kicq 2.0.0b1 Invalid ICQ Packet Denial of Service Vulnerability BugTraq ID: 4018 Remote: Yes Date Published: Feb 02 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4018 Summary:
kicq 2.0.0b1 is an ICQ client for the K Desktop Environment (KDE). kicq can be crashed remotely by initiating a telnet connection to a port it is listening on and sending "random" characters. kicq expects to receive valid ICQ protocol packets on this port, and it fails to properly respond to unexpected data or shut down gracefully. This does not affect other components of the system, only the ICQ client. MRTG Configuration Generator Path Disclosure Vulnerability BugTraq ID: 4021 Remote: Yes Date Published: Feb 04 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4021 Summary: MRTG Configuration Generator is a configuration file generator for devices being monitored on a network. A vulnerability has been reported in mrtg.cgi that could allow a malicious user to view the full path to the web root. Reportedly, if a user submits a HTTP request to a host containing unusual characters, the server will return an error page containing the path to the web root. This information could be used to launch further attacks against the host. * Please note that the person who discovered this issue reported it in Multi Router Traffic Grapher (MRTG). However, mrtg.cgi is not part of MRTG it is a completely indepedent utility. Faq-O-Matic Cross-Site Scripting Vulnerability BugTraq ID: 4023 Remote: Yes Date Published: Feb 04 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4023 Summary: FAQ-O-Matic is a freely available, open-source FAQ (Frequently Asked Questions) manager. It is intended to run on Linux and Unix variants. FAQ-O-Matic does not sufficiently filter HTML tags, including script code, from URL parameters. It is possible to create a malicious link containing arbitrary script code. When a legitimate user browses the malicious link, the script code will be executed in the user's browser in the context of the website running Faq-O-Matic. As a result, it may be possible for a remote attacker to steal cookie-based authentication credentials from a legitimate user of the user. The attacker may then hijack the session of the legitimate user. Netgear RT314/RT311 Gateway Router Cross-Site Scripting Vulnerability BugTraq ID: 4024 Remote: Yes Date Published: Feb 03 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4024 Summary: The Netgear RT314/RT311 Gateway Router models allow Cable/DSL users to share a connection. These products provide a web-based administrative interface. The affected products run a ZyXel-RomPager web server to provide easy web-based configuration. HTML tags are not sufficiently filtered from URL parameters. As a result, the web interface for the router is prone to cross-site scripting attacks. This may be exploited by an attacker who knows the internal IP address of the router. Arbitrary script code may be included in a malicious link, which is executed in the browser of the victim, in the context of the router. It is possible that an attacker may capitalize on this opportunity to gain unauthorized administrative access to the router. This may occur if the attacker can successfully steal cookie-based authentication credentials from a user who has access to the administrative interface. It should be noted that there is a distinct possibility that any other router products running the ZyXel-RomPager web server (versions 3.02 or earlier) may also be prone to this issue. This issue reportedly does not affect the Netgear RP114 Cable/DSL Web Safe Router. [ hardware ] PHP MySQL Safe_Mode Filesystem Circumvention Vulnerability BugTraq ID: 4026 Remote: Yes Date Published: Feb 03 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4026 Summary: PHP is a server side scripting language, designed to be embedded within HTML files. It is available for Windows, Linux, and many Unix based operating systems. It is commonly used for web development, and is very widely deployed. A vulnerability has been discovered that may allow an attacker to gain access to sensitive information that is located on areas of a filesystem that were restricted when PHP safe_mode was enabled. The safe_mode feature in PHP may be used to restrict access to certain areas of a filesystem by PHP scripts. However, a problem has been discovered that may allow an attacker to bypass these restrictions to gain unauthorized access to areas of the filesystem that have been restricted when PHP safe_mode was enabled. In particular, the MySQL client library that ships with PHP does not properly honor safe_mode. As a result, it is possible to use a LOAD DATA statement to read files that exist in restricted areas of the filesystem (as determined by PHP safe_mode). An attacker with access to the MySQL database may exploit this issue to view any files which are readable by the database process. - Pour poster une annonce: [EMAIL PROTECTED]
