Squid Web Proxy Cache Denial of Service Vulnerabilty BugTraq ID: 3354 Remote: Yes Date Published: 2001-09-21 Relevant URL: http://www.securityfocus.com/bid/3354 Summary:
Squid Web Proxy Cache is a free, open source proxy server. A problem exists in the manner which Squid handles requests to make FTP directories on proxied services. A specially crafted "mkdir-only" PUT request which is passed through the Squid proxy to a remote FTP server will be sufficient to cause a denial of service to the proxy. For example: nc proxy:3128 PUT ftp://ftpserver/WEB-INF/1/2/1/ HTTP/1.1 Content-type: application/octet-stream Content-length: 0 Pragma: no-cache If affected with a denial of service then Squid must be restarted to regain normal functionality. Hylafax Hostname Format String Vulnerability BugTraq ID: 3357 Remote: No Date Published: 2001-09-23 Relevant URL: http://www.securityfocus.com/bid/3357 Summary: Hylafax is a software package designed to handle the transmission of Faxes. A problem in the Hylafax software may allow local users to gain elevated privileges under some circumstances. This could also lead to further system compromise, and potentially administrative access. The problem is in the hostname handling code of some Hylafax programs. Hylafax does not sufficiently check or sanitize input from users entering a hostname with some programs. Therefore, it's possible to pass a format string to the program, which could be used to execute arbitrary code. The problem is known to affect the faxrm and faxalter programs. It is believed that this vulnerability may lie in code shared by both utilities. This problem is not present in most implementations, as Hylafax is typically installed without setuid privileges. However, it is implemented as a setuid uucp program on some systems, which makes it possible to gain local privilege elevation PHPNuke Remote File Copy Vulnerability BugTraq ID: 3361 Remote: Yes Date Published: 2001-09-24 Relevant URL: http://www.securityfocus.com/bid/3361 Summary: PHP Nuke is a website creation/maintenance tool written in PHP3. PHP Nuke contains a vulnerability that may allow for remote attackers to overwrite files with custom data on target webservers. The vulnerability lies in an administrative component of the package, 'admin.php'. When the script is requested with a value set for the 'upload' variable, it attempts a file copy using remotely-supplied HTML variables as the source and destination files. The script does not ensure that the user requesting the operation is an administrator. As a result, it is possible for remote users to overwrite arbitrary webserver writeable files with data from arbitrary webserver readable files. It is also possible to place arbitrary files in webserver writeable directories on the target filesystem. Furthermore, remote attackers can upload files to the webserver. An attacker may be able to upload a custom file to the webserver, then overwrite an arbitrary webserver-writeable file with it's contents. The destination file does not need to be in the webroot tree. This vulnerability may allow for an attacker to gain access to the host, cause denial of service or deface the target website. Versions of PostNuke, a derivative of PHP Nuke, are also reportedly vulnerable. - Pour poster une annonce: [EMAIL PROTECTED]
