issue allows attackers to access arbitrary files in
the Tomcat webroot. This can expose sensitive information that could
aid in further attacks.
Versions in the 5.0 series prior to 5.5.22 and versions in the 6.0
series prior to 6.0.10 are vulnerable.
APACHE TOMCAT MOD_JK.SO ARBITRARY CODE EXECUTION VULNERABILITY
BugTraq ID: 22791
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22791
Summary:
Apache Tomcat is prone to a vulnerability that will allow remote
attackers to execute arbitrary code on an affected computer. A
successful attack may result in a complete compromise.
APACHE MOD_PYTHON OUTPUT FILTER MODE INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 22849
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22849
Summary:
The Apache mod_python module is prone to an information-disclosure
vulnerability because of a design error in the affected application.
An attacker can exploit this issue to gain access to sensitive
information that may lead to further attacks.
ASTERISK CHAN_SIP.C UNSPECIFIED REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20835
Last Updated: 2007-03-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20835
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to consume excessive
system resources until the software becomes unresponsive to further
calls, effectively denying service to legitimate users.
Asterisk versions prior to 1.2.13 and to 1.4.0-beta3 are vulnerable
to this issue.
ASTERISK SIP CHANNEL DRIVER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22838
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22838
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to cause the
application to crash, effectively denying service to
legitimate users.
Asterisk versions prior to 1.2.16 and 1.4.1 are vulnerable to
this issue.
ASTERISK SIP INVITE MESSAGE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23031
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23031
Summary:
Asterisk is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to cause the
application to crash, effectively denying service to
legitimate users.
CAPI4HYLAFAX REMOTE ARBITRARY COMMAND EXECUTION VULNERABILITY
BugTraq ID: 19801
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19801
Summary:
CAP4Hylafax is prone to an arbitrary command-execution
vulnerability.
An attacker can exploit this vulnerability to execute arbitrary
commands in the context of the affected application.
CHM LIB MULTIPLE UNSPECIFIED BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 22258
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22258
Summary:
CHM Lib is prone to multiple buffer-overflow vulnerabilities because
it fails to properly bounds-check user-supplied input prior to
copying it to insufficiently sized memory buffers.
Successfully exploiting these issues may allow remote attackers to
execute arbitrary machine code in the context of users running
applications that uses the affected library.
Versions prior to 0.39 are vulnerable to these issues.
CPIO FILENAME DIRECTORY TRAVERSAL VULNERABILITY
BugTraq ID: 13291
Last Updated: 2007-03-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13291
Summary:
The cpio utility is prone to a directory-traversal vulnerability.
The issue occurs when cpio is invoked on a malicious archive.
An archive containing an absolute path for a filename that contains
'/' characters results in the file getting written using the
absolute path contained in the filename.
A remote attacker may leverage this issue using a malicious archive
to corrupt arbitrary files with the privileges of the user that is
running the vulnerable software.
CISCO 7940/7960 PHONE SIP INVITE REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 23047
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23047
Summary:
Cisco 7940/7960 phones are prone to a remote denial-of-service
vulnerability.
Exploiting this issue allows remote attackers to cause the device to
reboot, effectively denying service to legitimate users.
[ firmware ]
CISCO MULTIPLE PRODUCTS MULTIPLE REMOTE DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 22561
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22561
Summary:
Multiple Cisco products are prone to multiple denial-of-service
vulnerabilities.
Attackers can exploit these issues to cause vulnerable devices to
reload, potentially causing denial-of-service conditions.
[ firmware ]
CLAM ANTI-VIRUS CLAMAV MAC OS X COMMAND EXECUTION VULNERABILITY
BugTraq ID: 13795
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13795
Summary:
Clam Anti-Virus ClamAV running on Mac OS X is affected by a command-
execution vulnerability.
Reportedly, when the application handles a suspected infected file,
it cannot be removed. The application may attempt to copy the file
to another location using the Mac OS X 'ditto' utility. Since the
'ditto' utility is called in an insecure manner and since the
responsible function fails to sanitize the filename, an attacker can
include arbitrary commands in the filename that will be executed in
the context of ClamAV.
An attacker can exploit this issue to gain unauthorized access to an
affected computer. Note that exploitation is possible only when a
malicious file is copied.
ClamAV versions 0.80rc4 to 0.84rc2 are affected by this issue.
CLAM ANTI-VIRUS CLAMAV UNSPECIFIED QUANTUM DECOMPRESSOR DENIAL OF
SERVICE VULNERABILITY
BugTraq ID: 14058
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14058
Summary:
ClamAV is prone to a denial-of-service vulnerability. The issue
resides in the Quantum decompressor; the exact cause is not known.
Presumably, a remote attacker may exploit this condition using a
malicious file to crash a target ClamAV server.
CLAMAV CAB FILE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22580
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22580
Summary:
ClamAV is prone to a denial-of-service vulnerability.
An attacker can exploit this vulnerability to prevent the software
from scanning certain types of data. When it encounters the data,
the application will reject it. This can result in denial-of-service
conditions.
Versions prior to 0.90 stable are vulnerable.
CLAMAV MIME HEADER ID PARAMETER STRING DIRECTORY TRAVERSAL
VULNERABILITY
BugTraq ID: 22581
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22581
Summary:
ClamAV is prone to a directory-traversal vulnerability because it
fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to create or overwrite
arbitrary files on vulnerable computers in the context of the
affected application. This may aid in further attacks.
This issue affects ClamAV versions prior to the 0.90 stable release.
D-BUS SESSION BUS LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 12435
Last Updated: 2007-03-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/12435
Summary:
A local privilege-escalation vulnerability affects D-BUS because it
fails to properly secure message-bus sessions.
An attacker may leverage this issue to send messages to the message
bus of an unsuspecting user. This may facilitate command execution
with the privileges of the unsuspecting user, ultimately leading to
privilege escalation.
EKIGA GM_MAIN_WINDOW_FLASH_MESSAGE REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 22613
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22613
Summary:
Ekiga is prone to a remote format-string vulnerability because the
application fails to properly sanitize user-supplied input before
including it in the format-specifier argument of a formatted-
printing function.
A remote attacker may execute arbitrary code with the privileges of
the currently logged in user. Failed exploit attempts will result in
a denial-of-service.
This issue affects versions prior to 2.0.5.
ETHEREAL MULTIPLE REMOTE PROTOCOL DISSECTOR VULNERABILITIES
BugTraq ID: 13504
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13504
Summary:
Many vulnerabilities in Ethereal have been disclosed by the vendor.
The reported issues are in various protocol dissectors.
These issues include:
- Buffer-overflow vulnerabilities
- Format-string vulnerabilities
- NULL-pointer dereference denial-of-service vulnerabilities
- Segmentation fault denial-of-service vulnerabilities
- Infinite-loop denial-of-service vulnerabilities
- Memory exhaustion denial-of-service vulnerabilities
- Double-free vulnerabilities
- Unspecified denial-of-service vulnerabilities
These issues could allow remote attackers to execute arbitrary
machine code in the context of the vulnerable application. Attackers
could also crash the affected application.
Various vulnerabilities affect several versions of Ethereal, from
0.8.14 through to 0.10.10.
This BID will be split into individual BIDs for each separate issue.
BID 13567 has been created for the DISTCC issue.
FETCHMAIL MISSING EMAIL HEADER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 15987
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15987
Summary:
Fetchmail is affected by a remote denial-of-service vulnerability.
This issue is due to the application's failure to handle unexpected
input. This issue occurs only when Fetchmail is configured in
'multidrop' mode.
FETCHMAIL MULTIPLE PASSWORD INFORMATION DISCLOSURE VULNERABILITIES
BugTraq ID: 21903
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21903
Summary:
Fetchmail is prone to multiple information-disclosure
vulnerabilities because the application discloses information about
user passwords.
An attacker can exploit these issue to access sensitive information
that may aid the attacker in other attacks.
These issues affect versions prior to 6.3.6-rc4
FETCHMAIL REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21902
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21902
Summary:
Fetchmail is prone to a denial-of-service vulnerability because the
application fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected
application, denying service to legitimate users.
FILE(1) COMMAND FILE_PRINTF INTEGER UNDERFLOW VULNERABILITY
BugTraq ID: 23021
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23021
Summary:
The file(1) command is prone to an integer-underflow vulnerability
because the command fails to adequately handle user-supplied data.
An attacker can leverage this issue to corrupt heap memory and
execute arbitrary code with the privileges of a user running the
command. A successful attack may result in the compromise of
affected computers. Failed attempts will likely cause denial-of-
service conditions.
Versions prior to 4.20 are vulnerable.
GD GRAPHICS LIBRARY JIS-ENCODED FONT BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22289
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22289
Summary:
The GD graphics library is prone to a buffer-overflow vulnerability.
An attacker can exploit this issue to cause denial-of-service
conditions in applications implementing the affected library.
Arbitrary code execution may also be possible; this has not been
confirmed.
GD GRAPHICS LIBRARY MULTIPLE UNSPECIFIED REMOTE BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 11663
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11663
Summary:
Multiple unspecified remote buffer-overflow vulnerabilities have
been identified in the GD Graphics Library. These issues are due to
the library's failure to do sufficient bounds-checking before
processing user-specified strings.
An attacker may leverage these issues to remotely execute arbitrary
code on a computer with the privileges of a user that views a
malicious image file. This may facilitate unauthorized access or
privilege escalation.
GD GRAPHICS LIBRARY REMOTE INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 11523
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11523
Summary:
The GD Graphics Library (gdlib) is affected by an integer overflow
that facilitates a heap overflow. This issue is due to the library's
failure to do proper sanity checking on size values contained within
image-format files.
An attacker may leverage this issue to manipulate process heap
memory, potentially leading to code execution and compromise of the
computer running the affected library.
GDB MULTIPLE VULNERABILITIES
BugTraq ID: 13697
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13697
Summary:
GDB is reportedly affected by multiple vulnerabilities. These issues
can allow an attacker to execute arbitrary code and commands on an
affected computer. A successful attack may allow the attacker to
gain elevated privileges or unauthorized access.
The following specific issues were identified:
- a remote heap-overflow vulnerability when loading malformed
object files.
- a local privilege-escalation vulnerability.
GDB 6.3 is reportedly affected by these issues; other versions are
likely vulnerable as well. GNU binutils 2.14 and 2.15 are affected
by the heap-overflow issue as well.
GNU FILEUTILS DIRECTORY REMOVAL RACE CONDITION VULNERABILITY
BugTraq ID: 4266
Last Updated: 2007-03-07
Remote: No
Relevant URL: http://www.securityfocus.com/bid/4266
Summary:
GNU fileutils is a freely available, open-source file manager. It is
designed for use on Linux and other UNIX-like operating systems.
Under some circumstances, a local user may be able to remove the
root directory of the system. Due to inadequate file locking and an
insecure 'chdir' call, an attacker could move files from the '/tmp'
directory into the root directory. The problem occurs with a
directory tree that has several single subdirectories in '/tmp' when
the root user tries to remove the directories recursively. If the
root user tries to recursively remove the directory tree from '/tmp'
and if the directory tree is writable by another user, then the user
could move a high-level directory into '/tmp' after the 'rm' program
has descended the tree. The 'rm' program would then ascend from the
'/tmp' directory to the root directory, recursively removing the
contents of the root directory.
GNU GZIP ARCHIVE HANDLING MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20101
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20101
Summary:
The gzip utility is prone to multiple remote buffer-overflow and denial-of-
service vulnerabilities when handling malicious archive files.
Successful exploits may allow a remote attacker to corrupt process
memory by triggering an overflow condition. This may lead to
arbitrary code execution in the context of an affected user and may
facilitate a remote compromise. Attackers may also trigger denial-of-
service conditions by crashing or hanging the application.
Specific information regarding affected versions of gzip is
currently unavailable. This BID will be updated as more information
is released.
GNU TAR GNUTYPE_NAMES REMOTE DIRECTORY TRAVERSAL VULNERABILITY
BugTraq ID: 21235
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21235
Summary:
GNU Tar is prone to a vulnerability that may allow an attacker to
place files and overwrite files in arbitrary locations on a
vulnerable computer. These issues present themselves when the
application processes malicious archives.
A successful attack can allow the attacker to place potentially
malicious files and overwrite files on a computer in the context of
the user running the affected application. Successful exploits may
aid in further attacks.
GNU TAR INVALID HEADERS BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 16764
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16764
Summary:
GNU Tar is prone to a buffer overflow when handling invalid headers.
Successful exploitation could potentially lead to arbitrary code
execution, but this has not been confirmed.
Tar versions 1.14 and above are vulnerable.
GNUPG MAKE_PRINTABLE_STRING REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21306
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21306
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it
to an insufficiently sized memory buffer.
Exploiting this issue may allow remote attackers to execute
arbitrary machine code in the context of the affected application,
but this has not been confirmed.
GnuPG versions 1.4.5 and 2.0.0 are vulnerable to this issue;
previous versions may also be affected.
GNUPG OPENPGP PACKET PROCESSING FUNCTION POINTER OVERWRITE
VULNERABILITY
BugTraq ID: 21462
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21462
Summary:
GnuPG is prone to a vulnerability that could permit an attacker to
overwrite a function pointer.
This issue occurs because of a design error when dealing with
OpenPGP packets. Attackers may exploit this issue to execute
arbitrary code.
Successful exploits may result in the remote compromise of computers
using the vulnerable application.
GNUPG PARSE_COMMENT REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19110
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19110
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it
to an insufficiently sized memory buffer.
This issue may allow remote attackers to execute arbitrary machine
code in the context of the affected application, but this has not
been confirmed.
GnuPG version 1.4.4 is vulnerable to this issue; previous versions
may also be affected.
GNUPG PARSE_USER_ID REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18554
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18554
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it
to an insufficiently sized memory buffer.
This issue may allow remote attackers to execute arbitrary machine
code in the context of the affected application, but this has not
been confirmed.
GnuPG versions 1.4.3 and 1.9.20 are vulnerable to this issue;
previous versions may also be affected.
GNUPG SIGNED MESSAGE ARBITRARY CONTENT INJECTION WEAKNESS
BugTraq ID: 22757
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22757
Summary:
GnuPG is prone to a weakness that may allow an attacker to add
arbitrary content into a message without the end user knowing.
An attacker may be able to exploit this issue in applications
using GnuPG to add arbitrary content into a signed and/or
encrypted message.
Exploiting this issue depends on the individual application's use of
GnuPG. Individual records will be created detailing this issue in
affected applications.
GRAPHICSMAGICK PALM DCM BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 20707
Last Updated: 2007-03-08
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20707
Summary:
GraphicsMagick is prone to multiple buffer-overflow vulnerabilities
because it fails to perform adequate boundary checks on user-
supplied data before copying it to insufficiently sized buffers.
Successful exploits may allow an attacker to execute arbitrary
machine code to compromise an affected computer or to cause denial-of-
service conditions.
GraphicsMagick 1.1.7 and prior versions are vulnerable.
ISC BIND REMOTE DNSSEC VALIDATION DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22231
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22231
Summary:
ISC BIND is prone to a remote denial-of-service vulnerability
because the application fails to properly handle malformed DNSSEC
validation requests.
Successfully exploiting this issue allows remote attackers to crash
affected DNS servers, denying further service to legitimate users.
ISC BIND REMOTE FETCH CONTEXT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22229
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22229
Summary:
ISC BIND is prone to a remote denial-of-service vulnerability
because the application fails to properly handle unexpected
DNS requests.
Successfully exploiting this issue allows remote attackers to crash
affected DNS servers, denying further service to legitimate users.
IMAGEMAGICK AND GRAPHICSMAGICK XWD DECODER DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 13705
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13705
Summary:
A remote, client-side denial-of-service vulnerability affects
ImageMagick and GraphicsMagick because the applications fail to
handle malformed XWD image files.
A remote attacker may leverage this issue to cause the affected
software to enter into an infinite loop, consuming CPU resources on
the affected computer and denying service to legitimate users.
IMAGEMAGICK PNM IMAGE DECODING REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 13351
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13351
Summary:
A remotely exploitable client-side buffer-overflow vulnerability
affects ImageMagick. This issue occurs because the application fails
to properly validate the length of user-supplied strings before
copying them into static process buffers.
An attacker may exploit this issue to cause the affected application
to crash, potentially destroying unsaved data, ultimately denying
service to legitimate users.
KDE / KONQUEROR EMBEDDED COMMON NAME CERTIFICATE VALIDATION
VULNERABILITY
BugTraq ID: 7520
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/7520
Summary:
Konqueror Embedded web browser does not correctly validate that
Common Name (CN) field for X.509 certificates when a SSL/TLS session
is negotiated. The browser is not able to detect cases where the CN
does not match the hostname of the server. This could lead to a
variety of attacks, including the possibility of allowing a
malicious server to masquerade as a trusted server.
The non-embedded Konqueror distribution is reportedly not affected
by this issue.
KDE DCOPSERVER LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 12820
Last Updated: 2007-02-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/12820
Summary:
KDE's Desktop Communication Protocol (DCOP) daemon is affected by a
local denial-of-service vulnerability.
Reportedly, a user's DCOPServer can be locked up by causing the
authentication process to stall.
All versions of KDE prior to 3.4 are affected by this issue.
This BID will be updated when more information is available.
KDE KONQUEROR KHTML LIBRARY TITLE CROSS SITE SCRIPTING VULNERABILITY
BugTraq ID: 22428
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22428
Summary:
Konquerer is prone to a cross-site scripting vulnerability because
the application fails to sufficiently sanitize user-supplied data.
Exploiting this issue may help the attacker steal cookie-based
authentication credentials and launch other attacks.
All versions of KDE up to and including KDE 3.5.6 are vulnerable
to this issue. Apple Safari web browser is also vulnerable to
this issue.
KDE PCX IMAGE FILE HANDLING BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 13096
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13096
Summary:
KDE is reported prone to a buffer-overflow vulnerability when
handling PCX image files because the 'kimgio' image library fails to
properly validate PCX image data.
This vulnerability was reported to reside in PCX image-handling
routines, but the vendor has patched other image handlers, which
may mean that other image formats may also be affected by
similar problems.
Attackers may exploit this vulnerability to crash applications using
the affected library or possibly to execute arbitrary machine code
in the context of the affected application.
KOFFICE PPT FILES INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 21354
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21354
Summary:
KOffice is prone to an integer-overflow vulnerability because it
fails to properly validate user-supplied data.
An attacker can exploit this vulnerability to execute arbitrary code
in the context of the application. Failed exploit attempts will
likely cause denial-of-service conditions.
KOffice versions prior to 1.6.1 are affected.
KTORRENT MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 22930
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22930
Summary:
KTorrent is prone to multiple remote vulnerabilities, including a
directory-traversal vulnerability and an unspecified vulnerability
when processing messages with invalid chunk indexes.
Very little information is known about one of these issues. This BID
will be updated as soon as more information becomes available.
An attacker can exploit the directory-traversal issue to overwrite
arbitrary files on the user's system. Presumably, the unspecified
vulnerability when processing messages with invalid chunk indexes
will allow attackers to execute arbitrary code or to cause a denial
of service, but this has not been confirmed.
Versions prior to 2.1.2 are vulnerable to these issues.
LEDGERSMB/SQL-LEDGER LOGIN PARAMETER LOCAL FILE INCLUDE AND
AUTHENTICATION BYPASS VULNERABILITIES
BugTraq ID: 23034
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23034
Summary:
LedgerSMB/SQL-Ledger are prone to a local file-include vulnerability
because the application fails to sufficiently sanitize user-supplied
input. SQL-Ledger is also prone to an authentication-bypass
vulnerability.
A successful exploit would allow an attacker to view files and
execute arbitrary local scripts within the context of the webserver
and potentially gain unauthorized access to the affected
application.
Note that the authentication-bypass issue affects only SQL-Ledger.
These issues affect LedgerSMB prior to 1.1.10 and SQL-Ledger prior
to 2.6.27.
[ Compta en Perl + PostgreSQL ]
LIBTIFF TIFFOPEN BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 13585
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13585
Summary:
LibTIFF is prone to a buffer-overflow vulnerability. The issue
occurs in the 'TIFFOpen()' function when malformed TIFF files are
opened. Successful exploitation could lead to arbitrary code
execution.
LIBVNCSERVER REMOTE AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 18977
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18977
Summary:
LibVNCServer is prone to an authentication-bypass vulnerability.
This issue is due to a flaw in the authentication process of the
affected package.
Exploiting this issue may allow attackers to gain unauthenticated,
remote access to the VNC servers.
All versions of LibVNCServer are considered vulnerable to this
issue.
Reports indicate that this issue is similar to the issue described
in BID 17978 (RealVNC Remote Authentication Bypass Vulnerability).
Note that since LibVNCServer and RealVNC do not share code, this
issue is being assigned a separate BID.
LIBWPD LIBRARY MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 23006
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23006
Summary:
The libwpd library is prone to multiple buffer-overflow
vulnerabilities because it fails to adequately check boundaries on
user-supplied input.
A successful exploit could let a remote attacker execute arbitrary
code in the context of an application using the affected library.
Version 0.8.7 is vulnerable; other versions prior to 0.8.9 may also
be affected.
LIBEVENT DNS PARSING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22606
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22606
Summary:
Libevent is prone to a denial-of-service vulnerability.
A remote attacker may exploit this issue to cause the application to
crash, denying further service to legitimate users.
Versions 1.2 to 1.2a are vulnerable to this issue.
LIBMIKMOD XCOM HANDLER REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19134
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19134
Summary:
A buffer-overflow vulnerability occurs in the libmikmod library.
This issue is due to the software's failure to properly bounds-check
user-supplied input before copying it to an insufficiently sized
memory buffer.
This issue may allow attackers to execute arbitrary machine code in
the context of the affected application, which may facilitate the
remote compromise of affected computers.
Versions 3.2.2 and prior are vulnerable; versions 2.x (which do not
support the GT2 file format) are not vulnerable.
LINUX KERNEL AIO_SETUP_RING LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22193
Last Updated: 2007-02-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22193
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability
because the kernel fails to properly initialize a variable.
Exploiting this issue allows local attackers to cause kernel
crashes, denying service to legitimate users.
LINUX KERNEL ATM SKBUFF DEREFERENCE REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20363
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20363
Summary:
The Linux kernel is prone to a remote denial-of-service
vulnerability.
This issue is triggered when the kernel processes incoming ATM data.
Exploiting this vulnerability may allow remote attackers to crash
the affected kernel, resulting in denial-of-service conditions.
This issue affects only systems that have ATM hardware and are
configured for ATM kernel support.
Kernel versions from 2.6.0 up to and including 2.6.17 are vulnerable
to this issue.
LINUX KERNEL AUDIT SUBSYSTEMS LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22737
Last Updated: 2007-03-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22737
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
A local attacker can exploit this issue to crash the kernel.
Linux kernel versions 2.6.x are vulnerable to this issue.
LINUX KERNEL BINFMT_ELF PT_INTERP LOCAL INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 22903
Last Updated: 2007-03-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22903
Summary:
The Linux kernel is prone to a vulnerability in the Linux ELF binary
loader. Exploiting this issue can allow local attackers to gain
access to privileged information.
An attacker may be able to obtain sensitive data that can
potentially be used to gain elevated privileges.
This issue is a variant of the vulnerability assigned CVE candidate
ID CAN-2004-1073, which is documented in BID 11646.
Linux Kernel versions in the 2.6.0 branch prior to 2.6.20 are
vulnerable; versions in the 2.4.0 branch may also be affected.
LINUX KERNEL BLUETOOTH CAPI PACKET REMOTE BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 21604
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21604
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability
because the kernel fails to bounds-check user-supplied data before
copying it into an insufficiently sized buffer.
An attacker may exploit this issue to execute arbitrary code with
kernel-level privileges, facilitating the complete compromise of
affected computers. Failed exploit attempts will result in denial-of-
service conditions.
Versions prior to 2.4.33.5 are vulnerable to this issue.
LINUX KERNEL CD-ROM DRIVER LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18847
Last Updated: 2007-02-27
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18847
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied input before
using it in a memory copy operation.
This issue allows local attackers to overwrite kernel memory with
arbitrary data, potentially allowing them to execute malicious
machine code in the context of affected kernels. This vulnerability
facilitates the complete compromise of affected computers.
Linux kernel version 2.6.17.3 and prior are affected by this issue.
LINUX KERNEL DEV_QUEUE_XMIT LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22317
Last Updated: 2007-02-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22317
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
A local attacker can exploit this issue to corrupt data and cause
the kernel to become unresponsive, denying further service to
legitimate users.
LINUX KERNEL ELF CORE DUMP LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 13589
Last Updated: 2007-03-07
Remote: No
Relevant URL: http://www.securityfocus.com/bid/13589
Summary:
The Linux kernel is susceptible to a local buffer-overflow
vulnerability when attempting to create ELF coredumps. This issue is
due to an integer-overflow flaw that results in a kernel buffer
overflow during a 'copy_from_user()' call.
To exploit this vulnerability, a malicious user creates a malicious
ELF executable designed to create a negative 'len' variable in
'elf_core_dump()'.
Local users may exploit this vulnerability to execute arbitrary
machine code in the context of the kernel, facilitating privilege
escalation.
**Update: This vulnerability does not exist in the 2.6 kernel tree.
LINUX KERNEL FS/BUFFER.C LOCAL INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 21522
Last Updated: 2007-02-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21522
Summary:
The Linux kernel is prone to a local information-disclosure
vulnerability because the kernel fails to properly clear kernel
memory after certain errors.
Successfully exploiting this issue allows local attackers to gain
access to potentially sensitive information contained in kernel
memory, aiding them in further attacks.
Linux kernel versions prior to 2.6.13 are vulnerable to this issue.
LINUX KERNEL GET_FDB_ENTRIES BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21353
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21353
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because
it fails to properly bounds-check user-supplied data before copying
it to an insufficiently sized memory buffer.
Attackers may potentially exploit this issue to execute arbitrary
code within the context of the affected kernel, but this has not
been confirmed. Successfully exploiting this issue would cause the
complete compromise of the affected computer.
Little information is currently known about this vulnerability.
Since the affected function is in the network-bridging code, remote
attacks may be possible.
LINUX KERNEL IPV6 SEQFILE HANDLING LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20847
Last Updated: 2007-02-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20847
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the way
seqfiles are handled in the kernel.
This vulnerability allows local users to cause an infinite
loop, resulting in a crash and denying further service to
legitimate users.
This issue affects the Linux kernel 2.6 series up to 2.6.18-stable.
LINUX KERNEL IPV6_GETSOCKOPT_STICKY MEMORY LEAK INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 22904
Last Updated: 2007-03-13
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22904
Summary:
Linux Kernel is prone to an information-disclosure vulnerability
because it fails to handle unexpected user-supplied input.
Successful exploits will allow attackers to obtain portions of
kernel memory. Information harvested may be used in further attacks.
Kernel versions 2.6.0 up to 2.6.20.1 are vulnerable to this issue.
LINUX KERNEL ISDN PPP CCP RESET STATE TIMER DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21883
Last Updated: 2007-03-16
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21883
Summary:
The Linux kernel is prone to a denial-of-service vulnerability
because it fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected kernel,
denying service to legitimate users.
LINUX KERNEL ISDN PPP REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21835
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21835
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause an affected kernel to
crash, effectively denying service to legitimate users.
Versions prior to 2.4.34 are vulnerable to this issue.
LINUX KERNEL ISO9660 DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20920
Last Updated: 2007-02-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20920
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue affects the code that handles the ISO9660
filesystem.
An attacker can exploit this issue to crash the affected computer,
denying service to legitimate users.
LINUX KERNEL KEY_ALLOC_SERIAL() LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22539
Last Updated: 2007-03-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22539
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
A successful attack can allow local attackers to trigger a crash and
deny service to legitimate users.
Kernel versions 2.6.x are vulnerable.
LINUX KERNEL LISTXATTR LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22316
Last Updated: 2007-03-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22316
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
Successful exploits will result in denial-of-service conditions or
potentially privilege escalation.
LINUX KERNEL MINCORE USER SPACE ACCESS LOCKING LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21663
Last Updated: 2007-03-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21663
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability due
to a design error.
A local attacker can exploit this issue to cause the kernel to
become unresponsive, denying further service to legitimate users.
Linux Kernel versions prior to 2.4.33.6 are vulnerable.
LINUX KERNEL NFSACL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22625
Last Updated: 2007-03-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22625
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability.
An attacker can exploit this issue to crash the affected computer,
denying service to legitimate users.
This issue affects the Linux kernel 2.6 series up to 2.6.20.
LINUX KERNEL NETFILTER NFNETLINK_LOG MULTIPLE NULL POINTER DEREFERENCE
VULNERABILITIES
BugTraq ID: 22946
Last Updated: 2007-03-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22946
Summary:
The Linux kernel is prone to multiple NULL-pointer dereference
vulnerabilities.
A local attacker can exploit these issues to crash the affected
kernel, denying service to legitimate users.
LINUX KERNEL S/390 COPY_FROM_USER LOCAL INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 20379
Last Updated: 2007-02-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20379
Summary:
The Linux kernel is prone to a local information-disclosure
vulnerability on the S/390 architecture because the kernel fails
to properly initialize kernel memory before returning it to user-
space programs.
Successfully exploiting this issue allows local attackers to gain
access to potentially sensitive information contained in kernel
memory, aiding them in further attacks.
Linux kernel versions prior to 2.6.19-rc1 on the S/390 architecture
are vulnerable to this issue.
LINUX KERNEL SUBTHREAD EXEC LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 14054
Last Updated: 2007-03-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14054
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability
that occurs when a call to 'exec()' is made for a subthread that has
a timer pending.
A local attacker may exploit this issue to crash the kernel,
effectively denying service for legitimate users.
LINUX KERNEL USB DRIVER DATA QUEUE LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19033
Last Updated: 2007-03-16
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19033
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the USB FTDI
SIO driver.
This vulnerability allows local users to consume all available
memory resources, denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.6.16.27.
LINUX SECURITY AUDITING TOOL INSECURE TEMPORARY FILE CREATION
VULNERABILITY
BugTraq ID: 23014
Last Updated: 2007-03-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23014
Summary:
The Linux Security Auditing Tool creates temporary files in an
insecure manner.
An attacker with local access could potentially exploit this issue
to perform symlink attacks, overwriting arbitrary files in the
context of the affected application.
Successfully mounting a symlink attack may allow the attacker to
overwrite or corrupt sensitive files, which may result in a denial
of service. Other attacks may also be possible.
Version 0.9.2 is vulnerable to this issue; other versions may also
be affected.
LINUX-PAM PAM_UNIX.SO AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 22204
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22204
Summary:
Linux-PAM is prone to an authentication-bypass vulnerability because
it fails to effectively verify user passwords during the
authentication process.
Exploiting this issue could allow an attacker to gain unauthorized
access to an affected computer.
Version 0.99.7.0 is vulnerable.
LOOKUP INSECURE TEMPORARY FILE CREATION VULNERABILITY
BugTraq ID: 23026
Last Updated: 2007-03-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23026
Summary:
Lookup creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue
to perform symlink attacks, overwriting arbitrary files in the
context of the affected application.
Successfully exploiting a symlink attack may allow the attacker to
overwrite or corrupt sensitive files. This may result in a denial of
service; other attacks may also be possible.
Lookup version 1.4 is vulnerable to this issue; other versions may
also be affected.
[ interactive utility to search text files quickly ]
MPLAYER DMO FILE PARSING BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22771
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22771
Summary:
MPlayer is susceptible to a buffer-overflow vulnerability when it
attempts to process malformed video files. This issue occurs
because the application fails to perform proper bounds-checking on
user-supplied data before copying it to an insufficiently sized
memory buffer.
An attacker may exploit this issue to execute arbitrary code with
the privileges of the user that activated the vulnerable
application. This may facilitate unauthorized access or privilege
escalation.
MPlayer version 1.0rc1 is vulnerable to this issue; previous
versions may also be affected.
MOD_SECURITY ASCIIZ BYTE POST BYPASS VULNERABILITY
BugTraq ID: 22831
Last Updated: 2007-03-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22831
Summary:
Mod_Security is prone to a POST-parsing-bypass vulnerability.
Successful attacks could allow an attacker to bypass mod_security
restrictions and successfully submit malicious input to mod_security-
protected sites.
The issue derives from a difference in the way the mod_security HTTP
request parser and protected backend web-scripting languages process
incoming data following ASCIIZ bytes.
This issue is reported to affect all iterations of mod_security
below 2.1.0.
MOZILLA FIREFOX 2 PASSWORD MANAGER CROSS-SITE INFORMATION
DISCLOSURE WEAKNESS
BugTraq ID: 21240
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21240
Summary:
Mozilla Firefox is reportedly prone to an information-disclosure
weakness because it fails to properly notify users of the
automatic population of form fields in disparate URLs deriving
from the same domain.
Exploiting this issue may allow attackers to obtain user credentials
that have been saved in forms deriving from the same website where
attack code resides. The most common manifestation of this condition
would typically be in blogs or forums. This may allow attackers to
access potentially sensitive information that would facilitate the
success of phishing attacks.
Initial reports and preliminary testing indicate that this issue
affects only Firefox 2.
MOZILLA FIREFOX ABOUT:BLANK SPOOF VULNERABILITY
BugTraq ID: 22601
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22601
Summary:
Mozilla Firefox is prone to a vulnerability that may allow attackers
to spoof browser windows. This occurs because of a flaw in the
security model of the application's JavaScript engine.
Successfully exploiting this issue may allow attackers to spoof
legitimate websites in a manner that may be difficult for
unsuspecting users to differentiate between them. This may aid in
phishing or other social-engineering attacks.
MOZILLA FIREFOX HTML PARSING NULL POINTER DEREFERENCE DENIAL OF
SERVICE VULNERABILITY
BugTraq ID: 17499
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17499
Summary:
Mozilla Firefox is prone to a denial-of-service condition when
parsing certain malformed HTML content. Successful exploitation will
cause the browser to fail or hang.
Mozilla Firefox versions 1.5.0.1 and prior are prone to this issue.
MOZILLA FIREFOX JAVASCRIPT URI REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 22826
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22826
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability
due to a design error.
Attackers may exploit this issue by enticing victims into visiting a
malicious site.
Successful exploits may allow an attacker to crash the application
or execute arbitrary code in the context of the affected
application.
MOZILLA FIREFOX LOCATION.HOSTNAME DOM PROPERTY COOKIE THEFT
VULNERABILITY
BugTraq ID: 22566
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22566
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to
steal cookies. This issue occurs because the application fails to
sufficiently sanitize user-supplied input.
An attacker can exploit this issue to manipulate cookie-based
authentication credentials for third-party web pages or to control
how the site is rendered to the user. Exploiting this issue may
allow the attacker to bypass the same-origin policy for cross-window/cross-
frame data access; other attacks are also possible.
This issue affects version 2.0.0.1; prior versions may also be
affected.
MOZILLA FIREFOX ONUNLOAD JAVASCRIPT BROWSER ENTRAPMENT VULNERABILITY
BugTraq ID: 22688
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22688
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to
trap users at a particular webpage and spoof page transitions.
Attackers may exploit this via a malicious page to spoof the
contents and origin of a page that the victim may trust. This
vulnerability may be useful in phishing or other attacks that rely
on content spoofing.
MOZILLA FIREFOX ONUNLOAD MEMORY CORRUPTION VULNERABILITY
BugTraq ID: 22679
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22679
Summary:
Mozilla Firefox is prone to a remote memory-corruption
vulnerability.
Successfully exploiting this issue may allow remote attackers to
execute arbitrary machine code in the context of the affected
application. This could facilitate the remote compromise of affected
computers.
Mozilla Firefox version 2.0.0.1 is vulnerable to this issue; other
versions are also likely affected.
MOZILLA FIREFOX POPUP BLOCKER CROSS ZONE SECURITY BYPASS WEAKNESS
BugTraq ID: 22396
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22396
Summary:
Mozilla Firefox is prone to a cross-zone security-bypass weakness. This issue allows attackers to open 'file://' URIs from remote websites.
By exploiting this issue in conjunction with other weaknesses or
vulnerabilities, attackers may be able to execute arbitrary script
code with the elevated privileges that are granted to scripts when
they are executed from local sources.
Mozilla Firefox 1.5.0.9 is affected by this issue; other versions
may be affected as well.
MOZILLA FIREFOX/SEAMONKEY/THUNDERBIRD MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 21668
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories
specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute
arbitrary code.
Other attacks may also be possible.
MOZILLA THUNDERBIRD/SEAMONKEY/FIREFOX MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 22694
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22694
Summary:
The Mozilla Foundation has released six security advisories
specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content
Other attacks may also be possible.
MOZILLA THUNDERBIRD/SEAMONKEY RICH TEXT INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 22845
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22845
Summary:
Thunderbird and Seamonkey are prone to an integer-overflow
vulnerability because they fail to handle excessively large
specially formatted email messages.
A remote attacker can exploit this issue to execute arbitrary code;
failed exploit attempts will likely result in denial-of-service
conditions.
This issue affects Thunderbird versions prior to 1.5.0.10 and
Seamonkey versions prior to 1.0.8.
MULTIPLE PDF READERS MULTIPLE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21910
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21910
Summary:
Multiple PDF readers are prone to multiple remote buffer-overflow
vulnerabilities because the applications fail to bounds-check user-
supplied data before copying it into an insufficiently sized buffer.
An attacker may be able exploit this issue to execute arbitrary code
within the context of the affected application. In some
circumstances, the vulnerability can be exploited only to cause a
denial of service.
MYSQL COMMANDER REMOTE FILE INCLUDE VULNERABILITY
BugTraq ID: 22941
Last Updated: 2007-03-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22941
Summary:
MySQL Commander is prone to a remote file-include vulnerability
because it fails to sufficiently sanitize user-supplied data.
Exploiting this issue may allow an attacker to compromise the
application and the underlying system; other attacks are also
possible.
This issue affects MySQL Commander 2.7 and prior versions.
MYSQL MERGE PRIVILEGE REVOKE BYPASS VULNERABILITY
BugTraq ID: 19279
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19279
Summary:
MySQL is prone to a vulnerability that allows users with revoked
privileges to a particular table to access these tables without
permission.
Exploiting this issue allows attackers to access data when access
privileges have been revoked. The specific impact of this issue
depends on the data that the attacker may retrieve.
MYSQL MYSQL_REAL_ESCAPE FUNCTION SQL INJECTION VULNERABILITY
BugTraq ID: 18219
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18219
Summary:
MySQL is prone to an SQL-injection vulnerability because it fails
to properly sanitize user-supplied input before using it in an
SQL query.
A successful exploit could allow an attacker to compromise an
application using a vulnerable database or to compromise the
database itself.
MySQL versions prior to 5.0.22-1-0.1 and prior to 4.1.20 are
vulnerable. Other versions may also be affected.
MYSQL PRIVILEGE ELEVATION AND SECURITY BYPASS VULNERABILITIES
BugTraq ID: 19559
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19559
Summary:
MySQL is prone to these vulnerabilities:
- A privilege-elevation vulnerability. A user with privileges to
execute SUID routines may gain elevated privileges by executing
certain commands and code with higher privileges.
- A security-bypass vulnerability. A user can bypass restrictions
and create new databases.
MySQL 5.0.24 and prior versions are affected by these issues.
MYSQL REMOTE INFORMATION DISCLOSURE AND BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 17780
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17780
Summary:
MySQL is prone to multiple remote vulnerabilities:
- A buffer-overflow vulnerability due to insufficient bounds-
checking of user-supplied data before copying it to an
insufficiently sized memory buffer. This issue allows remote
attackers to execute arbitrary machine code in the context of
affected database servers. Failed exploit attempts will likely
crash the server, denying further service to legitimate users.
- Two information-disclosure vulnerabilities due to insufficient input-
sanitization and bounds-checking of user-supplied data. These
issues allow remote users to gain access to potentially sensitive
information that may aid them in further attacks.
MYSQL SERVER DATE_FORMAT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19032
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19032
Summary:
MySQL is prone to a remote denial-of-service vulnerability because
the database server fails to properly handle unexpected input.
This issue allows remote attackers to crash affected database
servers, denying service to legitimate users. Attackers must be able
to execute arbitrary SQL statements on affected servers, which
requires valid credentials to connect to affected servers.
Attackers may exploit this issue in conjunction with latent SQL-
injection vulnerabilities in other applications.
Versions of MySQL prior to 4.1.18, 5.0.19, and 5.1.6 are vulnerable
to this issue.
MYSQL SERVER STR_TO_DATE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18439
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18439
Summary:
MySQL is susceptible to a remote denial-of-service vulnerability.
This issue is due to the database server's failure to properly
handle unexpected input.
This issue allows remote attackers to crash affected database
servers, denying service to legitimate users. Attackers must be able
to execute arbitrary SQL statements on affected servers, which
requires valid credentials to connect to affected servers.
Attackers may exploit this issue in conjunction with latent SQL-
injection vulnerabilities in other applications.
Versions of MySQL prior to 4.1.18, 5.0.19, and 5.1.6 are vulnerable
to this issue.
NESSUS LIBNASL ARBITRARY CODE EXECUTION VULNERABILITY
BugTraq ID: 7664
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/7664
Summary:
Nessus has reported that various flaws have been discovered in the
'libnasl' library used by the Nessus application. As a result, a
malicious NASL script may be able to break outside of the
established sandbox environment and execute arbitrary commands on
the local system.
Note that this malicious script must be a legitimate plugin that has
been uploaded to the Nessus server. Furthermore, the affected Nessus
application must have enabled the 'plugins_upload' option (which is
disabled by default).
NETBSD KERNEL UNSPECIFIED LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22945
Last Updated: 2007-03-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22945
Summary:
NetBSD is prone to an unspecified kernel heap-based buffer-overflow
vulnerability.
Attackers may exploit this issue to execute arbitrary machine code
in the context of the affected kernel. Failed attempts may result in
denial-of-service conditions. Successful exploits will likely result
in a complete compromise of the affected computer.
Reportedly, this issue also affects older versions of OpenBSD
and FreeBSD.
NETPROXY SECURITY RESTRICTION BYPASS VULNERABILITY
BugTraq ID: 22741
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22741
Summary:
NetProxy is prone to a security-restriction-bypass vulnerability
because the software fails to properly sanitize user-supplied input.
Attackers can exploit this issue to bypass the security restrictions
and gain unauthorized access to restricted sites. This may allow
attackers to bypass the security restrictions enforced by the
application.
NetProxy version 4.03 is vulnerable; other versions may also
be affected.
NETWORK AUDIO SYSTEM LOCAL PRIVILEGE ESCALATION AND DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 23017
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23017
Summary:
Network Audio System is prone to local privilege-escalation and denial-of-
service vulnerabilities.
An attacker can exploit these issues to execute arbitrary commands
with root privileges or to overwrite arbitrary system files,
resulting in denial-of-service conditions.
Network Audio System version 1.8a is affected; other versions may
also be vulnerable.
OPENBSD ICMPV6 PACKET HANDLING REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22901
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22901
Summary:
OpenBSD is prone to a remote buffer-overflow vulnerability because
the software fails to bounds-check user-supplied data before copying
it into an insufficiently sized buffer.
A remote attacker can exploit this issue to execute arbitrary code
with kernel-level privileges or to crash the affected computer.
Successful exploits will result in a complete compromise of
vulnerable computers or cause denial-of-service conditions.
OPENSLP MULTIPLE UNSPECIFIED BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 12792
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12792
Summary:
OpenSLP is prone to multiple unspecified buffer-overflow
vulnerabilities that may be triggered by malformed SLP (Service
Location Protocol) packets.
If successfully exploited, these issues could allow remote code
execution in the context of the software.
OPENSSH DUPLICATED BLOCK REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20216
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because
it fails to properly handle incoming duplicate blocks.
Remote attackers may exploit this issue to consume excessive CPU
resources, potentially denying service to legitimate users.
This issue occurs only when OpenSSH is configured to accept SSH
Version One traffic.
OPENSSH SCP SHELL COMMAND EXECUTION VULNERABILITY
BugTraq ID: 16369
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
OpenSSH is prone to an SCP shell command-execution vulnerability
because the application fails to properly sanitize user-supplied
input before using it in a 'system()' function call.
This issue allows attackers to execute arbitrary shell commands with
the privileges of users executing a vulnerable version of SCP.
This issue reportedly affects version 4.2 of OpenSSH. Other versions
may also be affected.
[ attaque très relative ]
OPENSSH-PORTABLE GSSAPI AUTHENTICATION ABORT INFORMATION
DISCLOSURE WEAKNESS
BugTraq ID: 20245
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20245
Summary:
OpenSSH-Portable is prone to an information-disclosure weakness. The
issue stems from a GSSAPI authentication abort.
Reportedly, attackers may leverage a GSSAPI authentication abort to
determine the presence and validity of usernames on unspecified
platforms.
This issue occurs when OpenSSH-Portable is configured to accept
GSSAPI authentication.
OpenSSH-Portable 4.3p1 and prior versions exhibit this weakness.
OPENSSH-PORTABLE ENABLED PAM DELAY INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 7467
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/7467
Summary:
OpenSSH-portable with PAM support enabled has been reported prone to
an information-disclosure vulnerability under certain configurative
circumstances.
By analyzing the response time during authentication, remote
attackers may be able to determine whether or not the supplied
username is valid.
This issue may be related to the issues described in BID 7342 and
BID 7343. BID 11781 may also be pertinent; it describes an issue
very similar to this one.
OPENSSL PKCS PADDING RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 19849
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to
forge an RSA signature. The attacker may be able to forge a PKCS #1
v1.5 signature when an RSA key with exponent 3 is used.
An attacker may exploit this issue to sign digital certificates or
RSA keys and take advantage of trust relationships that depend on
these credentials, possibly posing as a trusted party and signing a
certificate or key.
All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are
affected by this vulnerability. Updates are available.
PORTABLE OPENSSH GSSAPI REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 20241
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
Portable OpenSSH is prone to a remote code-execution
vulnerability. The issue derives from a race condition in a
vulnerable signal handler.
Reportedly, under specific conditions, it is theoretically possible
to execute code remotely prior to authentication when GSSAPI
authentication is enabled. This has not been confirmed; the chance
of a successful exploit of this nature is considered minimal.
On non-Portable OpenSSH implementations, this same race condition
can be exploited to cause a pre-authentication denial of service.
This issue occurs when OpenSSH and Portable OpenSSH are configured
to accept GSSAPI authentication.
POSTGRESQL INFORMATION DISCLOSURE AND DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 22387
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22387
Summary:
PostgreSQL is prone to information-disclosure and denial-of-service
vulnerabilities; fixes are available.
An attacker can exploit these vulnerabilities to cause the backend
database to crash and reveal sensitive information. This may lead to
other attacks.
These issues affect versions 8.0, 8.1, and 8.2. The second issue
described also affects version 7.3 and 7.4.
POSTGRESQL TSEARCH2 DESIGN ERROR VULNERABILITY
BugTraq ID: 13475
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13475
Summary:
The PostgreSQL 'contrib/tsearch2' module is prone to a security
vulnerability. The issue occurs because the module doesn't correctly
declare several functions.
Although unconfirmed, presumably this issue allows a remote user who
can write SQL queries to the affected database to call these
functions, which shouldn't be accessible directly from SQL commands.
This vulnerability affects PostgreSQL 7.4 and later.
PROFTPD CONTROLS MODULE LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21587
Last Updated: 2007-02-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21587
Summary:
ProFTPD is prone to a local stack-based buffer-overflow
vulnerability.
Attackers may exploit this issue to corrupt memory and execute
arbitrary code in the context of the server application, resulting
in a complete compromise of affected computers.
NOTE: ProFTPD is vulnerable only when compiled with 'mod_ctrls'
support and the module is enabled.
ROCKS CLUSTERS LOCAL PRIVILEGE ESCALATION VULNERABILITIES
BugTraq ID: 19003
Last Updated: 2007-03-08
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19003
Summary:
Rocks Clusters is prone to multiple local privilege-escalation
vulnerabilities. These issues are due to a lack of proper
sanitization of user-supplied input..
These issues allow local attackers to gain superuser privileges,
facilitating the complete compromise of affected computers.
Rocks Clusters versions 4.1 and prior are vulnerable to these
issues.
SQL-LEDGER/LEDGERSMB REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 22828
Last Updated: 2007-03-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22828
Summary:
SQL-Ledger/LedgerSMB products are prone to vulnerability that lets
remote attackers execute arbitrary code.
Remote attackers could exploit this issue to execute arbitrary code
in the context of the affected application. This could lead to the
compromise of a vulnerable system.
SQL-Ledger versions prior to 2.6.25 and LedgerSMB versions prior to
1.1.5 are vulnerable.
STLPORT LIBRARY MULTIPLE UNSPECIFIED BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 22423
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22423
Summary:
The STLport library is prone to multiple unspecified buffer-
overflow vulnerabilities because the library fails to properly bounds-
check user-supplied input before copying it to insufficiently sized
memory buffers.
Exploiting these issues may allow attackers to execute arbitrary
machine code in the context of applications that use the library.
Depending on the nature of the applications using the library, these
issues may be locally or remotely exploited. Failed exploit attempts
may crash the affected applications.
STLport versions prior to 5.0.3 are affected by these issues.
SUSE LINUX MULTIPLE LOCAL PRIVILEGE ESCALATION VULNERABILITIES
BugTraq ID: 15040
Last Updated: 2007-03-08
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15040
Summary:
Multiple SUSE Linux applications are prone to a local privilege-
escalation vulnerability because affected binaries handle the
'LD_LIBRARY_PATH' variable in an unsafe manner.
A local attacker may exploit this vulnerability to execute arbitrary
code in shared libraries in the context of a user that runs the
affected application.
Other unspecified packages are affected; if these other packages
contain setuid-superuser privileges, then local escalation of
privileges may be possible.
SAMBA DEFERRED CIFS FILE OPEN DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22395
Last Updated: 2007-03-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22395
Summary:
The smbd daemon is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to consume excessive memory
resources, ultimately crashing the affected application.
This issue affects Samba versions 3.0.6 through 3.0.23d, inclusive.
SAMBA SERVER VFS PLUGIN AFSACL.SO REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 22403
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22403
Summary:
Samba is prone to a remote format-string vulnerability because the
application fails to properly sanitize user-supplied input before
including it in the format-specifier argument of a formatted-
printing function.
Successfully exploiting this issue allows remote attackers to
execute arbitrary machine code in the context of users running the
affected application. This facilitates the remote compromise of
affected computers.
Samba versions 3.06 to 3.0.23d are vulnerable.
SNAPGEAR UNSPECIFIED DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22835
Last Updated: 2007-03-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22835
Summary:
SnapGear is prone to a denial-of-service vulnerability because the
device fails to handle exceptional conditions.
An attacker can exploit this issue to cause the affected device to
stop processing packets, denying service to legitimate users.
This issue affects the 560, 585, 580, 640, 710, and 720 models.
[ firmware ]
SNORT BACKTRACKING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21991
Last Updated: 2007-03-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21991
Summary:
Snort is prone to a denial-of-service vulnerability because the
network intrusion detection (NID) system fails to handle specially
crafted network packets.
An attacker can exploit this issue to cause the affected NID system
to consume 100% CPU resources, allowing malicious network traffic to
avoid detection.
This issue affects versions prior to 2.6.1.
SNORT/SOURCEFIRE DCE/RPC PACKET REASSEMBLY STACK BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 22616
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22616
Summary:
Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based
buffer overflow vulnerability because the network intrusion
detection (NID) systems fail to handle specially crafted 'DCE' and
'RPC' network packets.
An attacker can exploit this issue to execute malicious code in the
context of the user running the affected application. Failed
attempts will likely cause these applications to crash.
SPAMASSASSIN LONG URI HANDLING REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22584
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22584
Summary:
SpamAssassin is prone to a remote denial-of-service vulnerability.
This issue arises when the application handles excessively
long URIs.
SpamAssassin versions prior to 3.1.8 are vulnerable to this issue.
SPAMASSASSIN MALFORMED EMAIL HEADER REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 13978
Last Updated: 2007-03-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13978
Summary:
SpamAssassin is prone to a remote denial-of-service vulnerability
because the application fails to properly handle overly long
email headers.
Further details regarding this vulnerability are currently not
available. This BID will be updated as more information is
disclosed.
An attacker may cause SpamAssassin to take inordinate amounts of
time to check a specially crafted email message. By sending many
malicious messages, the attacker may be able to cause extremely
large delays in email delivery, denying service to legitimate users.
SQUID PROXY ACL QUEUE OVERLOAD REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22203
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22203
Summary:
Squid is prone to a remote denial-of-service vulnerability because
the proxy server fails to handle excessive data.
Successfully exploiting this issue allows remote attackers to
crash affected proxy applications, denying further service to
legitimate users.
SQUID PROXY FTP URI REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22079
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22079
Summary:
Squid is prone to a remote denial-of-service vulnerability because
the proxy server fails to handle certain FTP requests.
Successfully exploiting this issue allows remote attackers to
crash affected proxy applications, denying futher service to
legitimate users.
Squid versions from 2.5.STABLE11 to 2.6.STABLE6 are vulnerable to
this issue.
SQUID PROXY MALFORMED HTTP HEADER PARSING CACHE POISONING
VULNERABILITY
BugTraq ID: 12433
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12433
Summary:
Squid Proxy is reported prone to a cache-poisoning vulnerability
when processing malformed HTTP requests and responses. This issue
results from insufficient sanitization of user-supplied data.
Squid versions 2.5 and earlier are reported prone to this issue.
SQUID PROXY NTLM FAKEAUTH_AUTH MEMORY LEAK REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 12324
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12324
Summary:
Squid is reported to be susceptible to a denial-of-service
vulnerability in its NTLM authentication module.
This vulnerability presents itself when an attacker sends
unspecified NTLM data to Squid. The issue is caused by a memory leak
-- memory allocated to store a base64-decoded string is not freed.
Presumably, this issue allows an attacker to cause the NTLM helper
application to run out of memory and fail.
SQUID PROXY OVERSIZE HTTP HEADERS UNSPECIFIED REMOTE VULNERABILITY
BugTraq ID: 12412
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12412
Summary:
A remote unspecified vulnerability reportedly affects Squid Proxy.
This issue is due to the application's failure to properly handle
malformed HTTP headers.
The impact of this issue is currently unknown. This BID will be
updated when more information becomes available.
SQUID PROXY SET-COOKIE HEADERS INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 12716
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12716
Summary:
Squid Proxy is prone to an information-disclosure vulnerability.
Reportedly, remote attackers may gain access to Set-Cookie headers
related to another user. Information gathered through exploiting
this issue may aid in further attacks against services related to
the cookie, potentially allowing for session hijacking.
Squid Proxy 2.5 STABLE7 to 2.5 STABLE9 are vulnerable to this issue.
SQUID PROXY UNSPECIFIED DNS SPOOFING VULNERABILITY
BugTraq ID: 13592
Last Updated: 2007-03-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13592
Summary:
Squid Proxy is prone to an unspecified DNS-spoofing vulnerability.
This could allow malicious users to perform DNS-spoofing attacks on
Squid Proxy clients on unprotected networks.
This issue affects Squid Proxy versions 2.5 and earlier.
SQUID PROXY WCCP RECVFROM() BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 12432
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12432
Summary:
The Squid proxy server is vulnerable to a remotely exploitable buffer-
overflow vulnerability. The vulnerability resides in Squid's
implementation of WCCP (web cache communication protocol), a UDP-
based web cache management protocol. The condition is triggered when
the server reads a packet that is larger than the size of the buffer
allocated to store it. This can occur because 'recvfrom()' is passed
an incorrect value for its 'len' argument.
SQUID PROXY SQUID_LDAP_AUTH AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 12431
Last Updated: 2007-02-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12431
Summary:
Squid Proxy is reported prone to an authentication-bypass
vulnerability. This issue seems to result from insufficient input
validation.
The 'squid_ldap_auth' module is reported affected by this issue. A
remote attacker may gain unauthorized access or gain elevated
privileges from bypassing access controls.
Squid versions 2.5 and earlier are reported prone to this
vulnerability.
TCPDUMP IEEE802.11 PRINTER REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22772
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22772
Summary:
The 'tcpdump' utility is prone to a heap-based buffer-overflow
vulnerability because it fails to bounds-check user-supplied input
before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary malicious
code in the context of the user running the affected application.
Failed exploit attempts will likely crash the affected application.
This issue affects tcpdump 3.9.5 and prior versions.
TCPDUMP ISIS DECODING ROUTINES DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 13392
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13392
Summary:
The tcpdump utility is prone to a vulnerability that may allow a
remote attacker to cause a denial-of-service condition in the
software. The issue occurs due to the way tcpdump decodes
Intermediate System to Intermediate System (ISIS) packets. A remote
attacker may cause the software to enter an infinite loop by sending
malformed ISIS packets, resulting in the software hanging.
Versions up to and including 3.9.x/CVS of tcpdump are reported prone
to this issue.
TODD MILLER SUDO LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 15191
Last Updated: 2007-03-14
Remote: No
Relevant URL: http://www.securityfocus.com/bid/15191
Summary:
Sudo is prone to a local privilege-escalation vulnerability.
The vulnerability presents itself because the application fails to
properly sanitize malicious data supplied through environment
variables.
A successful attack may result in a complete compromise.
TODD MILLER SUDO LOCAL RACE CONDITION VULNERABILITY
BugTraq ID: 13993
Last Updated: 2007-03-08
Remote: No
Relevant URL: http://www.securityfocus.com/bid/13993
Summary:
Sudo is prone to a local race-condition vulnerability. The issue
manifests itself only under certain conditions, specifically, when
the 'sudoers' configuration file contains a pseudo-command 'ALL'
that directly follows a user's 'sudoers' entry.
When such a configuration exists, local attackers may leverage
this issue to execute arbitrary executables with escalated
privileges. Attackers may achieve this by creating symbolic links
to target files.
ULOGD UNSPECIFIED BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22139
Last Updated: 2007-03-19
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22139
Summary:
Ulogd is prone to a buffer-overflow vulnerability because it fails
to properly bounds-check user-supplied data before copying it into
an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine
code in the context of the affected daemon. Failed attempts will
likely result in denial-of-service conditions.
UNRARLIB URARLIB_GET FUNCTION BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22942
Last Updated: 2007-03-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22942
Summary:
The 'unrarlib' library is prone to a buffer-overflow
vulnerability because the library fails to perform proper bounds-
checking of user-supplied input before copying it to an
insufficiently sized memory buffer.
Attackers can exploit this vulnerability to execute attacker-
supplied code in the context of an application that relies on the
affected library.
UTIL-LINUX UMOUNT FILESYSTEM NULL POINTER DEREFERENCE VULNERABILITY
BugTraq ID: 22850
Last Updated: 2007-03-08
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22850
Summary:
Util-Linux 'umount' is prone to a NULL-pointer dereference
vulnerability.
A local attacker can exploit this issue to crash the affected
application, denying service to legitimate users. The attacker may
also be able to obtain sensitive information, including the contents
of core files.
Util-Linux Umount implemented on Linux kernel 2.6.15 is reported
vulnerable to this issue.
VIPUL RAZOR-AGENTS MULTIPLE UNSPECIFIED DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 13984
Last Updated: 2007-03-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13984
Summary:
Vipul Razor-agents is prone to multiple unspecified denial-of-service vulnerabilities:
- An issue resides in the discovery logic of Razor-agents.
- Another issue resides in the preprocessing code of Razor-agents.
Attackers may exploit both issues to cause a denial of service for
the vulnerable application.
WIRESHARK MULTIPLE PROTOCOL DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 22352
Last Updated: 2007-03-14
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22352
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may permit attackers to cause crashes and
deny service to legitimate users of the application.
Wireshark versions prior to 0.99.5 are affected.
[ aka Ethereal ]
XFREE86 MULTIPLE UNSPECIFIED INTEGER OVERFLOW VULNERABILITIES
BugTraq ID: 8514
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/8514
Summary:
Multiple integer-overflow vulnerabilities have been discovered in
the XFree86 font libraries. The problem occurs because of
insufficient sanity checks on integers passed to clients from an X
font server. As a result, an unexpected buffer overrun may occur
within the stack or heap space of process memory. An attacker
could potentially exploit this to execute arbitrary code within a
target X client.
Precise technical details regarding these vulnerabilities are
currently unavailable; as further information is released, this BID
will be updated accordingly.
XEN QEMU VNC SERVER ARBITRARY INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 22967
Last Updated: 2007-03-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22967
Summary:
Xen is prone to an unspecified vulnerability that lets attackers
obtain arbitrary information. The issue stems from a flaw in the VNC
server code in QEMU.
An attacker can exploit this issue to access sensitive information
that may aid in further attacks.
XINE DIRECTSHOW LOADER REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22933
Last Updated: 2007-03-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22933
Summary:
Xine is prone to a remote buffer-overflow vulnerability because the
application fails to perform boundary checks before copying user-
supplied input into finite-sized buffers.
Successfully exploiting this issue allows remote attackers to
execute arbitrary machine code in the context of the application and
to compromise affected computers.
XINE-LIB RULEMATCHES REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21435
Last Updated: 2007-02-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21435
Summary:
The 'xine-lib' library running on Real media is prone to a remote
buffer-overflow vulnerability because the application fails to
properly bounds-check user-supplied data before copying it into an
insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with
the privileges of the currently logged-in user. Failed exploit
attempts will result in a denial of service.
YUKIHIRO MATSUMOTO RUBY CGI.RB LIBRARY REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21441
Last Updated: 2007-03-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21441
Summary:
Ruby is prone to a remote denial-of-service vulnerability because
the application's CGI library fails to properly handle specially
crafted HTTP requests.
Successful exploits may allow remote attackers to cause denial-of-
service conditions on computers running the affected Ruby CGI
library.
ZZIPLIB ZZIP_OPEN_SHARED_IO STACK BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 23013
Last Updated: 2007-03-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23013
Summary:
ZZIPlib is prone to a remote stack-based buffer-overflow
vulnerability because it fails to properly bounds-check user-
supplied input before copying it to an insufficiently sized
memory buffer.
Exploiting this issue may allow attackers to execute arbitrary
machine code in the context of applicaitons using the library.
Failed exploit attempts will likely result in a denial-of-service
condition.
Versions prior to 0.13.49 are vulnerable.
UTORRENT TORRENT FILE HANDLING REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22530
Last Updated: 2007-03-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22530
Summary:
uTorrent is prone to a remote stack-based buffer-overflow
vulnerability because the application fails to properly bounds-check
user-supplied input before copying it to an insufficiently sized
memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine
code in the context of the application.
This issue affects version 1.6; other versions may also be affected.
More information about the gull-annonces
mailing list