Marc SCHAEFER
Thu, 05 Sep 2002 00:34:15 -0700
Blazix Special Character Handling Server Side Script Information Disclosure Vulnerability BugTraq ID: 5566 Remote: Yes Date Published: Aug 24 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5566 Summary: Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems. A problem with Blazix may make it possible for a remote user to gain access to sensitive information. Blazix does not properly handle some special characters when appended to requests. By passing a special character with a request to the web server, it is possible for a user to gain access to the source of server-side scripts. This could result in information disclosure, and could potentially be used to gain intelligence in launching an attack against a system. When a user passes a request to the web server that ends in either a plus (+) or backslash (\), the web server may react unpredictably. This type of character appended to the name of a .jsp file has been reported to reveal the contents of the .jsp file. Blazix Password Protected Directory Information Disclosure Vulnerability BugTraq ID: 5567 Remote: Yes Date Published: Aug 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5567 Summary: Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems. A problem with Blazix may make it possible for a remote user to gain access to sensitive information. Blazix does not properly handle some special characters when appended to requests. By passing a special character with a request to the web server, it is possible for a user to gain access to a listing of a password protected directory. This could result in information disclosure, and could potentially be used to gain intelligence in launching an attack against a system. When a user passes a request to the web server that ends in either a plus (+) or backslash (\), the web server may react unpredictably. This type of character appended to the name of a password-protected directory has been reported to reveal the contents of the directory. Belkin F5D6130 Wireless Network Access Point SNMP Request Denial Of Service Vulnerability BugTraq ID: 5571 Remote: Yes Date Published: Aug 26 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5571 Summary: A denial of service vulnerability has been reported in the Belkin F5D6130 Wireless Network Access Point. Reportedly, this issue may be exploited by making a sequence of SNMP requests. A valid community name is not required. The device will respond to each request by broadcasting at least one SNMP trap. If a number of SNMP requests are made, the device will fail to respond to further requests. Additionally, all wireless connections will be dropped, and new connections refused, denying service to legitimate users of the wireless service. Under some conditions, the device may also fail to respond on the ethernet interface, eliminating all means of managing the device. In this case, a manual restart will be required in order to regain normal functionality. [ hardware ] Gaim Manual Browser Command Arbitrary Command Execution Vulnerability BugTraq ID: 5574 Remote: Yes Date Published: Aug 27 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5574 Summary: Gaim is an instant messaging client that supports numerous protocols. It is available for Unix and Linux variant operating systems. Gaim allows the user to define a 'Manual' browser option. When URL links are recieved in instant messages, the user is able to click on the link in order to pass the URL to a specified application. The URL recieved is not properly sanitized. A malicious instant message may include a URL with shell metacharacters, such as ';' or '|'. When passed to the shell command intended to invoke the browser, this characters will allow additional commands appended to the URL to be executed. Commands supplied will execute with the privileges of the user running Gaim. It is likely that exploitation of this vulnerability could result in the attacker gaining local access to the vulnerable system. GDAM123 Filename Buffer Overflow Vulnerability BugTraq ID: 5578 Remote: No Date Published: Aug 24 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5578 Summary: GDAM123 is a command-line MP3 player supplied with GDAM real-time digital DJ mixing software package. GDAM is available for Unix and Linux variants. The GDAM123 player is prone to a buffer overflow condition when handling overly long filenames. Filenames are supplied via the command line and used in a strcpy() operation. It is possible to trigger the overflow by supplying a filename that is over 1024 bytes in length, which will result in corruption of stack variables. If stack variables (such as the return address) can be corrupted with attacker-supplied values, it is possible to execute arbitrary code. Under some circumstances, the player may be installed setuid root to allow unprivileged users to run the player if access to certain devices is required. In a situation such as this, the buffer overflow may be exploited to gain elevated privileges via the execution of arbitrary code. Python os.py Predictable Temporary Filename Command Execution Vulnerability BugTraq ID: 5581 Remote: No Date Published: Aug 28 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5581 Summary: Python is an open source, object oriented programming language. It has been reported that some versions of Python create temporary files in an insecure manner. The vulnerability occurs in the os._execvpe function found in os.py. It has been reported that exploitation of this vulnerability could lead to the execution of arbitrary code. The nature of this vulnerability is currently unspecified and further details are not available at this time. Reportedly, Python 2.3 is not vulnerable to this issue. + les usuels problèmes avec les scripts PHP. - Pour poster une annonce: [EMAIL PROTECTED]