PaX VMA Mirroring Privilege Escalation Vulnerability BugTraq ID: 12729 Remote: Yes Date Published: Mar 05 2005 Relevant URL: http://www.securityfocus.com/bid/12729 Summary: It is reported that PaX contains a privilege escalation vulnerability.
Local unprivileged users may exploit this vulnerability to execute arbitrary code with the privileges of any targeted user. It is also conjectured that remote attackers may also be able to exploit this vulnerability, but exploitability depends on the ability of an attacker to control the executable file mappings of a targeted application. This issue is only exploitable if SEGMEXEC or RANDEXEC are enabled in the kernel configuration. This vulnerability is reported to affect all versions of PaX since September, 2003, when VMA mirroring was introduced. [ sauf erreur le projet PaX est mort suite � �a ] Sylpheed Mail Client Buffer Overflow Vulnerability BugTraq ID: 12730 Remote: Yes Date Published: Mar 04 2005 Relevant URL: http://www.securityfocus.com/bid/12730 Summary: It is reported that Sylpheed is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input data prior to copying it to fixed-size memory buffers. Attackers may exploit this vulnerability to execute arbitrary machine code in the context of the vulnerable application. Versions prior to 1.0.3 are reported to be vulnerable. Xerox Microserver Web Server Unspecified Remote Authorizatio... BugTraq ID: 12731 BugTraq ID: 12783 BugTraq ID: 12787 Remote: Yes Date Published: Mar 07 2005 Relevant URL: http://www.securityfocus.com/bid/12731 Summary: Xerox Microserver is a server utility that includes a Web server. It is enabled by default on Xerox WorkCentre devices. A remote authorization bypass reportedly affects Xerox Microserver Web server. The underlying issue causing this vulnerability is currently unknown; this BID will be updated as further information is released. An attacker may potentially leverage this issue to alter configuration settings on the affected device. A remote authentication bypass vulnerability affects Xerox Document Centre. This issue is due to a failure of the application to properly handle access credentials. An attacker may leverage this issue to gain unauthorized access to the device configuration interface. It should be noted that access to user accounts on the affected device is not granted through exploitation of this issue. An information disclosure vulnerability affects Xerox WorkCentre devices. This issue is due to a design error that may facilitate information disclosure under certain extreme conditions when an unsuspecting user sends a multi-page fax. This issue may facilitate the disclosure of potentially sensitive information. [ firmware ] Hashcash Email Reply Header Format String Vulnerability BugTraq ID: 12732 Remote: Yes Date Published: Mar 07 2005 Relevant URL: http://www.securityfocus.com/bid/12732 Summary: A format string vulnerability exists in the generic C implementation of Hashcash. This vulnerability is exposed when the software handles an email message that includes format specifiers in the recipient field of a reply. Successful exploitation may allow execution of arbitrary code in the context of the software. This vulnerability is believed to have been introduced after the release of version 1.13. It is not known exactly which version the vulnerability was introduced in. Abuse Multiple Local Privilege Escalation Vulnerabilities BugTraq ID: 12734 Remote: No Date Published: Mar 07 2005 Relevant URL: http://www.securityfocus.com/bid/12734 Summary: Abuse is reported prone to multiple vulnerabilities. The following individual issues are reported: Abuse is reported prone to multiple local buffer overflow vulnerabilities. It is reported that a local attacker may exploit these issues to execute arbitrary code with superuser privileges. Abuse is also reported prone to an insecure file creation vulnerability. Reports indicate that this issue may be leveraged to overwrite arbitrary files with superuser privileges. mlterm Background Image Integer Overflow Vulnerability BugTraq ID: 12737 Remote: Yes Date Published: Mar 07 2005 Relevant URL: http://www.securityfocus.com/bid/12737 Summary: mlterm is reported prone to an integer overflow vulnerability. This vulnerability arises due to a lack of sanity checks performed on a malformed image file. mlterm versions 2.5.0 to 2.9.1 are reported vulnerable. Nokia Series 60 BlueTooth Remote Denial Of Service Vulnerabi... BugTraq ID: 12743 Remote: Yes Date Published: Mar 07 2005 Relevant URL: http://www.securityfocus.com/bid/12743 Summary: A remote denial of service vulnerability affects Nokia Series 60. This issue is due to a failure of the operating system to handle malformed network data. An attacker may leverage this issue to cause affected Nokia devices to restart, denying service to legitimate users. [ firmware ] EXIF Library EXIF Tag Parsing Unspecified Memory Corruption ... BugTraq ID: 12744 Remote: Yes Date Published: Mar 07 2005 Relevant URL: http://www.securityfocus.com/bid/12744 Summary: libexif is reported prone to a memory corruption vulnerability. It is reported that the issue presents itself when the affected library is processing malformed EXIF tags. It is reported that this issue may be leveraged to execute arbitrary code in the context of an application that is linked to the vulnerable library. RedHat Linux Less Remote Buffer Overflow Vulnerability BugTraq ID: 12753 Remote: Yes Date Published: Mar 08 2005 Relevant URL: http://www.securityfocus.com/bid/12753 Summary: A remote, client-side buffer overflow vulnerability affects RedHat Linux less. This issue is due to a failure of the application to securely copy file data into finite process buffers. An attacker may leverage this issue to execute arbitrary code with the privileges of an unsuspecting user. [ me semble mal class� ] Ethereal RADIUS Authentication Dissection Buffer Overflow Vu... BugTraq ID: 12759 Remote: Yes Date Published: Mar 08 2005 Relevant URL: http://www.securityfocus.com/bid/12759 Summary: A remote buffer overflow vulnerability reportedly affects Ethereal. This issue is due to a failure of the application to securely copy network-derived data into sensitive process buffers. The specific issue exists in the 3GPP2 A11 dissector. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation. Ethereal Etheric/GPRS-LLC/IAPP/JXTA/sFlow Dissector Vulnerab... BugTraq ID: 12762 Remote: Yes Date Published: Mar 09 2005 Relevant URL: http://www.securityfocus.com/bid/12762 Summary: Multiple buffer overflow and denial of service vulnerabilities affect various Ethereal protocol dissectors. The Etheric, GPRS-LLC, IAPP, JXTA, and sFlow dissectors are affected by these issues. These vulnerabilities may be triggered when the software is used to monitor live network traffic or when a dump is viewed. In the worst case scenario, it is possible to execute arbitrary code as the superuser. Other vulnerabilities will only cause the software to crash when an affected dissector processes live network traffic or a dump. NewsScript Access Validation Vulnerability BugTraq ID: 12761 Remote: Yes Date Published: Mar 08 2005 Relevant URL: http://www.securityfocus.com/bid/12761 Summary: NewsScript is reported prone to an access validation vulnerability. This issue may allow an unauthorized attacker to add, modify and delete messages. It is reported that an attacker can exploit this issue by issuing a specially crafted HTTP GET request for the 'newsscript.pl' script to bypass access checks and carry out administrative tasks. Linux Kernel sys_epoll_wait() Local Integer Overflow Vulnerabi... BugTraq ID: 12763 Remote: No Date Published: Mar 09 2005 Relevant URL: http://www.securityfocus.com/bid/12763 Summary: A Local integer overflow vulnerability affects the Linux kernel. This issue is due to a failure of the affected kernel to properly handle user-supplied size values. An attacker may leverage this issue to overwrite low kernel memory. This may potentially facilitate privilege escalation. Perl Local Race Condition Privilege Escalation Vulnerability BugTraq ID: 12767 Remote: No Date Published: Mar 09 2005 Relevant URL: http://www.securityfocus.com/bid/12767 Summary: Perl is reported prone to a local race condition vulnerability. The vulnerability is present in the 'rmtree()' function provided by the 'File::Path.pm' module. A successful attack may allow an attacker to gain elevated privileges on a vulnerable computer. Grip CDDB Response Multiple Matches Buffer Overflow Vulnerab... BugTraq ID: 12770 Remote: Yes Date Published: Mar 10 2005 Relevant URL: http://www.securityfocus.com/bid/12770 Summary: A buffer overflow vulnerability exists in Grip. The vulnerability occurs when the software processes a response to a CDDB query that has in excess of 16 matches. For an attacker to exploit this issue, they must be able to influence the response to a CDDB query, either by controlling a malicious CDDB server or through other means. Successful exploitation will result in execution of arbitrary code. This vulnerability is reported to affect versions 3.1.2 and 3.2.0. It is not known if other versions are also affected. Multiple Vendor Antivirus Products Malformed ZIP Attachment ... BugTraq ID: 12771 Remote: Yes Date Published: Mar 10 2005 Relevant URL: http://www.securityfocus.com/bid/12771 Summary: Multiple antivirus products from various vendors are reported prone to a vulnerability that may allow potentially malformed ZIP archives to bypass detection. This issue arises when an affected application processes a ZIP archive with an invalid CRC-32 checksum. It should be noted that affected software may possibly detect a malicious file in the archive when it is decompressed or scanned manually. The discoverer of this vulnerability has reported that this issue affects H+BEDV AntiVir, AVG Anti-Virus, Sybari Antigen for Microsoft Exchange, and products by McAfee, and BitDefender. Symantec products were not found to be vulnerable to the issue. **Update: Symantec believes that the impact of this issue is low. This is because an archive handler processing an archive that possesses a corrupt CRC-32 checksum will fail, reporting that the archive is corrupt. This would mean that a malicious file contained in such an archive would not be directly accessible to a target recipient user. Alternatively, if the CRC-32 checksum is corrected manually by the recipient user and the file is extracted, it will likely be detected by client-side Anti-Virus solutions during the file extraction routine. This detection will likely occur before the malicious file is directly processed by the end user. [ aussi pour info clamav par d�faut ne reporte que le premier fichier vuln�rable d'une archive. Soit consid�rer d�s qu'il y a un fichier vuln�rable que toute l'archive -- voir le mail suite aux attaques automatiques -- est � jeter, soit utiliser l'option ad-hoc de clamav ] MySQL AB MySQL Multiple Remote Vulnerabilities BugTraq ID: 12781 Remote: Yes Date Published: Mar 11 2005 Relevant URL: http://www.securityfocus.com/bid/12781 Summary: MySQL is reported prone to multiple vulnerabilities that can be exploited by a remote authenticated attacker. The following individual issues are reported: MySQL is reported prone to an insecure temporary file creation vulnerability. Reports indicate that an attacker that has 'CREATE TEMPORARY TABLE' privileges on an affected installation may leverage this vulnerability to corrupt files with the privileges of the MySQL process. MySQL is reported prone to an input validation vulnerability that can be exploited by remote users that have INSERT and DELETE privileges on the 'mysql' administrative database. Reports indicate that this issue may be leveraged to load an execute a malicious library in the context of the MySQL process. Finally, MySQL is reported prone to a remote arbitrary code execution vulnerability. It is reported that the vulnerability may be triggered by employing the 'CREATE FUNCTION' statement to manipulate functions in order to control sensitive data structures. This issue may be exploited to execute arbitrary code in the context of the database process. These issues are reported to exist in MySQL versions prior to MySQL 4.0.24 and 4.1.10a. _______________________________________________ gull-annonces mailing list [email protected] http://lists.alphanet.ch/mailman/listinfo/gull-annonces
