SecurityReason IT News

Multiple Vendors libc/fnmatch(3) DoS

Fri, 13 May 2011 00:38:18 +0200

Author : SecurityReason

New advisory about vulnerabilities in libc for multiple vendors "Multiple Vendors libc/fnmatch(3) DoS (incl apache)". A 'resource exhaustion' vulnerability has been identified in fnmatch(3) function.
Attacker, what may modify first and second parameters(pattern,string) of fnmatch(3), may cause to CPU resource exhaustion.
More:
http://securityreason.com/achievement_securityalert/98

Exploit:
http://cxib.net/stuff/apr_fnmatch.txt

References:
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c
https://rhn.redhat.com/errata/RHSA-2011-0507.html
http://httpd.apache.org/security/vulnerabilities_22.html
http://www.apache.org/dist/apr/CHANGES-APR-1.4
http://cwe.mitre.org/data/definitions/399.html

vsftpd flaw could disable wide range of servers

Tue, 01 Mar 2011 00:19:23 +0100

Author : SecurityReason

New advisory about vulnerability in vsftpd server "vsftpd 2.3.2 remote denial-of-service". A 'resource exhaustion' vulnerability has been identified in ls.c file.
The potential scale of risk is high.
Examples of vulnerable servers:
- ftp.gnu.org
- ftp.kernel.org
- ftpgen.wip4.adobe.com
- ftp.oracle.com
- ftp.freebsd.org

Any code with huge complexity, could allow of denial of service if an affected system received vulnerable pattern.

More:
http://securityreason.com/achievement_securityalert/95

Exploit:
http://cxib.net/stuff/vspoc232.c

Fix for this issue has been created together with vsftpd projects.

ChangeLog:
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.3.4/Changelog

GNU libc Multiple Vulnerabilities

Fri, 07 Jan 2011 20:36:35 +0100

Author : Maksymilian Arciemowicz

New advisory about vulnerabilities in GNU libc "GNU libc/regcomp(3) Multiple Vulnerabilities". A 'resource exhaustion' vulnerabilities has been identified in GNU C library.
exploit:
http://cxib.net/stuff/proftpd.gnu.c

Exploit can be used to attack some proftpd servers with wirtting privialges.

More:
http://securityreason.com/achievement_securityalert/93
http://www.kb.cert.org/vuls/id/912279

Apache Insecure mod_rewrite PCRE Resource Exhaustion

Tue, 21 Dec 2010 00:16:13 +0100

Author : Maksymilian Arciemowicz

New advisory about vulnerabilities in apache mod_rewrite "Apache Insecure mod_rewrite PCRE Resource Exhaustion". A 'resource exhaustion' vulnerability has been identified in PCRE library.
Using mod_rewrite and PCRE libs can dangerous for stability apache server. Everybody know that using pcre regular expressions can be dangerous, and using multiple regular expressions in .htaccess is no good idea.

More:
http://securityreason.com/achievement_securityalert/92

PoC:
http://cxib.net/stuff/rewrite.pcre.txt

PHP 5.3.3 Null Pointer Dereference

Sat, 06 Nov 2010 14:25:01 +0100

Author : SecurityReason

SecurityReason realised new advisory about vulnerabilities in PHP 5.3.3 and PHP 5.2.14 "PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference". The main problem exist in function ZipArchive::getArchiveComment().
More:
http://securityreason.com/achievement_securityalert/90

Fix 5.2:
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/zip/php_zip.c

Fix 5.3:
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/zip/php_zip.c

MDVSA-2010:218
http://lists.mandriva.com/security-announce/2010-10/msg00044.php