[gull-annonces] Resume SecurityFocus Newsletter #380-382
Marc SCHAEFER
schaefer at alphanet.ch
Tue Jan 9 16:40:23 CET 2007
AMATERAS SNS UNSPECIFIED CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 21489
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21489
Summary:
Amateras SNS is prone to a cross-site scripting vulnerability
because the application fails to properly sanitize user-
supplied input.
An attacker may leverage this issue to have arbitrary script code
execute in the browser of an unsuspecting user. This may help the
attacker steal cookie-based authentication credentials and launch
other attacks.
Amateras SNS 3.11 and prior versions are vulnerable to this issue.
[ truc en Java, en Japonais, licence Apache ]
APACHE LIBAPREQ2 QUADRATIC BEHAVIOR DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16710
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16710
Summary:
Libapreq2 is prone to a vulnerability that may allow attackers to
trigger a denial-of-service condition.
Libapreq2 versions prior to 2.0.7 are vulnerable.
APACHE MOD_PYTHON MODULE PUBLISHER HANDLER INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 12519
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12519
Summary:
The mod_python module publisher handler is prone to a remote information-
disclosure vulnerability. This issue may allow remote unauthorized
attackers to gain access to sensitive objects.
Information obtained through the exploitation of this issue may aid
attackers in launching further attacks against an affected server.
All versions of mod_python are considered vulnerable at the moment.
CLAM ANTI-VIRUS MIME ATTACHMENTS DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21510
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21510
Summary:
ClamAV is prone to a denial-of-service vulnerability because it
fails to handle specific MIME attachments.
A successful exploit of this issue will cause the application to
crash, resulting in a denial-of-service condition.
ClamAV versions prior to 0.88.4-2 are vulnerable; other versions may
also be affected.
DIA XFIG FILE IMPORT MULTIPLE REMOTE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 17310
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17310
Summary:
Dia is affected by multiple remote buffer-overflow vulnerabilities.
These issues are due to the application's failure to properly bounds-
check user-supplied input before copying it into insufficiently
sized memory buffers.
These issues allow remote attackers to execute arbitrary machine
code in the context of the user running the affected application to
open attacker-supplied malicious XFig files.
FFMPEG IMAGE FILE MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 20009
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20009
Summary:
FFmpeg is prone to multiple remote buffer-overflow vulnerabilities
because the application using this library fails to properly bounds-
check user-supplied input before copying it to an insufficiently
sized memory buffer.
These issues allow attackers to execute arbitrary machine code
within the context of the affected application.
Versions prior to 0.4.9_p20060530 are vulnerable to this issue.
FIREBIRD REMOTE PRE-AUTHENTICATION DATABASE NAME BUFFER OVERRUN
VULNERABILITY
BugTraq ID: 10446
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/10446
Summary:
Firebird is reported prone to a remote buffer-overrun vulnerability.
The issue occurs because the application fails to perform sufficient
boundary checks when the database server is handling database names.
A remote attacker may exploit this vulnerability, without requiring
valid authentication credentials, to influence the execution flow of
the affected Firebird database server. Ultimately, this may lead to
the execution of attacker-supplied code in the context of the
affected software.
GDB DWARF MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 19802
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19802
Summary:
GDB is prone to multiple buffer-overflow vulnerabilities because of
insufficient bounds-checking when handling DWARF and DWARF2 data.
Attackers could leverage this issue to run arbitrary code outside of
a restricted environment; this may lead to privilege escalation.
GNOME EVOLUTION INLINE XML FILE ATTACHMENT BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 16408
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16408
Summary:
GNOME Evolution email client is prone to a denial-of-service
vulnerability when processing messages containing inline XML file
attachments with excessively long strings.
GNOME EVOLUTION MULTIPLE FORMAT STRING VULNERABILITIES
BugTraq ID: 14532
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14532
Summary:
Evolution is affected by multiple format-string vulnerabilities.
These issues can allow remote attackers to execute arbitrary code in
the context of the client.
Evolution versions 1.5 to 2.3.6.1 are affected.
GNU GV STACK BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20978
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20978
Summary:
GNU gv is prone to a stack-based buffer-overflow vulnerability
because the application fails to properly bounds-check user-supplied
data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine
code in the context of users running the affected application.
Failed attempts will likely crash the application, resulting in denial-of-
service conditions.
Version 3.6.2 is reported vulnerable; other versions may also
be affected.
NOTE: Various other applications may employ embedded GNU gv code and
could also be vulnerable as a result.
GNU MAILMAN ATTACHMENT SCRUBBER MALFORMED MIME MESSAGE DENIAL OF
SERVICE VULNERABILITY
BugTraq ID: 17311
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17311
Summary:
GNU Mailman is prone to denial-of-service attacks. This issue
affects the attachment-scrubber utility.
The vulnerability could be triggered by mailing-list posts and will
affect the availability of mailing lists hosted by the application.
This issue presents itself only when Mailman is used in conjunction
with Python email version 2.5.
GNU TAR GNUTYPE_NAMES REMOTE DIRECTORY TRAVERSAL VULNERABILITY
BugTraq ID: 21235
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21235
Summary:
GNU Tar is prone to a vulnerability that may allow an attacker to
place files and overwrite files in arbitrary locations on a
vulnerable computer. These issues present themselves when the
application processes malicious archives.
A successful attack can allow the attacker to place potentially
malicious files and overwrite files on a computer in the context of
the user running the affected application. Successful exploits may
aid in further attacks.
GNUTLS LIBTASN1 DER DECODING DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 16568
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16568
Summary:
Libtasn1 is prone to multiple denial-of-service vulnerabilities. A
remote attacker can send specifically crafted data to trigger these
flaws, leading to denial-of-service condition.
These issues have been addressed in Libtasn1 versions 0.2.18;
earlier versions are vulnerable.
GNUPG MAKE_PRINTABLE_STRING REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21306
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21306
Summary:
GnuPG is prone to a remote buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it
to an insufficiently sized memory buffer.
Exploiting this issue may allow remote attackers to execute
arbitrary machine code in the context of the affected application,
but this has not been confirmed.
GnuPG versions 1.4.5 and 2.0.0 are vulnerable to this issue;
previous versions may also be affected.
GNUPG OPENPGP PACKET PROCESSING FUNCTION POINTER OVERWRITE
VULNERABILITY
BugTraq ID: 21462
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21462
Summary:
GnuPG is prone to a vulnerability that could permit an attacker to
overwrite a function pointer.
This issue occurs because of a design error when dealing with
OpenPGP packets. Attackers may exploit this issue to execute
arbitrary code.
Successful exploits may result in the remote compromise of computers
using the vulnerable application.
INFO-ZIP UNZIP FILE NAME BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15968
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15968
Summary:
Info-ZIP 'unzip' is susceptible to a filename buffer-overflow
vulnerability. The application fails to properly bounds-check user-
supplied data before copying it into an insufficiently sized
memory buffer.
This issue allows attackers to execute arbitrary machine code in the
context of users running the affected application.
INTEL NETWORK DRIVERS LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 21456
Last Updated: 2006-12-08
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21456
Summary:
Intel LAN drivers are prone to a local privilege-escalation
vulnerability because they fail to bounds-check user-supplied data
before copying it into an insufficiently sized buffer.
An attacker can trigger this issue to corrupt memory and to execute
code with kernel-level privileges.
A successful attack can result in a complete compromise of the
affected computer due to privilege escalation.
All PCI, PCI-X, and PCIe Intel network adapter drivers are
vulnerable.
[ probablement seulement pour les pilotes propriétaires disponibles via
l'émulation NDIS ]
KDE JPEG KFILE INFO PLUG-IN EXIF LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21384
Last Updated: 2006-12-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21384
Summary:
The JPEG kfile-info plugin is prone to a denial-of-service
vulnerability due to a parsing bug.
An attacker can exploit this issue to crash the application that
invoked the plugin.
KDE versions 3.1.0 to 3.5.5 are vulnerable.
Other applications that use this plugin may also be affected.
KDPICS MULTIPLE INPUT VALIDATION VULNERABILITIES
BugTraq ID: 21515
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21515
Summary:
KDPics is prone to multiple input-validation vulnerabilities,
including cross-site scripting and remote file-include issues,
because the application fails to sanitize user-supplied input.
A successful exploit may allow unauthorized users to view files, to
execute arbitrary scripts within the context of the browser, and to
steal cookie-based authentication credentials. Other attacks are
also possible.
KDPics 1.16 and prior versions are vulnerable.
KOFFICE PPT FILES INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 21354
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21354
Summary:
KOffice is prone to an integer-overflow vulnerability because it
fails to properly validate user-supplied data.
An attacker can exploit this vulnerability to execute arbitrary code
in the context of the application. Failed exploit attempts will
likely cause denial-of-service conditions.
KOffice versions prior to 1.6.1 are affected.
L2TPNS HEARTBEAT HANDLING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21443
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21443
Summary:
The l2tpns program is prone to a denial-of-service vulnerability
because it fails to properly handle user-supplied data.
Attackers can exploit this issue to crash the affected application,
effectively denying service to legitimate users. Attackers may be
able to exploit this issue to execute arbitrary code, but this has
not been confirmed.
LIBPNG GRAPHICS LIBRARY CHUNK ERROR PROCESSING BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 18698
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18698
Summary:
LibPNG is reported prone to a buffer-overflow vulnerability. The
library fails to perform proper bounds-checking of user-supplied
input before copying it to an insufficiently sized memory buffer.
This vulnerability may be exploited to execute attacker-supplied
code in the context of an application that relies on the
affected library.
53. Messageriescripthp Multiple Input Validation Vulnerabilities
BugTraq ID: 21513 Remote: Yes Last Updated: 2006-12-12 Relevant
URL: http://www.securityfocus.com/bid/21513 Summary:
Messageriescripthp is prone to multiple input-validation
vulnerabilities, including SQL-injection and cross-site
scripting issues, because it fails to sufficiently sanitize user-
supplied data.
Exploiting these issues could allow an attacker to steal cookie-
based authentication credentials, compromise the application, access
or modify data, or exploit latent vulnerabilities in the underlying
database implementation.
Messageriescripthp V2.0 is vulnerable to this issue.
LIBPNG GRAPHICS LIBRARY PNG_SET_SPLT REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21078
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21078
Summary:
LibPNG is reported prone to a denial-of-service vulnerability. The
library fails to perform proper bounds-checking of user-supplied
input, which leads to an out-of-bounds read error.
Attackers may exploit this vulnerability to crash an application
that relies on the affected library.
LINKSYS WIP330 PHONECTRL.EXE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21475
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21475
Summary:
Linksys WIP330 'PhoneCtrl.exe' is prone to a denial-of-service
vulnerability when the device is full port-range scanning.
Exploiting this issue allows remote attackers to crash and reboot
affected devices, denying service to legitimate users.
Linksys WIP330 firmware version 1.00.06a is affected by this issue;
other versions may also be affected.
[ firmware? ]
LINUX KERNEL ATM SKBUFF DEREFERENCE REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20363
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20363
Summary:
The Linux kernel is prone to a remote denial-of-service
vulnerability.
This issue is triggered when the kernel processes incoming ATM data.
Exploiting this vulnerability may allow remote attackers to crash
the affected kernel, resulting in denial-of-service conditions.
This issue affects only systems that have ATM hardware and are
configured for ATM kernel support.
Kernel versions from 2.6.0 up to and including 2.6.17 are vulnerable
to this issue.
LINUX KERNEL GET_FDB_ENTRIES BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21353
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21353
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because
it fails to properly bounds-check user-supplied data before copying
it to an insufficiently sized memory buffer.
Attackers may potentially exploit this issue to execute arbitrary
code within the context of the affected kernel, but this has not
been confirmed. Successfully exploiting this issue would cause the
complete compromise of the affected computer.
Little information is currently known about this vulnerability. Due
to the fact that the affected function is in the network-bridging
code, remote attacks may be possible.
Linux kernel versions prior to 2.6.18.4 are vulnerable to this
issue.
LINUX KERNEL IBMTR.C REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21490
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21490
Summary:
The Linux kernel is prone to a remote denial-of-service
vulnerability.
This vulnerability resides in the
'drivers/net/tokenring/ibmtr.c' file.
Exploiting this vulnerability can allow remote attackers to crash
the affected kernel, resulting in denial-of-service conditions.
Attackers may also be able to execute arbitrary code, but this has
not been confirmed.
Kernel versions from 2.6.0 up to and including 2.6.19 are vulnerable
to this issue.
LINUX KERNEL IP ID INFORMATION DISCLOSURE WEAKNESS
BugTraq ID: 17109
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17109
Summary:
The Linux kernel is prone to a remote information-disclosure
weakness. This issue is due to an implementation flaw of a zero
'ip_id' information-disclosure countermeasure.
This issue allows remote attackers to use affected computers in
stealth network port and trust scans.
The Linux kernel 2.6 series, as well as some kernels in the 2.4
series, are affected by this weakness.
LINUX KERNEL IPV6 SEQFILE HANDLING LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20847
Last Updated: 2006-12-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20847
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability. This issue is due to a design error in the way
seqfiles are handled in the kernel.
This vulnerability allows local users to cause an infinite
loop, resulting in a crash and denying further service to
legitimate users.
This issue affects the Linux kernel 2.6 series up to 2.6.18-stable.
LINUX KERNEL ITANIUM PERFMONCTL LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20361
Last Updated: 2006-12-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20361
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability.
An attacker can exploit this issue to crash the kernel, denying
further service to legitimate users. It is conjectured that this
issue may also be exploited to gain elevated privileges, but this
has not been confirmed.
This issue is exploitable only on the Itanium architecture running
Linux kernel versions prior to 2.6.18.
LINUX KERNEL MULTIPLE VULNERABILITIES
BugTraq ID: 21523
Last Updated: 2006-12-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21523
Summary:
Linux Kernel is prone to multiple vulnerabilities that can allow
local attackers to carry out various attacks, including denial-of-
service attacks.
Kernel 2.6.8 and prior versions are reported affected.
LINUX KERNEL S/390 COPY_FROM_USER LOCAL INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 20379
Last Updated: 2006-12-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20379
Summary:
The Linux kernel is prone to a local information-disclosure
vulnerability on the S/390 architecture because the kernel fails
to properly initialize kernel memory before returning it to user-
space programs.
Successfully exploiting this issue allows local attackers to gain
access to potentially sensitive information contained in kernel
memory, aiding them in further attacks.
Linux kernel versions prior to 2.6.19-rc1 on the S/390 architecture
are vulnerable to this issue.
MADWIFI LINUX KERNEL DEVICE DRIVER MULTIPLE REMOTE BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 21486
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21486
Summary:
The MADWiFi device driver is prone to multiple remote stack-based
buffer-overflow vulnerabilities because the software fails to do
proper bounds-checking of user-supplied data before copying it to an
insufficiently sized memory buffer.
These issues affect only computers with the vulnerable device driver
compiled, installed, and enabled on Linux operating systems. Also,
victims must be running a local application to scan available access
points for the return packets.
A remote attacker may exploit these issues to cause denial-of-
service conditions or to possibly execute arbitrary code in the
context of the affected kernel. Successful exploits can result in a
complete compromise of affected computers.
Versions of the MADWiFi device driver prior to 0.9.2.1 are
vulnerable.
[ est-ce dans la partie libre ou propriétaire du pilote? ]
MOZILLA CLIENT PRODUCTS MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20957
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20957
Summary:
The Mozilla Foundation has released two security advisories
specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
Thunderbird.
These vulnerabilities allow attackers to:
- Crash the applications and potentially execute arbitrary machine
code in the context of the vulnerable applications.
- Run arbitrary JavaScript bytecode.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as more
information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.8
- Mozilla Thunderbird version 1.5.0.8
- Mozilla SeaMonkey version 1.0.6
MOZILLA FIREFOX LARGE HISTORY FILE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15773
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15773
Summary:
Mozilla Firefox is reportedly prone to a remote denial-of-service
vulnerability.
This issue presents itself when the browser handles a large entry in
the 'history.dat' file. An attacker may trigger this issue by
enticing a user to visit a malicious website and by supplying
excessive data to be stored in the affected file.
This may cause a denial-of-service condition.
**UPDATE: Proof-of-concept exploit code has been published. The
author of the code attributes the crash to a buffer-overflow
condition. Symantec has not reproduced the alleged flaw.
MOZILLA MULTIPLE PRODUCTS REMOTE VULNERABILITIES
BugTraq ID: 19181
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19181
Summary:
The Mozilla Foundation has released thirteen security advisories
specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- run arbitrary script code with elevated privileges
- gain access to potentially sensitive information
- carry out cross-domain scripting attacks.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as more
information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.5
- Mozilla Thunderbird version 1.5.0.5
- Mozilla SeaMonkey version 1.0.3
MOZILLA SUITE, FIREFOX, SEAMONKEY, AND THUNDERBIRD MULTIPLE REMOTE
VULNERABILITIES
BugTraq ID: 17516
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17516
Summary:
The Mozilla Foundation has released nine security advisories
specifying security vulnerabilities in Mozilla Suite, Firefox,
SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary machine code in the context of the vulnerable
application
- crash affected applications
- gain elevated privileges in JavaScript code, potentially allowing
remote machine code execution
- gain access to potentially sensitive information
- bypass security checks
- spoof window contents.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as
the information embargo on the Mozilla Bugzilla entries is lifted
and as further information becomes available. This BID will then
be retired.
These issues are fixed in:
- Mozilla Firefox versions 1.0.8 and 1.5.0.2
- Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
- Mozilla Suite version 1.7.13
- Mozilla SeaMonkey version 1.0.1
MULTIPLE MOZILLA PRODUCTS IFRAME JAVASCRIPT EXECUTION VULNERABILITY
BugTraq ID: 16770
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16770
Summary:
Multiple Mozilla products are prone to a script-execution
vulnerability.
The vulnerability presents itself when an attacker supplies a
specially crafted email to a user containing malicious script code
in an IFRAME and the user tries to reply to the mail. Arbitrary
JavaScript can be executed even if the user has disabled JavaScript
execution in the client.
The following mozilla products are vulnerable to this issue:
- Mozilla Thunderbird, versions prior to 1.5.0.2, and prior to 1.0.8
- Mozilla SeaMonkey, versions prior to 1.0.1
- Mozilla Suite, versions prior to 1.7.13
MULTIPLE MOZILLA PRODUCTS MEMORY CORRUPTION/CODE INJECTION/ACCESS
RESTRICTION BYPASS VULNERABILITIES
BugTraq ID: 16476
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16476
Summary:
Multiple Mozilla products are prone to multiple vulnerabilities.
These issues include various memory-corruption, code-injection, and
access-restriction-bypass vulnerabilities. Other undisclosed issues
may have also been addressed in the various updated vendor
applications.
Successful exploitation of these issues may permit an attacker to
execute arbitrary code in the context of the affected application.
This may facilitate a compromise of the affected computer; other
attacks are also possible.
MULTIPLE VENDOR TCP/IP IMPLEMENTATION ICMP REMOTE DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 13124
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13124
Summary:
Multiple vendor implementations of TCP/IP Internet Control
Message Protocol (ICMP) are reported prone to several denial-of-
service attacks.
ICMP is employed by network nodes to determine certain
automatic actions to take based on network failures reported by
an ICMP message.
Reportedly, the RFC doesn't recommend security checks for ICMP error
messages. As long as an ICMP message contains a valid source and
destination IP address and port pair, it will be accepted for an
associated connection.
The following individual attacks are reported:
- A blind connection-reset attack. This attack takes advantage of
the specification that describes that on receiving a 'hard' ICMP
error, the corresponding connection should be aborted. The Mitre
ID CAN-2004-0790 is assigned to this issue.
A remote attacker may exploit this issue to terminate target TCP
connections and deny service for legitimate users.
- An ICMP Source Quench attack. This attack takes advantage of the
specification that a host must react to receive ICMP Source Quench
messages by slowing transmission on the associated connection. The
Mitre ID CAN-2004-0791 is assigned to this issue.
A remote attacker may exploit this issue to degrade the performance
of TCP connections and partially deny service for legitimate users.
- An attack against ICMP PMTUD is reported to affect multiple
vendors when they are configured to employ PMTUD. By sending a
suitable forged ICMP message to a target host, an attacker may
reduce the MTU for a given connection. The Mitre ID CAN-2004-1060
is assigned to this issue.
A remote attacker may exploit this issue to degrade the performance
of TCP connections and partially deny service for legitimate users.
**Update: Microsoft platforms are also reported prone to these
issues.
NET-SNMP SNMPD.CONF TOKENS SECURITY RESTRICTION BYPASS VULNERABILITY
BugTraq ID: 21503
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21503
Summary:
The net-snmp package is prone to a security restriction-bypass
vulnerability. Successful exploits could allow an attacker to write
files in unauthorized locations and potentially execute code.
Exploiting this vulnerability allows an attacker to obtain write
access to read-only users or SNMP communities.
This issue is reported to affect version 5.3; other versions may
also be vulnerable.
OPENMPT MULTIPLE REMOTE CODE EXECUTION VULNERABILITIES
BugTraq ID: 19448
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19448
Summary:
OpenMPT is prone to multiple remote code-execution vulnerabilities
because it fails to properly bounds-check user-supplied data before
copying it to an insufficiently sized memory buffer.
These issues allow remote attackers to execute arbitrary machine
code in the context of affected servers. This facilitates the remote
compromise of affected computers.
These versions are affected:
- 1.17.02.43 and earlier
- SVN versions 157 and earlier.
OPENSSH DUPLICATED BLOCK REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20216
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because
it fails to properly handle incoming duplicate blocks.
Remote attackers may exploit this issue to consume excessive CPU
resources, potentially denying service to legitimate users.
This issue occurs only when OpenSSH is configured to accept SSH
Version One traffic.
OPENSSH SCP SHELL COMMAND EXECUTION VULNERABILITY
BugTraq ID: 16369
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
OpenSSH is prone to an SCP shell command-execution vulnerability
because the application fails to properly sanitize user-supplied
input before using it in a 'system()' function call.
This issue allows attackers to execute arbitrary shell commands with
the privileges of users executing a vulnerable version of SCP.
This issue reportedly affects version 4.2 of OpenSSH. Other versions
may also be affected.
OPENSSL INSECURE PROTOCOL NEGOTIATION WEAKNESS
BugTraq ID: 15071
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15071
Summary:
OpenSSL is susceptible to a remote protocol-negotiation weakness.
This issue is due to the implementation of the
'SSL_OP_MSIE_SSLV2_RSA_PADDING' option to maintain compatibility
with third-party software.
This issue presents itself when two peers try to negotiate the
protocol they wish to communicate with. Attackers who can intercept
and modify the SSL communications may exploit this weakness to force
SSL version 2 to be chosen.
The attacker may then exploit various insecurities in SSL version 2
to gain access to or tamper with the cleartext communications
between the targeted client and server.
Note that the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option is enabled with
the frequently used 'SSL_OP_ALL' option.
SSL peers that are configured to disallow SSL version 2 are not
affected by this issue.
OPENSSL PKCS PADDING RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 19849
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to
forge an RSA signature. The attacker may be able to forge a PKCS #1
v1.5 signature when an RSA key with exponent 3 is used.
An attacker may exploit this issue to sign digital certificates or
RSA keys and take advantage of trust relationships that depend on
these credentials, possibly posing as a trusted party and signing a
certificate or key.
All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are
affected by this vulnerability. Updates are available.
OPENSSL SSL_GET_SHARED_CIPHERS BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20249
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20249
Summary:
OpenSSL is prone to a buffer-overflow vulnerability because the
library fails to properly bounds-check user-supplied input before
copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue may result in the execution of
arbitrary machine code in the context of applications that use the
affected library. Failed exploit attempts may crash applications,
denying service to legitimate users.
OPENSSL SSLV2 NULL POINTER DEREFERENCE CLIENT DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20246
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20246
Summary:
OpenSSL is prone to a denial-of-service vulnerability.
A malicious server could cause a vulnerable client application to
crash, effectively denying service.
PORTABLE OPENSSH GSSAPI REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 20241
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
Portable OpenSSH is prone to a remote code-execution
vulnerability. The issue derives from a race condition in a
vulnerable signal handler.
Reportedly, under specific conditions, it is theoretically possible
to execute code remotely prior to authentication when GSSAPI
authentication is enabled. This has not been confirmed; the chance
of a successful exploit of this nature is considered minimal.
On non-Portable OpenSSH implementations, this same race condition
can be exploited to cause a pre-authentication denial of service.
This issue occurs when OpenSSH and Portable OpenSSH are configured
to accept GSSAPI authentication.
PROFTPD SREPLACE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20992
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20992
Summary:
ProFTPD is prone to an remote buffer-overflow vulnerability. This
issue is due to an off-by-one error, allowing attackers to
corrupt memory.
Exploiting this issue allows remote attackers to execute arbitrary
machine code in the context of the server application, facilitating
the compromise of affected computers.
ProFTPD versions prior to 1.3.0a are vulnerable to this issue.
Update: This BID was recently updated to state that
'CommandBufferSize' was affected by a denial-of-service issue, but
according to the vendor, that directive is not vulnerable.
RUBY ON RAILS ROUTING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19454
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19454
Summary:
Ruby on Rails is prone to a vulnerability in its routing
functionality that may result in denial-of-service or data
loss issues.
Attackers may exploit this issue by issuing HTTP GET requests to
predictable URIs to affected webservers.
This issue affects Ruby on Rails versions 1.1.0, 1.1.1, 1.1.2,
1.1.4, and 1.1.5.
SAMBA MACHINE TRUST ACCOUNT LOCAL INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 17314
Last Updated: 2006-12-07
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17314
Summary:
Samba is susceptible to a local information-disclosure
vulnerability. This issue is due to a design error that potentially
leads to sensitive information being written to log files. This
occurs when the debugging level has been set to 5 or higher.
This issue allows local attackers to gain access to the machine
trust account of affected computers. Attackers may then impersonate
the affected server in the domain. By impersonating the member
server, attackers may gain access to further sensitive information,
including the users and groups in the domain; other information may
also be available. This may aid attackers in further attacks.
Samba versions 3.0.21 through to 3.0.21c that use the 'winbindd'
daemon are susceptible to this issue.
TEXINFO FILE HANDLING BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20959
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20959
Summary:
Texinfo is prone to a buffer-overflow vulnerability because the
application fails to properly bounds-check user-supplied input
before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to cause the affected
applications using Texinfo to crash, denying service to legitimate
users. Arbitrary code execution may also be possible, but this has
not been confirmed.
XMPLAY PLAYLIST FILES REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21206
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21206
Summary:
XMPlay is prone to a remote buffer-overflow vulnerability because
the application fails to properly bounds-check user-supplied data
prior to loading malformed playlist files.
An attacker can exploit this issue to execute arbitrary code within
the context of the application or trigger a denial-of-service
condition.
XMPlay 3.3.0.4 is vulnerable to this issue; other versions may also
be affected.
XPDF MULTIPLE UNSPECIFIED VULNERABILITIES
BugTraq ID: 16748
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16748
Summary:
The 'xpdf' utility is reportedly prone to multiple unspecified
security vulnerabilities. The cause and impact of these issues are
currently unknown.
All versions of xpdf are considered vulnerable at the moment. This
BID will update when more information becomes available.
XINE-LIB RULEMATCHES REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21435
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21435
Summary:
xine-lib library running on real media is prone to a remote buffer-
overflow vulnerability because the application fails to properly bounds-
check user-supplied data before copying it into an insufficiently
sized buffer.
An attacker can exploit this issue to execute arbitrary code with
the privileges of the currently logged in user. Failed exploit
attempts will result in a denial-of-service.
ZOO MISC.C BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 16790
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16790
Summary:
Zoo is prone to a buffer-overflow vulnerability. This issue is due
to a failure in the application to do proper bounds checking on user-
supplied data before using it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary code in the
context of the victim user running the affected application.
CURL / LIBCURL URL PARSER BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15756
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15756
Summary:
cURL and libcURL are prone to a buffer-overflow vulnerability.
This issue is due to a failure in the library to perform proper
bounds checks on user-supplied data before using it in a finite-
sized buffer.
The issues occur when the URL parser function handles an excessively
long URL string.
An attacker can exploit this issue to crash the affected
library, effectively denying service. Arbitrary code execution
may also be possible, which may facilitate a compromise of the
underlying system.
WVWARE MULTIPLE INTEGER OVERFLOW VULNERABILITIES
BugTraq ID: 20761
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20761
Summary:
wvWare is prone to multiple integer-overflow vulnerability because
the library fails to properly bounds-check user-supplied input.
An attacker can exploit these vulnerabilities to execute arbitrary
code in the context of the application using the vulnerable library.
Failed exploit attempts will likely result in denial-of-service
conditions.
wvWare 1.2.2 and prior versions are vulnerable.
[ suite du projet wv, pour conversion MS-WORD ]
More information about the gull-annonces
mailing list