AstroCam Buffer Overflow Vulnerability BugTraq ID: 4684 Remote: Yes Date Published: May 07 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4684 Summary:
AstroCam is used to control web cams on BSD and Linux systems. AstroCam has a web interface/server for remote administration and is maintained by Steffen Wendzel. Versions of AstroCam prior to 1.4.1 Gtk Beta are susceptible to an exploitable buffer overflow. A remote attacker able to exploit this condition may be able to crash the server and create a denial of service condition. Additionally, due to the nature of this vulnerability it is likely that it is possible to execute arbitrary code as the server. This possibility has not, however, been confirmed. No additional technical details are currently available. Webmin / Usermin Login Cross Site Scripting Vulnerability BugTraq ID: 4694 Remote: Yes Date Published: May 08 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4694 Summary: Webmin is a web-based interface for system administration of Unix and Linux operating systems. Usermin is a related product designed for user level tasks. A cross site scripting issue has been reported with the login process for both systems. User supplied input, under some circumstances, is included in HTML content used to display an error message. If a malicious link to this page is constructed, JavaScript code may be injected into the page. The script will then execute within the context of the Webmin domain. Reportedly, this vulnerability can only be exploited if a user has not authenticated to the system. As a result, authentication data can not easily be acquired. However, information associated with other pages on the same domain may be freely accessed. 11. 4D WebServer Authentication Buffer Overflow BugTraq ID: 4665 Remote: Yes Date Published: May 03 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4665 Summary: 4D WebServer is a client/server database management system with integrated web development and serving. It runs on Microsoft Windows and MacOS operating systems. Due to insufficient bounds checking of the username/password fields, 4D WebServer is prone to a buffer overflow condition. It is possible to overwrite stack variables such as the return address by overflowing either of these fields. This may enable a remote attacker to cause a denial of service or execute attacker-supplied instructions. There is some amount of input validation performed on the authentication fields, which causes requests to be terminated if invalid characters are found. As a result, this may restrict exploitability of this issue for the purpose of executing arbitrary code. It should be noted that the software will run in the SYSTEM context on multi-user Windows operating systems, so successful exploitation may result in a full compromise of the host. This issue was reported for 4D WebServer version 6.7.3, earlier versions may also be affected. C-Note Squid_Auth_LDAP Pam Logging Format String Vulnerability BugTraq ID: 4679 Remote: Yes Date Published: May 06 2002 12:00A Relevant URL: http://www.securityfocus.com/bid/4679 Summary: mysql_auth_ldap is a freely available, open source authentication package distributed by C-Note. It is available for the Linux operating system. A problem with mysql_auth_ldap could make it possible for a remote user to execute arbitrary code. The problem is in logging of authentication. Due to a problem in the design of the program, it may be possible to exploit a format string vulnerability. The logging() function in the program calls syslog insecurely. As a result, it may be possible for a remote user attempting to connect to the host to supply format specifiers that will cause memory to be overwritten. This problem could result in the execution of attacker supplied code, and result in elevated privileges. - Pour poster une annonce: [EMAIL PROTECTED]
