All articles

January 26, 2004 22:43 Debian: New gnupg packages fix cryptographic weakness in ...

0
Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Fixed packages are available from security.debian.org.

January 26, 2004 14:19 Red Hat: Updated Gaim packages fix various vulnerabiliies

1
Gaim is an instant messenger client that can handle multiple protocols. Stefan Esser audited the Gaim source code and found a number of bugs that have security implications. Due to the nature of instant messaging many of these bugs require man-in-the-middle attacks between client and server. However at least one of the buffer overflows could be exploited by an attacker sending a carefully-constructed malicious message through a server. Updated packages are available from updates.redhat.com.

No avatar January 24, 2004 00:00 Providing Good Feedback for Bug Reporters

16
A comment on a bug I submitted recently spurred me to provide some feedback from an application user's perspective on bug reports. There are ways of responding to a bug report that encourage the types of responses that are helpful to developers, and there are ways of responding that only produce anger and frustration, without getting anything fixed. My hope is to encourage good communication between bug reporters and developers to enable better, quicker bugfixes.

January 22, 2004 08:46 Red Hat: Updated slocate packages fix vulnerability

0
Slocate is a security-enhanced version of locate, designed to find files on a system via a central database. Patrik Hornik discovered a vulnerability in Slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. A local user could exploit this vulnerability to gain "slocate" group privileges and then read the entire slocate database. Fixed packages are available from updates.redhat.com.

January 21, 2004 12:01 Red Hat: Updated mc packages resolve buffer overflow vuln...

0
Midnight Commander is a visual shell much like a file manager. A buffer overflow has been found in Midnight Commander's virtual filesystem code. Specifically, a stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c allows remote attackers to execute arbitrary code during symlink conversion. Updated packages are available from updates.redhat.com.

January 21, 2004 00:28 Debian: New slocate packages fix buffer overflow

0
A vulnerability was discovered in slocate, a program to index and search for files, whereby a specially crafted database could overflow a heap-based buffer. This vulnerability could be exploited by a local attacker to gain the privileges of the "slocate" group, which can access the global database containing a list of pathnames of all files on the system, including those which should only be visible to privileged users. Fixed packages are available from security.debian.org.

January 19, 2004 06:56 Debian: New netpbm-free packages fix insecure temporary f...

0
netpbm is graphics conversion toolkit made up of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool. Fixed packages are available from security.debian.org.

January 17, 2004 01:38 Debian: New mc packages fix buffer overflow

0
A vulnerability was discovered in Midnight Commander, a file manager, whereby a malicious archive (such as a .tar file) could cause arbitrary code to be executed if opened by Midnight Commander. Fixed packages are available from security.debian.org.

January 17, 2004 01:37 Debian: New tcpdump packages fix multiple vulnerabilities

0
Multiple vulnerabilities were discovered in tcpdump, a tool for inspecting network traffic. If a vulnerable version of tcpdump attempted to examine a maliciously constructed packet, a number of buffer overflows could be exploited to crash tcpdump, or potentially execute arbitrary code with the privileges of the tcpdump process. Fixed packages are available from security.debian.org.

No avatar January 17, 2004 00:00 Modular vs. Monolithic: The winner is ...?

21
The history of software development is full of controversies. One of the oldest is the controversy about modular vs. monolithic software development.

January 14, 2004 11:52 Red Hat: Updated tcpdump packages fix various vulnerabili...

0
Tcpdump is a command-line tool for monitoring network traffic. George Bakos discovered flaws in the ISAKMP decoding routines of tcpdump versions prior to 3.8.1. Jonathan Heusser discovered two additional flaws in the ISAKMP decoding routines of tcpdump versions up to and including 3.8.1. Remote attackers could potentially exploit these issues by sending carefully-crafted packets to a victim. If the victim uses tcpdump, these pakets could result in a denial of service, or possibly execute arbitrary code as the 'pcap' user. Fixed packages are available from updates.redhat.com.

January 14, 2004 06:28 SuSE: New tcpdump packages fix remote DoS

0
Tcpdump is a well known tool for administrators to analyze network traffic. There is a bug in the tcpdump code responsible for handling ISAKMP messages. This bug allows remote attackers to destroy a current tcpdump session by tricking the tcpdump program with evil ISAKMP messages to enter an endless loop. Fixed packages are available from ftp.suse.com.

January 14, 2004 06:26 Red Hat: Updated kdepim packages resolve security vulnera...

0
The K Desktop Environment (KDE) is a graphical desktop for the X Window System. The KDE Personal Information Management (kdepim) suite helps you to organize your mail, tasks, appointments, and contacts. The KDE team found a buffer overflow in the file information reader of VCF files. An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. Fixed packages are available from updates.redhat.com.

January 13, 2004 06:18 Debian: New cvs packages bring multiple CVS improvements

0
The account management of the CVS pserver (which is used to give remote access to CVS repositories) uses a CVSROOT/passwd file in each repository which contains the accounts and their authentication information as well as the name of the local unix account to use when a pserver account is used. Since CVS performed no checking on what unix account was specified anyone who could modify the CVSROOT/passwd could gain access to all local users on the CVS server, including root. Additionaly, CVS pserver had a bug in parsing module requests which could be used to create files and directories outside a repository. Finally, the umask used for 'cvs init' and 'cvs-makerepos' has been changed to prevent repositories from being created with group write permissions. Fixed packages are available from security.debian.org.

January 12, 2004 22:33 Debian: New mod-auth-shadow packages fix password expirat...

0
David B Harris discovered a problem with mod-auth-shadow, an Apache module which authenticates users against the system shadow password database, where the expiration status of the user's account and password were not enforced. This vulnerability would allow an otherwise authorized user to successfully authenticate, when the attempt should be rejected due to the expiration parameters. Fixed packages are available from security.debian.org.

January 12, 2004 09:45 Red Hat: Updated CVS packages fix minor security issue

0
CVS is a version control system frequently used to manage source code repositories. A flaw was found in versions of CVS prior to 1.11.10 where a malformed module request could cause the CVS server to attempt to create files or directories at the root level of the file system. However, normal file system permissions would prevent the creation of these misplaced directories. Updated packages are available from updates.redhat.com.

January 12, 2004 03:06 Debian: New jitterbug packages fix arbitrary command exec...

0
Steve Kemp discovered a security related problem in jitterbug, a simple CGI based bug tracking and reporting tool. Unfortunately not program executions use properly sanitized input which allows an attacker to execute arbitary commands on the server hosting the bug database. As mitigating factors these attacks are only available to non-guest users, and accounts for these people must be setup by the administrator making them "trusted". Fixed packages are available from security.debian.org.

January 09, 2004 02:26 Debian: New phpgroupware packages fix unintended PHP exec...

0
The authors of phpgroupware, a web based groupware system written in PHP, discovered several vulnerabilities. In the "calendar" module, "save extension" was not enforced for holiday files. As a result, server-side php scripts may be placed in directories that then could be accessed remotely and cause the webserver to execute those. This was resolved by enforcing the extension ".txt" for holiday files. Some SQL injection problems (non-escaping of values used in SQL strings) the "calendar" and "infolog" modules. Fixed packages are available from security.debian.org.

January 08, 2004 02:26 Debian: New vbox3 packages fix privilege leak

0
A bug was discovered in vbox3, a voice response system for isdn4linux, whereby root privileges were not properly relinquished before executing a user-supplied tcl script. By exploiting this vulnerability, a local user could gain root privileges. Fixed packages are available from security.debian.org.

January 07, 2004 22:15 Red Hat: Updated Ethereal packages fix security issues

0
Ethereal is a program for monitoring network traffic. Two security issues have been found that affect Ethereal. By exploiting these issues it may be possible to make Ethereal crash by injecting an intentionally malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It is not known if these issues could allow arbitrary code execution. Updated packages are available from updates.redhat.com.

January 06, 2004 22:47 Debian: New fsp packages fix buffer overflow, directory t...

0
A vulnerability was discovered in fsp whereby a remote user could both escape from the FSP root directory (CAN-2003-1022), and also overflow a fixed-length buffer to execute arbitrary code (CAN-2004-0011). Fixed packages are available from security.debian.org.

January 06, 2004 22:45 Debian: New zebra packages fix denial of service

0
Two vulnerabilities were discovered in zebra, an IP routing daemon. A bug in the telnet CLI could allow a remote attacker to cause a zebra process to crash, resulting in a denial of service. Netlink messages sent by other users (rather than the kernel) would be accepted, leading to a denial of service. Fixed packages are available from security.debian.org.

January 06, 2004 22:42 Debian: New jabber packages fix denial of service

0
A vulnerability was discovered in jabber, an instant messaging server, whereby a bug in the handling of SSL connections could cause the server process to crash, resulting in a denial of service. Fixed packages are available from security.debian.org.

January 06, 2004 08:14 Debian: New Linux 2.4.18 packages fix locate root exploit

0
Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.2.x, 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. Fixed packages are available from security.debian.org.

January 06, 2004 00:51 Debian: New mpg321 packages fix format string vulnerability

0
A vulnerability was discovered in mpg321, a command-line mp3 player, whereby user-supplied strings were passed to printf(3) unsafely. This vulnerability could be exploited by a remote attacker to overwrite memory, and possibly execute arbitrary code. In order for this vulnerability to be exploited, mpg321 would need to play a malicious mp3 file (including via HTTP streaming). Fixed packages are available from security.debian.org.

January 06, 2004 00:51 Debian: New nd packages fix buffer overflows

0
Multiple vulnerabilities were discovered in nd, a command-line WebDAV interface, whereby long strings received from the remote server could overflow fixed-length buffers. This vulnerability could be exploited by a remote attacker in control of a malicious WebDAV server to execute arbitrary code if the server was accessed by a vulnerable version of nd. Fixed packages are available from security.debian.org.

January 06, 2004 00:50 Debian: New libnids packages fix buffer overflow

0
A vulnerability was discovered in libnids, a library used to analyze IP network traffic, whereby a carefully crafted TCP datagram could cause memory corruption and potentially execute arbitrary code with the privileges of the user executing a program which uses libnids (such as dsniff). Fixed packages are available from security.debian.org.

January 06, 2004 00:47 Debian: New bind packages fix denial of service

0
A vulnerability was discovered in BIND, a domain name server, whereby a malicious name server could return authoritative negative responses with a large TTL (time-to-live) value, thereby rendering a domain name unreachable. A successful attack would require that a vulnerable BIND instance submit a query to a malicious nameserver. Fixed packages are available from security.debian.org.

January 06, 2004 00:39 SuSE: New linux kernel packages fix local system compromise

0
The do_mremap() function of the Linux Kernel is used to manage (move, resize) Virtual Memory Areas (VMAs). By exploiting an incorrect bounds check in do_mremap() during the remapping of memory it is possible to create a VMA with the size of 0. In normal operation do_mremap() leaves a memory hole of one page and creates an additional VMA of two pages. In case of exploitation no hole is created but the new VMA has a 0 bytes length. The Linux Kernel's memory management is corrupted from this point and can be abused by local users to gain root privileges. Fixed packages are available from ftp.suse.com.

January 05, 2004 06:30 Debian: New screen packages fix group utmp exploit

0
Timo Sirainen reported a vulnerability in screen, a terminal multiplexor with VT100/ANSI terminal emulation, that can lead an attacker to gain group utmp privledges. Fixed packages are available from security.debian.org.
Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.