[gull-annonces] Resume SecurityFocus Newsletter #380-382

Marc SCHAEFER schaefer at alphanet.ch
Tue Jan 9 16:40:23 CET 2007


AMATERAS SNS UNSPECIFIED CROSS-SITE SCRIPTING VULNERABILITY
BugTraq ID: 21489
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21489
Summary:
  Amateras SNS is prone to a cross-site scripting vulnerability
  because the application fails to properly sanitize user-
  supplied input.

  An attacker may leverage this issue to have arbitrary script code
  execute in the browser of an unsuspecting user. This may help the
  attacker steal cookie-based authentication credentials and launch
  other attacks.

  Amateras SNS 3.11 and prior versions are vulnerable to this issue.

[ truc en Java, en Japonais, licence Apache ]

APACHE LIBAPREQ2 QUADRATIC BEHAVIOR DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 16710
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16710
Summary:
  Libapreq2 is prone to a vulnerability that may allow attackers to
  trigger a denial-of-service condition.


  Libapreq2 versions prior to 2.0.7 are vulnerable.

APACHE MOD_PYTHON MODULE PUBLISHER HANDLER INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 12519
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12519
Summary:
  The mod_python module publisher handler is prone to a remote information-
  disclosure vulnerability. This issue may allow remote unauthorized
  attackers to gain access to sensitive objects.

  Information obtained through the exploitation of this issue may aid
  attackers in launching further attacks against an affected server.

  All versions of mod_python are considered vulnerable at the moment.

CLAM ANTI-VIRUS MIME ATTACHMENTS DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21510
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21510
Summary:
  ClamAV is prone to a denial-of-service vulnerability because it
  fails to handle specific MIME attachments.

  A successful exploit of this issue will cause the application to
  crash, resulting in a denial-of-service condition.

  ClamAV versions prior to 0.88.4-2 are vulnerable; other versions may
  also be affected.

DIA XFIG FILE IMPORT MULTIPLE REMOTE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 17310
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17310
Summary:
  Dia is affected by multiple remote buffer-overflow vulnerabilities.
  These issues are due to the application's failure to properly bounds-
  check user-supplied input before copying it into insufficiently
  sized memory buffers.

  These issues allow remote attackers to execute arbitrary machine
  code in the context of the user running the affected application to
  open attacker-supplied malicious XFig files.

FFMPEG IMAGE FILE MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 20009
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20009
Summary:
  FFmpeg is prone to multiple remote buffer-overflow vulnerabilities
  because the application using this library fails to properly bounds-
  check user-supplied input before copying it to an insufficiently
  sized memory buffer.

  These issues allow attackers to execute arbitrary machine code
  within the context of the affected application.

  Versions prior to 0.4.9_p20060530 are vulnerable to this issue.

FIREBIRD REMOTE PRE-AUTHENTICATION DATABASE NAME BUFFER OVERRUN
VULNERABILITY
BugTraq ID: 10446
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/10446
Summary:
  Firebird is reported prone to a remote buffer-overrun vulnerability.
  The issue occurs because the application fails to perform sufficient
  boundary checks when the database server is handling database names.

  A remote attacker may exploit this vulnerability, without requiring
  valid authentication credentials, to influence the execution flow of
  the affected Firebird database server. Ultimately, this may lead to
  the execution of attacker-supplied code in the context of the
  affected software.

GDB DWARF MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 19802
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19802
Summary:
  GDB is prone to multiple buffer-overflow vulnerabilities because of
  insufficient bounds-checking when handling DWARF and DWARF2 data.

  Attackers could leverage this issue to run arbitrary code outside of
  a restricted environment; this may lead to privilege escalation.

GNOME EVOLUTION INLINE XML FILE ATTACHMENT BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 16408
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16408
Summary:
  GNOME Evolution email client is prone to a denial-of-service
  vulnerability when processing messages containing inline XML file
  attachments with excessively long strings.

GNOME EVOLUTION MULTIPLE FORMAT STRING VULNERABILITIES
BugTraq ID: 14532
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14532
Summary:
  Evolution is affected by multiple format-string vulnerabilities.

  These issues can allow remote attackers to execute arbitrary code in
  the context of the client.

  Evolution versions 1.5 to 2.3.6.1 are affected.

GNU GV STACK BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20978
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20978
Summary:
  GNU gv is prone to a stack-based buffer-overflow vulnerability
  because the application fails to properly bounds-check user-supplied
  data before copying it into an insufficiently sized memory buffer.

  Exploiting this issue allows attackers to execute arbitrary machine
  code in the context of users running the affected application.
  Failed attempts will likely crash the application, resulting in denial-of-
  service conditions.

  Version 3.6.2 is reported vulnerable; other versions may also
  be affected.

  NOTE: Various other applications may employ embedded GNU gv code and
        could also be vulnerable as a result.

GNU MAILMAN ATTACHMENT SCRUBBER MALFORMED MIME MESSAGE DENIAL OF
SERVICE VULNERABILITY
BugTraq ID: 17311
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17311
Summary:
  GNU Mailman is prone to denial-of-service attacks. This issue
  affects the attachment-scrubber utility.

  The vulnerability could be triggered by mailing-list posts and will
  affect the availability of mailing lists hosted by the application.

  This issue presents itself only when Mailman is used in conjunction
  with Python email version 2.5.

GNU TAR GNUTYPE_NAMES REMOTE DIRECTORY TRAVERSAL VULNERABILITY
BugTraq ID: 21235
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21235
Summary:
  GNU Tar is prone to a vulnerability that may allow an attacker to
  place files and overwrite files in arbitrary locations on a
  vulnerable computer. These issues present themselves when the
  application processes malicious archives.

  A successful attack can allow the attacker to place potentially
  malicious files and overwrite files on a computer in the context of
  the user running the affected application. Successful exploits may
  aid in further attacks.

GNUTLS LIBTASN1 DER DECODING DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 16568
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16568
Summary:
  Libtasn1 is prone to multiple denial-of-service vulnerabilities. A
  remote attacker can send specifically crafted data to trigger these
  flaws, leading to denial-of-service condition.

  These issues have been addressed in Libtasn1 versions 0.2.18;
  earlier versions are vulnerable.

GNUPG MAKE_PRINTABLE_STRING REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21306
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21306
Summary:
  GnuPG is prone to a remote buffer-overflow vulnerability because it
  fails to properly bounds-check user-supplied input before copying it
  to an insufficiently sized memory buffer.

  Exploiting this issue may allow remote attackers to execute
  arbitrary machine code in the context of the affected application,
  but this has not been confirmed.

  GnuPG versions 1.4.5 and 2.0.0 are vulnerable to this issue;
  previous versions may also be affected.

GNUPG OPENPGP PACKET PROCESSING FUNCTION POINTER OVERWRITE
VULNERABILITY
BugTraq ID: 21462
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21462
Summary:
  GnuPG is prone to a vulnerability that could permit an attacker to
  overwrite a function pointer.

  This issue occurs because of a design error when dealing with
  OpenPGP packets. Attackers may exploit this issue to execute
  arbitrary code.

  Successful exploits may result in the remote compromise of computers
  using the vulnerable application.

INFO-ZIP UNZIP FILE NAME BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15968
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15968
Summary:
  Info-ZIP 'unzip' is susceptible to a filename buffer-overflow
  vulnerability. The application fails to properly bounds-check user-
  supplied data before copying it into an insufficiently sized
  memory buffer.

  This issue allows attackers to execute arbitrary machine code in the
  context of users running the affected application.

INTEL NETWORK DRIVERS LOCAL PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 21456
Last Updated: 2006-12-08
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21456
Summary:
  Intel LAN drivers are prone to a local privilege-escalation
  vulnerability because they fail to bounds-check user-supplied data
  before copying it into an insufficiently sized buffer.

  An attacker can trigger this issue to corrupt memory and to execute
  code with kernel-level privileges.

  A successful attack can result in a complete compromise of the
  affected computer due to privilege escalation.

  All PCI, PCI-X, and PCIe Intel network adapter drivers are
  vulnerable.

[ probablement seulement pour les pilotes propriétaires disponibles via
  l'émulation NDIS ]

KDE JPEG KFILE INFO PLUG-IN EXIF LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21384
Last Updated: 2006-12-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21384
Summary:
  The JPEG kfile-info plugin is prone to a denial-of-service
  vulnerability due to a parsing bug.

  An attacker can exploit this issue to crash the application that
  invoked the plugin.

  KDE versions 3.1.0 to 3.5.5 are vulnerable.

  Other applications that use this plugin may also be affected.

KDPICS MULTIPLE INPUT VALIDATION VULNERABILITIES
BugTraq ID: 21515
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21515
Summary:
  KDPics is prone to multiple input-validation vulnerabilities,
  including cross-site scripting and remote file-include issues,
  because the application fails to sanitize user-supplied input.

  A successful exploit may allow unauthorized users to view files, to
  execute arbitrary scripts within the context of the browser, and to
  steal cookie-based authentication credentials. Other attacks are
  also possible.

  KDPics 1.16 and prior versions are vulnerable.

KOFFICE PPT FILES INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 21354
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21354
Summary:
  KOffice is prone to an integer-overflow vulnerability because it
  fails to properly validate user-supplied data.

  An attacker can exploit this vulnerability to execute arbitrary code
  in the context of the application. Failed exploit attempts will
  likely cause denial-of-service conditions.

  KOffice versions prior to 1.6.1 are affected.

L2TPNS HEARTBEAT HANDLING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21443
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21443
Summary:
  The l2tpns program is prone to a denial-of-service vulnerability
  because it fails to properly handle user-supplied data.

  Attackers can exploit this issue to crash the affected application,
  effectively denying service to legitimate users. Attackers may be
  able to exploit this issue to execute arbitrary code, but this has
  not been confirmed.

LIBPNG GRAPHICS LIBRARY CHUNK ERROR PROCESSING BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 18698
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18698
Summary:
  LibPNG is reported prone to a buffer-overflow vulnerability. The
  library fails to perform proper bounds-checking of user-supplied
  input before copying it to an insufficiently sized memory buffer.

  This vulnerability may be exploited to execute attacker-supplied
  code in the context of an application that relies on the
  affected library.

  53.  Messageriescripthp Multiple Input Validation Vulnerabilities
       BugTraq ID: 21513 Remote: Yes Last Updated: 2006-12-12 Relevant
       URL: http://www.securityfocus.com/bid/21513 Summary:
       Messageriescripthp is prone to multiple input-validation
       vulnerabilities, including SQL-injection and cross-site
       scripting issues, because it fails to sufficiently sanitize user-
       supplied data.

  Exploiting these issues could allow an attacker to steal cookie-
  based authentication credentials, compromise the application, access
  or modify data, or exploit latent vulnerabilities in the underlying
  database implementation.

  Messageriescripthp V2.0 is vulnerable to this issue.

LIBPNG GRAPHICS LIBRARY PNG_SET_SPLT REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 21078
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21078
Summary:
  LibPNG is reported prone to a denial-of-service vulnerability. The
  library fails to perform proper bounds-checking of user-supplied
  input, which leads to an out-of-bounds read error.

  Attackers may exploit this vulnerability to crash an application
  that relies on the affected library.

LINKSYS WIP330 PHONECTRL.EXE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21475
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21475
Summary:
  Linksys WIP330 'PhoneCtrl.exe' is prone to a denial-of-service
  vulnerability when the device is full port-range scanning.

  Exploiting this issue allows remote attackers to crash and reboot
  affected devices, denying service to legitimate users.

  Linksys WIP330 firmware version 1.00.06a is affected by this issue;
  other versions may also be affected.

[ firmware? ]

LINUX KERNEL ATM SKBUFF DEREFERENCE REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20363
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20363
Summary:
  The Linux kernel is prone to a remote denial-of-service
  vulnerability.

  This issue is triggered when the kernel processes incoming ATM data.

  Exploiting this vulnerability may allow remote attackers to crash
  the affected kernel, resulting in denial-of-service conditions.

  This issue affects only systems that have ATM hardware and are
  configured for ATM kernel support.

  Kernel versions from 2.6.0 up to and including 2.6.17 are vulnerable
  to this issue.

LINUX KERNEL GET_FDB_ENTRIES BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21353
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21353
Summary:
  The Linux kernel is prone to a buffer-overflow vulnerability because
  it fails to properly bounds-check user-supplied data before copying
  it to an insufficiently sized memory buffer.

  Attackers may potentially exploit this issue to execute arbitrary
  code within the context of the affected kernel, but this has not
  been confirmed. Successfully exploiting this issue would cause the
  complete compromise of the affected computer.

  Little information is currently known about this vulnerability. Due
  to the fact that the affected function is in the network-bridging
  code, remote attacks may be possible.

  Linux kernel versions prior to 2.6.18.4 are vulnerable to this
  issue.

LINUX KERNEL IBMTR.C REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 21490
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21490
Summary:
  The Linux kernel is prone to a remote denial-of-service
  vulnerability.

  This vulnerability resides in the
  'drivers/net/tokenring/ibmtr.c' file.

  Exploiting this vulnerability can allow remote attackers to crash
  the affected kernel, resulting in denial-of-service conditions.
  Attackers may also be able to execute arbitrary code, but this has
  not been confirmed.

  Kernel versions from 2.6.0 up to and including 2.6.19 are vulnerable
  to this issue.

LINUX KERNEL IP ID INFORMATION DISCLOSURE WEAKNESS
BugTraq ID: 17109
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17109
Summary:
  The Linux kernel is prone to a remote information-disclosure
  weakness. This issue is due to an implementation flaw of a zero
  'ip_id' information-disclosure countermeasure.

  This issue allows remote attackers to use affected computers in
  stealth network port and trust scans.

  The Linux kernel 2.6 series, as well as some kernels in the 2.4
  series, are affected by this weakness.

LINUX KERNEL IPV6 SEQFILE HANDLING LOCAL DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20847
Last Updated: 2006-12-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20847
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability. This issue is due to a design error in the way
  seqfiles are handled in the kernel.

  This vulnerability allows local users to cause an infinite
  loop, resulting in a crash and denying further service to
  legitimate users.

  This issue affects the Linux kernel 2.6 series up to 2.6.18-stable.

LINUX KERNEL ITANIUM PERFMONCTL LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20361
Last Updated: 2006-12-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20361
Summary:
  The Linux kernel is prone to a local denial-of-service
  vulnerability.

  An attacker can exploit this issue to crash the kernel, denying
  further service to legitimate users. It is conjectured that this
  issue may also be exploited to gain elevated privileges, but this
  has not been confirmed.

  This issue is exploitable only on the Itanium architecture running
  Linux kernel versions prior to 2.6.18.

LINUX KERNEL MULTIPLE VULNERABILITIES
BugTraq ID: 21523
Last Updated: 2006-12-10
Remote: No
Relevant URL: http://www.securityfocus.com/bid/21523
Summary:
  Linux Kernel is prone to multiple vulnerabilities that can allow
  local attackers to carry out various attacks, including denial-of-
  service attacks.

  Kernel 2.6.8 and prior versions are reported affected.

LINUX KERNEL S/390 COPY_FROM_USER LOCAL INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 20379
Last Updated: 2006-12-12
Remote: No
Relevant URL: http://www.securityfocus.com/bid/20379
Summary:
  The Linux kernel is prone to a local information-disclosure
  vulnerability on the S/390 architecture because the kernel fails
  to properly initialize kernel memory before returning it to user-
  space programs.

  Successfully exploiting this issue allows local attackers to gain
  access to potentially sensitive information contained in kernel
  memory, aiding them in further attacks.

  Linux kernel versions prior to 2.6.19-rc1 on the S/390 architecture
  are vulnerable to this issue.

MADWIFI LINUX KERNEL DEVICE DRIVER MULTIPLE REMOTE BUFFER OVERFLOW
VULNERABILITIES
BugTraq ID: 21486
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21486
Summary:
  The MADWiFi device driver is prone to multiple remote stack-based
  buffer-overflow vulnerabilities because the software fails to do
  proper bounds-checking of user-supplied data before copying it to an
  insufficiently sized memory buffer.

  These issues affect only computers with the vulnerable device driver
  compiled, installed, and enabled on Linux operating systems. Also,
  victims must be running a local application to scan available access
  points for the return packets.

  A remote attacker may exploit these issues to cause denial-of-
  service conditions or to possibly execute arbitrary code in the
  context of the affected kernel. Successful exploits can result in a
  complete compromise of affected computers.

  Versions of the MADWiFi device driver prior to 0.9.2.1 are
  vulnerable.

[ est-ce dans la partie libre ou propriétaire du pilote? ]

MOZILLA CLIENT PRODUCTS MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20957
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20957
Summary:
  The Mozilla Foundation has released two security advisories
  specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
  Thunderbird.

  These vulnerabilities allow attackers to:

  - Crash the applications and potentially execute arbitrary machine
    code in the context of the vulnerable applications.
  - Run arbitrary JavaScript bytecode.

  Other attacks may also be possible.

  The issues described here will be split into individual BIDs as more
  information becomes available.

  These issues are fixed in:

  - Mozilla Firefox version 1.5.0.8
  - Mozilla Thunderbird version 1.5.0.8
  - Mozilla SeaMonkey version 1.0.6

MOZILLA FIREFOX LARGE HISTORY FILE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15773
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15773
Summary:
  Mozilla Firefox is reportedly prone to a remote denial-of-service
  vulnerability.

  This issue presents itself when the browser handles a large entry in
  the 'history.dat' file. An attacker may trigger this issue by
  enticing a user to visit a malicious website and by supplying
  excessive data to be stored in the affected file.

  This may cause a denial-of-service condition.

  **UPDATE: Proof-of-concept exploit code has been published. The
  author of the code attributes the crash to a buffer-overflow
  condition. Symantec has not reproduced the alleged flaw.

MOZILLA MULTIPLE PRODUCTS REMOTE VULNERABILITIES
BugTraq ID: 19181
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19181
Summary:
  The Mozilla Foundation has released thirteen security advisories
  specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
  Thunderbird.

  These vulnerabilities allow attackers to:

  - execute arbitrary machine code in the context of the vulnerable
    application
  - crash affected applications
  - run arbitrary script code with elevated privileges
  - gain access to potentially sensitive information
  - carry out cross-domain scripting attacks.

  Other attacks may also be possible.

  The issues described here will be split into individual BIDs as more
  information becomes available.

  These issues are fixed in:

  - Mozilla Firefox version 1.5.0.5
  - Mozilla Thunderbird version 1.5.0.5
  - Mozilla SeaMonkey version 1.0.3

MOZILLA SUITE, FIREFOX, SEAMONKEY, AND THUNDERBIRD MULTIPLE REMOTE
VULNERABILITIES
BugTraq ID: 17516
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17516
Summary:
  The Mozilla Foundation has released nine security advisories
  specifying security vulnerabilities in Mozilla Suite, Firefox,
  SeaMonkey, and Thunderbird.

  These vulnerabilities allow attackers to:

  - execute arbitrary machine code in the context of the vulnerable
    application
  - crash affected applications
  - gain elevated privileges in JavaScript code, potentially allowing
    remote machine code execution
  - gain access to potentially sensitive information
  - bypass security checks
  - spoof window contents.

  Other attacks may also be possible.

  The issues described here will be split into individual BIDs as
  the information embargo on the Mozilla Bugzilla entries is lifted
  and as further information becomes available. This BID will then
  be retired.

  These issues are fixed in:
  - Mozilla Firefox versions 1.0.8 and 1.5.0.2
  - Mozilla Thunderbird versions 1.0.8 and 1.5.0.2
  - Mozilla Suite version 1.7.13
  - Mozilla SeaMonkey version 1.0.1

MULTIPLE MOZILLA PRODUCTS IFRAME JAVASCRIPT EXECUTION VULNERABILITY
BugTraq ID: 16770
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16770
Summary:
  Multiple Mozilla products are prone to a script-execution
  vulnerability.

  The vulnerability presents itself when an attacker supplies a
  specially crafted email to a user containing malicious script code
  in an IFRAME and the user tries to reply to the mail. Arbitrary
  JavaScript can be executed even if the user has disabled JavaScript
  execution in the client.

  The following mozilla products are vulnerable to this issue:
  - Mozilla Thunderbird, versions prior to 1.5.0.2, and prior to 1.0.8
  - Mozilla SeaMonkey, versions prior to 1.0.1
  - Mozilla Suite, versions prior to 1.7.13

MULTIPLE MOZILLA PRODUCTS MEMORY CORRUPTION/CODE INJECTION/ACCESS
RESTRICTION BYPASS VULNERABILITIES
BugTraq ID: 16476
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16476
Summary:
  Multiple Mozilla products are prone to multiple vulnerabilities.
  These issues include various memory-corruption, code-injection, and
  access-restriction-bypass vulnerabilities. Other undisclosed issues
  may have also been addressed in the various updated vendor
  applications.

  Successful exploitation of these issues may permit an attacker to
  execute arbitrary code in the context of the affected application.
  This may facilitate a compromise of the affected computer; other
  attacks are also possible.

MULTIPLE VENDOR TCP/IP IMPLEMENTATION ICMP REMOTE DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 13124
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13124
Summary:
  Multiple vendor implementations of TCP/IP Internet Control
  Message Protocol (ICMP) are reported prone to several denial-of-
  service attacks.

  ICMP is employed by network nodes to determine certain
  automatic actions to take based on network failures reported by
  an ICMP message.

  Reportedly, the RFC doesn't recommend security checks for ICMP error
  messages. As long as an ICMP message contains a valid source and
  destination IP address and port pair, it will be accepted for an
  associated connection.

  The following individual attacks are reported:

  - A blind connection-reset attack. This attack takes advantage of
    the specification that describes that on receiving a 'hard' ICMP
    error, the corresponding connection should be aborted. The Mitre
    ID CAN-2004-0790 is assigned to this issue.

  A remote attacker may exploit this issue to terminate target TCP
  connections and deny service for legitimate users.

  - An ICMP Source Quench attack. This attack takes advantage of the
    specification that a host must react to receive ICMP Source Quench
    messages by slowing transmission on the associated connection. The
    Mitre ID CAN-2004-0791 is assigned to this issue.

  A remote attacker may exploit this issue to degrade the performance
  of TCP connections and partially deny service for legitimate users.

  - An attack against ICMP PMTUD is reported to affect multiple
    vendors when they are configured to employ PMTUD. By sending a
    suitable forged ICMP message to a target host, an attacker may
    reduce the MTU for a given connection. The Mitre ID CAN-2004-1060
    is assigned to this issue.

  A remote attacker may exploit this issue to degrade the performance
  of TCP connections and partially deny service for legitimate users.

  **Update: Microsoft platforms are also reported prone to these
  issues.

NET-SNMP SNMPD.CONF TOKENS SECURITY RESTRICTION BYPASS VULNERABILITY
BugTraq ID: 21503
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21503
Summary:
  The net-snmp package is prone to a security restriction-bypass
  vulnerability. Successful exploits could allow an attacker to write
  files in unauthorized locations and potentially execute code.

  Exploiting this vulnerability allows an attacker to obtain write
  access to read-only users or SNMP communities.

  This issue is reported to affect version 5.3; other versions may
  also be vulnerable.

OPENMPT MULTIPLE REMOTE CODE EXECUTION VULNERABILITIES
BugTraq ID: 19448
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19448
Summary:
  OpenMPT is prone to multiple remote code-execution vulnerabilities
  because it fails to properly bounds-check user-supplied data before
  copying it to an insufficiently sized memory buffer.

  These issues allow remote attackers to execute arbitrary machine
  code in the context of affected servers. This facilitates the remote
  compromise of affected computers.

  These versions are affected:

  - 1.17.02.43 and earlier
  - SVN versions 157 and earlier.

OPENSSH DUPLICATED BLOCK REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20216
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
  OpenSSH is prone to a remote denial-of-service vulnerability because
  it fails to properly handle incoming duplicate blocks.

  Remote attackers may exploit this issue to consume excessive CPU
  resources, potentially denying service to legitimate users.

  This issue occurs only when OpenSSH is configured to accept SSH
  Version One traffic.

OPENSSH SCP SHELL COMMAND EXECUTION VULNERABILITY
BugTraq ID: 16369
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
  OpenSSH is prone to an SCP shell command-execution vulnerability
  because the application fails to properly sanitize user-supplied
  input before using it in a 'system()' function call.

  This issue allows attackers to execute arbitrary shell commands with
  the privileges of users executing a vulnerable version of SCP.

  This issue reportedly affects version 4.2 of OpenSSH. Other versions
  may also be affected.

OPENSSL INSECURE PROTOCOL NEGOTIATION WEAKNESS
BugTraq ID: 15071
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15071
Summary:
  OpenSSL is susceptible to a remote protocol-negotiation weakness.
  This issue is due to the implementation of the
  'SSL_OP_MSIE_SSLV2_RSA_PADDING' option to maintain compatibility
  with third-party software.

  This issue presents itself when two peers try to negotiate the
  protocol they wish to communicate with. Attackers who can intercept
  and modify the SSL communications may exploit this weakness to force
  SSL version 2 to be chosen.

  The attacker may then exploit various insecurities in SSL version 2
  to gain access to or tamper with the cleartext communications
  between the targeted client and server.

  Note that the 'SSL_OP_MSIE_SSLV2_RSA_PADDING' option is enabled with
  the frequently used 'SSL_OP_ALL' option.

  SSL peers that are configured to disallow SSL version 2 are not
  affected by this issue.

OPENSSL PKCS PADDING RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 19849
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
  OpenSSL is prone to a vulnerability that may allow an attacker to
  forge an RSA signature. The attacker may be able to forge a PKCS #1
  v1.5 signature when an RSA key with exponent 3 is used.

  An attacker may exploit this issue to sign digital certificates or
  RSA keys and take advantage of trust relationships that depend on
  these credentials, possibly posing as a trusted party and signing a
  certificate or key.

  All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are
  affected by this vulnerability. Updates are available.

OPENSSL SSL_GET_SHARED_CIPHERS BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20249
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20249
Summary:
  OpenSSL is prone to a buffer-overflow vulnerability because the
  library fails to properly bounds-check user-supplied input before
  copying it to an insufficiently sized memory buffer.

  Successfully exploiting this issue may result in the execution of
  arbitrary machine code in the context of applications that use the
  affected library. Failed exploit attempts may crash applications,
  denying service to legitimate users.

OPENSSL SSLV2 NULL POINTER DEREFERENCE CLIENT DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 20246
Last Updated: 2006-12-07
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20246
Summary:
  OpenSSL is prone to a denial-of-service vulnerability.

  A malicious server could cause a vulnerable client application to
  crash, effectively denying service.

PORTABLE OPENSSH GSSAPI REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 20241
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
  Portable OpenSSH is prone to a remote code-execution
  vulnerability. The issue derives from a race condition in a
  vulnerable signal handler.

  Reportedly, under specific conditions, it is theoretically possible
  to execute code remotely prior to authentication when GSSAPI
  authentication is enabled. This has not been confirmed; the chance
  of a successful exploit of this nature is considered minimal.

  On non-Portable OpenSSH implementations, this same race condition
  can be exploited to cause a pre-authentication denial of service.

  This issue occurs when OpenSSH and Portable OpenSSH are configured
  to accept GSSAPI authentication.

PROFTPD SREPLACE REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20992
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20992
Summary:
  ProFTPD is prone to an remote buffer-overflow vulnerability. This
  issue is due to an off-by-one error, allowing attackers to
  corrupt memory.

  Exploiting this issue allows remote attackers to execute arbitrary
  machine code in the context of the server application, facilitating
  the compromise of affected computers.

  ProFTPD versions prior to 1.3.0a are vulnerable to this issue.

  Update: This BID was recently updated to state that
  'CommandBufferSize' was affected by a denial-of-service issue, but
  according to the vendor, that directive is not vulnerable.

RUBY ON RAILS ROUTING DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 19454
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19454
Summary:
  Ruby on Rails is prone to a vulnerability in its routing
  functionality that may result in denial-of-service or data
  loss issues.

  Attackers may exploit this issue by issuing HTTP GET requests to
  predictable URIs to affected webservers.

  This issue affects Ruby on Rails versions 1.1.0, 1.1.1, 1.1.2,
  1.1.4, and 1.1.5.

SAMBA MACHINE TRUST ACCOUNT LOCAL INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 17314
Last Updated: 2006-12-07
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17314
Summary:
  Samba is susceptible to a local information-disclosure
  vulnerability. This issue is due to a design error that potentially
  leads to sensitive information being written to log files. This
  occurs when the debugging level has been set to 5 or higher.

  This issue allows local attackers to gain access to the machine
  trust account of affected computers. Attackers may then impersonate
  the affected server in the domain. By impersonating the member
  server, attackers may gain access to further sensitive information,
  including the users and groups in the domain; other information may
  also be available. This may aid attackers in further attacks.

  Samba versions 3.0.21 through to 3.0.21c that use the 'winbindd'
  daemon are susceptible to this issue.

TEXINFO FILE HANDLING BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20959
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20959
Summary:
  Texinfo is prone to a buffer-overflow vulnerability because the
  application fails to properly bounds-check user-supplied input
  before copying it to an insufficiently sized memory buffer.

  Exploiting this issue allows attackers to cause the affected
  applications using Texinfo to crash, denying service to legitimate
  users. Arbitrary code execution may also be possible, but this has
  not been confirmed.

XMPLAY PLAYLIST FILES REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21206
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21206
Summary:
  XMPlay is prone to a remote buffer-overflow vulnerability because
  the application fails to properly bounds-check user-supplied data
  prior to loading malformed playlist files.

  An attacker can exploit this issue to execute arbitrary code within
  the context of the application or trigger a denial-of-service
  condition.

  XMPlay 3.3.0.4 is vulnerable to this issue; other versions may also
  be affected.

XPDF MULTIPLE UNSPECIFIED VULNERABILITIES
BugTraq ID: 16748
Last Updated: 2006-12-08
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16748
Summary:
  The 'xpdf' utility is reportedly prone to multiple unspecified
  security vulnerabilities. The cause and impact of these issues are
  currently unknown.

  All versions of xpdf are considered vulnerable at the moment. This
  BID will update when more information becomes available.

XINE-LIB RULEMATCHES REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21435
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21435
Summary:
  xine-lib library running on real media is prone to a remote buffer-
  overflow vulnerability because the application fails to properly bounds-
  check user-supplied data before copying it into an insufficiently
  sized buffer.

  An attacker can exploit this issue to execute arbitrary code with
  the privileges of the currently logged in user. Failed exploit
  attempts will result in a denial-of-service.

ZOO MISC.C BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 16790
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16790
Summary:
  Zoo is prone to a buffer-overflow vulnerability. This issue is due
  to a failure in the application to do proper bounds checking on user-
  supplied data before using it in a finite-sized buffer.

  An attacker can exploit this issue to execute arbitrary code in the
  context of the victim user running the affected application.

CURL / LIBCURL URL PARSER BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15756
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15756
Summary:
  cURL and libcURL are prone to a buffer-overflow vulnerability.
  This issue is due to a failure in the library to perform proper
  bounds checks on user-supplied data before using it in a finite-
  sized buffer.

  The issues occur when the URL parser function handles an excessively
  long URL string.

  An attacker can exploit this issue to crash the affected
  library, effectively denying service. Arbitrary code execution
  may also be possible, which may facilitate a compromise of the
  underlying system.

WVWARE MULTIPLE INTEGER OVERFLOW VULNERABILITIES
BugTraq ID: 20761
Last Updated: 2006-12-12
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20761
Summary:
  wvWare is prone to multiple integer-overflow vulnerability because
  the library fails to properly bounds-check user-supplied input.

  An attacker can exploit these vulnerabilities to execute arbitrary
  code in the context of the application using the vulnerable library.
  Failed exploit attempts will likely result in denial-of-service
  conditions.

  wvWare 1.2.2 and prior versions are vulnerable.

[ suite du projet wv, pour conversion MS-WORD ]




More information about the gull-annonces mailing list