Axis Communications 2400 Video Server Command.CGI File Creation Vulnerability BugTraq ID: 6987 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6987 Summary:
The 2400 Video Server is a video serving hardware device distributed by Axis Communications. It is designed to serve video via network connections. A problem with the video server could make it possible for a remote user to create arbitrary files. It has been reported that the Axis 2400 Video Server does not properly handle input to the 'command.cgi' script. Because of this, an attacker may be able to create arbitrary files that would result in a denial of service, or potentially command execution. An attacker could exploit this issue to remotely overwrite some file types. This could allow the attacker to additionally create files that may be used maliciously to execute commands. It is unknown what privileges this daemon operates with. However, files created and commands executed through this issue would be with the privileges of the webserver process. [ hardware ] USRobotics Broadband-Router GET Request DoS Vulnerability BugTraq ID: 6994 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6994 Summary: USRobotics Broadbrand Router is a hardware appliance used to join an internal network to an internetwork over a broadband connection. USRobotics Broadband-Routers are reportedly prone to denial of service attacks. An attacker can exploit this vulnerability by issuing an overly long HTTP GET request to the embedded web server of a vulnerable USRobotics device. When the device attempts to process the malformed input, it will crash. It has been reported that this condition may be reproduced from within the internal network. A restart of the device may be required for the device to function normally after exploitation has occurred. This condition may be due to a buffer overflow in the router firmware. This issue is reported to affect v2.5 of US Robotics Broadband-Router 8000A/8000-2 (USR848000A-02). [ hardware ] Web-ERP Configuration File Remote Access Vulnerability BugTraq ID: 6996 Remote: Yes Date Published: Mar 01 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6996 Summary: Web-ERP is a freely available, open source internationalized Enterprise Resource Planning package. It is available for the Unix and Linux operating systems. A problem may make it possible for remote users to gain unauthorized access to Web-ERP information. It has been reported that Web-ERP does not sufficiently restrict access to it's configuration information. Because of this, an attacker may be able to remotely access Web-ERP information, and potentially gain access to information that is sensitive in nature. The problem is in the storage of the Web-ERP configuration file. By default, configuration information is stored in the /logicworks.ini file. This file is by default accessible to any user that has access to the web server on which Web-ERP is hosted. An attacker could gain information such as the MySQL username and password from this file. [ pas clair quel langage ] Sendmail Header Processing Buffer Overflow Vulnerability BugTraq ID: 6991 Remote: Yes Date Published: Mar 02 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6991 Summary: Sendmail is a widely used MTA for Unix and Microsoft Windows systems. A remotely exploitable vulnerability has been discovered in Sendmail. The vulnerability is due to a buffer overflow condition in the SMTP header parsing component. Remote attackers may exploit this vulnerability by connecting to target SMTP servers and transmitting to them malformed SMTP data. The overflow condition occurs when Sendmail processes addresses or lists of addresses in fields such as "From:" or "CC:". One of the checks to ensure that the addresses are valid is flawed, resulting in a buffer overflow condition. Successful attackers may exploit this vulnerability to gain root privileges on affected servers remotely. It has been reported that this vulnerability may possibly be locally exploitable if the sendmail binary is setuid/setgid. Versions 5.2 to 8.12.7 are affected. Administrators are advised to upgrade to 8.12.8 or apply available patches to prior versions of the 8.x tree. [ tr�s s�rieux, y compris pour les machines derri�re un firewall qui ne re�oivent aucune connexion de l'ext�rieur. Je ne connais pour le moment aucune r�gle de filtrage dans sendmail, MIMEdefang ou autre qui permette de prot�ger les serveurs internes qui ne pourraient pas �tre mis � jour. ] XFree86 XLOCALEDIR Local Buffer Overflow Vulnerability BugTraq ID: 7002 Remote: No Date Published: Mar 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7002 Summary: Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment variable. A local attacker can exploit this vulnerability by setting the XLOCALEDIR environment variable to an overly long value consisting of 6000 or greater characters. When the vulnerable utilities are executed, the buffer overflow vulnerability will be triggered. This vulnerability affects numerous XFree86 utilities however, there are only a few that are setuid binaries. Namely the xlock, xscreensaver and xterm binaries, found in the /usr/X11R6/bin/ folder, are setuid root binaries. This vulnerability has been reported to affect XFree86 4.2.0 and 4.2.1. [ autres fa�ons que de mettre suid root ces choses: - pour mise � jour de utmp (logins actuels): -rwxr-sr-x 1 root utmp 221224 Apr 16 2002 /usr/X11R6/bin/xterm - pour lecture de shadow (v�rification), groupe shadow pour xlock (ou helper externe) - ou ne pas installer ce genre de trucs comme X sur un serveur ] HP JetDirect Printer SNMP JetAdmin Device Password Disclosure Vulnerability BugTraq ID: 7001 Remote: Yes Date Published: Mar 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7001 Summary: JetDirect printers are network-enabled printers distributed by Hewlett-Packard. A problem with JetDirect printers could make it possible for a remote user to gain administrative access to the printer. It has been reported that HP JetDirect printers leak the web JetAdmin device password under some circumstances. By sending an SNMP GET request to a vulnerable printer, the printer will return the hex-encoded device password to the requester. This could allow a remote user to access and change configuration of the printer. Upon sending a request for the string '.1.3.6.1.4.1.11.2.3.9.1.1.13.0' via a public community string, the printer returns a string of bytes. It has been reported that the bytes are hex representation of the ASCII characters comprising the web JetAdmin device password. This vulnerability is similar to the issue described in BID 5331. [ hardware ] Siemens M Series SMS DoS Vulnerability BugTraq ID: 7004 Remote: Yes Date Published: Mar 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7004 Summary: It has been reported that some Siemens mobile phones are unable to sufficiently handle certain SMS message content. Opening a malicious SMS message with a vulnerable phone may cause the device to behave in an unstable manner. For example the message may contain "%String" (including quotations) and may contain a language located within the language menu. Under some circumstances, processing a malicious message of this format may result in the phone no longer functioning. Earlier Siemens mobile phone products may share this vulnerability. [ hardware ] uschedule Local Privilege Escalation Vulnerability BugTraq ID: 7006 Remote: No Date Published: Mar 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7006 Summary: uschedule is a collection of tools to allow scheduling of tasks. uschedule provides functionality similar to 'cron' and 'at'. A privilege escalation vulnerability has been reported for uschedule. The vulnerability exists in the uscheduleconf utility included with uschedule. uscheduleconf is used to configure a scheduling service. A local attacker can execute uscheduleconf with a '-' character when specifying the user to run as. Due to errors in the code, uschedule may leave multilog running as the root user rather than the non-privileged user. This may result in the malicious local attacker obtaining root privileges to a system. This vulnerability was reported for uschedule prior to 0.7.0. File Local Stack Overflow Code Execution Vulnerability BugTraq ID: 7008 Remote: No Date Published: Mar 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7008 Summary: file is a freely available, open source program available for Unix and Linux operating systems. A problem with the program may result in the execution of attacker-supplied instructions. It has been reported that a stack overflow exists the file program. Although details of this issue are currently unavailable, it is likely that this issue could be exploited to execute code as the user of the file utility. This vulnerability would require an attacker to create the malicious code and place it in a critical portion of the file. Once a user executes the file utility against this file, malicious code embedded in the ELF header would likely be executed with the privileges of the file utility user. It should also be noted that the file program may be executed by other applications on the system, some of which execute with privileges. This is true of LPRNG, which executes the file utility in the master-filter script. Exploitation may also occur through applications such as less, which execute the file utility when loading a file into the viewer. File Utility Local Memory Allocation Vulnerability BugTraq ID: 7009 Remote: No Date Published: Mar 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7009 Summary: file is a freely available, open source program available for Unix and Linux operating systems. A problem with the program may result in a denial of service, and may potentially allow the execution of attacker-supplied instructions. It has been reported that a memory allocation issue exists the file program. Although details of this issue are currently unavailable, it is likely that this issue could be exploited to cause a denial of service condition, and potentially execute code as the user of the file utility. This problem has been reported as a memory allocation problem. Though unconfirmed, this vulnerability is likely either a heap overflow, or a double-free problem. In either circumstance, it would require an attacker to create the malicious code and place it in a critical portion of the file. Once a user executes the file utility against this file, malicious code embedded in the file would likely be executed with the privileges of the file utility user. It should also be noted that the file program may be executed by other applications on the system, some of which execute with privileges. This is true of LPRNG, which executes the file utility in the master-filter script. Exploitation may also occur through applications such as less, which execute the file utility when loading a file into the viewer. [ certains anti-virus/logiciels anti-spam utilisent la commande `file' pour impl�menter une white-list -- ou une black-list. ] [ autres: scripts PHP usuels; Netscape ] - Pour poster une annonce: [EMAIL PROTECTED]
