Network Tool PHPNuke Addon Metacharacter Filtering Command Execution Vulnerability BugTraq ID: 3552 Remote: Yes Date Published: Nov 16 2001 12:00A Relevant URL: http://www.securityfocus.com/bid/3552 Summary:
Network Tool is a PHPNuke addon, written and maintained by Rick Fournier. It is designed to offer network features such as nmap, traceroute, and ping from a web interface. A problem with the package has been discovered that could allow remote users to gain arbitrary access to restricted resources. The problem is in the filtering of metacharacters by the interface. When a request is made through the module containing commands embedded in metacharacters, it is possible to pass these commands on to the system. The commands passed to the system will in turn be executed with the permissions of the httpd process. This makes it possible for a remote user to gain local access to a host running the vulnerable software, and could lead to further compromise of affected systems. Bharat Mediratta Gallery Directory Traversal Vulnerability BugTraq ID: 3554 Remote: Yes Date Published: Nov 19 2001 12:00A Relevant URL: http://www.securityfocus.com/bid/3554 Summary: Bharat Mediratta Gallery is a free, open source web-based photo album which may be used as an add-on for the PHPNuke web portal. Due to insufficient validation of user-supplied input, it may be possible for a remote attacker to view arbitrary web-readable files. A user who makes a specially crafted web request which contains '../' sequences is able to break out of wwwroot and browse any files which are readable by the webserver process. This issue may allow a remote attacker to gather sensitive information which may be used in directed and organized attacks against a host running the Gallery software. HyperMail Remote Command Execution Vulnerability BugTraq ID: 3557 Remote: Yes Date Published: Nov 19 2001 12:00A Relevant URL: http://www.securityfocus.com/bid/3557 Summary: HyperMail is free, open-source mailing list software which will take e-mail and convert it to HTML. HyperMail is prone to a vulnerability which may allow a user to execute arbitrary SSI commands on a host. Attachments sent in e-mail are not modified in any way before being archived by HyperMail. This becomes an issue if SSI is enabled on the host running HyperMail, as it is possible to upload a file with an SSI extension, such as .shtml, which contains server-side includes that will be executed when the attachment is requested. However, the root of this issue is that a user may send an attachment which an arbitrary file extension, which will then be archived. Other content may be executed on the server as a result of this vulnerability. OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability BugTraq ID: 3560 Remote: Yes Date Published: Nov 19 2001 12:00A Relevant URL: http://www.securityfocus.com/bid/3560 Summary: OpenSSH is a freely available implementation of the SSH client-server protocol. It is distributed and maintained by the OpenSSH team. A problem with the software has been discovered that could allow remote users to gain unauthorized access. The level of privilege that can be obtained through this vulnerability is currently unknown. The problem is related to the Kerberos V authentication handling by the implementation. Under some circumstances, it may be possible for an arbitrary user to gain access to a system. The only affected OpenSSH implementations are those that have compiled into the program the Kerberos V compatibility code. This is not usually built with a default compilation of OpenSSH. thttpd Basic Authentication Buffer Overflow Vulnerability BugTraq ID: 3562 Remote: Yes Date Published: Nov 20 2001 12:00A Relevant URL: http://www.securityfocus.com/bid/3562 Summary: thttpd is a web server product designed to be small, fast and secure. Basic Authentication is a feature used by web servers to require remote users to authenticate with a password before being allowed to view certain files. thttpd may support basic authentication, which must be enabled at compile time. By default, basic authentication is enabled. If thttpd attempts to authenticate a request submitted with base64 encoding, it must decode the information into a buffer. While boundary checking is done on this buffer, there is an off-by-one vulnerability. As a result, a single null character may be written past the end of the buffer, corrupting the stack. When the function call returns, this may lead to execution of arbitrary code. - Pour poster une annonce: [EMAIL PROTECTED]
