SEMI/WEMI Insecure Temporary File Creation Vulnerability BugTraq ID: 8115 Remote: No Date Published: Jul 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8115 Summary:
SEMI is a library used to add MIME features to Emacs. WEMI is a branch of the SEMI package using widgets. SEMI/WEMI have been reported prone to an insecure temporary file creation vulnerability. As a result, it may be possible for local attackers to corrupt files owned by the user who is invoking a version of Emacs that is linked to the vulnerable library. An attacker could potentially exploit this issue by creating a symbolic link in place of the temporary file that is created by the affected application. Any actions performed by the vulnerable application when it is executed will be performed on the linked file. It should be noted that the impact of this vulnerability might be exaggerated by the fact that attackers may potentially influence content that will be added to the target file. X-Face-EL Insecure Temporary File Creation Vulnerability BugTraq ID: 8116 Remote: No Date Published: Jul 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8116 Summary: x-face-el is a decoder for Emacs that decodes images that are included inline in X-Face email headers. x-face-el has been reported prone to an insecure temporary file creation vulnerability. As a result, it may be possible for local attackers to corrupt files owned by the user who is invoking Emacs and x-face-el. An attacker could potentially exploit this issue by creating a symbolic link in place of the temporary file that is created by the affected application. Any actions performed by the vulnerable application when it is executed will be performed on the linked file. It should be noted that the impact of this vulnerability might be exaggerated by the fact that attackers may potentially influence content that will be added to the target file. GKrellM Mailwatch Plugin From Header Remote Buffer Overflow Vulnerability BugTraq ID: 8118 Remote: Yes Date Published: Jul 06 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8118 Summary: GKrellM is the GTK Monitors suite. It is available for the Linux platform. It has been reported that the Mailwatch plugin for GKrellM is vulnerable to a remotely exploitable buffer overflow. This may permit the execution of arbitrary code with the privileges of the GKrellM program. The problem is in the handling of long strings contained in the From header of e-mails. By sending an e-mail with a From header that contains 558 or more characters as the e-mail user name to a user of GKrellM with the Mailwatch plugin, it is possible to overwrite sensitive process memory. This vulnerability could be exploited to execute arbitrary instructions on behalf of the attacker. CPanel Admin Interface HTML Injection Vulnerability BugTraq ID: 8119 Remote: Yes Date Published: Jul 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8119 Summary: cPanel is a multi-platform web hosting control panel that allows a user to manage their hosted account through a web-based interface. It is available for Unix and Linux variants. cPanel is prone to an HTML injection vulnerability. It is possible for remote attacks to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by an administrative user, the injected code could be rendered in their browser in the context of the site hosting cPanel. HTML may be injected into the 'Error Log' and 'Latest Visitors' pages. This is due to insufficient sanitization of HTML and script code when logging client requests. Exploitation of this issue could permit theft of administrative cookie-based authentication credentials. The attacker will also be able to exert control over how affected pages are rendered, which could permit log spoofing or other attacks. [ langage ind�termin�, licence peu claire ] Canon GP300 Remote Malformed HTTP Get Denial Of Service Vulnerability BugTraq ID: 8121 Remote: Yes Date Published: Jul 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8121 Summary: The GP-300 is a printer and photocopier combination server. It is distributed and maintained by Canon. A problem in the Canon GP-300 has been reported in the handling of some types of web requests. This issue could result in the denial of service to legitimate users of the print server. The problem is in the handling of HTTP GET requests. When a malformed HTTP GET request is issued to the HTTP server deployed on GP-300 servers, the system reportedly becomes unstable and crashes. A reboot of the system is required to resume normal operation of the print server. This problem has been reported to occur when the server is used in conjunction with WebSpooler v4.5.062. [ mat�riel ] Liece Insecure Temporary File Creation Vulnerability BugTraq ID: 8124 Remote: No Date Published: Jul 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8124 Summary: Liece is an Internet Relay Chat client for Emacs. It has been reported that liece does not create temporary files in a secure manner. As a result of this, a malicious user may be able to corrupt arbitrary files in the security context of the user running liece. It may be possible for the attacker to specify the data to be written, however, this has not been confirmed. If the attacker can cause custom data to be written, it may be possible to elevate privileges. Specific details are not currently available for this vulnerability. This BID will be updated as more information becomes available. Mozart Unsafe Mailcap Configuration Vulnerability BugTraq ID: 8125 Remote: Yes Date Published: Jul 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8125 Summary: Mozart is a development platform that is based on the Oz language. When Mozart is installed on the local system, an entry is added to the mailcap configuration file. This file is used to provide information to MIME-aware client applications regarding how to handle certain filetypes. The Mozart package specifies that any Oz filetypes are to be passed to the Oz interpreter for execution. As a result, any client browsing a web page or reading an e-mail message may potentially be forced to execute arbitrary Oz scripts. This could result in execution of malicious code. Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness BugTraq ID: 8134 Remote: Yes Date Published: Jul 08 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8134 Summary: Apache provides directives for supplying cipher suite specifications for SSL transactions. The cipher suite is negotiated with the client during the SSL handshake. These directives may be used in a per-directory or per-server context. The Apache Software Foundation has reported an issue that may occur when the SSLCipherSuite directive is used to upgrade a cipher suite. Particular sequences of per-directory renegotiations may cause a weaker cipher suite being used in place of the upgraded one. If this issue were to occur, flaws in weaker ciphersuites could be exposed. This could threaten the integrity of SSL transactions negotiated between a vulnerable server and the client. This could provide an opportunity for passive attackers in a position to observe such a transaction. Further technical details are not available at the time of writing. This BID will be updated appropriately when additional technical information becomes available. Apache Web Server Prefork MPM Denial Of Service Vulnerability BugTraq ID: 8137 Remote: Yes Date Published: Jul 08 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8137 Summary: Apache is a freely available web server. It is available for a variety of platforms including the Unix, Linux and Microsoft Windows operating systems. Apache may be run as a non-threaded, pre-forking server via the prefork MPM (Multi-Processing Module). The Apache Software Foundation has reported a vulnerability in the prefork MPM that could result in a temporary denial of service condition. This condition is known to occur when an accept() call on a rarely accessed port returns certain errors. Further technical details are not available at the time of writing. This BID will be updated appropriately when additional technical information becomes available. Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability BugTraq ID: 8138 Remote: No Date Published: Jul 08 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8138 Summary: Apache is a freely available web server. It is available for a variety of platforms including the Unix, Linux and Microsoft Windows operating systems. Apache content negotiation functionality reported prone to a denial of service vulnerability. The issue may present itself, if an attacker has the ability to create a malicious type-map file. The attacker may craft the type-map file in a manner sufficient to cause the vulnerable server to fall into an infinite loop. It has been reported that the Apache server will exponentially consume resources in such circumstance. Effectively denying service to other legitimate system users. Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability BugTraq ID: 8135 Remote: Yes Date Published: Jul 08 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8135 Summary: Apache is a freely available web server. It is available for a variety of platforms including the Unix, Linux and Microsoft Windows operating systems. A denial of service vulnerability has been reported by the vendor to affect the FTP proxy component of Apache. It has been reported that an attacker may specify a target server that possesses an IPV6 address. This may result in a denial of service to other legitimate users. The issue reportedly presents itself, because the proxy server fails to create an IPV6 socket. Explicit technical details regarding this vulnerability are not currently known, this BID will be updated as further details are disclosed. Knoppix QT Insecure Temporary File Creation Vulnerability BugTraq ID: 8139 Remote: No Date Published: Jul 08 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8139 Summary: Knoppix is a freely available, open source Linux operating system. A problem has been identified in Knoppix that may allow an attacker to exploit the insecure creation of a temporary file. This could result in a denial of service attack, and potentially an elevation of privileges. The problem is in the handling of temporary files when the QT libraries are invoked. KDE is installed by default with Knoppix, and when the window manager invokes the QT libraries, the libraries create the predictable library names qt_plugins_3.0rc and qt_plugins_3.0rc.lock, both with the privileges of the root user. This problem may affect previous versions of the software. ZKFingerD Multiple Format String Vulnerabilities BugTraq ID: 8142 Remote: Yes Date Published: Jul 08 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8142 Summary: zkfingerd is a freely available, open source implementation of the RFC1288 protocol. It is available for the Unix and Linux operating systems. A problem in zkfingerd may make it possible for a remote user to launch a format string attack against the daemon. This may result in an attacker gaining unauthorized access to system resources. The problem is in the 'die.c' source file. Two instances of format string vulnerabilities exist in the file that may allow an attacker to write to arbitrary process memory and potentially execute code. Any code executed through this vulnerability could potentially be carried out with the privileges of the zkfingerd process. SKK/DDSKK Insecure Temporary Files Vulnerability BugTraq ID: 8144 Remote: No Date Published: Jul 09 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8144 Summary: skk and ddskk are Kana to Kanji conversion programs for use with Emacs. They are available for Unix and Linux variants. skk and ddskk do not create temporary files in a secure manner. This could permit local attackers to mount file corruption attacks against sensitive or critical files owned by other users. This would occur in the context of the user invoking the vulnerable utility. If files can be corrupted with custom data, this may allow for privilege escalation attacks. Otherwise, it may be possible to cause a denial of service by overwriting critical files. Teapop SQL Injection Vulnerability BugTraq ID: 8146 Remote: Yes Date Published: Jul 09 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8146 Summary: teapop is a POP3 server implementation for Unix and Linux variants. teapop is prone to an SQL injection vulnerability. This issue occurs in modules supplied with Teapop that allow authentication via a MySQL or PostgreSQL database. These modules do not sufficiently sanitize user-supplied input before it is included in database queries. Exploitation could allow for SQL queries to be modified, potentially allowing for unauthorized access, information disclosure or other consequences. This would occur in the context of the teapop database user. TerminatorX Home Environment Variable Buffer Overflow Vulnerability BugTraq ID: 8147 Remote: No Date Published: Jul 09 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8147 Summary: terminatorX is a freely available, open source music manipulation program. It is available for the Linux platform. A problem has been reported in terminatorX when processing the HOME environment variable. Because of this, an attacker may be able to gain elevated privileges. The problem is in the handling of long strings. When a large amount of data is placed in the HOME environment variable, a boundary condition error occurs that could result in the overwriting of sensitive process memory. Because of vendor recommendation to install this program with setuid root privileges, it may be possible for a local user to execute code with the privileges of the root user. It should be noted that, by default, terminatorX is not installed with privileges. TerminatorX XLocaleDIR Environment Variable Buffer Overflow Vulnerability BugTraq ID: 8148 Remote: No Date Published: Jul 09 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8148 Summary: terminatorX is a freely available, open source music manipulation program. It is available for the Linux platform. A problem has been reported in terminatorX when processing the XLOCALEDIR environment variable. Because of this, an attacker may be able to gain elevated privileges. The problem is in the handling of long strings. When a large amount of data is placed in the XLOCALEDIR environment variable, a boundary condition error occurs that could result in the overwriting of sensitive process memory. Because of vendor recommendation to install this program with setuid root privileges, it may be possible for a local user to execute code with the privileges of the root user. It should be noted that, by default, terminatorX is not installed with privileges. NetScreen Non-IP Traffic Firewall Bypass Vulnerability BugTraq ID: 8150 Remote: Yes Date Published: Jul 09 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8150 Summary: NetScreen is a line of Internet security appliances integrating firewall, VPN and traffic management features. ScreenOS is the software used to manage and configure the firewall. NetScreen supports Microsoft Windows 95, 98, ME, NT and 2000 clients. It has been alleged that it is possible for remote users to bypass NetScreen firewalls. Reports have stated that any non-IP or ARP traffic will bypass the firewall without being logged. Various protocols, such as SNA, IPX CDP, CDP, and VST may pass through the firewall unnoticed and without being filtered. This could permit an attacker to interact with hosts behind the firewall that support these various protocols. This is reported to occur in 20x and 50x models when run in bridge mode, though this is not conclusive. This alleged vulnerability has not been confirmed by Symantec. [ hardware ] Cisco Catalyst Non-Standard TCP Flags Remote Denial Of Service Vulnerability BugTraq ID: 8149 Remote: Yes Date Published: Jul 09 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/8149 Summary: Catalyst is a network switch hardware and firmware combination maintained and distributed by Cisco Systems. A problem with Cisco Catalyst switches has been reported in the handling of non-standard TCP packets. Because of this, an attacker may be able to deny legitimate user access to the switch. The problem is in the handling of TCP packets which have non-standard TCP flags. Though specific details about this problem are not available, this likely includes a mixed combination of TCP SYN, FIN, ACK, RST, and URG flags that do not commonly occur in networks. When eight of these packets are received by a specific service on the Catalyst, the service ceases normal operation. To resume normal operation of these services, the switch requires a reboot. It should be noted that this vulnerability only affects the services operating on the switch, and does not affect the switches availability to handle traffic. This problem affects 4000, 5000, and 6000 series switches. [ hardware ] _______________________________________________ gull-annonces mailing list [EMAIL PROTECTED] http://lists.alphanet.ch/mailman/listinfo/gull-annonces
