Intel D845 Motherboard BIOS Series Arbitrary Boot Media Vulnerability BugTraq ID: 4610 Remote: No Date Published: Apr 26 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4610 Summary:
The D845 series motherboards are a product of Intel. These motherboards are designed to support the Pentium 4 processor. Under some circumstances, it may be possible for a local user to change the boot media of a system. The problem is in the use of special keys. When a system using a D845 series motherboard is booted, it is possible to halt the boot to change the boot media, even if a BIOS password is set. By pressing the F8 key, the D845 BIOS will give a user at the console a menu. From this menu, a user may specify a different media than the default from which the system is to be booted. Any password set on the BIOS will be circumvented by this procedure. The problem makes it possible for a user with local access to the system to alter the boot configuration. Additionally, the user may be able to install new operating systems/software on the system, or other activity. This problem reportedly affects the D845HV and D845WN model motherboards. [ hardware. Les mots de passe BIOS sont de toute fa�on connus pour avoir des backdoors. ] Qualcomm QPopper Bulletin Name Buffer Overflow Vulnerability BugTraq ID: 4614 Remote: No Date Published: Apr 28 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4614 Summary: QPopper is a freely available, open source software package distributed by Qualcomm. It is designed for use on various operating systems, although this problem affects the Unix and Linux platforms. A problem with the software may allow a local user to execute code. The problem is in the handling of bulletins. QPopper does not sufficiently check bounds on some data. When a user supplies a bulletin with a long name (greater than 256 bytes), a buffer overflow occurs. This could result in the overwriting of process memory, including the return address within the stack, and code execution. This problem makes it possible for a local user to execute arbitrary commands with the privileges of the QPopper process. Typically, this process is started by root, which would therefore allow execution of code with root privileges. It should be noted that QPopper servers that do not process a users .qpopper-options file are not vulnerable to this problem. CIDER Shadow Analyzer Remote Command Execution Vulnerability BugTraq ID: 4625 Remote: Yes Date Published: Apr 29 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4625 Summary: CIDER (Cooperative Intrusion Detection Evaluation and Response) Shadow Analyzer is a component of the Shadow Intrusion Detection System. It will run on a number of Linux distributions. The CIDER Shadow Analyzer component is intended to be only accessible within the internal network. The CIDER Shadow Analyzer component provides a web-based interface for the CIDER Shadow Sensor. It is possible for attackers within the internal network to mount remote command executions via this web interface. The CIDER Shadow Analyzer does not adequately filter shell metacharacters. As a result, remote attackers may execute commands on the underlying host with the privileges of the webserver process. This may enable a remote attacker within the internal network to gain local access to the host running the vulnerable software. It is not known whether CIDER Shadow 1.7 is also affected by this issue. AutoLog IP Spoofing Vulnerability BugTraq ID: 4627 Remote: Yes Date Published: Apr 29 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4627 Summary: AutoLog is website usage tracking software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. AutoLog uses cookies to track which users have visited the website it is running on. By sending a specially crafted cookie containing an arbitrary IP address, a remote attacker may cause a false IP to be logged by the script. An attacker may exploit this issue to conceal the source of malicious web activity. Mozilla / Netscape 6 XMLHttpRequest File Disclosure Vulnerability BugTraq ID: 4628 Remote: Yes Date Published: Apr 30 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4628 Summary: An issue exists in handling of HTTP redirects in the XMLHttpRequest object used by Mozilla and Netscape 6. The XMLHttpRequest object allows a client machine to obtain an XML document through a HTTP request. Normally, security checks prevent this object from directly accessing local files when the script is obtained from an untrusted source, such as a remote web site. A vulnerability exists when a request is made to a server via the method XMLHttpRequest.Open()', and the response is a redirect. XMLHttpRequest will automatically follow the redirect, and read the contents of the file. The file contents are then accessible by the rest of the script code as the responseText property, and may be transmitted to another website. It has been reported that this issue also exists with the load method applied to XML documents created with the createDocument method of the DOMImplementation interface. This attack vector is available in Mozilla 1.0RC1. This could lead to a disclosure of sensitive information to remote attackers. Aussi: Mozilla is a freely available, open-source web browser. It runs on most Linux and Unix variants, as well as MacOS and Microsoft Windows 9x/ME/NT/2000/XP operating systems. Netscape is another web-browser product which runs on the same platforms as Mozilla. Netscape and Mozilla crash when handling an exceptionally long request (32KB+) for a channel using the IRC protocol. An attacker may exploit this issue to crash a web user's browser. This is most likely to occur via a hyperlink in a malicious webpage, but may also occur via HTML e-mail. This issue is most likely due to a buffer overflow condition, but it is not known whether this condition may be exploited to execute arbitrary attacker-supplied instructions. Other browsers based on the Mozilla codebase (such as Galeon) may also be affected by this issue. Netscape/Mozilla/Galeon Local File Detection Vulnerability BugTraq ID: 4640 Remote: Yes Date Published: Apr 30 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4640 Summary: Mozilla is a freely available, open-source web browser. It runs on most Linux and Unix variants, as well as MacOS and Microsoft Windows 9x/ME/NT/2000/XP operating systems. Netscape is another popular web-browser product which runs on the same platforms as Mozilla. The Galeon browser is available for various Linux distributions. External Cascading Style-Sheets (CSS) may be embedded inside of HTML files. This is accomplished using the <LINK> element. The security model of the web client is designed to prevent links to other file types and links to local files on the client's system from remote pages. It has been demonstrated that it is possible for a webpage to circumvent this security model by linking to the external file and causing a HTTP redirect to occur. This could be exploited to detect the existence of a file on the local system of the web client viewing the malicious page. This could lead to a disclosure of sensitive information to remote attackers. Paul L Daniels alterMIME Denial of Service Vulnerability BugTraq ID: 4650 Remote: Yes Date Published: Apr 26 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4650 Summary: Paul L Daniels alterMIME is a program to help modify MIME encoded email packages, including the ability to modify attachments and append text to outgoing email. A possible denial of service issue exists in some versions of alterMIME. Under some circumstances, an unsafe call to snprintf() results in an out by one error. This causes a null byte to overwrite adjacent stack data, in this case a form of file structure. This could lead to the corruption of a file pointer. It has been reported that this condition can cause the program to crash when exiting. It is possible that under some conditions, exploitation may result in a denial of service condition. Additionally, as corruption of memory is occuring, under some extreme conditions this may allow an attacker to execute arbitrary code as the alterMIME process. This possibility has not, however, been confirmed. [ les probl�mes usuels des logiciels PHP ] - Pour poster une annonce: [EMAIL PROTECTED]
