OpenLDAP Multiple Buffer Overflow Vulnerabilities BugTraq ID: 6328 Remote: Yes Date Published: Dec 06 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6328 Summary:
OpenLDAP is an open-source implementation of the LDAP protocol. Several buffer overflow vulnerabilities have been reported for OpenLDAP. Precise technical details about the nature of the vulnerabilities are currently unknown. This BID will be updated as more information becomes available. An attacker may be able to exploit these vulnerabilities to gain control over the execution of the vulnerable OpenLDAP process. Although unconfirmed, an attacker may be able to execute malicious attacker-supplied code with the privileges of the OpenLDAP process. SuSE GNUPlot French Documentation Buffer Overflow Vulnerability BugTraq ID: 6329 Remote: No Date Published: Dec 06 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6329 Summary: GNUPlot is an interactive function plotting program. It is used to plot data and functions in a graphical format. A buffer overflow vulnerability has been reported for GNUPlot shipped with SuSE Linux. Reportedly, the vulnerability exists in the French documentation and may allow an attacker to gain control over the execution of the gnuplot process. This vulnerability is exacerbated by the fact that gnuplot is typically installed setuid root on some SuSE distributions. Precise technical details about the nature of the vulnerability are currently unknown. This BID will be updated as more information becomes available. apt-www-proxy NULL HTTP Request Denial Of Service Vulnerability BugTraq ID: 6339 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6339 Summary: apt-www-proxy is a proxy server designed for use with web-based apt-get repositories. A denial of service vulnerability has been reported for apt-www-proxy. The 'parse_get()' function in 'utils.c' will fail when attempting to parse HTTP requests. This will cause the process to crash thus resulting in a denial of service condition. To restore functionality, the apt-www-proxy service must be restarted. This vulnerability has been reported for apt-www-proxy 0.1. apt-www-proxy Format String Vulnerability BugTraq ID: 6340 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6340 Summary: apt-www-proxy is a proxy server designed for use with web-based apt-get repositories. apt-www-proxy is prone to a format string vulnerability. This problem is due to incorrect use of the 'syslog()' function to log error messages. It is possible to corrupt memory by passing format strings through the vulnerable logging function. This may potentially be exploited to overwrite arbitrary locations in memory with attacker-specified values. The vulnerability exists due to inadequate checks performed in the 'awp_log()' function in the 'utils.c' source file. Successful exploitation of this issue may allow the attacker to execute arbitrary instructions with the privileges of the vulnerable process. This vulnerability has been reported for apt-www-proxy 0.1. ProFTPD STAT Command Denial Of Service Vulnerability BugTraq ID: 6341 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6341 Summary: ProFTPD is a popular FTP server that ships with numerous Unix and Linux variants. A denial of service vulnerability has been reported for ProFTPD. It is possible to cause ProFTPD from responding to legitimate requests for service by issuing specially crafted STAT commands. This will result in a denial of service condition. An attacker can exploit this vulnerability by logging on to a vulnerable FTP server and issuing a STAT command composed of several '/*' characters. When the FTP server receives this command, it will result in a denial of service condition. This vulnerability has been reported to affect ProFTPD 1.2.7rc3 and earlier. ** This issue is closely related to the vulnerability described in BID 2496. Cyrus SASL Library Username Heap Corruption Vulnerability BugTraq ID: 6347 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6347 Summary: SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. A heap corruption vulnerability has been discovered in Cyrus SASL library. The overflow occurs in the 'user_buf' and 'authid_buf' buffers while sanitizing usernames. It is possible to trigger this condition by passing an overly long string as the 'myhostname' parameter. Exploiting this vulnerability will give an attacker the ability to overflow a sensitive buffer in heap memory by 19 bytes. This may allow the corruption of malloc headers, which could later result in an arbitrary location in memory being overwritten. It should be noted that this issue only exists if the default realm is set. It should also be noted that although this vulnerability was discovered in Cyrus, it may also affect other programs that utilize the SASL library. Cyrus SASL Library LDAP Heap Corruption Vulnerability BugTraq ID: 6348 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6348 Summary: SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. A heap corruption vulnerability has been discovered in Cyrus SASL library. It has been discovered that saslauthd utility fails to allocate sufficient memory when required to escape various characters, including '*', '(', ')', '\' and '\0'. By passing a malicious string as a 'username' or 'realm' value, it may be possible for an attacker to cause insufficient memory to be allocated for user-supplied input. Exploiting this issue may allow an attacker to corrupt malloc headers, which could later result in an arbitrary location in memory being overwritten. Successful exploitation of this vulnerability would result in the execution of arbitrary code with the privileges of the vulnerable application. It should be noted that although this vulnerability was discovered in Cyrus, it may also affect other programs that utilize the SASL library. Cyrus SASL Library Logging Memory Corruption Vulnerability BugTraq ID: 6349 Remote: Yes Date Published: Dec 09 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6349 Summary: SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. A memory corruption vulnerability has been discovered in SASL when generating logs files. It has been reported that under some circumstances SASL fails to allocate sufficient memory for the '\0' character for a string used in log entries. By causing Cyrus to generate a malicious log it may be possible for an attacker to write the '\0' character to a sensitive location in memory. This could potentially be exploited to overwrite the LSB of a sensitive variable or possibly cause inaccurate logs to be created. It should be noted that under rare circumstances a string that is not NULL terminated can cause a situation that may be exploited to execute arbitrary code. It is not known whether this situation occurs in the SASL library. It should also be noted that although this vulnerability was discovered in Cyrus, it may also affect other programs that utilize the SASL library. WGet NLST Client Side File Overwriting Vulnerability BugTraq ID: 6352 Remote: Yes Date Published: Dec 10 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6352 Summary: wget is a freely available, open source FTP utility. It is included with many Unix and Linux operating systems. A problem with wget may result in the overwriting of arbitrary files. wget does not properly handle some types of server responses. When a NLST response is received from an FTP server, RFC specifications require that clients check the input to see if it contains directory information. wget does not properly check this information, which may allow a remote FTP server to overwrite files on the client system. It should be noted that this vulnerability requires an FTP server to know the path to the file to be overwritten. Additionally, this vulnerability may be exploited to overwrite only those files which are write-permissible by the FTP client user. - Pour poster une annonce: [EMAIL PROTECTED]
