All articles

July 31, 2003 23:31 Debian: New wu-ftpd packages fix buffer overflow

0
iSEC Security Research reports that wu-ftpd contains an off-by-one bug in the fb_realpath function which could be exploited by a logged-in user (local or anonymous) to gain root privileges. A demonstration exploit is reportedly available. Fixed packages are available from security.debian.org.

July 31, 2003 12:26 SuSE: New wu-ftpd packages fix remote buffer overflow

1
Janusz Niewiadomski and Wojciech Purczynski of iSEC Security Research have found a single byte buffer overflow in the Washington University ftp daemon (wuftpd), a widely used ftp server for Linux-like systems. It is yet unclear if this bug is (remotely) exploitable. Positive exploitability may result in a remote root compromise of a system running the wuftpd ftp daemon. Fixed packages are available from ftp.suse.com.

July 31, 2003 12:25 Red Hat: Updated wu-ftpd packages fix remote vulnerability.

0
The wu-ftpd package contains the Washington University FTP (File Transfer Protocol) server daemon. FTP is a method of transferring files between computers on a network. An off-by-one bug has been discovered in versions of wu-ftpd up to and including 2.6.2. On a vulnerable system, a remote attacker would be able to exploit this bug to gain root privileges. Red Hat Linux 7.1 and 7.2 contain a version of wu-ftpd that is affected by this bug, although it is believed this issue will not be remotely exploitable due to compiler padding of the buffer targeted for the overflow. Red Hat Linux 7.3 and 8.0 contain a version of wu-ftpd that is remotely exploitable. FFixed packages are available from updates.redhat.com.

July 30, 2003 22:21 Debian: New xtokkaetama packages fix buffer overflows

0
Steve Kemp discovered two buffer overflows in xtokkaetama, a puzzle game, when processing the -display command line option and the XTOKKAETAMADIR environment variable. These vulnerabilities could be exploited by a local attacker to gain gid 'games'. Fixed packages are available from security.debian.org.

July 30, 2003 22:19 Debian: New gallery packages fix cross-site scripting

0
Larry Nguyen discovered a cross site scripting vulnerability in gallery, a web-based photo album written in php. This security flaw can allow a malicious user to craft a URL that executes Javascript code on your website. Fixed packages are available from security.debian.org.

July 29, 2003 23:25 Debian: New xconq packages fix buffer overflows

0
Steve Kemp discovered a buffer overflow in xconq, in processing the USER environment variable. In the process of fixing this bug, a similar problem was discovered with the DISPLAY environment variable. This vulnerability could be exploited by a local attacker to gain gid 'games'. Fixed packages are available from security.debian.org.

July 29, 2003 15:16 Red Hat: Updated openssh packages available

0
OpenSSH is a suite of network connectivity tools that can be used to establish encrypted connections between systems on a network and can provide interactive login sessions and port forwarding, among other functions. When configured to allow password-based or challenge-response authentication, sshd (the OpenSSH server) uses PAM (Pluggable Authentication Modules) to verify the user's password. Under certain conditions, OpenSSH versions prior to 3.6.1p1 reject an invalid authentication attempt without first attempting authentication using PAM. If PAM is configured with its default failure delay, the amount of time sshd takes to reject an invalid authentication request varies widely enough that the timing variations could be used to deduce whether or not an account with a specified name existed on the server. This information could then be used to narrow the focus of an attack against some other system component. Fixed packages are available from updates.redhat.com.

July 29, 2003 06:43 Debian: New sup packages fix insecure temporary file crea...

0
sup, a package used to maintain collections of files in identical versions across machines, fails to take appropriate security precautions when creating temporary files. A local attacker could exploit this vulnerability to overwrite arbitrary files with the privileges of the user running sup. Fixed packages are available from security.debian.org.

No avatar July 27, 2003 00:00 GUI Toolkits for The X Window System

111
This article is aimed at Unix developers who already have some experience with programming languages and want to start developing GUI applications (mainly for The X Window System, though portability is discussed). It may also come in handy if you have used a particular GUI toolkit for some time and want to know whether others might suit your needs better. The main focus is comparison and introduction, but it serves as a bit of tutorial, as well.

July 25, 2003 07:10 Red Hat: Updated stunnel packages fix signal vulnerability

0
Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over a secure connection (encrypted using SSL or TLS) or to provide a secure means of connecting to services that do not natively support encryption. When configured to listen for incoming connections (instead of being invoked by xinetd), stunnel can be configured to either start a thread or a child process to handle each new connection. If Stunnel is configured to start a new child process to handle each connection, it will receive a SIGCHLD signal when that child exits. Stunnel versions prior to 4.04 would perform tasks in the SIGCHLD signal handler which, if interrupted by another SIGCHLD signal, could be unsafe. This could lead to a denial of service. Fixed packages are available from updates.redhat.com.

July 23, 2003 22:14 Red Hat: Updated semi packages fix vulnerability

0
semi is a MIME library for GNU Emacs and XEmacs used by the wl mail package. A vulnerability in semi version 1.14.3 and earlier allows an attacker to overwrite arbitrary files with potentially arbitrary contents using the privileges of the user running Emacs and semi. Fixed packages are available from updates.redhat.com.

July 22, 2003 21:54 Debian: New fdclone packages fix insecure temporary direc...

0
fdclone creates a temporary directory in /tmp as a workspace. However, if this directory already exists, the existing directory is used instead, regardless of its ownership or permissions. This would allow an attacker to gain access to fdclone's temporary files and their contents, or replace them with other files under the attacker's control. Fixed packages are available from security.debian.org.

July 21, 2003 11:38 Red Hat: Updated Mozilla packages fix security vulnerability

0
Mozilla is an open source Web browser. A heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL referencing a malformed .jar file, which overflows a buffer during decompression. This issue affects versions Mozilla packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0. Fixed packages are available from updates.redhat.com.

July 21, 2003 10:22 Red Hat: Updated 2.4 kernel fixes vulnerabilities

0
The Linux kernel handles the basic functions of the operating system. Several security issues have been discovered affecting the Linux kernel, details of which can be found in the body of this advisory. Fixed packages are available from updates.redhat.com.

July 21, 2003 07:35 Red Hat: Updated Xpdf packages fix security vulnerability.

0
Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Martyn Gilmore discovered a flaw in various PDF viewers and readers. An attacker can embed malicious external-type hyperlinks that, if activated or followed by a victim, can execute arbitrary shell commands. Fixed packages are available from updates.redhat.com.

July 16, 2003 22:40 Debian: New php4 packages fix cross-site scripting vulner...

0
The transparent session ID feature in the php4 package does not properly escape user-supplied input before inserting it into the generated HTML page. An attacker could use this vulnerability to execute embedded scripts within the context of the generated page. Fixed packages are available from security.debian.org.

July 15, 2003 07:57 Debian: New falconseye packages fix buffer overflow

0
The falconseye package is vulnerable to a buffer overflow exploited via a long '-s' command line option. This vulnerability could be used by an attacker to gain gid 'games' on a system where falconseye is installed. Fixed packages are available from security.debian.org.

July 15, 2003 07:55 SuSE: New nfs-utils packages fix remote code execution

0
The nfs-utils package contains various programs to offer and manage certain RPC services such as the rpc.mountd. iSEC Security Research has reported an off-by-one bug in the xlog() function used by the rpc.mountd. It is possible for remote attackers to use this off-by-one overflow to execute arbitrary code as root. Fixed packages are available from ftp.suse.com.

July 15, 2003 01:21 Red Hat: Updated Mozilla packages fix security vulnerability

0
Mozilla is an open source web browser. A heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL referencing a malformed .jar file, which overflows a buffer during decompression. This issue affects versions Mozilla packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0. Fixed packages are available from updates.redhat.com.

July 14, 2003 22:19 Red Hat: Updated nfs-utils packages fix denial of service...

0
The nfs-utils package provides a daemon for the kernel NFS server and related tools. Janusz Niewiadomski found a buffer overflow bug in nfs-utils version 1.0.3 and earlier. This bug could be exploited by an attacker, causing a remote Denial of Service (crash). It is not believed that this bug could lead to remote arbitrary code execution. Fixed packages are available from updates.redhat.com.

July 14, 2003 12:36 Debian: New nfs-utils package fixes buffer overflow

0
The logging code in nfs-utils contains an off-by-one buffer overrun when adding a newline to the string being logged. This vulnerability may allow an attacker to execute arbitrary code or cause a denial of service condition by sending certain RPC requests. Fixed packages are available from security.debian.org.

July 13, 2003 22:20 Debian: New traceroute-nanog packages fix integer overflow

0
traceroute-nanog, an enhanced version of the common traceroute program, contains an integer overflow bug which could be exploited to execute arbitrary code. traceroute-nanog is setuid root, but drops root privileges immediately after obtaining raw ICMP and raw IP sockets. Thus, exploitation of this bug provides only access to these sockets, and not root privileges. Fixed packages are available from security.debian.org.

July 08, 2003 22:12 Debian: New teapop packages fix SQL injection

0
teapop, a POP-3 server, includes modules for authenticating users against a PostgreSQL or MySQL database. These modules do not properly escape user-supplied strings before using them in SQL queries. This vulnerability could be exploited to execute arbitrary SQL under the privileges of the database user as which teapop has authenticated. Fixed packages are available from security.debian.org.

July 08, 2003 22:10 Debian: New phpsysinfo packages fix directory traversal

0
Albert Puigsech Galicia reported that phpsysinfo, a web-based program to display status information about the system, contains two vulnerabilities which could allow local files to be read, or arbitrary PHP code to be executed, under the privileges of the web server process (usually www-data). These vulnerabilities require access to a writable directory on the system in order to be exploited. Fixed packages are available from security.debian.org.

July 08, 2003 22:09 Debian: New xbl packages fix buffer overflow

0
Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option. This vulnerability could be exploited by a local attacker to gain gid 'games'. Fixed packages are available from security.debian.org.

July 08, 2003 22:05 Debian: New skk, ddskk packages fix insecure temporary fi...

0
skk (Simple Kana to Kanji conversion program), does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and skk. ddskk is derived from the same code, and contains the same bug. Fixed packages are available from security.debian.org.

July 08, 2003 21:58 Debian: New unzip packages fix directory traversal

0
A directory traversal vulnerability in UnZip 5.50 allows attackers to bypass a check for relative pathnames ("../") by placing certain invalid characters between the two "." characters. Fixed packages are available from security.debian.org.

July 07, 2003 14:24 Debian: New mozart packages fix unsafe mailcap configuration

0
mozart, a development platform based on the Oz language, includes MIME configuration data which specifies that Oz applications should be passed to the Oz interpreter for execution. This means that file managers, web browsers, and other programs which honor the mailcap file could automatically execute Oz programs downloaded from untrusted sources. Thus, a malicious Oz program could execute arbitrary code under the uid of a user running a MIME-aware client program if the user selected a file (for example, choosing a link in a web browser). Fixed packages are available from security.debian.org.

July 07, 2003 14:14 Debian: New liece packages fix insecure temporary file cr...

0
liece, an IRC client for Emacs, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and liece, potentially with contents supplied by the attacker. Fixed packages are available from security.debian.org.

July 06, 2003 22:11 Debian: New x-face-el packages fix insecure temporary fil...

0
x-face-el, a decoder for images included inline in X-Face email headers, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and x-face-el, potentially with contents supplied by the attacker. Fixed packages are available from security.debian.org.
Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.