Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 




      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 4 No. 49

> **************************
> Widely Deployed Software
> **************************
> (1) HIGH: Perl Format String Vulnerability
> Affected:
> Perl versions 5.9.2 and 5.8.6 confirmed; potentially all Perl versions
> Webmin version 1.23 and prior
> Description: Perl is widely used as a scripting language for a variety
> of applications including web-based software. Perl contains a
> vulnerability that can be triggered by passing a format 
> specifier of the
> form "%INT_MAXn". The vulnerability causes an integer 
> variable in a Perl
> function to wrap around (change its parity) that can be exploited to
> execute arbitrary code. For instance, "%2147483647n" format specifier
> will trigger the flaw in Perl running on 32-bit Operating 
> Systems. Note
> that the flaw can be exploited only via Perl-based applications that
> contain a format string vulnerability. The discoverers have reportedly
> found several applications that are vulnerable.
> One of the affected applications is Webmin, a web interface to perform
> administrative tasks like server and user configuration. Webmin's web
> server miniserv.pl, which runs on port 10000/tcp by default, 
> contains a
> format string vulnerability. By passing a username containing a format
> specifier, an attacker can exploit the flaw to execute arbitrary code
> with possibly root privileges. Immunity, Inc. has made an exploit
> available to some of its customers.
> Status: Some Linux vendors have released patches. The discoverers have
> also released an unofficial patch for version 5.9.2 that is available
> at:
> http://www.dyadsecurity.com/advisory/perl/perl-5.9.2-exp_param
> A workaround for the Webmin flaw is to block the traffic to port
> 10000/tcp at the network perimeter.
> Council Site Actions:  Most of the council sites are 
> responding to this
> item on some level and plan to install patches as they are made
> available.  Several sites have notified their web developers. 
>  One site
> requested updates from the 3rd party providers that bundle Perl with
> applications in use at their site.  Another site said that they have
> several Mandriva Linux systems running Webmin and plan to 
> recommend that
> the affected system administrators apply the MDKSA-2005:223 update.
> These systems are used by a few dozen users. The remaining 
> council sites
> commented they do not use Perl on and of their web servers.
> References:
> DyadSecurity Advisory
> http://www.dyadsecurity.com/perl-0002.html  
> http://www.dyadsecurity.com/webmin-0001.html 
> Posting by giarc
> http://archives.neohapsis.com/archives/fulldisclosure/2005-12/
> 0001.html  
> Posting by Dave Aitel
> http://archives.neohapsis.com/archives/fulldisclosure/2005-12/
> 0015.html  
> Webmin miniserv.pl Documentation
> http://www.dyadsecurity.com/webmin-0001.html 
> Webmin Homepage
> http://www.webmin.com  
> SecurityFocus BID
> http://www.securityfocus.com/bid/15629 
> ****************************************************************
> (2) HIGH: Ipswitch IMail SMTP Format String Vulnerabilities
> Affected:
> Ipswitch Collaboration Suite version 2.0.1
> Ipswitch IMAIL version 8.20
> Description: Ipswitch IMail, a Windows-based mail server used by many
> small and medium ISPs, contains format string vulnerabilities in
> multiple SMTP commands: EXPN, MAIL, MAIL FROM and RCPT TO. An
> unauthenticated attacker can exploit these flaws to execute arbitrary
> code on the IMail server. Note that the IMail server is also a part of
> the Ipswitch Collaboration Suite used by many small and medium
> businesses.
> Status: Ipswitch has released version 8.22 for IMail and 2.0.2 for the
> Collaboration Suite.
> References:
> iDefense Advisory
> http://www.idefense.com/application/poi/display?id=346&type=vu
> Ipswitch Advisories
> http://www.ipswitch.com/support/imail/releases/imail_professio
> nal/im822.asp 
> Product Homepage
> http://www.ipswitch.com/products/imail/index.asp 
> SecurityFocus BID
> http://www.securityfocus.com/bid/15752
> **************************************************************
> *********
> 05.49.1 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer CSS Import Cross-Domain 
> Restriction Bypass
> Description: Microsoft Internet Explorer is prone to an issue that
> allows a violation of the cross-domain security model. The
> vulnerability arises as Internet Explorer does not properly parse CSS
> files and facilitates imports of files that are not valid CSS files.
> An attacker may exploit this issue to steal sensitive information,
> which may aid in other attacks. Microsoft Internet Explorer versions
> 6.0 SP2 and earlier are vulnerable.
> Ref: http://www.securityfocus.com/bid/15660 
> ______________________________________________________________________
> 05.49.13 CVE: CVE-2005-0490
> Platform: Unix
> Title: cURL / libcURL URL Parser Buffer Overflow
> Description: cURL is a utility for retrieving remote content from
> servers over a number of protocols. libcURL provides this
> functionality to applications, as a shared library. cURL and libcURL
> are prone to a buffer overflow vulnerability. The issues occur when
> the URL parser function handles an excessively long URL string and is
> caused by two separate errors. An attacker can exploit these issues to
> crash the affected library, effectively denying service.
> Ref: http://curl.haxx.se/docs/adv_20051207.html 
> ______________________________________________________________________
> 05.49.32 CVE: CVE-2005-2970
> Platform: Cross Platform
> Title: Apache MPM Worker.C Denial of Service
> Description: Apache web-server is prone to a memory leak due to a flaw
> in the "worker.c" file, causing a denial of service vulnerability.
> Apache versions earlier than 2.0.55 are vulnerable.
> Ref: http://www.apache.org/dist/httpd/Announcement2.0.html 
> ______________________________________________________________________


Copyright © Lexa Software, 1996-2009.