Articles / Security

All articles tagged with Security

January 09, 2003 07:55 Debian: New tomcat packages fix source disclosure vulnera...

0
A security vulnerability has been confirmed to exist in Apache Tomcat 4.0.x releases, which allows to use a specially crafted URL to return the unprocessed source of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by a security constraint, without the need for being properly authenticated. Fixed packages are available from security.debian.org.

January 08, 2003 07:47 Debian: New canna packages fix buffer overflow and denial...

0
Several vulnerabilities have been discovered in canna, a Japanese input system. A heap overflow vulnerability exists in the irw_through function in canna server and canna does not properly validate requests, which allows remote attackers to cause a denial of service or information leak. Fixed packages are available from security.debian.org.

January 07, 2003 09:22 Debian: New geneweb packages fix information exposure

0
A security issue has been discovered by Daniel de Rauglaudre, upstream author of geneweb, a genealogical software with web interface. It runs as a daemon on port 2317 by default. Paths are not properly sanitized, so a carefully crafted URL lead geneweb to read and display arbitrary files of the system it runs on. Fixed packages are available from security.debian.org.

January 07, 2003 07:36 Debian: New xpdf packages fix arbitrary command execution

0
iDEFENSE discovered an integer overflow in the pdftops filter from the xpdf package that can be exploited to gain the privileges of the target user. This can lead to gaining privileged access to the 'lp' user if thee pdftops program is part of the print filter. Fixed packages are available from security.debian.org.

January 07, 2003 05:00 Red Hat: Updated cyrus-sasl packages fix buffer overflows

0
Cyrus SASL is an implementation of the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. Cyrus SASL versions 2 prior to 2.1.10 include a number of buffer overflow vulnerabilities. Insufficient buffer length checking in user name canonicalization. This issue would be hard to exploit, but would allow a remote user to execute arbitrary code on the system. When performing authentication using LDAP, saslauthd does not allocate enough memory when it needs to escape special characters in the username and realm. This issue may be easy to remotely exploit. The Log writer might not have allocated memory for the trailing \0 in a message. This issue is probably hard to exploit, although it is possible to affect the logging data with at least anonymous authentication. Updated packages can be obtained from updates.redhat.com.

January 03, 2003 16:47 Debian: New mhonarc packages fix cross site scripting

0
Earl Hood, author of mhonarc, a mail to HTML converter, discovered a cross site scripting vulnerability in this package. A specially crafted HTML mail message can introduce foreign scripting content in archives, by-passing MHonArc's HTML script filtering. Fixed packages are available from security.debian.org.

January 03, 2003 16:44 Red Hat: Updated pine packages available

0
Pine, developed at the University of Washington, is a tool for reading, sending, and managing electronic messages (including mail and news). A security problem was found in versions of Pine 4.44 and earlier. In these versions, Pine does not allocate enough memory for the parsing and escaping of the "From" header, allowing a carefully crafted email to cause a buffer overflow on the heap. This will result in Pine crashing. Fixed packages are available from updates.redhat.com.

January 02, 2003 08:31 SuSE: remote command execution in mysql

0
Stefan Esser from e-matters reported various bugs in MySQL. Within the MySQL server the password checking and a signedness issue has been fixed. These could lead to a remote compromise of the system running an unpatched MySQL server. In order to exploit this bug, the remote attacker needs a valid MySQL account. Further, a buffer overflow in the mysqlclient library has been reported and fixed. Applications using this library (as commonly used from within PHP scripts) are vulnerable to this attack and could also be compromised by remote attackers. Fixed packages are available from ftp.suse.com.

January 02, 2003 08:28 Debian: New squirrelmail packages fix cross site scriptin...

0
A cross site scripting vulnerability has been discovered in squirrelmail, a feature-rich webmail package written in PHP4. Squirrelmail doesn't sanitize user provided variables in all places, leaving it vulnerable to a cross site scripting attack. Fixed packages are available from security.debian.org.

January 02, 2003 04:47 SuSE: local and remote privilege escalation in cups

0
CUPS is a well known and widely used printing system for unix-like systems. iDFENSE reported several security issues with CUPS that can lead to local and remote root compromise. The full list of the vulnerabilities can be found in the body of this article. Fixed packages can be obtained from ftp.suse.com.

January 02, 2003 04:41 SuSE: remote compromise in fetchmail

0
fetchmail is used to download emails from POP-, IMAP-, ETRN- or ODMR-servers. Stefan Esser of e-matters reported a bug in fetchmail's mail address expanding code which can lead to remote system compromise. When fetchmail expands email addresses in mail headers it doesn not allocated enough memory. An attacker can send a malicious formatted mail header to exhaust the memory allocated by fetchmail to overwrite parts of the heap. This can be exploited to execute arbitrary code. Fixed packages are available from ftp.suse.com.

December 31, 2002 05:32 Debian: New dhcpcd packages fix remote command execution ...

0
Simon Kelly discovered a vulnerability in dhcpcd, an RFC2131 and RFC1541 compliant DHCP client daemon, that runs with root privileges on client machines. A malicious administrator of the regular or an untrusted DHCP server may execute any command with root privileges on the DHCP client machine by sending the command enclosed in shell metacharacters in one of the options provided by the DHCP server. Fixed packages are available from security.debian.org.

December 30, 2002 23:50 Debian: New bugzilla packages fix cross site scripting pr...

0
A cross site scripting vulnerability has been reported for Bugzilla, a web-based bug tracking system. Bugzilla does not properly sanitize any input submitted by users. As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running Bugzilla. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. Fixed packages are available from security.debian.org.

December 28, 2002 14:53 Debian: New typespeed packages fix buffer overflow

0
A problem has been discovered in the typespeed, a game that lets you measure your typematic speed. By overflowing a buffer a local attacker could execute arbitrary commands under the group id games. Fixed packages are available from security.debian.org.

December 24, 2002 05:01 Debian: New fetchmail packages fix buffer overflow

0
Stefan Esser of e-matters discovered a buffer overflow in fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder. When fetchmail retrieves a mail all headers that contain addresses are searched for local addresses. If a hostname is missing, fetchmail appends it but doesn't reserve enough space for it. This heap overflow can be used by remote attackers to crash it or to execute arbitrary code with the privileges of the user running fetchmail. Fixed packages are available from security.debian.org.

December 23, 2002 06:51 Debian: New cyrus-imapd packages fix remote command

0
Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server, which could be exploited by a remote attacker prior to logging in. A malicious user could craft a request to run commands on the server under the UID and GID of the cyrus server. Fixed packages are available from security.debian.org.

December 20, 2002 08:13 Debian: New kdenetwork packages fix buffer overflows

0
Olaf Kirch from SuSE Linux AG discovered another vulnerability in the klisa package, that provides a LAN information service similar to "Network Neighbourhood". The lisa daemon contains a buffer overflow vulnerability which potentially enables any local user, as well any any remote attacker on the LAN who is able to gain control of the LISa port (7741 by default), to obtain root privileges. In addition, a remote attacker potentially may be able to gain access to a victim's account by using an "rlan://" URL in an HTML page or via another KDE application. Fixed packages are available from security.debian.org.

December 19, 2002 07:30 Debian: New libpng packages fix buffer overflow

0
Glenn Randers-Pehrson discovered a problem in connection with 16-bit samples from libpng, an interface for reading and writing PNG (Portable Network Graphics) format files. The starting offsets for the loops are calculated incorrectly which causes a buffer overrun beyond the beginning of the row buffer. Fixed packages are available from security.debian.org.

December 17, 2002 04:59 Debian: New MySQL packages fix multiple vulnerabilities

0
While performing an audit of MySQL e-matters found several problems. Two sizes were taken as signed integers from a request and then cast to unsigned integers without checking for negative numbers. Since the resulting numbers where used for a memcpy() operation this could lead to memory corruption. When re-authenticating to a different user MySQL did not perform all checks that are performed on initial authentication. This allowed for single-character password brute forcing which could be used by a normal user to gain root privileges to the database and it was possible to overflow the password buffer and force the server to execute arbitrary code. Also, when processing the rows returned by a SQL server there was no check for overly large rows or terminating NUL characters. This can be used to exploit SQL clients if they connect to a compromised MySQL server. When processing a row as returned by a SQL server the returned field sizes were not verified. This can be used to exploit SQL clients if they connect to a compromised MySQL server. Fixed packages are available from security.debian.org.

December 17, 2002 04:29 Red Hat: Updated Fetchmail packages fix security vulnerab...

0
Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links such as SLIP and PPP connections. A bug has been found in the header parsing code in versions of Fetchmail prior to 6.2.0. This bug allows a remote attacker to crash Fetchmail and potentially execute arbitrary code by sending a carefully crafted email which is then parsed by Fetchmail. Fixed packages are available from updates.redhat.com.

December 17, 2002 04:27 Red Hat: Updated Net-SNMP packages fix security and other...

0
The Net-SNMP project includes various Simple Network Management Protocol (SNMP) tools. The SNMP daemon included in the Net-SNMP package versions 5.0.1 through 5.0.4 can be caused to crash if it is sent a specially crafted packet. Successful exploitation of this issue would require knowledge of a known SNMP community string. Fixed packages are available from updates.redhat.com.

December 13, 2002 07:41 Debian: New mICQ packages fix denial of service

0
Rüdiger Kuhlmann, upstream developer of mICQ, a text based ICQ client, discovered a problem in mICQ. Receiving certain ICQ message types that do not contain the required 0xFE seperator causes all versions to crash. Fixed packages are available from security.debian.org.

December 12, 2002 22:10 Debian: New lynx packages fix CRLF injection

0
lynx (a text-only web browser) did not properly check for illegal characters in all places, including processing of command line options, which could be used to insert extra HTTP headers in a request. Fixed packages can be obtained from security.debian.org.

December 12, 2002 22:08 Debian: New wget packages fix buffer overflow and directo...

0
Two problems have been found in the wget package as distributed in Debian GNU/Linux. Stefano Zacchiroli found a buffer overrun in the url_filename function, which would make wget segfault on very long URLs. Steven M. Christey discovered that wget did not verify the FTP server response to a NLST command: it must not contain any directory information, since that can be used to make a FTP client overwrite arbitrary files. Fixed packages are available from security.debian.org.

December 12, 2002 12:52 Red Hat: Updated apache, httpd, and mod_ssl packages avai...

0
The Apache HTTP Web Server is a secure, efficient, and extensible web server that provides HTTP services. Buffer overflows in the ApacheBench support program (ab.c) in Apache versions prior to 1.3.27, and Apache versions 2.x prior to 2.0.43, allow a malicious Web server to cause a denial of service (DoS) and possibly execute arbitrary code via a long response. Two cross-site scripting (XSS) vulnerabilities are present in the error pages for the default "404 Not Found" error and for the error response when a plain HTTP request is received on an SSL port. Both of these issues are only exploitable if the "UseCanonicalName" setting has been changed to "Off", and wildcard DNS is in use. The shared memory scoreboard in the HTTP daemon for Apache 1.3, prior to version 1.3.27, allows a user running as the "apache" UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or other such behavior that would not normally be allowed. Fixed packages are available from updates.redhat.com.

December 11, 2002 09:31 Debian: New tetex-lib packages fix arbitrary command exec...

0
The SuSE security team discovered a vulnerability in kpathsea library (libkpathsea) which is used by xdvi and dvips. Both programs call the system() function insecurely, which allows a remote attacker to execute arbitrary commands via cleverly crafted DVI files. If dvips is used in a print filter, this allows a local or remote attacker with print permission execute arbitrary code as the printer user (usually lp). Fixed packages are available from security.debian.org.

December 10, 2002 22:10 Debian: New tcpdump packages fix BGP decoding error

0
The BGP decoding routines for tcpdump used incorrect bounds checking when copying data. This could be abused by introducing malicious traffic on a sniffed network for a denial of service attack against tcpdump, or possibly even remote code execution. Fixed packages are available from security.debian.org.

December 10, 2002 22:08 Debian: New gtetrinet packages fix buffer overflows

0
Steve Kemp and James Antill found several buffer overflows in the gtetrinet (a multiplayer tetris-like game) package as shipped in Debian GNU/Linux 3.0, which could be abused by a malicious server. Fixed packages are available from security.debian.org.

December 10, 2002 08:11 Red Hat: Updated Canna packages fix vulnerabilities

0
Canna is a kana-kanji conversion server which is necessary for Japanese language character input. A buffer overflow bug in the Canna server up to and including version 3.5b2 allows a local user to gain the privileges of the user 'bin' which could lead to further exploits. Also, a lack of validation of requests has been found that affects Canna version 3.6 and earlier. A malicious remote user could exploit this vulnerability to leak information, or cause a denial of service attack. Fixed packages are available from updates.redhat.com.

December 10, 2002 08:09 Red Hat: Updated wget packages fix directory traversal bug

0
Versions of wget prior to 1.8.2-4 contain a bug that permits a malicious FTP server to create or overwrite files anywhere on the local file system. FTP clients must check to see if an FTP server's response to the NLST command includes any directory information along with the list of filenames required by the FTP protocol (RFC 959, section 4.1.3). If the FTP client fails to do so, a malicious FTP server can send filenames beginning with '/' or containing '/../' which can be used to direct a vulnerable FTP client to write files (such as .forward, .rhosts, .shost, etc.) that can then be used for later attacks against the client machine. Fixed packages are available from updates.redhat.com.
Screenshot

Project Spotlight

milter manager

A flexible and low administrative cost anti-spam system.

Screenshot

Project Spotlight

PyQt

Python bindings for the Qt GUI toolkit