LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-31-2004, 03:45 PM   #1
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,139
Blog Entries: 54

Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
LQ security report - Mar 31th 2004


Mar 29th 2004
40 of 76 issues handled (ISS)
cPanel dodelautores.html or addhandle.html cross-
Samba smbprint.log symlink attack
InterBase admin.ib allows elevated privileges
Apache mod_disk_cache local information disclosure
Clam AntiVirus RAR archive denial of service
Tarantella Enterprise ttaarchives.cgi and
phpBB admin_smilies.php script and admin_styles.php
phpBB admin_smilies.php and the admin_styles.php
phpBB unchecked session IDs allow command execution
xine xine-bugreport and xine-check symlink attack
phpBB profile.php cross-site scripting
Invision Gallery index.php SQL injection
xweb "dot dot" directory traversal
Invision Power Top Site List id SQL injection
Ethereal multiple dissectors buffer overflows
Ethereal zero-length presentation protocol selector
Ethereal RADIUS packet denial of service
Ethereal colour filter file denial of service
MS Analysis error message discloses directory path
MS Analysis modules.php and title.php cross-site
MS Analysis referer header SQL injection
Linux Kernel kmod signals denial of service
phpBB admin_words.php SQL injection
phpBB admin_words.php cross-site scripting
HiGuest higuest.pl script allows cross-site
Common Desktop Environment dtlogin utility double-
Mod_Survey cross-site scripting
squidGuard '%00' character ACL bypass
SSH Tectia Server password change plug-in race
VP-ASP catalogid SQL injection
PHP-Nuke IMG tag allows elevated privileges
emil email multiple buffer overflows
emil format string attack
Random Ident server (ridentd) rident.pid symlink
MySQL mysqlbug script symlink attack
oftpd PORT denial of service
OpenBSD ISAKMP IPSEC SA payload denial of service
OpenBSD ISAKMP Cert Request payload integer
OpenBSD ISAKMP delete payload denial of service
phpBB privmsg.php SQL injection

Mar 29th 2004
33 of 62 issues handled (SF)
1. Belchior Foundry VCard Authentication Bypass Vulnerability
2. PHP-Nuke Error Manager Module Multiple Vulnerabilities
8. Jetty Unspecified Denial Of Service Vulnerability
10. SquidGaurd NULL URL Character Unauthorized Access Vulnerabil...
12. Apache Connection Blocking Denial Of Service Vulnerability
13. FVWM fvwm_make_browse_menu.sh Scripts Command Execution Vuln...
16. FVWM fvwm_make_directory_menu.sh Scripts Command Execution V...
17. Samba SMBPrint Sample Script Insecure Temporary File Handlin...
18. Tarantella Enterprise 3 TTAArchives.CGI Remote Cross-Site Sc...
19. Tarantella Enterprise 3 TTACab.CGI Remote Cross-Site Scripti...
20. Borland Interbase Database User Privilege Escalation Vulnera...
21. Apache Error Log Escape Sequence Injection Vulnerability
24. Apache mod_disk_cache Module Client Authentication Credentia...
27. XWeb Directory Traversal Vulnerability
28. phpBB profile.php avatarselect Cross-Site Scripting Vulnerab...
29. Xine Bug Reporting Script Insecure Temporary File Creation V...
30. JelSoft VBulletin Private.PHP Cross-Site Scripting Vulnerabi...
31. Joel Palmius Mod_Survey Survey Input Field HTML Injection Vu...
32. phpBB Multiple Input Validation Vulnerabilities
33. JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scrip...
36. PHP-Nuke MS-Analysis Module Multiple Remote Path Disclosure ...
37. PHP-Nuke MS-Analysis Module Multiple Cross-Site Scripting Vu...
38. PHP-Nuke MS-Analysis Module HTTP Referrer Field SQL Injectio...
40. ReGet Software ReGet Directory Traversal Vulnerability
41. Ethereal Multiple Vulnerabilities
43. Foxmail Remote Buffer Overflow Vulnerability
44. Hibyte HiGuest Message Field HTML Injection Vulnerability
45. SSH Communications SSH Tectia Server Private Key Disclosure ...
47. Common Desktop Environment DTLogin Unspecified Remote Double...
50. FluidGames The Rage Game Server Remote Denial of Service Vul...
51. Sun Solaris vfs_getvfssw function Local Privilege Escalation...
54. CPanel Multiple Cross-Site Scripting Vulnerabilities
57. rident.pl Symbolic Link Vulnerability

Mar 26th 2004
4 issues handled out of 5 instances handled in 4 distro's (LAW)
ecartis
httpd
openssl
sysstat
 
Old 03-31-2004, 03:46 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,139
Blog Entries: 54

Original Poster
Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Mar 26th 2004 (LAW)

Linux Advisory Watch


Distribution: Debian
3/24/2004 - ecartis
Multiple vulnerabilities
New version fixes multiple buffer overflows plus password
disclosure vulnerability.
http://www.linuxsecurity.com/advisor...sory-4155.html

Distribution: Fedora
3/23/2004 - OpenSSL
Denial of service vulnerabilities
This update includes OpenSSL packages to fix two security issues
affecting OpenSSL 0.9.7a which allow denial of service attacks.
http://www.linuxsecurity.com/advisor...sory-4154.html

Distribution: Red Hat
3/23/2004 - httpd
Denial of service vulnerability
Updated httpd packages are now available that fix a denial of
service vulnerability in mod_ssl
http://www.linuxsecurity.com/advisor...sory-4153.html

Distribution: Trustix
3/19/2004 - sysstat
Insecure temporary file vulnerability
This patch removes the isag script, which creates insecure
temporary files.
http://www.linuxsecurity.com/advisor...sory-4151.html

3/19/2004 - OpenSSL
Denial of service vulnerability
Several holes were discovered that could lead to denial of service
(DoS) attacks on SSL-enabled services.
http://www.linuxsecurity.com/advisor...sory-4152.html
 
Old 03-31-2004, 03:47 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,139
Blog Entries: 54

Original Poster
Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Mar 29th 2004 (SF)

SecurityFocus


1. Belchior Foundry VCard Authentication Bypass Vulnerability
BugTraq ID: 9910
Remote: Yes
Date Published: Mar 17 2004
Relevant URL: http://www.securityfocus.com/bid/9910
Summary:
It has been reported that vCard is prone to a remote authentication bypass
vulnerability. This issue is due to a design error that would allow a
malicious user access to certain admin functionality without having to
first authenticate to the application.
This issue may be leveraged to manipulate the application database,
potentially destroying data.

2. PHP-Nuke Error Manager Module Multiple Vulnerabilities
BugTraq ID: 9911
Remote: Yes
Date Published: Mar 18 2004
Relevant URL: http://www.securityfocus.com/bid/9911
Summary:
It has been reported that Error Manager is prone to multiple
vulnerabilities. These issues are due to failure to validate user input,
failure to handle exceptional conditions and simple design errors.
These issues may be leveraged to carry out cross-site scripting attacks,
reveal information about the application configuration and initiate HTML
injection attacks against the affected system.

8. Jetty Unspecified Denial Of Service Vulnerability
BugTraq ID: 9917
Remote: Yes
Date Published: Mar 18 2004
Relevant URL: http://www.securityfocus.com/bid/9917
Summary:
An unspecified denial of service vulnerability has been reported in Jetty
Java HTTP Servlet Server. It is conjectured that this may be exploited
remotely.

10. SquidGaurd NULL URL Character Unauthorized Access Vulnerabil...
BugTraq ID: 9919
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9919
Summary:
Reportedly SquidGaurd is prone to a remote NULL URL character unauthorized
access vulnerability. This issue is due to a failure of the application
to properly filter out invalid URIs.
Successful exploitation of this issue may allow a remote attacker to
bypass access controls resulting in unauthorized access to
attacker-specified resources. This may allow the attacker to gain
unauthorized access to sensitive resources.
Although it has not been confirmed, this issue may be related to the issue
defined in BID 9778.

12. Apache Connection Blocking Denial Of Service Vulnerability
BugTraq ID: 9921
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9921
Summary:
Apache is prone to an issue that may permit remote attackers to cause a
denial of service issue via a listening socket on a rarely accessed port.
This will reportedly block out new connections to the server until another
connection on the rarely accessed socket is initiated.
The functionality that exposes this issue is reportedly enabled by default
on all platforms except Windows.

13. FVWM fvwm_make_browse_menu.sh Scripts Command Execution Vuln...
BugTraq ID: 9922
Remote: No
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9922
Summary:
It has been reported that the FVWM fvwm_make_browse_menu.sh script is
prone to a command execution vulnerability. This issue is due to the
script allowing a user to define which application should be used to
execute the file via its filename.
An attacker may be able to leverage this issue to cause arbitrary commands
to be executed with the privileges of a victim user.
This issue is related to the issue described in BID 9161.

16. FVWM fvwm_make_directory_menu.sh Scripts Command Execution V...
BugTraq ID: 9925
Remote: No
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9925
Summary:
It has been reported that the FVWM 'fvwm_make_directory_menu.sh' script is
prone to a command execution vulnerability. This issue is due to the
script allowing a user to define which application should be used to
execute the file via its filename.
An attacker may be able to leverage this issue to cause arbitrary commands
to be executed with the privileges of a victim user.
This issue is related to the issue described in BID 9161.

17. Samba SMBPrint Sample Script Insecure Temporary File Handlin...
BugTraq ID: 9926
Remote: No
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9926
Summary:
It has been reported that the 'smbprint-new.sh' sample Samba script is
prone to a local insecure temporary file handling symbolic link
vulnerability. This issue is due to a design error that allows the
application to insecurely write to a temporary file that is created with a
predictable file name.
An attacker may exploit this issue to corrupt arbitrary files. This
corruption may potentially result in the elevation of privileges, or in a
system wide denial of service.
It should be noted that the 'smbprint-new.sh' is a sample script located
in the 'examples' directory. This script is not intended for commercial
use. The 'smbprint' script included in the 'packaging' directory is not
vulnerable to this issue. Individual package distributions may vary.

18. Tarantella Enterprise 3 TTAArchives.CGI Remote Cross-Site Sc...
BugTraq ID: 9927
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9927
Summary:
Reportedly the 'ttaarchives.cgi' script bundled with Tarantella Enterprise
3 is prone to a remote cross-site scripting vulnerability. This issue is
due to a failure of the application to sufficiently sanitize user supplied
URI input.
This issue may be leveraged to steal cookie based authentication
credentials, other attacks are possible as well.

19. Tarantella Enterprise 3 TTACab.CGI Remote Cross-Site Scripti...
BugTraq ID: 9928
Remote: Yes
Date Published: Mar 19 2004
Relevant URL: http://www.securityfocus.com/bid/9928
Summary:
Reportedly the 'ttacab.cgi' script bundled with Tarantella Enterprise 3 is
prone to a remote cross-site scripting vulnerability. This issue is due
to a failure of the application to sufficiently sanitize user supplied URI
input.
This issue may be leveraged to steal cookie based authentication
credentials, other attacks are possible as well.

20. Borland Interbase Database User Privilege Escalation Vulnera...
BugTraq ID: 9929
Remote: No
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9929
Summary:
By default, insecure permissions are set on the file storing the user
database that is shipped with Borland Interbase. The permissions, 0666,
permit all users to write to the file. This configuration error can be
exploited to gain administrative access within the database. The
consequences of this flaw may extend further if the database supports
applications.

21. Apache Error Log Escape Sequence Injection Vulnerability
BugTraq ID: 9930
Remote: Yes
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9930
Summary:
It has been reported that the Apache web server is prone to a remote error
log escape sequence injection vulnerability. This issue is due to an
input validation error that may allow escape character sequences to be
injected into apache log files.
This may facilitate exploitation of issues such as those found in BIDs
6936 and 6938.
This issue may allow an attacker to carry out a number of actions
including arbitrary file creation and code execution on the affected
system.

24. Apache mod_disk_cache Module Client Authentication Credentia...
BugTraq ID: 9933
Remote: Yes
Date Published: Mar 20 2004
Relevant URL: http://www.securityfocus.com/bid/9933
Summary:
It has been reported that Apache mod_disk_cache module may be prone to a
weakness that could result in an attacker gaining access to proxy or
standard authentication credentials. The mod_disk_cache module is
reported to store HTTP Hop-by-hop headers including user login and
password information in plaintext format on disk.
This issue could be used in conjunction with other possible
vulnerabilities in a host to gain access to user authentication
credentials. Successful exploitation of this issue may lead to further
attacks agains vulnerable users of the affected host.
Apache versions 2.0.49 and prior with mod_disk_cache enabled are assumed
to be affected by this issue.

27. XWeb Directory Traversal Vulnerability
BugTraq ID: 9937
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9937
Summary:
XWeb is reportedly prone to directory traversal attacks. Remote attackers
may exploit this issue to gain access to sensitive files outside of the
server root. This would occur in the context of the server, i.e.: any
files the server could access would also be accessible to the attacker.

28. phpBB profile.php avatarselect Cross-Site Scripting Vulnerab...
BugTraq ID: 9938
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9938
Summary:
It has been reported that phpBB may be prone to a cross-site scripting
vulnerability that may allow an attacker to execute arbitrary HTML or
script code in a user's browser. The issue exists due to insufficient
sanitization of user-supplied input via the 'avatarselect' form parameter
of 'profile.php' script.
phpBB 2.0.6d has been reported to be prone to this issue, however, other
versions could be affected as well.

29. Xine Bug Reporting Script Insecure Temporary File Creation V...
BugTraq ID: 9939
Remote: No
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9939
Summary:
The xine bug reporting scripts (xine-bugreport and xine-check) create
temporary files in an insecure manner. A malicious local user could take
advantage of this issue by mounting a symbolic link attack to corrupt
other system files, most likely resulting in destruction of data.
Privilege escalation is also theoretically possible. This issue is only
exposed when the vulnerable scripts are run to submit a bug report to the
vendor.
It should be noted that xine-bugreport and xine-check are separate
instances of the same script.

30. JelSoft VBulletin Private.PHP Cross-Site Scripting Vulnerabi...
BugTraq ID: 9940
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9940
Summary:
It has been reported that VBulletin is prone to a cross-site scripting
vulnerability in the 'ptivate.php' script. This issue is reportedly due to
a failure to sanitize user input and so allow for injection of HTML and
script code that may facilitate cross-site scripting attacks.
Successful exploitation of this issue may allow for theft of cookie-based
authentication credentials or other attacks.

31. Joel Palmius Mod_Survey Survey Input Field HTML Injection Vu...
BugTraq ID: 9941
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9941
Summary:
Mod_Survey is prone to HTML injection attacks via survey input fields.
They may permit remote attackers to persistently inject HTML and script
code into surveys, which may be rendered in the web browser of
administrative or other users.
Exploitation could permit for theft of cookie-based authentication
credentials. Other attacks are also possible.

32. phpBB Multiple Input Validation Vulnerabilities
BugTraq ID: 9942
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9942
Summary:
It has been reported that phpBB may be prone to multiple vulnerabilities
that could allow an attacker to carry out SQL injection and cross-site
scripting attacks. These vulnerabilities result from insufficient
sanitization of user-supplied input via the 'id' parameter of
'admin_smilies.php' module and the 'style_id' parameter of 'admin_styles'
module.
phpBB versions 2.0.7a and prior are reported to be prone to these issues.

33. JelSoft VBulletin Multiple Module Index.PHP Cross-Site Scrip...
BugTraq ID: 9943
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9943
Summary:
It has been reported that VBulletin is prone to a cross-site scripting
vulnerability in the 'index.php' script in both the 'admincp' and 'modcp'
application directories. This issue is reportedly due to a failure to
sanitize user input and so allow for injection of HTML and script code
that may facilitate cross-site scripting attacks.
Successful exploitation of this issue may allow for theft of cookie-based
authentication credentials or other attacks.

36. PHP-Nuke MS-Analysis Module Multiple Remote Path Disclosure ...
BugTraq ID: 9946
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9946
Summary:
Reportedly MS-Analysis is prone to a remote information disclosure
vulnerability. This issue is due to a design error that displays
sensitive system information when certain errors are triggered.
The problem presents itself when an error condition is triggered in all
scripts residing in the 'scripts' directory of the MS-Analysis directory.
It has also been reported that this issue affects the 'mstrack.php' and
'title.php' scripts in the MS-Analysis root directory.
These issues may be leveraged to gain sensitive information about the
affected system potentially aiding an attacker in mounting further
attacks.

37. PHP-Nuke MS-Analysis Module Multiple Cross-Site Scripting Vu...
BugTraq ID: 9947
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9947
Summary:
It has been reported that MS-Analysis is prone to a multiple cross-site
scripting vulnerabilities. These issues are due to a failure of the
application to properly sanitize user supplied URI parameters.
These issues could permit a remote attacker to create a malicious link to
the vulnerable application that includes hostile HTML and script code. If
this link were followed, the hostile code may be rendered in the web
browser of the victim user. This would occur in the security context of
the affected web site and may allow for theft of cookie-based
authentication credentials or other attacks.

38. PHP-Nuke MS-Analysis Module HTTP Referrer Field SQL Injectio...
BugTraq ID: 9948
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9948
Summary:
Reportedly the MS-Analysis module is prone to a remote SQL injection
vulnerability. This issue is due to a failure to properly sanitize user
supplied HTTP header input before using it in an SQL query.
As a result of this, a malicious user may influence database queries in
order to view or modify sensitive information, potentially compromising
the software or the database. It may be possible for an attacker to
disclose the administrator password hash by exploiting this issue.

40. ReGet Software ReGet Directory Traversal Vulnerability
BugTraq ID: 9951
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9951
Summary:
It has been reported that ReGet may be prone to a directory traversal
vulnerability that may allow remote attackers to upload files to arbitrary
locations on a target system. The attacker may supply encoded directory
traversal sequences in the URI parameter so that the requested file is
saved outside of the default download directory specified by the user.
ReGet Deluxe 3.0 build 121 has been reported to be prone to this issue,
however, other versions could be affected as well.

41. Ethereal Multiple Vulnerabilities
BugTraq ID: 9952
Remote: Yes
Date Published: Mar 22 2004
Relevant URL: http://www.securityfocus.com/bid/9952
Summary:
Ethereal 0.10.3 has been released to address multiple vulnerabilities.
These issues include:
- Thirteen stack-based buffer overruns in various protocol dissectors
(NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP).
- A denial of service that is triggered by a zero length Presentation
protocol selector.
- Specially crafted RADIUS packets may cause a crash in Ethereal.
- Corrupt color filter files may cause a crash in Ethereal.
These issues may result in a denial of service or potentially be leveraged
to execute arbitrary code in the instance of the buffer overruns.

43. Foxmail Remote Buffer Overflow Vulnerability
BugTraq ID: 9954
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9954
Summary:
It has been reported that Foxmail is prone to a remote buffer overflow
vulnerability. This issue is due to a failure of the application to
verify buffer boundaries when processing user supplied email headers.
A remote attacker may potentially exploit this issue to cause the email
client to crash, denying service to the victim user. It is also possible
to further leverage this issue in order to execute arbitrary code; this
code would be executed in the security context of the user running the
affected email client.

44. Hibyte HiGuest Message Field HTML Injection Vulnerability
BugTraq ID: 9955
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9955
Summary:
Hibyte's HiGuest guestbook software is prone to HTML injection attacks.
This issue is exposed via the message form field in the guestbook entry
submission form.
Exploitation could permit remote attackers to persistently inject hostile
HTML and script code into guestbook content. This could allow for theft
of cookie-based authentications or other attacks, such as those which
misrepresent guestbook content.

45. SSH Communications SSH Tectia Server Private Key Disclosure ...
BugTraq ID: 9956
Remote: No
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9956
Summary:
It has been reported that SSH Tectia Server may be prone to a private key
disclosure vulnerability due to an unspecified weakness in the password
change mechanism functionality employed by the server. Because of this, a
local attacker may be able to gain access to the private host key of a
vulnerable system. It has been reported that the password change
mechanism is not enabled by default.
SSH Tectia Server for Unix versions 4.0.3 and 4.0.4 are affected by this
issue. Tectia Server for Windows is not vulnerable to this issue.

47. Common Desktop Environment DTLogin Unspecified Remote Double...
BugTraq ID: 9958
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9958
Summary:
It has been reported that a double free vulnerability exists in the
dtlogon process of CDE. This issue presents itself due to the free()
function being called on the same allocated chunk of memory more than
once. This problem occurs prior to any authorization.
Successful exploitation of this issue could lead to the corruption of an
arbitrary location in memory, ultimately allowing for the attacker to
control the execution flow of the affected process.

50. FluidGames The Rage Game Server Remote Denial of Service Vul...
BugTraq ID: 9961
Remote: Yes
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9961
Summary:
It has been reported that The Rage is prone to a denial of service
vulnerability when processing client request packets containing 0 for the
values of the client IP address and Port number. This issue results in an
exceptional condition causing the server to enter an infinite loop leading
to a hang.
The Rage 1.01 and prior are reported to be affected by this issue.

51. Sun Solaris vfs_getvfssw function Local Privilege Escalation...
BugTraq ID: 9962
Remote: No
Date Published: Mar 23 2004
Relevant URL: http://www.securityfocus.com/bid/9962
Summary:
It has been reported that Sun Solaris may be prone to a local privilege
escalation vulnerability that may allow an attacker to gain root access to
a vulnerable system. The issue exists due to insufficient sanitization of
user-supplied data via the vfs_getvfssw() function in the Solaris kernel.
An attacker can load a user-specified kernel modules by using directory
traversal sequences and employing the mount() or sysfs() system calls.

54. CPanel Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 9965
Remote: Yes
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9965
Summary:
Reportedly cPanel is prone to multiple cross-site scripting
vulnerabilities. These issues are due to a failure of the application to
properly validate user supplied URI input.
These issues could permit a remote attacker to create a malicious link to
the vulnerable application that includes hostile HTML and script code. If
this link were followed, the hostile code may be rendered in the web
browser of the victim user. This would occur in the security context of
the affected web site and may allow for theft of cookie-based
authentication credentials or other attacks.

57. rident.pl Symbolic Link Vulnerability
BugTraq ID: 9968
Remote: No
Date Published: Mar 24 2004
Relevant URL: http://www.securityfocus.com/bid/9968
Summary:
It has been reported that rident.pl may be prone to a symbolic link
vulnerability that may allow an attacker to corrupt or overwrite arbitrary
files. This issue exists because the script writes output to a temporary
file as 'rident.pid' in 'tmp' directory.
It has been reported that a user will require root privileges to invoke
the affected script; this may increase the impact of this vulnerability.
 
Old 03-31-2004, 03:48 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,139
Blog Entries: 54

Original Poster
Rep: Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791Reputation: 2791
Mar 29th 2004 (ISS)

Internet Security Systems


Date Reported: 03/23/2004
Brief Description: cPanel dodelautores.html or addhandle.html cross-
site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: cPanel 9.1.0-STABLE 93, Linux Any version
Vulnerability: cpanel-dodelautores-addhandle-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/15517

Date Reported: 03/19/2004
Brief Description: Samba smbprint.log symlink attack
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, Samba 3.0.2
Vulnerability: samba-smbprint-symlink
X-Force URL: http://xforce.iss.net/xforce/xfdb/15545

Date Reported: 03/19/2004
Brief Description: InterBase admin.ib allows elevated privileges
Risk Factor: High
Attack Type: Host Based
Platforms: InterBase 7.1, Linux Any version
Vulnerability: interbase-admin-gain-privileges
X-Force URL: http://xforce.iss.net/xforce/xfdb/15546

Date Reported: 03/20/2004
Brief Description: Apache mod_disk_cache local information disclosure
Risk Factor: Medium
Attack Type: Host Based
Platforms: Any operating system Any version, Apache HTTP
Server 2.0.48, Apache HTTP Server 2.0.49, Gentoo
Linux Any version
Vulnerability: apache-moddiskcache-obtain-info
X-Force URL: http://xforce.iss.net/xforce/xfdb/15547

Date Reported: 03/22/2004
Brief Description: Clam AntiVirus RAR archive denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Clam AntiVirus prior to 0.68, Linux Any version,
Unix Any version
Vulnerability: clam-antivirus-rar-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/15553

Date Reported: 03/20/2004
Brief Description: Tarantella Enterprise ttaarchives.cgi and
ttacab.cgi CGI utilities cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Tarantella
Enterprise 3.2x, Tarantella Enterprise 3.3x,
Tarantella Enterprise 3.40
Vulnerability: tarantella-ttaarchives-ttacab-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/15556

Date Reported: 03/21/2004
Brief Description: phpBB admin_smilies.php script and admin_styles.php
script SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, phpBB 2.0.7a and
earlier
Vulnerability: phpbb-multiple-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/15559

Date Reported: 03/21/2004
Brief Description: phpBB admin_smilies.php and the admin_styles.php
scripts cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, phpBB 2.0.7a and
earlier
Vulnerability: phpbb-multiple-adminscripts-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/15562

Date Reported: 03/21/2004
Brief Description: phpBB unchecked session IDs allow command execution
Risk Factor: High
Attack Type: Network Based
Platforms: Any operating system Any version, phpBB 2.0.7a and
earlier
Vulnerability: phpbb-sessionid-command-execution
X-Force URL: http://xforce.iss.net/xforce/xfdb/15563

Date Reported: 03/20/2004
Brief Description: xine xine-bugreport and xine-check symlink attack
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, Unix Any version, xine Any
version
Vulnerability: xine-xinebugreport-xinecheck-symlink
X-Force URL: http://xforce.iss.net/xforce/xfdb/15564

Date Reported: 03/20/2004
Brief Description: phpBB profile.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, phpBB 2.0.6d, Unix Any version,
Windows Any version
Vulnerability: phpbb-profile-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/15565

Date Reported: 03/22/2004
Brief Description: Invision Gallery index.php SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Invision Gallery
1.0.1
Vulnerability: invision-gallery-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/15566

Date Reported: 03/20/2004
Brief Description: xweb "dot dot" directory traversal
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, xweb 1.0
Vulnerability: xweb-dotdot-directory-traversal
X-Force URL: http://xforce.iss.net/xforce/xfdb/15567

Date Reported: 03/22/2004
Brief Description: Invision Power Top Site List id SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Invision Power Top Site List 1.1 RC2 and earlier,
Linux Any version, Unix Any version, Windows Any
version
Vulnerability: invision-id-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/15568

Date Reported: 03/22/2004
Brief Description: Ethereal multiple dissectors buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: Ethereal 0.8.13 to 0.10.2, Linux Any version, Unix
Any version, Windows Any version
Vulnerability: ethereal-multiple-dissectors-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15569

Date Reported: 03/22/2004
Brief Description: Ethereal zero-length presentation protocol selector
denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Ethereal 0.8.13 to 0.10.2, Linux Any version, Unix
Any version, Windows Any version
Vulnerability: ethereal-zero-presentation-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/15570

Date Reported: 03/22/2004
Brief Description: Ethereal RADIUS packet denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Ethereal 0.8.13 to 0.10.2, Linux Any version, Unix
Any version, Windows Any version
Vulnerability: ethereal-radius-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/15571

Date Reported: 03/22/2004
Brief Description: Ethereal colour filter file denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Ethereal 0.8.13 to 0.10.2, Linux Any version, Unix
Any version, Windows Any version
Vulnerability: ethereal-colour-filter-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/15572

Date Reported: 03/23/2004
Brief Description: MS Analysis error message discloses directory path
Risk Factor: Low
Attack Type: Network Based
Platforms: Any operating system Any version, MS Analysis 2.0
Vulnerability: msanalysis-error-path-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/15574

Date Reported: 03/23/2004
Brief Description: MS Analysis modules.php and title.php cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, MS Analysis 2.0
Vulnerability: msanalysis-modules-title-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/15575

Date Reported: 03/23/2004
Brief Description: MS Analysis referer header SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, MS Analysis 2.0
Vulnerability: msanalysis-referer-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/15576

Date Reported: 03/20/2004
Brief Description: Linux Kernel kmod signals denial of service
Risk Factor: Medium
Attack Type: Host Based
Platforms: Conectiva Linux 8.0, Conectiva Linux 9.0, Linux
kernel 2.4, SuSE eMail Server 3.1, SuSE eMail
Server III Any1, version, SuSE Linux 7.3, SuSE Linux
8.0, SuSE Linux 8. SuSE Linux 8.2, SuSE Linux
9.0, SuSE Linux Database Server Any version, SuSE
Linux Enterprise Server 7, SuSE Linux Firewall Any
version, SuSE Linux Office Server Any version, SuSE
Linux School Server Any version
Vulnerability: linux-kmod-signals-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/15577

Date Reported: 03/22/2004
Brief Description: phpBB admin_words.php SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, phpBB 2.0.6c
Vulnerability: phpbb-adminwords-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/15578

Date Reported: 03/22/2004
Brief Description: phpBB admin_words.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, phpBB 2.0.6c
Vulnerability: phpbb-adminwords-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/15579

Date Reported: 03/23/2004
Brief Description: HiGuest higuest.pl script allows cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: HiGuest Any version, Linux Any version, Unix Any
version, Windows Any version
Vulnerability: higuest-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/15580

Date Reported: 03/23/2004
Brief Description: Common Desktop Environment dtlogin utility double-
free
Risk Factor: High
Attack Type: Network Based
Platforms: Common Desktop Environment (CDE) Any version,
Solaris 8, Unix Any version
Vulnerability: cde-dtlogin-double-free
X-Force URL: http://xforce.iss.net/xforce/xfdb/15581

Date Reported: 03/22/2004
Brief Description: Mod_Survey cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Mod_Survey Any
version
Vulnerability: modsurvey-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/15582

Date Reported: 03/22/2004
Brief Description: squidGuard '%00' character ACL bypass
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, squidGuard Any version, Unix Any
version
Vulnerability: squidguard-acl-bypass
X-Force URL: http://xforce.iss.net/xforce/xfdb/15583

Date Reported: 03/23/2004
Brief Description: SSH Tectia Server password change plug-in race
condition
Risk Factor: Medium
Attack Type: Network Based
Platforms: SSH Tectia Server 4.0.3, SSH Tectia Server 4.0.4,
Unix Any version
Vulnerability: sshtectiaserver-passwdplugin-race-condition
X-Force URL: http://xforce.iss.net/xforce/xfdb/15585

Date Reported: 03/24/2004
Brief Description: VP-ASP catalogid SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, VP-ASP 3.x,
VP-ASP 4.x, VP-ASP 5 prior to 7/10/2004, Windows
Any version
Vulnerability: vpasp-catalogid-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/15588

Date Reported: 03/22/2004
Brief Description: PHP-Nuke IMG tag allows elevated privileges
Risk Factor: High
Attack Type: Network Based
Platforms: Any operating system Any version, PHP-Nuke 6.x
through 7.1.0
Vulnerability: phpnuke-img-gain-privileges
X-Force URL: http://xforce.iss.net/xforce/xfdb/15596

Date Reported: 03/24/2004
Brief Description: emil email multiple buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: Debian Linux 3.0, emil 2.0.4, emil 2.0.5, emil
2.1.0-beta9
Vulnerability: emil-email-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15601

Date Reported: 03/24/2004
Brief Description: emil format string attack
Risk Factor: Medium
Attack Type: Network Based
Platforms: Debian Linux 3.0, emil 2.1.0-beta9
Vulnerability: emil-format-string
X-Force URL: http://xforce.iss.net/xforce/xfdb/15602

Date Reported: 03/24/2004
Brief Description: Random Ident server (ridentd) rident.pid symlink
attack
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, Random Ident server (ridentd)
0.9.1b, Unix Any version
Vulnerability: ridentd-symlink
X-Force URL: http://xforce.iss.net/xforce/xfdb/15603

Date Reported: 03/24/2004
Brief Description: MySQL mysqlbug script symlink attack
Risk Factor: High
Attack Type: Host Based
Platforms: Any operating system Any version, MySQL Any version
Vulnerability: mysql-mysqlbug-symlink
X-Force URL: http://xforce.iss.net/xforce/xfdb/15617

Date Reported: 03/26/2004
Brief Description: oftpd PORT denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, oftpd 0.3.6, Unix Any version
Vulnerability: oftpd-port-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/15622

Date Reported: 03/17/2004
Brief Description: OpenBSD ISAKMP IPSEC SA payload denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: OpenBSD 3.3, OpenBSD 3.4
Vulnerability: openbsd-isakmp-ipsec-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/15628

Date Reported: 03/17/2004
Brief Description: OpenBSD ISAKMP Cert Request payload integer
underflow
Risk Factor: Medium
Attack Type: Network Based
Platforms: OpenBSD 3.3, OpenBSD 3.4
Vulnerability: openbsd-isakmp-integer-underflow
X-Force URL: http://xforce.iss.net/xforce/xfdb/15629

Date Reported: 03/17/2004
Brief Description: OpenBSD ISAKMP delete payload denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: OpenBSD 3.3, OpenBSD 3.4
Vulnerability: openbsd-isakmp-delete-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/15630

Date Reported: 03/26/2004
Brief Description: phpBB privmsg.php SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, phpBB 2.0.8 and
earlier
Vulnerability: phpbb-priv-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/15631
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LQ Security Report - June 27 2004 Capt_Caveman Linux - Security 3 06-27-2004 01:37 AM
LQ Security Report May 28th 2004 Capt_Caveman Linux - Security 4 05-28-2004 01:26 PM
LQ Security Report - May 8th 2004 Capt_Caveman Linux - Security 3 05-08-2004 11:39 AM
LQ security report - Mar 10th 2004 unSpawn Linux - Security 2 03-10-2004 04:04 PM
LQ security report - Mar 01st 2004 unSpawn Linux - Security 4 03-01-2004 05:08 PM


All times are GMT -5. The time now is 11:06 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration