Matt Welsh sgmltool Symlink Vulnerability BugTraq ID: 2683 Remote: Yes Date Published: 2001-05-04 Relevant URL: http://www.securityfocus.com/bid/2683 Summary: sgmltool is a suite of programs used to convert SGML files to other formats. An sgmltool component makes insecure use of temporary files. If an attacker can determine the name of the temporary file prior to its creation, a symbolic link could be created pointing to a target file for which the sgmltool process owner has write permissions. In this event, sgmltool will overwrite the contents of the target file with its own output. Vixie Cron crontab Privilege Lowering Failure Vulnerability BugTraq ID: 2687 Remote: No Date Published: 2001-05-07 Relevant URL: http://www.securityfocus.com/bid/2687 Summary: Vixie cron is an implementation of the popular UNIX program that runs user-specified programs at periodic scheduled times. A serialization error exists in some versions of the crontab file maintenance program. The vulnerability was introduced in versions which were patched for seperate vulnerability in fall of 2000 (see Bugtraq ID #1960). When a parsing error occurs after a modification operation, crontab will fail to drop privileges correctly for subsequent modification operations. Because the program is installed setuid root, it may be possible for a local user to gain root privileges. PHPProjekt Directory Escaping Vulnerability BugTraq ID: 2702 Remote: Yes Date Published: 2001-05-08 Relevant URL: http://www.securityfocus.com/bid/2702 Summary: PHPProjekt is a freely available, open source PHP Groupware package. It is actively maintained by the PHPProjekt Development Team. A problem has been discovered in the software package that could allow remote users access to restricted resources. By exploiting this vulnerability, it is possible for a remote user to gain access to restricted resources, which could be used in an information gathering attack, and could potentially lead gaining local access to the system hosting the PHPProject software. Due to insufficient checking of input, it is possible for a remote user to escape the highest access-permitted directory specified in the configuration file. A user with access to the groupware page can place a request for the dot-dot (..) extension, escaping the current directory, and viewing the directory tree above. This problem can allow users to view any file on the system that is readable by the web server process. - Pour poster une annonce: [EMAIL PROTECTED]
