POP3Lite Input Validation Vulnerability BugTraq ID: 3278 Remote: Yes Date Published: 2001-09-03 Relevant URL: http://www.securityfocus.com/bid/3278 Summary: POP3Lite is a free, open-source compact POP3 daemon for Linux and BSD systems. POP3Lite has an input validation problem which may be exploited by remote attackers. POP3Lite will not escape leading dots('.') from e-mail it transfers. POP3Lite will send lines with leading dots to the mail client, causing them to be interpreted as an end-of-message. At the very least this may cause unusual behavior to occur, but may be manipulated to malicious effect. For example, a message may be crafted by the attacker to a victim receiving mail from POP3Lite which causes the victim's client to accept a fake end-of-message followed by falsified arbitrary server responses. Remote attackers may exploit this issue to inject messages or cause messages to be lost. A potential for mail-spoofing attacks also exists as message headers can be falsified. A denial of services may also result, depending on how the client interprets the malicious input. This issue may also be exploited in combination with input validation vulnerabilities that exist in mail clients. PGP Invalid Key Display Vulnerability BugTraq ID: 3280 Remote: Yes Date Published: 2001-09-04 Relevant URL: http://www.securityfocus.com/bid/3280 Summary: PGP Security provides privacy and data confidentiality software. There is a vulnerability in some of PGP's display of key validity which could allow a user to be tricked into accepting a signature created by an invalid user ID. When there are two user ID's on the same key, PGP's display heuristically communicates key validity to the user. The first strategy is to base the validity display on the first user ID in the key. The second is to base the validity display on the most valid key. The key verification window's name field uses the first strategy, while the validity light on this display uses the second strategy. Thus, when a key having an invalid user ID as the primary name and a valid user ID as the secondary name is displayed, it shows the primary user's name, but the validity of the secondary name. If such a key is sent to a user who relies on the affected validity displays, the key may appear to be valid. If the key is imported into the target user's keyring, attackers can forge signatures on documents sent to the target user as the invalid user-id. FreeBSD rmuser Password Hash Disclosure Vulnerability BugTraq ID: 3282 Remote: No Date Published: 2001-09-04 Relevant URL: http://www.securityfocus.com/bid/3282 Summary: FreeBSD ships with a perl script called 'rmuser'. It can be used by administrators to completely remove users from a system. When rmuser is run, the 'passwd' and 'master.passwd' files must be updated. The rmuser script creates copies of these files and then modifies them. When complete, the original files are replaced with the updated copies. The script explicitly sets an insecure umask and the copy files are created world readable. If an attacker can anticipate the use of rmuser by an administrator, it may be possible to obtain the contents of 'master.passwd'. If successful, the attacker would obtain the password hashes of other users on the system. This information may assist in a brute-force password attack. Exploitation of this vulnerability is extremely time dependent, as the attack must be launched when rmuser is being used and while the world-readable copy exists (it is deleted by the script after the original files are overwritten). Attacks against this utility may be more feasible on systems where 'rmuser' is run automatically at scheduled times (for example, on a server where an automated script runs that removes ISP users with expired accounts). Inter7 vpopmail MySQL Authentication Data Recovery Vulnerability BugTraq ID: 3284 Remote: No Date Published: 2001-09-04 Relevant URL: http://www.securityfocus.com/bid/3284 Summary: Inter7 vpopmail is a freely-available software package that provides an way for system administrators to manage virtual email domains and non-system password based email accounts on Qmail or Postfix mail servers. A vunerability exists in vpopmail that may result in the disclosure of sensitive authentication information when the package is configured to use a MySQL database. When the package is compiled, account information used for database authentication is compiled into an object archive and subsequently linked against the command-line programs included in the package. Due to the non-interactive nature of the package, this information is written in cleartext. The programs are then installed with world-readable file access permissions. As a result, it may be possible for an attacker with local access to retrieve the authentication information by examining one of the programs. [ many problems with Informix, which is kind of open source ] Vibechild Directory Manager Command Execution Vulnerability BugTraq ID: 3288 Remote: Yes Date Published: 2001-09-04 Relevant URL: http://www.securityfocus.com/bid/3288 Summary: Directory Manager is an application used to maintain LDAP directory data. It is maintained by Vibechild and hosted for download on Sourceforge.net. An input validation error exists in Directory Manager that may enable remote attackers to execute arbitrary code on a host running the software. The flaw is due to a script in the package that fails to filter shell metacharacters from a user-supplied value passed to PHP's passthru() function. Successful exploitation of this issue is achievable by submitting shell metacharacters followed by a command in the 'userfile_name' field of a HTTP request. Exploitation of this vulnerability may lead to the disclosure of sensitive data on or compromise of a vulnerable host. - Pour poster une annonce: [EMAIL PROTECTED]
