Network Security News Monitor - Tuesday, March 21, 2006 Events

LibVC (vCard) count_vcards() Function Local Overflow

An overflow exists in LibVC. LibVC fails to validate that the size of a string fscanf'd into the local 'buf' is smaller than 256 bytes resulting in a stack overflow. With a specially crafted vCard, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more.

vCard PRO create.php Multiple Variable XSS

vCard PRO contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'card_id', 'uploaded', 'card_fontsize', and 'card_color' variables upon submission to the create.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

Ubuntu Installer Log File Cleartext Password Disclosure

The Ubunto installer contains a flaw that may lead to an unauthorized password exposure. The installer log files fail to sanitize passwords used during the installation. The installer log files are world-readable, thus any local user can see the password of the first user account, which has full sudo privileges by default, thus leading to a loss of confidentiality.. Read more.

Zeroboard Session IP Security Bypass XSS

ZeroBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate memo subject, user email address, and the homepage field upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

Sendmail DECODE Alias Arbitrary File Overwrite

Sendmail contains a flaw that may allow a remote attacker to overwrite arbitrary files. The issue is due tot he program allowing remote access to the 'decode' alias. By sending a crafted email to the alias, the sendmail program would write user-supplied content to an arbitrary file as well as set custom permissions.. Read more.

Sendmail debug Arbitrary Command Execution

Sendmail contains a flaw that may allow a remote attacker to execute commands without authentication. The issue is triggered when an attacker connects to the SMTP service (port 25), and issues the 'debug' command. If enable, this may allow an attacker to pipe arbitrary commands that will be executed under the same privileges as sendmail.. Read more.

TENEX Page Fault Race Condition Password Prediction Weakness

TENEX contains a flaw that may allow a local attacker to more trivially guess user passwords. By carefully examining the virtual memory paging timing for differential timing for page faults, it is possible to determine if a specific character matched a portion of the password. By performing this timing attack for each character of a password, an attacker could effectively brute force a relatively strong password in a matter of minutes, instead of having to exhaust a majority of the possible password space.. Read more.

UNIX-V6 su File Descriptor Exhaustion Local Privilege Escalation

UNIX-V6 contains a flaw that may allow a local attacker to gain increased privileges. The flaw occurs when an attacker intentionally exhausts all file descriptors before executing the 'su' program. In such a case, 'su' would invoke a super-user shell instead of failing to execute.. Read more.