[gull-annonces] Résumé SecurityFocus Newsletter #383-386
Marc SCHAEFER
schaefer at alphanet.ch
Mon Feb 12 13:27:24 CET 2007
AVM FRITZ!BOX VOIP REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22130
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22130
Summary:
FRITZ!Box is prone to a remote denial-of-service vulnerability.
A remote attacker can exploit this issue to crash the VoIP-telephony
service, effectively denying service to legitimate users.
[ firmware ]
ACME THTTPD INSECURE TEMPORARY LOGFILE CREATION VULNERABILITY
BugTraq ID: 20891
Last Updated: 2007-01-15
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20891
Summary:
The 'thttpd' program creates temporary log files in an
insecure manner.
An attacker with local access could potentially exploit this issue
to overwrite files in the context of the webserver process.
A successful exploit would most likely result in loss of data or a
denial of service if critical files are overwritten in the attack.
Other attacks may be possible as well.
Versions prior to 2.23 beta 1 are vulnerable.
APACHE MOD_REWRITE OFF-BY-ONE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19204
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19204
Summary:
Apache mod_rewrite is prone to an off-by-one buffer-overflow
condition.
The vulnerability arising in the mod_rewrite module's ldap scheme
handling allows for potential memory corruption when an attacker
exploits certain rewrite rules.
An attacker may exploit this issue to trigger a denial-of-
service condition. Reportedly, arbitrary code execution may be
possible as well.
ASTERISK CHAN_SKINNY REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20617
Last Updated: 2007-01-15
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20617
Summary:
Asterisk is prone to a remote heap-based buffer-overflow
vulnerability because the application fails to properly bounds-check
user-supplied data before copying it to an insufficiently sized
memory buffer.
Exploiting this vulnerability allows remote attackers to execute
arbitrary machine code in the context of the affected application.
Failed exploit attempts will likely crash the server, denying
further service to legitimate users.
AVAHI COMPRESSED DNS DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21881
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21881
Summary:
Avahi is prone to a denial-of-service vulnerability.
A remote attacker may exploit this issue to cause the application to
crash, denying further service to legitimate users.
Versions prior to 0.6.16 are vulnerable to this issue.
[ implémentation libre du protocole Rendez-Vous d'Apple,
http://avahi.org/ ]
AVAHI UNAUTHORIZED DATA MANIPULATION VULNERABILITY
BugTraq ID: 21016
Last Updated: 2007-01-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21016
Summary:
Avahi is prone to a vulnerability that may allow remote attackers to
manipulate the service.
Avahi versions prior to 0.6.15 are vulnerable.
BZIP2 CHMOD FILE PERMISSION MODIFICATION RACE CONDITION WEAKNESS
BugTraq ID: 12954
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/12954
Summary:
The 'bzip2' utility is reported prone to a security weakness. The
issue is present only when an archive is extracted into a world- or
group-writeable directory. It is reported that bzip2 employs non-
atomic procedures to write a file and later changes the permissions
on the newly extracted file.
A local attacker may leverage this issue to modify file permissions
of target files.
This weakness is reported to affect bzip2 version 1.0.2 and
previous versions.
BLUEZ HIDD BLUETOOTH HID COMMAND INJECTION VULNERABILITY
BugTraq ID: 22076
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22076
Summary:
BlueZ hidd is prone to a device-command-injection vulnerability.
A remote attacker can exploit this issue to gain control of mouse
and keyboard HIDs (human interface device). This will allow the
attacker to interact with the targeted computer in the context of
the currently logged-in user.
Versions prior to 2.25 are vulnerable.
CVSTRAC REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22296
Last Updated: 2007-01-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22296
Summary:
CVSTrac is prone to a remote denial-of-service vulnerability because
it fails to propely sanitize input.
Successfully exploiting this issue allows remote attackers to
corrupt the application's database, resulting in a denial-of-service
condition, causing further requests from legitimate users to fail.
CENTERICQ IJHOOK.CC REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21932
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21932
Summary:
CenterICQ is prone to a remote buffer-overflow vulnerability because
the application fails to properly bounds-check user-supplied input
before copying it to an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within
the context of the affected application. Failed exploit attempts
will result in a denial of service.
This issue affects versions 4.9.11 up to 4.21.0.
CISCO IOS DATA-LINK SWITCHING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21990
Last Updated: 2007-01-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21990
Summary:
CISCO IOS Data-link Switching (DLSw) is prone to a denial-of-service
vulnerability.
Only network appliances that have the affected service enabled are
vulnerable to this issue. To exploit this issue, attackers must be
able to connect to the affected service.
Attackers can exploit this issue to cause a reload of the affected
service, effectively denying further service to legitimate users.
This issue affects all CISCO routers using Cisco IOS Software
versions 11.0 through 12.4.
This issue is being tracked by the Cisco Bug ID: CSCsf28840
[ firmware ]
CISCO IOS IPV6 SOURCE ROUTING REMOTE MEMORY CORRUPTION VULNERABILITY
BugTraq ID: 22210
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22210
Summary:
Cisco IOS is prone to a remote memory-corruption vulnerability
because the software fails to properly handle malformed IPv6 source-
routing headers.
Successfully exploiting this issue allows remote attackers to
corrupt the memory of affected devices. This may potentially
facilitate the execution of attacker-supplied machine code. Failed
exploit attempts will likely crash IOS-based devices.
This issue is being tracked by Cisco Bug IDs CSCsd40334 and
CSCsd58381.
[ firmware ]
CISCO IOS TCP LISTENER DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22208
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22208
Summary:
CISCO IOS is prone to a denial-of-service vulnerability.
This issue affects only devices running the Internet Protocol
version 4 (IPv4).
Attackers can exploit this issue to cause memory leaks, potentially
causing memory exhaustion over time. This will result in denial-of-
service conditions.
This issue affects all CISCO routers using CISCO IOS Software
versions 9 through 12.4.
This issue is being tracked by the CISCO Bug ID: CSCek37177.
[ firmware ]
CISCO MULTIPLE DEVICES CRAFTED IP OPTION MULTIPLE REMOTE CODE
EXECUTION VULNERABILITY
BugTraq ID: 22211
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22211
Summary:
Multiple Cisco switches and routers running Cisco IOS and Cisco IOS
XR are prone to multiple remote code-execution vulnerabilities.
These issues occur because the devices fail to handle specially
crafted network packets.
An attacker can exploit these issues to execute arbitrary code
within the context of the affected device. Failed exploit attempts
will result in a denial of service.
These issues affect only devices that are configured to handle
Internet Protocol version 4 (IPv4) packets. These issues do not
affect devices that are configured to handle only Internet Protocol
version 6 (IPV6) packets.
These issues are being tracked by Cisco Bug IDs CSCeh52410 and
CSCec71950.
[ firmware ]
CISCO SECURE ACCESS CONTROL SERVER MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 21900
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21900
Summary:
Cisco Secure Access Control Server (ACS) is prone to multiple remote
vulnerabilities, including multiple stack-based buffer-overflow
issues and denial-of-service issues.
An attacker can exploit these issues to execute arbitrary code
within the context of the affected server or to crash the affected
server, denying service to legitimate users.
Versions prior to 4.1 are vulnerable to these issues.
[ firmware ]
CISCO UNIFIED CONTACT CENTER AND IP CONTACT CENTER JTAPI GATEWAY
DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21988
Last Updated: 2007-01-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21988
Summary:
Cisco Unified Contact Center and IP Contact Center are prone to a
vulnerability that can cause the applications to restart and
subsequently cause temporary denial-of-service conditions.
An attacker can exploit this issue to cause the vulnerable JTapi
Gateway service to restart. Since the restart process can take
several minutes, no new connections will be processed during
that time, which effectively means a denial of service for
legitimate users.
[ firmware ]
CLAM ANTI-VIRUS ATTACHMENT WRAPPING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21609
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21609
Summary:
ClamAV is prone to a denial-of-service vulnerability because it
fails to handle specific multipart attachments.
A successful exploit of this issue will cause the application to
crash, resulting in a denial-of-service condition.
This issue affects ClamAV 0.88.6 and earlier versions.
CLAM ANTI-VIRUS CHM UNPACKER DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20537
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20537
Summary:
ClamAV is prone to a denial-of-service vulnerability because of an
unspecified failure in the CHM unpacker.
Exploitation could cause the application to crash, resulting in a
denial of service.
CLAM ANTI-VIRUS CLAMAV UPX COMPRESSED PE FILE HEAP BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 19381
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19381
Summary:
ClamAV is prone to a heap buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied data before copying it
to an insufficiently sized memory buffer.
This issue occurs when the application attempts to handle compressed
UPX files.
Exploiting this issue could allow attacker-supplied machine code to
execute in the context of the affected application. The issue would
occur when the malformed file is scanned manually or automatically
in deployments such as email gateways.
ClamAV versions 0.88.2 and 0.88.3 are vulnerable to this issue;
prior versions may also be affected.
CLAM ANTI-VIRUS MIME ATTACHMENTS DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21510
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21510
Summary:
ClamAV is prone to a denial-of-service vulnerability because it
fails to handle specific MIME attachments.
A successful exploit of this issue will cause the application to
crash, resulting in a denial-of-service condition.
ClamAV versions prior to 0.88.4-2 are vulnerable; other versions may
also be affected.
CLAM ANTI-VIRUS PE REBUILDING HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20535
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20535
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied data before
copying it to an insufficiently sized memory buffer.
Exploiting this issue could allow attacker-supplied machine code to
execute in the context of the affected application. The issue would
occur when the malformed file is scanned manually or automatically
in deployments such as email gateways.
ClamAV version 0.88.4 is vulnerable to this issue.
D-BUS SIGNALS.C LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21571
Last Updated: 2007-01-25
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21571
Summary:
D-Bus is prone to a local denial-of-service vulnerability.
Exploiting this issue allows local attackers to disable the ability
of a specific process to receive certain messages, effectively
denying service to legitimate users.
D-Bus versions prior to 1.0.2 are vulnerable to this issue.
DOVECOT IMAP SERVER MAPPED PAGES OFF-BY-ONE BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 21183
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21183
Summary:
Dovecot is prone to an off-by-one buffer-overflow condition due to
an error that results in insufficient memory allocation.
An attacker may exploit this issue to trigger denial-of-service
conditions. Presumably, arbitrary code execution may be
possible as well.
Versions 1.0test53 to 1.0.rc14 are vulnerable.
[ serveur IMAP et autres avancé http://www.dovecot.org/ ]
FETCHMAIL MULTIPLE PASSWORD INFORMATION DISCLOSURE VULNERABILITIES
BugTraq ID: 21903
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21903
Summary:
Fetchmail is prone to multiple information-disclosure
vulnerabilities because the application discloses information about
user passwords.
An attacker can exploit these issue to access sensitive information
that may aid the attacker in other attacks.
These issues affect versions prior to 6.3.6-rc4
FETCHMAIL REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21902
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21902
Summary:
Fetchmail is prone to a denial-of-service vulnerability because the
application fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected
application, denying service to legitimate users.
FILEZILLA MULTIPLE REMOTE FORMAT STRING VULNERABILITIES
BugTraq ID: 22063
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22063
Summary:
FileZilla is prone to multiple remote format-string vulnerabilities
because the application fails to properly sanitize user-supplied
input before using it in the format-specifier argument to a formatted-
printing function.
Exploiting these issues allows remote attackers to execute arbitrary
machine code in the context of the affected application. Failed
exploit attempts will likely crash the application.
FileZilla 3 versions prior to beta 5 are vulnerable to these issues.
FILEZILLA OPTIONS AND QUEUECTRL MODULES MULTIPLE UNSPECIFIED BUFFER
OVERFLOW VULNERABILITIES
BugTraq ID: 22057
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22057
Summary:
FileZilla is prone to multiple unspecified buffer-overflow
vulnerabilities because it fails to perform adequate boundary checks
on user-supplied data.
An attacker an exploit these issues to have arbitrary code run in
the context of the application. Failed attempts could crash the
applicaiton and deny service to legitimate users.
Versions prior to 2.2.30a are vulnerable.
FREETYPE LWFN FILES BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18034
Last Updated: 2007-01-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18034
Summary:
FreeType is prone to a buffer-overflow vulnerability. This issue is
due to an integer-overflow that results in a buffer being overrun
with attacker-supplied data.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications that use the affected library. Failed
exploit attempts will likely crash applications, denying service to
legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
FREETYPE TTF FILE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18326
Last Updated: 2007-01-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18326
Summary:
FreeType is prone to a buffer-overflow vulnerability. This issue is
due to an integer-underflow that results in a buffer being overrun
with attacker-supplied data.
This issue allows remote attackers to execute arbitrary machine code
in the context of applications that use the affected library. Failed
exploit attempts will likely crash applications, denying service to
legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
FREETYPE TTF FILE REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18329
Last Updated: 2007-01-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18329
Summary:
FreeType is prone to a denial-of-service vulnerability. This issue
is due to a flaw in the library that causes a NULL-pointer
dereference.
This issue allows remote attackers to crash applications that use
the affected library, denying service to legitimate users.
FreeType versions prior to 2.2.1 are vulnerable to this issue.
GD GRAPHICS LIBRARY JIS-ENCODED FONT BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22289
Last Updated: 2007-01-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22289
Summary:
The GD graphics library is prone to a buffer-overflow vulnerability.
An attacker can exploit this issue to cause denial-of-service
conditions in applications implementing the affected library.
Arbitrary code execution may also be possible; this has not been
confirmed.
GD GRAPHICS LIBRARY REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18294
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18294
Summary:
The GD Graphics Library is prone to a denial-of-service
vulnerability. Attackers can trigger an infinite-loop condition when
the library tries to handle malformed image files.
This issue allows attackers to consume excessive CPU resources on
computers that use the affected software. This may deny service to
legitimate users.
GD version 2.0.33 is vulnerable to this issue; other versions may
also be affected.
GD GRAPHICS LIBRARY REMOTE INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 11523
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11523
Summary:
The GD Graphics Library (gdlib) is affected by an integer overflow
that facilitates a heap overflow. This issue is due to the library's
failure to do proper sanity checking on size values contained within
image-format files.
An attacker may leverage this issue to manipulate process heap
memory, potentially leading to code execution and compromise of the
computer running the affected library.
GNOME DISPLAY MANAGER GDMCHOOSER LOCAL FORMAT STRING VULNERABILITY
BugTraq ID: 21597
Last Updated: 2007-01-25
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21597
Summary:
GNOME Display Manager (GDM) is prone to a local format-string
vulnerability because it fails to properly sanitize user-supplied
input before including it in the format-specifier argument of a formatted-
printing function.
A local attacker may exploit this issue to execute arbitrary machine
code in the context of the affected application.
GNU GV STACK BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20978
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20978
Summary:
GNU gv is prone to a stack-based buffer-overflow vulnerability
because the application fails to properly bounds-check user-supplied
data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine
code in the context of users running the affected application.
Failed attempts will likely crash the application, resulting in denial-of-
service conditions.
Version 3.6.2 is reported vulnerable; other versions may also
be affected.
NOTE: Various other applications may employ embedded GNU gv code and
could also be vulnerable as a result.
GNU GZIP ARCHIVE HANDLING MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20101
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20101
Summary:
The gzip utility is prone to multiple remote buffer-overflow and denial-of-
service vulnerabilities when handling malicious archive files.
Successful exploits may allow a remote attacker to corrupt process
memory by triggering an overflow condition. This may lead to
arbitrary code execution in the context of an affected user and may
facilitate a remote compromise. Attackers may also trigger denial-of-
service conditions by crashing or hanging the application.
Specific information regarding affected versions of gzip is
currently unavailable. This BID will be updated as more information
is released.
GNU SCREEN MULTIPLE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 20727
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20727
Summary:
GNU Screen is prone to multiple denial-of-service vulnerabilities. A
remote attacker may trigger these issues and deny services to
legitimate users.
GNU Screen versions prior to 4.0.3 are affected by these
vulnerabilities.
GNU TAR GNUTYPE_NAMES REMOTE DIRECTORY TRAVERSAL VULNERABILITY
BugTraq ID: 21235
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21235
Summary:
GNU Tar is prone to a vulnerability that may allow an attacker to
place files and overwrite files in arbitrary locations on a
vulnerable computer. These issues present themselves when the
application processes malicious archives.
A successful attack can allow the attacker to place potentially
malicious files and overwrite files on a computer in the context of
the user running the affected application. Successful exploits may
aid in further attacks.
GNU WGET FTP_SYST FUNCTION REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21650
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21650
Summary:
GNU Wget is prone to a remote denial-of-service vulnerability.
Exploiting this issue allows remote attackers to crash the
application, denying further service to legitimate users.
Version 1.10.2 is vulnerable; other versions may also be affected.
GTK2 GDKPIXBUFLOADER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22209
Last Updated: 2007-01-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22209
Summary:
Applications using the gtk2 library may be prone to a denial-of-
service vulnerability because the library fails to handle malformed
image data.
An attacker can exploit this issue to crash applications on a
victim's computer.
GEOIP GEOIPUPDATE.C DIRECTORY TRAVERSAL VULNERABILITY
BugTraq ID: 21959
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21959
Summary:
The 'geoip' application is prone to a directory-traversal
vulnerability because it fails to properly sanitize user-
supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary
files from the vulnerable system in the context of the affected
application. Information obtained may aid in further attacks.
This issue affects versions prior to 1.4.0.
GNUPG MAKE_PRINTABLE_STRING REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21306
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21306
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it
to an insufficiently sized memory buffer.
Exploiting this issue may allow remote attackers to execute
arbitrary machine code in the context of the affected application,
but this has not been confirmed.
GnuPG versions 1.4.5 and 2.0.0 are vulnerable to this issue;
previous versions may also be affected.
GNUPG MULTIPLE POTENTIAL VULNERABILITIES
BugTraq ID: 22064
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22064
Summary:
GnuPG is potentially prone to multiple remote vulnerabilities. These
issues are only 'potential' vulnerabilities, becuase they arise due
to a code audit resulting in patches designed to add bounds checking
and other fixes to the source code. The code audit lacked sufficient
detail to determine if the fixes address actual vulnerabilities.
Reportedly, these issues are due primarily to integer-overflow and
buffer-overflow flaws. Other issues may also be present.
Successfully exploiting the issues may allow an attacker to execute
arbitrary code in the context of the affected application.
The audit was performed on GnuPG version 1.4.6; therefore, if these
issues are actual vulnerabilities they will affect that version.
Other versions may also be affected.
GNUPG OPENPGP PACKET PROCESSING FUNCTION POINTER OVERWRITE
VULNERABILITY
BugTraq ID: 21462
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21462
Summary:
GnuPG is prone to a vulnerability that could permit an attacker to
overwrite a function pointer.
This issue occurs because of a design error when dealing with
OpenPGP packets. Attackers may exploit this issue to execute
arbitrary code.
Successful exploits may result in the remote compromise of computers
using the vulnerable application.
IMLIB2 LIBRARY MULTIPLE ARBITRARY CODE EXECUTION VULNERABILITIES
BugTraq ID: 20903
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20903
Summary:
The imlib2 library is prone to arbitrary code-execution
vulnerabilities.
An attacker can exploit these issues to execute arbitrary machine
code with the privileges of the currently logged-in user.
ISC BIND REMOTE DNSSEC VALIDATION DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22231
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22231
Summary:
ISC BIND is prone to a remote denial-of-service vulnerability
because the application fails to properly handle malformed DNSSEC
validation requests.
Successfully exploiting this issue allows remote attackers to crash
affected DNS servers, denying further service to legitimate users.
ISC BIND REMOTE FETCH CONTEXT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22229
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22229
Summary:
ISC BIND is prone to a remote denial-of-service vulnerability
because the application fails to properly handle unexpected
DNS requests.
Successfully exploiting this issue allows remote attackers to crash
affected DNS servers, denying further service to legitimate users.
IMAGEMAGICK FILE NAME HANDLING REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 12717
Last Updated: 2007-01-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12717
Summary:
ImageMagick is reported prone to a remote format-string
vulnerability.
Reportedly, this issue arises when the application handles malformed
filenames. An attacker can exploit this vulnerability by crafting a
malicious file with a name that contains format specifiers and
sending the file to an unsuspecting user.
Note that there are other attack vectors that may not require user
interaction, since the application can be used with custom printing
systems and web applications.
A successful attack may crash the application or lead to arbitrary
code execution.
All versions of ImageMagick are considered vulnerable at the moment.
IMAGEMAGICK SGI IMAGE FILE REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19507
Last Updated: 2007-01-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19507
Summary:
ImageMagick is prone to a remote heap buffer-overflow vulnerability
because the application fails to properly bounds-check user-supplied
input before copying it to an insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary machine code in the
context of applications that use the ImageMagick library.
ImageMagick versions in the 6.x series, up to version 6.2.8, are
vulnerable to this issue.
IMAGEMAGICK SGI IMAGE FILE UNSPECIFIED REMOTE HEAP BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 21185
Last Updated: 2007-01-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21185
Summary:
ImageMagick is prone to a remote heap-based buffer-overflow
vulnerability because the application fails to properly bounds-check
user-supplied input before copying it to an insufficiently sized
memory buffer.
Exploiting this issue allows attackers to execute arbitrary
machine code in the context of applications that use the
ImageMagick library.
ImageMagick versions in the 6.x series, up to version 6.2.8, are
vulnerable to this issue.
KDE ARTSWRAPPER LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 18429
Last Updated: 2007-01-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18429
Summary:
KDE's artswrapper utility is susceptible to a local privilege-
escalation vulnerability because it fails to properly implement
privilege-dropping functionality when used in conjunction with
Linux 2.6 kernels.
This issue allows local attackers to gain superuser privileges,
facilitating the complete compromise of affected computers.
KOFFICE PPT FILES INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 21354
Last Updated: 2007-01-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21354
Summary:
KOffice is prone to an integer-overflow vulnerability because it
fails to properly validate user-supplied data.
An attacker can exploit this vulnerability to execute arbitrary code
in the context of the application. Failed exploit attempts will
likely cause denial-of-service conditions.
KOffice versions prior to 1.6.1 are affected.
KSIRC IRC CLIENT REMOTE PRIVMSG DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21790
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21790
Summary:
KSirc is prone to a remote denial-of-service vulnerability.
The issue arises when the client handles excessive string data. By
exploiting this issue, a remote attacker may cause an affected
client to crash.
KSirc 1.3.12 is vulnerable to this issue; other versions may also
be affected.
The vendor states this issue cannot be exploited to execute
arbitrary code. Successful exploits will, however, result in denial-of-
service conditions in the client.
L2TPNS HEARTBEAT HANDLING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21443
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21443
Summary:
The l2tpns program is prone to a denial-of-service vulnerability
because it fails to properly handle user-supplied data.
Attackers can exploit this issue to crash the affected application,
effectively denying service to legitimate users. Attackers may be
able to exploit this issue to execute arbitrary code, but this has
not been confirmed.
LIBGSF REMOTE HEAP BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21358
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21358
Summary:
The libgsf library is prone to a remote heap buffer-overflow
vulnerability.
Exploiting this issue may allow attackers to execute arbitrary
machine code within the context of the vulnerable application or to
cause a denial of service.
LIBPNG GRAPHICS LIBRARY PNG_SET_SPLT REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21078
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21078
Summary:
LibPNG is reported prone to a denial-of-service vulnerability. The
library fails to perform proper bounds-checking of user-supplied
input, which leads to an out-of-bounds read error.
Attackers may exploit this vulnerability to crash an application
that relies on the affected library.
LIBSOUP LIBRARY HTTP HEADERS REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22034
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22034
Summary:
The Libsoup library is prone to a denial-of-service vulnerability
because it fails to properly sanitize user-supplied input.
Attackers may exploit this vulnerability to crash an application
that relies on the affected library, resulting in a denial-of-
service condition.
LIBGTOP2 LIBRARY LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22054
Last Updated: 2007-01-16
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22054
Summary:
Libgtop2 library is prone to a local buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied input before
copying into an insufficiently sized memory buffer.
An attacker may exploit this issue by enticing victims into viewing
a maliciously crafted system process with an application that uses
the affected library.
Successful exploits may cause arbitrary code to run with the
privileges of the victim. Failed exploit attempts will likely cause
denial-of-service conditions.
Versions prior to 2.14.6 are reported vulnerable.
LINKS ELINKS SMBCLIENT REMOTE COMMAND EXECUTION VULNERABILITY
BugTraq ID: 21082
Last Updated: 2007-01-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21082
Summary:
Links and ELinks are prone to a remote command-execution
vulnerability because the applications fail to properly process
website data containing smb commands.
An attacker can exploit this issue to execute arbitrary smb
commands on a victim computer. This may help the attacker
compromise the application and the underlying system; other attacks
are also possible.
Links version 1.00pre12 and ELinks version 0.11.1 are reportedly
vulnerable; other versions may also be affected.
NOTE: This vulnerability may be exploited only if 'smbclient' is
installed on a target computer.
LINUX KERNEL 2.4 RTC HANDLING ROUTINES MEMORY DISCLOSURE VULNERABILITY
BugTraq ID: 9154
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/9154
Summary:
The Linux kernel 2.4 tree has been reported prone to a memory-
disclosure vulnerability. The issue is reported to present itself in
kernel realtime clock (RTC) interface procedures and may result in
kernel memory stack data being leaked into userland. The problem
stems from an internal RTC structure that isn't properly initialized
with zeros before being read, potentially returning random contents
of kernel stack memory when this operation occurs. This could expose
sensitive information such as credentials to unprivileged users.
LINUX KERNEL AF_UNIX ARBITRARY KERNEL MEMORY MODIFICATION
VULNERABILITY
BugTraq ID: 11715
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/11715
Summary:
A serialization error is reported to reside in the AF_UNIX address
family. The error creates a race condition that allows local users
to repeatedly increment arbitrary kernel memory locations.
This vulnerability allows local users to modify arbitrary kernel
memory, facilitating privilege escalation; it may possibly allow
code execution in the context of the kernel.
Versions prior to 2.4.28 are reportedly affected by this
vulnerability.
LINUX KERNEL AIO_SETUP_RING LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22193
Last Updated: 2007-01-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22193
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability
because the kernel fails to properly initialize a variable.
Exploiting this issue allows local attackers to cause kernel
crashes, denying service to legitimate users.
LINUX KERNEL ATM SKBUFF DEREFERENCE REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20363
Last Updated: 2007-01-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20363
Summary:
The Linux kernel is prone to a remote denial-of-service
vulnerability.
This issue is triggered when the kernel processes incoming ATM data.
Exploiting this vulnerability may allow remote attackers to crash
the affected kernel, resulting in denial-of-service conditions.
This issue affects only systems that have ATM hardware and are
configured for ATM kernel support.
Kernel versions from 2.6.0 up to and including 2.6.17 are vulnerable
to this issue.
LINUX KERNEL BINFMT_ELF LOADER LOCAL PRIVILEGE ESCALATION
VULNERABILITIES
BugTraq ID: 11646
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/11646
Summary:
Multiple vulnerabilities have been identified in the Linux ELF
binary loader. These issues can allow local attackers to gain
elevated privileges. The source of these issues resides in the
'load_elf_binary' function of the 'binfmt_elf.c' file.
The first issue results from an improper check performed on the
return value of the 'kernel_read()' function. An attacker may gain
control over execution flow of a setuid binary by modifying the
memory layout of a binary.
The second issue results from improper error-handling when the
'mmap()' function fails.
The third vulnerability results from a bad return value when the
program interpreter (linker) is mapped into memory. It is
reported that this issue occurs only in the 2.4.x versions of the
Linux kernel.
The fourth issue presents itself because a user can execute a binary
with a malformed interpreter name string. This issue can lead to a
system crash.
The final issue resides in the 'execve()' code. This issue may allow
an attacker to disclose sensitive data that can potentially be used
to gain elevated privileges.
These issues are currently undergoing further analysis. This BID
will be updated and divided into separate BIDS in the future.
LINUX KERNEL BLUETOOTH CAPI PACKET REMOTE BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 21604
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21604
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability
because the kernel fails to bounds-check user-supplied data before
copying it into an insufficiently sized buffer.
An attacker may exploit this issue to execute arbitrary code with
kernel-level privileges, facilitating the complete compromise of
affected computers. Failed exploit attempts will result in denial-of-
service conditions.
Versions prior to 2.4.33.5 are vulnerable to this issue.
LINUX KERNEL CODA_PIOCTL LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 14967
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14967
Summary:
Linux kernel is prone to a local buffer-overflow vulnerability.
Specifically, the vulnerability affects the 'coda_pioctl()' function
of the 'pioctl.c' file.
A successful attack may result in a denial-of-service condition or
arbitrary code execution with superuser privileges.
This issue may be related to the issues described in BID 12239
(Linux Kernel Multiple Unspecified Vulnerabilities).
LINUX KERNEL DEV_QUEUE_XMIT LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22317
Last Updated: 2007-01-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22317
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
A local attacker can exploit this issue to corrupt data and cause
the kernel to become unresponsive, denying further service to
legitimate users.
LINUX KERNEL DO_COREDUMP SECURITY BYPASS VULNERABILITY
BugTraq ID: 21591
Last Updated: 2007-01-25
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21591
Summary:
Linux Kernel is prone to a vulnerability that can allow local
unauthorized attackers to modify certain files.
Kernel versions prior to 2.6.19.1 are vulnerable.
LINUX KERNEL ELF BINARY LOADING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 12101
Last Updated: 2007-01-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12101
Summary:
The Linux kernel is affected by a denial-of-service vulnerability
that occurs when malformed ELF binaries are loaded.
An attacker may leverage this issue to cause the affected kernel to
crash, denying service to legitimate users.
LINUX KERNEL ELF FILE ENTRY POINT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16925
Last Updated: 2007-01-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16925
Summary:
Linux kernel is prone to a denial-of-service vulnerability when
processing a malformed ELF file. This issue occurs only on Intel
EM64T processors.
Linux kernel versions prior to 2.6.15.5 are affected by this issue.
LINUX KERNEL ELF LOADER MISMATCHED ARCHITECTURE LOCAL DENIAL OF
SERVICE VULNERABILITY
BugTraq ID: 18174
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18174
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a flaw in the ELF object
file loader.
This vulnerability allows local users to cause a kernel panic,
denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.4.25.
LINUX KERNEL FS/BUFFER.C LOCAL INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 21522
Last Updated: 2007-01-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21522
Summary:
The Linux kernel is prone to a local information-disclosure
vulnerability because the kernel fails to properly clear kernel
memory after certain errors.
Successfully exploiting this issue allows local attackers to gain
access to potentially sensitive information contained in kernel
memory, aiding them in further attacks.
Linux kernel versions prior to 2.6.13 are vulnerable to this issue.
LINUX KERNEL FLOATING POINT REGISTER CONTENTS LEAK VULNERABILITY
BugTraq ID: 10687
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/10687
Summary:
The Linux kernel is reported prone to a data-disclosure
vulnerability.
Reportedly, this issue may permit a malicious executable to
access the contents of floating-point registers that belong to
another process.
This vulnerability is reported to affect only ia64 systems.
LINUX KERNEL GET_FDB_ENTRIES BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21353
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21353
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because
it fails to properly bounds-check user-supplied data before copying
it to an insufficiently sized memory buffer.
Attackers may potentially exploit this issue to execute arbitrary
code within the context of the affected kernel, but this has not
been confirmed. Successfully exploiting this issue would cause the
complete compromise of the affected computer.
Little information is currently known about this vulnerability.
Since the affected function is in the network-bridging code, remote
attacks may be possible.
LINUX KERNEL IPV6 SEQFILE HANDLING LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20847
Last Updated: 2007-01-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20847
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the way
seqfiles are handled in the kernel.
This vulnerability allows local users to cause an infinite
loop, resulting in a crash and denying further service to
legitimate users.
This issue affects the Linux kernel 2.6 series up to 2.6.18-stable.
LINUX KERNEL ISO9660 DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20920
Last Updated: 2007-01-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20920
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue affects the code that handles the ISO9660
filesystem.
An attacker can exploit this issue to crash the affected computer,
denying service to legitimate users.
LINUX KERNEL INVALID PROC MEMORY ACCESS LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 18173
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18173
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a flaw in the 'proc' filesystem.
This vulnerability allows local users to cause a kernel panic,
denying further service to legitimate users.
This issue affects Linux kernel versions prior to 2.4.27.
LINUX KERNEL LISTXATTR LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22316
Last Updated: 2007-01-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22316
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
Successful exploits will result in denial-of-service conditions or
potentially privilege escalation.
LINUX KERNEL LOCAL DENIAL OF SERVICE AND MEMORY DISCLOSURE
VULNERABILITIES
BugTraq ID: 11754
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/11754
Summary:
The Linux kernel is reported prone to multiple local vulnerabilities:
- A handcrafted 'a.out' file may be used to trigger a local denial-of-
service condition. A local attacker may exploit this vulnerability
to trigger a system-wide denial of service, potentially resulting
in a kernel panic.
- A memory-disclosure vulnerability reportedly affects only
SMP computers with more than 4GB of memory. A local attacker
may exploit this vulnerability to access random pages of
physical memory.
LINUX KERNEL MIPS PTRACE LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 18176
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18176
Summary:
The Linux kernel is susceptible to a local privilege-escalation
vulnerability. This issue occurs only on MIPS architectures.
This issue allows local attackers to gain superuser privileges,
facilitating the complete compromise of affected computers.
Specific information regarding affected versions is not currently
available; this BID will be updated as further information is
disclosed.
LINUX KERNEL MINCORE USER SPACE ACCESS LOCKING LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21663
Last Updated: 2007-01-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21663
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability due
to a design error.
A local attacker can exploit this issue to cause the kernel to
become unresponsive, denying further service to legitimate users.
Linux Kernel versions prior to 2.4.33.6 are vulnerable.
LINUX KERNEL MULTIPLE DEVICE DRIVER VULNERABILITIES
BugTraq ID: 10566
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/10566
Summary:
The Linux kernel is reported prone to multiple device-driver
issues. These issues were found during a recent audit of the Linux
kernel source.
The following drivers are reportedly affected by these issues:
aironet asus_acpi decnet mpu401 msnd pss
These issues may reportedly allow attackers to access kernel memory
or gain escalated privileges on the affected computer.
LINUX KERNEL MULTIPLE IPV6 PACKET FILTERING BYPASS VULNERABILITIES
BugTraq ID: 20955
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20955
Summary:
The Linux kernel is prone to multiple IPv6 packet-filtering-
bypass vulnerabilities because of insufficient handling of
fragmented packets.
An attacker could exploit these issues to bypass ip6_table filtering
rules. This could result in a false sense of security because
filtering rules set up by system administrators can be bypassed in
order to access services that are otherwise protected.
LINUX KERNEL MULTIPLE LOCAL MOXA SERIAL DRIVER BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 12195
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/12195
Summary:
The MOXA serial driver in the Linux kernel is reported prone to
multiple buffer-overflow vulnerabilities. The driver fails to
perform proper bounds checks before copying user-supplied data to
fixed-size memory buffers.
These vulnerabilities reside in the 'drivers/char/moxa.c' file.
The vulnerable functions perform a 'copy_from_user()' call to copy
user-supplied, user-space data to a fixed-size, static kernel memory
buffer (moxaBuff) of 10240 bytes in length while using the user-
supplied length argument as passed from 'MoxaDriverIoctl()'. This
reportedly results in improperly bounded operations, potentially
causing locally exploitable buffer overflows.
Linux kernels from 2.2 through 2.4 and 2.6 are all reported prone to
these vulnerabilities.
LINUX KERNEL MULTIPLE LOCAL VULNERABILITIES
BugTraq ID: 11956
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/11956
Summary:
The Linux kernel is reported prone to multiple local vulnerabilities. The following individual issues are reported:
- An integer overflow is reported to exist in 'ip_options_get()' of
the 'ip_options.c' kernel source file. This vulnerability is
reported to exist only in the 2.6 kernel tree. Although
unconfirmed, due to its nature this issue presumably may be
further leveraged to execute arbitrary code with ring-0
privileges.
A local attacker may exploit this vulnerability to deny service to
legitimate users. Other attacks are also likely possible.
- A second integer-overflow vulnerability is reported to exist in
the 'vc_resize()' function of the Linux kernel. This vulnerability
is reported to exist in the 2.6 and 2.4 kernel trees. Although
unconfirmed, due to its nature this issue presumably may be
further leveraged to execute arbitrary code with ring-0
privileges.
A local attacker may exploit this vulnerability to deny service to
legitimate users. Other attacks are also likely possible.
- A memory leak is reported to exist in 'ip_options_get()' of the
'ip_options.c' kernel source file. This vulnerability is reported
to exist in the 2.6, and 2.4 kernel tree.
A local attacker may exploit this vulnerability to consume kernel
heap memory resources and in doing so may impact system performance,
ultimately resulting in a denial of service to legitimate users.
LINUX KERNEL MULTIPLE VULNERABILITIES
BugTraq ID: 21523
Last Updated: 2007-01-25
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21523
Summary:
Linux Kernel is prone to multiple vulnerabilities that can allow
local attackers to carry out various attacks, including denial-of-
service attacks.
Kernel 2.6.8 and prior versions are reported affected.
LINUX KERNEL NFS AND EXT3 COMBINATION REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 19396
Last Updated: 2007-01-16
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19396
Summary:
The Linux kernel is susceptible to a remote denial-of-service
vulnerability because the EXT3 filesystem code fails to properly
handle unexpected conditions.
Remote attackers may trigger this issue by sending crafted UDP
datagrams to affected computers that are configured as NFS servers,
causing filesystem errors. Depending on the mount-time options of
affected filesystems, this may result in remounting filesystems as
read-only or cause a kernel panic.
Linux kernel versions 2.6.14.4, 2.6.17.6, and 2.6.17.7 are
vulnerable to this issue; other versions in the 2.6 series are also
likely affected.
LINUX KERNEL NETFILTER DO_ADD_COUNTERS LOCAL RACE CONDITION
VULNERABILITY
BugTraq ID: 18113
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18113
Summary:
The Linux kernel is susceptible to a local race-condition
vulnerability.
This issue allows local attackers to gain access to potentially
sensitive kernel memory, aiding them in further attacks. Failed
exploit attempts may crash the kernel, denying service to
legitimate users.
This issue is exploitable only by local users who have superuser
privileges or have the CAP_NET_ADMIN capability. This issue is
therefore a security concern only if computers run virtualization
software that allows users to have superuser access to guest
operating systems or if the CAP_NET_ADMIN capability is given to
untrusted users.
Linux kernel versions prior to 2.6.16.17 in the 2.6 series are
affected by this issue.
LINUX KERNEL NETWORK BRIDGE INCORRECTLY FORWARDED PACKETS INFORMATION
DISCLOSURE VULNERABILITY
BugTraq ID: 15536
Last Updated: 2007-01-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15536
Summary:
Linux Kernel is susceptible to an information-disclosure
vulnerability in its network-bridging functionality.
This issue allows attackers to poison the bridge-forwarding table,
causing packets to be incorrectly forwarded to the wrong interface.
Information gained from the packets may aid the malicious user in
further attacks.
Kernel versions 2.6.11.11 and prior are vulnerable to this issue.
LINUX KERNEL PPP DRIVER UNSPECIFIED REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 12810
Last Updated: 2007-01-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12810
Summary:
Linux Kernel (Point-to-Point Protocol) PPP Driver is reported prone
to an unspecified remote denial-of-service vulnerability.
A successful attack can cause a denial-of-service condition in the
server and can prevent access to legitimate users.
Linux Kernel 2.6.8 was reported vulnerable. Subsequent versions may
be affected as well.
Due to a lack of details, further information is not available at
the moment. This BID will be updated when more information becomes
available.
LINUX KERNEL PANIC FUNCTION CALL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 10233
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/10233
Summary:
The panic() function call of the Linux kernel has been reported
prone to a buffer-overflow vulnerability.
The vulnerability is reported to present itself when an unbounded
vsprintf() call within panic() copies user-supplied data into a
fixed buffer. Reportedly, a user may be able to overrun the bounds
of the affected buffer and corrupt adjacent memory. Because this
buffer resides in kernel memory space, an attacker may be able to
exploit this issue to corrupt kernel memory, access memory contents,
and -- although unconfirmed -- execute arbitrary code. Some reports,
however, indicate that this vulnerability is not exploitable.
LINUX KERNEL ROBUST_LIST LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21582
Last Updated: 2007-01-25
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21582
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability.
An attacker can exploit this issue to cause the kernel to hang,
denying further service to legitimate users.
LINUX KERNEL S/390 COPY_FROM_USER LOCAL INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 20379
Last Updated: 2007-01-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20379
Summary:
The Linux kernel is prone to a local information-disclosure
vulnerability on the S/390 architecture because the kernel fails
to properly initialize kernel memory before returning it to user-
space programs.
Successfully exploiting this issue allows local attackers to gain
access to potentially sensitive information contained in kernel
memory, aiding them in further attacks.
Linux kernel versions prior to 2.6.19-rc1 on the S/390 architecture
are vulnerable to this issue.
LINUX KERNEL SCM_SEND LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 11921
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/11921
Summary:
Linux kernel is reported prone to a local denial-of-service
vulnerability. This issue presents itself in the SCM logical sub-
layer of the socket API.
An unprivileged application can craft a malformed auxiliary message
and send it to a socket, which results in the kernel invoking
'__scm_send()' in a manner that leads to a crash. This issue can
allow local attackers to cause a denial-of-service condition on a
vulnerable computer. It is not confirmed if this vulnerability can
be leveraged to gain elevated privileges.
LINUX KERNEL SMBFS MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 11695
Last Updated: 2007-01-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11695
Summary:
The Linux kernel is reported prone to multiple remote
vulnerabilities in the SMBFS network filesystem.
These vulnerabilities may lead to the execution of attacker-supplied
machine code, information disclosure of kernel memory, or crashes of
the kernel, denying service to legitimate users.
Versions of the kernel in both the 2.4 and the 2.6 series are
reported prone to various issues.
LINUX KERNEL SYMMETRICAL MULTIPROCESSING PAGE FAULT LOCAL PRIVILEGE
ESCALATION VULNERABILITY
BugTraq ID: 12244
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/12244
Summary:
A local privilege-escalation vulnerability affects the page-fault
handler of the Linux Kernel on symmetric multiprocessor (SMP)
computers. This issue is due to a race-condition error that may
allow an attacker to gain superuser privileges.
A malicious local attacker may exploit this issue to gain superuser
privileges on an affected computer.
LINUX KERNEL USB DRIVER UNINITIALIZED STRUCTURE INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 10892
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/10892
Summary:
Certain Linux Kernel USB drivers are prone to a vulnerability that
may permit a local attacker to access unauthorized contents of
kernel memory. This could reportedly reveal sensitive information to
the attacker.
LINUX KERNEL USB IO_EDGEPORT DRIVER LOCAL INTEGER OVERFLOW
VULNERABILITY
BugTraq ID: 12102
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/12102
Summary:
A local integer-overflow vulnerability affects the Linux kernel's
'io_edgeport' USB driver. This issue is due to the driver's failure
to validate integer bounds.
An attacker may leverage this issue to execute arbitrary
instructions or cause the affected kernel to crash.
LINUX KERNEL UNSPECIFIED LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 10783
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/10783
Summary:
Linux kernel is reported prone to an unspecified local denial-of-
service vulnerability. Reportedly, this issue affects only ia64
systems. A local attacker can exploit this issue by dereferencing a
NULL pointer and causing a kernel panic. Successful exploitation
will lead to a denial-of-service condition in a vulnerable computer.
No further details are available at this time. This issue will be
updated as more information becomes available.
LINUX KERNEL UNSPECIFIED REMOTE VULNERABILITY
BugTraq ID: 21835
Last Updated: 2007-01-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21835
Summary:
The Linux kernel is prone to an unspecified vulnerability.
Versions prior to 2.4.34 are vulnerable to this issue.
LINUX KERNEL UNSPECIFIED SOCKET BUFFER HANDLING REMOTE DENIAL OF
SERVICE VULNERABILITY
BugTraq ID: 19475
Last Updated: 2007-01-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19475
Summary:
The Linux kernel is prone to an unspecified remote denial-of-service
vulnerability.
This issue allows remote attackers to cause kernel panics, denying
service to legitimate users.
No further information is currently available. This BID will be
updated as more information is released.
Specific version information is currently unavailable. Kernel
versions in the 2.6 series are currently considered vulnerable.
LINUX KERNEL UNW_UNWIND_TO_USER LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 13266
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/13266
Summary:
A local denial-of-service vulnerability affects the Linux kernel.
A local attacker may leverage this issue to cause an affected Linux
kernel to panic, effectively denying service to legitimate users.
LINUX KERNEL USER TRIGGERABLE BUG() UNSPECIFIED LOCAL DENIAL OF
SERVICE VULNERABILITY
BugTraq ID: 12261
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/12261
Summary:
Linux Kernel is reported prone to a local denial-of-service
vulnerability.
Reportedly, this issue presents itself when a user creates a large
Virtual Memory Area (VMA) that overlaps with arg pages during the
exec() system call.
Successful exploitation will lead to a denial-of-service condition
in a vulnerable computer.
No further details are available at this time. This issue will be
updated as more information becomes available.
LINUX KERNEL USELIB() LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 12190
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/12190
Summary:
Linux kernel is reported prone to a local privilege-escalation
vulnerability. This issue arises in the 'uselib()' functions of the
Linux binary-format loader as a result of a race condition.
Successful exploitation of this vulnerability can allow a local
attacker to gain elevated privileges on a vulnerable computer.
The ELF and a.out loaders are reportedly affected by this
vulnerability.
LINUX KERNEL DO_FORK() MEMORY LEAKAGE VULNERABILITY
BugTraq ID: 10221
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/10221
Summary:
The Linux kernel is reported prone to a memory-leakage vulnerability
because the software allocates but never frees memory for child
processes.
This issue has been identified in kernel versions 2.4 and 2.6.
LINUX-PAM PAM_UNIX.SO AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 22204
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22204
Summary:
Linux-PAM is prone to an authentication-bypass vulnerability because
it fails to effectively verify user passwords during the
authentication process.
Exploiting this issue could allow an attacker to gain unauthorized
access to an affected computer.
Version 0.99.7.0 is vulnerable.
MADWIFI LINUX KERNEL DEVICE DRIVER MULTIPLE REMOTE BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 21486
Last Updated: 2007-01-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21486
Summary:
The MADWiFi device driver is prone to multiple remote stack-based
buffer-overflow vulnerabilities because the software fails to do
proper bounds-checking of user-supplied data before copying it to an
insufficiently sized memory buffer.
These issues affect only computers with the vulnerable device driver
compiled, installed, and enabled on Linux operating systems. Also,
victims must be running a local application to scan available access
points for the return packets.
A remote attacker may exploit these issues to cause denial-of-
service conditions or to possibly execute arbitrary code in the
context of the affected kernel. Successful exploits can result in a
complete compromise of affected computers.
Versions of the MADWiFi device driver prior to 0.9.2.1 are
vulnerable.
[ indéterminé si cela se trouve dans la partie libre ou non libre du
pilote
]
MIT KERBEROS 5 RPC LIBRARY REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 21970
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21970
Summary:
MIT Kerberos 5 is prone to a remote code-execution vulnerability.
This issue resides in the server-side portion of the Kerberos RPC
library. Currently, the 'kadmind' service is known to be vulnerable,
but other applications that use this library may also be affected.
An attacker can exploit this issue to execute arbitrary code with
administrative privileges, completely compromising affected
computers. Failed exploit attempts will result in a denial of
service. After a Kerberos database computer has been compromised,
attackers may gain unauthorized access to other services that rely
on the Kerberos infrastructure for authentication.
MIT KERBEROS ADMINISTRATION DAEMON FREE POINTERS REMOTE CODE EXECUTION
VULNERABILITY
BugTraq ID: 21975
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21975
Summary:
MIT Kerberos 5 is prone to a remote code-execution vulnerability.
This issue occurs because of memory-management problems in the
abstraction interface of the GSS-API implementation.
An attacker can exploit this issue to execute arbitrary code with
superuser privileges, completely compromising affected computers.
Failed exploit attempts will likely result in a denial-of-service
conditions.
This issue also affects third-party applications using the
affected API.
MONO SYSTEM.CODEDOM.COMPILER CLASS INSECURE TEMPORARY FILE CREATION
VULNERABILITY
BugTraq ID: 20340
Last Updated: 2007-01-15
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20340
Summary:
The Mono 'System.CodeDom.Compiler' class creates temporary files in
an insecure manner.
An attacker with local access could potentially exploit this issue
to perform symlink attacks, overwriting arbitrary files in the
context of the affected application.
Successfully exploiting a symlink attack may allow an attacker to
overwrite or corrupt sensitive files. This may result in a denial of
service; other attacks may also be possible.
Versions 1.0 and 2.0 are vulnerable; other versions may also
be affected.
MONO XSP SOURCE CODE INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 21687
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21687
Summary:
XSP is prone to a source code information-disclosure vulnerability
because it fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary
files from the vulnerable system in the context of the webserver
process. Information obtained may aid in further attacks.
MOZILLA FIREFOX LARGE HISTORY FILE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15773
Last Updated: 2007-01-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15773
Summary:
Mozilla Firefox is reportedly prone to a remote denial-of-service
vulnerability.
This issue presents itself when the browser handles a large entry in
the 'history.dat' file. An attacker may trigger this issue by
enticing a user to visit a malicious website and by supplying
excessive data to be stored in the affected file.
This may cause a denial-of-service condition.
**UPDATE: Proof-of-concept exploit code has been published. The
author of the code attributes the crash to a buffer-overflow
condition. Symantec has not reproduced the alleged flaw.
MOZILLA FIREFOX/SEAMONKEY/THUNDERBIRD MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 21668
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories
specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute
arbitrary code.
Other attacks may also be possible.
MOZILLA SUITE, FIREFOX, SEAMONKEY, AND THUNDERBIRD MULTIPLE REMOTE
VULNERABILITIES
BugTraq ID: 17516
Last Updated: 2007-01-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17516
Summary:
The Mozilla Foundation has released nine security advisories
specifying security vulnerabilities in Mozilla Suite, Firefox,
SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- gain elevated privileges in JavaScript code, potentially allowing
remote machine code execution
- gain access to potentially sensitive information
- bypass security checks
- spoof window contents.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as
the information embargo on the Mozilla Bugzilla entries is lifted
and as further information becomes available. This BID will then
be retired.
These issues are fixed in:
- Mozilla Firefox versions 1.0.8 and 1.5.0.2
- Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
- Mozilla Suite version 1.7.13
- Mozilla SeaMonkey version 1.0.1
MOZILLA THUNDERBIRD MULTIPLE REMOTE INFORMATION DISCLOSURE
VULNERABILITIES
BugTraq ID: 16881
Last Updated: 2007-01-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16881
Summary:
Mozilla Thunderbird is susceptible to multiple remote information-
disclosure vulnerabilities. These issues are due to the
application's failure to properly enforce the restriction for
downloading remote content in email messages.
These issues allow remote attackers to gain access to potentially
sensitive information, aiding them in further attacks. Attackers
may also exploit these issues to know whether and when users read
email messages.
Mozilla Thunderbird version 1.5 is vulnerable to these issues; other
versions may also be affected.
MULTIPLE CISCO SWITCHES VLAN TRUNKING PROTOCOL PACKET HANDLING DENIAL
OF SERVICE VULNERABILITY
BugTraq ID: 22268
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22268
Summary:
Multiple Cisco switches are prone to a denial-of-service
vulnerability.
An attacker can exploit this issue to cause affected devices to
restart, effectively denying service to legitimate users.
This issue may be related to the issues described in BID 19998
(Cisco IOS Multiple VLAN Trunking Protocol Vulnerabilities).
[ firmware ]
MULTIPLE MOZILLA PRODUCTS IFRAME JAVASCRIPT EXECUTION VULNERABILITY
BugTraq ID: 16770
Last Updated: 2007-01-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16770
Summary:
Multiple Mozilla products are prone to a script-execution
vulnerability.
The vulnerability presents itself when an attacker supplies a
specially crafted email to a user containing malicious script code
in an IFRAME and the user tries to reply to the mail. Arbitrary
JavaScript can be executed even if the user has disabled JavaScript
execution in the client.
The following mozilla products are vulnerable to this issue:
- Mozilla Thunderbird, versions prior to 1.5.0.2, and prior to 1.0.8
- Mozilla SeaMonkey, versions prior to 1.0.1
- Mozilla Suite, versions prior to 1.7.13
MULTIPLE MOZILLA PRODUCTS MEMORY CORRUPTION/CODE INJECTION/ACCESS
RESTRICTION BYPASS VULNERABILITIES
BugTraq ID: 16476
Last Updated: 2007-01-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16476
Summary:
Multiple Mozilla products are prone to multiple vulnerabilities.
These issues include various memory-corruption, code-injection, and
access-restriction-bypass vulnerabilities. Other undisclosed issues
may have also been addressed in the various updated vendor
applications.
Successful exploitation of these issues may permit an attacker to
execute arbitrary code in the context of the affected application.
This may facilitate a compromise of the affected computer; other
attacks are also possible.
MULTIPLE PDF READERS MULTIPLE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21910
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21910
Summary:
Multiple PDF readers are prone to multiple remote buffer-overflow
vulnerabilities because the applications fail to bounds-check user-
supplied data before copying it into an insufficiently sized buffer.
An attacker may be able exploit this issue to execute arbitrary code
within the context of the affected application. In some
circumstances, the vulnerability can be exploited only to cause a
denial of service.
MULTIPLE SECURITY PRODUCTS MIME ENCODING CONTENT FILTER BYPASS
WEAKNESS
BugTraq ID: 21461
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21461
Summary:
Various security products are prone to a filter-bypass weakness. These products include:
- BitDefender Mail Protection for SMB 2.0
- ClamAV 0.88.6
- F-prot AntiVirum for Linux x86 Mail Servers 4.6.6
- Kaspersky Anti-Virus for Linux Mail Server 5.5.10
Other applications and versions may also be affected.
This issue occurs because the application fails to handle malformed
input that may allow an attacker to bypass the file-filtering
mechanism.
MULTIPLE VOIP PHONES AREDFOX PA168 CHIPSET SESSION HIJACKING
VULNERABILITY
BugTraq ID: 22191
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22191
Summary:
Multiple VoIP phones using the Aredfox PA168 Chipset are prone to a
session-hijacking vulnerability due to a design error.
An attacker can exploit this issue to gain administrative access to
the embedded webserver running on the affected device. This may
allow attackers to completely compromise affected devices.
VoIP phones using the Aredfox PA168 chipset with SIP Firmware V1.42
and 1.54 are vulnerable.
[ firmware ]
MULTIPLE X.ORG PRODUCTS SETUID LOCAL PRIVILEGE ESCALATION
VULNERABILITY
BugTraq ID: 19742
Last Updated: 2007-01-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/19742
Summary:
Multiple X.org products are prone to a local privilege-escalation
vulnerability.
A local attacker can exploit this issue to gain superuser
privileges. A successful exploit would lead to the complete
compromise of the affected computer.
MUTT INSECURE TEMPORARY FILE CREATION MULTIPLE VULNERABILITIES
BugTraq ID: 20733
Last Updated: 2007-01-16
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20733
Summary:
Mutt creates temporary files in an insecure manner.
Attackers could exploit these issues to perform symlink attacks to
overwrite arbitrary files using the privileges of the user running
the vulnerable application.
Mutt 1.5.12 and prior versions are vulnerable.
NEON LIBNEON NON-ASCII CHARACTER URI DATA DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 22035
Last Updated: 2007-01-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22035
Summary:
The Neon Library is prone to a remote denial-of-service
vulnerability.
This issue occurs when parsing URI data containing non-ASCII
characters.
An attacker can exploit this vulnerability to crash the library,
effectively denying service to legitimate users.
Versions 0.26 to 0.26.2 are vulnerable; other versions may also
be affected.
NOTE: Only 64-bit systems are affected.
NOMACHINE NX SERVER NXCONFIGURE.SH REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 22308
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22308
Summary:
NX Server is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the server, effectively
denying service to legitimate users.
NX Server versions prior to 2.1.0-18 are vulnerable.
[ indéterminé si cela affecte aussi la version libre ]
OPENLDAP GENTOO GENCERT.SH SCRIPT INSECURE TEMPORARY FILE CREATION
VULNERABILITY
BugTraq ID: 22195
Last Updated: 2007-01-25
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22195
Summary:
OpenLDAP is creates temporary files in an insecure way.
An attacker with local access could potentially exploit this issue
to perform symbolic-link attacks, overwriting arbitrary files in the
context of the affected application.
Successfully exploiting a symlink attack may allow an attacker to
overwrite or corrupt sensitive files. This may result in a denial of
service; other attacks may also be possible.
This issue affects Gentoo ebuild for OpenLDAP.
OPENLDAP SERVER BIND REQUEST DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20939
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20939
Summary:
OpenLDAP server is prone to a denial-of-service vulnerability
because it fails to handle exceptional conditions.
An attacker can exploit this issue to cause a crash in the LDAP
server, effectively denying service to legitimate users.
OPENOFFICE JAVA APPLET SYSTEM ACCESS VULNERABILITY
BugTraq ID: 18737
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18737
Summary:
OpenOffice is prone to a vulnerability that allows attackers to gain
unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows malicious
Java applets to gain read/write privileges to local files on a
vulnerable computer.
OPENOFFICE XML FILE FORMAT BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18739
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18739
Summary:
OpenOffice is prone to a vulnerability that allows attackers to gain
unauthorized access to a vulnerable computer.
The vendor has reported that this vulnerability allows malicious XML
documents to cause a buffer overflow leading to read/write
privileges to local files on a vulnerable computer.
OPENSSH DUPLICATED BLOCK REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20216
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because
it fails to properly handle incoming duplicate blocks.
Remote attackers may exploit this issue to consume excessive CPU
resources, potentially denying service to legitimate users.
This issue occurs only when OpenSSH is configured to accept SSH
Version One traffic.
OPENSSL INSECURE PROTOCOL NEGOTIATION WEAKNESS
BugTraq ID: 15071
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15071
Summary:
OpenSSL is susceptible to a remote protocol-negotiation weakness.
This issue is due to the implementation of the
'SSL_OP_MSIE_SSLV2_RSA_PADDING' option to maintain compatibility
with third-party software.
This issue presents itself when two peers try to negotiate the
protocol they wish to communicate with. Attackers who can intercept
and modify the SSL communications may exploit this weakness to force
SSL version 2 to be chosen.
The attacker may then exploit various insecurities in SSL version 2
to gain access to or tamper with the cleartext communications
between the targeted client and server.
Note that the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option is enabled with
the frequently used 'SSL_OP_ALL' option.
SSL peers that are configured to disallow SSL version 2 are not
affected by this issue.
OPENSSL PKCS PADDING RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 19849
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to
forge an RSA signature. The attacker may be able to forge a PKCS #1
v1.5 signature when an RSA key with exponent 3 is used.
An attacker may exploit this issue to sign digital certificates or
RSA keys and take advantage of trust relationships that depend on
these credentials, possibly posing as a trusted party and signing a
certificate or key.
All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are
affected by this vulnerability. Updates are available.
OPENSSL SSL_GET_SHARED_CIPHERS BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20249
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20249
Summary:
OpenSSL is prone to a buffer-overflow vulnerability because the
library fails to properly bounds-check user-supplied input before
copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue may result in the execution of
arbitrary machine code in the context of applications that use the
affected library. Failed exploit attempts may crash applications,
denying service to legitimate users.
OPENSSL SSLV2 NULL POINTER DEREFERENCE CLIENT DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20246
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20246
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
A malicious server could cause a vulnerable client application to
crash, effectively denying service.
PADL SOFTWARE PAM_LDAP PASSWORDPOLICYRESPONSE AUTHENTICATION BYPASS
VULNERABILITY
BugTraq ID: 20880
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20880
Summary:
The pam_ldap module is prone to an authentication-bypass
vulnerability.
An attacker can exploit this issue to bypass authentication. This
occurs in applications using pam_ldap authentication for locked-
out accounts.
PORTABLE OPENSSH GSSAPI REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 20241
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
Portable OpenSSH is prone to a remote code-execution
vulnerability. The issue derives from a race condition in a
vulnerable signal handler.
Reportedly, under specific conditions, it is theoretically possible
to execute code remotely prior to authentication when GSSAPI
authentication is enabled. This has not been confirmed; the chance
of a successful exploit of this nature is considered minimal.
On non-Portable OpenSSH implementations, this same race condition
can be exploited to cause a pre-authentication denial of service.
This issue occurs when OpenSSH and Portable OpenSSH are configured
to accept GSSAPI authentication.
PROFTPD CONTROLS MODULE LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21587
Last Updated: 2007-01-25
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21587
Summary:
ProFTPD is prone to a local stack-based buffer-overflow
vulnerability.
Attackers may exploit this issue to corrupt memory and execute
arbitrary code in the context of the server application, resulting
in a complete compromise of affected computers.
NOTE: ProFTPD is vulnerable only when compiled with 'mod_ctrls'
support and the module is enabled.
PROFTPD MOD_TLS REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21326
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21326
Summary:
ProFTPD is prone to a remote buffer-overflow vulnerability.
Exploiting this issue allows remote attackers to cause a buffer
overflow, to corrupt memory, and to execute arbitrary machine code
in the context of the server application, facilitating the
compromise of affected computers.
ProFTPD 1.3.0a and prior versions are vulnerable to this issue.
PROFTPD SREPLACE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20992
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20992
Summary:
ProFTPD is prone to an remote buffer-overflow vulnerability. This
issue is due to an off-by-one error, allowing attackers to
corrupt memory.
Exploiting this issue allows remote attackers to execute arbitrary
machine code in the context of the server application, facilitating
the compromise of affected computers.
ProFTPD versions prior to 1.3.0a are vulnerable to this issue.
Update: This BID was recently updated to state that
'CommandBufferSize' was affected by a denial-of-service issue, but
according to the vendor, that directive is not vulnerable.
RUBY ON RAILS ROUTING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19454
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19454
Summary:
Ruby on Rails is prone to a vulnerability in its routing
functionality that may result in denial-of-service or data
loss issues.
Attackers may exploit this issue by issuing HTTP GET requests to
predictable URIs to affected webservers.
This issue affects Ruby on Rails versions 1.1.0, 1.1.1, 1.1.2,
1.1.4, and 1.1.5.
SMB4K MULTIPLE VULNERABILITIES
BugTraq ID: 22299
Last Updated: 2007-01-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22299
Summary:
The 'smb4k' is prone to multiple vulnerabilities, including:
- A buffer-overflow vulnerability
- A denial-of-service vulnerability
- An information-disclosure issue
- An insecure-temporary-file-creation issue.
An attacker can exploit this issue to completely compromise affected
computers. This includes executing arbitrary code with superuser
privileges, crashing arbitrary processes, gaining access to
sensitive information, and writing to the 'sudoers' file.
These issues affect version 0.8.0; other versions may also be
vulnerable.
SQL-LEDGER REDIRECT ARBITRARY CODE EXECUTION VULNERABILITY
BugTraq ID: 22295
Last Updated: 2007-01-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22295
Summary:
SQL-Ledger is prone to an arbitrary code-execution vulnerability.
An attacker could exploit this issue to execute arbitrary code in
the context of the affected application. This could lead to the
compromise of a vulnerable system.
SQL-Ledger 2.6 and prior versions are vulnerable.
SAMBA INTERNAL DATA STRUCTURES DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 18927
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18927
Summary:
The smbd daemon is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to consume excessive memory
resources, ultimately crashing the affected application.
This issue affects Samba versions 3.0.1 through 3.0.22 inclusive.
SECURE LOCATE LOCAL INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 21989
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21989
Summary:
Secure Locate is prone to a local information-disclosure
vulnerability because the utility fails to properly interpret
filesystem permissions.
Successfully exploiting this issue allows attackers to gain access
to the names of files located in directories they do not have
permissions to access. Information that attackers harvest may aid
them in further attacks.
Secure Locate 3.1 is vulnerable to this issue; other versions may
also be affected.
SENDMAIL LONG HEADER DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19714
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19714
Summary:
Sendmail is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the Sendmail process,
causing a denial of service.
SNORT BACKTRACKING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21991
Last Updated: 2007-01-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21991
Summary:
Snort is prone to a denial-of-service vulnerability because the
network intrusion detection (NID) system fails to handle specially
crafted network packets.
An attacker can exploit this issue to cause the affected NID system
to consume 100% CPU resources, allowing malicious network traffic to
avoid detection.
This issue affects versions prior to 2.6.1.
SQUID PROXY ACL QUEUE OVERLOAD REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22203
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22203
Summary:
Squid is prone to a remote denial-of-service vulnerability because
the proxy server fails to handle excessive data.
Successfully exploiting this issue allows remote attackers to
crash affected proxy applications, denying further service to
legitimate users.
SQUID PROXY FTP URI REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22079
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22079
Summary:
Squid is prone to a remote denial-of-service vulnerability because
the proxy server fails to handle certain FTP requests.
Successfully exploiting this issue allows remote attackers to
crash affected proxy applications, denying futher service to
legitimate users.
Squid versions from 2.5.STABLE11 to 2.6.STABLE6 are vulnerable to
this issue.
TEXINFO FILE HANDLING BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20959
Last Updated: 2007-01-16
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20959
Summary:
Texinfo is prone to a buffer-overflow vulnerability because the
application fails to properly bounds-check user-supplied input
before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to cause the affected
applications using Texinfo to crash, denying service to legitimate
users. Arbitrary code execution may also be possible, but this has
not been confirmed.
W3M SSL CERTIFICATE FORMAT STRING VULNERABILITY
BugTraq ID: 21735
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21735
Summary:
W3M is prone to a format-string vulnerability. This issue can occur
when the browser processes SSL certificates that include format
specifiers.
A successful exploit could result in the execution of arbitrary code
in the context of the user running the browser.
The vulnerability was reported to affect version 0.5.1; prior
versions could also be affected.
WU-FTPD RESTRICTED-GID UNAUTHORIZED ACCESS VULNERABILITY
BugTraq ID: 9832
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/9832
Summary:
WU-FTPD FTP server is reported prone to an unauthorized-access
vulnerability. The issue is related to the "restricted-gid" feature
supported by WU-FTPD. This feature allows an administrator to
restrict FTP user access to certain directories. The vulnerability
reportedly allows users to bypass those restrictions through
modifying the permissions on their home directory so that they
themselves can no longer access it. Under such circumstances, the
server may grant the user unauthorized access to the root directory.
Further technical details are not known at this time. This record
will be updated as more information becomes available.
This BID is created in response to Two Possibly New WU-FTPD
Vulnerabilities BID 9820, which is being retired.
X.ORG DBE AND RENDER EXTENSIONS MULTIPLE INTEGER OVERFLOW
VULNERABILITIES
BugTraq ID: 21968
Last Updated: 2007-01-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21968
Summary:
X.Org is prone to multiple integer-overflow vulnerabilities.
Attackers can exploit this issue to execute arbitrary code with
superuser privileges. A successful exploit will result in the
complete compromise of affected computers. Failed exploit attempts
will likely result in denial-of-service conditions.
X.ORG X WINDOW SERVER LIBX11 XINPUT FILE DESCRIPTOR LEAK VULNERABILITY
BugTraq ID: 20845
Last Updated: 2007-01-16
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20845
Summary:
X.Org X Window Server libX11 library 'Xinput' module is prone to a
file-descriptor leak due to a design error.
The vulnerability arises because the application fails to close a
file descriptor after file operations. An attacker can exploit this
issue to open files with elevated privileges.
Versions 1.0.2 and 1.0.3 of libX11 are reported affected; other
versions may be affected as well.
X.ORG XDM XSESSION SCRIPT RACE CONDITION VULNERABILITY
BugTraq ID: 20400
Last Updated: 2007-01-29
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20400
Summary:
The X.org XDM XSession script is prone to a race-condition
vulnerability.
Local unprivileged attackers can exploit this issue to gain access
to the primary or alternate 'xdm' error log files. A successful
exploit will result in the unintended disclosure of sensitive
information.
XINE ERRORS.C REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 22002
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22002
Summary:
The 'xine' media player is prone to a remote format-string
vulnerability because the application fails to properly sanitize user-
supplied input before including it in the format-specifier argument
of a formatted-printing function.
Successfully exploiting this issue allows remote attackers to
execute arbitrary machine code in the context of the application and
to compromise affected computers.
The xine-ui branch is vulnerable; other branches may also be
affected.
XINE-LIB RULEMATCHES REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21435
Last Updated: 2007-01-25
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21435
Summary:
The 'xine-lib' library running on Real media is prone to a remote
buffer-overflow vulnerability because the application fails to
properly bounds-check user-supplied data before copying it into an
insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with
the privileges of the currently logged-in user. Failed exploit
attempts will result in a denial of service.
YUKIHIRO MATSUMOTO RUBY CGI MODULE MIME DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20777
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20777
Summary:
Ruby is prone to a remote denial-of-service vulnerability because
the application's CGI module fails to properly handle specific HTTP
requests that contain invalid information.
Successful exploits may allow remote attackers to cause denial-of-
service conditions on computers running the affected Ruby CGI
Module.
YUKIHIRO MATSUMOTO RUBY CGI.RB LIBRARY REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21441
Last Updated: 2007-01-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21441
Summary:
Ruby is prone to a remote denial-of-service vulnerability because
the application's CGI library fails to properly handle specially
crafted HTTP requests.
Successful exploits may allow remote attackers to cause denial-of-
service conditions on computers running the affected Ruby CGI
library.
More information about the gull-annonces
mailing list