WZDFTPD Incomplete Port Command Denial Of Service Vulnerability BugTraq ID: 8055 Remote: Yes Date Published: Jun 27 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8055 Summary:
wzdftpd is an FTP server implementation that is available for a number of operating systems, including Unix/BSD/Linux variants. wzdftpd is reported to be prone to a denial of service when receiving an incomplete or malformed FTP PORT command. Sending such a command to the FTP server will allegedly cause the server to crash. This could be exploited by authenticated FTP users to deny availability of FTP services to legitimate users. ImageMagick Temporary File Creation Vulnerability BugTraq ID: 8057 Remote: No Date Published: Jun 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8057 Summary: ImageMagick is an image manipulation program. It is available for a variety of platforms including Microsoft Windows and Unix and Linux variant operating systems. ImageMagick has been reported prone to an insecure temporary file creation vulnerability. As a result, it may be possible for local attackers to corrupt files owned by the user who is invoking the ImageMagick application. An attacker could potentially exploit this issue by creating a symbolic link in place of the temporary file, which is created. Any actions performed by ImageMagick when it is executed will be performed on the linked file. GTKSee PNG Image Loading Heap Corruption Vulnerability BugTraq ID: 8061 Remote: No Date Published: Jun 29 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8061 Summary: GTKSee is an image viewer developed for Linux and Unix variant operating systems. A vulnerability has been reported for GTKSee that may result in the corruption of heap memory. The vulnerability occurs when GTKSee attempts to load PNG files with a certain colour depth. An attacker may be able to exploit this vulnerability by creating a PNG image file with a certain colour depth. When GTKSee is used to view the image, the overflow issue will be triggered and will result in the corruption of heap memory with attacker-supplied values. Successful exploitation will result in the execution of attacker-supplied code. The precise technical details of this vulnerability are unknown. This BID will be updated as further information becomes available. Pam_Timestamp_Check Privilege Escalation Weakness BugTraq ID: 8072 Remote: No Date Published: Jul 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8072 Summary: A weakness has been reported in the pam_timestamp_check implementation for Red Hat 9.0 and other distributions that may be derived from this version or include this functionality. pam_timestamp_check is a tty ticketing implementation that is designed to cache credentials so that users are not constantly required to use a facility such as sudo or su to perform actions as another user. pam_timestamp_check is implemented through the pam_timestamp_check.so module and with the pam_timestamp_check setuid helper. The implementation works by fetching the pseudo-terminal name (A), current user name (B), and the user whose credentials are cached (C). The implementation then checks to see if the timestamp of /var/run/sudo/B/A:C is recent to determine whether access should be granted. The ticket contents are not sufficiently verified, allowing for ticket spoofing. If the attacker can cause the timestamp of the file to change, it will be possible to gain elevated privileges through exploitation of this weakness. This scenario will be possible in combination with file corruption issues such as those that are the result of insecure temporary file handling and allow files in privileged directories to be corrupted. [ + Acrobat reader, Opera, etc ] _______________________________________________ gull-annonces mailing list [EMAIL PROTECTED] http://lists.alphanet.ch/mailman/listinfo/gull-annonces
