[gull-annonces] Résumé SecurityFocus Newsletter #386-387

Marc SCHAEFER schaefer at alphanet.ch
Thu Feb 15 18:43:26 CET 2007


APACHE STATS EXTRACT FUNCTION MULTIPLE INPUT VALIDATION
VULNERABILITIES
BugTraq ID: 22388
Last Updated: 2007-02-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22388
Summary:
  Apache Stats is prone to multiple input-validation vulnerabilities
  because it fails to sufficiently sanitize user-supplied data.

  Exploiting these issue could allow an attacker to compromise the
  application, execute arbitrary code in the context of the
  application, access or modify data, or exploit latent
  vulnerabilities in the underlying database implementation.

  Versions prior to 0.0.3 are vulnerable.

ARUBA MOBILITY CONTROLLER MULTIPLE VULNERABILITIES
BugTraq ID: 22538
Last Updated: 2007-02-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22538
Summary:
  Aruba Mobility Controller is prone to multiple vulnerabilities that
  may lead to authentication bypass, remote code execution, denial-of-
  service conditions.

  Aruba Networks Mobility Controller devices with firmware version 2.0
  or greater are vulnerable.

[ firmware ]

AXIS NETWORK CAMERA AND VIDEO SERVER MULTIPLE VULNERABILITIES
BugTraq ID: 11011
Last Updated: 2007-02-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/11011
Summary:
Multiple vulnerabilities are reported to reside in multiple Axis network video and camera servers:

[ firmware ]

CHICKEN OF THE VNC REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22372
Last Updated: 2007-02-02
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22372
Summary:
  Chicken of the VNC is prone to a remote denial-of-service
  vulnerability because the application fails to properly handle
  malformed server-supplied content.

  Successfully exploiting this issue allows remote attackers to crash
  affected client applications.

  Chicken of the VNC 2.0b4 is vulnerable to this issue; other versions
  may also be affected.

[ Client VNC Mac OS X. GPL. Supporte RendezVous(tm) ]

CISCO IOS SIP PACKET HANDLING REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22330
Last Updated: 2007-02-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22330
Summary:
  CISCO IOS is prone to a denial-of-service vulnerability.

  This issue affects only devices that support voice communications
  but don't have SIP enabled.

  Attackers can exploit this issue to reload a vulnerable device.

  IOS releases subsequent to 12.3(14)T, 12.3(8)YC1, and 12.3(8)YG are
  vulnerable. All 12.4 releases are affected as well.

[ firmware ]

D-BUS SIGNALS.C LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21571
Last Updated: 2007-02-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21571
Summary:
  D-Bus is prone to a local denial-of-service vulnerability.

  Exploiting this issue allows local attackers to disable the ability
  of a specific process to receive certain messages, effectively
  denying service to legitimate users.

  D-Bus versions prior to 1.0.2 are vulnerable to this issue.

[ GNOME ]

FETCHMAIL MULTIPLE PASSWORD INFORMATION DISCLOSURE VULNERABILITIES
BugTraq ID: 21903
Last Updated: 2007-02-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21903
Summary:
  Fetchmail is prone to multiple information-disclosure
  vulnerabilities because the application discloses information about
  user passwords.

  An attacker can exploit these issue to access sensitive information
  that may aid the attacker in other attacks.

  These issues affect versions prior to 6.3.6-rc4

FETCHMAIL REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21902
Last Updated: 2007-02-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21902
Summary:
  Fetchmail is prone to a denial-of-service vulnerability because the
  application fails to handle exceptional conditions.

  An attacker can exploit this issue to crash the affected
  application, denying service to legitimate users.

GD GRAPHICS LIBRARY JIS-ENCODED FONT BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22289
Last Updated: 2007-02-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22289
Summary:
  The GD graphics library is prone to a buffer-overflow vulnerability.

  An attacker can exploit this issue to cause denial-of-service
  conditions in applications implementing the affected library.
  Arbitrary code execution may also be possible; this has not been
  confirmed.

GNU ED INSECURE TEMPORARY FILE CREATION VULNERABILITY
BugTraq ID: 22129
Last Updated: 2007-02-05
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22129
Summary:
  GNU ed creates temporary files in an insecure way.

  An attacker with local access could potentially exploit this issue
  to perform symlink attacks, overwriting arbitrary files in the
  context of the affected application.

  Successfully exploiting a symlink attack may allow an attacker to
  overwrite or corrupt sensitive files. This may result in a denial of
  service; other attacks may also be possible.

  GNU ed 0.3 and prior versions are vulnerable to this issue.

GTK2 GDKPIXBUFLOADER REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22209
Last Updated: 2007-02-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22209
Summary:
  Applications using the gtk2 library may be prone to a denial-of-
  service vulnerability because the library fails to handle malformed
  image data.

  An attacker can exploit this issue to crash applications on a
  victim's computer.

GNUPG MAKE_PRINTABLE_STRING REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21306
Last Updated: 2007-02-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21306
Summary:
  GnuPG is prone to a remote buffer-overflow vulnerability because it
  fails to properly bounds-check user-supplied input before copying it
  to an insufficiently sized memory buffer.

  Exploiting this issue may allow remote attackers to execute
  arbitrary machine code in the context of the affected application,
  but this has not been confirmed.

  GnuPG versions 1.4.5 and 2.0.0 are vulnerable to this issue;
  previous versions may also be affected.

GNUPG OPENPGP PACKET PROCESSING FUNCTION POINTER OVERWRITE
VULNERABILITY
BugTraq ID: 21462
Last Updated: 2007-02-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21462
Summary:
  GnuPG is prone to a vulnerability that could permit an attacker to
  overwrite a function pointer.

  This issue occurs because of a design error when dealing with
  OpenPGP packets. Attackers may exploit this issue to execute
  arbitrary code.

  Successful exploits may result in the remote compromise of computers
  using the vulnerable application.

ISC BIND REMOTE DNSSEC VALIDATION DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22231
Last Updated: 2007-02-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22231
Summary:
  ISC BIND is prone to a remote denial-of-service vulnerability
  because the application fails to properly handle malformed DNSSEC
  validation requests.

  Successfully exploiting this issue allows remote attackers to crash
  affected DNS servers, denying further service to legitimate users.

ISC BIND REMOTE FETCH CONTEXT DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22229
Last Updated: 2007-02-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22229
Summary:
  ISC BIND is prone to a remote denial-of-service vulnerability
  because the application fails to properly handle unexpected
  DNS requests.

  Successfully exploiting this issue allows remote attackers to crash
  affected DNS servers, denying further service to legitimate users.

KDE KONQUEROR KHTML LIBRARY TITLE CROSS SITE SCRIPTING VULNERABILITY
BugTraq ID: 22428
Last Updated: 2007-02-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22428
Summary:
  Konquerer is prone to a cross-site scripting vulnerability because
  the application fails to sufficiently sanitize user-supplied data.

  Exploiting this issue may help the attacker steal cookie-based
  authentication credentials and launch other attacks.

  All versions of KDE up to and including KDE 3.5.6 are vulnerable
  to this issue. Apple Safari web browser is also vulnerable to
  this issue.

LIBSOUP LIBRARY HTTP HEADERS REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22034
Last Updated: 2007-02-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22034
Summary:
  The Libsoup library is prone to a denial-of-service vulnerability
  because it fails to properly sanitize user-supplied input.

  Attackers may exploit this vulnerability to crash an application
  that relies on the affected library, resulting in a denial-of-
  service condition.

LIBGTOP2 LIBRARY LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22054
Last Updated: 2007-02-02
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22054
Summary:
  Libgtop2 library is prone to a local buffer-overflow vulnerability
  because it fails to properly bounds-check user-supplied input before
  copying into an insufficiently sized memory buffer.

  An attacker may exploit this issue by enticing victims into viewing
  a maliciously crafted system process with an application that uses
  the affected library.

  Successful exploits may cause arbitrary code to run with the
  privileges of the victim. Failed exploit attempts will likely cause
  denial-of-service conditions.

  Versions prior to 2.14.6 are reported vulnerable.

LINKS ELINKS SMBCLIENT REMOTE COMMAND EXECUTION VULNERABILITY
BugTraq ID: 21082
Last Updated: 2007-02-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21082
Summary:
  Links and ELinks are prone to a remote command-execution
  vulnerability because the applications fail to properly process
  website data containing smb commands.

  An attacker can exploit this issue to execute arbitrary smb
  commands on a victim computer. This may help the attacker
  compromise the application and the underlying system; other attacks
  are also possible.

  Links version 1.00pre12 and ELinks version 0.11.1 are reportedly
  vulnerable; other versions may also be affected.

  NOTE: This vulnerability may be exploited only if 'smbclient' is
        installed on a target computer.

LINUX KERNEL BLUETOOTH CAPI PACKET REMOTE BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 21604
Last Updated: 2007-02-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21604
Summary:
  The Linux kernel is prone to a remote buffer-overflow vulnerability
  because the kernel fails to bounds-check user-supplied data before
  copying it into an insufficiently sized buffer.

  An attacker may exploit this issue to execute arbitrary code with
  kernel-level privileges, facilitating the complete compromise of
  affected computers. Failed exploit attempts will result in denial-of-
  service conditions.

  Versions prior to 2.4.33.5 are vulnerable to this issue.

LINUX KERNEL ISDN PPP CCP RESET STATE TIMER DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21883
Last Updated: 2007-02-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21883
Summary:
  The Linux kernel is prone to a denial-of-service vulnerability
  because it fails to handle exceptional conditions.

  An attacker can exploit this issue to crash the affected kernel,
  denying service to legitimate users.

LINUX KERNEL ISO9660 DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20920
Last Updated: 2007-02-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20920
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability. This issue affects the code that handles the ISO9660
  filesystem.

  An attacker can exploit this issue to crash the affected computer,
  denying service to legitimate users.

LINUX KERNEL KEY_ALLOC_SERIAL() LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22539
Last Updated: 2007-02-13
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22539
Summary:
  The Linux Kernel is prone to a denial-of-service vulnerability.

  A successful attack can allow local attackers to trigger a crash and
  deny service to legitimate users.

  Kernel versions 2.6.x are vulnerable.

LINUX KERNEL LISTXATTR LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22316
Last Updated: 2007-02-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22316
Summary:
  The Linux Kernel is prone to a denial-of-service vulnerability.

  Successful exploits will result in denial-of-service conditions or
  potentially privilege escalation.

LINUX KERNEL MINCORE USER SPACE ACCESS LOCKING LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21663
Last Updated: 2007-02-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21663
Summary:
  The Linux Kernel is prone to a denial-of-service vulnerability due
  to a design error.

  A local attacker can exploit this issue to cause the kernel to
  become unresponsive, denying further service to legitimate users.

  Linux Kernel versions prior to 2.4.33.6 are vulnerable.

LINUX KERNEL MULTIPLE IPV6 PACKET FILTERING BYPASS VULNERABILITIES
BugTraq ID: 20955
Last Updated: 2007-02-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20955
Summary:
  The Linux kernel is prone to multiple IPv6 packet-filtering-
  bypass vulnerabilities because of insufficient handling of
  fragmented packets.

  An attacker could exploit these issues to bypass ip6_table filtering
  rules. This could result in a false sense of security because
  filtering rules set up by system administrators can be bypassed in
  order to access services that are otherwise protected.

LINUX KERNEL NETFILTER DO_ADD_COUNTERS LOCAL RACE CONDITION
VULNERABILITY
BugTraq ID: 18113
Last Updated: 2007-02-05
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18113
Summary:
  The Linux kernel is susceptible to a local race-condition
  vulnerability.

  This issue allows local attackers to gain access to potentially
  sensitive kernel memory, aiding them in further attacks. Failed
  exploit attempts may crash the kernel, denying service to
  legitimate users.

  This issue is exploitable only by local users who have superuser
  privileges or have the CAP_NET_ADMIN capability. This issue is
  therefore a security concern only if computers run virtualization
  software that allows users to have superuser access to guest
  operating systems or if the CAP_NET_ADMIN capability is given to
  untrusted users.

  Linux kernel versions prior to 2.6.16.17 in the 2.6 series are
  affected by this issue.

LINUX KERNEL NETFILTER DO_REPLACE LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 17178
Last Updated: 2007-02-05
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17178
Summary:
  The Linux kernel is prone to a local buffer-overflow vulnerability
  because the kernel fails to properly bounds-check user-supplied
  input before using it in a memory copy operation.

  Exploiting this issue allows local attackers to overwrite kernel
  memory with arbitrary data, potentially allowing them to execute
  malicious machine code in the context of affected kernels. This
  vulnerability facilitates the complete compromise of affected
  computers.

  This issue is exploitable only by local users who have superuser
  privileges or have the CAP_NET_ADMIN capability. This issue is
  therefore a security concern only if computers run virtualization
  software that allows users to have superuser access to guest
  operating systems or if the CAP_NET_ADMIN capability is given to
  untrusted users.

  Linux kernel versions prior to 2.6.16 in the 2.6 series are affected
  by this issue.

MPG123 HTTP_OPEN() CONNECTION HANDLING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22274
Last Updated: 2007-02-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22274
Summary:
  The 'mpg123' media player is prone to a denial-of-service
  vulnerability when connecting to malicious servers.

  An attacker can exploit this issue to cause the affected application
  to crash, effectively denying service to legitimate users.

MARCH NETWORKS DIGITAL VIDEO RECORDERS UNSPECIFIED DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 22497
Last Updated: 2007-02-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22497
Summary:
  March Networks Digital Video Recorders (DVR) are prone to an
  unspecified denial-of-service vulnerability.

  A successful attack can deny service for legitimate users on the
  affected device.

  Currently, few technical details are available for this issue. This
  BID will be updated as new information is disclosed.

  All March Networks DVR 3000 and 4000 series devices are reported
  vulnerable.

[ firmware ]

MOZILLA BUGZILLA HTML INJECTION AND INFORMATION DISCLOSURE
VULNERABILITIES
BugTraq ID: 22380
Last Updated: 2007-02-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22380
Summary:
  Bugzilla is prone to an information-disclosure and an HTML-injection
  vulnerability because the application fails to properly sanitize user-
  supplied input and to protect sensitive information from
  unauthorized users.

  Attackers may exploit these issues to execute script code in the
  context of the affected site or to obtain sensitive information.
  Arbitrary code execution may allow attackers to steal cookie-based
  authentication credentials or to control how the site is rendered to
  the user. Other attacks are also possible.

  Bugzilla 2.20.1 and above are affected by the HTML-injection
  vulnerability; only the development snapshot version 2.23.3 is
  vulnerable to the information-disclosure issue.

MOZILLA FIREFOX JAVASCRIPT KEY FILTERING VARIANT VULNERABILITY
BugTraq ID: 22524
Last Updated: 2007-02-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22524
Summary:
  Mozilla Firefox is prone to a JavaScript key-filtering
  vulnerability because the browser fails to securely handle
  keystroke input from users.

  Exploiting this issue requires that users manually type the full
  path of files that attackers wish to download. This may require
  substantial typing from targeted users, so attackers will likely use
  keyboard-based games, blogs, or other similar pages to entice users
  to enter the required keyboard input to exploit this issue.

  Mozilla Firefox 1.5.0.9 and 2.0.0.1 are vulnerable to this issue;
  other versions may also be affected. Applications based on the open-
  source Mozilla rendering engine may also be affected.

  This issue is a variant of the one described in BID 18308 (Multiple
  Vendor Web Browser JavaScript Key Filtering Vulnerability).

MOZILLA FIREFOX POPUP BLOCKER CROSS ZONE SECURITY BYPASS WEAKNESS
BugTraq ID: 22396
Last Updated: 2007-02-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22396
Summary:
Mozilla Firefox is prone to a cross-zone security-bypass weakness. This issue allows attackers to open 'file://' URIs from remote websites.

  By exploiting this issue in conjunction with other weaknesses or
  vulnerabilities, attackers may be able to execute arbitrary script
  code with the elevated privileges that are granted to scripts when
  they are executed from local sources.

  Mozilla Firefox 1.5.0.9 is affected by this issue; other versions
  may be affected as well.

MOZILLA FIREFOX, SEAMONKEY, CAMINO, AND THUNDERBIRD MULTIPLE REMOTE
VULNERABILITIES
BugTraq ID: 18228
Last Updated: 2007-02-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18228
Summary:
  The Mozilla Foundation has released thirteen security advisories
  specifying security vulnerabilities in Mozilla Firefox, SeaMonkey,
  Camino, and Thunderbird.

  These vulnerabilities allow attackers to:

  - execute arbitrary machine code in the context of the vulnerable
    application
  - crash affected applications
  - run JavaScript code with elevated privileges, potentially allowing
    the remote execution of machine code
  - gain access to potentially sensitive information.

  Other attacks may also be possible.

  The issues described here will be split into individual BIDs as
  further information becomes available.

  These issues are fixed in:
  - Mozilla Firefox version 1.5.0.4
  - Mozilla Thunderbird version 1.5.0.4
  - Mozilla SeaMonkey version 1.0.2
  - Mozilla Camino 1.0.2

MOZILLA FIREFOX/SEAMONKEY/THUNDERBIRD MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 21668
Last Updated: 2007-02-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
  The Mozilla Foundation has released nine security advisories
  specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

  These vulnerabilities allow attackers to:

  - execute arbitrary code
  - perform cross-site scripting attacks
  - inject arbitrary content
  - gain escalated privileges
  - crash affected applications and potentially execute
    arbitrary code.

  Other attacks may also be possible.

MOZILLA MULTIPLE PRODUCTS REMOTE VULNERABILITIES
BugTraq ID: 19181
Last Updated: 2007-02-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19181
Summary:
  The Mozilla Foundation has released thirteen security advisories
  specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
  Thunderbird.

  These vulnerabilities allow attackers to:

  - execute arbitrary machine code in the context of the vulnerable
    application
  - crash affected applications
  - run arbitrary script code with elevated privileges
  - gain access to potentially sensitive information
  - carry out cross-domain scripting attacks.

  Other attacks may also be possible.

  The issues described here will be split into individual BIDs as more
  information becomes available.

  These issues are fixed in:

  - Mozilla Firefox version 1.5.0.5
  - Mozilla Thunderbird version 1.5.0.5
  - Mozilla SeaMonkey version 1.0.3

MOZILLA SUITE, FIREFOX, SEAMONKEY, AND THUNDERBIRD MULTIPLE REMOTE
VULNERABILITIES
BugTraq ID: 17516
Last Updated: 2007-02-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17516
Summary:
  The Mozilla Foundation has released nine security advisories
  specifying security vulnerabilities in Mozilla Suite, Firefox,
  SeaMonkey, and Thunderbird.

  These vulnerabilities allow attackers to:

  - execute arbitrary machine code in the context of the vulnerable
    application
  - crash affected applications
  - gain elevated privileges in JavaScript code, potentially allowing
    remote machine code execution
  - gain access to potentially sensitive information
  - bypass security checks
  - spoof window contents.

  Other attacks may also be possible.

  The issues described here will be split into individual BIDs as
  the information embargo on the Mozilla Bugzilla entries is lifted
  and as further information becomes available. This BID will then
  be retired.

  These issues are fixed in:
  - Mozilla Firefox versions 1.0.8 and 1.5.0.2
  - Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
  - Mozilla Suite version 1.7.13
  - Mozilla SeaMonkey version 1.0.1

MYSQL AB MYSQL MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 12781
Last Updated: 2007-02-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12781
Summary:
MySQL is reported prone to multiple vulnerabilities that can be exploited by a remote authenticated attacker. The following individual issues are reported: 

  - Insecure temporary file-creation vulnerability. Reports indicate
    that an attacker with 'CREATE TEMPORARY TABLE' privileges on an
    affected installation may leverage this vulnerability to corrupt
    files with the privileges of the MySQL process.

  - Input-validation vulnerability. Remote attackers with INSERT and
    DELETE privileges on the 'mysql' administrative database can
    exploit this. Reports indicate that this issue may be leveraged
    to load and execute a malicious library in the context of the
    MySQL process.

  - Remote arbitrary-code execution vulnerability. Reportedly, the
    vulnerability may be triggered by employing the 'CREATE FUNCTION'
    statement to manipulate functions to control sensitive data
    structures. This issue may be exploited to execute arbitrary code
    in the context of the database process.

  These issues are reported to exist in MySQL versions prior to MySQL
  4.0.24 and 4.1.10a.

NETKIT FTP SERVER CHDIR INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 21000
Last Updated: 2007-02-13
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21000
Summary:
  Netkit FTP Server ('ftpd') is prone to an information-disclosure
  vulnerability due to a design error.

  A local attacker could exploit this issue to bypass access
  restrictions and gain access to the root directory of the FTP
  server. Directory information gained may aid in further attacks.

  Netkit FTP Server 0.17 and prior versions are affected.

POSTGRESQL INFORMATION DISCLOSURE AND DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 22387
Last Updated: 2007-02-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22387
Summary:
  PostgreSQL is prone to information-disclosure and denial-of-service
  vulnerabilities; fixes are available.

  An attacker can exploit these vulnerabilities to cause the backend
  database to crash and reveal sensitive information. This may lead to
  other attacks.

  These issues affect versions 8.0, 8.1, and 8.2. The second issue
  described also affects version 7.3 and 7.4.

ROARING PENGUIN SOFTWARE MIMEDEFANG UNSPECIFIED REMOTE BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 22514
Last Updated: 2007-02-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22514
Summary:
  MIMEDefang is prone to a buffer-overflow vulnerability because the
  application fails to properly bounds-check unspecified user-
  supplied data.

  This issue is reported to affect versions 2.59 and 2.60.

SMB4K MULTIPLE VULNERABILITIES
BugTraq ID: 22299
Last Updated: 2007-02-13
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22299
Summary:
The 'smb4k' is prone to multiple vulnerabilities, including:

  - A buffer-overflow vulnerability
  - A denial-of-service vulnerability
  - An information-disclosure issue
  - An insecure-temporary-file-creation issue.

  An attacker can exploit this issue to completely compromise affected
  computers. This includes executing arbitrary code with superuser
  privileges, crashing arbitrary processes, gaining access to
  sensitive information, and writing to the 'sudoers' file.

  These issues affect version 0.8.0; other versions may also be
  vulnerable.

SQL-LEDGER REDIRECT FUNCTION ARBITRARY CODE EXECUTION VULNERABILITY
BugTraq ID: 22295
Last Updated: 2007-02-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22295
Summary:
  SQL-Ledger is prone to an arbitrary code-execution vulnerability.

  An attacker could exploit this issue to execute arbitrary code in
  the context of the affected application. This could lead to the
  compromise of a vulnerable system.

  SQL-Ledger 2.6 and prior versions are vulnerable.

STLPORT LIBRARY MULTIPLE UNSPECIFIED BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 22423
Last Updated: 2007-02-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22423
Summary:
  The STLport library is prone to multiple unspecified buffer-
  overflow vulnerabilities because the library fails to properly bounds-
  check user-supplied input before copying it to insufficiently sized
  memory buffers.

  Exploiting these issues may allow attackers to execute arbitrary
  machine code in the context of applications that use the library.
  Depending on the nature of the applications using the library, these
  issues may be locally or remotely exploited. Failed exploit attempts
  may crash the affected applications.

  STLport versions prior to 5.0.3 are affected by these issues.

SAMBA DEFERRED CIFS FILE OPEN DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22395
Last Updated: 2007-02-13
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22395
Summary:
  The smbd daemon is prone to a denial-of-service vulnerability.

  An attacker can exploit this issue to consume excessive memory
  resources, ultimately crashing the affected application.

  This issue affects Samba versions 3.0.6 through 3.0.23d, inclusive.

SAMBA NSS HOST LOOKUP WINBIND MULTIPLE REMOTE BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 22410
Last Updated: 2007-02-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22410
Summary:
  Samba is prone to multiple remote buffer-overflow vulnerabilities
  because the application fails to bounds-check user-supplied data
  before copying it into an insufficiently sized buffer.

  An attacker may exploit these issues to execute arbitrary code with
  superuser privileges, completely compromising affected computers.
  Failed exploit attempts will result in a denial of service.

  These issues affects versions 3.0.21 to 3.0.23d.

SAMBA SERVER VFS PLUGIN AFSACL.SO REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 22403
Last Updated: 2007-02-13
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22403
Summary:
  Samba is prone to a remote format-string vulnerability because the
  application fails to properly sanitize user-supplied input before
  including it in the format-specifier argument of a formatted-
  printing function.

  Successfully exploiting this issue allows remote attackers to
  execute arbitrary machine code in the context of users running the
  affected application. This facilitates the remote compromise of
  affected computers.

  Samba versions 3.06 to 3.0.23d are vulnerable.

TWIKI CGI SESSION FILE CODE EXECUTION VULNERABILITY
BugTraq ID: 22378
Last Updated: 2007-02-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22378
Summary:
  TWiki is prone to a code-exeuction vulnerability.

  Exploiting this issue may allow an attacker to compromise the
  application and the underlying system; other attacks are also
  possible.

  Versions 4.0.0 to 4.1.0 and all versions using 'SessionPlugin' are
  vulnerable.

WIRESHARK MULTIPLE PROTOCOL DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 22352
Last Updated: 2007-02-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22352
Summary:
  Wireshark is prone to multiple denial-of-service vulnerabilities.

  Exploiting these issues may permit attackers to cause crashes and
  deny service to legitimate users of the application.

  Wireshark versions prior to 0.99.5 are affected.

[ aka Ethereal ]

YUKIHIRO MATSUMOTO RUBY CGI MODULE MIME DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20777
Last Updated: 2007-02-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20777
Summary:
  Ruby is prone to a remote denial-of-service vulnerability because
  the application's CGI module fails to properly handle specific HTTP
  requests that contain invalid information.

  Successful exploits may allow remote attackers to cause denial-of-
  service conditions on computers running the affected Ruby CGI
  Module.

YUKIHIRO MATSUMOTO RUBY CGI.RB LIBRARY REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21441
Last Updated: 2007-02-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21441
Summary:
  Ruby is prone to a remote denial-of-service vulnerability because
  the application's CGI library fails to properly handle specially
  crafted HTTP requests.

  Successful exploits may allow remote attackers to cause denial-of-
  service conditions on computers running the affected Ruby CGI
  library.



More information about the gull-annonces mailing list