Util-Linux mcookie Cookie Generation Weakness BugTraq ID: 6855 Remote: Yes Date Published: Feb 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6855 Summary:
util-linux is a freely available, open source software package that provides some implementations of standard UNIX utilities, such as login. Included with util-linux is the mcookie utility that is used to generate random cookies for use with X authentication. A weakness has been reported for the mcookie utility where cookies may be generated in a predictable manner. The weakness occurs because mcookie uses /dev/urandom to generate cookies. This may be exploited by an attacker to guess cookie values to steal credentials of users who use X authentication. Information obtained in this manner may be used by the attacker to launch further attacks against vulnerable systems and users. PHP CGI SAPI Code Execution Vulnerability BugTraq ID: 6875 Remote: Yes Date Published: Feb 17 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6875 Summary: PHP is a freely available, open source web scripting language package. It is available for Microsoft Windows, Linux, and Unix operating systems. An unspecified vulnerability has been reported in the CGI SAPI of PHP version 4.3.0. Direct access to the CGI binary can be prevented by using the configuration option '--enable-force-cgi-redirect' and the php.ini option 'cgi.force_redirect'. The report states that an unspecified bug could render these options useless, allowing a remote user to directly access the CGI binary. This could allow an attacker to read any file that is readable by the web server user, or to potentially execute arbitrary PHP code. The attacker would have to be able to inject the PHP code into a file accessible by the CGI binary, such as the web server access logs. [ core PHP ] BitchX Malformed RPL_NAMREPLY Denial Of Service Vulnerability BugTraq ID: 6880 Remote: Yes Date Published: Feb 18 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6880 Summary: BitchX is a freely available, open source IRC client. It is available for Unix, Linux, and Microsoft operating systems. A problem with BitchX could make it possible for a malicious IRC server to crash a vulnerable client. It has been reported that BitchX does not properly handle some types of replies contained in the RPL_NAMREPLY numeric. When a malformed reply is received by the client, the client crashes, resulting in a denial of service. The problem occurs through the handling of the 353 IRC numeric. It is suspected that this vulnerability may also make possible the execution of arbitrary code. In the event that this is possible, code executed through this vulnerability would be in the context of the BitchX user. This could allow a remote attacker access to the system on which the affected client is running with the privileges of the BitchX user. [ + usuels scripts PHP + IBM Domino HTTP server ] - Pour poster une annonce: [EMAIL PROTECTED]
