Rappel des r�gles:
- seulement logiciel libre
- exception: mat�riel embarqu�
- on ne traite pas les innombrables probl�mes de s�curit� des scripts
CGI Perl et PHP.
Bogofilter Bogopass Insecure Temporary File Creation Vulnerability
BugTraq ID: 6278
Remote: No
Date Published: Nov 29 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6278
Summary:
Bogofilter is a package used to filter spam from incoming email. It is
available for Linux and Unix variant operating environments. Bogopass is a
Perl script included with Bogofilter.
Reportedly, bogopass creates temporary files in a predictable manner.
Specifically, temporary files will be created in '/tmp' as
'bogopass.<PID>'. As a result, it is possible for local attackers to read
or corrupt files readable by the bogopass process. An attacker could
potentially exploit this issue by creating a symbolic link in place of the
temporary file which is created. Any actions performed by bogopass when it
is executed will be performed on the file pointed to by the symbolic link.
An attacker may exploit this vulnerability to read, or corrupt,
potentially critical system files.
SuidPerl Information Disclosure Vulnerability
BugTraq ID: 6282
Remote: No
Date Published: Nov 29 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6282
Summary:
SuidPerl is the Perl interpreter for setuid Perl scripts. It is included
with distributions of the Perl package and is available for Linux and Unix
variant operating environments.
An information disclosure vulnerability has been reported for SuidPerl.
Reportedly, it is possible for an attacker to determine whether files
exist in non-accessible directories.
An attacker can exploit this vulnerability by invoking suidperl with an
absolute filename to determine whether the file exists. When run in this
manner, suidperl will return with a message that confirms the existence of
a file.
Information obtained in this manner may allow an attacker to launch
further, potentially damaging, attacks against a vulnerable system.
Pserv Stream Reading Buffer Overflow Vulnerability
BugTraq ID: 6283
Remote: Yes
Date Published: Nov 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6283
Summary:
Pserv (Pico Server) is a freely available web server designed for Linux
and Unix variant operating systems.
A buffer overflow vulnerability has been reported in Pserv. The buffer
overflow condition is due to the way Pserv handles data streams from
remote connections. Pserv reads 1024 bytes from a connected socket. Due to
some flaws when processing the data, it may be possible to corrupt
sensitive memory on the system stack.
Reportedly, it is possible to overflow a local buffer and corrupt memory
by issuing a request that is exactly 1024 bytes. This may cause the web
server to exhibit signs of unpredictable behaviour. Although it has not
been confirmed, it may be possible for an attacker to execute arbitrary
code.
Pserv Request Method Buffer Overflow Vulnerability
BugTraq ID: 6284
Remote: Yes
Date Published: Nov 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6284
Summary:
Pserv (Pico Server) is a freely available web server designed for Linux
and Unix variant operating systems.
A buffer overflow vulnerability has been reported in Pserv. The buffer
overflow condition is due to the way Pserv handles data streams from
remote connections. Reportedly, Pserv reads 1024 bytes at a time from a
connected socket but fails to allocate sufficient space in local buffers
for the data. Specifically, in the request method, defined in the
'analyzeRequest()' function in 'main.c', Pserv only allocates 16 bytes of
space. Due to this, it may be possible to corrupt sensitive memory on the
system stack.
This may cause the web server to exhibit signs of unpredictable behaviour.
Although it has not been confirmed, it may be possible for an attacker to
execute arbitrary code.
Pserv HTTP Version Specifier Buffer Overflow Vulnerability
BugTraq ID: 6285
Remote: Yes
Date Published: Nov 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6285
Summary:
Pserv (Pico Server) is a freely available web server designed for Linux
and Unix variant operating systems.
A buffer overflow vulnerability has been reported in Pserv. The buffer
overflow condition is due to the way Pserv handles data streams from
remote connections. Reportedly, Pserv reads 1024 bytes at a time from a
connected socket but fails to allocate sufficient space in local buffers
for the data.
An attacker can exploit this vulnerability by issuing an overly long HTTP
request with an invalid HTTP version specifier. Specifically, in the
request method, defined in the 'analyzeRequest()' function in 'main.c',
Pserv only allocates 16 bytes of space for the data. Due to this, it may
be possible to corrupt sensitive memory on the system stack.
This may cause the web server to exhibit signs of unpredictable behaviour.
Although it has not been confirmed, it may be possible for an attacker to
execute arbitrary code.
Pserv User-Agent HTTP Header Buffer Overflow Vulnerability
BugTraq ID: 6286
Remote: Yes
Date Published: Nov 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6286
Summary:
Pserv (Pico Server) is a freely available web server designed for Linux
and Unix variant operating systems.
A buffer overflow vulnerability has been reported in Pserv. The buffer
overflow condition is due to the way Pserv handles data streams from
remote connections.
An attacker can exploit this vulnerability by issuing an overly long HTTP
request with an invalid User-Agent header. Specifically, in the request
method, defined in the 'analyzeRequest()' function in 'main.c', Pserv only
allocates 256 bytes of space for the data that can be as large as 1011
bytes. Due to this, it may be possible to corrupt sensitive memory on the
system stack.
This may cause the web server to exhibit signs of unpredictable behaviour.
Although it has not been confirmed, it may be possible for an attacker to
execute arbitrary code.
Pserv HTTP Request Parsing Buffer Overflow
BugTraq ID: 6287
Remote: Yes
Date Published: Nov 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6287
Summary:
Pserv (Pico Server) is a freely available web server designed for Linux
and Unix variant operating systems.
A buffer overflow vulnerability has been reported in Pserv. The buffer
overflow condition is due to the way Pserv handles data streams from
remote connections.
An attacker can exploit this vulnerability by issuing an overly long HTTP
request. Specifically, in the 'handleMethod()' function in 'main.c', Pserv
attempts to concatenate supplied data with the absolute path for the web
document root folder. The supplied input may be as large as 1024 bytes,
however, Pserv does not take this into account when allocating space on
the system stack. Due to this, it may be possible to corrupt sensitive
memory on the system stack.
This may cause the web server to exhibit signs of unpredictable behaviour.
Although it has not been confirmed, it may be possible for an attacker to
execute arbitrary code.
libSieve Header Name Buffer Overrun Vulnerability
BugTraq ID: 6294
Remote: Yes
Date Published: Dec 02 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6294
Summary:
Sieve is a language that can be used to create filters for electronic
mail. It is operating system independant. A vulnerability has been
discovered in the Sieve library, used by various software programs.
A buffer overflow condition exists in libSieve when processing header
names. This is due to insufficient bounds checking of user-supplied input.
By passing a malicious header file, containing 100 or more bytes of data,
to a program linked with libSieve it is possible overrun a buffer.
Exploiting this issue may allow an attacker to corrupt sensitive memory.
By overwriting memory with malicious values, it may be possible for an
attacker to execute arbitrary system commands with privileges of the
vulnerable program.
libSieve IMAP Flag Buffer Overrun Vulnerability
BugTraq ID: 6299
Remote: Yes
Date Published: Dec 02 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6299
Summary:
Sieve is a language that can be used to create filters for electronic
mail. It is operating system independant. A vulnerability has been
discovered in the Sieve library, used by various software programs.
A buffer overflow condition exists in libSieve when processing IMAP flags.
This is due to insufficient bounds checking of user-supplied input. By
passing a malicious IMAP flag, containing 100 or more bytes of data, to an
IMAP server linked with libSieve it is possible overrun a buffer.
Exploiting this issue may allow an attacker to corrupt sensitive memory.
By overwriting memory with malicious values, it may be possible for an
attacker to execute arbitrary system commands with privileges of the
vulnerable program.
Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
BugTraq ID: 6298
Remote: Yes
Date Published: Dec 02 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6298
Summary:
Cyrus IMAPD is a freely available, open source Interactive Mail Access
Protocol (IMAP) daemon. It is available for Unix and Linux operating
systems.
A problem discovered in the Cyrus IMAPD server may result in heap
corruption.
It has been reported that Cyrus IMAPD does not sufficiently handle overly
long strings. In some cases, when a user connects to the daemon, and upon
negotiating the connection sends a login string of excessive length, a
buffer overflow occurs. This could result in heap corruption and
arbitrary words in memory being overwritten.
It should be noted that this vulnerability does not require remote
authentication. Exploitation of this vulnerability would result in a user
gaining remote access with the privileges of the IMAP daemon. This would
minimally give a remote user the ability to read sensitive information
such as email, and could lead to further attack and elevated privileges.
libSieve Error Message Buffer Overrun Vulnerability
BugTraq ID: 6300
Remote: Yes
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6300
Summary:
Sieve is a language that can be used to create filters for electronic
mail. It is operating system independant. A vulnerability has been
discovered in the Sieve library, used by various software programs.
A buffer overflow condition exists in libSieve when processing excessive
error messages. This is due to insufficient bounds checking of generated
error messages. By generating 500 or more bytes of error messages in a
program linked with libSieve, it is possible overrun a buffer.
Exploiting this issue may allow an attacker to corrupt sensitive memory.
By overwriting memory with malicious values, it may be possible for an
attacker to execute arbitrary system commands with privileges of the
vulnerable program.
3Com SuperStack 3 NBX FTPD Denial of Service Vulnerability
BugTraq ID: 6297
Remote: Yes
Date Published: Dec 02 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6297
Summary:
A vulnerability has been discovered in 3Com SuperStack 3 NBX IP
telephones. Reportedly the ftpd server included in the Embedded Real Time
Operating System (ERTOS) contains a vulnerability that may cause a denial
of service. This issue occurs when a malicious CEL request is made to the
ftpd server, with a parameter containing 2048 or more bytes of data.
Exploiting this issue may cause the vulnerable ftpd server to crash as
well as various VoIP features to no longer respond. These features include
the web based administrative console and call manager. It may also prevent
calls in progress from being ended, which may result in excessive long
distance charges.
A hard reset of the device is required to restore functionality, which
under abrupt circumstances may cause data loss or corruption.
It should be noted that this issue may be similar to the vulnerability
described in BID 679.
Although unconfirmed, it should also be noted that due to the nature of
this vulnerability under some circumstances it may be exploited to execute
arbitrary code.
[ hardware ]
Multiple Linksys Devices GET Request Buffer Overflow Vulnerability
BugTraq ID: 6301
Remote: Yes
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6301
Summary:
Several Linksys Broadband Router devices are prone to a buffer overflow
conditions.
The vulnerability occurs due to insufficient allocation of memory for
buffers. Specifically, the Linksys devices allocate only 1004 bytes of
space for a request but attempts to read a maximum of 1596 bytes.
An attacker can exploit this vulnerability by issuing an overly long GET
request to the vulnerable Linksys device. When the device attempts to
process the malformed input, it will be possible to corrupt sensitive
memory. This may allow an attacker to change configuration information on
the vulnerable device. Remote exploitation is possible if the device is
configured for remote management. However, remote management is disabled
by default.
[ hardware ]
Multiple Linksys Devices strcat() Buffer Overflow Vulnerability
BugTraq ID: 6303
Remote: Yes
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6303
Summary:
Several Linksys Broadband Router devices are prone to a buffer overflow
conditions.
This vulnerability is due to insufficient allocation of space for local
buffers. The Linksys devices use the strcat() function to concatenate a
request to the device. Due to insufficient checks, supplied input is
concatenated into a buffer that is too small.
An attacker can exploit this vulnerability by issuing an overly long
request to the vulnerable device. When the device attempts to process the
malformed input, it will be possible to corrupt sensitive memory. This may
allow an attacker to change configuration information on the vulnerable
device. Remote exploitation is possible if the device is configured for
remote management. However, remote management is disabled by default.
This vulnerability is only exploitable if UPnP (Universal Plug and Play)
is enabled on the device.
Multiple Linksys Devices Heap Corruption Denial Of Service
BugTraq ID: 6304
Remote: Yes
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6304
Summary:
Several Linksys devices are prone to heap corruption.
Various configuration information used by Linksys devices is stored in
global variables located in heap memory. Variables stored in the heap
include "sysPasswd", "wirelessESSID", and "Passphrase".
Insufficient bounds checking are used when storing user-supplied
information from HTTP requests. Because the user-supplied information is
stored in heap memory, it may be possible to overrun the storage buffer to
corrupt configuration information.
This vulnerability may be exploited by an attacker to reboot the
vulnerable device. Although unconfirmed, it may also be possible to modify
various configuration settings or execute malicious code.
Linux Netfilter/IPTables IP Queuing Arbitrary Network Traffic Reading Vulnerability
BugTraq ID: 6305
Remote: No
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6305
Summary:
IPTables and Netfilter are the firewall infrastructure developed for the
Linux kernel.
A problem with the IP Queuing module distributed with the packages may
make possible the reading of arbitrary network traffic.
The IP Queuing module requires a privileged process to communicate with
user space to handle the queuing of network traffic on the local host.
Insufficient checking of the integrity of the privileged process is
performed. This could lead to a local user gaining access to information
meant for the privileged process.
It has been reported that if the privileged process exits, the exit of the
process is not tracked. A local user starting a new, unprivileged process
with the previous process id of the privileged process would gain access
to a limited amount of the network traffic meant for the privileged
process. This could allow the user access to sensitive network traffic,
and potentially lead to information disclosure.
It should be noted that the limited access to network traffic is dependant
on the set queue length, which is typically 1024 bytes.
Debian Internet Message Insecure Temporary File Creation Vulnerability
BugTraq ID: 6307
Remote: No
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6307
Summary:
IM (Internet Message) provides a series of user interface commands (im*
commands) and backend Perl5 libraries to integrate E-mail and NetNews user
interface. It is available for the Debian GNU/Linux distribution.
A vulnerability has been discovered in the way Debian Internet Message
(IM) creates temporary files. It has been reported that both the impwagent
and immknmz utilities are affected.
By anticipating the names used to create files and directories stored in
the /tmp, it may be possible for a local attacker to corrupt or modify
data as another user. Depending on the actions executed on the temporary
file, it may also be possible to disclose sensitive information with
permissions of the IM process.
-
Pour poster une annonce: [EMAIL PROTECTED]
