Rappel des règles:
- uniquement les annonces concernant les logiciels libres sont
reproduites.
- parfois, certaines annonces concernant le matériel sont
également reproduites.
- les annonces concernant les scripts PHP ne sont plus reproduites,
il y en a tellement.
Parfois SecurityFocus n'est malheureusement pas très clair sur la qualité
libre/non-libre des logiciels traités.
Il y a eu plein de problèmes découverts sur le Cisco VPN 3000.
Red Hat PXE Server DHCP Packet Denial Of Service Vulnerability
BugTraq ID: 5596
Remote: Yes
Date Published: Aug 30 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5596
Summary:
Red Hat Linux includes a Preboot eXecution Environment (PXE) server. PXE
can be used to boot a Linux based system from a remote disk image.
An error has been reported in the PXE server included with some versions
of Red Hat. If certain DHCP packets are received by the server, it may
crash. This may create a denial of service condition for legitimate
systems which rely on the server. A restart may be required in order to
regain normal functionality.
In particular, this behavior has been reported to occur when DHCP packets
generated by some Voice Over IP (VoIP) phone devices are received by the
vulnerable server.
FactoSystem Weblog Multiple SQL Injection Vulnerabilities
BugTraq ID: 5600
Remote: Yes
Date Published: Aug 31 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5600
Summary:
FactoSystem Weblog is a freely available, open source software package for
weblogging and managing content. It is available for Microsoft Windows
operating systems.
A problem with FactoSystem could lead to a possible SQL injection attack.
FactoSystem does not adequately filter special characters from requests.
Because of this, it may be possible for a remote user to submit a request
containing encoded special characters and SQL, and execute arbitrary
commands. This could lead to execution of SQL commands in the security
context of web database user.
By passing custom requests through the authornumber, discussblurbid, name,
and email fields in the author.asp, discuss.asp, and holdcomment.asp
pages, an attacker could potentially execute SQL commands on the database
backending the weblog. It is possible to pass special characters through
the Weblog by sending them as their hex values.
It should be noted that this problem affects systems that run IIS and have
ASP enabled. This problem may allow an attacker to perform various
functions on a vulnerable server, and could potentially lead to the
retrieval of sensitive information.
Dan Mueth ScrollKeeper Tempfile Symbolic Link Vulnerability
BugTraq ID: 5602
Remote: No
Date Published: Sep 02 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5602
Summary:
Dan Mueth ScrollKeeper is a documentation cataloging system that acts as a
middle layer between applications and help browsers.
When a ScrollKeeper aware browser makes a call to get a category tree
using scrollkeeper-get-cl, the content list is passed through tempfiles in
the /tmp directory with permissions of the current user. The tempfiles
are named scrollkeeper-tempfile.[0-4].
While creating these tempfiles, scrollkeeper-get-cl will follow symbolic
links. This could allow an attacker to overwrite files as the currently
logged on user.
Super Site Searcher Remote Command Execution Vulnerability
BugTraq ID: 5605
Remote: Yes
Date Published: Sep 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5605
Summary:
Super Site Searcher is a search engine script, implemented in Perl. It is
intended to run on Unix and Linux variants.
Super Site Searcher is prone to remote command execution. Shell
metacharacters are not adequately filtered from query string parameters in
a request to the vulnerable search engine script. In particular, the lack
of input validation affects the "page" query string parameter, which is
processed by "site_searcher.cgi". The parameter is used in a function
which passes commands directly through the shell.
A remote attacker may exploit this condition to execute arbitrary commands
on the shell with the privileges of the webserver process, which will
enable the attacker to gain local access to the underlying host.
Simple Site Searcher, released by the same vendor, is also prone to this
issue.
-
Pour poster une annonce: [EMAIL PROTECTED]
