Network Security News – Saturday, November 19, 2005 Events
Unclassified NewsBoard Description Field XSS
Unclassified NewsBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Description" variable when posting a message. This could allow a user to inject arbitrary HTML and script code that would execute in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19239
Unclassified NewsBoard Search Function DateFrom Variable SQL Injection
Unclassified NewsBoard contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search function not properly sanitizing user-supplied input to the DateFrom variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20951
BSD kern_sig.c sigvec() Crafted Address Local DoS
BSD contains a flaw that may allow a local denial of service. The issue is triggered when addresses passed to sigvec() (as in user level signal() handler addreses) are not properly validated by the kernel before being used, resulting in a loss of availability for the platform.. Read more at osvdb.org/622
BSD f_count Wrapped Count Arbitrary Privilege Escalation
BSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user creates a trival program to open a file more than 20 times, with forking and repeating. When this program creates more than 20 processes, with each process maxing out at 20 file descriptors, the f_count variable, which is a char data type, will wrap back to 0 and start to increase again. If a malicious user can set f_count to exactly 0 and then open a read only file, he or she can enable write access on other descriptors. This flaw can also be timed with the execution of a setuid binary, to steal its file descriptors. This will permit write access to both files and directories. This flaw may lead to a loss of integrity.. Read more at osvdb.org/604
BSD mail Mail Append Arbitrary File Modification
BSD contains a flaw that may allow a malicious local user to modify arbitrary files on the system. The issue is triggered when a malicious user mails himself a root passwd entry that /usr/ucb/mail will append to /etc/passwd, resulting in a loss of integrity.. Read more at osvdb.org/615
BSD ex3.7preserve Group ID Privilege Escalation
BSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the native bsd C language compiler translates chown(path, owner) in ex3.7preserve as chown(path, owner, 0), which permits the creation of a file in group 0. This flaw may lead to a loss of integrity.. Read more at osvdb.org/591
BSD exec System Call Crafted Header Memory Disclosure
BSD contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when the exec system call fails to check the text size and data size in a header against the actual size of a file. If a malicious user creates an unreasonably large datasize, a core dump will result. This will disclose memory information resulting in a loss of confidentiality.. Read more at osvdb.org/566
BSD pseudo-tty Cross Session Information Disclosure
BSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user uses the cat command to view the output of a victim user terminal, resulting in a loss of confidentiality.. Read more at osvdb.org/695
Leave a Reply