Courier SqWebMail File Disclosure Vulnerability BugTraq ID: 6189 Remote: Yes Date Published: Nov 15 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6189 Summary:
Courier SqWebMail is a CGI application used to send and receive email using 'Maildir' mailboxes. An information disclosure vulnerability has been reported for SqWebMail. In some circumstances, it has been reported that SqWebMail does not drop privileges fast enough upon startup. An attacker can exploit this vulnerability to execute SqWebMail and obtain access to potentially sensitive files. Precise technical details regarding this vulnerability are not yet known. This BID will be updated as more information becomes available. Lonerunner Zeroo HTTP Server Remote Buffer Overflow Vulnerability BugTraq ID: 6190 Remote: Yes Date Published: Nov 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6190 Summary: Zeroo HTTP server is a freely available, open source web server. It is available for the Linux and Microsoft Windows platforms. A problem with Zeroo HTTP server could lead to remote code execution. It has been reported that Zeroo HTTP server does not sufficiently check bounds on some requests. This occurs when a string of excessive length is received by the server. This can result in the overwriting of stack memory, and potential code execution. It is not required that this data be sent in HTTP request format. Sending a string of 1024 bytes or greater to the server without structure has been reported to reproduce this issue. Previous versions of the software may also be affected. Nullmailer Invalid User Denial Of Service Vulnerability BugTraq ID: 6193 Remote: Yes Date Published: Nov 18 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6193 Summary: Nullmailer is a simple relay-only mail transport agent. It is available for the Unix and Linux operating systems. A denial of service vulnerability has been discovered in nullmailer. When attempting to deliver an email message to a non-existent user, an unknown user error will occur. Upon processing this error nullmailer will cease to deliver any pending mail in the mail queue. By crafting a malicious email to a non-existent user on a vulnerable system, it is possible for an attacker to exploit this issue. This will result in a denial of service as nullmailer will fail to deliver any email. This issue was reported in v1.00RC5 of nullmailer. It is not yet known whether earlier versions are affected. DHCPCD Character Expansion Remote Command Execution Vulnerability BugTraq ID: 6200 Remote: Yes Date Published: Nov 18 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6200 Summary: dhcpcd is an RFC2131 and RFC1541 compliant DHCP client daemon. It is available for the Linux operating system. dhcpcd must be run with root privileges. When assigning an IP address to a network interface, dhcpcd may execute an external script, '/sbin/dhcpd-<interface>.exe'. This is an optional configuration that must be setup manually on Conectiva systems (others are not confirmed) by copying the script into /sbin/. The script 'dhcpcd-<interface>.exe' uses values from '/var/lib/dhcpcd/dhcpcd-<interface>.info', which originate from the DHCP server. A lack of input validation on this data may make it possible for commands injected by a malicious DHCP server to be executed through the use of shell metacharacters such as ';' and '|'. These commands may run with root privileges. This issue was discovered in dhcpd-1.3.22-pl1. Linksys Router Unauthorized Management Access Vulnerability BugTraq ID: 6201 Remote: Yes Date Published: Nov 18 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6201 Summary: Linksys DSL routers are high-speed internet access solutions distributed by the Linksys Group. Linksys DSL routers offer features such as high-speed internet access, switching built into some routers, and Voice-over-IP. A vulnerability has been reported in various Linksys routers, during the initial negotiation stage. It has been reported that the vulnerable routers fail to handle XML-related data transmitted by clients during initialization of a session with the management server (on TCP port 8080 of the internal interface). According to the report, authentication is bypassed completely when the browser Lynx is used to connect to the management interface and a mailcap entry exists for "application/foo.xml". It is not clear why or how this occurs and the details have not been verified by Linksys. It should be noted that this issue must be exploited within an internal network, unless the remote management feature is enabled on the router. [ hardware ] Mhonarc Mail Header HTML Injection Vulnerability BugTraq ID: 6204 Remote: Yes Date Published: Nov 19 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6204 Summary: MHonArc is a Perl program designed to automatically parse email into a HTML based archive format. A vulnerability has been discovered in MHonArc when configured to display full message headers in HTML format. It may be possible for an attacker to trigger this vulnerability by constructing a malicious email containing malicious HTML code in a message header. When messages are converted, by MHonArc, to HTML and displayed via the web, arbitrary attacker-supplied HTML code will be executed within the context of the displayed web page. - Pour poster une annonce: [EMAIL PROTECTED]
