Check Point FW-1 Syslog Daemon Unfiltered Escape Sequence Vulnerability BugTraq ID: 7161 Remote: Yes Date Published: Mar 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7161 Summary:
Check Point Firewall-1 is a popular firewall package available from Checkpoint Software Technologies. An issue has been discovered in Check Point FW-1 syslog daemon when attempting to process a malicious, remotely supplied, syslog message. Specifically, the syslog service does not properly filter out messages that include escape sequences. This issue may be exploitable by a remote attacker to cause the Check Point syslog service to behave in an unpredictable manner. As well, exploitation of this vulnerability will result in a remote attacker being able to arbitrarily add syslog entries. This will ensure that any Check Point syslog entries on the firewall host would be suspect. It should be noted that this issue exists only when an administrator attempts to view Check Point syslog messages via the console. The technical details regarding this issue are currently unknown. This BID will be updated when further information becomes available. Mozilla Bonsai Parameters Page Unauthenticated Access Weakness BugTraq ID: 7163 Remote: Yes Date Published: Mar 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7163 Summary: Mozilla Bonsai is a tool that allows a user to perform queries on the contents of a CVS archive. A weakness has been reported for Bonsai that may allow remote attackers to obtain unauthorized access to the parameters page. This page is accessed through the editparams.cgi. The parameters page is used by Bonsai to set several options for the tool. Users by default are able to view this page but are unable to change any parameters unless a password is entered. Any information obtained in this manner may be used by an attacker to launch further attacks against a system using Bonsai. This vulnerability has been reported for Mozilla Bonsai 1.3 (including all current and CVS versions). Mozilla Bonsai Remote Command Execution Vulnerability BugTraq ID: 7162 Remote: Yes Date Published: Mar 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7162 Summary: Mozilla Bonsai is a tool that allows a user to perform queries on the contents of a CVS archive. A vulnerability has been discovered in Mozilla Bonsai. This issue is reported to affect all current and CVS versions of the utility. Exploitation of this issue may allow an attacker to remotely execute arbitrary commands with 'www-data' privileges. The details regarding this vulnerability are currently unknown. This BID will be updated as further information becomes available. Netgear ProSafe VPN Firewall Web Interface Login Denial Of Service Vulnerability BugTraq ID: 7166 Remote: Yes Date Published: Mar 21 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7166 Summary: The ProSafe VPN Firewall is a home and small office firewall and virtual private network device distributed by Netgear. A problem with the device could make it possible for a remote user to deny service. It has been reported that some ProSafe VPN Firewall devices do not properly handle some types of input. Because of this, a remote user could potentially send malicious input to the device that would result in a crash, and potential denial of service. The problem is in the handling of authentication information of excessive length. When a user passes both a username and password to the web administration interface of the device, the system can be caused to crash. It is likely that this issue is a memory corruption vulnerability, and potentially an exploitable boundary condition error. There is no confirmation of this. However, if this issue does prove to be an exploitable boundary condition error, an attacker could potentially execute arbitrary code on the vulnerable device with the privileges of the web interface. It should also be noted that this vulnerability is likely only exploitable via the internal interface of the device, though this also is not confirmed. 3Com SuperStack II RAS 1500 Malicious IP Header Denial of Service Vulnerability BugTraq ID: 7175 Remote: Yes Date Published: Mar 24 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7175 Summary: 3com SuperStack II Remote Access System (RAS) 1500 is a routing device designed to service dialup users. It has been reported that RAS 1500 routers are prone to a vulnerability that may cause a denial of service. The problem occurs when processing packets with malformed IP headers. Specifically, an IP header with a 'len' field of 0 may crash an affected device, causing it to reboot. An attacker effectively denying service to legitimate users of the device could exploit this vulnerability. 3Com SuperStack II RAS 1500 Unauthorized Access Vulnerability BugTraq ID: 7176 Remote: Yes Date Published: Mar 24 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7176 Summary: 3com SuperStack II Remote Access System (RAS) 1500 is a routing device designed to service dialup users. A vulnerability has been reported in 3Com RAS 1500 router that may allow attackers to access sensitive data. Specifically, RAS 1500 devices do not carry out sufficient authentication of users requesting files via the web interface. Successful exploitation of this vulnerability may allow an attacker to obtain sensitive configuration files. Access to this information may make it possible for an attacker to carry out further attacks on a target system or device. Joel Palmius Mod_Survey Data Injection Vulnerability BugTraq ID: 7192 Remote: Yes Date Published: Mar 23 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7192 Summary: Mod_Survey is a mod_perl module for Apache which allows web users to create online questionaires. It is maintained by Joel Palmius and will run on Linux and Unix variants as well as Microsoft Windows. Mod_Survey does not sufficiently sanitize data supplied via ENV tags. ENV tags are a feature included with Mod_Survey to import values supplied from environment variables into the data repository. It has been reported by the vendor that this may allow for injection of malicious data, including delimiter characters, into the data repository. Exploitation may allow for manipulation of environment variables or the possibility of executing database commands through injection of SQL syntax. Other attacks may also be possible. This is only an issue with surveys that use ENV tags. This issues occurs with ENV tags which import data from environment variables that may be potentially specified or influenced by a remote user (such as 'HTTP_USER_AGENT'). The consequences of exploitation could depend on the underlying database implementation and configuration or other factors. _______________________________________________ linux-leman-annonces mailing list [EMAIL PROTECTED] http://lists.alphanet.ch/mailman/listinfo/linux-leman-annonces
