BitMover BitKeeper Daemon Mode Remote Command Execution Vulnerability BugTraq ID: 6588 Remote: Yes Date Published: Jan 11 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6588 Summary:
BitKeeper is a source code management system by BitMover. It is available for Unix, Linux, and Microsoft Windows operating systems. A problem with BitKeeper may make remote command execution possible. It has been reported that BitKeeper is vulnerable to an input validation bug. When the software is run in daemon mode, it starts a service with an interface that can be connected to via HTTP. By sending specially crafted input to the service, it is possible to execute abitrary commands. The program does not properly filter single quotes. As a result, commands contained between quotes will be executed on the host running the vulnerable software. Any commands executed between quotes will be executed with the privileges of the BitKeeper daemon process. [ logiciel propri�taire; mais actuellement central dans la gestion du kernel GPL Linux; autres probl�mes ] Stunnel Unspecified SIGCHLD Signal Handler Vulnerability BugTraq ID: 6592 Remote: No Date Published: Jan 13 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6592 Summary: Stunnel is a freely available, open source cryptography wrapper. It is designed to wrap arbitrary protocols that may or may not support cryptography. It is maintained by the Stunnel project. A vulnerability has been reported for Stunnel. The vulnerability exists in the SIGCHLD signal handling routine. Reportedly, some functions in the signal handler are used in an unsafe manner. Precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available. This vulnerability has been reported to affect Stunnel versions prior to 4.04. mpg123 Invalid MP3 Header Memory Corruption Vulnerability BugTraq ID: 6593 Remote: Yes Date Published: Jan 13 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6593 Summary: mpg123 is a MPEG audio player for Linux variant operating systems. A memory corruption vulnerability has been reported for mpg123 that may result in code execution. The vulnerability exists when mpg123 is used to play certain MP3 files. Specifically, when playing MP3 files with malformed or overly large headers, it may be possible to cause mpg123 to execute malicious attacker-supplied code. The file common.c defines MAX_INPUT_FRAMESIZE to a value of 1920 bytes. An attacker can exploit this vulnerability by creating a malicious MP3 file that contains headers consisting of greater than 1920 bytes. When mpg123 is used to play this corrupted MP3 file, it will trigger the buffer overflow condition. Any attacker supplied code will be executed with the privileges of the mpg123 process. This vulnerability has been reported to affect mpg123pre0.59s. [ mpg123 n'est pas libre; mpg321 est libre; sauf que l'algorithme MP3 lui-m�me est encombr� de brevets. Apparemment mpg321 n'est pas vuln�rable. ] D-Link DWL-900AP+ Firmware Upgrade Configuration Reset Vulnerability BugTraq ID: 6609 Remote: Yes Date Published: Jan 14 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6609 Summary: The DWL-900AP+ is a wireless access point manufactured by D-Link which is capable of speeds up to 22Mbps. A vulnerability has been discovered in the DWL-900AP+. The D-Link AirPlus Access Point Manager is used for various adminstrative tasks including firmware upgrades. It has been reported that upgrading the DWL-900AP+ firmware with this software will cause all configuration settings to be reset to factory defaults. This poses as a security risk as an unknowing user may upgrade there device and leave their device accessible with a publically known adminstrator password. [ mat�riel ] [ autres probl�mes: scripts PHP, TrendMicro: un antivirus qui est la cible d'attaques de s�curit�. ] - Pour poster une annonce: [EMAIL PROTECTED]
