LQ Security Report - December 31st 2004
December 28th 2004
21 issues handled (SF) 1. HTGET URI Buffer Overflow Vulnerability 2. PHP Shared Memory Module Offset Memory Corruption Vulnerabil... 3. KDE Konqueror Multiple Remote Java Sandbox Bypass Vulnerabil... 4. CHPOX Unspecified Vulnerability 5. GNU Troff (Groff) Insecure Temporary File Creation Vulnerabi... 6. MIT Kerberos 5 Administration Library Add_To_History Heap-Ba... 7. LibVNCServer Multiple Unspecified Vulnerabilities 8. Rosiello Security RFTPD Multiple Remote And Local Vulnerabil... 9. Perl RMTree Local Race Condition Vulnerability 10. Rosiello Security RPF Multiple Remote And Local Vulnerabilit... 11. libTIFF Heap Corruption Integer Overflow Vulnerabilities 12. MPlayer And Xine PNM_Get_Chunk Multiple Remote Client-Side B... 13. Debian Debmake Local Insecure Temporary File Creation Vulner... 14. Linux Kernel 32 Bit Compatibility System Call Handler AMD64 ... 15. Skype Technologies Skype Internet Telephony Insecure Default... 16. Snort DecodeTCPOptions Remote Denial Of Service Vulnerabilit... 17. SSLTelnetd Unspecified Format String Vulnerability 18. NetWin SurgeMail Webmail Unspecified Vulnerability 19. Linux Security Modules Process Capabilities Design Error 20. Nullsoft SHOUTcast File Request Format String Vulnerability 21. Linux Kernel ELF Binary Loading Denial Of Service Vulnerabil... December 30th 2004 41 issues handled (SN) [SA13692] Mandrake update for koffice [SA13691] Mandrake update for kdegraphics [SA13689] Mandrake update for gpdf [SA13686] Mandrake update for tetex [SA13685] Mandrake update for xpdf [SA13667] Debian update for imlib [SA13666] Debian update for tiff [SA13663] Debian update for netkit-telnet-ssl [SA13656] SSLtelnet Unspecified Format String Vulnerability [SA13646] Fedora update for xpdf [SA13690] Mandrake update for cups [SA13683] Gentoo update for ViewCVS [SA13669] Fedora update for cups [SA13668] CUPS xpdf "doImage()" Buffer Overflow Vulnerability [SA13664] Snort TCP/IP Options Denial of Service Vulnerability [SA13658] Red Hat update for SquirrelMail [SA13672] Gentoo update for cups [SA13662] Mandrake update for samba [SA13653] Netscape Directory Server for HP-UX Buffer Overflow Vulnerability [SA13696] KDE kio_ftp FTP Command Injection Vulnerability [SA13688] Mandrake update for kdelibs [SA13651] HP Secure Web Server Denial of Service Vulnerability [SA13648] HP Tru64 TCP Connection Reset Denial of Service [SA13659] Red Hat update for kernel [SA13684] Mandrake update for glibc [SA13682] Conectiva update for netpbm [SA13679] aStats Insecure Temporary File Creation [SA13670] Atari800 Unspecified Buffer Overflow Vulnerabilities [SA13655] HP-UX SAM Privilege Escalation Vulnerability [SA13654] Linux Kernel SACF Instruction Privilege Escalation Vulnerability [SA13650] Linux Security Modules Running Processes Capability Security Issue [SA13687] Mozilla "MSG_UnEscapeSearchUrl()" Buffer Overflow Vulnerability [SA13673] WHM AutoPilot Multiple Vulnerabilities [SA13661] SHOUTcast Filename Format String Vulnerability [SA13660] PHProjekt "path_pre" Parameter Arbitrary File Inclusion Vulnerability [SA13657] e107 Image Manager File Upload Vulnerability [SA13652] Help Center Live Multiple Vulnerabilities [SA13649] Zeroboard Two Vulnerabilities [SA13677] MySQL Eventum Multiple Vulnerabilities [SA13665] PHP-Blogger Disclosure of Sensitive Information Security Issue [SA13694] Moodle "search" Cross-Site Scripting Vulnerability December 31st 2004 7 issues handled over 4 distros (LAW) netpbm libtiff imlib Xpdf/Gpdf CUPS ViewCVS smbd |
December 28th 2004 (SF)
Security Focus
1. HTGET URI Buffer Overflow Vulnerability BugTraq ID: 12039 Remote: Yes Date Published: Dec 20 2004 Relevant URL: http://www.securityfocus.com/bid/12039 Summary: HTGET is prone to a buffer overflow vulnerability. This vulnerability is exposed when the software handles a malformed URI. Successful exploitation may result in execution of arbitrary code in the context of the client user. 2. PHP Shared Memory Module Offset Memory Corruption Vulnerabil... BugTraq ID: 12045 Remote: No Date Published: Dec 20 2004 Relevant URL: http://www.securityfocus.com/bid/12045 Summary: PHP shared memory module (shmop) is reported prone to an integer handling vulnerability. The issue exists in the PHP_FUNCTION(shmop_write) function and is as a result of a lack of sufficient sanitization performed on 'offset' data. This vulnerability may be exploited to make an almost arbitrary write into process memory. It is reported that the vulnerability may be leveraged to disable PHP 'safe mode', this may result in further compromise in a shared-server environment. 3. KDE Konqueror Multiple Remote Java Sandbox Bypass Vulnerabil... BugTraq ID: 12046 Remote: Yes Date Published: Dec 20 2004 Relevant URL: http://www.securityfocus.com/bid/12046 Summary: KDE Konqueror is a freely available, open source web browser distributed and maintained by the KDE project. It is available for the UNIX and Linux operating systems. Multiple remote Java sandbox bypass vulnerabilities affect KDE Konqueror. These issues are due to a failure of the application to properly secure the Java web plug-in. The first issue is a failure of the application to restrict access to sensitive Java classes from the Java browser plug-in. The second issue is a failure of the application to restrict access to sensitive Java classes from JavaScript scripts. These issues may be leveraged to carry out a variety of unspecified attacks including sensitive information disclosure and denial of service attacks. Any successful exploitation would take place with the privileges of the user running the affected browser application. 4. CHPOX Unspecified Vulnerability BugTraq ID: 12055 Remote: Unknown Date Published: Dec 20 2004 Relevant URL: http://www.securityfocus.com/bid/12055 Summary: chpox is affected by an unspecified vulnerability; it is not known if this issue is local or remote. The underlying cause of this issue is currently unknown. The potential impact of this issue is also unknown. Users are advised to upgrade to the latest version of the affected software. More information is not currently available. This BID will be updated as more details are released. 5. GNU Troff (Groff) Insecure Temporary File Creation Vulnerabi... BugTraq ID: 12058 Remote: No Date Published: Dec 20 2004 Relevant URL: http://www.securityfocus.com/bid/12058 Summary: GNU Troff (groff) is affected by multiple insecure temporary file creation vulnerabilities. These issues are due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage these issues to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. GNU Troff (groff) 1.18 is reported vulnerable to these issues. Other versions are likely to be vulnerable as well. This BID will be updated when more information becomes available. 6. MIT Kerberos 5 Administration Library Add_To_History Heap-Ba... BugTraq ID: 12059 Remote: No Date Published: Dec 20 2004 Relevant URL: http://www.securityfocus.com/bid/12059 Summary: It is reported that the MIT Kerberos 5 administration library is affected by a heap-based buffer overflow vulnerability. The vulnerability presents itself in the 'add_to_history()' function of the 'svr_principal.c' source file. The vulnerability exists due to an indexing error that occurs under certain circumstances. An authenticated attacker may potentially exploit this vulnerability on a Key Distribution Center (KDC) to execute arbitrary code in the context of the vulnerable service, ultimately resulting in the compromise of an entire Kerberos realm. 7. LibVNCServer Multiple Unspecified Vulnerabilities BugTraq ID: 12068 Remote: Yes Date Published: Dec 21 2004 Relevant URL: http://www.securityfocus.com/bid/12068 Summary: Multiple, unspecified vulnerabilities reportedly affect LibVNCServer. The underlying cause of these issues is currently unknown. The potential impacts of these issues are unknown. Due to the nature of the affected software it is possible that these issues may be leveraged to conduct denial of service and even system compromise, although this is not confirmed. 8. Rosiello Security RFTPD Multiple Remote And Local Vulnerabil... BugTraq ID: 12071 Remote: Yes Date Published: Dec 21 2004 Relevant URL: http://www.securityfocus.com/bid/12071 Summary: Multiple remote vulnerabilities reportedly affect Rosiello Security's rftpd. These issues are due to buffer mismanagement and failures to handle certain network data. The first issue is a failure of the application to properly implement an authentication scheme. Multiple information leaks reportedly affects the application due to a failure to properly NULL terminate strings created with the 'strncpy()' function. Multiple remote buffer overflows are reported to affect various commands of the affected server application. A local buffer overflow exists in the processing of the Message Of The Day (MOTD) file. Finally, the affected application is affected by an access validation vulnerability. These issues may be exploited to gain unauthorized access to the FTP server, reveal potentially sensitive memory, trigger a denial of service condition, bypass file and directory permissions, and execute arbitrary code with the privilege of the affected server process. 9. Perl RMTree Local Race Condition Vulnerability BugTraq ID: 12072 Remote: No Date Published: Dec 21 2004 Relevant URL: http://www.securityfocus.com/bid/12072 Summary: Perl is reported prone to a local race condition. The vulnerability is present in the 'rmtree()' function provided by the 'File::Path' module. A local attacker may exploit this condition to disclose potentially sensitive data, or to launch other attacks against an application that employs the vulnerable function. 10. Rosiello Security RPF Multiple Remote And Local Vulnerabilit... BugTraq ID: 12073 Remote: Yes Date Published: Dec 21 2004 Relevant URL: http://www.securityfocus.com/bid/12073 Summary: A remote buffer overflow and a local symbolic link vulnerability reportedly affect Rosiello Security rpf. These issues are due to a failure of the application to properly validate user-supplied string lengths and a design error facilitating local symbolic link attacks. The buffer overflow will allow a remote attacker execute arbitrary code with the privileges of a user running the vulnerable application, facilitating unauthorized access and privilege escalation. An attacker may leverage the symbolic link issue to corrupt arbitrary files with the privileges of the user that activated the affected application. 11. libTIFF Heap Corruption Integer Overflow Vulnerabilities BugTraq ID: 12075 Remote: Yes Date Published: Dec 21 2004 Relevant URL: http://www.securityfocus.com/bid/12075 Summary: It has been reported that libtiff is affected by two heap corruption vulnerabilities due to integer overflow errors that can be triggered when malicious or malformed image files are processed. Theoretically, anattacker can exploit the vulnerabilities to execute arbitrary code in the context of an application linked to the library, when TIFF image data is processed (i.e. displayed). Because image data is frequently external in origin, these vulnerabilities are considered remotely exploitable. 12. MPlayer And Xine PNM_Get_Chunk Multiple Remote Client-Side B... BugTraq ID: 12076 Remote: Yes Date Published: Dec 21 2004 Relevant URL: http://www.securityfocus.com/bid/12076 Summary: Multiple buffer overflow vulnerabilities are reported to exist in the xine and MPlayer utilities. The following issues are reported: Several buffer overflow vulnerabilities are reported to exist in the 'pnm_get_chunk()' function. Reports indicate that the vulnerabilities present themselves in the RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG and CONT_TAG handling code of 'pnm_get_chunk()'. A remote attacker may potentially leverage this memory corruption to execute arbitrary code in the context of a user that uses the vulnerable utility to connect to a malicious PNM server. An additional buffer overflow vulnerability is reported to exist in the PNA_TAG handling code of the 'pnm_get_chunk()' function. It is reported that supplied PNA_TAG data is copied into a finite buffer without sufficient boundary checks. This results in memory corruption. A remote attacker may potentially leverage this memory corruption to execute arbitrary code in the context of a user that uses the vulnerable utility to connect to a malicious PNM server. 13. Debian Debmake Local Insecure Temporary File Creation Vulner... BugTraq ID: 12078 Remote: No Date Published: Dec 22 2004 Relevant URL: http://www.securityfocus.com/bid/12078 Summary: A local insecure file creation vulnerability affects Debian's debmake. This issue is due to a design error that causes the affected application to create temporary files insecurely. An attacker may leverage this issue to corrupt arbitrary files with the privileges of the user that activates the affected application. 14. Linux Kernel 32 Bit Compatibility System Call Handler AMD64 ... BugTraq ID: 12079 Remote: No Date Published: Dec 22 2004 Relevant URL: http://www.securityfocus.com/bid/12079 Summary: Linux Kernel is reported prone to a local privilege escalation vulnerability. This issue may allow an attacker to gain elevated privileges leading to a complete compromise of a vulnerable computer. It is reported that this issue arises as the 32 bit compatibility system call handler fails to verify an unspecified argument properly. This vulnerability only presents itself on the AMD64 platform. This issue reportedly affects 2.4.x versions of the kernel. Further details about this issue are currently unavailable. This BID will be updated if more information is released. 15. Skype Technologies Skype Internet Telephony Insecure Default... BugTraq ID: 12081 Remote: No Date Published: Dec 22 2004 Relevant URL: http://www.securityfocus.com/bid/12081 Summary: An insecure default installation vulnerability reportedly affects Skype Technologies Skype. This issue is due to a failure of the application to properly secure files and directories that are installed. This issue is only reported to affect Skype for the Linux platform. An attacker may leverage this issue to create, delete, and write to arbitrary files and create files in the insecure directory. 16. Snort DecodeTCPOptions Remote Denial Of Service Vulnerabilit... BugTraq ID: 12084 Remote: Yes Date Published: Dec 22 2004 Relevant URL: http://www.securityfocus.com/bid/12084 Summary: Snort is reported prone to a remote denial of service vulnerability. The vulnerability is reported to exist in the DecodeTCPOptions() function of 'decode.c', and is as a result of a failure to sufficiently handle malicious TCP packets. A remote attacker may trigger this vulnerability to crash a remote Snort server and in doing so may prevent subsequent malicious attacks from being detected. 17. SSLTelnetd Unspecified Format String Vulnerability BugTraq ID: 12085 Remote: Yes Date Published: Dec 23 2004 Relevant URL: http://www.securityfocus.com/bid/12085 Summary: Reportedly SSLTelnetd is affected by an unspecified format string vulnerability. This issue is due to an improper implementation of a formatted string function. Specific technical details about this issue were not disclosed. It is conjectured that due to the nature of the affected application, this issue is remotely exploitable. This vulnerability is reported to affect Linux Netkit netkit-telnet-ssl 0.17.17, however, it is likely that other versions are affected as well. This BID will be updated when more information becomes available. 18. NetWin SurgeMail Webmail Unspecified Vulnerability BugTraq ID: 12086 Remote: Yes Date Published: Dec 23 2004 Relevant URL: http://www.securityfocus.com/bid/12086 Summary: SurgeMail is reported prone to an unspecified vulnerability. This issue affects the Webmail functionality of the SurgeMail server. Further details were not released in the report by the vendor. It is conjectured that due to the nature of this application, this vulnerability may result from an input validation error. Although unconfirmed, this issue is considered to be remotely exploitable. SurgeMail releases prior to 2.2c9 are affected by this vulnerability. Due to a lack of details, further information is not available at the moment. This BID will be updated when more information becomes available. 19. Linux Security Modules Process Capabilities Design Error BugTraq ID: 12093 Remote: No Date Published: Dec 23 2004 Relevant URL: http://www.securityfocus.com/bid/12093 Summary: It has been reported that Linux Security Modules suffers from a design error that could result in host compromise. According to the report, when LSM is loaded as a kernel module, existing processes on the system will be granted unauthorized capabilities. This includes non-root processes. A malicious user on the system at this time will have effectively gained administrative access. Reported affected are versions of LSM for Linux kernels 2.5.x and 2.6.x. LSM on Linux 2.4.x is reportedly not vulnerable. 20. Nullsoft SHOUTcast File Request Format String Vulnerability BugTraq ID: 12096 Remote: Yes Date Published: Dec 23 2004 Relevant URL: http://www.securityfocus.com/bid/12096 Summary: Nullsoft SHOUTcast is prone to a remotely exploitable format string vulnerability. The vulnerability is exposed when the server attempts to handle a client request for a file. Successful exploitation may allow execution of arbitrary code in the context of the server process. This could also be exploited to crash the server and, possibly, to read process memory (which could increase reliability of an exploit). This issue was reported to exist in version 1.9.4 on Linux. It is likely that versions for other platforms are also affected by the vulnerability, though it is not known to what degree they are exploitable. Earlier versions of the software are also likely affected. 21. Linux Kernel ELF Binary Loading Denial Of Service Vulnerabil... BugTraq ID: 12101 Remote: Yes Date Published: Dec 24 2004 Relevant URL: http://www.securityfocus.com/bid/12101 Summary: The Linux kernel is affected by an ELF binary loading vulnerability. This issue is due to a failure of the affected kernel to properly handle malformed ELF binaries. An attacker may leverage this issue to cause the affected kernel to crash, denying service to legitimate users. |
December 30th 2004 (SN)
Secunia
[SA13692] Mandrake update for koffice Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-30 MandrakeSoft has issued an update for koffice. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13692/ [SA13691] Mandrake update for kdegraphics Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-30 MandrakeSoft has issued an update for kdegraphics. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13691/ [SA13689] Mandrake update for gpdf Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-30 MandrakeSoft has issued updates for gpdf. These fix a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13689/ [SA13686] Mandrake update for tetex Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-30 MandrakeSoft has issued an update for tetex. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13686/ [SA13685] Mandrake update for xpdf Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-30 MandrakeSoft has issued an update for xpdf. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13685/ [SA13667] Debian update for imlib Critical: Highly critical Where: From remote Impact: System access, DoS Released: 2004-12-25 Debian has issued an update for imlib. This fixes multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13667/ [SA13666] Debian update for tiff Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-25 Debian has issued an update for tiff. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13666/ [SA13663] Debian update for netkit-telnet-ssl Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-24 Debian has issued an update for netkit-telnet-ssl. This fixes a vulnerability, which potentially allows malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13663/ [SA13656] SSLtelnet Unspecified Format String Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-24 Joel Eriksson has reported a vulnerability in SSLtelnet, which potentially allows malicious people to compromise a vulnerable system Full Advisory: http://secunia.com/advisories/13656/ [SA13646] Fedora update for xpdf Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-25 Fedora has issued an update for xpdf. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13646/ [SA13690] Mandrake update for cups Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-30 MandrakeSoft has issued an update for cups. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13690/ [SA13683] Gentoo update for ViewCVS Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting Released: 2004-12-29 Gentooo has issued an update for ViewCVS. This fixes two vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/13683/ [SA13669] Fedora update for cups Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-26 Fedora has issued an update for cups. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13669/ [SA13668] CUPS xpdf "doImage()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-26 A vulnerability has been reported in CUPS, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13668/ [SA13664] Snort TCP/IP Options Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-12-24 Marcin Zgorecki has reported a vulnerability in Snort, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/13664/ [SA13658] Red Hat update for SquirrelMail Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2004-12-24 Red Hat has issued an update for SquirrelMail. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/13658/ [SA13672] Gentoo update for cups Critical: Moderately critical Where: From local network Impact: Manipulation of data, DoS, System access Released: 2004-12-28 Gentoo has issued an update for cups. This fixes multiple vulnerabilities, which can be exploited by malicious users to manipulate certain files, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13672/ [SA13662] Mandrake update for samba Critical: Moderately critical Where: From local network Impact: System access Released: 2004-12-28 MandrakeSoft has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13662/ [SA13653] Netscape Directory Server for HP-UX Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2004-12-24 A vulnerability has been reported in Netscape Directory Server for HP-UX, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13653/ [SA13696] KDE kio_ftp FTP Command Injection Vulnerability Critical: Less critical Where: From remote Impact: Manipulation of data Released: 2004-12-30 The vendor has acknowledged a vulnerability in kio_ftp, which can be exploited by malicious people to conduct FTP command injection attacks. Full Advisory: http://secunia.com/advisories/13696/ [SA13688] Mandrake update for kdelibs Critical: Less critical Where: From remote Impact: Manipulation of data Released: 2004-12-30 MandrakeSoft has issued an update for kdelibs. This fixes a vulnerability, which can be exploited by malicious people to conduct FTP command injection attacks. Full Advisory: http://secunia.com/advisories/13688/ [SA13651] HP Secure Web Server Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2004-12-24 HP has acknowledged a vulnerability in Secure Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/13651/ [SA13648] HP Tru64 TCP Connection Reset Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2004-12-24 HP has acknowledged a vulnerability in Tru64 UNIX, which can be exploited by malicious people to reset established TCP connections on a vulnerable system. Full Advisory: http://secunia.com/advisories/13648/ [SA13659] Red Hat update for kernel Critical: Less critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS Released: 2004-12-24 Red Hat has issued updated packages for the kernel. These fixes some vulnerabilities, allowing malicious, local users to escalate their privileges, cause a DoS (Denial of Service), and gain knowledge of sensitive information or malicious people to cause a DoS. Full Advisory: http://secunia.com/advisories/13659/ [SA13684] Mandrake update for glibc Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-30 MandrakeSoft has issued an update for glibc. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/13684/ [SA13682] Conectiva update for netpbm Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-30 Conectiva has issued an update for netpbm. This fixes a vulnerability, which can be exploited by malicious, local users to escalate their privileges on a vulnerable system. Full Advisory: http://secunia.com/advisories/13682/ [SA13679] aStats Insecure Temporary File Creation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-29 Javier Fernández-Sanguino Peña has reported a vulnerability in aStats, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/13679/ [SA13670] Atari800 Unspecified Buffer Overflow Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-28 Some vulnerabilities have been reported in Atari800, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/13670/ [SA13655] HP-UX SAM Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-24 A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/13655/ [SA13654] Linux Kernel SACF Instruction Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-27 Martin Schwidefsky has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/13654/ [SA13650] Linux Security Modules Running Processes Capability Security Issue Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-27 LiangBin has reported a security issue in Linux Security Modules (LSM), which may grant normal user processes escalated privileges. Full Advisory: http://secunia.com/advisories/13650/ [SA13687] Mozilla "MSG_UnEscapeSearchUrl()" Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access, DoS Released: 2004-12-30 Maurycy Prodeus has reported a vulnerability in Mozilla, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13687/ [SA13673] WHM AutoPilot Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Exposure of system information,System access Released: 2004-12-29 James Bercegay has reported some vulnerabilities in WHM AutoPilot, which can be exploited by malicious people to conduct cross-site scripting, compromise a vulnerable system and disclose system information. Full Advisory: http://secunia.com/advisories/13673/ [SA13661] SHOUTcast Filename Format String Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-26 Tomasz Trojanowski and Damian Put have discovered a vulnerability in SHOUTcast, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13661/ [SA13660] PHProjekt "path_pre" Parameter Arbitrary File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-28 cYon has reported a vulnerability in PHProjekt, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13660/ [SA13657] e107 Image Manager File Upload Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-26 sysbug has reported a vulnerability in e107, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13657/ [SA13652] Help Center Live Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Exposure of sensitive information,System access Released: 2004-12-26 James Bercegay has reported some vulnerabilities in Help Center Live, which can be exploited by malicious people to conduct cross-site scripting attacks, compromise a vulnerable system and disclose sensitive information. Full Advisory: http://secunia.com/advisories/13652/ [SA13649] Zeroboard Two Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, System access Released: 2004-12-24 Jeremy Bae has reported two vulnerabilities in Zeroboard, which can be exploited by malicious people to compromise a vulnerable system and conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/13649/ [SA13677] MySQL Eventum Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting Released: 2004-12-30 sullo has reported multiple vulnerabilities in Eventum, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and potentially bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/13677/ [SA13665] PHP-Blogger Disclosure of Sensitive Information Security Issue Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2004-12-24 snilabs has reported a security issue in PHP-Blogger, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/13665/ [SA13694] Moodle "search" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-12-30 Bartek Nowotarski has reported a vulnerability in Moodle, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/13694/ |
December 31st 2004 (LAW)
Linux Advisory Watch
Distribution: Conectiva netpbm Insecure temporary file creation Utilities provided by the netpbm package prior to the 9.25 version contain defects[2] in temporary file handling. They create temporary files with predictable names without checking if the target file already exists. http://www.linuxsecurity.com/content/view/117694 Distribution: Debian libtiff arbitrary code execution fix "infamous41md" discovered a problem in libtiff, the Tag Image File Format library for processing TIFF graphics files. Upon reading a TIFF file it is possible to allocate a zero sized buffer and write to it which would lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/117664 imlib arbitrary code execution fix Pavel Kankovsky discovered that several overflows found in the libXpm library were also present in imlib, an imaging library for X and X11. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a victim. http://www.linuxsecurity.com/content/view/117667 Distribution: Gentoo Xpdf, Gpdf New integer overflows New integer overflows were discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issues. http://www.linuxsecurity.com/content/view/117690 CUPS Multiple vulnerabilities Multiple vulnerabilities have been found in CUPS, ranging from local Denial of Service attacks to the remote execution of arbitrary code. http://www.linuxsecurity.com/content/view/117691 ViewCVS Information leak and XSS vulnerabilities ViewCVS is vulnerable to an information leak and to cross-site scripting (XSS) issues. http://www.linuxsecurity.com/content/view/117692 Distribution: Mandrake integer overflow vulnerabilities update Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges. http://www.linuxsecurity.com/content/view/117683 |
All times are GMT -5. The time now is 03:08 PM. |