Eric S. Raymond Fetchmail Unspecified Denial of Service Vuln... BugTraq ID: 8843 Remote: Yes Date Published: Oct 16 2003 Relevant URL: http://www.securityfocus.com/bid/8843 Summary: Fetchmail is a freely available, open source mail retrieval utility. It is maintained by Eric S. Raymond.
A vulnerability has been reported to be present in the software that may allow an attacker to cause a denial of service condition in Fetchmail 6.2.4. It has been reported that the problem presents itself when a specially crafted e-mail message is sent to fetchmail. The precise nature of this vulnerability is not known at the moment due to a lack of details, however exploitation of this issue may allow an attacker to cause the software to crash. Although unconfirmed, it may be possible to execute arbitrary code on a vulnerable system. This vulnerability may be related to known issues, however this has not been confirmed by Symantec. This BID and any other applicable BIDs will be updated, as further information is available. Fetchmail 6.2.4 has been reported to be prone to this issue however other versions may be vulnerable as well. Multiple GDM Local Denial Of Service Vulnerabilities BugTraq ID: 8846 Remote: No Date Published: Oct 17 2003 Relevant URL: http://www.securityfocus.com/bid/8846 Summary: Gnome Display Manager (GDM) is a utility harnessed by Gnome to manage various functions when interfacing with X. GDM has been reported prone to multiple denial of service vulnerabilities that may be triggered by a local attacker. It has been reported that GDM does not perform sufficient restrictions on data that it receives. A local attacker may send excessive amounts of data to GDM and cause memory resources to be exhausted until the kernel terminates the process of the affected GDM. Additionally a separate issue has been reported to affect GDM that may be exploited by a local attacker to trigger a denial of service of the GDM utility. The issue has been reported to present itself due to an error while handling queries, for example version queries or authentication responses. It has been reported that an attacker may invoke a query request against GDM and not read the reply, thus triggering GDM into filling its send buffer. This will have the affect of preventing GDM from accepting new logins. A local attacker may exploit these vulnerabilities to deny service to GDM for legitimate users. Explicit details regarding this vulnerability are not currently available, this BID will be updated when further details are released or when more exhaustive investigation into this condition has been completed. Emule Web Control Panel HTTP Login Long Password Denial of S... BugTraq ID: 8854 Remote: Yes Date Published: Oct 20 2003 Relevant URL: http://www.securityfocus.com/bid/8854 Summary: eMule is a freely available, open source peer-to-peer file sharing application. eMule uses the eDonkey file sharing protocol. It is available for the BSD, Linux, Microsoft Windows operating systems. eMule includes a web control panel that allows users to login to the server over the web. It has been reported that the eMule Web Control Panel HTTP login mechanism may be prone to denial of service attacks. Reports indicate that the eMule program expects that login credentials will be received only from the trusted login form. Specifically, no more then 12 password characters are expected to be received, and as such eMule does not carry out bounds checking on this data. However, the eMule login mechanism is said to not validate the origin of login form information received. As a result, an attacker may be capable of constructing malicious HTML form data to transmit excessive password data to the program. Due to insufficient bounds checking, this will effectively cause memory corruption and trigger a denial of service. Reports indicated that password data in excess of 500 to 1000 bytes may be required to trigger the issue. It should be noted that, due to the nature of this vulnerability, this could theoretically lead to arbitrary code execution. This has not been confirmed however. Origo ADSL Router Remote Administrative Interface Configurat... BugTraq ID: 8855 Remote: Yes Date Published: Oct 20 2003 Relevant URL: http://www.securityfocus.com/bid/8855 Summary: Origo ADSL routers are a broadband connectivity solution distributed and maintained by Origo. A problem has been identified in some Origo ADSL routers. Due to insufficient access control, it may be possible for a remote user to gain unauthorized administrative access to routers, potentially resulting in a denial of service. The problem is in the listening of a command line-based administrative service on port 254. This service is enabled by default, and is not protected with a password. An attacker could access this interface to change the router configuration, resulting in a denial of service until the router is reconfigured. Other attacks against network resources, such as man-in-the-middle attacks, may also be possible. This issue is known to affect the ASR-8100 router, though ASR-8400 routers may also be affected. [ hardware ] PSCS VPOP3 Email Server WebAdmin Cross-Site Scripting Vulner... BugTraq ID: 8869 Remote: Yes Date Published: Oct 22 2003 Relevant URL: http://www.securityfocus.com/bid/8869 Summary: PSCS VPOP3 Email Server is an e-mail server and gateway. A cross-site scripting vulnerability has been reported to exist in PSCS VPOP3. The problem has been reported to exist in the WebAdmin utility of the software. The issue presents itself due to improper handling of user-supplied data in certain parameters, which will permit remote attackers to embed HTML and script code in links. HTML and script code could then be rendered in the browser of the user visiting the link. This attack would occur in the security context of the vulnerable site. Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information. Since the issue affects the WebAdmin utility, it is likely that a successful attack of this nature would permit an attacker to hijack an administrative account. PSCS VPOP3 versions 2.0.0e and 2.0.0f have been reported to be prone to this vulnerability, however other versions may be affected as well. Coreutils LS Width Argument Integer Overflow Vulnerability BugTraq ID: 8875 Remote: Yes Date Published: Oct 22 2003 Relevant URL: http://www.securityfocus.com/bid/8875 Summary: Coreutils 'ls' utility is a binary application that is used to list directory contents. Coreutils 'ls' has been reported prone to an integer overflow vulnerability. The issue reportedly presents itself when handling '-w' (width) and '-C' (output column display) command line arguments passed to the vulnerable application. It has been reported that excessive values passed as a '-w' argument to 'ls' may cause an internal integer value to be misrepresented. Further arithmetic performed based off this misrepresented value may have unintentional results. For example, if this value is used when assigning memory, huge amounts of system memory may be allocated resulting in a denial of service condition as resource starvation occurs. Additionally it has been reported that this vulnerability may be exploited in software that implements and invokes the vulnerable 'ls' utility to trigger a denial of service in the affected software. It has been conjectured that this issue may present itself when affected software invokes 'ls' and expects a return of data. When 'ls' hangs the invoking software may also subsequently hang. The integer overflow vulnerability in 'ls' has not been reported to be exploitable to execute arbitrary instructions. [ license ? ] Sylpheed-Claws Mail Client SMTP Error Reporting Format Strin... BugTraq ID: 8877 Remote: Yes Date Published: Oct 22 2003 Relevant URL: http://www.securityfocus.com/bid/8877 Summary: Sylpheed-Claws is a branch of the Sylpheed mail client, designed to implement and test less stable features. Both code bases are regularly updated to match each others behavior. Sylpheed-Claws is available for the Linux operating system. It has been reported that Sylpheed-Claws is prone to a format string bug when handling error messages received from an SMTP server. These errors are typically generated when an action cannot be carried out correctly or an incorrect command has been received, however an attacker may be capable of transmitting an error message immediately upon connection. The problem specifically occurs within the 'send_message.c' source file, which includes a call to the 'alertpanel_error_log' function when handling error messages. This function takes formatted arguments and reports the error message; however when an error message is encountered the function is incorrectly called without a format specifier, but is passed the SMTP server-supplied error data. As a result, a malformed SMTP server may be capable of having arbitrary format specifiers interpreted by the Sylpheed-Claws mail client, ultimately allowing for code execution. All code executed in this manner would be run with the privileges of the user invoking the affected mail client program. It has been confirmed that the Sylpheed mail client is also affected by this vulnerability. This issue has been addressed in version 0.9.7. _______________________________________________ gull-annonces mailing list [EMAIL PROTECTED] http://lists.alphanet.ch/mailman/listinfo/gull-annonces
