• Go back to all articles

All articles tagged with Security

The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. Steve Grubb discovered a out of bounds memory access flaw in libpng. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash when opened by a victim. This issue may not be used to execute arbitrary code. Updated packages are available from updates.redhat.com.

Midnight Commander (mc) is a visual shell much like a file manager. Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander. These vulnerabilities were discovered mostly by Andrew V. Samoilov and Pavel Roskin. Updated packages are available from updates.redhat.com.

Rsync is a program for synchronizing files over a network. Rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot. This could allow a remote attacker to write files outside of the module's "path", depending on the privileges assigned to the rsync daemon. Users not running an rsync daemon, running a read-only daemon, or running a chrooted daemon are not affected by this issue. Updated packages are available from updates.redhat.com.

Stefan Esser discovered a problem in neon, an HTTP and WebDAV client library, which is also present in cadaver, a command-line client for WebDAV server. User input is copied into variables not large enough for all cases. This can lead to an overflow of a static heap variable. Fixed packages are available from security.debian.org.

The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. Stefan Esser reported buffer overflow conditions within the cvs program. They allow remote attackers to execute arbitrary code as the user the cvs server runs as. Since there is no easy workaround we strongly recommend to update the cvs package. Fixed packages are available from ftp.suse.com.

Stefan Esser discovered a problem in neon, an HTTP and WebDAV client library. User input is copied into variables not large enough for all cases. This can lead to an overflow of a static heap variable. Fixed packages are available from security.debian.org.

Stefan Esser discovered a heap overflow in the CVS server, which serves the popular Concurrent Versions System. Malformed "Entry" Lines in combination with Is-modified and Unchanged can be used to overflow malloc()ed memory. This was prooven to be exploitable. Fixed packages are available from security.debian.org.

cadaver is a command-line WebDAV client that uses inbuilt code from neon, an HTTP and WebDAV client library. Stefan Esser discovered a flaw in the neon library which allows a heap buffer overflow in a date parsing routine. An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using cadaver. Updated packages are available from updates.redhat.com.

CVS is a version control system frequently used to manage source code repositories. Stefan Esser discovered a flaw in cvs where malformed "Entry" lines could cause a heap overflow. An attacker who has access to a CVS server could use this flaw to execute arbitrary code under the UID which the CVS server is executing. Updated packages are available from updates.redhat.com.

Evgeny Demidov discovered a potential buffer overflow in a Kerberos 4 component of heimdal, a free implementation of Kerberos 5. The problem is present in kadmind, a server for administrative access to the Kerberos database. This problem could perhaps be exploited to cause the daemon to read a negative amount of data which could lead to unexpected behaviour. Fixed packages are available from security.debian.org.

The kdelibs packages include libraries for the K Desktop Environment. iDEFENSE identified a vulnerability in the Opera web browser that could allow remote attackers to create or truncate arbitrary files. The KDE team has found two similar vulnerabilities that also exist in KDE. A flaw in the telnet URI handler may allow options to be passed to the telnet program, resulting in creation or replacement of files. An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file with the victim's permissions. A flaw in the mailto URI handler may allow options to be passed to the kmail program. These options could cause kmail to write to the file system or to run on a remote X display. An attacker could create a carefully crafted link in such a way that access may be obtained to run arbitrary code as the victim. Updated packages are available from updates.redhat.com.

The Midnight Commander (mc) is a file manager for the console. The mc code is vulnerable to several security related bugs like buffer overflows, incorrect format string handling and insecure usage of temporary files. These bugs can be exploited by local users to gain access to the privileges of the user running mc. Fixed packages are available from ftp.suse.com.

A problem has been discovered in mah-jong, a variant of the original Mah-Jong game, that can be utilised to crash the game server after dereferencing a NULL pointer. This bug be exploited by any client that connects to the mah-jong server. Fixed packages are available from security.debian.org.

IPSEC uses strong cryptography to provide both authentication and encryption services. With versions of ipsec-tools prior to 0.2.3, it was possible for an attacker to cause unauthorized deletion of SA (Security Associations.). With versions of ipsec-tools prior to 0.2.5, the RSA signature on x.509 certificates was not properly verified when using certificate based authentication. When ipsec-tools receives an ISAKMP header, it will attempt to allocate sufficient memory for the entire ISAKMP message according to the header's length field. If an attacker crafts an ISAKMP header with a extremely large value in the length field, racoon may exceed operating system resource limits and be terminated, resulting in a denial of service. Fixed packages are available from updates.redhat.com.

Georgi Guninski discovered two stack-based buffer overflows in exim and exim-tls. They can not be exploited with the default configuration from the Debian system, though. When "sender_verify = true" is configured in exim.conf a buffer overflow can happen during verification of the sender. This problem is fixed in exim 4. When headers_check_syntax is configured in exim.conf a buffer overflow can happen during the header check. This problem does also exist in exim 4. Fixed packages are available from security.debian.org.

Georgi Guninski discovered two stack-based buffer overflows. They can not be exploited with the default configuration from the Debian system, though. When "sender_verify = true" is configured in exim.conf a buffer overflow can happen during verification of the sender. This problem is fixed in exim 4. When headers_check_syntax is configured in exim.conf a buffer overflow can happen during the header check. This problem does also exist in exim 4. Fixed packages are available from security.debian.org.

Various vulnerabilities have been fixed in the newly available kernel updates, namely the do_fork() memory leak, which could lead to a local DoS attack, a setsockopt() MCAST buffer overflow which allows local attackers to execute arbitrary code with root privileges, a misuse of the fb_copy_cmap() function which could also allow local attackers to execute arbitrary code with root privileges, an integer overflow in the cpufreq_procctl() function, wrong permissions on /proc/scsi/qla2300/HbaApiNode could allow local attackers to start DoS attacks, and a buffer overflow in panic(). Fixed packages are available from ftp.suse.com.

A vulnerability was discovered in rsync, a file transfer program, whereby a remote user could cause an rsync daemon to write files outside of the intended directory tree. This vulnerability is not exploitable when the daemon is configured with the 'chroot' option. Fixed packages are available from security.debian.org.

Tatsuya Kinoshita discovered a vulnerability in flim, an emacs library for working with internet messages, where temporary files were created without taking appropriate precautions. This vulnerability could potentially be exploited by a local user to overwrite files with the privileges of the user running emacs. the 'chroot' option. Fixed packages are available from security.debian.org.

Utempter is a utility that allows terminal applications such as xterm and screen to update utmp and wtmp without requiring root privileges. Steve Grubb discovered a flaw in Utempter which allowed device names containing directory traversal sequences such as '/../'. In combination with an application that trusts the utmp or wtmp files, this could allow a local attacker the ability to overwrite privileged files using a symlink. Updated packages are available from updates.redhat.com.

The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. Steve Grubb discovered a out of bounds memory access flaw in libpng. An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash when opened by a victim. This issue may not be used to execute arbitrary code. Updated packages are available from updates.redhat.com.

OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. OpenOffice internally uses inbuilt code from neon, an HTTP and WebDAV client library. Versions of the neon client library up to and including 0.24.4 have been found to contain a number of format string bugs. An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using OpenOffice. Updated packages are available from updates.redhat.com.

Midnight Commander (mc) is a visual shell much like a file manager. Several buffer overflows, several temporary file creation vulnerabilities, and one format string vulnerability have been discovered in Midnight Commander. These vulnerabilities were discovered mostly by Andrew V. Samoilov and Pavel Roskin. Updated packages are available from updates.redhat.com.

Steve Grubb discovered a problem in the Portable Network Graphics library libpng which is utilised in several applications. When processing a broken PNG image, the error handling routine will access memory that is out of bounds when creating an error message. Depending on machine architecture, bounds checking and other protective measures, this problem could cause the program to crash if a defective or intentionally prepared PNG image file is handled by libpng. Fixed packages are available from security.debian.org.

LHA is an archiving and compression utility for LHarc format archives. Ulf Harnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. An attacker could exploit the buffer overflows by creating a carefully crafted LHA archive in such a way that arbitrary code would be executed when the archive is tested or extracted by a victim. Also, an attacker could exploit the directory traversal issues to create files as the victim outside of the expected directory. Updated packages are available from updates.redhat.com.

X-Chat is a graphical IRC chat client for the X Window System. A stack buffer overflow flaw was found in the X-Chat's Socks-5 proxy code. An attacker could create a malicious Socks-5 proxy server in such a way that X-Chat would execute arbitrary code if a victim configured X-Chat to use the proxy. Updated packages are available from updates.redhat.com.

The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. A memory leak in mod_ssl in the Apache HTTP Server prior to version 2.0.49 allows a remote denial of service attack against an SSL-enabled server. Updated packages are available from updates.redhat.com.

Jacub Jelinek discovered several vulnerabilities in the Midnight Commander, a powerful file manager for GNU/Linux systems. The identified problems include buffer overflows, insecure temporary file and directory creations, as well as format string problems. Updated packages are available from updates.redhat.com.

H.D. Moore discovered several terminal emulator security issues. One of them covers escape codes that are interepreted by the terminal emulator. This could be exploited by an attacker to insert malicious commands hidden for the user, who has to hit enter to continue, which would also execute the hidden commands. Fixed packages are available from security.debian.org.

Jack discovered a buffer overflow in ident2, an implementation of the ident protocol (RFC1413), where a buffer in the child_service function was slightly too small to hold all of the data which could be written into it. This vulnerability could be exploited by a remote attacker to execute arbitrary code with the privileges of the ident2 daemon (by default, the "identd" user). Fixed packages are available from security.debian.org.