LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-08-2004, 05:59 PM   #1
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
LQ security report - Jun 08th 2004


Jun 16th 2004
Kernel Crash-Exploit affects 2.4.2x and 2.6.x kernels on x86 and x86_64

Full report here.

A Linux kernel bug allows a simple C program crash the kernel, effectively locking the whole system. The security hole affects both 2.4.2x and 2.6.x kernels on the x86 and x86_64 architectures. Kernel 2.6.7 is out and there are patches for 2.4.2x and 2.6.xx Kernels, x86 and x86_64.

The exploit was reported as gcc bug 15905 2004-06-09.
This is reported to the linux-kernel list with the subject timer + fpu stuff locks my console race 2004-06-09.
The alert on LQ was done by lpd on 2994-06-16 (thanks).


Jun 7th 2004
38 of 49 issues handled (ISS)
Kerberos krb5_aname_to_localname library function
jftpgw log function format string
jPortal print.inc.php allows SQL injection
GATOS xatitv program allows elevated privileges
Linksys WRT54G remote administration function
e107 multiple scripts path disclosure
spamGuard multiple buffer overflows
e107 clock_menu.php cross-site scripting
e107 email to a friend feature cross-site scripting
e107 user settings.php script cross-site scripting
e107 secure_img_render.php PHP file include
e107 content.php news.php SQL injection
Land Down Under BBcode cross-site scripting
SquirrelMail From header cross-site scripting
Sambar show.asp and showperf.asp scripts cross-site
Sambar showlog.asp and showini.asp scripts
PHP-Nuke eregi function path disclosure
PHP-Nuke mainfile.php SQL injection
osc2nuke eregi path disclosure
Oscnukelite eregi path disclosure
Nuke Cops eregi path disclosure
Linksys BEFSR41 remote administration function
Gallery user bypass authentication
Linksys Gozila.cgi denial of service
Linksys DomainName buffer overflow
Opera favicon address spoofing
Isoqlog multiple buffer overflows
Tripwire fprintf format string
Slackware Linux PHP allows elevated privileges
log2mail syslog format string
NETGEAR WG602 default account
UNIX mkdir utility buffer overflow
Multiple IBM products cookie session hijack
InterBase database allows execution of code
Mail Manage EX mmex.php file include
SurgeMail invalid HTTP request path disclosure
SurgeMail username cross-site scripting
Oracle E-Business SQL injection

Jun 7th 2004
26 of 32 issues handled (SF)
2. JPortal Print.php SQL Injection Vulnerability
3. PHPoto Picture_view Script Unauthorized Access Vulnerability
5. Isoqlog Multiple Buffer Overflow Vulnerabilities
6. Spamguard Multiple Buffer Overflow Vulnerabilities
7. Land Down Under BBCode HTML Injection Vulnerability
8. e107 Website System Multiple Vulnerabilities
9. Gatos xatitv Missing Configuration File Privilege Escalation...
10. SquirrelMail Email Header HTML Injection Vulnerability
12. Linksys WRT54G Router World Accessible Remote Administration...
13. RARLAB UnRAR File Name Format String Vulnerability
15. Sambar Server Multiple Vulnerabilities
17. Firebird Remote Pre-Authentication Database Name Buffer Over...
18. PHP-Nuke Direct Script Access Security Bypass Vulnerability
19. MIT Kerberos 5 KRB5_AName_To_Localname Multiple Principal Na...
20. IBM Multiple Product Unspecified Credential Impersonation Vu...
21. Gallery Authentication Bypass Vulnerability
22. Opera Browser Favicon Address Bar Spoofing Weakness
23. Multiple Linksys Routers Gozila.CGI Denial Of Service Vulner...
24. Tripwire Email Reporting Format String Vulnerability
25. Unix and Unix-based select() System Call Overflow Vulnerabil...
27. Mail Manage EX MMEX Script Settings Parameter Remote PHP Fil...
28. Sun Fire B1600 Network Management Port Remote Denial Of Serv...
29. Netgear WG602 Wireless Access Point Default Backdoor Account...
30. Michael Krax log2mail Log File Writing Format String Vulnera...
31. Slackware Linux PHP Packages Insecure Linking Configuration ...
32. Mkdir Buffer Overflow Vulnerability

Last edited by unSpawn; 06-16-2004 at 04:46 PM.
 
Old 06-08-2004, 06:00 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415

Original Poster
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Jun 7th 2004 (ISS)

Internet Security Systems


Date Reported: 06/01/2004
Brief Description: Kerberos krb5_aname_to_localname library function
buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Any operating system Any version, Mandrake Linux
10.0, Mandrake Linux 9.1, Mandrake Linux 9.2,
Mandrake Linux Corporate Server 2.1, Mandrake Multi
Network Firewall 8.2, MIT Kerberos 5 krb5-1.3.3 and
prior
Vulnerability: Kerberos-krb5anametolocalname-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/16268

Date Reported: 05/30/2004
Brief Description: jftpgw log function format string
Risk Factor: High
Attack Type: Network Based
Platforms: Any operating system Any version, Debian Linux 3.0,
jftpgw prior to 0.13.4
Vulnerability: jftpgw-log-format-string
X-Force URL: http://xforce.iss.net/xforce/xfdb/16271

Date Reported: 05/27/2004
Brief Description: jPortal print.inc.php allows SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: jPortal Any version, Linux Any version, Unix Any
version, Windows Any version
Vulnerability: jportal-printincphp-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/16272

Date Reported: 05/30/2004
Brief Description: GATOS xatitv program allows elevated privileges
Risk Factor: High
Attack Type: Host Based
Platforms: GATOS Any version, Linux Any version
Vulnerability: gatos-xatitv-gain-privileges
X-Force URL: http://xforce.iss.net/xforce/xfdb/16273

Date Reported: 05/31/2004
Brief Description: Linksys WRT54G remote administration function
security bypass
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linksys WRT54G 2.02.7
Vulnerability: linksys-remote-bypass-security
X-Force URL: http://xforce.iss.net/xforce/xfdb/16274

Date Reported: 05/29/2004
Brief Description: e107 multiple scripts path disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, e107 prior to
0.616
Vulnerability: e107-multiplescripts-path-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/16277

Date Reported: 05/28/2004
Brief Description: spamGuard multiple buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, spamGuard prior to 1.7-BETA,
Unix Any version
Vulnerability: spamguard-multiple-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/16278

Date Reported: 05/29/2004
Brief Description: e107 clock_menu.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, e107 prior to
0.616
Vulnerability: e107-clock-menu-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/16279

Date Reported: 05/29/2004
Brief Description: e107 email to a friend feature cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, e107 prior to
0.616
Vulnerability: e107-email-friend-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/16280

Date Reported: 05/29/2004
Brief Description: e107 user settings.php script cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, e107 prior to
0.616
Vulnerability: e107-user-setting-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/16281

Date Reported: 05/29/2004
Brief Description: e107 secure_img_render.php PHP file include
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, e107 prior to
0.616
Vulnerability: e107-secure-img-render-file-include
X-Force URL: http://xforce.iss.net/xforce/xfdb/16282

Date Reported: 05/29/2004
Brief Description: e107 content.php news.php SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, e107 prior to
0.616
Vulnerability: e107-content-news-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/16283

Date Reported: 05/29/2004
Brief Description: Land Down Under BBcode cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Land Down Under
prior to 700-06
Vulnerability: ldu-bbcode-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/16284

Date Reported: 05/30/2004
Brief Description: SquirrelMail From header cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, SquirrelMail prior to 1.4.3,
SquirrelMail prior to 1.5.1 dev, Unix Any version
Vulnerability: squirrelmail-from-header-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/16285

Date Reported: 06/01/2004
Brief Description: Sambar show.asp and showperf.asp scripts cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Sambar Server Pro Server 6.1
Beta 2, Windows Any version
Vulnerability: sambar-show-showperf-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/16286

Date Reported: 06/01/2004
Brief Description: Sambar showlog.asp and showini.asp scripts
directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Sambar Server Pro Server 6.1
Beta 2, Windows Any version
Vulnerability: sambar-multiple-directory-traversal
X-Force URL: http://xforce.iss.net/xforce/xfdb/16287

Date Reported: 06/01/2004
Brief Description: PHP-Nuke eregi function path disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, PHP-Nuke 7.3 and
prior
Vulnerability: phpnuke-eregi-path-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/16294

Date Reported: 05/30/2004
Brief Description: PHP-Nuke mainfile.php SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, PHP-Nuke Any
version
Vulnerability: phpnuke-mainfilephp-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/16295

Date Reported: 06/01/2004
Brief Description: osc2nuke eregi path disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, osc2nuke 7.x and prior, Unix Any
version, Windows Any version
Vulnerability: osc2nuke-eregi-path-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/16296

Date Reported: 06/01/2004
Brief Description: Oscnukelite eregi path disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Oscnukelite 3.1 and prior, Unix
Any version, Windows Any version
Vulnerability: oscnukelite-eregi-path-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/16297

Date Reported: 06/01/2004
Brief Description: Nuke Cops eregi path disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Nuke Cops betaNC,
PHP-Nuke 6.5 and later
Vulnerability: nukecops-ergei-path-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/16298

Date Reported: 06/01/2004
Brief Description: Linksys BEFSR41 remote administration function
security bypass
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linksys EtherFast BEFSR41 any version
Vulnerability: linksys-befsr41-remote-bypass-security
X-Force URL: http://xforce.iss.net/xforce/xfdb/16300

Date Reported: 06/02/2004
Brief Description: Gallery user bypass authentication
Risk Factor: High
Attack Type: Network Based
Platforms: Debian Linux 3.0, Gallery 1.2 up to 1.4.3-pl2,
Linux Any version
Vulnerability: gallery-user-bypass-authentication
X-Force URL: http://xforce.iss.net/xforce/xfdb/16301

Date Reported: 06/03/2004
Brief Description: Linksys Gozila.cgi denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linksys EtherFast BEFSR11 any version, Linksys
EtherFast BEFSR41 3, Linksys EtherFast BEFSR81 2,
Linksys EtherFast BEFSR81 3, Linksys EtherFast
BEFSRU31 any version, Linksys EtherFast BEFSX41 any
version, Linksys EtherFast BEFW11S4 3, Linksys
EtherFast BEFW11S4 4
Vulnerability: linksys-gozila-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/16302

Date Reported: 06/03/2004
Brief Description: Linksys DomainName buffer overflow
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linksys EtherFast BEFSR11 any version, Linksys
EtherFast BEFSR41 any version, Linksys EtherFast
BEFSR81 2, Linksys EtherFast BEFSR81 3, Linksys
EtherFast BEFSRU31 any version, Linksys EtherFast
BEFSX41 any version, Linksys EtherFast BEFW11S4 3,
Linksys EtherFast BEFW11S4 4
Vulnerability: linksys-domainname-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/16305

Date Reported: 06/03/2004
Brief Description: Opera favicon address spoofing
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Opera 7.50 and earlier, Windows
Any version
Vulnerability: opera-favicon-spoofing
X-Force URL: http://xforce.iss.net/xforce/xfdb/16307

Date Reported: 05/28/2004
Brief Description: Isoqlog multiple buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: Isoqlog 2.2-BETA, Linux Any version, Unix Any
version
Vulnerability: isoqlog-multiple-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/16308

Date Reported: 06/02/2004
Brief Description: Tripwire fprintf format string
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, Tripwire - Commercial 4.0.1 and
earlier, Tripwire - open-source 2.3.1 and prior
Vulnerability: tripwire-fprintf-format-string
X-Force URL: http://xforce.iss.net/xforce/xfdb/16309

Date Reported: 06/03/2004
Brief Description: Slackware Linux PHP allows elevated privileges
Risk Factor: High
Attack Type: Host Based
Platforms: Slackware Linux 8.1, Slackware Linux 9.0, Slackware
Linux 9.1
Vulnerability: linux-php-gain-privileges
X-Force URL: http://xforce.iss.net/xforce/xfdb/16310

Date Reported: 06/03/2004
Brief Description: log2mail syslog format string
Risk Factor: High
Attack Type: Host Based
Platforms: Debian Linux 3.0, log2mail prior to 0.2.5.2
Vulnerability: log2mail-syslog-format-string
X-Force URL: http://xforce.iss.net/xforce/xfdb/16311

Date Reported: 06/03/2004
Brief Description: NETGEAR WG602 default account
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: NETGEAR WG602 Any version
Vulnerability: netgearwg602-default-account
X-Force URL: http://xforce.iss.net/xforce/xfdb/16312

Date Reported: 06/02/2004
Brief Description: UNIX mkdir utility buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Unix Any version, Unix Seventh Edition
Vulnerability: unix-mkdir-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/16313

Date Reported: 06/03/2004
Brief Description: Multiple IBM products cookie session hijack
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, IBM Tivoli Access
Manager for e-business 3.9, IBM Tivoli Access
Manager for e-business 4.1, IBM Tivoli Access
Manager for e-business 5.1, IBM Tivoli Access
Manager Identity 5.1, IBM Tivoli Config Manager for
AutoTeller 2.1.0, IBM Tivoli Configuration Manager
4.2, IBM WebSphere Everyplace Server 2.1.3, IBM
WebSphere Everyplace Server 2.1.4, IBM WebSphere
Everyplace Server 2.1.5, Tivoli SecureWay Policy
Director 3.8
Vulnerability: ibm-cookie-session-hijack
X-Force URL: http://xforce.iss.net/xforce/xfdb/16315

Date Reported: 06/03/2004
Brief Description: InterBase database allows execution of code
Risk Factor: High
Attack Type: Network Based
Platforms: InterBase 7.1, Linux Any version, Unix Any version
Vulnerability: interbase-database-name-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/16316

Date Reported: 06/03/2004
Brief Description: Mail Manage EX mmex.php file include
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Mail Manage EX
3.1.8 and prior
Vulnerability: mailmanage-mmex-file-include
X-Force URL: http://xforce.iss.net/xforce/xfdb/16317

Date Reported: 06/03/2004
Brief Description: SurgeMail invalid HTTP request path disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, SurgeMail 1.9 and earlier, Unix
Any version, Windows 2000 Any version, Windows NT
Any version
Vulnerability: surgemail-invalid-path-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/16319

Date Reported: 06/03/2004
Brief Description: SurgeMail username cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, SurgeMail 1.9 and earlier, Unix
Any version, Windows 2000 Any version, Windows NT
Any version
Vulnerability: surgemail-username-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/16320

Date Reported: 06/04/2004
Brief Description: Oracle E-Business SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Oracle E-Business
Suite 11.0.x, Oracle E-Business Suite 11.5.1 -
11.5.8, Oracle E-Business Suite 11i
Vulnerability: oracle-ebusiness-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/16324
 
Old 06-08-2004, 06:02 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415

Original Poster
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Jun 7th 2004 (SF)

SecurityFocus


2. JPortal Print.php SQL Injection Vulnerability
BugTraq ID: 10430
Remote: Yes
Date Published: May 28 2004
Relevant URL: http://www.securityfocus.com/bid/10430
Summary:
JPortal is reportedly affected by a remote SQL injection vulnerability in the print.inc.php script. gThis issue is due to a failure of the application to properly sanitize user-supplied URI input before using it in an SQL query. As a result of this a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.

3. PHPoto Picture_view Script Unauthorized Access Vulnerability
BugTraq ID: 10431
Remote: Yes
Date Published: May 28 2004
Relevant URL: http://www.securityfocus.com/bid/10431
Summary:
PHPoto is prone to an unauthorized access vulnerability that can allow remote users to view any pictures hosted on a site, regardless of the user's privileges.
PHPoto versions PHPoto 0.4.0-pre-5 and prior are prone to this issue.

5. Isoqlog Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 10433
Remote: Yes
Date Published: May 29 2004
Relevant URL: http://www.securityfocus.com/bid/10433
Summary:
Isoqlog is prone to multiple buffer overflow vulnerabilities that span various source files and functions. gSome of the vulnerabilities are remotely exploitable and may permit execution of arbitrary code in the context of the process. Others are local in nature, but as the software is not typically installed setuid/setgid, should not present any security risk.

6. Spamguard Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 10434
Remote: Yes
Date Published: May 29 2004
Relevant URL: http://www.securityfocus.com/bid/10434
Summary:
Spamguard is prone to multiple buffer overflow vulnerabilities that span various source files and functions. gSome of the vulnerabilities are remotely exploitable and may permit execution of arbitrary code in the context of the process. Others are local in nature, but as the software is not typically installed setuid/setgid, should not present any security risk.

7. Land Down Under BBCode HTML Injection Vulnerability
BugTraq ID: 10435
Remote: Yes
Date Published: May 29 2004
Relevant URL: http://www.securityfocus.com/bid/10435
Summary:
Land Down Under is prone to an HTML injection vulnerability. This issue is exposed through their BBCode implementation. Exploitation could permit theft of cookie credentials, manipulation of content, or other attacks.

8. e107 Website System Multiple Vulnerabilities
BugTraq ID: 10436
Remote: Yes
Date Published: May 29 2004
Relevant URL: http://www.securityfocus.com/bid/10436
Summary:
e107 is prone to multiple cross-site scripting, HTML injection, file inclusion, and SQL injection vulnerabilities. gThis may compromise various security properties of a Web site running the software, including allowing remote attackers to execute malicious PHP code.

9. Gatos xatitv Missing Configuration File Privilege Escalation...
BugTraq ID: 10437
Remote: No
Date Published: May 29 2004
Relevant URL: http://www.securityfocus.com/bid/10437
Summary:
The gatos xatitv utility is prone to a local privilege escalation vulnerability. g
This issue may occur when the utility, which is installed setuid root, fails to drop privileges due to a missing configuration file. gUnsanitized user-supplied environment variables may then be exploited to escalate privileges.
It is noted that the software ships with a default configuration file, so exploitation would require that the file was removed at some point.

10. SquirrelMail Email Header HTML Injection Vulnerability
BugTraq ID: 10439
Remote: Yes
Date Published: May 31 2004
Relevant URL: http://www.securityfocus.com/bid/10439
Summary:
SquirrelMail is reported to be prone to an email header HTML injection vulnerability. gThis issue is due to a failure of the application to properly sanitize user-supplied email header strings. An attacker can exploit this issue to gain access to an unsuspecting user's cookie based authentication credentials; disclosure of personal email is possible. Other attacks are also possible.

12. Linksys WRT54G Router World Accessible Remote Administration...
BugTraq ID: 10441
Remote: Yes
Date Published: May 31 2004
Relevant URL: http://www.securityfocus.com/bid/10441
Summary:
A weakness is reported to affect the Linksys WRT54G appliance. It is reported that the web based administration service is published to the WAN interface of the appliance, even when the remote administration functionality is disabled.

13. RARLAB UnRAR File Name Format String Vulnerability
BugTraq ID: 10442
Remote: Yes
Date Published: May 31 2004
Relevant URL: http://www.securityfocus.com/bid/10442
Summary:
RARLAB UnRAR is reportedly affected by a file name format string vulnerability. gThis issue is due to a failure of the affected application to properly implement a formatted string function. This vulnerability will allow for execution of arbitrary code on a system running the affected software. This would occur in the security context of the user invoking the vulnerable application.

15. Sambar Server Multiple Vulnerabilities
BugTraq ID: 10444
Remote: Yes
Date Published: Jun 01 2004
Relevant URL: http://www.securityfocus.com/bid/10444
Summary:
Sambar Server is reportedly prone to multiple vulnerabilities. gThese issues may allow an attacker to access sensitive files and carry out directory traversal and cross-site scripting attacks. These issues require an attacker to have administrative privileges, however, it is reported that an administrative password is not set on the server by default. An administrator who is not intended to have certain privileges may also exploit these vulnerabilities.
Sambar 6.1 Beta 2 is reported to be prone to these issues, however, it is likely that other versions are affected as well.

17. Firebird Remote Pre-Authentication Database Name Buffer Over...
BugTraq ID: 10446
Remote: Yes
Date Published: Jun 01 2004
Relevant URL: http://www.securityfocus.com/bid/10446
Summary:
Firebird is reported prone to a remote buffer overrun vulnerability. The issue presents itself due to a lack of sufficient boundary checks performed when the database server is handling database names. A remote attacker may exploit this vulnerability, without requiring valid authentication credentials, to influence execution flow of the affected Firebird database server. Ultimately this may lead to the execution of attacker-supplied code in the context of the affected software.

18. PHP-Nuke Direct Script Access Security Bypass Vulnerability
BugTraq ID: 10447
Remote: Yes
Date Published: Jun 01 2004
Relevant URL: http://www.securityfocus.com/bid/10447
Summary:
PHP-Nuke is affected by a direct script access security vulnerability. This issue is due to a failure to properly validate the location and name of the file being accessed. This issue will allow an attacker to gain access to sensitive scripts such as the 'admin.php' script. gThe attacker may be able to exploit this unauthorized access to carry out attacks against the affected application.

19. MIT Kerberos 5 KRB5_AName_To_Localname Multiple Principal Na...
BugTraq ID: 10448
Remote: Yes
Date Published: Jun 01 2004
Relevant URL: http://www.securityfocus.com/bid/10448
Summary:
Kerberos 5 is prone to multiple boundary condition errors that exist in the krb5_aname_to_localname() and helper functions and are due to insufficient bounds checking performed on user-supplied data. An additional boundary condition issue also exists in the krb5_aname_to_localname() function. The condition is reported to present itself in the explicit mapping functionality of the krb5_aname_to_localname() as an off-by-one. These conditions may be theoretically exploitable to execute arbitrary code remotely in the context of the affected service. It is reported that explicit mapping or rules-based mapping functionality of krb5_aname_to_localname() must be enabled for these vulnerabilities to be present. Additionally it is necessary that the principal name used by the attacker to exploit the issue be listed in the explicit mapping list. These vulnerabilities are reported to affect all releases of MIT Kerberos 5, up to and including version krb5-1.3.3.

20. IBM Multiple Product Unspecified Credential Impersonation Vu...
BugTraq ID: 10449
Remote: Yes
Date Published: Jun 02 2004
Relevant URL: http://www.securityfocus.com/bid/10449
Summary:
Multiple IBM products are prone to an unspecified credential impersonation vulnerability.
According to IBM this vulnerability may allow a remote attacker to gain access to resources and data, or gain control of the compromised application. It is reported that this attack can allow the attacker to exploit the usage of cookies and impersonate a legitimate user to gain unauthorized access. Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.

21. Gallery Authentication Bypass Vulnerability
BugTraq ID: 10451
Remote: Yes
Date Published: Jun 02 2004
Relevant URL: http://www.securityfocus.com/bid/10451
Summary:
It has been disclosed that an attacker can bypass Gallery's authentication process, and log in as any user without a password. g
An attacker can override configuration variables by passing them in GET, POST or cookie arguments. Gallery simulates the 'register_globals' PHP setting by extracting the values of the various $HTTP_ global variables into the global namespace. Therefore, regardless of the 'register_globals' PHP setting, an attacker can override configuration variables. An attacker can change configuration variables and cause Gallery to skip the authentication steps. Versions prior to 1.4.3-pl2 are reported to be vulnerable.

22. Opera Browser Favicon Address Bar Spoofing Weakness
BugTraq ID: 10452
Remote: Yes
Date Published: Jun 03 2004
Relevant URL: http://www.securityfocus.com/bid/10452
Summary:
Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information. gIt is reported that the 'favicon' feature can be used to spoof the domain of a malicious web page. An attacker can create an icon that includes the text of the desired site and is similar to the way Opera displays information in the address bar. The attacker can then obfuscate the real address with spaces. This issue can be used to spoof information in the address bar, page bar and page/window cycler. The vulnerability reportedly affects Opera 7.23 and 7.50. gIt is likely that previous versions are affected as well.

23. Multiple Linksys Routers Gozila.CGI Denial Of Service Vulner...
BugTraq ID: 10453
Remote: Yes
Date Published: Jun 03 2004
Relevant URL: http://www.securityfocus.com/bid/10453
Summary:
Multiple Linksys routers are reported vulnerable to a denial of service condition. The issues presents themselves due to a lack of sufficient sanitization performed on parameters that are passed to the Gozila.CGI script.
A remote attacker may potentially exploit these conditions to deny service to an affected appliance. It is reported that the device must be reset to the original factory defaults in order to restore normal device functionality.

24. Tripwire Email Reporting Format String Vulnerability
BugTraq ID: 10454
Remote: Yes
Date Published: Jun 03 2004
Relevant URL: http://www.securityfocus.com/bid/10454
Summary:
Tripwire is affected by an email reporting format string vulnerability. gThis issue is due to a failure to properly inplement a formatted string function.
This vulnerability will allow for execution of arbitrary code on a system running the affected software. This would occur in the security context of the user invoking the vulnerable application; typically the superuser.
**Update - It is reported that this issue only presents itself when the MAILMETHOD is sendmail.

25. Unix and Unix-based select() System Call Overflow Vulnerabil...
BugTraq ID: 10455
Remote: Unknown
Date Published: Jun 03 2004
Relevant URL: http://www.securityfocus.com/bid/10455
Summary:
The select() system call may be vulnerable to an overflow condition, possibly allowing attackers to write data past the end of a fixed size buffer.
select() uses arguments of type 'fd_set', which is of a fixed size in many Unix variants. fd_set is used to keep track of open file descriptors.
If a process raises its rlimit for open files past 1024, it is theoretically possible to cause select to change individual bits past the end of the fixed size fds_bits structure. In theory, an attacker may be able to use this vulnerability to cause a denial of service condition, or possibly execute arbitrary code. It should be noted that rlimits can only be raised by root, and that only processes with rlimits allowing more than 1024 file descriptors would be affected. This is a theoretical issue, and it has not been confirmed by any vendor. This BID will be updated when further information is released.

27. Mail Manage EX MMEX Script Settings Parameter Remote PHP Fil...
BugTraq ID: 10457
Remote: Yes
Date Published: Jun 03 2004
Relevant URL: http://www.securityfocus.com/bid/10457
Summary:
Mail Manage EX is reportedly prone to a remote file include vulnerability. gThis vulnerability results from insufficient sanitization of user-supplied data and may allow remote attackers to include arbitrary PHP files located on remote servers. This issue was discovered in Mail Manage EX 3.1.8. gIt is possible that previous versions are affected as well.

28. Sun Fire B1600 Network Management Port Remote Denial Of Serv...
BugTraq ID: 10458
Remote: Yes
Date Published: Jun 03 2004
Relevant URL: http://www.securityfocus.com/bid/10458
Summary:
Sun Fire B1600 is reported prone to remote denial of service vulnerability. The issue exists because the switch firmware will disable all of the network ports on the switch for a short period when an ARP datagram is received on the Network Management Port.

29. Netgear WG602 Wireless Access Point Default Backdoor Account...
BugTraq ID: 10459
Remote: Yes
Date Published: Jun 03 2004
Relevant URL: http://www.securityfocus.com/bid/10459
Summary:
Netgear WG602 reportedly contains a default administrative account. gThis issue can allow a remote attacker to gain administrative access to the device.
Netgear WG602 access point with firmware version 1.04.0 is reportedly affected by this issue. gIt is likely that other versions of the firmware are also vulnerable. It is reported that the new version (1.7.14) of the Firmware for WG602 is vulnerable to this issue as well, however, the username and password for the backdoor account has been changed.

30. Michael Krax log2mail Log File Writing Format String Vulnera...
BugTraq ID: 10460
Remote: No
Date Published: Jun 03 2004
Relevant URL: http://www.securityfocus.com/bid/10460
Summary:
Michael Krax log2mail is reported prone to a log file writing format string vulnerability. gThis issue is due to a failure of the application to properly implement a formatted string function.
This vulnerability will ultimately allow for execution of arbitrary code on a system running the affected software. This would occur in the security context of the user invoking the vulnerable application; typically the 'log2mail' user with group 'adm'.

31. Slackware Linux PHP Packages Insecure Linking Configuration ...
BugTraq ID: 10461
Remote: No
Date Published: Jun 02 2004
Relevant URL: http://www.securityfocus.com/bid/10461
Summary:
Slackware Linux PHP Packages are reportedly affected by an insecure linking configuration vulnerability. gThis issue is due to a configuration error that links PHP to be linked against shared libraries in insecure directories.
This issue can be leveraged by an attacker to execute arbitrary code in the security context of the user running the affected PHP process; typically the user 'nobody'.

32. Mkdir Buffer Overflow Vulnerability
BugTraq ID: 10462
Remote: No
Date Published: Jun 02 2004
Relevant URL: http://www.securityfocus.com/bid/10462
Summary:
It is reported that mkdir is susceptible to a buffer overflow vulnerability. An attacker with local access passes a long path to mkdir, which overflows a fixed buffer.
Mkdir is installed setuid root by default, as the mknod() system call can only be called by root. There is no mkdir() system call, so the mkdir command must use mknod to create a directory node, then populate the node with "." and ".." itself. A local attacker can exploit this issue to execute arbitrary code as root.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LQ Security Report - June 27 2004 Capt_Caveman Linux - Security 3 06-27-2004 01:37 AM
LQ security report - Jun 05th 2004 unSpawn Linux - Security 3 06-06-2004 01:51 PM
LQ Security Report May 28th 2004 Capt_Caveman Linux - Security 4 05-28-2004 01:26 PM
LQ Security Report - May 22nd 2004 Capt_Caveman Linux - Security 3 05-22-2004 02:41 AM
LQ Security Report - May 8th 2004 Capt_Caveman Linux - Security 3 05-08-2004 11:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration