Security Focus
1. Opera Web Browser Download Dialogue Box File Name Spoofing V...
BugTraq ID: 11883
Remote: Yes
Date Published: Dec 11 2004
Relevant URL:
http://www.securityfocus.com/bid/11883
Summary:
A download dialogue box file name spoofing vulnerability affects Opera. This issue is due to a design error that facilitates the spoofing of file names. The problem presents itself when an unsuspecting user attempts to download a file from a malicious site. The malicious web site may respond with HTTP header data that is sufficient to trigger the issue. As a result of this attack, the requested filename and file type may be misrepresented in a file download dialog, making it possible for an attacker to make a potentially malicious file seem innocuous.
2. Citadel/UX Network Data Logging Remote Format String Vulnera...
BugTraq ID: 11885
Remote: Yes
Date Published: Dec 13 2004
Relevant URL:
http://www.securityfocus.com/bid/11885
Summary:
A remote format string vulnerability reportedly affects the network data logging functionality of Citadel/UX. This issue is due to a failure of the application to properly sanitize user-supplied input prior to passing it as the format specifier to a formatted printing function. A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution. Any code execution would take place with superuser privileges.
3. PhpDig Unspecified Remote Vulnerability
BugTraq ID: 11889
Remote: Yes
Date Published: Dec 13 2004
Relevant URL:
http://www.securityfocus.com/bid/11889
Summary:
PhpDig is reported prone to a security vulnerability. The details of this vulnerability are unspecified. It is conjectured that this vulnerability may be exploited by a remote attacker to compromise a computer that is hosting the vulnerable software. This BID will be updated as soon as further details are available.
4. SugarSales Multiple Remote Vulnerabilities
BugTraq ID: 11896
Remote: Yes
Date Published: Dec 13 2004
Relevant URL:
http://www.securityfocus.com/bid/11896
Summary:
Multiple remote vulnerabilities are reported to exist in SugarSales. The first reported issue is an SQL injection vulnerability. This vulnerability is due to a lack of proper input-validation by the application, prior to utilizing attacker-supplied data in and SQL query. This vulnerability is reported to exist in versions prior to 2.0.1a. The next issue is reportedly a directory traversal vulnerability. This vulnerability is also due to a lack of proper input-validation by the application. The last reported issue is a remote denial of service and information disclosure vulnerability. The directory traversal and installation script vulnerabilities reportedly exist in all current versions of SugarSales. These vulnerabilities may be related to the issues disclosed in BID 11740.
5. SQLgrey Postfix Greylisting Service Unspecified SQL Injectio...
BugTraq ID: 11898
Remote: Yes
Date Published: Dec 13 2004
Relevant URL:
http://www.securityfocus.com/bid/11898
Summary:
SQLgrey Postfix Greylisting Service is prone to an unspecified SQL injection vulnerability. This issue is reportedly due to insufficient sanitization of SQL syntax from fields in email processed by the software. The issue could be exploited to influence SQL queries, potentially allowing for compromise of the software or other attacks that impact database security. This issue was reportedly missed by the vendor when they fixed the issue described in BID 11633.
6. Opera Web Browser KDE KFMCLIENT Remote Command Execution Vul...
BugTraq ID: 11901
Remote: Yes
Date Published: Dec 13 2004
Relevant URL:
http://www.securityfocus.com/bid/11901
Summary:
It is reported that Opera for Linux is susceptible to a remote command execution vulnerability. This issue is due to a default configuration setting in Opera that utilizes the KDE 'kfmclient' utility to open unknown content. Exploitation of this issue allows attacker-supplied commands to be executed in the context of the user running Opera. Version 7.54 of Opera for Linux with KDE version 3.2.3 is reported vulnerable to this issue. Other versions may also be affected.
7. Linux NFS 64-Bit Architecture Remote Buffer Overflow Vulnera...
BugTraq ID: 11911
Remote: Yes
Date Published: Dec 14 2004
Relevant URL:
http://www.securityfocus.com/bid/11911
Summary:
A remote buffer overflow reportedly affects the disk quota functionality of the Linux NFS utilities. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers. An attacker may leverage this issue to execute arbitrary on an affected computer with superuser privileges. This may be exploited to gain unauthorized access or privilege escalation.
8. ZGV Image Viewer Animated GIF Remote Memory Corruption Vulne...
BugTraq ID: 11915
Remote: Yes
Date Published: Dec 14 2004
Relevant URL:
http://www.securityfocus.com/bid/11915
Summary:
A remote memory corruption vulnerability affects the animated GIF functionality of zgv. It should be noted that although it is likely that xzgv is also vulnerable to this issue, this has not been confirmed. The underlying issue causing this vulnerability is unknown, although it is likely due to a failure of the application to handle malformed image files. The full impact of this issue is currently unknown, however this issue can be leveraged to cause the affected application to crash. It is possible, however unconfirmed, that this issue may be leveraged to execute arbitrary code.
9. Linux Kernel IGMP Multiple Vulnerabilities
BugTraq ID: 11917
Remote: Yes
Date Published: Dec 14 2004
Relevant URL:
http://www.securityfocus.com/bid/11917
Summary:
Linux kernel IGMP functionality is reported prone to multiple vulnerabilities. These issues can allow local attackers to carry out denial of service and privilege escalation attacks. Remote attackers may also cause denial of service conditions in vulnerable computers. The first issue exists in the 'ip_mc_source()' function and may allow local attackers to cause a denial of service condition or gain elevated privileges. The second issue is related to the first issue and may allow an attacker to disclose sensitive kernel memory. The third vulnerability exists in the IGMP/IP networking module and may allow remote attackers to cause a denial of service condition in a vulnerable computer.
10. Sun Java System Web And Application Server Remote Session Di...
BugTraq ID: 11918
Remote: Yes
Date Published: Dec 14 2004
Relevant URL:
http://www.securityfocus.com/bid/11918
Summary:
A remote session disclosure vulnerability affects the Sun Java System Web and Application Servers. This issue is due to a design error that may cause sessions IDs to be revealed. This issue may be exploited to steal session IDs from unsuspecting users and gain access to their current sessions. Reportedly only sessions that do not require authentication are affected by this issue.
11. Linux Kernel SCM_SEND Local Denial of Service Vulnerability
BugTraq ID: 11921
Remote: No
Date Published: Dec 14 2004
Relevant URL:
http://www.securityfocus.com/bid/11921
Summary:
Linux kernel is reported prone to a local denial of service vulnerability. This issue presents itself in the SCM logical sub layer of the socket API. An unprivileged application can craft a malformed auxiliary message and send it to a socket, which results in the kernel invoking '__scm_send()' in a manner that leads to a crash. This issue can allow local attackers to cause a denial of service condition on a vulnerable computer. It is not confirmed if this vulnerability can be leveraged to gain elevated privileges.
12. Adobe Acrobat Reader Email Message Remote Buffer Overflow Vu...
BugTraq ID: 11923
Remote: Yes
Date Published: Dec 14 2004
Relevant URL:
http://www.securityfocus.com/bid/11923
Summary:
A remote buffer overflow vulnerability reportedly affects the email message checking functionality in Adobe Acrobat Reader for Unix. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation. It should be noted that this issue only affects Adobe Acrobat Reader for the Unix platform.
13. Linux Kernel Local DRM Denial Of Service Vulnerability
BugTraq ID: 11936
Remote: No
Date Published: Dec 14 2004
Relevant URL:
http://www.securityfocus.com/bid/11936
Summary:
It is reported that the DRM module in the Linux kernel is susceptible to a local denial of service vulnerability. This vulnerability likely results in the corruption of video memory, crashing the X server. It is also reported that malicious users may be able to modify the video output. Further details are unavailable at this time. This BID will be updated as further analysis is completed.
14. Linux Kernel PROC Filesystem Local Information Disclosure Vu...
BugTraq ID: 11937
Remote: No
Date Published: Dec 14 2004
Relevant URL:
http://www.securityfocus.com/bid/11937
Summary:
It is reported that the Linux kernel /proc filesystem is susceptible to an information disclosure vulnerability. This issue is due to a race-condition allowing unauthorized access to potentially sensitive process information. This vulnerability may allow malicious local users to gain access to potentially sensitive environment variables in other users processes. As some programs pass passwords and other sensitive information in environment variables, this may aid a malicious user in further attacks. Further details are unavailable at this time. This BID will be updated as further analysis is completed.
15. Linux Kernel Sys32_NI_Syscall/Sys32_VM86_Warning Local Buffe...
BugTraq ID: 11938
Remote: No
Date Published: Dec 14 2004
Relevant URL:
http://www.securityfocus.com/bid/11938
Summary:
The Linux kernel for 64-Bit architectures is reported prone to a local buffer overflow vulnerability. This vulnerability exists in 'sys32_ni_syscall()' and 'sys32_vm86_warning()' as a result of an unbounded copy of a 16 byte string into an 8 byte buffer using the strcpy() function. Immediate consequences of exploitation of this vulnerability could be a kernel panic; this could be used to deny service to legitimate users. It is not currently known whether this vulnerability may be leveraged to provide for execution of arbitrary code.
16. Linux Kernel Sock_DGram_SendMsg Local Denial Of Service Vuln...
BugTraq ID: 11939
Remote: No
Date Published: Dec 14 2004
Relevant URL:
http://www.securityfocus.com/bid/11939
Summary:
The Linux kernel is reported to be prone to a local denial of service vulnerability. This vulnerability is reported to exist when 'CONFIG_SECURITY_NETWORK=y' and 'CONFIG_SECURITY_SELINUX=y' options are set in the Linux kernel. A local attacker may exploit this vulnerability to trigger a kernel panic and effectively deny service to legitimate users.
17. Vim Modelines Arbitrary Command Execution Variant Vulnerabil...
BugTraq ID: 11941
Remote: Yes
Date Published: Dec 15 2004
Relevant URL:
http://www.securityfocus.com/bid/11941
Summary:
Vim modelines is prone to a vulnerability that may permit execution of arbitrary commands. Reportedly, certain modelines options expose this issue. Exploitation could occur when a malicious file is opened in the editor and would occur in the context of the user opening the file. This issue is similar to BID 6384.
18. Novell NetMail Multiple Remote Vulnerabilities
BugTraq ID: 11942
Remote: Yes
Date Published: Dec 15 2004
Relevant URL:
http://www.securityfocus.com/bid/11942
Summary:
Multiple remote vulnerabilities reportedly affect Novell NetMail. These vulnerabilities are due to multiple issues including failure to verify string length before copying them into static process buffers, failure to handle malformed input, and various design errors. The first issue reported is a buffer overflow vulnerability in the IMAP functionality of the affected application. The second issue is a failure of the application to properly integrate with Symantec antivirus software. Finally a number of issues reported may facilitate denial of service attacks, although these are not confirmed. An attacker may leverage these issues to execute arbitrary code on the affected computer, facilitating system compromise, anti-virus screening bypass, facilitating a false sense of security, and potentially carry out denial of service attacks.
19. Ethereal Multiple Unspecified Denial of Service and Potentia...
BugTraq ID: 11943
Remote: Yes
Date Published: Dec 15 2004
Relevant URL:
http://www.securityfocus.com/bid/11943
Summary:
Ethereal 0.10.8 has been released to address multiple vulnerabilities. These vulnerabilities are reported to cause denial of service conditions in the application, however, it is reported that some issues may allow for arbitrary code execution. The following specific issues were specified: A denial of service vulnerability presents itself in the DICOM dissector. The application suffers from a denial of service vulnerability when handling a malformed RTP timestamp. It is reported that the HTTP dissector may allow a remote attacker to access memory that was previously freed. Another denial of service issues affecting the application arises when Ethereal processes a specially crafted SMB packet. This BID will be updated as more information becomes available.
20. Linux Kernel Multiple Local Vulnerabilities
BugTraq ID: 11956
Remote: No
Date Published: Dec 15 2004
Relevant URL:
http://www.securityfocus.com/bid/11956
Summary:
The Linux kernel is reported prone to multiple local vulnerabilities. The following individual issues are reported: An integer overflow is reported to exist in 'ip_options_get()' of the 'ip_options.c' kernel source file, this vulnerability is only reported to exist in the 2.6 kernel tree. Although unconfirmed, due to the nature of this vulnerability it is conjectured that this issue may be further leveraged to provide for arbitrary code execution with ring 0 privileges. A local attacker may exploit this vulnerability to deny service to legitimate users. Other attacks are also likely possible. A second integer overflow vulnerability is reported to exist in the 'vc_resize()' function of the Linux kernel, this vulnerability is reported to exist in the 2.6 and 2.4 kernel trees. Although unconfirmed, due to the nature of this vulnerability it is conjectured that this issue may be further leveraged to provide for arbitrary code execution with ring 0 privileges. A local attacker may exploit this vulnerability to deny service to legitimate users. Other attacks are also likely possible. A third vulnerability, a memory leak, is reported to exist in 'ip_options_get()' of the 'ip_options.c' kernel source file, this vulnerability is reported to exist in the 2.6, and 2.4 kernel tree. A local attacker may exploit this vulnerability to consume kernel heap memory resources and in doing so may impact system performance ultimately resulting in a denial of service to legitimate users.
21. ChBg Scenario File Overflow Vulnerability
BugTraq ID: 11957
Remote: Yes
Date Published: Dec 15 2004
Relevant URL:
http://www.securityfocus.com/bid/11957
Summary:
ChBg is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive process buffers. It is reported that this issue can allow an attacker to gain superuser privileges on a vulnerable computer. An attacker can exploit this issue by crafting a malicious scenario file. A scenario is a file containing a list of pictures to display. If a user obtains this file and processes it through ChBg, the attacker-supplied instructions may be executed on the vulnerable computer. ChBg 1.5 is reported prone to this vulnerability. It is likely that other versions are affected as well.
22. MPG123 Find Next File Remote Client-Side Buffer Overflow Vul...
BugTraq ID: 11958
Remote: Yes
Date Published: Dec 15 2004
Relevant URL:
http://www.securityfocus.com/bid/11958
Summary:
A remote client-side buffer overflow vulnerability affects mpg123. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
23. IglooFTP Server Response Download Filename File Corruption V...
BugTraq ID: 11960
Remote: Yes
Date Published: Dec 15 2004
Relevant URL:
http://www.securityfocus.com/bid/11960
Summary:
IglooFTP does not properly sanitize server-supplied filenames during downloads, potentially allowing for files to be created or overwritten in the context of the client user. This issue is reported to occur when the FTP client is used to recursively download files from a remote FTP server. This issue reportedly exists in UNIX/Linux based versions of IglooFTP. It is not known if Windows versions are affected.
24. IglooFTP File Upload Insecure Temporary File Vulnerability
BugTraq ID: 11961
Remote: No
Date Published: Dec 15 2004
Relevant URL:
http://www.securityfocus.com/bid/11961
Summary:
IglooFTP creates temporary files in an insecure manner. This issue is reported to occur when the client is uploading files to a remote server. An attacker could abuse this issue through symbolic link attacks that corrupt files owned by the user, most likely resulting in a loss of data. This issue reportedly exists in UNIX/Linux based versions of IglooFTP. It is not known if Windows versions are affected.
25. MPlayer MMST Get_Header Remote Client-Side Buffer Overflow V...
BugTraq ID: 11962
Remote: Yes
Date Published: Dec 15 2004
Relevant URL:
http://www.securityfocus.com/bid/11962
Summary:
A remote, client-side buffer overflow vulnerability reportedly affects MPlayer. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.