CVS Daemon RCS Off By One Local Buffer Overflow Vulnerability BugTraq ID: 4829 Remote: No Date Published: May 25 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4829 Summary:
CVS is the concurrent versioning system. CVS is a freely available, open source software development package for the Unix, Linux, and Microsoft Windows platforms. A problem with the software could make it possible for an attacker to gain elevated privileges. Due to a boundry condition error, it may be possible for a local attacker to execute arbitrary code. The rcs.c file contains an off-by-one error that could result in an attacker overwriting portions of stack memory, and executing arbitrary code. This problem could result in an attacker gaining access to the CVS archives with the privileges of the CVS user. This could allow an attacker to alter source code within the CVS archive, and potentially backdoor source code. ECS K7S5A Boot Menu Access Vulnerability BugTraq ID: 4866 Remote: No Date Published: May 28 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4866 Summary: K7S5A is a line of mainboards manufactured and distributed by ECS. A problem with the firmware could make it possible for a user with physical access to the system to circumvent bios security measures. The firmware distributed with K7S5A boards may allow users with physical access to systems to boot of alternative media. Though the firmware allows the setting of administrative passwords and specification of default boot media, it does not protect the boot menu. With access to the boot menu, arbitrary media such as a floppy or CD may be booted from. This makes it possible for users with physical access to the system to boot off an arbitrary medium. This could lead to compromise of the operating system, and integrity of data. [ hardware ] Firestorm IDS IP Options Decoding Denial Of Service Vulnerability BugTraq ID: 4871 Remote: Yes Date Published: May 28 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4871 Summary: Firestorm IDS is a freely available, open source intrusion detection package. It is maintained by public domain. A problem with Firestorm IDS could make it possible to crash the software. Firestorm IDS may become unstable when handling certain IP options. It has been reported that Firestorm IDS can be caused to crash when it has received traffic with specific IP options set. This could result in a denial of service. The problem is likely due to a memory management bug, though this is unconfirmed. If this is the case, it may additionally be possible to execute arbitrary code on a vulnerable IDS implementation. The code would be executed with the privileges of the Firestorm IDS user. IRSSI Trojaned Configure File Arbitrary Access Vulnerability BugTraq ID: 4831 Remote: Yes Date Published: May 25 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4831 Summary: irssi is a freely available, open source irc client. irssi is available for the Linux and Unix operating systems. A problem with the client could make it possible for a remote user to gain control of a users account. The server hosting irssi was compromised at some point. After being compromised, the source code to irssi was altered to include a backdoor. This backdoor allowed a user from the IP address 204.120.36.206 to remotely execute commands on the host that irssi was installed on. The source code is known to have been trojaned between the beginning of April, and end of May. Downloads of the source during this time likely contain the trojan code. This problem could lead to a remote attacker gaining access to system with the privileges of the irssi process. This problem could additionally lead to further compromise. TightVNC Plain Text Password Storage Vulnerability BugTraq ID: 4835 Remote: No Date Published: May 25 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4835 Summary: TightVNC is a VNC (Virtual Network Computing) distribution maintained by Constantin Kaplinsky. An issue has been reported in versions of TightVNC for Windows, which may potentially disclose authentication credentials to attackers. TightVNC stores authentication information in plaintext on the local system in the password text control of the WinVNC Properties dialog. As a result, it may be possible for a local user to steal authentication credentials for the service. The attacker may then access the service as that user. TightVNC versions prior to 1.2.4 may be susceptible to this issue. AMANDA amindexd Remote Buffer Overflow Vulnerability BugTraq ID: 4836 Remote: Yes Date Published: May 27 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4836 Summary: AMANDA (Advanced Maryland Automatic Network Disk Archiver) is a system for backing up multiple hosts onto a single tape drive. It will run on most Unix and Linux variants. The AMANDA amindexd daemon is prone to a remotely exploitable buffer overflow condition. This condition is due to insufficient bounds checking of command strings. Overly long command strings (260+ bytes) may cause stack variables such as the return address to be overwritten. This vulnerability may be exploited by remote attackers to run arbitrary instructions as root, leading to a complete compromise of the host running the vulnerable software. The amindexd daemon runs on port 10082. This issue was reported for AMANDA 2.3.0.4, which is an older release. Other versions may also be affected. TightVNC Listening Viewer Multiple Non-Shared Connections DoS Vulnerability BugTraq ID: 4839 Remote: Yes Date Published: May 25 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4839 Summary: TightVNC is a VNC (Virtual Network Computing) distribution maintained by Constantin Kaplinsky. A vulnerability has been reported in versions of TightVNC for Windows. It is reportedly possible for maliciouis clients to crash the listening viewer. The viewer will fail if a client establishes a number of non-shared connections. This issue exists in versions of TightVNC prior to 1.2.4. Successful exploitation of this issue will shut down the listening viewer. A restart of the service may be required in order to regain normal functionality. AMANDA amcheck Local Buffer Overflow Vulnerability BugTraq ID: 4840 Remote: No Date Published: May 27 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4840 Summary: AMANDA (Advanced Maryland Automatic Network Disk Archiver) is a system for backing up multiple hosts onto a single tape drive. It will run on most Unix and Linux variants. The AMANDA amcheck component is prone to a locally exploitable buffer overflow condition. The amcheck utility is installed setuid root by default. The overflow condition is due to insufficient bounds checking when processing command line input. It is possible for remote attackers to overwrite the stack frame of the affected function when amcheck is invoked with an oversized command parameter. It should be noted that amcheck may only be executed by the user/group 'operator'. Only attackers with sufficient privileges to execute amcheck may exploit this vulnerability. This issue was reported for AMANDA 2.3.0.4, which is an older release. Other versions may also be affected. 3Com OfficeConnect ADSL Router Port Address Translation Access Control Bypassing Vulnerability BugTraq ID: 4841 Remote: Yes Date Published: May 27 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4841 Summary: OfficeConnect ADSL routers are a hardware and switch solution distributed by 3Com. A problem with the router could make it possible for remote users to gain unauthorized access to systems. The problem is in the handling of port address translation. Port Address Translation (PAT) is functionality built into an OfficeConnect router to allow redirection of some traffic. PAT works by taking connections to specific ports on an OfficeConnect router, and redirecting them to a system behind the router, specified in the firmware configuration. Under some circumstances, it may be possible for a remote user to gain unauthorized access to information systems behind a 3Com OfficeConnect router. The OfficeConnect does not properly handle PAT, and may allow a remote attacker to connect to arbitrary ports on a system behind a PAT rule. An attacker sending a connection to PAT port will be routed to the system behind the PAT rule. If an additional connection attempt on a different port is attempted immediately after the PAT connection, the router will relay the connection to the appropriate port on the system with which the PAT connection exists. This could give an attacker unauthorized access to a system, and could additionally result in the compromise of insecure systems. [ hardware ] [ plus PHP, Opera, etc ] - Pour poster une annonce: [EMAIL PROTECTED]
