SecurityFocus Linux Newsletter #259
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
------------------------------------------------------------------
I. FRONT AND CENTER
1. Automatic graylisting of unwanted software
II. LINUX VULNERABILITY SUMMARY
1. OpenVPN Client Remote Format String Vulnerability
2. Invision Gallery Index.PHP SQL Injection Vulnerability
3. NTop Insecure Temporary File Creation Vulnerability
4. PHP PHPInfo Cross-Site Scripting Vulnerability
5. PHP Parse_Str Register_Globals Activation Weakness
6. PHP File Upload GLOBAL Variable Overwrite Vulnerability
7. OpenVPN Server Remote Denial Of Service Vulnerability
8. Sun Java System Communications Express Information Disclosure Vulnerability
9. Invision Gallery Image Upload HTML Injection Vulnerability
10. Scorched 3D Multiple Vulnerabilities
11. F-Prot Antivirus ZIP Attachment Version Scan Evasion Vulnerability
12. Libungif Colormap Handling Memory Corruption Vulnerability
13. Libungif Null Pointer Dereference Denial of Service Vulnerability
14. Sun Java Development Kit Font Serialization Remote Denial of Service Vulnerability
15. CHFN User Modification Privilege Escalation Vulnerability
16. Clam Anti-Virus ClamAV TNEF File Handling Denial Of Service Vulnerability
17. Clam Anti-Virus ClamAV CAB File Handling Denial Of Service Vulnerability
18. Clam Anti-Virus ClamAV FSG File Handling Buffer Overflow Vulnerability
19. GpsDrive Friendsd Remote Format String Vulnerability
20. Acme Thttpd Insecure Temporary File Creation Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Automatic graylisting of unwanted software
By Dr. Todd Brennan
In the race to secure endpoint systems, a new approach known as automatic graylisting can give administrators control over unwanted software installed on end user systems.
http://www.securityfocus.com/columnists/367
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. OpenVPN Client Remote Format String Vulnerability
BugTraq ID: 15239
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15239
Summary:
OpenVPN is reported prone to a remote format string vulnerability.
A malicious server can send specially crafted command options such as 'dhcp-option' including format specifiers to a client to trigger this vulnerability.
A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution. This can result in unauthorized remote access.
This issue affects OpenVPN 2.0.x versions. OpenVPN running on Windows is not vulnerable to this issue.
2. Invision Gallery Index.PHP SQL Injection Vulnerability
BugTraq ID: 15240
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15240
Summary:
Invision Gallery is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
3. NTop Insecure Temporary File Creation Vulnerability
BugTraq ID: 15242
Remote: No
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15242
Summary:
ntop creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
4. PHP PHPInfo Cross-Site Scripting Vulnerability
BugTraq ID: 15248
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15248
Summary:
PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
5. PHP Parse_Str Register_Globals Activation Weakness
BugTraq ID: 15249
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15249
Summary:
PHP is susceptible to a weakness that allows attackers to re-enable the 'register_globals' directive. This issue is due to a failure of the application to handle a memory limit exception.
The 'register_globals' directive will remain enabled for the rest of the lifetime of the affected process. If PHP is being run as an Apache module, then the process handling the malicious request will have 'register_globals' enabled for the duration of the processes life. If PHP is being run as a CGI process, this issue is not likely exploitable.
By exploiting this issue, remote attackers may be able to enable 'register_globals'. This may allow attackers to further exploit latent vulnerabilities in PHP scripts.
6. PHP File Upload GLOBAL Variable Overwrite Vulnerability
BugTraq ID: 15250
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15250
Summary:
PHP is susceptible to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests.
By exploiting this issue, remote attackers may be able to overwrite the GLOBAL variable. This may allow attackers to further exploit latent vulnerabilities in PHP scripts.
7. OpenVPN Server Remote Denial Of Service Vulnerability
BugTraq ID: 15270
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15270
Summary:
OpenVPN server is prone to a remote denial of service vulnerability. This is due to a design error in which the server, running in TCP mode, will be unable to handle exceptional conditions.
This issue affects all OpenVPN 2.0 versions; the vendor has released version 2.0.4 to address this issue.
8. Sun Java System Communications Express Information Disclosure Vulnerability
BugTraq ID: 15271
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15271
Summary:
Sun Java System Communications Express is prone to an information disclosure vulnerability.
A remote attacker may obtain application configuration files.
9. Invision Gallery Image Upload HTML Injection Vulnerability
BugTraq ID: 15286
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15286
Summary:
Invision Gallery is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
This issue is only present when using the Microsoft Internet Explorer Web browser.
10. Scorched 3D Multiple Vulnerabilities
BugTraq ID: 15292
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15292
Summary:
Scorched 3D is prone to multiple vulnerabilities. These issues include numerous buffer overflow, format string, denial of service and arbitrary code execution issues.
These issues are remote in nature and some vulnerabilities require successful authentication prior to exploitation.
Scorched 3D 39.1 and prior versions are affected by these issues.
11. F-Prot Antivirus ZIP Attachment Version Scan Evasion Vulnerability
BugTraq ID: 15293
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15293
Summary:
F-prot Antivirus is prone to a scan evasion vulnerability when dealing with ZIP archive attachments. This issue is due to a design error in the application that flags certain ZIP files as harmless when it is unable to decompress them.
An attacker can exploit this vulnerability by crafting a specially designed ZIP file containing malicious code and bypass the antivirus software.
12. Libungif Colormap Handling Memory Corruption Vulnerability
BugTraq ID: 15299
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15299
Summary:
libungif is prone to a memory corruption vulnerability.
Reports indicate that due to improper handling of colormaps in GIF files an attacker can trigger out-of-bounds writes and corrupt memory.
This may lead to a denial of service condition.
libungif 4.1.3 and prior versions are considered to be vulnerable to this issue.
13. Libungif Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 15304
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15304
Summary:
libungif is prone to a denial of service vulnerability. This issue is due to a failure in the application to handle exceptional conditions.
Successful exploitation of this vulnerability will cause the application utilizing the affected library to crash, effectively denying service to legitimate users.
libungif 4.1.3 and prior versions are considered to be vulnerable to this issue.
14. Sun Java Development Kit Font Serialization Remote Denial of Service Vulnerability
BugTraq ID: 15312
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15312
Summary:
The Sun Java Development Kit (JDK) is prone to a remote denial of service vulnerability. This is due to a font deserialization error. It has been demonstrated that this could be exploited to attack JBoss versions that employ affected versions of the JDK, though the issue itself exists in the JDK.
Successful exploitation could cause an application that implements the JDK to fail, denying service to legitimate users.
15. CHFN User Modification Privilege Escalation Vulnerability
BugTraq ID: 15314
Remote: No
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15314
Summary:
chfn is prone to a privilege escalation vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
A local attacker can exploit this vulnerability to escalate privileges to that of the superuser account.
16. Clam Anti-Virus ClamAV TNEF File Handling Denial Of Service Vulnerability
BugTraq ID: 15316
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15316
Summary:
ClamAV is prone to a denial of service vulnerability. This is due to a failure in the application to handle malformed TNEF files.
Exploitation could cause the application to enter an infinite loop, resulting in a denial of service.
17. Clam Anti-Virus ClamAV CAB File Handling Denial Of Service Vulnerability
BugTraq ID: 15317
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15317
Summary:
ClamAV is prone to a denial of service vulnerability. This is due to a failure in the application to handle malformed CAB files.
Exploitation could cause the application to enter an infinite loop, resulting in a denial of service.
18. Clam Anti-Virus ClamAV FSG File Handling Buffer Overflow Vulnerability
BugTraq ID: 15318
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15318
Summary:
ClamAV is prone to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.
This issue occurs when the application attempts to handle FSG files.
Exploitation of this issue could allow attacker-supplied machine code to be executed in the context of the affected application. The issue would occur when the malformed file is scanned manually or automatically in deployments such as email gateways.
19. GpsDrive Friendsd Remote Format String Vulnerability
BugTraq ID: 15319
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15319
Summary:
GpsDrive is prone to a remote format string vulnerability. A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution. This can result in unauthorized remote access.
20. Acme Thttpd Insecure Temporary File Creation Vulnerability
BugTraq ID: 15320
Remote: No
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15320
Summary:
thttpd creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to overwrite files in the context of the Web server process.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. Automatic graylisting of unwanted software
II. LINUX VULNERABILITY SUMMARY
1. OpenVPN Client Remote Format String Vulnerability
2. Invision Gallery Index.PHP SQL Injection Vulnerability
3. NTop Insecure Temporary File Creation Vulnerability
4. PHP PHPInfo Cross-Site Scripting Vulnerability
5. PHP Parse_Str Register_Globals Activation Weakness
6. PHP File Upload GLOBAL Variable Overwrite Vulnerability
7. OpenVPN Server Remote Denial Of Service Vulnerability
8. Sun Java System Communications Express Information Disclosure Vulnerability
9. Invision Gallery Image Upload HTML Injection Vulnerability
10. Scorched 3D Multiple Vulnerabilities
11. F-Prot Antivirus ZIP Attachment Version Scan Evasion Vulnerability
12. Libungif Colormap Handling Memory Corruption Vulnerability
13. Libungif Null Pointer Dereference Denial of Service Vulnerability
14. Sun Java Development Kit Font Serialization Remote Denial of Service Vulnerability
15. CHFN User Modification Privilege Escalation Vulnerability
16. Clam Anti-Virus ClamAV TNEF File Handling Denial Of Service Vulnerability
17. Clam Anti-Virus ClamAV CAB File Handling Denial Of Service Vulnerability
18. Clam Anti-Virus ClamAV FSG File Handling Buffer Overflow Vulnerability
19. GpsDrive Friendsd Remote Format String Vulnerability
20. Acme Thttpd Insecure Temporary File Creation Vulnerability
III. LINUX FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Automatic graylisting of unwanted software
By Dr. Todd Brennan
In the race to secure endpoint systems, a new approach known as automatic graylisting can give administrators control over unwanted software installed on end user systems.
http://www.securityfocus.com/columnists/367
II. LINUX VULNERABILITY SUMMARY
------------------------------------
1. OpenVPN Client Remote Format String Vulnerability
BugTraq ID: 15239
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15239
Summary:
OpenVPN is reported prone to a remote format string vulnerability.
A malicious server can send specially crafted command options such as 'dhcp-option' including format specifiers to a client to trigger this vulnerability.
A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution. This can result in unauthorized remote access.
This issue affects OpenVPN 2.0.x versions. OpenVPN running on Windows is not vulnerable to this issue.
2. Invision Gallery Index.PHP SQL Injection Vulnerability
BugTraq ID: 15240
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15240
Summary:
Invision Gallery is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
3. NTop Insecure Temporary File Creation Vulnerability
BugTraq ID: 15242
Remote: No
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15242
Summary:
ntop creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
4. PHP PHPInfo Cross-Site Scripting Vulnerability
BugTraq ID: 15248
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15248
Summary:
PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
5. PHP Parse_Str Register_Globals Activation Weakness
BugTraq ID: 15249
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15249
Summary:
PHP is susceptible to a weakness that allows attackers to re-enable the 'register_globals' directive. This issue is due to a failure of the application to handle a memory limit exception.
The 'register_globals' directive will remain enabled for the rest of the lifetime of the affected process. If PHP is being run as an Apache module, then the process handling the malicious request will have 'register_globals' enabled for the duration of the processes life. If PHP is being run as a CGI process, this issue is not likely exploitable.
By exploiting this issue, remote attackers may be able to enable 'register_globals'. This may allow attackers to further exploit latent vulnerabilities in PHP scripts.
6. PHP File Upload GLOBAL Variable Overwrite Vulnerability
BugTraq ID: 15250
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15250
Summary:
PHP is susceptible to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests.
By exploiting this issue, remote attackers may be able to overwrite the GLOBAL variable. This may allow attackers to further exploit latent vulnerabilities in PHP scripts.
7. OpenVPN Server Remote Denial Of Service Vulnerability
BugTraq ID: 15270
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15270
Summary:
OpenVPN server is prone to a remote denial of service vulnerability. This is due to a design error in which the server, running in TCP mode, will be unable to handle exceptional conditions.
This issue affects all OpenVPN 2.0 versions; the vendor has released version 2.0.4 to address this issue.
8. Sun Java System Communications Express Information Disclosure Vulnerability
BugTraq ID: 15271
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15271
Summary:
Sun Java System Communications Express is prone to an information disclosure vulnerability.
A remote attacker may obtain application configuration files.
9. Invision Gallery Image Upload HTML Injection Vulnerability
BugTraq ID: 15286
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15286
Summary:
Invision Gallery is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
This issue is only present when using the Microsoft Internet Explorer Web browser.
10. Scorched 3D Multiple Vulnerabilities
BugTraq ID: 15292
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15292
Summary:
Scorched 3D is prone to multiple vulnerabilities. These issues include numerous buffer overflow, format string, denial of service and arbitrary code execution issues.
These issues are remote in nature and some vulnerabilities require successful authentication prior to exploitation.
Scorched 3D 39.1 and prior versions are affected by these issues.
11. F-Prot Antivirus ZIP Attachment Version Scan Evasion Vulnerability
BugTraq ID: 15293
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15293
Summary:
F-prot Antivirus is prone to a scan evasion vulnerability when dealing with ZIP archive attachments. This issue is due to a design error in the application that flags certain ZIP files as harmless when it is unable to decompress them.
An attacker can exploit this vulnerability by crafting a specially designed ZIP file containing malicious code and bypass the antivirus software.
12. Libungif Colormap Handling Memory Corruption Vulnerability
BugTraq ID: 15299
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15299
Summary:
libungif is prone to a memory corruption vulnerability.
Reports indicate that due to improper handling of colormaps in GIF files an attacker can trigger out-of-bounds writes and corrupt memory.
This may lead to a denial of service condition.
libungif 4.1.3 and prior versions are considered to be vulnerable to this issue.
13. Libungif Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 15304
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15304
Summary:
libungif is prone to a denial of service vulnerability. This issue is due to a failure in the application to handle exceptional conditions.
Successful exploitation of this vulnerability will cause the application utilizing the affected library to crash, effectively denying service to legitimate users.
libungif 4.1.3 and prior versions are considered to be vulnerable to this issue.
14. Sun Java Development Kit Font Serialization Remote Denial of Service Vulnerability
BugTraq ID: 15312
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15312
Summary:
The Sun Java Development Kit (JDK) is prone to a remote denial of service vulnerability. This is due to a font deserialization error. It has been demonstrated that this could be exploited to attack JBoss versions that employ affected versions of the JDK, though the issue itself exists in the JDK.
Successful exploitation could cause an application that implements the JDK to fail, denying service to legitimate users.
15. CHFN User Modification Privilege Escalation Vulnerability
BugTraq ID: 15314
Remote: No
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15314
Summary:
chfn is prone to a privilege escalation vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
A local attacker can exploit this vulnerability to escalate privileges to that of the superuser account.
16. Clam Anti-Virus ClamAV TNEF File Handling Denial Of Service Vulnerability
BugTraq ID: 15316
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15316
Summary:
ClamAV is prone to a denial of service vulnerability. This is due to a failure in the application to handle malformed TNEF files.
Exploitation could cause the application to enter an infinite loop, resulting in a denial of service.
17. Clam Anti-Virus ClamAV CAB File Handling Denial Of Service Vulnerability
BugTraq ID: 15317
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15317
Summary:
ClamAV is prone to a denial of service vulnerability. This is due to a failure in the application to handle malformed CAB files.
Exploitation could cause the application to enter an infinite loop, resulting in a denial of service.
18. Clam Anti-Virus ClamAV FSG File Handling Buffer Overflow Vulnerability
BugTraq ID: 15318
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15318
Summary:
ClamAV is prone to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.
This issue occurs when the application attempts to handle FSG files.
Exploitation of this issue could allow attacker-supplied machine code to be executed in the context of the affected application. The issue would occur when the malformed file is scanned manually or automatically in deployments such as email gateways.
19. GpsDrive Friendsd Remote Format String Vulnerability
BugTraq ID: 15319
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15319
Summary:
GpsDrive is prone to a remote format string vulnerability. A remote attacker may leverage this issue to write to arbitrary process memory, facilitating code execution. This can result in unauthorized remote access.
20. Acme Thttpd Insecure Temporary File Creation Vulnerability
BugTraq ID: 15320
Remote: No
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15320
Summary:
thttpd creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to overwrite files in the context of the Web server process.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.
III. LINUX FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to linux-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
[ reply ]