[gull-annonces] Résumé SecurityFocus Newsletter #394-399
Marc SCHAEFER
schaefer at alphanet.ch
Wed Jun 6 18:08:21 CEST 2007
APOP PROTOCOL INSECURE MD5 HASH WEAKNESS
BugTraq ID: 23257
Last Updated: 2007-04-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23257
Summary:
Applications that implement the APOP protocol may be vulnerable to a
password-hash weakness. This issue occurs because the MD5 hash
algorithm fails to properly prevent collisions.
Attackers may exploit this issue in man-in-the-middle attacks to
potentially gain access to the first three characters of passwords.
This will increase the likelihood of successful brute-force attacks
against APOP authentication.
To limit the possibility of successful exploits, applications that
implement the APOP protocol should set up safeguards to ensure that
message IDs are RFC-compliant.
Mozilla Thunderbird, Evolution, mutt, and fetchmail are reportedly
affected by this issue.
AIRCRACK-NG AIRODUMP-NG AUTHENTICATION PACKET BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 23467
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23467
Summary:
Aircrack-ng Airodump-ng is prone to a remote buffer-overflow because
the application fails to bounds-check user-supplied data before
copying it into an insufficiently sized buffer.
Only applications running with '-w or --write' parameters are
vulnerable to this issue.
An attacker could exploit this issue to execute arbitrary code
within the context of the affected application. Failed exploit
attempts will result in a denial of service.
Airodump-ng 0.7 is vulnerable to this issue; other versions may also
be vulnerable.
APACHE HTTP SERVER TOMCAT DIRECTORY TRAVERSAL VULNERABILITY
BugTraq ID: 22960
Last Updated: 2007-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22960
Summary:
Apache HTTP servers running with the Tomcat servlet container are
prone to a directory-traversal vulnerability because it fails to
sufficiently sanitize user-supplied input data.
Exploiting this issue allows attackers to access arbitrary files in
the Tomcat webroot. This can expose sensitive information that could
help the attacker launch further attacks.
Versions in the 5.0 series prior to 5.5.22 and in the 6.0 series
prior to 6.0.10 are vulnerable.
APACHE MOD_REWRITE OFF-BY-ONE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 19204
Last Updated: 2007-04-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19204
Summary:
Apache mod_rewrite is prone to an off-by-one buffer-overflow
condition.
The vulnerability arising in the mod_rewrite module's ldap scheme
handling allows for potential memory corruption when an attacker
exploits certain rewrite rules.
An attacker may exploit this issue to trigger a denial-of-
service condition. Reportedly, arbitrary code execution may be
possible as well.
APPLE AIRPORT EXTREME BASE STATION FIRMWARE INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 23396
Last Updated: 2007-04-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23396
Summary:
Apple AirPort Extreme Base Station is prone to an information-
disclosure vulnerability.
An attacker can exploit this issue to view filenames on a password-
protected AirPort Disk without supplying a password.
Firmware versions prior to 7.1 are vulnerable.
[ firmware ]
ASTERISK PBX_AEL.C SWITCH BLOCKS SECURITY BYPASS VULNERABILITY
BugTraq ID: 23155
Last Updated: 2007-03-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23155
Summary:
Asterisk PBX is prone to a security-bypass vulnerability because the
Asterisk Extension Language (AEL) fails to securely generate
extensions when compiling arbitrary labels.
An attacker can exploit this issue to bypass security restrictions.
The attacker may then be able to access sensitive information and to
change user settings.
This issue affects versions in the 1.2.0 and 1.4.0 branches.
This issue affects all versions in the following branches:
1.2.x
1.3.x
BLENDER KMZ/KML REMOTE COMMAND EXECUTION VULNERABILITY
BugTraq ID: 22770
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22770
Summary:
Blender is prone to a remote command-execution vulnerability.
An attacker could exploit this issue by enticing an unsuspecting
victim to open a malicious file. A successful exploit will allow
arbitrary Python commands to run within the privileges of the
currently logged-in user.
BUSYBOX INSECURE PASSWORD HASH WEAKNESS
BugTraq ID: 17330
Last Updated: 2007-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17330
Summary:
BusyBox is prone to an insecure password-hash weakness. This issue
is due to a design flaw that results in password hashes being
created in an insecure manner.
This issue allows attackers to use precomputed password hashes in
brute-force attacks if they can gain access to password hashes by
some means (such as exploiting another vulnerability).
CPIO FILE SIZE STACK BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 16057
Last Updated: 2007-05-01
Remote: No
Relevant URL: http://www.securityfocus.com/bid/16057
Summary:
The cpio utility is prone to a stack buffer-overflow vulnerability.
This issue presents itself when cpio tries to create an archive
containing files with extremely large sizes, potentially resulting
in a memory buffer being overrun.
Note that this vulnerability presents itself only on 64-bit
platforms. Presumably, on 32-bit platforms using 64-bit filesystems,
this may be exploited to crash cpio.
CUPS PARTIAL SSL CONNECTION REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23127
Last Updated: 2007-03-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23127
Summary:
CUPS is prone to a remote denial-of-service vulnerability when
handling SSL connection requests.
Successfully exploiting this issue allows remote attackers to cause
the affected service to stop accepting further requests, denying
further service to legitimate users.
NOTE: This issue was originally reported as a vulnerability
affecting Apple Mac OS X in BID 22948 (Apple Mac OS X
Multiple Applications Multiple Vulnerabilities). Further
information indicates that this vulnerability also affects
CUPS running on other platforms, so this issue is being
assigned a separate BID.
CANON NETWORK CAMERA SERVER UNSPECIFIED CROSS SITE SCRIPTING
VULNERABILITY
BugTraq ID: 23560
Last Updated: 2007-04-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23560
Summary:
Canon Network Camera Server is prone to an unspecified cross-site
scripting vulnerability because the application fails to
sufficiently sanitize user-supplied data.
Exploiting this issue may help the attacker steal cookie-based
authentication credentials and launch other attacks.
These versions of Canon Network Camera Server are vulnerable:
- VB100 firmware V3.0 R69 (and earlier)
- VB101 firmware V3.0 R69 (and earlier)
- VB150 firmware V1.1 R39 (and earlier)
[ firmware ]
CISCO MULTIPLE DEVICES CRAFTED IP OPTION MULTIPLE REMOTE CODE
EXECUTION VULNERABILITY
BugTraq ID: 22211
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22211
Summary:
Multiple Cisco switches and routers running Cisco IOS and Cisco IOS
XR are prone to multiple remote code-execution vulnerabilities.
These issues occur because the devices fail to handle specially
crafted network packets.
An attacker can exploit these issues to execute arbitrary code
within the context of the affected device. Failed exploit attempts
will result in a denial of service.
These issues affect only devices that are configured to handle
Internet Protocol version 4 (IPv4) packets. These issues do not
affect devices that are configured to handle only Internet Protocol
version 6 (IPV6) packets.
These issues are being tracked by Cisco Bug IDs CSCeh52410 and
CSCec71950.
[ firmware ]
CISCO UNIFIED CALLMANAGER AND UNIFIED SERVER MULTIPLE REMOTE DENIAL OF
SERVICE VULNERABILITIES
BugTraq ID: 23181
Last Updated: 2007-03-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23181
Summary:
Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server
(CUPS) are prone to multiple remote denial-of-service
vulnerabilities. These issues occur because the devices fail to
handle certain network packets or network requests.
An attacker can exploit these issues to crash the affected services
on the devices, denying service to legitimate users.
[ firmware ]
CLAM ANTIVIRUS CLAMAV MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 23473
Last Updated: 2007-04-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23473
Summary:
ClamAV is prone to a file-descriptor leakage vulnerability and a buffer-
overflow vulnerability.
A successful attack may allow an attacker to obtain sensitive
information, cause denial-of-service conditions, and execute
arbitrary code in the context of the user running the affected
application.
ClamAV versions prior to 0.90.2 are vulnerable to these issues.
CLAM ANTIVIRUS CLAMAV PDF HANDLING REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 23656
Last Updated: 2007-04-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23656
Summary:
ClamAV is prone to a denial-of-service vulnerability.
A successful attack may allow an attacker to cause denial-of-service
conditions.
COURIER-IMAP XMAILDIR SHELL COMMAND INJECTION VULNERABILITY
BugTraq ID: 23589
Last Updated: 2007-04-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23589
Summary:
Courier-IMAP is prone to a shell-command-injection vulnerability.
Commands executed through this vulnerability could permit an
attacker to gain access to a vulnerable system.
Courier-IMAP versions for Gentoo prior to 4.0.6-r2 are vulnerable to
this issue.
DOVECOT ZLIB PLUGIN REMOTE INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 23552
Last Updated: 2007-04-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23552
Summary:
Dovecot is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to access sensitive information
that may lead to further attacks.
[ IMAP server ]
FENICE REMOTE BUFFER OVERFLOW AND DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 17678
Last Updated: 2007-04-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17678
Summary:
Fenice is prone to multiple remote vulnerabilities:
- A buffer-overflow vulnerability. The application fails to perform
sufficient bounds checking of user-supplied data before copying
it to an insufficiently sized memory buffer. This issue
potentially allows remote attackers to execute arbitrary machine
code in the context of the affected server process. Failed
exploit attempts will likely crash the application, denying
service to legitimate users.
- A denial-of-service vulnerability due to an integer-overflow flaw.
This issue allows remote attackers to crash the affected
application, denying service to legitimate users.
Fenice 1.10 is vulnerable to these issues; other versions may also
be affected.
[ multimedia streaming server ]
FETCHMAIL MULTIPLE PASSWORD INFORMATION DISCLOSURE VULNERABILITIES
BugTraq ID: 21903
Last Updated: 2007-04-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21903
Summary:
Fetchmail is prone to multiple information-disclosure
vulnerabilities because the application discloses information about
user passwords.
An attacker can exploit these issue to access sensitive information
that may aid the attacker in other attacks.
These issues affect versions prior to 6.3.6-rc4
FILE(1) COMMAND FILE_PRINTF INTEGER UNDERFLOW VULNERABILITY
BugTraq ID: 23021
Last Updated: 2007-04-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23021
Summary:
The file(1) command is prone to an integer-underflow vulnerability
because the command fails to adequately handle user-supplied data.
An attacker can leverage this issue to corrupt heap memory and
execute arbitrary code with the privileges of a user running the
command. A successful attack may result in the compromise of
affected computers. Failed attempts will likely cause denial-of-
service conditions.
Versions prior to 4.20 are vulnerable.
FREEPBX SIP PACKET MULTIPLE HTML INJECTION VULNERABILITIES
BugTraq ID: 23575
Last Updated: 2007-04-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23575
Summary:
FreePBX is prone to multiple HTML-injection vulnerabilities because
it fails to sufficiently sanitize user-supplied input data before
using it in dynamically generated content.
Attacker-supplied HTML and script code may be executed in the
context of the affected web application, potentially allowing the
attacker to steal cookie-based authentication credentials, control
how the web application is displayed to the user, or manipulate the
underlying PBX application; other attacks are also possible.
FreePBX 2.2. series is vulnerable to these issues.
FREERADIUS MULTIPLE RLM_SQLCOUNTER BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 17293
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17293
Summary:
FreeRADIUS is prone to multiple buffer-overflow vulnerabilities.
These issues are due to a failure in the application to do proper
bounds checking on user-supplied data.
Reportedly, these issues may result in a denial-of-service condition
only. Attackers cannot exploit these issues to gain unauthorized
remote access.
FREERADIUS EAP-TTLS TUNNEL MEMORY LEAK REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 23466
Last Updated: 2007-04-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23466
Summary:
FreeRADIUS is prone to a denial-of-service vulnerability.
This vulnerability presents itself when an attacker sends malformed
data inside an EAP-TTLS tunnel.
FREERADIUS RLM_SQLCOUNTER SQL INJECTION VULNERABILITY
BugTraq ID: 17294
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/17294
Summary:
FreeRADIUS is prone to an SQL-injection vulnerability. This issue is
due to a failure in the application to properly sanitize user-
supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the
application, access or modify data, or exploit vulnerabilities in
the underlying database implementation.
GD GRAPHICS LIBRARY JIS-ENCODED FONT BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22289
Last Updated: 2007-04-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22289
Summary:
The GD graphics library is prone to a buffer-overflow vulnerability.
An attacker can exploit this issue to cause denial-of-service
conditions in applications implementing the affected library.
Arbitrary code execution may also be possible; this has not been
confirmed.
GDB DWARF MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 19802
Last Updated: 2007-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19802
Summary:
GDB is prone to multiple buffer-overflow vulnerabilities because of
insufficient bounds-checking when handling DWARF and DWARF2 data.
Attackers could leverage this issue to run arbitrary code outside of
a restricted environment; this may lead to privilege escalation.
GDB MULTIPLE VULNERABILITIES
BugTraq ID: 13697
Last Updated: 2007-04-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/13697
Summary:
GDB is reportedly affected by multiple vulnerabilities. These issues
can allow an attacker to execute arbitrary code and commands on an
affected computer. A successful attack may allow the attacker to
gain elevated privileges or unauthorized access.
The following specific issues were identified:
- a remote heap-overflow vulnerability when loading malformed
object files.
- a local privilege-escalation vulnerability.
GDB 6.3 is reportedly affected by these issues; other versions are
likely vulnerable as well. GNU binutils 2.14 and 2.15 are affected
by the heap-overflow issue as well.
GIMP RAS FILE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 23680
Last Updated: 2007-04-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23680
Summary:
GIMP is prone to a buffer-overflow vulnerability because it fails to
properly bounds-check user-supplied input data before copying it to
an insufficiently sized memory buffer.
Successful exploits of this vulnerability allow remote attackers to
execute arbitrary machine code in the context of the affected
application.
GIMP 2.2.14 is vulnerable to this issue; other versions may also
be affected.
GNOME FOUNDATION GDM .ICEAUTHORITY IMPROPER FILE PERMISSIONS
VULNERABILITY
BugTraq ID: 17635
Last Updated: 2007-05-01
Remote: No
Relevant URL: http://www.securityfocus.com/bid/17635
Summary:
GDM is prone to an improper file-permissions vulnerability.
An attacker can exploit this issue to gain access to sensitive or
privileged information that may facilitate a complete compromise of
the vulnerable computer.
GNU GV STACK BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20978
Last Updated: 2007-04-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20978
Summary:
GNU gv is prone to a stack-based buffer-overflow vulnerability
because the application fails to properly bounds-check user-supplied
data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine
code in the context of users running the affected application.
Failed attempts will likely crash the application, resulting in denial-of-
service conditions.
Version 3.6.2 is reported vulnerable; other versions may also
be affected.
NOTE: Various other applications may employ embedded GNU gv code and
could also be vulnerable as a result.
GNU MAILUTILS IMAP4D SEARCH COMMAND REMOTE FORMAT STRING VULNERABILITY
BugTraq ID: 14794
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14794
Summary:
The 'imap4d' daemon is prone to a remote format-string
vulnerability.
The issue presents itself when the service handles malicious search
commands from a client.
A successful attack may allow attackers to execute arbitrary code,
which may help them gain unauthorized access or escalate privileges
in the context of the server.
This issue has been confirmed in GNU Mailutils 0.6; other versions
may be vulnerable as well.
GNU TAR INVALID HEADERS BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 16764
Last Updated: 2007-04-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/16764
Summary:
GNU Tar is prone to a buffer overflow when handling invalid headers.
Successful exploitation could potentially lead to arbitrary code
execution, but this has not been confirmed.
Tar versions 1.14 and above are vulnerable.
GNU TEXINFO INSECURE TEMPORARY FILE CREATION VULNERABILITY
BugTraq ID: 14854
Last Updated: 2007-04-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14854
Summary:
Texinfo creates temporary files in an insecure manner. The issue
resides in the 'textindex.c' file.
Exploitation would most likely result in loss of data or a denial of
service if critical files are overwritten in the attack. Other
attacks may be possible as well.
GIMP XCF_LOAD_VECTOR FUNCTION BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 18877
Last Updated: 2007-04-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18877
Summary:
Gimp is prone to a buffer-overflow vulnerability because it fails to
properly bounds-check user-supplied input data before copying it to
an insufficiently sized memory buffer.
An attacker may cause malicious code to execute by forcing the
application to read raw data from a malicious image file, with the
privileges of the user running the GIMP application.
GNOME EVOLUTION FORMAT STRING VULNERABILITY
BugTraq ID: 23073
Last Updated: 2007-04-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23073
Summary:
Gnome Evolution is prone to a format-string vulnerability.
This issue presents itself because the application fails to properly
sanitize user-supplied input before passing it as the format
specifier in a shared memo.
A successful attack may crash the application or possibly lead to
arbitrary code execution. This may facilitate unauthorized access or
privilege escalation in the context of the user running the
application.
Gnome Evolution version 2.8.2.1 is vulnerable to this issue; other
versions may also be affected.
HP JETDIRECT FTP PRINT SERVER RERT COMMAND DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 23168
Last Updated: 2007-03-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23168
Summary:
HP JetDirect FTP Print Server is prone to a remote denial-of-service
vulnerability.
An attacker can exploit this issue on an affected computer to deny
service to legitimate users.
FTP Print Server 2.4 and prior versions are vulnerable.
[ firmware ]
IPSEC-TOOLS REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23394
Last Updated: 2007-04-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23394
Summary:
IPSec-Tools is affected by a remote denial-of-service
vulnerability because the application fails to properly handle
certain network packets.
A successful attack allows a remote attacker to crash the
application, denying further service to legitimate users.
IPSec-Tools versions prior to 0.6.7 are vulnerable to this issue.
IPV6 PROTOCOL TYPE 0 ROUTE HEADER DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23615
Last Updated: 2007-04-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23615
Summary:
IPv6 protocol implementations are prone to a denial-of-service
vulnerability due to a design error.
Exploiting this issue allows attackers to cause denial-of-service
conditions.
This issue is related to the issue discussed in BID 22210 (Cisco IOS
IPv6 Source Routing Remote Memory Corruption Vulnerability).
ISC BIND QUERY_ADDSOA DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23738
Last Updated: 2007-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23738
Summary:
ISC BIND is prone to a denial-of-service vulnerability because it
fails to handle certain sequences of malicious queries.
NOTE: Only applications configured with the 'recursion'
directive/attribute enabled are vulnerable to this issue.
An attacker can exploit this issue to cause the application to exit,
denying service to legitimate users.
Versions 9.40, 9.5.0a1, 9.5.0a2, and 9.5.0a3 are vulnerable.
ISC BIND REMOTE DNSSEC VALIDATION DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22231
Last Updated: 2007-03-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22231
Summary:
ISC BIND is prone to a remote denial-of-service vulnerability
because the application fails to properly handle malformed DNSSEC
validation requests.
Successfully exploiting this issue allows remote attackers to crash
affected DNS servers, denying further service to legitimate users.
IMAGEMAGICK DCM XWD FORMATS MULTIPLE INTEGER OVERFLOW VULNERABILITIES
BugTraq ID: 23347
Last Updated: 2007-04-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23347
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities
because it fails to adequately handle user-supplied data.
An attacker can exploit these issues to execute arbitrary code in
the context of the application. Failed exploit attempts will likely
cause denial-of-service conditions.
ImageMagick 6.2.9 through 6.3.3-4 are vulnerable.
IMAGEMAGICK XGETPIXEL/XINITIMAGE MULTIPLE INTEGER OVERFLOW
VULNERABILITIES
BugTraq ID: 23300
Last Updated: 2007-04-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23300
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities
because it fails to properly validate user-supplied data.
An attacker can exploit these issues to execute arbitrary code in
the context of the application. Failed exploit attempts will likely
cause denial-of-service conditions.
IMAGER 8 BIT BMP HEAP BASED BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 23711
Last Updated: 2007-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23711
Summary:
Imager is prone to a heap-based buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied input data
before copying it to an insufficiently sized memory buffer.
Successful exploits of this vulnerability allow remote attackers to
execute arbitrary machine code in the context of an application
using the vulnerable library. Failed attempts will likely result in
denial-of-service conditions.
NOTE: The effects of successful attacks depend on how system memory
is allocated. The implementation of the 'glibc' memory
allocator will likely allow an attacker to trigger only denial-of-
service conditions. Other allocators may allow arbitrary code
execution.
Versions prior to Imager 0.57 are vulnerable.
INFO-ZIP UNZIP CHMOD FILE PERMISSION MODIFICATION RACE
CONDITION WEAKNESS
BugTraq ID: 14450
Last Updated: 2007-05-01
Remote: No
Relevant URL: http://www.securityfocus.com/bid/14450
Summary:
Info-ZIP unzip is reported prone to a security weakness. The issue
occurs only when an archive is extracted into a world- or group-
writable directory. Reportedly, unzip employs non-atomic procedures
to write a file and later to change the permissions on the newly
extracted file.
A local attacker may leverage this issue to modify file permissions
of target files.
INFO-ZIP UNZIP FILE NAME BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 15968
Last Updated: 2007-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15968
Summary:
Info-ZIP 'unzip' is susceptible to a filename buffer-overflow
vulnerability. The application fails to properly bounds-check user-
supplied data before copying it into an insufficiently sized
memory buffer.
This issue allows attackers to execute arbitrary machine code in the
context of users running the affected application.
IPUTILS RARPD REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23706
Last Updated: 2007-04-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23706
Summary:
The 'iputils rarpd' program is affected by a remote denial-of-
service vulnerability because the software fails to properly handle
certain network packets.
A successful attack allows a remote attacker to crash the
application, denying further service to legitimate users.
KDE KONQUEROR JAVASCRIPT IFRAME DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22814
Last Updated: 2007-04-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22814
Summary:
KDE Konqueror is prone to a remote denial-of-service vulnerability
because of an error in KDE's JavaScript implementation.
An attacker may exploit this vulnerability to cause Konquerer to
crash, resulting in denial-of-service conditions.
Konqueror included with KDE version 3.5.5 is vulnerable; other
versions may also be affected.
KDE KONQUEROR/IOSLAVE FTP PASV PORT-SCANNING VULNERABILITY
BugTraq ID: 23091
Last Updated: 2007-03-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23091
Summary:
KDE Konqueror is prone to a vulnerability that may allow attackers
to obtain potentially sensitive information.
A successful exploit of this issue would cause the affected
application to connect to arbitrary TCP ports and potentially
reveal sensitive information about services that are running on the
affected computer. Information obtained may aid attackers in
further attacks.
LDAP ACCOUNT MANAGER UNSPECIFIED HTML INJECTION VULNERABILITY
BugTraq ID: 23190
Last Updated: 2007-03-29
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23190
Summary:
LDAP Account Manager is prone to an HTML-injection vulnerability
because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to execute HTML and
script code in the context of the affected site, to steal cookie-
based authentication credentials, or to control how the site is
rendered to the user; other attacks are also possible.
LDAP Account Manager versions prior to 1.3.0 are vulnerable to
this issue.
LFTP MIRRORJOB::HANDLEFILE ARBITRARY COMMAND INJECTION VULNERABILITY
BugTraq ID: 23736
Last Updated: 2007-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23736
Summary:
LFTP is prone to an arbitrary command-injection vulnerability
because it fails to adequately sanitize user-supplied data.
An attacker can exploit this issue to execute arbitrary commands in
the context of the user running the application.
Versions prior to 3.5.9 are vulnerable.
LEDGERSMB UNSPECIFIED SQL INJECTION VULNERABILITIES
BugTraq ID: 20749
Last Updated: 2007-04-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20749
Summary:
LedgerSMB is prone to multiple unspecified SQL-injection
vulnerabilities because it fails to properly sanitize user-supplied
input before using it in an SQL query.
A successful attack could allow an attacker to compromise the
application, access or modify data, gain administrative access to
the application, or exploit vulnerabilities in the underlying
database implementation.
LedgerSMB 1.1.0 is vulnerable to these issues; other versions may be
vulnerable as well.
[ meilleure implémentation de SQLLedger ]
LIBFTP MULTIPLE REMOTE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 22987
Last Updated: 2007-03-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22987
Summary:
The 'libftp' library is prone to multiple remote buffer-overflow
vulnerabilities because the software fails to bounds-check user-
supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit these issues to execute arbitrary code
within the context of applications that rely on the affected
library. Failed exploit attempts will result in a denial of service.
Version 5.0 of libftp is vulnerable; other versions may also
be affected.
LIBWPD LIBRARY MULTIPLE BUFFER OVERFLOW VULNERABILITIES
BugTraq ID: 23006
Last Updated: 2007-04-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23006
Summary:
The libwpd library is prone to multiple buffer-overflow
vulnerabilities because it fails to adequately check boundaries on
user-supplied input.
A successful exploit could let a remote attacker execute arbitrary
code in the context of an application using the affected library.
Version 0.8.7 is vulnerable; other versions prior to 0.8.9 may also
be affected.
LIGHTTPD MULTIPLE REMOTE DENIAL OF SERVICE VULNERABILITIES
BugTraq ID: 23515
Last Updated: 2007-04-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23515
Summary:
Lighttpd is prone to multiple remote denial-of-service
vulnerabilities because the application fails to properly handle
unexpected conditions.
Successfully exploiting these issues allows remote attackers to
trigger an infinite loop, consuming excessive CPU resources, or to
crash affected servers via a NULL-pointer dereference. This will
deny further service to legitimate users.
Lighttpd versions prior to 1.4.14 are vulnerable.
LINKSYS SPA941 \377 CHARACTER DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23619
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23619
Summary:
Linksys SPA941 phones are prone to a remote denial-of-service
vulnerability.
Exploiting this issue allows remote attackers to cause the device to
reboot, effectively denying service to legitimate users.
[ firmware ]
LINKSYS WAG200G DSL ROUTER/GATEWAY INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 23063
Last Updated: 2007-04-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23063
Summary:
Linksys WAG200G is prone to a vulnerability that may disclose
sensitive information.
An attacker can exploit this issue to retrieve sensitive information
that may aid in further attacks.
This issue affects firmware version 1.01.01; other versions may also
be vulnerable.
[ firmware ]
LINUX KERNEL APPLETALK ATALK_SUM_SKB FUNCTION DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 23376
Last Updated: 2007-04-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23376
Summary:
The Linux kernel is prone to a denial-of-service vulnerability. This
issue presents itself when malformed AppleTalk frames are processed.
An attacker can exploit this issue to crash host computers,
effectively denying service to legitimate users.
Versions prior to 2.6.20.5 are vulnerable.
LINUX KERNEL BINFMT_ELF PT_INTERP LOCAL INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 22903
Last Updated: 2007-04-24
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22903
Summary:
The Linux kernel is prone to a vulnerability in the Linux ELF binary
loader. Exploiting this issue can allow local attackers to gain
access to privileged information.
An attacker may be able to obtain sensitive data that can
potentially be used to gain elevated privileges.
This issue is a variant of the vulnerability assigned CVE candidate
ID CAN-2004-1073, which is documented in BID 11646.
Linux Kernel versions in the 2.6.0 branch prior to 2.6.20 are
vulnerable; versions in the 2.4.0 branch may also be affected.
LINUX KERNEL CAPIUTIL.C BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 23333
Last Updated: 2007-04-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23333
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied input before
using into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with
kernel-level privileges or cause the affected kernel to crash,
denying service to legitimate users.
This issue affects versions 2.6.9 to 2.6.20 and the 'isdn4k-utils'
utilities.
LINUX KERNEL DCCP MULTIPLE LOCAL INFORMATION DISCLOSURE
VULNERABILITIES
BugTraq ID: 23162
Last Updated: 2007-03-29
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23162
Summary:
The Linux kernel is prone to multiple vulnerabilities in its DCCP
support. Exploiting these issues can allow local attackers to access
privileged information.
An attacker may be able to obtain sensitive data that can
potentially aid in further attacks.
Linux Kernel versions in the 2.6.20 and later branch are vulnerable
to these issues.
LINUX KERNEL DCCP PROTO.C BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 23384
Last Updated: 2007-04-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23384
Summary:
The Linux kernel is prone to a buffer-overflow vulnerability because
it fails to adequately bounds-check user-supplied data before
copying it to an insufficiently sized buffer.
An attacker can exploit this issue to cause denial-of-service
conditions. Arbitrary code execution may also be possible, but this
has not been confirmed.
Versions prior to 2.6.20.5 are vulnerable.
LINUX KERNEL IPV6_GETSOCKOPT_STICKY MEMORY LEAK INFORMATION DISCLOSURE
VULNERABILITY
BugTraq ID: 22904
Last Updated: 2007-04-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22904
Summary:
Linux Kernel is prone to an information-disclosure vulnerability
because it fails to handle unexpected user-supplied input.
Successful exploits will allow attackers to obtain portions of
kernel memory. Information harvested may be used in further attacks.
Kernel versions 2.6.0 up to 2.6.20.1 are vulnerable to this issue.
LINUX KERNEL IPV6_SOCKGLUE.C NULL POINTER DEREFERENCE VULNERABILITY
BugTraq ID: 23142
Last Updated: 2007-04-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23142
Summary:
The Linux kernel is prone to a NULL-pointer dereference
vulnerability.
A local attacker can exploit this issue to crash the affected
application, denying service to legitimate users. The attacker may
also be able to execute arbitrary code with elevated privileges, but
this has not been confirmed.
LINUX KERNEL IPV6 TCP SOCKETS LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23104
Last Updated: 2007-03-26
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23104
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.
Exploiting this issue allows local attackers to cause the kernel to
crash, effectively denying service to legitimate users. Attackers
may also be able to execute arbitrary code with elevated privileges,
but this has not been confirmed.
This issue affects the Linux kernel 2.6 series.
LINUX KERNEL KEY_ALLOC_SERIAL() LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22539
Last Updated: 2007-04-24
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22539
Summary:
The Linux Kernel is prone to a denial-of-service vulnerability.
A successful attack can allow local attackers to trigger a crash and
deny service to legitimate users.
Kernel versions 2.6.x are vulnerable.
LINUX KERNEL L2CAP AND HCI SETSOCKOPT MEMORY LEAK INFORMATION
DISCLOSURE VULNERABILITY
BugTraq ID: 23594
Last Updated: 2007-04-23
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23594
Summary:
Linux Kernel is prone to an information-disclosure vulnerability
because it fails to handle unexpected user-supplied input.
Successful exploits will allow attackers to view portions of kernel
memory. Information harvested may be used in further attacks.
Kernel versions 2.4.34.2 and prior are vulnerable to this issue.
LINUX KERNEL NFSACL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22625
Last Updated: 2007-04-24
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22625
Summary:
The Linux kernel is prone to a local denial-of-service
vulnerability.
An attacker can exploit this issue to crash the affected computer,
denying service to legitimate users.
This issue affects the Linux kernel 2.6 series up to 2.6.20.
LINUX KERNEL OMNIKEY CARDMAN 4040 DRIVER LOCAL BUFFER OVERFLOW
VULNERABILITY
BugTraq ID: 22870
Last Updated: 2007-04-06
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22870
Summary:
The Linux kernel is prone to a local buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied input before
using it in a memory copy operation.
This issue allows local attackers to overwrite kernel memory with
arbitrary data, potentially allowing them to execute malicious
machine code in the context of affected kernels. Exploiting this
vulnerability facilitates the complete compromise of affected
computers.
Linux kernel versions prior to 2.6.21-rc3 are affected by this
issue.
LINUX KERNEL UTRACE UNSPECIFIED LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23720
Last Updated: 2007-05-01
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23720
Summary:
The Linux kernel is prone to a denial-of-service vulnerability that
stems from a flaw in 'utrace' support.
A local attacker may exploit this issue to cause the affected kernel
to crash, effectively denying service to legitimate users.
MADWIFI IEEE80211_OUTPUT.C UNENCRYPTED DATA PACKET MULTIPLE
VULNERABILITIES
BugTraq ID: 23434
Last Updated: 2007-04-24
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23434
Summary:
MADWiFi is prone to a denial-of-service vulnerability, an information-
disclosure issue, and a packet-spoofing vulnerability. These issues
occur because of a design error.
An attacker can exploit these issues to spoof network traffic, crash
arbitrary processes, and gain access to sensitive information.
These issues affect versions prior to 0.9.3.
MADWIFI CHANNEL SWITCH ANNOUNCEMENT INFORMATION ELEMENTS DENIAL OF
SERVICE VULNERABILITY
BugTraq ID: 23436
Last Updated: 2007-04-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23436
Summary:
MADWifi is prone to a denial-of-service vulnerability because if
fails to properly handle certain network packets.
An attacker may exploit this issue by submitting a maliciously
crafted packet to the vulnerable computer.
Attackers can exploit this issue to switch a communication channel,
causing loss of communication and thus denying service to
legitimate users.
Versions prior to 0.9.3 are vulnerable.
MADWIFI AD-HOC MODE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23433
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23433
Summary:
MADWifi is prone to a denial-of-service vulnerability when running
in 'Ad-Hoc' mode.
Attackers can exploit this issue to crash affected computers,
denying service to legitimate users.
Versions prior to 0.9.3 are vulnerable.
MADWIFI AUTH FRAME IBSS REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23431
Last Updated: 2007-04-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23431
Summary:
MADWifi is prone to a remote denial-of-service vulnerability
because the application fails to handle certain AUTH frames from an
IBSS node.
An attacker can exploit this issue to cause the affected computer to
crash, denying further service to legitimate users.
This issue affects MADWifi 0.9.3 and prior versions.
[ apparemment dans la partie libre du pilote ]
MIT KERBEROS 5 KADMIND SERVER STACK BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 23285
Last Updated: 2007-04-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23285
Summary:
Kerberos 5 kadmind (Kerberos Administration Daemon) server is prone
to a stack-based buffer-overflow vulnerability because the software
fails to adequately bounds-check user-supplied data before copying
it to an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with
administrative privileges. A successful attack can result in the
complete compromise of the application. Failed attempts will likely
result in denial-of-service conditions.
All kadmind servers run on the master Kerberos server. Since the
master server holds the KDC principal and policy database, an attack
may not only compromise the affected computer, but could also
compromise multiple hosts that use the server for authentication.
Kerberos 5 kadmind 1.6 and prior versions are vulnerable.
MIT KERBEROS 5 RPC LIBRARY REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 21970
Last Updated: 2007-04-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21970
Summary:
MIT Kerberos 5 is prone to a remote code-execution vulnerability.
This issue resides in the server-side portion of the Kerberos RPC
library. Currently, the 'kadmind' service is known to be vulnerable,
but other applications that use this library may also be affected.
An attacker can exploit this issue to execute arbitrary code with
administrative privileges, completely compromising affected
computers. Failed exploit attempts will result in a denial of
service. After a Kerberos database computer has been compromised,
attackers may gain unauthorized access to other services that rely
on the Kerberos infrastructure for authentication.
MIT KERBEROS 5 TELNET DAEMON AUTHENTICATION BYPASS VULNERABILITY
BugTraq ID: 23281
Last Updated: 2007-04-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23281
Summary:
MIT Kerberos 5 is prone to an authentication-bypass vulnerability.
An attacker can exploit this issue to gain superuser or SYSTEM-level
privileges on the affected computer. Successfully exploiting this
issue will result in the complete compromise of affected computers.
This issue occurs in Kerberos 5 versions 1.6 and prior.
MIT KERBEROS ADMINISTRATION DAEMON KADMIND DOUBLE FREE MEMORY
CORRUPTION VULNERABILITIES
BugTraq ID: 23282
Last Updated: 2007-04-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23282
Summary:
MIT Kerberos 5 is prone to a double-free memory-corruption
vulnerability.
An attacker can exploit this issue to execute arbitrary code with
superuser or SYSTEM-level privileges, completely compromising
affected computers. Failed exploit attempts will likely result in a
denial-of-service conditions.
This issue also affects third-party applications using the
affected API.
MPLAYER DMO FILE PARSING BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22771
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22771
Summary:
MPlayer is susceptible to a buffer-overflow vulnerability when it
attempts to process malformed video files. This issue occurs
because the application fails to perform proper bounds-checking on
user-supplied data before copying it to an insufficiently sized
memory buffer.
An attacker may exploit this issue to execute arbitrary code with
the privileges of the user that activated the vulnerable
application. This may facilitate unauthorized access or privilege
escalation.
MPlayer version 1.0rc1 is vulnerable to this issue; previous
versions may also be affected.
MAN COMMAND -H FLAG LOCAL BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 23355
Last Updated: 2007-04-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23355
Summary:
The 'man' command is prone to a local buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied input before
using it in a memory copy operation.
NOTE: Presumably, this issue is exploitable only when 'man' has been
installed setuid.
Exploiting this issue allows attackers to execute malicious machine
code with the privileges of the 'man' utility. This can result in
the compromise of affected computers. Failed exploit attempts will
likely result in denial-of-service conditions.
MOD_PERL PATH_INFO REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23192
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23192
Summary:
The 'mod_perl' module is prone to a remote denial-of-service
vulnerability.
Successful exploits may allow remote attackers to cause denial-of-
service conditions on the webserver running the mod_perl module.
MOZILLA FIREFOX FTP PASV PORT-SCANNING VULNERABILITY
BugTraq ID: 23082
Last Updated: 2007-04-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23082
Summary:
Mozilla Firefox is prone to vulnerability that may allow attackers
to obtain potentially sensitive information.
A successful exploit of this issue would cause the affected
application to connect to arbitrary TCP ports and potentially
reveal sensitive information about services that are running on the
affected computer. Information obtained may aid attackers in
further attacks.
MOZILLA FIREFOX 2 PASSWORD MANAGER CROSS-SITE INFORMATION
DISCLOSURE WEAKNESS
BugTraq ID: 21240
Last Updated: 2007-03-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21240
Summary:
Mozilla Firefox is reportedly prone to an information-disclosure
weakness because it fails to properly notify users of the
automatic population of form fields in disparate URLs deriving
from the same domain.
Exploiting this issue may allow attackers to obtain user credentials
that have been saved in forms deriving from the same website where
attack code resides. The most common manifestation of this condition
would typically be in blogs or forums. This may allow attackers to
access potentially sensitive information that would facilitate the
success of phishing attacks.
Initial reports and preliminary testing indicate that this issue
affects only Firefox 2.
MOZILLA FIREFOX JAVASCRIPT HANDLER RACE CONDITION MEMORY CORRUPTION
VULNERABILITY
BugTraq ID: 19488
Last Updated: 2007-04-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19488
Summary:
Mozilla Firefox is prone to a remote memory-corruption
vulnerability. This issue is due to a race condition that may result
in double-free or other memory-corruption issues.
Attackers may likely exploit this issue to execute arbitrary machine
code in the context of the vulnerable application, but this has not
been confirmed. Failed exploit attempts will likely crash the
application.
Mozilla Firefox is vulnerable to this issue. Due to code reuse,
other Mozilla products are also likely affected.
MOZILLA FIREFOX JAVASCRIPT URI REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 22826
Last Updated: 2007-03-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22826
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability
due to a design error.
Attackers may exploit this issue by enticing victims into visiting a
malicious site.
Successful exploits may allow an attacker to crash the application
or execute arbitrary code in the context of the affected
application.
MOZILLA FIREFOX LOCATION.HOSTNAME DOM PROPERTY COOKIE THEFT
VULNERABILITY
BugTraq ID: 22566
Last Updated: 2007-03-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22566
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to
steal cookies. This issue occurs because the application fails to
sufficiently sanitize user-supplied input.
An attacker can exploit this issue to manipulate cookie-based
authentication credentials for third-party web pages or to control
how the site is rendered to the user. Exploiting this issue may
allow the attacker to bypass the same-origin policy for cross-window/cross-
frame data access; other attacks are also possible.
This issue affects version 2.0.0.1; prior versions may also be
affected.
MOZILLA FIREFOX ONUNLOAD MEMORY CORRUPTION VULNERABILITY
BugTraq ID: 22679
Last Updated: 2007-03-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22679
Summary:
Mozilla Firefox is prone to a remote memory-corruption
vulnerability.
Successfully exploiting this issue may allow remote attackers to
execute arbitrary machine code in the context of the affected
application. This could facilitate the remote compromise of affected
computers.
Mozilla Firefox version 2.0.0.1 is vulnerable to this issue; other
versions are also likely affected.
MOZILLA FIREFOX POPUP BLOCKER CROSS ZONE SECURITY BYPASS WEAKNESS
BugTraq ID: 22396
Last Updated: 2007-03-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22396
Summary:
Mozilla Firefox is prone to a cross-zone security-bypass weakness. This issue allows attackers to open 'file://' URIs from remote websites.
By exploiting this issue in conjunction with other weaknesses or
vulnerabilities, attackers may be able to execute arbitrary script
code with the elevated privileges that are granted to scripts when
they are executed from local sources.
Mozilla Firefox 1.5.0.9 is affected by this issue; other versions
may be affected as well.
MOZILLA FIREFOX XML HANDLER RACE CONDITION MEMORY CORRUPTION
VULNERABILITY
BugTraq ID: 19534
Last Updated: 2007-04-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19534
Summary:
Mozilla Firefox is prone to a remote memory-corruption vulnerability
because of a race condition that may result in double-free or other
memory-corruption issues.
Attackers may likely exploit this issue to execute arbitrary machine
code in the context of the vulnerable application, but this has not
been confirmed. Failed exploit attempts will likely crash the
application.
Mozilla Firefox is vulnerable to this issue. Due to code-reuse,
other Mozilla products are also likely affected.
The Flock browser version 0.7.4.1 and the K-Meleon browser version
1.0.1 are also reported vulnerable.
MOZILLA FIREFOX/SEAMONKEY/THUNDERBIRD MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 21668
Last Updated: 2007-04-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories
specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute
arbitrary code.
Other attacks may also be possible.
MOZILLA FIREFOX/THUNDERBIRD/SEAMONKEY MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 20042
Last Updated: 2007-04-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20042
Summary:
The Mozilla Foundation has released six security advisories
specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and
Thunderbird.
These vulnerabilities allow attackers to:
- execute arbitrary code
- perform cross-site scripting attacks
- supply malicious data through updates
- inject arbitrary content
- execute arbitrary JavaScript
- crash affected applications and potentially execute
arbitrary code.
Other attacks may also be possible.
The issues described here will be split into individual BIDs as more
information becomes available.
These issues are fixed in:
- Mozilla Firefox version 1.5.0.7
- Mozilla Thunderbird version 1.5.0.7
- Mozilla SeaMonkey version 1.0.5
MOZILLA NETWORK SECURITY SERVICES LIBRARY REMOTE DENIAL OF SERVICE
VULNERABILITY
BugTraq ID: 18604
Last Updated: 2007-04-30
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/18604
Summary:
NSS is susceptible to a remote denial-of-service vulnerability. This
issue is due to a memory leak in the library.
This issue allows remote attackers to consume excessive memory
resources on affected computers. This may lead to computer hangs or
panics, denying service to legitimate users.
NSS version 3.11 is affected by this issue.
MOZILLA THUNDERBIRD/SEAMONKEY/FIREFOX MULTIPLE REMOTE VULNERABILITIES
BugTraq ID: 22694
Last Updated: 2007-04-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22694
Summary:
The Mozilla Foundation has released six security advisories
specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.
These vulnerabilities allow attackers to:
- Execute arbitrary code
- Cause denial-of-service conditions
- Perform cross-site scripting attacks
- Obtain potentially sensitive information
- Spoof legitimate content
Other attacks may also be possible.
MOZILLA THUNDERBIRD/SEAMONKEY RICH TEXT INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 22845
Last Updated: 2007-04-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22845
Summary:
Thunderbird and Seamonkey are prone to an integer-overflow
vulnerability because they fail to handle excessively large
specially formatted email messages.
A remote attacker can exploit this issue to execute arbitrary code;
failed exploit attempts will likely result in denial-of-service
conditions.
This issue affects Thunderbird versions prior to 1.5.0.10 and
Seamonkey versions prior to 1.0.8.
MYSQL PRIVILEGE ELEVATION AND SECURITY BYPASS VULNERABILITIES
BugTraq ID: 19559
Last Updated: 2007-04-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19559
Summary:
MySQL is prone to these vulnerabilities:
- A privilege-elevation vulnerability. A user with privileges to
execute SUID routines may gain elevated privileges by executing
certain commands and code with higher privileges.
- A security-bypass vulnerability. A user can bypass restrictions
and create new databases.
MySQL 5.0.24 and prior versions are affected by these issues.
MYSQL SINGLE ROW SUBSELECT REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22900
Last Updated: 2007-03-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22900
Summary:
MySQL is prone to a remote denial-of-service vulnerability because
it fails to handle certain select statements to database metadata.
An attacker can exploit this issue to crash the application, denying
access to legitimate users. The attacker may also be able to execute
arbitrary code, but this has not yet been confirmed.
NOTE: An attacker must be able to execute arbitrary SELECT
statements on the vulnerable computer to exploit this issue.
This may be through legitimate means or by exploiting other
latent SQL-injection vulnerabilities.
Versions prior to 5.0.36 are vulnerable.
NETBSD FTPD AND TNFTPD PORT REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 21377
Last Updated: 2007-04-20
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/21377
Summary:
NetBSD ftpd and tnftpd are prone to a remote buffer-overflow
vulnerability. This issue is due to an off-by-one error; it allows
attackers to corrupt memory.
Remote attackers may execute arbitrary machine code in the context
of the user running the affected application. Failed attempts will
likely result in denial-of-service conditions.
NETBSD ISO(4) BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 23193
Last Updated: 2007-03-29
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23193
Summary:
NetBSD 'ISO' is prone to a local buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied input before
copying it to an insufficiently sized memory buffer.
A local attacker may be able to exploit this issue to elevate
privileges to superuser or cause denial-of-service conditions.
NETWORK AUDIO SYSTEM LOCAL PRIVILEGE ESCALATION AND DENIAL OF SERVICE
VULNERABILITIES
BugTraq ID: 23017
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23017
Summary:
Network Audio System is prone to local privilege-escalation and denial-of-
service vulnerabilities.
An attacker can exploit these issues to execute arbitrary commands
with root privileges or to overwrite arbitrary system files,
resulting in denial-of-service conditions.
Network Audio System version 1.8a is affected; other versions may
also be vulnerable.
NORTEL VPN ROUTERS MULTIPLE REMOTE UNAUTHORIZED ACCESS VULNERABILITIES
BugTraq ID: 23562
Last Updated: 2007-04-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23562
Summary:
Nortel VPN routers are prone to multiple remote unauthorized-access
vulnerabilities due to design errors.
Successful exploits will allow attackers to access administrative
functionality and completely compromise vulnerable devices or gain
direct access to the private network.
This issue affects all model numbers for Nortel VPN Routers 1000,
2000, 4000, 5000. Nortel VPN routers were formerly known as
Contivity.
[ firmware ]
OPENDAP SERVER3 REMOTE COMMAND EXECUTION VULNERABILITY
BugTraq ID: 23719
Last Updated: 2007-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23719
Summary:
OPeNDAP is prone to a remote command-execution vulnerability because
the application fails to properly sanitize user-supplied input.
Exploiting this issue allows attackers to execute arbitrary commands
in the context of the server.
A successful exploit could facilitate the compromise of an affected
computer; other attacks are also possible.
OpeNDAP Server3 3.2.10 through to 3.7.4 are vulnerable to this
issue.
OPENAFS FETCHSTATUS REPLY PRIVILEGE ESCALATION VULNERABILITY
BugTraq ID: 23060
Last Updated: 2007-04-05
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23060
Summary:
OpenAFS is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to execute arbitrary
commands with superuser privileges on the affected computer.
OpenAFS 1.4.3 (and prior versions) and 1.5.0 through 1.5.16 are
affected by this vulnerability.
OPENLDAP SLAPD ACCESS CONTROL CIRCUMVENTION VULNERABILITY
BugTraq ID: 19832
Last Updated: 2007-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19832
Summary:
OpenLDAP slapd is prone to a vulnerability that allows attackers to
circumvent access controls.
An attacker may be able to modify any domain name regardless of
the owner.
Versions prior to 2.3.25 are vulnerable.
OPENOFFICE META CHARACTER REMOTE SHELL COMMAND EXECUTION VULNERABILITY
BugTraq ID: 22812
Last Updated: 2007-04-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22812
Summary:
OpenOffice is prone to a vulnerability that allows arbitrary shell
commands to run because the software fails to sanitize user-
supplied input.
An attacker may leverage this issue to execute arbitrary shell
commands on an affected computer with the privileges of the
applicaiton.
OPENOFFICE STARCALC PARSER UNSPECIFIED BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 23067
Last Updated: 2007-03-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23067
Summary:
OpenOffice is prone to a remote stack-based buffer-overflow
vulnerability. This issue occurs because the application fails to
bounds-check user-supplied data before copying it into an
insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within
the context of the affected application. Failed exploit attempts
will result in a denial-of-service.
OPENPBS MULTIPLE LOCAL AND REMOTE VULNERABILITIES
BugTraq ID: 20776
Last Updated: 2007-04-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20776
Summary:
OpenPBS is prone to multiple unspecified remote and local
vulnerabilities.
Exploiting these issues may allow both local and remote attackers to
completely compromise affected computers because portions of the
software operate with superuser privileges. Failed exploit attempts
may result in denial-of-service conditions.
Very little information is currently available; this BID will be
updated as more information is disclosed.
OPENSSH DUPLICATED BLOCK REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 20216
Last Updated: 2007-04-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20216
Summary:
OpenSSH is prone to a remote denial-of-service vulnerability because
it fails to properly handle incoming duplicate blocks.
Remote attackers may exploit this issue to consume excessive CPU
resources, potentially denying service to legitimate users.
This issue occurs only when OpenSSH is configured to accept SSH
Version One traffic.
OPENSSH S/KEY REMOTE INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 23601
Last Updated: 2007-04-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23601
Summary:
OpenSSH contains an information-disclosure vulnerability when S/Key
authentication is enabled. This issue occurs because the application
fails to properly obscure the existence of valid usernames in
authentication attempts.
Exploiting this vulnerability allows remote users to test for the
existence of valid usernames. Knowledge of system users may aid in
further attacks.
OPENSSL PKCS PADDING RSA SIGNATURE FORGERY VULNERABILITY
BugTraq ID: 19849
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/19849
Summary:
OpenSSL is prone to a vulnerability that may allow an attacker to
forge an RSA signature. The attacker may be able to forge a PKCS #1
v1.5 signature when an RSA key with exponent 3 is used.
An attacker may exploit this issue to sign digital certificates or
RSA keys and take advantage of trust relationships that depend on
these credentials, possibly posing as a trusted party and signing a
certificate or key.
All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are
affected by this vulnerability. Updates are available.
PORTABLE OPENSSH GSSAPI REMOTE CODE EXECUTION VULNERABILITY
BugTraq ID: 20241
Last Updated: 2007-04-10
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20241
Summary:
Portable OpenSSH is prone to a remote code-execution
vulnerability. The issue derives from a race condition in a
vulnerable signal handler.
Reportedly, under specific conditions, it is theoretically possible
to execute code remotely prior to authentication when GSSAPI
authentication is enabled. This has not been confirmed; the chance
of a successful exploit of this nature is considered minimal.
On non-Portable OpenSSH implementations, this same race condition
can be exploited to cause a pre-authentication denial of service.
This issue occurs when OpenSSH and Portable OpenSSH are configured
to accept GSSAPI authentication.
POSTGRESQL SECURITY DEFINER FUNCTION LOCAL PRIVILEGE ESCALATION
VULNERABILITY
BugTraq ID: 23618
Last Updated: 2007-04-30
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23618
Summary:
PostgreSQL is prone to a local privilege-escalation vulnerability.
Exploiting this issue allows local attackers to escalate privileges
in the context of the 'security_definer' function.
PostgreSQL versions prior to 8.2.4, 8.1.9, 8.0.13, 7.4.17, and
7.3.19 are vulnerable to this issue.
PROFTPD AUTH MULTIPLE AUTHENTICATION MODULE SECURITY BYPASS
VULNERABILITY
BugTraq ID: 23546
Last Updated: 2007-04-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23546
Summary:
ProFTPD is reported prone to a security-restriction-bypass
vulnerability because of an error in the AUTH API.
Attackers may exploit this issue to bypass security controls
when multiple modules are configured with disparate
authentication policies.
ProFTPD 1.2 and 1.3 branches are reported vulnerable; other versions
may be affected as well.
NOTE: The latest version in the CVS repository reportedly addresses
this issue.
QEMU MULTIPLE LOCAL VULNERABILITIES
BugTraq ID: 23731
Last Updated: 2007-05-01
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23731
Summary:
QEMU is prone to multiple locally exploitable buffer-overflow and
denial-of-service vulnerabilities. The buffer-overflow issues occur
because the software fails to properly check boundaries of user-
supplied input when copying it to insufficiently sized memory
buffers. The denial-of-service issues stem from design errors.
Attackers may be able to exploit these issues to escalate privileges
or trigger denial-of-service conditions.
RED HAT DIRECTORY SERVER MULTIPLE CROSS SITE SCRIPTING VULNERABILITIES
BugTraq ID: 23709
Last Updated: 2007-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23709
Summary:
Red Hat Directory Server is prone to multiple cross-site scripting
vulnerabilities because the application fails to sufficiently
sanitize user-supplied input.
An attacker can exploit these issues to steal cookie-based
authentication credentials and launch other attacks.
Red Hat Directory Server 7.1 is reported vulnerable; other versions
may also be affected.
RED HAT SENDMAIL LOCALHOST.LOCALDOMAIN EMAIL SPOOFING VULNERABILITY
BugTraq ID: 23742
Last Updated: 2007-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23742
Summary:
Red Hat Sendmail is prone to a vulnerability that permits an
attacker to send spoofed emails.
A successful exploit may allow an attacker to impersonate the
localhost when sending an email message.
This issue affects Sendmail on Red Hat systems due to a
configuration error. It is not currently known at this time if this
issue affects other released of the software.
SQL-LEDGER/LEDGERSMB INSECURE USER ACCESS RESTRICTION VULNERABILITY
BugTraq ID: 23352
Last Updated: 2007-04-09
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23352
Summary:
SQL-Ledger/LedgerSMB is prone to an access-restriction vulnerability
because it fails to adequately implement ACLs (Acess Control Lists)
for SQL database access.
Exploiting this issue can allow an attacker to compromise the
application, access or modify data, or exploit latent
vulnerabilities in the underlying database implementation.
All versions of SQL-Ledger and LedgerSMB are prone to this issue.
NOTE: This issue is documented in LedgerSMB documentation.
SAMBA DEFERRED CIFS FILE OPEN DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 22395
Last Updated: 2007-04-05
Remote: No
Relevant URL: http://www.securityfocus.com/bid/22395
Summary:
The smbd daemon is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to consume excessive memory
resources, ultimately crashing the affected application.
This issue affects Samba versions 3.0.6 through 3.0.23d, inclusive.
SENDMAIL UNSPECIFIED DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23606
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23606
Summary:
Sendmail is prone to a denial-of-service vulnerability.
No further information is available at the moment.
An attacker can exploit this issue to crash the affected
application, denying service to legitimate users.
Insufficient information is currently available to determine whether
this is only an HP-specific issue. This BID will be updated as soon
as more information emerges.
This issue may have already been disclosed in a previous BID, but
not enougyh information is available for a proper correlation at
this time. This BID may be retired as more information emerges.
SHADOW-UTILS USERADD LOCAL INSECURE PERMISSIONS VULNERABILITY
BugTraq ID: 18111
Last Updated: 2007-05-01
Remote: No
Relevant URL: http://www.securityfocus.com/bid/18111
Summary:
The useradd utility in shadow-utils is susceptible to a local insecure-
permissions vulnerability. This issue is due to a race-condition
between when user mailboxes are created and when permissions are set
on the file.
A local, unprivileged attacker can exploit this issue to gain
access to newly created mailbox files. This may allow them to
directly inject forged email messages to aid them in social-
engineering attacks. Attackers may also be able to inject data into
the mailbox file that will cause mail applications to fail to
access the file, denying email access to targeted users. Other
attacks may also be possible.
Version 4.0.3 of shadow-utils is vulnerable to this issue; other
versions may also be affected.
SQUID PROXY TRACE REQUEST REMOTE DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23085
Last Updated: 2007-04-18
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23085
Summary:
Squid is prone to a remote denial-of-service vulnerability because
the proxy server fails to handle certain TRACE requests.
Successfully exploiting this issue allows remote attackers to
crash the affected application, denying futher service to
legitimate users.
This issue affects version 2.6.
TCPDUMP IEEE802.11 PRINTER REMOTE BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 22772
Last Updated: 2007-03-26
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22772
Summary:
The 'tcpdump' utility is prone to a heap-based buffer-overflow
vulnerability because it fails to bounds-check user-supplied input
before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary malicious
code in the context of the user running the affected application.
Failed exploit attempts will likely crash the affected application.
This issue affects tcpdump 3.9.5 and prior versions.
TEXINFO FILE HANDLING BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 20959
Last Updated: 2007-04-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/20959
Summary:
Texinfo is prone to a buffer-overflow vulnerability because the
application fails to properly bounds-check user-supplied input
before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to cause the affected
applications using Texinfo to crash, denying service to legitimate
users. Arbitrary code execution may also be possible, but this has
not been confirmed.
TROLLTECH QT UTF-8 SEQUENCES INPUT VALIDATION VULNERABILITY
BugTraq ID: 23269
Last Updated: 2007-04-19
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23269
Summary:
Trolltech QT is prone to an input-validation vulnerability because
the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to exploit other issues in
applications that employ the affected library. A successful attack
may allow the attacker to execute arbitrary HTML and script code in
the browser of an unsuspecting user in the context of the affected
site. This may help the attacker steal cookie-based authentication
credentials and launch other attacks.
Qt versions 3.3.8 and 4.2.3 are known to be vulnerable to this
issue; other versions may be affected as well.
VIM FEEDKEYS AND WRITEFILE FUNCTIONS REMOTE CODE EXECUTION
VULNERABILITIES
BugTraq ID: 23725
Last Updated: 2007-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23725
Summary:
VIM is prone to multiple vulnerabilities that permit a remote
attacker to execute arbitrary code.
An attacker could exploit these issues by enticing a victim to load
a malicious file. A successful exploit could result in the execution
of arbitrary code within the context of the affected application.
VIEWCVS SOURCE VIEW INPUT VALIDATION VULNERABILITY
BugTraq ID: 12112
Last Updated: 2007-03-28
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/12112
Summary:
ViewCVS is prone to an input-validation vulnerability.
This issue resides in the script that allows users to view source
files (viewcvs.py). The software fails to sufficiently sanitize nput
supplied through URI parameters, allowing an attacker to launch cross-
site scripting and HTTP-response-splitting attacks.
Exploitation could allow the attacker to steal cookie-based
authentications and launch other attacks.
This issue appears similar to BID 9291.
VIXIE CRON CRONTAB FILE DISCLOSURE VULNERABILITY
BugTraq ID: 13024
Last Updated: 2007-04-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/13024
Summary:
Vixie cron crontab is reported prone to an information-disclosure
vulnerability that may allow local attackers to access users'
crontab files.
Reportedly, this issue arises due to a design error resulting in the
insecure creation of a temporary file in the '/tmp' directory. This
occurs when crontab is executed with the '-e' option used for
editing the current crontab.
Attackers may leverage this issue to access potentially
sensitive data, which they may use to carry out further attacks
against a computer.
Vixie cron 4.1-24_FC3 running on Fedora Core 3 is reported
vulnerable. Other versions on different operating systems may be
affected as well.
This issue may be specific to Red Hat operating systems and may be
related to BID 1845 (HP-UX crontab /tmp File Vulnerability).
VIXIE CRON ST_NLINK CHECK LOCAL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23520
Last Updated: 2007-04-20
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23520
Summary:
Vixie Cron is prone to a local denial-of-service vulnerability.
This issue occurs when attackers create hard file links to cron
files belonging to both privileged and normal users.
A local attacker may exploit this issue to prevent cron files owned
by privileged and non-privileged users from being executed at
startup or on the next reload of the cron database.
Vixie Cron versions prior to 4.1-r10 are vulnerable.
W3C LIBWWW MULTIPLE VULNERABILITIES
BugTraq ID: 15035
Last Updated: 2007-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/15035
Summary:
W3C Libwww is prone to multiple vulnerabilities.
These issues include a buffer-overflow vulnerability and some issues
related to the handling of multipart/byteranges content.
Libwww 5.4.0 is reported to be vulnerable. Other versions may be
affected as well. These issues may also be exploited through other
applications that implement the library.
X.ORG LIBXFONT MULTIPLE INTEGER OVERFLOW VULNERABILITIES
BugTraq ID: 23283
Last Updated: 2007-05-01
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23283
Summary:
The 'libXfont' library is prone to multiple local integer-overflow
vulnerabilities because it fails to adequately bounds-check user-
supplied data.
An attacker can exploit these vulnerabilities to execute arbitrary
code with superuser privileges. Failed exploit attempts will likely
cause denial-of-service conditions.
These issues affect libXfont 1.2.2; other versions may also be
vulnerable.
X.ORG X WINDOW SYSTEM XSERVER XRENDER EXTENSION DIVIDE BY ZERO DENIAL
OF SERVICE VULNERABILITY
BugTraq ID: 23741
Last Updated: 2007-05-01
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23741
Summary:
X.Org X Window System Xserver is prone to a denial-of-service
vulnerabilty. This issue is due to a failure of the software to
properly handle exceptional conditions.
Attackers with the ability to connect to a vulnerable X server may
exploit this issue to crash the targeted server, denying futher
service to legitimate users.
Y.Org X Window System Xserver version 1.3.0 is vulnerable to this
issue; other versions may also be affected.
X.ORG X11 XC-MISC EXTENSION INTEGER OVERFLOW VULNERABILITY
BugTraq ID: 23284
Last Updated: 2007-04-24
Remote: No
Relevant URL: http://www.securityfocus.com/bid/23284
Summary:
X11 is prone to a local integer-overflow vulnerability because it
fails to adequately bounds-check user-supplied input.
An attacker can exploit this vulnerability to execute arbitrary code
with superuser privileges. Failed exploit attempts will likely cause
denial-of-service conditions.
XMMS SKINS INTEGER OVERFLOW AND UNDERFLOW VULNERABILITIES
BugTraq ID: 23078
Last Updated: 2007-04-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23078
Summary:
XMMS is prone to an integer-overflow vulnerability and an integer-
underflow vulnerability because it fails to adequately handle user-
supplied data.
An attacker can leverage these issues to corrupt stack-based memory
and execute arbitrary code with the privileges of a user running the
application. A successful attack may result in the compromise of
affected computers. Failed attempts will likely cause denial-of-
service conditions.
Version 1.2.10 is vulnerable; other versions may also be affected.
XARAYA ROLES MODULE FORM HANDLER SECURITY BYPASS VULNERABILITY
BugTraq ID: 23631
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23631
Summary:
Xaraya is prone to a vulnerability that will let attackers gain
administrative access to the application.
Successful exploits may result in a complete compromise of
vulnerable applications.
This issue affects versions of Xaraya prior to 1.1.3.
XEN QEMU VNC SERVER ARBITRARY INFORMATION DISCLOSURE VULNERABILITY
BugTraq ID: 22967
Last Updated: 2007-03-27
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/22967
Summary:
Xen is prone to an unspecified vulnerability that lets attackers
obtain arbitrary information. The issue stems from a flaw in the VNC
server code in QEMU.
An attacker can exploit this issue to access sensitive information
that may aid in further attacks.
YATE SIP PROTOCOL DENIAL OF SERVICE VULNERABILITY
BugTraq ID: 23590
Last Updated: 2007-04-23
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23590
Summary:
Yate is prone to a remote denial-of-service vulnerability because it
fails to handle exceptional conditions.
Exploiting this issue allows remote attackers to cause the
application to crash, effectively denying service to
legitimate users.
This issue affects Yate 1.1.0 and prior versions.
ZZIPLIB ZZIP_OPEN_SHARED_IO STACK BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 23013
Last Updated: 2007-04-24
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23013
Summary:
ZZIPlib is prone to a remote stack-based buffer-overflow
vulnerability because it fails to properly bounds-check user-
supplied input before copying it to an insufficiently sized
memory buffer.
Exploiting this issue may allow attackers to execute arbitrary
machine code in the context of applicaitons using the library.
Failed exploit attempts will likely result in a denial-of-service
condition.
Versions prior to 0.13.49 are vulnerable.
ZLIB COMPRESSION LIBRARY BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 14162
Last Updated: 2007-04-05
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14162
Summary:
Zlib is susceptible to a buffer-overflow vulnerability. This issue
is due to the application's failure to properly validate input data
before using it in a memory copy operation.
In certain circumstances, malformed input data during decompression
may result in a memory buffer being overflowed. This may result in
denial-of-service conditions or may allow remote code to execute in
the context of applications that use the affected library.
ZLIB COMPRESSION LIBRARY DECOMPRESSION BUFFER OVERFLOW VULNERABILITY
BugTraq ID: 14340
Last Updated: 2007-04-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/14340
Summary:
Zlib is susceptible to a buffer-overflow vulnerability. This issue
is due to the library's failure to properly handle unexpected input
to its decompression routines.
Certain values used during decompression are incorrectly specified,
allowing invalid inflate input to corrupt memory.
This vulnerability allows attackers to crash applications that use
the affected library. This could also potentially allow for
arbitrary code execution in the context of an affected application.
ZLIB COMPRESSION LIBRARY GZPRINTF() BUFFER OVERRUN VULNERABILITY
BugTraq ID: 6913
Last Updated: 2007-04-06
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/6913
Summary:
A buffer-overrun vulnerability has been reported in the Zlib
compression library. Due to the use of 'vsprintf()' by an internal
Zlib function, an attacker can cause memory to become corrupted.
This buffer overrun occurs becuase the software fails to check the
boundaries of user-supplied data given to the 'gzprintf()' function.
Successful exploitation of this vulnerability may allow an attacker
to execute arbitrary instructions.
Note that only Zlib 1.1.4 has been reported vulnerable to this
issue. It is not yet known whether earlier versions are also
affected.
ZOPE HTTP GET REQUEST HTML INJECTION VULNERABILITY
BugTraq ID: 23084
Last Updated: 2007-04-04
Remote: Yes
Relevant URL: http://www.securityfocus.com/bid/23084
Summary:
Zope is prone to an HTML-injection scripting vulnerability because
the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context
of the affected site, potentially allowing the attacker to steal cookie-
based authentication credentials or to control how the site is
rendered to the user; other attacks are also possible.
More information about the gull-annonces
mailing list