PHPNuke Cross-Site Scripting Vulnerability BugTraq ID: 3609 Remote: Yes Date Published: Dec 03 2001 12:00A Relevant URL: http://www.securityfocus.com/bid/3609 Summary:
PHPNuke is a website creation/maintenance tool. PHPNuke is prone to cross-site scripting attacks. HTML tags are not filtered from links to the 'user.php' script. The 'user.php' script, used to view user information, accepts a variable called 'uname'. The value of this variable is not sanitized before it is included in PHP generated HTML, output to the client. As a result, it is possible to create a link to this page on a PHPNuke site, which contains malicious script code. When the link is clicked by an unsuspecting web user, the malicious script code will be executed on the user in the context of the site running PHPNuke. This attack may be used to steal a user's cookie-based authentication credentials for the vulnerable PHPNuke site. PostNuke is also reportedly vulnerable. OpenSSH UseLogin Environment Variable Passing Vulnerability BugTraq ID: 3614 Remote: No Date Published: Dec 04 2001 12:00A Relevant URL: http://www.securityfocus.com/bid/3614 Summary: OpenSSH is a freely available, open source implementation of the Secure Shell protocol. It is maintained by members of the OpenBSD team. A problem has been discovered in OpenSSH that could allow local users to gain elevated privileges. OpenSSH allows for certain environment variables to be set when users log in with specific keys. When the server is configured to use 'login' via the UseLogin config flag, these environment variables are set for the 'login' process. This behaviour could be exploited by a local attacker to load arbitrary shared libraries for 'login' via LD_PRELOAD resulting in the execution of arbitrary code with elevated privileges. If the UseLogin flag is set, local users can gain root privileges. UseLogin is not enabled by default. Frox FTP Cache Retrieval Buffer Overflow Vulnerability BugTraq ID: 3606 Remote: Yes Date Published: Nov 30 2001 12:00A Relevant URL: http://www.securityfocus.com/bid/3606 Summary: Frox is a freely available, open source FTP proxy software package. It is maintained by public domain, and indexed by Sourceforge. A problem in the software has been discovered that could allow users to gain elevated privileges. The problem is in the handling of long path names. This problem manifests itself only when the ftp proxy is set to cache ftp downloads. Due to improper bounds checking, it is possible for a file located at the end of a long path name to overflow a buffer in the frox program. This could lead to the overwriting of stack variables, including the return address, and result in the execution of code with the privileges of the frox program. This makes it possible for a malicious ftp server to spawn a shell allowing local access on a system running the vulnerable software. The frox program is typically not a root-run process. - Pour poster une annonce: [EMAIL PROTECTED]
