Insecurity News

Squid

Squid is a full-featured Web proxy cache.

A buffer overflow flaw was found in the Gopher relay parser. This bug could allow a remote Gopher server to crash the Squid proxy that reads data from it. Although Gopher servers are now quite rare, a malicious webpage (for example) could redirect or contain a frame pointing to an attacker's malicious gopher server. The CVE has assigned the name CAN-2005-0094 to this issue.

An integer overflow flaw was found in the WCCP message parser. It is possible to crash the Squid server if an attacker is able to send a malformed WCCP message with a spoofed source address matching Squid's "home router". The CVE has assigned the name CAN-2005-0095 to this issue. A memory leak was found in the NTLM fakeauth_auth helper. It is possible that an attacker could place the Squid server under high load, causing the NTML fakeauth_auth helper to consume a large amount of memory, resulting in a denial of service. The CVE has assigned the name CAN-2005-0096 to this issue.

A NULL pointer de-reference bug was found in the NTLM fakeauth_auth helper. The CVE has assigned the name CAN-2005-0097 to this issue.

A username validation bug was found in squid_ldap_auth. It is possible for a username to be padded with spaces, which could allow a user to bypass explicit access control rules or confuse accounting. The CVE has assigned the name CAN-2005-0173 to this issue.

The way Squid handles HTTP responses was found to need strengthening. It is possible that a malicious Web server could send a series of HTTP responses in such a way that the Squid cache could be poisoned, presenting users with incorrect webpages. The CVE has assigned the names CAN-2005- 0174 and CAN-2005-0175 to these issues.

A bug was found in the way Squid handled oversized HTTP response headers. It is possible that a malicious Web server could send a specially crafted HTTP header which could cause the Squid cache to be poisoned, presenting users with incorrect webpages. The CVE has assigned the name CAN-2005-0241 to this issue.

A buffer overflow bug was found in the WCCP message parser. It is possible that an attacker could send a malformed WCCP message which could crash the Squid server or execute arbitrary code.

The CVE has assigned the name CAN-2005-0211 to this issue.

DSA-688-1 squid

GLSA 200502-25 / Squid

MDKSA-2005:047

RHSA-2005:060-20

SUSE-SA:2005:008

Security Posture Of Major Distributions

Emacs

Emacs is a powerful, customizable, self-documenting, modeless text editor.

Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs. The Common Vulnerabilities and Exposures (CVE) project (cve.mitre.org) has assigned the name CAN-2005-0100 to this issue.

Users of Emacs are advised to upgrade to these updated packages, which contain backported patches to correct this issue.

GLSA 200502-20 / Emacs

MDKSA-2005:038

RHSA-2005:110-06

SUSE-SR:2005:006

Firefox

Mozilla Firefox is an open source Web browser. A bug was found in the Firefox string handling functions. If a malicious website is able to exhaust a system's memory, it becomes possible to execute arbitrary code. The CVE has assigned the name CAN-2005-0255 to this issue.

A bug was found in the way Firefox handles pop-up windows. It is possible for a malicious website to control the content in an unrelated site's pop-up window. (CAN-2004-1156)

A bug was found in the way Firefox allows plug-ins to load privileged content into a frame. It is possible that a malicious webpage could trick a user into clicking in certain places to modify configuration settings or execute arbitrary code. (CAN-2005-0232 and CAN-2005-0527).

A flaw was found in the way Firefox displays international domain names. It is possible for an attacker to display a valid URL, tricking the user into thinking they are viewing a legitimate webpage when they are not. (CAN-2005-0233)

A bug was found in the way Firefox handles plug-in temporary files. A malicious local user could create a symlink to a victims directory, causing it to be deleted when the victim exits Firefox. (CAN-2005-0578)

A bug has been found in one of Firefox's UTF-8 converters. It may be possible for an attacker to supply a specially crafted UTF-8 string to the buggy converter, leading to arbitrary code execution. (CAN-2005-0592)

A bug was found in the Firefox javascript security manager. If a user drags a malicious link to a tab, the javascript security manager is bypassed which could result in remote code execution or information disclosure. (CAN-2005-0231)

A bug was found in the way Firefox displays the HTTP authentication prompt. When a user is prompted for authentication, the dialog window is displayed over the active tab, regardless of the tab that caused the pop-up to appear and could trick a user into entering their username and password for a trusted site. (CAN-2005-0584)

A bug was found in the way Firefox displays the save file dialog. It is possible for a malicious webserver to use this bug to spoof the Content-Disposition header, tricking the user into thinking they are downloading a different filetype. (CAN-2005-0586)

A bug was found in the way Firefox handles users "down-arrow" through auto completed choices. (CAN-2005-0589)

Several other Firefox bugs were also discovered, The CVE has assigned the following reference numbers to these additional bugs: CAN-2005-0593, CAN-2005-0585, CAN-2005-0588, CAN-2005-0590, and CAN-2005-0591.

GLSA 200503-10 / Firefox

DSA-685-1 emacs21

RHSA-2005:176-11