OpenOffice Installation Insecure Temporary File Symbolic Link Vulnerability BugTraq ID: 5950 Remote: No Date Published: Oct 11 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5950 Summary:
OpenOffice is an open source office software package distributed and maintained by the OpenOffice project. It is available for Unix, Linux, and Microsoft Windows operating systems. A problem with OpenOffice could make it possible for a local user to destroy arbitrary files. This vulnerability only affects Unix and Linux systems. When OpenOffice is installed, it insecurely creates temporary files. Temporary files created by the office suite are created with a predictable file name. Additionally, a check is not performed prior to the attempted writing to the file. This could result in the destruction of files with the permissions of the user installation OpenOffice if attackers create symbolic links with the correct filename. The vulnerable file is typically created as /tmp/$USERNAME_autoresponse.conf, where $USERNAME is the name of the user installing the office suite. It should be noted that the office suite is typically installed by the administrative user. KDE KPF Icon Option File Disclosure Vulnerability BugTraq ID: 5951 Remote: Yes Date Published: Oct 11 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5951 Summary: kpf is a file sharing utility shipped with the KDE desktop. It uses a subset of the HTTP protocol internally and acts much similiar to a webserver. KDE is available for the Linux operating system. A vulnerability has been discovered in the kpf file sharing utility. It has been reported that by passing a malicious file request to kpf, it is possible for a remote attacker to gain access to files outside of the 'shared directory' root. The ability to read files outside of the shared root directory would be dependent upon the privileges of the kpf process. The problem is in the handling of the '?icon=' option used by kpf. The '?icon=' option allows a user to remotely specify a directory for an icon image. However, if a directory is supplied instead of an image, it is possible for a user to gain a listing of the contents of the directory. Any files readable by the kpf process will also be disclosed to the remote user. By exploiting this issue it may be possible for a remote attacker to view or download arbitrary kpf readable files. Access to sensitive files may aid the attacker in future exploit attempts made against the target system. Linux-HA Heartbeat Remote Buffer Overflow Vulnerability BugTraq ID: 5955 Remote: Yes Date Published: Oct 14 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5955 Summary: Heartbeat is a utility designed to indicate the availability of a Linux system. It is made available as part of the High-Availability Linux (Linux-HA) project. The heartbeat utility is vulnerable to a remotely exploitable buffer overflow condition. Attackers may exploit the vulnerability to execute arbitrary code. It has been reported that the condition is related to the handling of TCP packets. Any code executed will run with root privileges. ghttpd Log() Function Buffer Overflow Vulnerability BugTraq ID: 5960 Remote: Yes Date Published: Oct 15 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5960 Summary: ghttpd is a freely available, open source web server for Unix and Linux variant systems. A buffer overflow has been reported in ghttpd which will allow arbitrary code to be executed with the privileges of the webserver. The overflow occurs when the argument to a 'GET' request is of excessive length. It is a stack-based overflow which may allow for attackers to overwrite stack variables and execute arbitrary code on the underlying host. The vulnerability occurs when excessively long 'GET' requests are logged using the log() function without adequate bounds checking. The webserver minimizes the risk of root compromise by dropping privileges after it has bound to port 80. This vulnerability is still a serious threat however, as remote attackers can gain access. This vulnerability affects ghttpd versions 1.4.3 and earlier. Polycom ViaVideo Denial Of Service Vulnerability BugTraq ID: 5962 Remote: Yes Date Published: Oct 15 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5962 Summary: Polycom ViaVideo is an integrated USB device used for video conferencing. The ViaVideo devices allow remote access via HTTP. Polycom ViaVideo devices are prone to a denial of service condition upon receipt of numerous incomplete HTTP requests. This may restrict availability of the device for legitimate users. An attacker can exploit this vulnerability by making four or more incomplete HTTP connections to TCP port 3603. This port is used by the device for HTTP requests. Further HTTP requests issued to the device will not be honoured. System performance may be affected as exploitation of this vulnerability will also result in excessive CPU utilization. The device may need to be restarted to regain normal functionality. This issue has been reported to affect ViaVideo 2.2 and 3.0. [ hardware ] Polycom ViaVideo Buffer Overflow Vulnerability BugTraq ID: 5964 Remote: Yes Date Published: Oct 15 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5964 Summary: Polycom ViaVideo is an integrated USB device used for video conferencing. The ViaVideo devices allow remote access via HTTP. A buffer overflow vulnerability has been reported for ViaVideo v2.2 and v3.0. An attacker can exploit this vulnerability by issuing excessively long 'GET' requests, consisting of at least 4132 characters, to ViaVideo devices on TCP port 3603. This will cause an error in the 'vvws.dll' library and will cause the ViaVideo service to crash. Although unconfirmed, it may be possible for a remote attacker to exploit this issue to execute arbitrary system commands with the privileges of the ViaVideo process. [ hardware ] Avaya Cajun Firmware Undocumented Default Accounts Vulnerability BugTraq ID: 5965 Remote: Yes Date Published: Oct 15 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5965 Summary: Vulnerable versions of firmware for the Avaya Cajun line of network switches include multiple undocumented users. It has been reported that Avaya Cajun switches contain two undocumented developer accounts, with default passwords. The accounts are the 'diag' and 'manuf' user accounts with the passwords 'danger' and 'xxyyzz'. These accounts provide developer-level access to the switch, which may allow an attacker to have read and write access to the configuration settings of the switch. Exploitation of this issue may allow a remote attacker to gain privileged access to the vulnerable device, resulting in arbitrary configuration settings to be modified. Gaining access to the device may also aid in further attacks against the target network. [ hardware ] [ + usual PHP issues ] - Pour poster une annonce: [EMAIL PROTECTED]