Network Security News Monitor - Friday, May 05, 2006 Events

IRIX /dev/ipfilter Traffic Disruption DoS

IRIX contains a flaw that may allow a local denial of service. The issue is triggered when the /dev/MAKEDEV script creates /dev/ipfilter with weak permissions (644), allowing a malicious user access the device in an undisclosed manner, resulting in loss of availability for the platform.. Read more.

Linux Kernel SMBFS SMB Mount Traversal chroot Restriction Bypass

The Linux Kernel contains a flaw that may allow a malicious user to escape a chroot environment. The issue is triggered when a user attempts to change to a working directory outside a chroot environment in a SMBFS file system using a double backslash, e.g. 'cd ..\\'. It is possible that the flaw may allow unauthorised access to file system resources, resulting in a loss of confidentiality and/or integrity.. Read more.

IRIX rpc.passwd nfs.sw.nis Subsystem Local Privilege Escalation

IRIX contains a flaw related to the /usr/etc/rpc.passwd binary of the optional subsystem nfs.sw.nis that may allow an attacker to compromise the root account. No further details have been provided.. Read more.

Quagga RIPd RIPv1 Request Routing Table Disclosure

Quagga contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a RIPv1 'SEND UPDATE' request is sent to the 'RIPd' service, even when it is configured to support RIPv2 only. This will also happen when the RIPv2-only service is configued to work with MD5 authentication. The vulnerability will disclose the service's RIP routing table, resulting in a loss of confidentiality.. Read more.

Quagga RIPd RIPv1 RESPONSE Packet Route Injection

Quagga contains a flaw that may allow an unauthenticated attacker to inject RIP routes into the 'RIPd' service. The issue is triggered when the service is configured with MD5 authentication but no specific RIP version in the configuration file. It is then possible to send unauthenticated RIPv1 'RESPONSE' packets that will be accepted by the service, causing a manipulation of the RIP routing table and resulting in a loss of integrity.. Read more.

IRIX fsr_efs Symlink Unauthorized File Access

IRIX contains a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to fsr_efs creating temporary files insecurely. It is possible for a user to use a symlink style attack, resulting in a loss of integrity.. Read more.

Hostapd EAPoL Frame Handling Remote DoS

Hostapd contains a flaw that may allow a remote denial of service. An attacker can send a specially crafted EAPoL frame with an overly large value in the length field, resulting in loss of availability for the service.. Read more.

ExtractNow UNACEV2.DLL ACE Archive Filename Overflow

A remote overflow exists in ExtractNow. ExtractNow fails to handle an ACE archive that contains a file with an overly long filename resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can compromise a user's system resulting in a loss of integrity.. Read more.

MyNews mynews.inc.php Multiple Variable XSS

MyNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "hash" and "page" variables upon submission to the "mynews.inc.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary HTML and script code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

Cartweaver ColdFusion Details.cfm ProdID Variable Path Disclosure

Cartweaver ColdFusion contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker supplies an invalid 'ProdID' parameter to the 'Details.cfm' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more.

Vuln: hostapd Invalid EAPOL Key Length Remote Denial Of Service Vulnerability

hostapd Invalid EAPOL Key Length Remote Denial Of Service Vulnerability. Read more.

Vuln: FFmpeg LibAVCodec Heap Buffer Overflow Vulnerability

FFmpeg LibAVCodec Heap Buffer Overflow Vulnerability. Read more.

Vuln: AWStats Logfile Parameter Remote Command Execution Vulnerability

AWStats Logfile Parameter Remote Command Execution Vulnerability

. Read more.

Vuln: Awstats Remote Arbitrary Command Execution Vulnerability

Awstats Remote Arbitrary Command Execution Vulnerability. Read more.

Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw

Re: OpenVPN 2.0.7 and below: Remote OpenVPN Management Interface Flaw. Read more.