Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 18



> 
> *************************
> Widely Deployed Software
> *************************
> - ----------------------------------------------------------------
> 
> (2) MODERATE: Multiple MySQL Remote Code Execution and Information
>     Disclosure Vulnerabilities
> Affected:
> MySQL version 4.1.x prior to 4.1.19
> MySQL version 5.0.x prior to 5.0.21
> MySQL version 5.1.x prior to 5.1.10
> 
> Description: MySQL database server suffers from a buffer overflow and
> information disclosure vulnerabilities. The server contains a buffer
> overflow that can be triggered by specially crafted "COM_TABLE_DUMP"
> packets (used to dump database tables). An authenticated 
> MySQL user can
> exploit this flaw to execute arbitrary code on the database server.
> Additionally, by sending specially-crafted "login" and 
> "COM_TABLE_DUMP"
> requests to a MySQL process, an attacker could cause portions of the
> memory to be returned in the resulting error messages. This 
> information
> can then be used in constructing exploit code. 
> Proof-of-concept exploit
> for the "COM_TABLE_DUMP" flaw has been posted. Note that an
> unauthenticated attacker can exploit the vulnerabilities via any SQL
> injection flaws in a front-end web application.
> 
> Status: Vendor confirmed, patches available. Upgrade to MySQL versions
> 4.1.19, 5.0.21 and 5.1.10 (when available). Use firewalls to 
> block port
> 3306/tcp from the Internet.
> 
> Council Site Actions:  One site has already updated its non-RedHat
> systems and is waiting on patches for the RedHat platforms.  Another
> site is treating this as a very low threat since only a small 
> number of
> important machines are running the affected software; no account can
> access the daemon over the network, and the total number of 
> accounts is
> very small. They will most likely update these systems within the next
> month.
> 
> References:
> MySQL Advisory
> http://dev.mysql.com/doc/refman/4.1/en/news-4-1-19.html
> http://dev.mysql.com/doc/connector/j/en/news-5-0-21.html
> http://dev.mysql.com/doc/refman/5.1/en/news-5-1-10.html
> CERT Advisory
> http://www.kb.cert.org/vuls/id/602457
> Posting by Stefano
> http://www.wisec.it/vulns.php?page=8
> http://www.wisec.it/vulns.php?page=7
> SecurityFocus BID
> http://www.securityfocus.com/bid/17780
> - ----------------------------------------------------------------
> 
> (3) MODERATE: Multiple LibTIFF Buffer Vulnerabilities
> Affected:
> LibTIFF versions prior to 3.8.1
> 
> Description: The libtiff library provides various functions 
> to store and
> read the Tag Image File Format (TIFF), a popularly used image file
> format. This library is used on Linux by GNOME and KDE 
> applications, the
> Mozilla and Mozilla Firefox web browsers, the xv image manipulation
> program, and other popular applications. The library contains multiple
> buffer overflows that were discovered by supplying "fuzzed" 
> TIFF images.
> A malicious image in a webpage or an HTML email may exploit the flaws
> to potentially execute arbitrary code on a Linux/Unix client. The
> technical details required to leverage the flaws have been posted.
> 
> Status: Upgrade to version 3.8.1. Linux vendors like RedHat have also
> released patched versions.
> 
> Council Site Actions: Two of the reporting council sites are using the
> affected software.  They plan to push out the patches during 
> their next
> regularly scheduled system update cycle.
> 
> References:
> Vendor Advisory
> http://www.remotesensing.org/libtiff/v3.8.1.html
> http://bugzilla.remotesensing.org/show_bug.cgi?id=1102
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933
> TIFF Image Format
> http://www.libtiff.org/TIFFTechNote2.html
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/17730
> http://www.securityfocus.com/bid/17733
> http://www.securityfocus.com/bid/17809
> 
> - ----------------------------------------------------------------
> 
> (4) MODERATE: Mozilla Firefox "designMode" Denial of Service
> Affected:
> Firefox versions prior to 1.5.0.3
> 
> Description: Mozilla Firefox contains a DoS vulnerability that arises
> from the failure to properly parse certain JavaScript constructs. A
> specially-crafted web page can inject malicious code into a user's
> browser session, and potentially execute the code with the privileges
> of the logged-on user (not confirmed). The vulnerability is triggered
> when certain deleted objects are re-referenced while the "designMode"
> property is set. The "designMode" property is used for 
> features such as
> building rich text editor in a webpage. The proof-of-concept 
> exploit is
> included in the Mozilla Bugzilla.
> 
> Status: Upgrade to version 1.5.0.3. Ensure that the 
> "autoupdate" feature
> is enabled in the "Tools->Options->Advanced" configuration section.
> 
> Council Site Actions: Most of the council sites are using Firefox, but
> it is not supported by their central IT departments.  However, most of
> the users have Auto Update turned on and expect the users to 
> be updated
> in due time.
> 
> References:
> Mozilla Advisory
> http://www.mozilla.org/security/announce/2006/mfsa2006-30.html
> https://bugzilla.mozilla.org/show_bug.cgi?id=334515
> SecurityFocus BID
> http://www.securityfocus.com/bid/17671
> 
> **************************************************************
> ***********
> 
> (5) MODERATE: X11 XRender Extension Buffer Overflow
> Affected:
> All versions of X11R6 and X11R7 when using the XRender extension
> 
> Description: X11, the package deployed on most Linux and BSD
> installations, contains a buffer overflow vulnerability in its XRender
> extension (installed and enabled by default on most systems). The
> XRender extension is used to perform complex graphical compositing and
> manipulation. This flaw allows authenticated users to execute 
> code with
> the privileges of the X server user, typically root. Note that it may
> be possible to execute this vulnerability remotely using remote X
> display primitives, but this would still require user authentication.
> The technical details required to leverage the flaw are publicly
> available.
> 
> Note that although this is a privilege escalation vulnerability (not
> typically included in the @RISK); owing to the widespread distribution
> of the X11 package an exception has been made in this case.
> 
> Status: X.Org has published patches. Various Linux vendors are working
> on releasing their own patches. A workaround is to disable to 
> "XRender"
> extension by adding the following lines to xorg.conf file:
> 
> Section "Extensions"
> Option "RENDER" "disable"
> EndSection
> 
> References:
> X.Org Security Advisory
> http://lists.freedesktop.org/archives/xorg/2006-May/015136.html
> http://xorg.freedesktop.org/releases/X11R6.8.2/patches/xorg-68
> x-CAN-2006-1526.patch
> http://xorg.freedesktop.org/releases/X11R6.9.0/patches/x11r6.9
> .0-mitri.diff
> http://xorg.freedesktop.org/releases/X11R6.9.0/patches/x11r6.9
> .0-mitri.diff
> Technical Details
> https://bugs.freedesktop.org/show_bug.cgi?id=6642
> SecurityFocus BID
> http://www.securityfocus.com/bid/17795
> 
> *********************************************************************
> 
> 06.18.1 CVE: Not Available
> Platform: Windows
> Title: Microsoft May Advance Notification Multiple Vulnerabilities
> Description: Microsoft has released advance notification that they
> will be releasing three security bulletins for Windows on May 9, 2006.
> The highest severity rating for these issues is Critical.
> 
> - - One bulletin for Microsoft Exchange. The highest severity 
> rating for
> this issue is Critical.
> - - Two bulletins for Microsoft Windows. The highest severity 
> rating for
> these issues is Critical.
> Ref: http://www.microsoft.com/technet/security/bulletin/advance.mspx
> ______________________________________________________________________
> 
> 06.18.2 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer Unspecified OBJECT Tag Memory Corruption
> Description: Microsoft Internet Explorer is prone to an unspecified
> memory corruption issue which can be exploited via a malicious web
> page to potentially execute arbitrary code in the context of the
> current user. Please see the attached advisory for details.
> Ref: http://www.securityfocus.com/bid/17820
> ______________________________________________________________________
> 
> 
> 06.18.13 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: UltraVNC Weak Challenge-Response Authentication
> Description: UltraVNC is susceptible to a weak challenge-response
> authentication vulnerability. This issue is due to the use of insecure
> encryption during the authentication process of UltraVNC when
> configured to utilize the Microsoft Logon authentication mechanism.
> UltraVNC version 1.0.1 is vulnerable.
> Ref: http://www.securityfocus.com/bid/17824
> ______________________________________________________________________
> 
> 06.18.19 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel SMBFS CHRoot Security Restriction Bypass
> Description: The Linux Kernel is prone to a security restriction
> bypass vulnerability affecting the chroot implementation. A local
> attacker who is bounded by the chroot can bypass the filesystem
> security restriction through use of directory traversal strings such
> as "../". Please see the referenced advisory for details.
> Ref: http://www.securityfocus.com/bid/17735
> ______________________________________________________________________
> 
> 06.18.20 CVE: CVE-2006-1863
> Platform: Linux
> Title: Linux Kernel CIFS CHRoot Security Restriction Bypass
> Description: The Linux Kernel is prone to a security restriction
> bypass vulnerability affecting the chroot implementation. This issue
> is due to a failure in the kernel to properly sanitize user-supplied
> data. The problem affects chroot inside of a smb-mounted filesystem
> (cifs). A local attacker who is bounded by the chroot can exploit this
> issue to bypass the chroot restriction and gain unauthorized access to
> the filesystem. An attacker can bypass the filesystem security
> restriction through use of directory traversal strings.
> Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189434
> ______________________________________________________________________
> 
> 06.18.21 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel SCTP-netfilter Remote Denial of Service
> Description: The Linux kernel netfilter module is susceptible to a
> remote denial of service vulnerability. This issue is triggered when
> excessive kernel memory is consumed in an infinite loop. This problem
> stems from a memory leak in the kernel's "SCTP-netfilter" code. Kernel
> versions prior to 2.6.16.13 are vulnerable.
> Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.13
> ______________________________________________________________________
> 
> 06.18.22 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel SELinux_PTrace Local Denial of Service
> Description: The Linux kernel is vulnerable to a local denial of
> service issue due to a design error when SELinux is enabled and ptrace
> is utilized. The Linux kernel versions 2.6.16.13 and earlier are
> vulnerable.
> Ref: http://marc.theaimsgroup.com/?l=selinux&m=114226465106131&w=2
> ______________________________________________________________________
> 
> 06.18.23 CVE: Not Available
> Platform: Linux
> Title: Linux Kernel RNDIS_Query_Response Remote Buffer Overflow
> Description: The Linux kernel contains support for running as a USB
> slave which enables Linux to run in embedded USB peripheral devices.
> It is prone to a remote buffer-overflow issue due to a failure of the
> kernel to properly bounds check user-supplied data in the
> "rndis_query_response()" function. Linux kernel versions in the
> version 2.6 series prior to 2.6.16 are affected.
> Ref: http://www.securityfocus.com/bid/17831
> ______________________________________________________________________
> 
> 06.18.24 CVE: Not Available
> Platform: Linux
> Title: Linux-VServer Local Insecure Guest Context Capabilities
> Description: The Linux-VServer project implements virtual servers for
> the Linux operating system. It is susceptible to a vulnerability
> regarding insecure guest context capabilities. The kernel fails to
> properly enforce security restrictions in guest hosts. This issue
> allows unprivileged users in guest hosts to perform various operations
> that should be restricted to superusers.
> Ref: http://www.securityfocus.com/bid/17842
> ______________________________________________________________________
> 
> 06.18.25 CVE: CVE-2006-1526
> Platform: Unix
> Title: X.Org XRender Extension Buffer Overflow
> Description: The X.Org X Windows System is a Windows server. It is
> prone to a buffer overflow vulnerability in the render extension.
> Visit the referenced advisory for details.
> Ref: http://www.openbsd.org/errata.html#xorg
> ______________________________________________________________________
> 
> 06.18.27 CVE: Not Available
> Platform: Cross Platform
> Title: LibTiff Multiple Denial of Service Vulnerabilities
> Description: LibTIFF is a library designed to facilitate the reading
> and manipulation of Tag Image File Format (TIFF) files. LibTIFF is
> affected by multiple denial of service issues. Please read the
> attached advisory for details.
> Ref: http://www.securityfocus.com/bid/17730
> ______________________________________________________________________
> 
> 06.18.28 CVE: CVE-2006-2025
> Platform: Cross Platform
> Title: LibTiff TIFFFetchData Integer Overflow
> Description: LibTIFF is a library designed to facilitate the reading
> and manipulation of Tag Image File Format (TIFF) files. Applications
> utilizing the LibTIFF library are prone to an integer overflow
> vulnerability. This issue occurs in the "TIFFFetchData()" function of
> "tif_dirread.c".
> Ref: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933
> ______________________________________________________________________
> 
> 06.18.29 CVE: CVE-2006-2026
> Platform: Cross Platform
> Title: LibTIFF Double Free Memory Corruption Vulnerability
> Description: LibTIFF is a library designed to read and manipulate Tag
> Image File Format (TIFF) files. It is vulnerable to a memory
> corruption issue due to the cleanup functions of "tif_jpeg.c",
> "tif_pixarlog.c", "tif_fax3.c", and "tif_zip.c". LibTIFF version 3.8.1
> or later resolves the issue.
> Ref: http://bugzilla.remotesensing.org/show_bug.cgi?id=1102
> ______________________________________________________________________
> 
> 06.18.33 CVE: CVE-2006-1989
> Platform: Cross Platform
> Title: Clam AntiVirus FreshClam Remote Buffer Overflow
> Description: ClamAV is an antivirus application. It is vulnerable to a
> remote buffer overflow issue due to insufficient handling of large
> amount of bytes in the HTTP response header while attempting to
> retrieve updated signatures. ClamAV versions 0.88 and 0.88.1 are
> vulnerable.
> Ref: http://www.clamav.net/doc/0.88.2/ChangeLog
> ______________________________________________________________________
> 
> 06.18.34 CVE: Not Available
> Platform: Cross Platform
> Title: MySQL Remote Information Disclosure and Buffer Overflow
> Vulnerabilities
> Description: MySQL is an open source relational database project. It
> is vulnerable to multiple remote issues such as buffer overflow and
> information disclosure. See the reference for futher details. MySQL
> versions 5.1.9 and earlier are vulnerable.
> Ref: http://www.securityfocus.com/archive/1/432734
> ______________________________________________________________________
> 
> 06.18.35 CVE: Not Available
> Platform: Cross Platform
> Title: rsync Receive_XATTR Integer Overflow Vulnerability
> Description: The rsync utility is used to synchronize files and
> directory structures across a network. Insufficient sanitization of
> the "name_len" and "datum_len" values exposes the application to an
> integer overflow issue. rsync versions prior to 2.6.8 are affected.
> Ref: http://www.securityfocus.com/bid/17788
> ______________________________________________________________________
> 
> 06.18.38 CVE: Not Available
> Platform: Cross Platform
> Title: Quagga Information Disclosure and Route Injection
> Vulnerabilities
> Description: Quagga is a routing package that has support for multiple
> dynamic routing protocols. It is susceptible to remote information
> disclosure and route injection vulnerabilities. These issues are due
> to flaws in the application that fail to properly ensure that required
> authentication and protocol configuration options are enforced. Quagga
> versions 0.98.5 and 0.99.3 are vulnerable to these issues.
> Ref: http://www.securityfocus.com/bid/17808
> ______________________________________________________________________
> 
> 06.18.39 CVE: Not Available
> Platform: Cross Platform
> Title: LibTiff TIFFToRGB Denial of Service
> Description: LibTIFF is a library designed to facilitate the reading
> and manipulation of Tag Image File Format (TIFF) files. It is affected
> by a denial of service issue due to the "TIFFToRGB" function's
> improper handling of certain parameters. LibTIFF versions 3.8 and
> earlier are vulnerable.
> Ref: http://www.securityfocus.com/bid/17809
> ______________________________________________________________________
> 
> 06.18.42 CVE: Not Available
> Platform: Cross Platform
> Title: PHP Multiple Unspecified Vulnerabilities
> Description: PHP is a general purpose scripting language. It is
> affected by multiple unspecified vulnerabilities. Please see the
> attached advisory for details.
> Ref: http://www.securityfocus.com/bid/17834
> ______________________________________________________________________



 




Copyright © Lexa Software, 1996-2009.