Sendmail DNS Map TXT Record Buffer Overflow Vulnerability BugTraq ID: 5122 Remote: Yes Date Published: Jun 28 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/5122 Summary:
Sendmail is a freely available, open source mail transport agent. It is available for most Unix and Linux operating systems. A problem with Sendmail has been reported that may allow remote code execution. The problem is in the handling of some types of DNS records. A buffer overflow in the DNS handling code of Sendmail has been discovered. Sendmail attempting to map an address using a TXT query type does not properly check bounds on data returned from the nameserver. Because of this, a malicious nameserver could send a string of arbitrary length to the mail server, resulting in a buffer overflow, and potential code execution. It has been asserted by the Sendmail Consortium that there are no known configurations that use this type of DNS mapping. Because of this, the likelihood of exploitation is considered to be low, and has been called "theoretical" by the Sendmail Consortium. If the vulnerability were to be exploited by a malicious nameserver, code would be executed on the vulnerable system with the privileges of the sendmail program. As this program is typically a root-owned process, this could result in root-level compromise of a vulnerable system. F2HTML.PL SQL Injection Vulnerability BugTraq ID: 5123 Remote: No Date Published: Jun 28 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/5123 Summary: f2html.pl is a Perl script which searches recursively through directories looking for certain types of files, and then creates a HTML page containing directory listings. It stores listings in a database. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems. The f2html.pl script does not sufficiently validate filenames before passing them into SQL queries. In the instance that f2html.pl is used to search a directory which may be accessible to untrusted local users, it may be possible to launch a SQL injection attack via a maliciously crafted filename. An attacker may exploit this condition to modify the logic of SQL queries. Bonobo EFSTool Commandline Argument Buffer Overflow Vulnerability BugTraq ID: 5125 Remote: No Date Published: Jun 29 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/5125 Summary: Bonobo is a set of tools and CORBA interfaces included as part of the Gnome infrastructure. It is designed for use on the Linux and Unix operating systems. A problem with the efstool component of Bonobo could make it possible for a local user to gain elevated privileges. The problem is in the handling of long strings. A boundry condition error has been discovered in the efstool program. Due to improper bounds checking, it is possible for a user to supply a long commandline argument to the efstool program, which would result in a buffer overflow. This problem could be exploited on the local system to overwrite stack memory, including the return address, and execute attacker supplied code. It should be noted that recent versions of the efstool program are not installed with setuid privileges. However, older versions of the Bonobo package install this program as a setuid root executable. Due to the default permissions of this program, an attacker could exploit this program to execute code as root. Simple WAIS Interface Arbitrary Command Execution Vulnerability BugTraq ID: 5127 Remote: Yes Date Published: Jun 29 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/5127 Summary: The Simple WAIS interface is an integrated interface to the WAIS system. It is designed for use on Unix and Linux operating systems. A problem with the interface could allow arbitrary command execution. The problem is in the handling of some types of input. The Simple WAIS interface does not properly handle some types of input. Because of the insufficient santizing of user-supplied input, it is possible for a user with access to the interface to execute arbitrary commands with the privileges of the SWAIS daemon. By passing a search to the interface with a pipe symbol (|) followed by a command, a user could execute commands on the local system. This problem could allow a remote attacker with access to the wais interface to execute arbitrary commands, and potentially gain access to the vulnerable host with the privileges of the SWAIS daemon. Betsie Parserl.PL Cross-Site Scripting Vulnerability BugTraq ID: 5135 Remote: Yes Date Published: Jul 01 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/5135 Summary: Betsie (BBC Education Text to Speech Internet Enhancer) is a script to supports users of text to speech systems for web browsing. It is written in Perl and will run on Microsoft Windows operating systems as well as Unix and Linux variants. Betsie is prone to a cross-site scripting vulnerability. This issue exists in the parserl.pl script. The vulnerable script fails to sanitize HTML tags from CGI parameters. Attackers may exploit this condition via a malicious link to a site running the vulnerable software. Successful exploitation will enable an attacker to cause script code to be executed in the web browser of a user who visits the malicious link. The attacker's script code will be executed in the context of the site running the vulnerable software. Attackers may exploit this condition to steal cookie-based authentication credentials from legitimate users. Slashcode Paragraph Tag Script Injection Vulnerability BugTraq ID: 5140 Remote: Yes Date Published: Jul 02 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/5140 Summary: SlashCode is a bulletin board, discussion and portal framework. It is widely used, and is behind the popular Slashdot page. Reportedly, a vulnerability exists only for sites that are running some CVS versions of SlashCode. It may be possible for a malicious user of the system to inject arbitrary HTML code into content generated by the SlashCode system. When this content is viewed by a legitimate user of the system, attacker supplied JavaScript code will execute within the context of the SlashCode based site. The attacker supplied code would be able to access cookie data, including authentication credentials, and to take actions on the vulnerable site as the currently authenticated user. This issue has been reported to exist in the handling of the HTML paragraph tag. The following partial exploit has been provided: <p > onMouseOver..insert javascript here...> ** It has been reported that this issue only exists in CVS versions of SlashCode from between June 17 and July 1 2002. [ et les probl�mes usuels avec les `guestbooks' et les softs en PHP ] - Pour poster une annonce: [EMAIL PROTECTED]
