Eric Prevoteau DCTC NULL Byte Denial Of Service Vulnerability BugTraq ID: 5781 Remote: Yes Date Published: Sep 23 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5781 Summary:
DCTC (Direct Connect Text Clone) is a text based interface to the Direct Connect network for Linux operating environments. A vulnerability has been reported for DCTC 0.83.3 that results in the client crashing. This vulnerability occurs due to inadequate checks when processing requests. The DCTC client will crash if it receives a string that contains a NULL byte. When the client attempts to parse the string, it results in the DCTC client crashing thereby leading to a denial of service condition. The vulnerability occurs in the file, dc_manage.c. This vulnerability is no longer present in DCTC 0.83.4. Apache Tomcat DefaultServlet File Disclosure Vulnerability BugTraq ID: 5786 Remote: Yes Date Published: Sep 24 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5786 Summary: Tomcat is a popular web server and JSP/Servlet container that is developed by Apache as part of the Jakarta project. The servlet "org.apache.catalina.servlets.DefaultServlet" is included with Tomcat by default. A file disclosure vulnerability has been reported in DefaultServlet. An attacker may cause the contents of "target.jsp" to be output by making a request for the servlet in the following format: http://target/servlets/org.apache.catalina.servlets.DefaultServlet/target.jsp Attackers may exploit this vulnerability to view the contents of arbitrary files within the webroot. This includes JSP source code which may contain sensitive data such as database usernames and passwords. HP Procurve 4000M Switch Device Reset Denial Of Service Vulnerability BugTraq ID: 5784 Remote: Yes Date Published: Sep 24 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5784 Summary: The HP Procurve 4000M is a extremely common, managed switch, which provides scalable ethernet switching. When multiple Procurve switches are used interconnected, it is common practice for an administrator to enable a feature allowing each switch to be viewed through a single interface, accessible via the web. It has been reported that HP Procurve Switches are vulnerable to a denial of service attack due to a flaw discovered in the remote interface. It is possible for an attacker to reset member switches by issuing a device reset command to a vulnerable device. Devices can be reset with the following request: http://<IP ADDRESS>/sw2/cgi/device_reset? Vulnerable devices do not require authentication before accepting this command. Multiple device reset commands could result in a complete denial of service of all interconnected switches. It should be noted that the web interface is not enabled by default. [ hardware ] Apache Oversized STDERR Buffer Denial Of Service Vulnerability BugTraq ID: 5787 Remote: Yes Date Published: Sep 24 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5787 Summary: Apache is an freely available, open-source webserver. It runs on a number of operating systems including Unix and Linux variants and Microsoft Windows. Apache is prone to a denial of service condition when an excessive amount of data is written to stderr. This condition reportedly occurs when the amount of data written to stderr is over the default amount allowed by the operating system. When the condition is triggered, the webserver will hang, resulting in a denial of service. To regain service, the webserver process must be restarted. This may potentially be an issue in web applications that write user-supplied data to stderr. Additionally, locally based attackers may exploit this issue. This issue has been confirmed in Apache 2.0.39/2.0.40 on Linux operating systems. Apache on other platforms may also be affected. This issue does not appear to be present in versions prior to 2.0.x. Monkey HTTP Server File Disclosure Vulnerability. BugTraq ID: 5792 Remote: Yes Date Published: Sep 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5792 Summary: Monkey is an open source Web server written in C, based on the HTTP/1.1 protocol. It is available for the Linux platform. A directory traversal bug has been discovered in Monkey HTTP server. It is possible for an attacker to bypass Monkeys input validation by constructing a request containing an extra slash, appended with a typical directory traversal string containing "dot-dot-slash" sequences (../). For example: http://vulnerable.com//../../../sensitive/file By exploiting this issue an attacker can potentially break out of the web root and gain access to arbitrary web server readable files. Zope Incorrect XML-RPC Request Information Disclosure Vulnerability BugTraq ID: 5806 Remote: Yes Date Published: Sep 26 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5806 Summary: Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems. A vulnerability has been reported for Zope 2.5.1 and earlier. Reportedly, Zope does not handle XML-RPC requests properly. Specially crafted XML-RPC requests may cause Zope to respond to a request with an error page with system specific details. An attacker can exploit this vulnerability by making a special XML-RPC request to the Zope server. Zope will fail when attempting to process this request and will divulge sensitive information to the attacker. It has also been reported that this vulnerability exists even when starting Zope without the '-D' option. This could result in information disclosure, and could potentially be used to gain intelligence in launching an attack against a system. Interbase GDS_Lock_MGR UMask File Permission Changing Vulnerability BugTraq ID: 5805 Remote: No Date Published: Sep 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5805 Summary: Interbase is a SQL database distributed and maintained by Borland. It is available for Unix and Linux operating systems. A problem with Interbase may make it possible for a local user to gain elevated privileges. The gds_lock_mgr program within Interbase is typically installed setuid. This program does not properly handle user-supplied umasks, and may allow the creation of files with insecure permissions as a privileged user. When executed, the gds_lock_mgr program creates a predictable temporary file. Combined with the flaw in the umask handling, a user can execute a symbolic link attack to create an arbitrary file with insecure permissions as a privileged user. This could result in the user gaining elevated privileges. GV Malformed File Local Buffer Overflow Vulnerability BugTraq ID: 5808 Remote: No Date Published: Sep 26 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5808 Summary: gv is a freely available, open source Portable Document Format (PDF) and PostScript (PS) viewing utility. It is available for Unix and Linux operating systems. A problem with gv could make it possible for an attacker to execute arbitrary code in the security context of a local user. It has been reported that an insecure sscanf() function exists in gv. Due to this function, an attacker may be able to put malicious code in the %%PageOrder: portion of a file. When this malicious file is opened with gv, the code would be executed in the security context of the local user. It should be noted that this vulnerability may also affect other packages. As gv is originally derived from the 1.5 release of GhostView, this vulnerability may affect GhostView releases also. WatchGuard Firebox VClass CLI Interface Format String Vulnerability BugTraq ID: 5814 Remote: Yes Date Published: Sep 27 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5814 Summary: Firebox is the firewall solution designed and distributed by WatchGuard. Firebox is designed as an enterprise level firewall with security features and filtering customizations. A format string vulnerability has been reported for the Firebox Vclass and legacy RSSA line of security appliances. The vulnerability is due to inadequate checking of user-supplied input for passwords in the CLI (command line interface) binary. A remote attacker is able to supply a password comprised of malicious format specifiers. This may result in memory being overwritten by remote attackers, possibly to execute arbitrary code. Any attacker-supplied code will executed with root privileges. A remote attacker can exploit this vulnerability to fully compromise a vulnerable Firebox Vclass appliance. [ hardware ] WatchGuard Firebox VClass CLI Interface Improperly Terminated Connection Vu$ BugTraq ID: 5815 Remote: Yes Date Published: Sep 27 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5815 Summary: Firebox is the firewall solution designed and distributed by WatchGuard. Firebox is designed as an enterprise level firewall with security features and filtering customizations. A vulnerability has been reported that affects Firebox Vclass security appliances as well as legacy RSSA (RapidStream Security Appliances) devices. The vulnerability is due to the CLI (command line interface) binary failing to properly terminate a failed login connection. This results in an attacker having access to the CLI with administrative privileges. The vulnerability occurs because the CLI binary, which is used for authentication, fails to properly check for authentication credentials. When a remote attacker logs in to the security appliance with a '-N' option, the connection is not properly terminated. The '-N' option is used to disable execution of remote commands. An attacker can exploit this vulnerability by attempting to authenticate with a '-N' option. When the authentication fails, the connection will not be closed and thus the attacker has access to the CLI binary with administrative privileges. [ hardware ] Apache 2 mod_dav Denial Of Service Vulnerability BugTraq ID: 5816 Remote: Yes Date Published: Sep 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5816 Summary: The Apache HTTP Server a popular open-source HTTP server for multiple platforms, including Windows and Unix. Apache ships with the Distributed Authoring and Versioning component (mod_dav). A vulnerability has been discovered in the mod_dav component, under certain configurations, which could allow for a remote attacker to cause a denial of service. By sending a maliciously constructed HTTP request to a Apache server specifically configured with certain back-end providers, it is possible to cause mod_dav to reference a NULL pointer. The HTTP request can not be issued from a browser. The request must be constructed via a DAV client or exploit program. Zope ZCatalog Plug-In Remote Method Vulnerability BugTraq ID: 5812 Remote: Yes Date Published: Sep 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5812 Summary: Zope is a freely available, open source content management system. It is available for Unix, Linux, and Microsoft operating systems. It has been reported that a problem in Zope may lead to users gaining access to intended information. Under some circumstances, it may be possible for a remote user to take advantage of the plug-ins functionality of ZCatalog, included with the Zope package. Due to insecure default settings, it may be possible for remote users to call arbitrary methods of catalog indexes anonymously. It should also be noted that untrusted code run on the Zope system could also allow the calling of arbitrary methods, and potentially call malicious catalog indexes. Zope Through The Web Code Remote Denial Of Service Vulnerability BugTraq ID: 5813 Remote: Yes Date Published: Sep 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5813 Summary: Zope is a freely available, open source content management system. It is available for Unix, Linux, and Microsoft operating systems. A problem with Zope could make it possible for a remote user to launch a denial of service. Zope systems that permit users to write "Through The Web Code" could be vulnerable to a denial of service. Due to insufficient validation of input, it is possible for a remote user to submit a malicious piece of code that will result in the shutdown of the vulnerable Zope server. It should be noted that if a system running a vulnerable version of the software allows remote users to write Python Scripts, DTML Methods, or Page Templates via "Through The Web Code," the system is vulnerable to denial of service. - Pour poster une annonce: [EMAIL PROTECTED]
