All articles

August 26, 2003 06:37 Red Hat: Updated pam_smb packages fix remote buffer overf...

0
The pam_smb module is a pluggable authentication module (PAM) used to authenticate users using an external Server Message Block (SMB) server. A buffer overflow vulnerability has been found that affects unpatched versions of pam_smb up to and including 1.1.6. On systems that use pam_smb and are configured to authenticate a remotely accessible service, an attacker can exploit this bug and remotely execute arbitrary code. Fixed packages are available from updates.redhat.com.

August 25, 2003 22:26 Debian: New unzip packages fix directory traversal vulner...

0
A directory traversal vulnerability in UnZip 5.50 allows attackers to bypass a check for relative pathnames ("../") by placing certain invalid characters between the two "." characters. The fix which was implemented in DSA-344-1 may not have protected against all methods of exploiting this vulnerability. Fixed packages are available from security.debian.org.

No avatar August 25, 2003 00:00 European Protests Against Software Patents

14
On Wednesday, August 27th, there will be a last-minute demonstration at the European Parliament in Brussels against the proposed directive on software patents, organized by the FFII. As an additional (or alternative) action, people and organizations are encouraged to participate in an online demonstration that day, replacing the main pages of their Web sites with text explaining the dangers of introducing unlimited patentability in Europe.

No avatar August 23, 2003 00:00 Spam Filters

82
Spam is a growing problem for email users, and many solutions have been proposed, from a postage fee for email to Turing tests to simply not accepting email from people you don't know. Spam filtering is one way to reduce the impact of the problem on the individual user (though it does nothing to reduce the effect of the network traffic generated by spam). In its simplest form, a spam filter is a mechanism for classifying a message as either spam or not spam.

August 21, 2003 12:45 Red Hat: GDM allows local user to read any file.

0
GDM is the GNOME Display Manager for X. Versions of GDM prior to 2.4.1.6 contain a bug where GDM will run as root when examining the ~/.xsession-errors file when using the "examine session errors" feature, allowing local users the ability to read any text file on the system by creating a symlink. Red Hat Linux 8.0 and 9 are vulnerable to this issue. Versions of GDM in earlier releases did not have the "examine session errors" feature and therefore are not vulnerable to this issue. Fixed packages are available from updates.redhat.com.

August 18, 2003 06:55 Debian: New man-db packages fix segmentation fault

0
A previous man-db update (DSA-364-1) fixed buffer overruns in ult_src, a part of the "mandb" command that finds the canonical source file for each man page. However, this update introduced an error in the routine that resolves hardlinks: depending on the filenames of hardlinked man pages, that routine might itself overrun allocated memory, causing a segmentation fault. Fixed packages are available from security.debian.org.

August 17, 2003 02:23 Debian: New autorespond packages fix buffer overflow

0
Christian Jaeger discovered a buffer overflow in autorespond, an email autoresponder used with qmail. This vulnerability could potentially be exploited by a remote attacker to gain the privileges of a user who has configured qmail to forward messages to autorespond. This vulnerability is currently not believed to be exploitable due to incidental limits on the length of the problematic input, but there may be situations in which these limits do not apply. Fixed packages are available from security.debian.org.

August 17, 2003 02:20 Debian: New netris packages fix buffer overflow

0
Shaun Colley discovered a buffer overflow vulnerability in netris, a network version of a popular puzzle game. A netris client connecting to an untrusted netris server could be sent an unusually long data packet, which would be copied into a fixed-length buffer without bounds checking. This vulnerability could be exploited to gain the priviliges of the user running netris in client mode, if they connect to a hostile netris server. Fixed packages are available from security.debian.org.

August 12, 2003 22:56 SuSE: New kernel packages fix local privilege escalation ...

0
During the last weeks a couple of security relevant fixes have been accumulated for the kernel. These fix local vulnerabilities and remote DoS conditions. Fixed packages can be obtained from ftp.suse.com.

August 11, 2003 22:02 Red Hat: Updated KDE packages fix security issue

0
KDE is a graphical desktop environment for the X Window System. Konqueror is the file manager for the K Desktop Environment. George Staikos reported that Konqueror may inadvertently send authentication credentials to websites other than the intended website in clear text via the HTTP-referer header. This can occur when authentication credentials are passed as part of a URL in the form http://user:password@host/. Fixed packages are available from updates.redhat.com.

August 11, 2003 22:01 Red Hat: Updated ddskk packages fix temporary file vulner...

0
Daredevil SKK is a simple Kana to Kanji conversion program, an input method of Japanese for Emacs and XEmacs. ddskk does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and skk. Fixed packages are available from updates.redhat.com.

August 11, 2003 21:51 Debian: New perl packages fix cross-site scripting

0
A cross-site scripting vulnerability exists in the start_form() function in CGI.pm. This function outputs user-controlled data into the action attribute of a form element without sanitizing it, allowing a remote user to execute arbitrary web script within the context of the generated page. Any program which uses this function in the CGI.pm module may be affected. Fixed packages are available from security.debian.org.

August 10, 2003 01:20 Debian: New kdelibs-crypto packages fix multiple vulnerab...

0
Two vulnerabilities were discovered in kdelibs. KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. Also, Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. Fixed packages are available from security.debian.org.

August 09, 2003 01:29 Debian: New pam-pgsql packages fix format string vulnerab...

0
Florian Zumbiehl reported a vulnerability in pam-pgsql whereby the username to be used for authentication is used as a format string when writing a log message. This vulnerability may allow an attacker to execute arbitrary code with the privileges of the program requesting PAM authentication. Fixed packages are available from security.debian.org.

August 09, 2003 01:14 Debian: New zblast packages fix buffer overflow

0
Steve Kemp discovered a buffer overflow in zblast-svgalib, when saving the high score file. This vulnerability could be exploited by a local user to gain gid 'games', if they can achieve a high score. Fixed packages are available from security.debian.org.

August 08, 2003 09:56 Red Hat: up2date improperly checks GPG signature of packages

0
The Red Hat Update Agent, up2date, automatically queries the Red Hat Network servers and determines which packages need to be updated on your machine. up2date versions 3.0.7 and 3.1.23 incorrectly check RPM GPG signatures. These are the versions found in Red Hat Linux 8.0 and 9. This bug allows packages which have no GPG signature to be installed by up2date if they are provided by the Red Hat Network servers. The intended behaviour is that only packages signed with the Red Hat package signing key will be installed. Fixed packages are available from updates.redhat.com.

August 08, 2003 07:39 Debian: New xpcd packages fix buffer overflow

0
Steve Kemp discovered a buffer overflow in xpcd-svga which can be triggered by a long HOME environment variable. This vulnerability could be exploited by a local attacker to gain root privileges. Fixed packages are available from security.debian.org.

August 08, 2003 07:23 Debian: New xtokkaetama packages fix buffer overflow

0
Another buffer overflow was discovered in xtokkaetama, involving the "-nickname" command line option. This vulnerability could be exploited by a local attacker to gain gid 'games'. Fixed packages are available from security.debian.org.

August 06, 2003 01:40 Debian: New eroaster packages fix insecure temporary file...

0
eroaster, a frontend for burning CD-R media using cdrecord, does not take appropriate security precautions when creating a temporary file for use as a lockfile. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running eroaster. Fixed packages are available from security.debian.org.

August 06, 2003 01:24 Debian: New phpgroupware package fix several vulnerabilities

0
Several vulnerabilities have been discovered in phpgroupware. Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module. An unknown vulnerability exists in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. Multiple SQL injection vulnerabilities exist in the infolog module of phpgroupware could allow remote attackers to execute arbitrary SQL statements. Fixed packages are available from security.debian.org.

August 04, 2003 22:47 Debian: New man-db packages fix buffer overflows, arbitra...

0
man-db provides the standard man(1) command on Debian systems. During configuration of this package, the administrator is asked whether man(1) should run setuid to a dedicated user ("man") in order to provide a shared cache of preformatted manual pages. The default is for man(1) NOT to be setuid, and in this configuration no known vulnerability exists. However, if the user explicitly requests setuid operation, a local attacker could exploit either of the following bugs to execute arbitrary code as the "man" user. Fixed packages are available from security.debian.org.

August 04, 2003 22:46 Debian: New kernel packages fix potential "oops"

0
This advisory provides a correction to the previous kernel updates, which contained an error introduced in kernel-source-2.4.18 version 2.4.18-7. This error could result in a kernel "oops" under certain circumstances. Fixed packages are available from security.debian.org.

August 04, 2003 08:00 Red Hat: New postfix packages fix security issues.

0
Postfix is a Mail Transport Agent (MTA). Postfix versions before 1.1.12 allow an attacker to bounce-scan private networks, or use the daemon as a DDoS tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP address and receiving either a bounce message or by analyzing timing. Postfix versions from 1.1 up to and including 1.1.12 have a bug where a remote attacker could send a malformed envelope address and cause the queue manager to lock up until an entry is removed from the queue or lock up the SMTP listener, leading to a DoS. Fixed packages are available from updates.redhat.com.

August 04, 2003 07:47 SuSE: New postfix packages fix remote DoS attack

0
Postfix is a flexible MTA replacement for sendmail. Michal Zalewski has reported problems in postfix which can lead to a remote DoS attack or allow attackers to bounce-scan private networks. These problems have been fixed. Even though not all of our products are vulnerable in their default configurations, the updates should be applied. Fixed packages are available from ftp.suse.com.

August 03, 2003 15:49 Debian: New postfix packages fix remote denial of service...

0
The postfix mail transport agent in Debian 3.0 contains two vulnerabilities: Postfix would allow an attacker to bounce-scan private networks or use the daemon as a DDoS tool by forcing the daemon to connect to an arbitrary service at an arbitrary IP address and either receiving a bounce message or observing queue operations to infer the status of the delivery attempt. Also, a malformed envelope address can 1) cause the queue manager to lock up until an entry is removed from the queue and 2) lock up the smtp listener leading to a denial of service. Fixed packages are available from security.debian.org.

August 03, 2003 00:51 Debian: New mindi packages fix insecure temporary file cr...

0
mindi, a program for creating boot/root disks, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running mindi. Fixed packages are available from security.debian.org.

August 02, 2003 01:41 Debian: New kdelibs packages fix several vulnerabilities

0
Two vulnerabilities were discovered in kdelibs: KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. Also, Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. Fixed packages are available from security.debian.org.

August 01, 2003 06:31 Debian: New xfstt packages fix several vulnerabilities

0
xfstt, a TrueType font server for the X window system was found to contain two classes of vulnerabilities: a remote attacker could send requests crafted to trigger any of several buffer overruns, causing a denial of service or possibly executing arbitrary code on the server with the privileges of the "nobody" user. Also, certain invalid data sent during the connection handshake could allow a remote attacker to read certain regions of memory belonging to the xfstt process. This information could be used for fingerprinting, or to aid in exploitation of a different vulnerability. Fixed packages are available from security.debian.org.

July 31, 2003 23:37 Debian: New atari800 packages fix buffer overflows

0
Steve Kemp discovered multiple buffer overflows in atari800, an Atari emulator. In order to directly access graphics hardware, one of the affected programs is setuid root. A local attacker could exploit this vulnerability to gain root privileges. Fixed packages are available from security.debian.org.

July 31, 2003 23:33 Debian: New kernel source and i386, alpha kernel images f...

0
A number of vulnerabilities have been discovered in the Linux kernel, details of which can be found in the body of this advisory. Fixed packages are available from security.debian.org.
Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.