Multiple vulnerabilities in UNIX & Windows 9x/NT applications
----------------------------------------------------------------------------
----
SUMMARY
The following applications were recently tested and discovered to contain
various security holes:
1) YAMAHA MidiPlug 1.10b
2) ZOM-MAIL 1.09
3) AN-HTTPd 1.20b
4) HomePagePrint 1.0.7
5) Uum 4.2
6) Canuum 3.5b2
DETAILS
YAMAHA MidiPlug 1.10b
Problem:
Midi-Plugin program "YAMAHA MidiPlug 1.10b-j" for Windows IE4/5 contains a
buffer overflow bug. If a long "TEXT" variable is specified in EMBED tag,
a buffer overflow can occur.
Solution:
By disabling the "Run ActiveX control and plug-ins" (Internet Explorer's
security settings), you can stop this vulnerability from affecting you.
Exploit:
An exploit code that generates a HTML file that contains the EMBDED TAG
that executes "c:\windows\welcome.exe" on the victim's host, can be
downloaded from:
<http://shadowpenguin.backsection.net/toolbox.html#no051>
http://shadowpenguin.backsection.net/toolbox.html#no051.
BTD STUDIO ZOM-MAIL 1.09
Problem:
Internet Mailer "ZOM-MAIL 1.09" for Windows contains the buffer overflow
bug. If a long attachment file name is contained in the received mail, a
buffer overflow occurs when ZOM-MAIL downloads such an email from POP
server.
Solution:
No solution is available at this time.
Exploit:
An exploit code that removes the file "c:\\windows\\test.txt", can be
downloaded from:
<http://shadowpenguin.backsection.net/toolbox.html#no050>
http://shadowpenguin.backsection.net/toolbox.html#no050
AN-HTTPd 1.20b
Problem:
The tests CGIs that are distributed with AN-HTTPd 1.20b contain a remote
command execution problem.
Solution:
1. Remove the following test CGIs.
cgi-bin/test.bat
cgi-bin/input.bat
cgi-bin/input2.bat
ssi/envout.bat
2. Get Ver1.21 from the official site:
<http://www.st.rim.or.jp/~nakata/> http://www.st.rim.or.jp/~nakata/
Exploit:
The following is an example on how to exploit the vulnerable CGIs:
http://www.example.com/cgi-bin/input.bat?|dir..\..\windows
IBM HomePagePrint 1.0.7
Problem:
Web page printout software "IBM HomePagePrint 1.0.7" contains a buffer
overflow bug. If a long string is specified in IMG_SRC tag, a buffer
overflow occurs.
Solution:
A patch can be downloaded from:
<http://www.ibm.co.jp/software/internet/hpgprt/down2.html>
http://www.ibm.co.jp/software/internet/hpgprt/down2.html
Exploit:
An exploit code that executes "c:\windows\notepad.exe" on the victim's
host, can be downloaded from:
<http://shadowpenguin.backsection.net/toolbox.html#no045>
http://shadowpenguin.backsection.net/toolbox.html#no045
Uum
Problem:
Uum is a suid program, which is installed on many UNIX flavors Japanese
edition by default. It can be caused to buffer overflow if a long argument
is passed with the '-D' option, a local user can obtain root privilege.
Exploit:
An exploit source code is available for Turbo Linux3.
The overflow was confirmed to work on the following UNIX flavors:
* Solaris 2.6,2.7
* IRIX 5.3,6.2,6.3,6.4,6.5
The exploit code can be downloaded from:
<http://shadowpenguin.backsection.net/toolbox.html#no046>
http://shadowpenguin.backsection.net/toolbox.html#no046
Canuum
Problem:
Canuum is a suid program that is installed on some Linux distributions for
Japanese edition by default. It can be caused to overflow if a long
argument is passed with any of the following options '-k', '-c', '-n', a
local user can obtain root privileges.
Exploit:
An exploit source code is available for Turbo Linux3, and can be
downloaded from:
<http://shadowpenguin.backsection.net/toolbox.html#no047>
http://shadowpenguin.backsection.net/toolbox.html#no047
ADDITIONAL INFORMATION
The vulnerabilities were reported by:
<mailto:[EMAIL PROTECTED]> UNYUN.
========================================
-------
AFLHI 058009990407128029/089802---(102598//991024)
milis ini didukung oleh :
>> http://www.indolinux.com - dunia linux indonesia
-------------------------------------------------------------------
untuk berhenti kirim email ke [EMAIL PROTECTED]
untuk melihat peraturan kirim email ke [EMAIL PROTECTED]
arsip berada di http://www.mail-archive.com/[email protected]
