ALSAPLAYER MULTIPLE BUFFER OVERFLOW VULNERABILITIES BugTraq ID: 19450 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/19450 Summary: AlsaPlayer is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of the data before copying it into a finite-sized internal memory buffer.
An attacker can exploit these issues to execute arbitrary code within the context of the application or cause a denial-of-service condition. AlsaPlayer 0.99.76, the CVS version as of 9 Aug 2006, and prior versions are vulnerable to this issue; other versions may also be affected. APACHE HTTP SERVER ARBITRARY HTTP REQUEST HEADERS SECURITY WEAKNESS BugTraq ID: 19661 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/19661 Summary: Apache HTTP server is prone to an HTTP request header security weakness. An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks. BLOJSOM CROSS-SITE SCRIPTING VULNERABILITY BugTraq ID: 20026 Last Updated: 2006-09-14 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/20026 Summary: Blojsom is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. BUSYBOX HTTPD DIRECTORY TRAVERSAL VULNERABILITY BugTraq ID: 20067 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/20067 Summary: The httpd daemon of BusyBox is prone to a directory-traversal vulnerability because it fails to properly sanitize user- supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks. This issue affects version 1.01; other versions may also be vulnerable. CISCO IOS MULTIPLE VLAN TRUNKING PROTOCOL VULNERABILITIES BugTraq ID: 19998 Last Updated: 2006-09-14 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/19998 Summary: Cisco IOS is prone to multiple vulnerabilities when handling VLAN Trunking Protocol (VTP) packets. These issues include two denial-of-service vulnerabilities and a buffer- overflow vulnerability. Attackers require access to trunk ports on affected devices for VTP packets to be accepted. Attackers may reportedly use the Dynamic Trunk Protocol (DTP) to become a trunking peer to gain required access. By exploiting these issues, attackers may crash affected routers, cause further VTP packets to be ignored, or potentially execute arbitrary machine code in the context of affected devices. Cisco IOS 12.1(19) is vulnerable to these issues; other versions are also likely affected. [ firmware ] FFMPEG IMAGE FILE UNSPECIFIED MULTIPLE BUFFER OVERFLOW VULNERABILITIES BugTraq ID: 20009 Last Updated: 2006-09-14 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/20009 Summary: FFmpeg is prone to multiple unspecified remote buffer-overflow vulnerabilities because the application using this library fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. These issues allow attackers to execute arbitrary machine code within the context of the affected application. This BID will be updated as more information is disclosed. Versions prior to 0.4.9_p20060530 are vulnerable to this issue. FFMPEG LIBAVCODEC HEAP BUFFER OVERFLOW VULNERABILITY BugTraq ID: 15743 Last Updated: 2006-09-14 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/15743 Summary: FFmpeg's 'libavcodec' is prone to a heap buffer-overflow vulnerability. This issue is due to the library's failure to properly bounds-check user-supplied data before using it in memory allocation and copy operations. Attackers may exploit this vulnerability to execute arbitrary code in the context of applications that use an affected version of the libavcodec library. An attacker can exploit this issue by enticing a user to open a malformed PNG file with an application that uses a vulnerable version of libavcodec. If the application is configured as the default handler for PNG files, this could present a viable web or email attack vector -- when the PNG is clicked from an appropriate client application, the application using the vulnerable library will automatically be invoked. FREETYPE LWFN FILES BUFFER OVERFLOW VULNERABILITY BugTraq ID: 18034 Last Updated: 2006-09-18 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/18034 Summary: FreeType is prone to a buffer-overflow vulnerability. This issue is due to an integer-overflow that results in a buffer being overrun with attacker-supplied data. This issue allows remote attackers to execute arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts will likely crash applications, denying service to legitimate users. FreeType versions prior to 2.2.1 are vulnerable to this issue. GNU GZIP ARCHIVE HANDLING MULTIPLE REMOTE VULNERABILITIES BugTraq ID: 20101 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/20101 Summary: The gzip utility is prone to multiple remote buffer-overflow and denial-of- service vulnerabilities when handling malicious archive files. Successful exploits may allow a remote attacker to corrupt process memory by triggering an overflow condition. This may lead to arbitrary code execution in the context of an affected user and facilitate a remote compromise. Attackers may also trigger denial-of- service conditions by crashing or hanging the application. Specific information regarding affected versions of gzip is currently unavailable. This BID will be updated as more information is released. GNU MAILMAN MULTIPLE SECURITY VULNERABILITIES BugTraq ID: 19831 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/19831 Summary: Mailman is prone to multiple security vulnerabilities. The application fails to properly sanitize user-supplied input, and exhibits errors in MIME header handling and logging. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to cause a denial of service, and to inject spoofed log messages. This may help the attacker steal cookie-based authentication credentials, deny service to users, and launch other attacks. These issues affect Mailman versions later than 2.0 and prior to 2.1.9rc1. GNUTLS PKCS RSA SIGNATURE FORGERY VULNERABILITY BugTraq ID: 20027 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/20027 Summary: GnuTLS is prone to a vulnerability that may allow an attacker to forge an RSA signature. The attacker may be able to forge a PKCS #1 v1.5 signature when verifying a X.509 certificate. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. This vulnerability is a variant of the issue discussed in BID 19849 (OpenSSL PKCS Padding RSA Signature Forgery Vulnerability) and affects GnuTLS versions prior to version 1.4.3. ISC BIND MULTIPLE REMOTE DENIAL OF SERVICE VULNERABILITIES BugTraq ID: 19859 Last Updated: 2006-09-15 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/19859 Summary: ISC BIND is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause denial-of-service conditions, effectively denying service to legitimate users. IODINE UNSPECIFIED SECURITY VULNERABILITY BugTraq ID: 20017 Last Updated: 2006-09-14 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/20017 Summary: Iodine is prone to an unspecified security vulnerability. Very little information is available on this issue; this BID will be updated as more information becomes available. [ IP tunnel through DNS ] JIRA CONFIGURERELEASENOTE.JSPA CROSS-SITE SCRIPTING VULNERABILITY BugTraq ID: 18575 Last Updated: 2006-09-14 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/18575 Summary: Jira is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. LINUX KERNEL 2.6.16.13 MULTIPLE SCTP REMOTE DENIAL OF SERVICE VULNERABILITIES BugTraq ID: 17955 Last Updated: 2006-09-18 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/17955 Summary: The Linux kernel SCTP module is susceptible to remote denial-of- service vulnerabilities. These issues are triggered when the kernel handles unexpected SCTP packets. These issues allow remote attackers to trigger kernel deadlock and infinite recursion, denying further service to legitimate users. The Linux kernel version 2.6.16 is vulnerable to these issues; prior versions may also be affected. LINUX KERNEL CD-ROM DRIVER LOCAL BUFFER OVERFLOW VULNERABILITY BugTraq ID: 18847 Last Updated: 2006-09-18 Remote: No Relevant URL: http://www.securityfocus.com/bid/18847 Summary: The Linux kernel is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation. This issue allows local attackers to overwrite kernel memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of affected kernels. This vulnerability facilitates the complete compromise of affected computers. Linux kernel version 2.6.17.3 and prior are affected by this issue. LINUX KERNEL CHOOSE_NEW_PARENT LOCAL DENIAL OF SERVICE VULNERABILITY BugTraq ID: 18099 Last Updated: 2006-09-14 Remote: No Relevant URL: http://www.securityfocus.com/bid/18099 Summary: The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the 'choose_new_parent' function. This vulnerability allows local users to cause a kernel panic, denying further service to legitimate users. This issue affects Linux kernel versions prior to 2.6.11.12. LINUX KERNEL ELF FILE CROSS REGION MAPPING LOCAL DENIAL OF SERVICE VULNERABILITY BugTraq ID: 19702 Last Updated: 2006-09-19 Remote: No Relevant URL: http://www.securityfocus.com/bid/19702 Summary: The Linux kernel is prone to a local denial-of-service vulnerability. This issue could cause an affected computer to crash. LINUX KERNEL ELF FILE ENTRY POINT DENIAL OF SERVICE VULNERABILITY BugTraq ID: 16925 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/16925 Summary: Linux kernel is prone to a denial-of-service vulnerability when processing a malformed ELF file. This issue occurs only on Intel EM64T processors. Linux kernel versions prior to 2.6.15.5 are affected by this issue. LINUX KERNEL IP ID INFORMATION DISCLOSURE WEAKNESS BugTraq ID: 17109 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/17109 Summary: The Linux kernel is prone to a remote information-disclosure weakness. This issue is due to an implementation flaw of a zero 'ip_id' information-disclosure countermeasure. This issue allows remote attackers to use affected computers in stealth network port and trust scans. The Linux kernel 2.6 series, as well as some kernels in the 2.4 series, are affected by this weakness. LINUX KERNEL INTEL EM64T SYSRET LOCAL DENIAL OF SERVICE VULNERABILITY BugTraq ID: 17541 Last Updated: 2006-09-19 Remote: No Relevant URL: http://www.securityfocus.com/bid/17541 Summary: The Linux kernel is prone to a local denial-of-service vulnerability. This issue arises in Intel EM64T CPUs when returning program control using SYSRET. This vulnerability allows local users to crash the kernel, denying further service to legitimate users. LINUX KERNEL LEASE_INIT LOCAL DENIAL OF SERVICE VULNERABILITY BugTraq ID: 17943 Last Updated: 2006-09-15 Remote: No Relevant URL: http://www.securityfocus.com/bid/17943 Summary: The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the 'lease_init' function. This vulnerability allows local users to panic the kernel, denying further service to legitimate users. This issue affects Linux kernel versions prior to 2.6.16.16. LINUX KERNEL MULTIPLE SECURITY VULNERABILITIES BugTraq ID: 15049 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/15049 Summary: Linux kernel is prone to multiple vulnerabilities. These issues may allow local and remote attackers to trigger denial-of-service conditions or to access sensitive kernel memory. Linux kernel 2.6.x versions are known to be vulnerable at the moment. Other versions may be affected as well. LINUX KERNEL NFS AND EXT3 COMBINATION REMOTE DENIAL OF SERVICE VULNERABILITY BugTraq ID: 19396 Last Updated: 2006-09-14 Remote: No Relevant URL: http://www.securityfocus.com/bid/19396 Summary: The Linux kernel is susceptible to a remote denial-of-service vulnerability because the EXT3 filesystem code fails to properly handle unexpected conditions. Remote attackers may trigger this issue by sending crafted UDP datagrams to affected computers that are configured as NFS servers, causing filesystem errors. Depending on the mount-time options of affected filesystems, this may result in remounting filesystems as read-only or cause a kernel panic. Linux kernel versions 2.6.14.4, 2.6.17.6, and 2.6.17.7 are vulnerable to this issue; other versions in the 2.6 series are also likely affected. LINUX KERNEL NETFILTER CONNTRACK_PROTO_SCTP.C DENIAL OF SERVICE VULNERABILITY BugTraq ID: 18755 Last Updated: 2006-09-14 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/18755 Summary: The Linux kernel 'netfilter' module is prone to a denial-of-service vulnerability. Successful exploits of this vulnerability will cause the kernel to crash, effectively denying service to legitimate users. LINUX KERNEL PPC970 SYSTEMS LOCAL DENIAL OF SERVICE VULNERABILITY BugTraq ID: 19615 Last Updated: 2006-09-14 Remote: No Relevant URL: http://www.securityfocus.com/bid/19615 Summary: The Linux kernel is prone to a local denial-of-service vulnerability. An attacker can exploit this issue to crash the kernel, denying further service to legitimate users. LINUX KERNEL PRCTL CORE DUMP HANDLING PRIVILEGE ESCALATION VULNERABILITY BugTraq ID: 18874 Last Updated: 2006-09-19 Remote: No Relevant URL: http://www.securityfocus.com/bid/18874 Summary: Linux kernel is prone to a local privilege-escalation vulnerability. A local attacker may gain elevated privileges by creating a coredump file in a directory that they do not have write access to. A successful attack may result in a complete compromise. Linux kernel versions prior to 2.6.17.4 are vulnerable. LINUX KERNEL PROC FILESYSTEM LOCAL PRIVILEGE ESCALATION VULNERABILITY BugTraq ID: 18992 Last Updated: 2006-09-19 Remote: No Relevant URL: http://www.securityfocus.com/bid/18992 Summary: The Linux kernel is prone to a local privilege-escalation vulnerability because of a race-condition in the 'proc' filesystem. This issue allows local attackers to gain superuser privileges, facilitating the complete compromise of affected computers. The 2.6 series of the Linux kernel is vulnerable to this issue. LINUX KERNEL SCTP MULTIPLE REMOTE DENIAL OF SERVICE VULNERABILITIES BugTraq ID: 18085 Last Updated: 2006-09-14 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/18085 Summary: The Linux kernel SCTP module is prone to remote denial-of-service vulnerabilities. These issues are triggered when the kernel handles unexpected SCTP packets. These issues allow remote attackers to trigger kernel panics, denying further service to legitimate users. The Linux kernel version 2.6.16 is vulnerable to these issues; prior versions may also be affected. LINUX KERNEL SCTP SO_LINGER LOCAL DENIAL OF SERVICE VULNERABILITY BugTraq ID: 20087 Last Updated: 2006-09-19 Remote: No Relevant URL: http://www.securityfocus.com/bid/20087 Summary: The Linux kernel SCTP module is prone to a local denial-of-service vulnerability. This issue allows local attackers to cause kernel crashes, denying service to legitimate users. Specific information regarding affected versions of the Linux kernel is currently unavailable. This BID will be updated as further information is disclosed. LINUX KERNEL SCTP_MAKE_ABORT_USER FUNCTION BUFFER OVERFLOW VULNERABILITY BugTraq ID: 19666 Last Updated: 2006-09-14 Remote: No Relevant URL: http://www.securityfocus.com/bid/19666 Summary: The Linux kernel is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. A local attacker can exploit this issue to execute arbitrary code and potentially compromise the affected computer. LINUX KERNEL SEARCH_BINARY_HANDLER LOCAL DENIAL OF SERVICE VULNERABILITY BugTraq ID: 16320 Last Updated: 2006-09-18 Remote: No Relevant URL: http://www.securityfocus.com/bid/16320 Summary: Linux kernel is susceptible to a local denial-of-service vulnerability. This issue presents itself in the 'search_binary_handler' function of 'exec.c'. This issue allows local users to crash the kernel due to a panic, denying service to legitimate users. Linux kernel 2.4 versions on 64-bit x86 architectures prior to 2.4.33- pre1 are affected. LINUX KERNEL SG DRIVER DIRECT IO LOCAL DENIAL OF SERVICE VULNERABILITY BugTraq ID: 18101 Last Updated: 2006-09-18 Remote: No Relevant URL: http://www.securityfocus.com/bid/18101 Summary: The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the SG driver. This vulnerability allows local users to cause a kernel panic, denying further service to legitimate users. This issue affects Linux kernel versions prior to 2.6.13. LINUX KERNEL SNMP NAT HELPER REMOTE DENIAL OF SERVICE VULNERABILITY BugTraq ID: 18081 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/18081 Summary: The Linux SNMP NAT helper is susceptible to a remote denial-of- service vulnerability. This issue allows remote attackers to potentially corrupt memory and ultimately trigger a denial of service for legitimate users. Kernel versions prior to 2.6.16.18 are vulnerable to this issue. LINUX KERNEL SENDMSG() LOCAL BUFFER OVERFLOW VULNERABILITY BugTraq ID: 14785 Last Updated: 2006-09-18 Remote: No Relevant URL: http://www.securityfocus.com/bid/14785 Summary: Linux kernel is prone to a local buffer-overflow vulnerability. The vulnerability affects 'sendmsg()' when malformed user-supplied data is copied from userland to kernel memory. A successful attack can allow a local attacker to trigger an overflow, which may lead to a denial-of-service condition due to memory corruption. Arbitrary code execution resulting in privilege escalation is possible as well. LINUX KERNEL SHARED MEMORY SECURITY RESTRICTION BYPASS VULNERABILITIES BugTraq ID: 17587 Last Updated: 2006-09-18 Remote: No Relevant URL: http://www.securityfocus.com/bid/17587 Summary: The Linux kernel is prone to vulnerabilities regarding access to shared memory. A local attacker could potentially gain read and write access to shared memory and write access to read-only tmpfs filesystems, bypassing security restrictions. An attacker can exploit these issues to possibly corrupt applications and their data when the applications use temporary files or shared memory. LINUX KERNEL SSOCKADDR_IN.SIN_ZERO KERNEL MEMORY DISCLOSURE VULNERABILITIES BugTraq ID: 17203 Last Updated: 2006-09-19 Remote: No Relevant URL: http://www.securityfocus.com/bid/17203 Summary: The Linux kernel is affected by local memory-disclosure vulnerabilities. These issues are due to the kernel's failure to properly clear previously used kernel memory before returning it to local users. These issues allow an attacker to read kernel memory and potentially gather information to use in further attacks. LINUX KERNEL SYSCTL UNREGISTRATION LOCAL DENIAL OF SERVICE VULNERABILITY BugTraq ID: 15365 Last Updated: 2006-09-18 Remote: No Relevant URL: http://www.securityfocus.com/bid/15365 Summary: Linux Kernel is reported prone to a local denial-of-service vulnerability. This issue arises from a failure to properly unregister kernel resources when network devices are removed. This issue allows local attackers to deny service to legitimate users. Attackers may also be able to execute arbitrary code in the context of the kernel, but this has not been confirmed. LINUX KERNEL UDF DENIAL OF SERVICE VULNERABILITY BugTraq ID: 19562 Last Updated: 2006-09-14 Remote: No Relevant URL: http://www.securityfocus.com/bid/19562 Summary: The Linux kernel UDF file module is prone to a denial-of-service. An attacker can exploit this issue to crash the kernel, denying further service to legitimate users. LINUX KERNEL USB DRIVER DATA QUEUE LOCAL DENIAL OF SERVICE VULNERABILITY BugTraq ID: 19033 Last Updated: 2006-09-14 Remote: No Relevant URL: http://www.securityfocus.com/bid/19033 Summary: The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the USB FTDI SIO driver. This vulnerability allows local users to consume all available memory resources, denying further service to legitimate users. This issue affects Linux kernel versions prior to 2.6.16.27. LINUX KERNEL USB SUBSYSTEM LOCAL DENIAL OF SERVICE VULNERABILITY BugTraq ID: 14955 Last Updated: 2006-09-19 Remote: No Relevant URL: http://www.securityfocus.com/bid/14955 Summary: A local denial-of-service vulnerability affects the Linux kernel's USB subsystem. This issue is due to the kernel's failure to properly handle unexpected conditions when trying to handle URBs (USB Request Blocks). Local attackers may exploit this vulnerability to trigger a kernel 'oops' on computers where the vulnerable USB subsystem is enabled. This would deny service to legitimate users. LINUX KERNEL __SETLEASE LOCAL DENIAL OF SERVICE VULNERABILITY BugTraq ID: 18033 Last Updated: 2006-09-14 Remote: No Relevant URL: http://www.securityfocus.com/bid/18033 Summary: The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the '__setlease' function. This vulnerability allows local users to leak kernel memory, potentially resulting in a kernel panic, denying further service to legitimate users. This issue affects Linux kernel versions prior to 2.6.16.16. LINUX KERNEL DIE_IF_KERNEL LOCAL DENIAL OF SERVICE VULNERABILITY BugTraq ID: 16993 Last Updated: 2006-09-19 Remote: No Relevant URL: http://www.securityfocus.com/bid/16993 Summary: The Linux kernel is prone to a local denial-of-service vulnerability. This issue is due to a design error in the 'die_if_kernel()' function. This vulnerability allows local users to panic the kernel, denying further service to legitimate users. This issue affects Linux kernel versions prior to 2.6.15.6 running on Itanium systems. LINUX ORINOCO DRIVER REMOTE INFORMATION DISCLOSURE VULNERABILITY BugTraq ID: 15085 Last Updated: 2006-09-18 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/15085 Summary: The Orinoco drivers for Linux kernels are susceptible to a remote information-disclosure vulnerability. This issue is due to the driver sending uninitialized kernel memory in small network packets. Remote attackers may exploit this issue to access potentially sensitive kernel memory, aiding them in further attacks. MOZILLA FIREFOX JAVASCRIPT HANDLER RACE CONDITION MEMORY CORRUPTION VULNERABILITY BugTraq ID: 19488 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/19488 Summary: Mozilla Firefox is prone to a remote memory-corruption vulnerability. This issue is due to a race condition that may result in double-free or other memory-corruption issues. Attackers may likely exploit this issue to execute arbitrary machine code in the context of the vulnerable application, but this has not been confirmed. Failed exploit attempts will likely crash the application. Mozilla Firefox is vulnerable to this issue. Due to code-reuse, other Mozilla products are also likely affected. MOZILLA FIREFOX XML HANDLER RACE CONDITION MEMORY CORRUPTION VULNERABILITY BugTraq ID: 19534 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/19534 Summary: Mozilla Firefox is prone to a remote memory-corruption vulnerability because of a race condition that may result in double-free or other memory-corruption issues. Attackers may likely exploit this issue to execute arbitrary machine code in the context of the vulnerable application, but this has not been confirmed. Failed exploit attempts will likely crash the application. Mozilla Firefox is vulnerable to this issue. Due to code-reuse, other Mozilla products are also likely affected. It has been reported that the Flock web browser version 0.7.4.1 and the K-Meleon web browser version 1.0.1 are also vulnerable. MOZILLA FIREFOX/THUNDERBIRD/SEAMONKEY MULTIPLE REMOTE VULNERABILITIES BugTraq ID: 20042 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/20042 Summary: The Mozilla Foundation has released six security advisories specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird. These vulnerabilities allow attackers to: - execute arbitrary code - perform cross-site scripting attacks - supply malicious data through updates - inject arbitrary content - execute arbitrary JavaScript - crash affected applications and potentially execute arbitrary code. Other attacks may also be possible. The issues described here will be split into individual BIDs as more information becomes available. These issues are fixed in: - Mozilla Firefox version 1.5.0.7 - Mozilla Thunderbird version 1.5.0.7 - Mozilla SeaMonkey version 1.0.5 MOZILLA MULTIPLE PRODUCTS REMOTE VULNERABILITIES BugTraq ID: 19181 Last Updated: 2006-09-13 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/19181 Summary: The Mozilla Foundation has released thirteen security advisories specifying vulnerabilities in Mozilla Firefox, SeaMonkey, and Thunderbird. These vulnerabilities allow attackers to: - execute arbitrary machine code in the context of the vulnerable application - crash affected applications - run arbitrary script code with elevated privileges - gain access to potentially sensitive information - carry out cross-domain scripting attacks. Other attacks may also be possible. The issues described here will be split into individual BIDs as more information becomes available. These issues are fixed in: - Mozilla Firefox version 1.5.0.5 - Mozilla Thunderbird version 1.5.0.5 - Mozilla SeaMonkey version 1.0.3 MULTIPLE VENDOR AMD CPU LOCAL FPU INFORMATION DISCLOSURE VULNERABILITY BugTraq ID: 17600 Last Updated: 2006-09-19 Remote: No Relevant URL: http://www.securityfocus.com/bid/17600 Summary: Multiple vendors' operating systems are prone to a local information- disclosure vulnerability. This issue is due to a flaw in the operating systems that fail to properly use AMD CPUs. Local attackers may exploit this vulnerability to gain access to potentially sensitive information regarding other processes executing on affected computers. This may aid attackers in retrieving information regarding cryptographic keys or other sensitive information. This issue affects Linux and FreeBSD operating systems that use generations 7 and 8 AMD CPUs. NETGEAR DG834GT LONG USERNAME DENIAL OF SERVICE VULNERABILITY BugTraq ID: 19973 Last Updated: 2006-09-13 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/19973 Summary: The NetGear DG834GT device is prone to a denial-of-service vulnerability because it fails to properly validate user- supplied input. This issue allows attackers to cause the device to stop responding to network requests, effectively denying service to legitimate users. [ firmware ] NOKIA PHONES FIRMWARE MMC LOCAL AUTHENTICATION BYPASS VULNERABILITY BugTraq ID: 20003 Last Updated: 2006-09-14 Remote: No Relevant URL: http://www.securityfocus.com/bid/20003 Summary: Nokia Mobile Phones are prone to an authentication-bypass vulnerability due to a design error. Successful exploits may allow an attacker with local access to a vulnerable mobile device to bypass the application's authentication methods and gain full access to the affected device. We currently have no information regarding specific details of the affected devices. This BID will be updated when more information becomes available. [ firmware ] OSU HTTP SERVER MULTIPLE INFORMATION DISCLOSURE VULNERABILITIES BugTraq ID: 20098 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/20098 Summary: OSU (Ohio State University) HTTP server is prone to multiple information- disclosure vulnerabilities. This may allow a malicious user to gain access to sensitive data; information gained may aid in further attacks. Versions 3.11a and 3.10a are vulnerable; other versions may also be affected. OPENBSD ISAKMPD IPSEC REPLAY VULNERABILITY BugTraq ID: 19712 Last Updated: 2006-09-14 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/19712 Summary: OpenBSD's IPsec implementation is prone to remote replay attacks. This issue is due to the improper implementation of its replay window. This issue allows remote attackers to replay IPsec traffic. The exact consequences of successful attacks depend on the nature of the traffic being replayed. This will likely affect only higher-level protocols such as UDP, since they don't provide their own anti- replay features. OPENSSL PKCS PADDING RSA SIGNATURE FORGERY VULNERABILITY BugTraq ID: 19849 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/19849 Summary: OpenSSL is prone to a vulnerability that may allow an attacker to forge an RSA signature. The attacker may be able to forge a PKCS #1 v1.5 signature when an RSA key with exponent 3 is used. An attacker may exploit this issue to sign digital certificates or RSA keys and take advantage of trust relationships that depend on these credentials, possibly posing as a trusted party and signing a certificate or key. All versions of OpenSSL prior to and including 0.9.7j and 0.9.8b are affected by this vulnerability. Updates are available. OSIRIS LOGGING.C FORMAT STRING VULNERABILITY BugTraq ID: 19213 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/19213 Summary: Osiris is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before using it in a formatted- printing function. A successful exploit could allow an attacker to execute arbitrary code or to crash the application. Version 4.2.0 is vulnerable to this issue; other versions may also be affected. [ host integrity system, network based ] RSSOWL ATOM FEED SCRIPT HTML INJECTION VULNERABILITY BugTraq ID: 20110 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/20110 Summary: RSSOwl is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the My Computer, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Versions 1.2.1 and 1.2.2 are vulnerable to this issue; other versions may also be affected. VERSO NETPERFORMER FRAME RELAY ACCESS DEVICE ICMP DENIAL OF SERVICE VULNERABILITY BugTraq ID: 19990 Last Updated: 2006-09-13 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/19990 Summary: Verso NetPerformer Frame Relay Access Device (FRAD) is prone to a denial-of-service vulnerability. A remote attacker can exploit this issue to potentially crash the affected device, denying service to legitimate users. The atttacker may be able to terminate current TCP sessions being handled by the device, potentially without incurring a reboot. [ firmware ] VERSO NETPERFORMER FRAME RELAY ACCESS DEVICE TELNET BUFFER OVERFLOW VULNERABILITY BugTraq ID: 19989 Last Updated: 2006-09-13 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/19989 Summary: Verso NetPerformer Frame Relay Access Device (FRAD) is prone to a remotely exploitable buffer overflow in the telnet service. A remote attacker can exploit this issue to execute arbitrary code on the affected device. Failed exploit attempts will likely crash the device, denying service to legitimate users. [ firmware ] X.ORG LIBXFONT CID FONT FILE MULTIPLE INTEGER OVERFLOW VULNERABILITIES BugTraq ID: 19974 Last Updated: 2006-09-19 Remote: No Relevant URL: http://www.securityfocus.com/bid/19974 Summary: The libXfont library is prone to multiple integer-overflow vulnerabilities. Attackers can exploit this issue to execute arbitrary code with superuser privileges. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service. X.ORG X WINDOW SERVER LIBX11 XKEYBOARD EXTENSION LOCAL BUFFER OVERFLOW VULNERABILITY BugTraq ID: 19905 Last Updated: 2006-09-19 Remote: No Relevant URL: http://www.securityfocus.com/bid/19905 Summary: X.Org X Window Server libX11 library is prone to a local buffer- overflow vulnerability because it fails to properly validate the size of attacker-supplied data before copying it into a finite- sized buffer. The issue allows local attackers to execute arbitrary machine code in the context of a user running an application that is dynamically linked against the library. Failed exploit attempts will likely crash the application, denying service to legitimate users. X11R6 4.0 and prior versions are reported affected by this vulnerability. XINE-LIB HTTP RESPONSE BUFFER OVERFLOW VULNERABILITY BugTraq ID: 18187 Last Updated: 2006-09-14 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/18187 Summary: The xine-lib library is susceptible to a buffer-overflow vulnerability. This issue is due to the software's failure to properly bounds-check user-supplied input data before copying it to an insufficiently sized memory buffer. Successful exploits allow remote attackers to execute arbitrary machine code in the context of application using the affected library. Versions of xine-lib greater than or equal to 1.0.1 are potentially affected by this issue, but information on specific affected versions is not currently available. Applications that use a vulnerable version of the library may also be affected. Version 0.5.6 of gxine is reportedly vulnerable to this issue. YUKIHIRO MATSUMOTO RUBY MULTIPLE SAFE LEVEL RESTRICTION BYPASS VULNERABILITIES BugTraq ID: 18944 Last Updated: 2006-09-19 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/18944 Summary: Ruby is prone to multiple vulnerabilities that let attackers bypass SAFE-level restrictions. These issues allow attackers to bypass the expected SAFE-level restrictions, possibly allowing them to execute unauthorized script code in the context of affected applications. The specific impact of these issues depends on the implementation of scripts that use SAFE- level security checks. ZOPE CSV_TABLE INFORMATION DISCLOSURE VULNERABILITY BugTraq ID: 20022 Last Updated: 2006-09-14 Remote: Yes Relevant URL: http://www.securityfocus.com/bid/20022 Summary: Zope is prone to an information-disclosure vulnerability because the application fails to properly secure potentially sensitive information. A remote attacker can exploit this issue to retrieve potentially sensitive information that may aid the attacker in further attacks. _______________________________________________ gull-annonces mailing list [email protected] http://lists.alphanet.ch/mailman/listinfo/gull-annonces
