Network Security News – Thursday, November 03, 2005 Events
phpBB GPC Variable Set register_globals Bypass
phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code. The issue is triggered due to an error where global variables defined by the user are not properly unset. It is possible that the flaw may allow cross site scripting and SQL injection attacks, and/or execution of arbitrary PHP code resulting in a loss of integrity.. Read more at osvdb.org/20386
phpBB Crafted HTTP_SESSION_VARS Variable register_globals Bypass
phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code (register_globals). The flaw exists because the application starts not knowing the values of the $_SESSION or $HTTP_SESSION_VARS variables. It is possible a user can supply arbitrary values to these variables which will cause the register_globals setting to be ignored, allowing for cross-site scripting or SQL injection attacks.. Read more at osvdb.org/20413
phpBB register_long_array register_globals Bypass
phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code (register_globals). The issue is triggered when the 'register_long_array' option is turned off making PHP not able to verify user-supplied input to the HTTP_* variables. It is possible that the flaw may result in cross site scripting and SQL injection attacks due to the lack of the register_globals function being honored.. Read more at osvdb.org/20414
Mac OS X Keychain Access Password Exposure
Mac OS X contains a flaw that may lead to an unauthorized password exposure. The issue is due to the way the Keychain Access utility handles automatic password display timeouts. When a keychain automatically locks due to a timeout while viewing a stored password, the password will remain visible afterwords. It is possible to gain access to plaintext passwords when viewing a keychain resulting in a loss of confidentiality.. Read more at osvdb.org/20430
OpenBSD vi.recover Arbitrary Zero-byte File Deletion
OpenBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker uses an unspecified vulnerability in the /usr/libexec/vi.recover script to delete zero-byte files, such as device nodes. This flaw may lead to a loss of integrity.. Read more at osvdb.org/19104
Mac OS X Unspecified Kernel Issue
Mac OS X contains a flaw related to certain kernel interfaces that may allow a malicious user to disclose sensitive information in uninitialized memory. No further details have been provided.. Read more at osvdb.org/20431
OpenBSD uipc System Calls Null Dereference Local DoS
OpenBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious attacker causes the sys_pipe() function to encounter a certain file descriptor error. This will cause sys_pipe() to dereference the user mode retval value instead of the rval kernel mode value. As retval is NULL, this will result in loss of availability for the platform.. Read more at osvdb.org/20354
Mac OS X memberd Membership Modification Delay Access Restriction Bypass
Mac OS X Server contains a flaw that may allow a malicious user to bypass access restrictions. The problem is that the membership daemon (memberd) does not immediately reflect access control changes, which may allow a malicious user to gain access to files and other resources resulting in a loss of confidentiality.. Read more at osvdb.org/20429
Mac OS X Software Update Security Patch Failure
Mac OS X contains a flaw that may allow a malicious user to bypass security patches. The issue is triggered due to the way the Software Update application handles ignored updates, which may allow a malicious user to bypass important security patches by marking all applicable updates as ignored and leave the system in an insecure state resulting in a loss of integrity.. Read more at osvdb.org/20428
Leave a Reply