Mandrake X session Local Xauthority Bypass Vulnerability BugTraq ID: 1735 Remote: No Date Published: 2000-09-29 Relevant URL: http://www.securityfocus.com/bid/1735 Summary: The X11 startup script shipped with Mandrake 7.1 (/etc/X11/Xsession) contains a line, "xhost + localhost", which disables the Xauthority mechanism for localhost, allowing any users' clients to connect to the X server from the local machine. This can be dangerous on multi-user systems since the other users can perform X-related attacks (keyword logging, window watching, etc.). This may indirectly lead to an elevation of priveleges (if the attacker logs the user su'ing to root, for example) or other compromises (ie if authenticating on another host is logged). scp File Create/Overwrite Vulnerability BugTraq ID: 1742 Remote: Yes Date Published: 2000-09-30 Relevant URL: http://www.securityfocus.com/bid/1742 Summary: A vulnerability exists in the 1.2.x releases of scp which, if properly exploited using a modified scp binary on the server end, can permit the remote server to spoof local pathnames and overwrite files belonging to the local user. Multiple Vendor Cfengine Format String Vulnerability BugTraq ID: 1757 Remote: Yes Date Published: 2000-10-01 Relevant URL: http://www.securityfocus.com/bid/1757 Summary: Cfengine is a language-based system for testing and configuring unix-like systems attached to a TCP/IP network. cfd, the cfengine daemon component which serves as a remote-configuration client to cfengine, contains several improperly-designed calls to syslog(). As a result, trusted hosts (or any user, if access controls are not employed) may create and transmit a malicious message to the network daemon containing user-supplied format specifiers. At the very least, it is easy for a user to crash the service. By sending certain format specifiers, it is also possible for malicious users to write to portions of the program's stack and alter the flow of execution. If successful, an attcker can have arbitrary code execute with the privileges of the daemon (root). Multiple Vendor MIME Header DoS Vulnerability BugTraq ID: 1760 Remote: Yes Date Published: 1998-09-03 Relevant URL: http://www.securityfocus.com/bid/1760 Summary: Apache Web Server and MessageMedia UnityMail are susceptible to a denial of service attack if a significant amount of 8000 byte MIME headers are sent. Both will crash and restart of the application is required in order to regain normal functionality. Other web servers may be also be vulnerable to this attack. GnoRPM Arbitrary File Overwrite Vulnerability BugTraq ID: 1761 Remote: No Date Published: 2000-10-02 Relevant URL: http://www.securityfocus.com/bid/1761 Summary: A vulnerabiity exists in versions prior to v0.95 of GnoRPM, the Gnome graphical RPM manager, involving the way gnomerpm handles tmp files. GnomeRPM creates temporary files in the world-writeable /tmp directory with preditable filenames. It is possible for a malicious user to create symbolic links in /tmp with guessed/predicted filenames, knowing in advance that GnomeRPM will be run by root. When this happens, the files pointed to by the correctly guessed symbolic links will be overwritten by GnomeRPM (as root). This can lead to a local denial of service if critical files are overwritten. -- Pour poster une annonce: [EMAIL PROTECTED]
