Network Security News – Tuesday, March 21, 2006 Events
LibVC (vCard) count_vcards() Function Local Overflow
An overflow exists in LibVC. LibVC fails to validate that the size of a string fscanf'd into the local 'buf' is smaller than 256 bytes resulting in a stack overflow. With a specially crafted vCard, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/23985
vCard PRO create.php Multiple Variable XSS
vCard PRO contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'card_id', 'uploaded', 'card_fontsize', and 'card_color' variables upon submission to the create.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23838
Ubuntu Installer Log File Cleartext Password Disclosure
The Ubunto installer contains a flaw that may lead to an unauthorized password exposure. The installer log files fail to sanitize passwords used during the installation. The installer log files are world-readable, thus any local user can see the password of the first user account, which has full sudo privileges by default, thus leading to a loss of confidentiality.. Read more at osvdb.org/23868
Zeroboard Session IP Security Bypass XSS
ZeroBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate memo subject, user email address, and the homepage field upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23847
Sendmail DECODE Alias Arbitrary File Overwrite
Sendmail contains a flaw that may allow a remote attacker to overwrite arbitrary files. The issue is due tot he program allowing remote access to the 'decode' alias. By sending a crafted email to the alias, the sendmail program would write user-supplied content to an arbitrary file as well as set custom permissions.. Read more at osvdb.org/196
Sendmail debug Arbitrary Command Execution
Sendmail contains a flaw that may allow a remote attacker to execute commands without authentication. The issue is triggered when an attacker connects to the SMTP service (port 25), and issues the 'debug' command. If enable, this may allow an attacker to pipe arbitrary commands that will be executed under the same privileges as sendmail.. Read more at osvdb.org/195
TENEX Page Fault Race Condition Password Prediction Weakness
TENEX contains a flaw that may allow a local attacker to more trivially guess user passwords. By carefully examining the virtual memory paging timing for differential timing for page faults, it is possible to determine if a specific character matched a portion of the password. By performing this timing attack for each character of a password, an attacker could effectively brute force a relatively strong password in a matter of minutes, instead of having to exhaust a majority of the possible password space.. Read more at osvdb.org/23199
UNIX-V6 su File Descriptor Exhaustion Local Privilege Escalation
UNIX-V6 contains a flaw that may allow a local attacker to gain increased privileges. The flaw occurs when an attacker intentionally exhausts all file descriptors before executing the 'su' program. In such a case, 'su' would invoke a super-user shell instead of failing to execute.. Read more at osvdb.org/535
Leave a Reply