Security Focus
1. PluggedOut Blog Blog_Exec.PHP Cross-Site Scripting Vulnerabi...
BugTraq ID: 10885
Remote: Yes
Date Published: Aug 07 2004
Relevant URL:
http://www.securityfocus.com/bid/10885
Summary:
PluggedOut Blog is reported prone to a cross-site scripting vulnerability. This could allow for execution of hostile HTML and script code in the web client of a user who visits a malicious link to the vulnerable site. This code execution would occur in the security context of the site hosting the vulnerable software. Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.
2. Linux Kernel Unspecified chown Inode Time Vulnerability
BugTraq ID: 10887
Remote: No
Date Published: Aug 09 2004
Relevant URL:
http://www.securityfocus.com/bid/10887
Summary:
An unspecified vulnerability has been announced in the Linux Kernel implementation of the chown(2) system call. This issue is related to how inode time data is updated by the system call. The impact is not known at this time, though it is speculated that this could affect system integrity.
3. Linux Kernel Unspecified Signal Denial Of Service Vulnerabil...
BugTraq ID: 10888
Remote: No
Date Published: Aug 09 2004
Relevant URL:
http://www.securityfocus.com/bid/10888
Summary:
An unspecified denial of service vulnerability has been reported to exist in the Linux Kernel. This issue could occur when signals are handled by the kernel. Further details are not available at this time.
4. Xine-Lib Remote Buffer Overflow Vulnerability
BugTraq ID: 10890
Remote: Yes
Date Published: Aug 08 2004
Relevant URL:
http://www.securityfocus.com/bid/10890
Summary:
It is reported that the xine media library is affected by a remote buffer overflow vulnerability. This issue can allow a remote attacker to gain unauthorized access to a vulnerable computer. xine-lib rc-5 and prior versions are reportedly affected by this issue. xine versions 0.99.2 and prior are also vulnerable.
5. Linux Kernel Unspecified USB Vulnerability
BugTraq ID: 10892
Remote: No
Date Published: Aug 09 2004
Relevant URL:
http://www.securityfocus.com/bid/10892
Summary:
The Linux Kernel implementation of USB is reported prone to an unspecified vulnerability. The impact is not known at this time, though it is speculated that this vulnerability could affect system stability.
6. PluggedOut Blog Calendar Module Cross-Site Scripting Vulnera...
BugTraq ID: 10894
Remote: Yes
Date Published: Aug 09 2004
Relevant URL:
http://www.securityfocus.com/bid/10894
Summary:
The Blog 'calendar' module does not sufficiently sanitize data supplied via URI parameters, making it prone to cross-site scripting attacks. This could allow for execution of hostile HTML and script code in the web client of a user who visits a malicious link to the vulnerable site.
7. GNU CFEngine AuthenticationDialogue Remote Heap Based Buffer...
BugTraq ID: 10899
Remote: Yes
Date Published: Aug 09 2004
Relevant URL:
http://www.securityfocus.com/bid/10899
Summary:
GNU cfengine cfservd is reported prone to a remote heap-based buffer overrun vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue() function. The issue exists due to a lack of sufficient boundary checks performed on challenge data that is received from a client. Because the size of the buffer, the size of data copied in a memcpy() operation, and the data copied are all controlled by the attacker, a remote attacker may likely exploit this condition to corrupt in-line heap based memory management data. cfservd employs an IP based access control method. This access control must be bypassed prior to exploitation. This may hinder exploitation attempts. This vulnerability is reported to affect versions 2.0.0 to 2.1.7p1 of cfengine cfservd.
8. GNU CFEngine AuthenticationDialogue Remote Denial Of Service...
BugTraq ID: 10900
Remote: Yes
Date Published: Aug 09 2004
Relevant URL:
http://www.securityfocus.com/bid/10900
Summary:
GNU cfengine cfservd is reported prone to a remote denial of service vulnerability. The vulnerability presents itself in the cfengine cfservd AuthenticationDialogue() function that is responsible for processing SAUTH commands and also performing RSA based authentication. The vulnerability presents itself because return values for several statements within the AuthenticationDialogue() function are not checked. This memcpy() operation based on the return values will fail resulting in a daemon crash. A remote attacker may exploit this vulnerability to crash the affected daemon effectively denying service to legitimate users. cfservd employs an IP based access control method (AllowConnectionsFrom). This access control must be bypassed prior to exploitation. This may hinder exploitation attempts. This vulnerability is reported to affect versions 2.0.0 to 2.1.7p1 of cfengine cfservd.
9. KDE Konqueror Cross-Domain Frame Loading Vulnerability
BugTraq ID: 10921
Remote: Yes
Date Published: Aug 11 2004
Relevant URL:
http://www.securityfocus.com/bid/10921
Summary:
Konqueror reported prone to a cross-domain frame loading vulnerability. It is reported that if the name of a frame rendered in a target site is known, then an attacker may potentially render arbitrary HTML in the frame of the target site. An attacker may exploit this vulnerability to spoof an interface of a trusted web site. All versions of KDE up to KDE 3.2.3 are vulnerable to this issue.
10. KDE Insecure Temporary Directory Symlink Vulnerability
BugTraq ID: 10922
Remote: No
Date Published: Aug 11 2004
Relevant URL:
http://www.securityfocus.com/bid/10922
Summary:
KDE is reported to contain a temporary directory symlink vulnerability. This vulnerability is due to improper validation of the ownership of temporary directories. Local attackers can cause KDE applications to fail, denying service to users, or to overwrite arbitrary files with the privileges of the target user. Privilege escalation may be possible. Source patches have been made available by KDE to resolve this issue.
11. KDE DCOPServer Insecure Temporary File Creation Vulnerabilit...
BugTraq ID: 10924
Remote: No
Date Published: Aug 11 2004
Relevant URL:
http://www.securityfocus.com/bid/10924
Summary:
KDEs DCOPServer is reported to contain an insecure temporary file creation vulnerability. This is due to the use of the mktemp() function. Since temporary files are used by the DCOP daemon for authentication purposes, a local attacker may possibly exploit this vulnerability to compromise the account of a targeted user running KDE. A local attacker may also possibly exploit this vulnerability to execute symbolic link file overwrite attacks. This may allow an attacker to overwrite arbitrary files with the privileges of the targeted user. Privilege escalation may also be possible using this method of attack. KDE versions from 3.2.0 to 3.2.3 are reported susceptible to this vulnerability.
12. Mutt PGP/GnuPG Verified Email Signature Spoofing Vulnerabili...
BugTraq ID: 10929
Remote: Yes
Date Published: Aug 12 2004
Relevant URL:
http://www.securityfocus.com/bid/10929
Summary:
It is reported that Mutt contains a vulnerability that allows attackers to send email that spoofs the look of a successfully verified PGP/GnuPG email message. An attacker may potentially simulate the look of the PGP/GnuPG output that Mutt usually includes when processing signed email messages. If a user employs Mutt with a specific configuration, the attacker may make email messages look almost identical to a properly signed and verified email. This may allow an attacker to create a message that falsifies a correctly verified PGP/GnuPG signature. This could allow an attacker to spoof email from trusted sources. This will likely greatly increase the effectiveness of social engineering attacks. In the index mode, messages with signatures have the 's' flag. Verified signatures change to 'S'. Ensuring that messages have the proper attributes will aid in the mitigation of this vulnerability. Versions 1.3.28 and 1.5.6 are reported affected by this vulnerability. Other versions are also likely affected.
13. Adobe Acrobat Reader Shell Metacharacter Remote Arbitrary Co...
BugTraq ID: 10931
Remote: Yes
Date Published: Aug 12 2004
Relevant URL:
http://www.securityfocus.com/bid/10931
Summary:
A remote code execution vulnerability is identified in Adobe Acrobat Reader. This issue may allow an attacker gain unauthorized access to a vulnerable computer. Acrobat Reader is affected by a shell metacharacter command execution vulnerability. This issue exists due to insufficient sanitization of user-supplied data by Acrobat Reader for Unix and Linux platforms. Successful exploitation can allow an attacker to use a specially crafted file name to execute arbitrary commands and applications through the shell. Adobe Acrobat Reader version 5.0 for Unix and Linux platforms is reported vulnerable to this issue. Acrobat Reader for Microsoft Windows platforms is not affected by this issue.
14. RealNetwork RealPlayer Unspecified Remote Vulnerability
BugTraq ID: 10934
Remote: Yes
Date Published: Aug 12 2004
Relevant URL:
http://www.securityfocus.com/bid/10934
Summary:
It is reported that RealNetwork RealPlayer contains an unspecified vulnerability that allows for execution of arbitrary code in the context of the user running the player. No further information is available at this time. This BID will be updated as further information is disclosed.
15. Kerio Mailserver Embedded HTTP Server Multiple Unspecified V...
BugTraq ID: 10936
Remote: Yes
Date Published: Aug 12 2004
Relevant URL:
http://www.securityfocus.com/bid/10936
Summary:
Kerio MailServer version 6.0.1 has been released. This release addresses various unspecified security vulnerabilities in the embedded HTTP server implemented with the Kerio MailServer application. The cause and impact of these issues is currently unknown. All versions of Kerio MailServer prior to 6.0.1 are considered vulnerable.
16. Rsync Sanitize_path Function Module Path Escaping Vulnerabil...
BugTraq ID: 10938
Remote: Yes
Date Published: Aug 12 2004
Relevant URL:
http://www.securityfocus.com/bid/10938
Summary:
If an rsync server is installed as a daemon with a read/write enabled module without using the 'chroot' option, it is possible that a remote attacker could read/write files outside of the configured module path. Rsync does not properly sanitize the paths when not running with chroot. The problem exists in the 'sanitize_path' function. This could potentially be exploited to execute arbitrary code by corrupting or place arbitrary files on the system. Destruction of data could also result, possibly causing a denial of service condition. Other attacks could also occur, depending on the attacker's motives.
17. HanSoft 4tH Unspecified Vulnerability
BugTraq ID: 10939
Remote: Unknown
Date Published: Aug 13 2004
Relevant URL:
http://www.securityfocus.com/bid/10939
Summary:
An unspecified vulnerability is reported in the HanSoft 4tH compiler. This vulnerability is reported to be fixed in version 3.4e-pre4. No further information was reported. This BID will be updated as new information is disclosed.
18. Sympa List Creation Authentication Bypass Vulnerability
BugTraq ID: 10941
Remote: Yes
Date Published: Aug 13 2004
Relevant URL:
http://www.securityfocus.com/bid/10941
Summary:
Sympa is reported to be prone to an authentication bypass vulnerability when creating new mailing lists. This vulnerability presents itself upon creating a new mailing list. The list master approval process could reportedly be skipped by an attacker. An attacker may exploit this issue to create unauthorized mailing lists. This may possibly be used to forward UCE messages, or possibly other attacks. Versions prior to 4.1.2 are reportedly affected by this vulnerability.
