RedHat Linux Korean Installation Insecure Default UMask Vulnerability BugTraq ID: 3527 Remote: No Date Published: Nov 13, 2001 Relevant URL: http://www.securityfocus.com/bid/3527 Summary:
RedHat Linux is the UNIX clone operating system distributed by Red Hat, Incorporated. It is freely available, and open source. A problem with the operating system has been discovered that under some circumstances could lead to local users gaining unauthorized privileges. The problem is in the implementation of umask with some installations. The Korean installation of RedHat Linux sets a default umask of 000, meaning all files created on the system are mode 777 by default. This makes it possible for a local user to gain elevated privileges, and potentially administrative access. Acme THTTPD/Mini_HTTPD File Disclosure Vulnerability BugTraq ID: 3528 Remote: Yes Date Published: Nov 13, 2001 Relevant URL: http://www.securityfocus.com/bid/3528 Summary: Acme THTTPD and Mini_HTTPD are both small web servers and will run on Freebsd, SunOs, Solaris, Linux, and other Unix operating systems. They are freely available and maintained by Acme Laboratories. Both of these programs are prone to an issue which may allow a remote attacker to make a specially crafted web request which is capable of displaying arbitrary files on a vulnerable host. This may occur if the attacker appends a '/' to a request for an existing files. Files that exist in protected directories or that are marked 403(but not world-readable) may be retrieved in this manner. This issue may be taken advantage of to retrieve '.htpasswd' files. It should be noted that THTTPD Secure Webserver is only prone to this issue when the 'chroot' option is enabled. Mini_HTTPD is affected regardless of any settings. Though the vendor has acknowledged and patched the problem, there have been reports that some environments may not be vulnerable to this issue. For example, systems running Acme thttpd 2.20b on FreeBSD and some Linux distributions. Cistron RADIUS Digest Calculation Buffer Overflow Vulnerability BugTraq ID: 3530 Remote: Yes Date Published: Nov 13, 2001 Relevant URL: http://www.securityfocus.com/bid/3530 Summary: Cistron is a popular RADIUS server implementation. It contains a buffer overflow error in a function used to calculate a message digest. While it is not believed that this vulnerability can be used to execute arbitrary code, it may cause a sementation fault. This will cause the server to crash, leading to a remote DoS attack. It is possible that other servers based on the Cistron source code are also vulnerable. Horde IMP Session Hijacking Vulnerability BugTraq ID: 3525 Remote: Yes Date Published: Nov 09, 2001 Relevant URL: http://www.securityfocus.com/bid/3525 Summary: IMP is a powerful web-based mail interface/client developed by members of the Horde project. Encoded HTML tags are not stripped from requests to access 'status.php3'. It is possible for a remote attacker to construct a link which when clicked will cause arbitrary script code to be executed in the browser of an unsuspecting user in the context of a site running Horde IMP. As a result, it has been proven that this issue can be exploited to steal a legitimate user's cookie-based authentication credentials and gain unauthorized access to that user's webmail account. [ v�rifiez votre version de SSH ] - Pour poster une annonce: [EMAIL PROTECTED]
