Network Security News – Wednesday, November 16, 2005 Events
FreeBSD pkg_add Temp Directory Permission Weakness
FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when pkg_add extracts the contents of a package to a temporary directory in /var/tmp with world writable permissions. This flaw may lead to a loss of integrity.. Read more at osvdb.org/20829
FreeBSD Virtual Memory Management msync mmap Local DoS
FreeBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user calls msync(2) on an anonymous, asynchronous memory map (i.e. created using the mmap flags MAP_ANON and MAP_NOSYNC) which had not been accessed previously, and will result in loss of availability for the platform.. Read more at osvdb.org/20823
Invision Power Board Admin Interface APC Notes XSS
Invision Power Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'APC Notes' field of the administration interface. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20517
NetBSD FreeBSD Binary Emulation Compatibility Code Local Overflow
A local overflow exists in NetBSD. The emulation code for FreeBSD binaries fails to sufficiently check bounds, resulting in an integer overflow. With a specially crafted request, an attacker can change the flow of execution, resulting in a loss of integrity and/or availability.. Read more at osvdb.org/20757
NetBSD cgd(4) Kernel Memory Encryption Key Fragment Disclosure
NetBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the cryptographic device driver (cgd) fails to erase cryptographic keys before releasing memory back to the kernel memory pool, which can facilitate the disclosure of encryption keys resulting in a loss of confidentiality.. Read more at osvdb.org/20756
NetBSD F_CLOSEM fnctl() Local DoS
NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user calls F_CLOSEM fnctl() with the parameter 0, causing an infinite loop in the kernel, resulting in a loss of availability for the platform.. Read more at osvdb.org/20755
3CFR index.php Multiple Variable SQL Injection
3CFR contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the "LangueID" and "ThemeID" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.
Additionally, if a failed query is performed, the program will disclose the software's installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/20832
BSD procfs /proc/[pid]/ setuid Binary Privileged Command Execution
Multiple BSD OSs contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user modifies the /proc/pid/mem interface via a modified file descriptor for stderr. This flaw may lead to a loss of integrity.. Read more at osvdb.org/20760
Basic Analysis and Security Engine (BASE) base_qry_main.php sig[1] Variable SQL Injection
Basic Analysis and Security Engine (BASE) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the base_qry_main.php script not properly sanitizing user-supplied input to the 'sig[1]' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20304
Invision Power Board Admin Interface Group Icon Image Field XSS
Invision Power Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'Group Icon Image' field of the administration interface. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20521
Vuln: Multiple Vendor lpCommandLine Application Path Vulnerability
Multiple Vendor lpCommandLine Application Path Vulnerability. Read more at securityfocus.com/bid/15448
Vuln: GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability
GDK-Pixbuf/GTK XPM Images Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15435
Vuln: Ekinboard Profile.PHP Cross-Site Scripting Vulnerability
Ekinboard Profile.PHP Cross-Site Scripting Vulnerability. Read more at securityfocus.com/bid/15447
Vuln: Apple iTunes 6 For Windows Arbitrary Local Code Execution Vulnerability
Apple iTunes 6 For Windows Arbitrary Local Code Execution Vulnerability. Read more at securityfocus.com/bid/15446
APPLE-SA-2005-11-15 iTunes 6 for Windows
APPLE-SA-2005-11-15 iTunes 6 for Windows. Read more at securityfocus.com/archive/1/416747
[securityzone@macromedia.com: Macromedia Security Bulletins]
[securityzone@macromedia.com: Macromedia Security Bulletins]. Read more at securityfocus.com/archive/1/416733
Re: phpBB 2.0.18 SQL Query problem
Re: phpBB 2.0.18 SQL Query problem. Read more at securityfocus.com/archive/1/416731
iDEFENSE Security Advisory 11.15.05: Multiple Vendor Insecure Call to CreateProcess() Vulnerability
iDEFENSE Security Advisory 11.15.05: Multiple Vendor Insecure Call to CreateProcess() Vulnerability. Read more at securityfocus.com/archive/1/416739
Leave a Reply