Extrait de: SecurityFocus.com Newsletter #65 Exim Buffer Overflow Vulnerability BugTraq ID: 1859 Remote: No Date Published: 1997-07-21 Relevant URL: http://www.securityfocus.com/bid/1859 Summary: A potential local root yielding buffer overflow vulnerability exists in Exim mail client version 1.62. [ ... ] Padl Software nss_ldap Local Denial of Service Vulnerability BugTraq ID: 1863 Remote: No Date Published: 2000-10-27 Relevant URL: http://www.securityfocus.com/bid/1863 Summary: nss_ldap is a module offered by Padl Software that allows a system to use LDAP directories as the source of information for user attributes (via getpwent, etc) and related data. A local denial of service condition is possible when nss_ldap is in use with nscd (name service caching daemon), as is the case in RedHat Linux 7.0,6.2 and 6.1 with LDAP support. Nscd is a multithreaded daemon program that processes these lookups before they are sent to nss_ldap. If an attacker makes a large number of LDAP information requests, moreso than threads nscd can handle, then they and all further requests can be blocked until the system is reset or the nscd process is killed. This can be a very effective local denial of service attack. [ ... ] tcpdump AFS ACL Packet Buffer Overflow Vulnerability BugTraq ID: 1870 Remote: Yes Date Published: 2000-10-31 Relevant URL: http://www.securityfocus.com/bid/1870 Summary: tcpdump is a popular network monitoring tool used for watching network traffic written by the Lawrence Berkeley Laboratory. It must at least begin execution as root since it opens and reads from the link layer interface (through pcap). It is usually run directly by/as root. tcpdump is reportedly vulnerable to a remotely exploitable buffer overflow in its parsing of AFS ACL packets. This is likely the result of the AFS [ ... ] Multiple Linux Vendor dump Insecure Environment Variables Vulnerability BugTraq ID: 1871 Remote: No Date Published: 2000-10-31 Relevant URL: http://www.securityfocus.com/bid/1871 Summary: dump is a utility included with RedHat Linux for the purpose of dumping filesystems. A vulnerability exists in the dump package that allows suid root execution of other executables. [ ... shouldn't be world-executable anyway if suid or sgid ] SAMBA SWAT Symlink Vulnerability BugTraq ID: 1872 Remote: No Date Published: 2000-11-01 Relevant URL: http://www.securityfocus.com/bid/1872 Summary: The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or Netbios protocol. Samba ships with a utility titled SWAT (Samba Web Administration Tool) which is used for remote administration of the Samba server and is by default set to run from inetd as root on port 701. Certain versions of this software ship with a vulnerability local users can use to leverage root access. This problem in particular is a symlink problem where user can take advantage of poor programming in SWAT's logging facilities (which are not enabled by default) to overwrite files with user specified data. In this case, the logging is enabled under SWAT it logs by default to: [ ... ] RedHat 7.0 Cyrus-SASL Authorization Vulnerability BugTraq ID: 1875 Remote: No Date Published: 2000-10-26 Relevant URL: http://www.securityfocus.com/bid/1875 Summary: Cyrus-SASL is an open-source implementation of SASL, the "Simple Authentication and Security Layer". The Cyrus-SASL 1.5.24 package that ships with RedHat 7.0 contains a bug in authorization code that may make it possible for an elevation of privileges. The vulnerability reportedly allows authenticated users to access resources when they may not have the authorization to do so. This bug only affects the distribution of version 1.5.24 that ships with RedHat Linux 7.0. The Cyrus-SASL 1.5.24 package available at the main project ftp site does not contain this bug. Older versions of Cyrus-SASL that shipped with RedHat PowerTools are not vulnerable. RPC Portmapper Denial of Sevice Vulnerability BugTraq ID: 1892 Remote: Yes Date Published: 1998-11-13 Relevant URL: http://www.securityfocus.com/bid/1892 Summary: A remote root vulnerability exists in certain versions of rpcbind portmapper. RPC (Remote Procedure Call) allows a program to request a service from a program located in another computer in a network without requiring detailed information on the network configuration. An attacker capable of forging a pmap_set/pmap_unset udp packet can cause the remote host to register or unregister arbitrary RPC programs. This can permit an attacker to carry out a denial of services by disabling key services on the target host, including mountd, nfsd and ypserv. Because it allows a malicious local user to register rpc programs on the server, depending on the program the attacker chooses to register, this vulnerability can allow a compromise of root privilege, potentially extending to other systems on the local network. In addition to the affected platforms listed, other versions have yet to be tested, and may be vulnerable as well. [ RPC was, is, and will always be crap. Ok, NIS is worse. ] -- Pour poster une annonce: [EMAIL PROTECTED]
