Open WebMail User Name Information Disclosure Vulnerability BugTraq ID: 6232 Remote: Yes Date Published: Nov 23 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6232 Summary:
Open Webmail is a freely available, open source web email application. It is available for Unix and Linux operating systems. A problem with Open Webmail may allow remote users to gain access to user names. It has been reported that Open Webmail reveals too much information during the authentication process. When a user enters a user name, Open Webmail returns information indicating the validity of the entered user name. This could allow remote users to gather a list of valid user names through an enumeration attack. This vulnerability could be used to launch further, more directed attacks. For example, a brute force password attack to gain access to the passwords of valid user names. Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability BugTraq ID: 6233 Remote: Yes Date Published: Nov 23 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6233 Summary: The AT-8024 and Rapier 24 switches are ethernet switches distributed by Allied Telesyn. A problem with the AT-8024 and Rapier 24 could allow a remote user to launch a denial of service attack. Under some circumstances the affected switches may cease to function properly. When a large stream of UDP data is sent to a vulnerable switch, the device becomes unstable. It has been reported that this type of attack results in a denial of service to the management interface of the device, and may also cause the device to stop routing. As this vulnerability can be exploited by sending UDP traffic, it is possible for a remote attacker to launch this type of attack and obscure the origins through header spoofing. It has been reported that this attack will work only on an open port on the Rapier 24, while an AT-8024 is vulnerable upon receiving this type of attack on any port. ** The vendor has replied stating that they were unable to replicate this vulnerability on the Rapier release 2.4.1 Patch 02. [ hardware ] WSMP3 Multiple Buffer Overflow Vulnerabilities BugTraq ID: 6239 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6239 Summary: WSMP3 is a freely available server that allows users to stream MP3 files. Several buffer overflow conditions have been reported for WSMP3. The vulnerability is due to improper bounds checking when copying data to local buffers. The vulnerabilties exist in the web_server.c file. An attacker can exploit this vulnerability by sending an overly long request, consisting of at least 1024 characters, to the vulnerable server. This will trigger the buffer overflow condition, resulting in memory corruption. Ovewriting sensitive memory with malicious values may allow an attacker to execute arbitrary code on the target system. This vulnerability has been reported for WSMP3 0.0.2 and earlier. Multiple Vendor fs.auto Remote Buffer Overrun Vulnerability BugTraq ID: 6241 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6241 Summary: By default multiple vendors include an implementation of the XFS font server, fs.auto. This service allows for X Windows systems to share font information across a network. A remotely exploitable buffer overrun condition has been reported in fs.auto. The overrun is reportedly due to inadequate bounds checking on client-supplied data prior to a sensitive memory copy operation. This occurs during the 'Dispatch()' routine. Malicious remote clients may exploit this condition to execute instructions on the target host by issuing a malicious XFS request. The instructions will execute with user 'nobody' privileges and may result in the attacker gaining local access to the host. This vulnerability has been reported fixed in XFree86 3.3.6 and later. WSMP3 Remote Heap Corruption Vulnerability BugTraq ID: 6240 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6240 Summary: WSMP3 is a freely available server that allows users to stream MP3 files. A remotely exploitable heap corruption vulnerability has been reported for WSMP3. The vulnerability occurs in the 'get_op()' function in the 'web_server.c' file, when copying user-supplied data into the 'op' buffer. By overruning the 'op' buffer, it is possible for a remote attacker to corrupt malloc() headers located in heap memory. The execution of arbitrary attacker-supplied code may be possible, when corrupted memory is referenced by the free() function. Successful exploitation of this issue may result in the remote execution of arbitrary code wiht root privileges. This vulnerability was reported for WSMP3 0.0.2 and earlier. Pserv HTTP POST Request Buffer Overflow Vulnerability BugTraq ID: 6242 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6242 Summary: Pserv (Pico Server) is a freely available web server designed for Linux and Unix variant operating systems. A buffer overflow vulnerability has been reported in Pserv. Reportedly, it is possible to overflow a local buffer by making a malicious HTTP request. Due to insufficient checks performed on user-supplied, by omitting the '\n' character from a malicious POST request, it is possible to overrun the 'token' buffer. Exploitation of this issue will result in a denial of service. Although it has not been confirmed, it may be possible for an attacker to execute arbitrary code. This vulnerability was reported for Pserv 2.0 beta 3. It is likely that earlier versions are affected. NetScreen Malicious URL Filter Bypassing Vulnerability BugTraq ID: 6245 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6245 Summary: NetScreen is a line of Internet security appliances integrating firewall, VPN and traffic management features. ScreenOS is the software used to manage and configure the firewall. NetScreen supports Microsoft Windows 95, 98, ME, NT and 2000 clients. A vulnerability has been reported for NetScreen. An administrator is able to restrict access to certain URLs by defining a malicious URL pattern. Reportedly, it is possible to circumvent rules for malicious URLs by fragmenting the request. An attacker can exploit this vulnerability to access URLs that are normally unaccessible to hosts behind the NetScreen appliance. This vulnerability was reported for NetScreen appliances using ScreenOS v3.0.1r2.0. Older versions of ScreenOS are likely to be affected as well. [ hardware ] NetScreen H.323 Control Session Denial Of Service Vulnerability BugTraq ID: 6250 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6250 Summary: NetScreen is a line of Internet security appliances integrating firewall, VPN and traffic management features. ScreenOS is the software used to manage and configure the firewall. NetScreen supports Microsoft Windows 95, 98, ME, NT and 2000 clients. H.323 is a network specification to guarantee a certain QoS (Quality of Service) for video and audio conferencing applications. A denial of service vulnerability has been reported for all NetScreen appliances related to the processing of H.323 control sessions. The vulnerability is due to inadequate clean up of existing, half-open H.323 control sessions that can eventually result in the consumption of all firewall session table entries. This vulnerability has been reported to only affect NetScreen appliance configurations that explicitly permit the forwarding of H.323 or Netmeeting traffic. This vulnerability only affects ScreenOS versions 2.8 and later. [ hardware ] NetScreen ScreenOS Predictable Initial TCP Sequence Number Vulnerability BugTraq ID: 6249 Remote: Yes Date Published: Nov 25 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6249 Summary: NetScreen is a line of Internet security appliances integrating firewall, VPN and traffic management features. ScreenOS is the software used to manage and configure the firewall. NetScreen supports Microsoft Windows 95, 98, ME, NT and 2000 clients. NetScreen has discovered a vulnerability in the algorithms used by ScreenOS to generate initial TCP sequence numbers. The ability to predict TCP sequence numbers may allow a remote attacker to inject packets into a vulnerable data stream. It may also be possible for an attacker to launch man-in-the-middle attacks or hijack network sessions which would allow her to bypass any necessary authentication procedures. For this issue to be exploitable the attacker must be able to access to network session traffic, possibily requiring access to a local network. [ hardware ] Netscape/Mozilla POP3 Mail Handler Integer Overflow Vulnerability BugTraq ID: 6254 Remote: Yes Date Published: Nov 26 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6254 Summary: The Netscape Communicator and Mozilla browsers include support for email, and the ability to fetch mail through a POP3 server. Both products are available for a range of platforms, including Microsoft Windows and Linux. An integer overflow vulnerability has been reported for the Netscape/Mozilla POP3 mail handler routines. These routines are found in 'mozilla/mailnews/local/src/nsPop3Protocol.cpp'. Reportedly, insufficient checks are performed on some server-supplied values. Specifically, the value for m_pop3ConData->number_of_messages is not sufficiently checked for large values. An attacker may exploit this vulnerability through an attacker-controlled POP3 server. By issuing a very large integer value that is used by the Netscape/Mozilla POP3 mail handler, it may be possible to cause the integer overflow condition and allocate a buffer that is too small. A buffer overflow condition may result if the malicious attacker-controlled server attempts to write into the buffer at a location beyond the boundary of what was actually allocated. Successful exploitation of this vulnerability may allow an attacker to obtain control over the execution of the vulnerable Netscape/Mozilla process. Bugzilla quips Feature Cross Site Scripting Vulnerability BugTraq ID: 6257 Remote: Yes Date Published: Nov 26 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6257 Summary: Bugzilla is a freely available, open source bug tracking software package. It is available for Linux, Unix, and Microsoft Operating Systems. A cross site scripting vulnerability has been reported for Bugzilla. This vulnerability only affects users who have the 'quips' feature enabled. The quips feature is designed to put short, user-supplied comments at the top of bug lists. Reportedly, Bugzilla does not properly sanitize any input submitted by users. As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running Bugzilla. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. - Pour poster une annonce: [EMAIL PROTECTED]
