All articles

February 12, 2003 13:28 Red Hat: Updated lynx packages fix CRLF injection vulnera...

0
Lynx is a character-cell Web browser, suitable for running on terminals such as VT100. Lynx constructs its HTTP queries from the command line (or WWW_HOME environment variable) without regard to special characters such as carriage returns or linefeeds. When given a URL containing such special characters, extra headers could be inserted into the request. This could cause scripts using lynx to fetch data from the wrong site from servers with virtual hosting. Fixed packages are available from updates.redhat.com.

February 11, 2003 06:57 Debian: New w3mmee packages fix cookie information leak

0
Hironori Sakamoto, one of w3m developers, found two security vulnerabilities in w3m and associated programs. The w3m browser does not properly escape HTML tags in frame contents and img alt attributes. A malicious HTML frame or img alt attribute may deceive a user to send his local cookies which are used for configuration. The information is not leaked automatically, though. Fixed packages are available from security.debian.org.

February 11, 2003 06:52 Debian: New hypermail packages fix arbitrary code execution

0
Ulf Harnhammar discovered two problems in hypermail, a program to create HTML archives of mailing lists. An attacker could craft a long filename for an attachment that would overflow two buffers when a certain option for interactive use was given, opening the possibility to inject arbitrary code. This code would then be executed under the user id hypermail runs as, mostly as a local user. Automatic and silent use of hypermail does not seem to be affected. Secondly, the CGI program mail, which is not installed by the Debian package, does a reverse look-up of the user's IP number and copies the resulting hostname into a fixed-size buffer. A specially crafted DNS reply could overflow this buffer, opening the program to an exploit. Fixed packages are available from security.debian.org.

No avatar February 08, 2003 00:00 Improving The Software Distribution and Deployment Process

10
A more defined process is needed for development, distribution, and deployment of software. Specifically, we need to revise the current process which makes the end product of software development an archive file (gzipped tarball, Debian package, zip file, etc.) which is distributed on a CDROM or downloaded through the Internet via FTP or the Web and finally installed and configured. Software development, distribution, and deployment is a group activity carried out through collaboration over the Internet; it should include application developers, component developers, software users, and software testers, auditors, and reviewers, among others.

February 07, 2003 10:51 Red Hat: Updated kernel-utils packages fix setuid vulnera...

0
The kernel-utils package contains several utilities that can be used to control the kernel or machine hardware. In Red Hat Linux 8.0 this package contains user mode linux (UML) utilities. The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was incorrectly shipped setuid root. This could allow local users to control certain network interfaces, add and remove arp entries and routes, and put interfaces in and out of promiscuous mode. Fixed packages are available from updates.redhat.com.

February 07, 2003 03:33 Red Hat: Updated w3m packages fix cross-site scripting is...

0
w3m is a pager with Web browsing capabilities. Two cross-site scripting (XSS) issues have been found in w3m. An XSS vulnerability in w3m 0.3.2 allows remote attackers to insert arbitrary HTML and web script into frames. Frames are disabled by default in the version of w3m shipped with Red Hat Linux. Therefore, this problem will not appear as long as users do not use w3m with the -F option, or enable frame support in either the /etc/w3m/w3mconfig or ~/.w3m/config configuration files. Furthermore, an XSS vulnerability in versions of w3m before 0.3.2.2 allows attackers to insert arbitrary HTML and web script into image attributes. Fixed packages are available from updates.redhat.com.

February 06, 2003 09:39 Red Hat: Updated Xpdf packages fix security vulnerability

0
During an audit of CUPS, a printing system, Zen Parsec found an integer overflow vulnerability in the pdftops filter. Since the code for pdftops is taken from the Xpdf project, all versions of Xpdf including 2.01 are also vulnerable to this issue. An attacker could create a PDF file that could execute arbitrary code. This could would have the same access privileges as the user who viewed the file with Xpdf. Fixed packages are available from updates.redhat.com.

February 06, 2003 02:04 Red Hat: Updated Window Maker packages fix vulnerability ...

0
Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP graphical user interface. Al Viro found a buffer overflow in Window Maker 0.80.0 and earlier which may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer. This could be exploited for example by a user opening a malicious theme. Fixed packages are available from updates.redhat.com.

February 06, 2003 00:57 Red Hat: Updated openldap packages available

0
Updated openldap packages are available which fix a number of local and remote buffer overflows in libldap and the slapd and slurpd servers, and potential issues stemming from using user-specified LDAP configuration files. They are available from updates.redhat.com.

February 05, 2003 01:49 Red Hat: Updated PHP packages available

0
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. A heap-based buffer overflow was found in the wordwrap() function in PHP versions after 4.1.2 and before 4.3.0. If wordwrap() is used on user-supplied input this could allow remote attackers to cause a denial of service or execute arbitrary code. Red Hat Linux 8.0 shipped with a version of PHP that was vulnerable to this issue. Other Red Hat Linux distributions shipped with an earlier version of PHP and are not vulnerable to this issue. In addition, a number of compatiblity bugs have also been found between PHP 4.2 and Apache 2.0. All users of PHP are advised to upgrade to these erratum packages which contain a patch to correct these issues. Fixed packages are available from updates.redhat.com.

February 05, 2003 01:46 Red Hat: Updated 2.4 kernel fixes various vulnerabilities

0
The Linux kernel handles the basic functions of the operating system. Vulnerabilities have been found in version 2.4.18 of the kernel. This advisory deals with updates to Red Hat Linux 7.1, 7.2, 7.3, and 8.0. Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. A vulnerability exists in O_DIRECT handling in Linux kernels 2.4.10 and later that can create a limited information leak where any user on the system with write privileges to a file system can read information from that file system (from previously deleted files), and can create minor file system corruption (easily repaired by fsck). Red Hat Linux in its default configuration is not affected by this bug, because the ext3 file system (the default file system in Red Hat Linux 7.2 and later) does not support the O_DIRECT feature. Of the kernels Red Hat has released, only the 2.4.18 kernels have this bug. Fixed packages are available from updates.redhat.com.

January 31, 2003 01:39 Red Hat: Updated kerberos packages fix vulnerability in f...

0
Kerberos is a network authentication system. A problem has been found in the Kerberos ftp client. When retrieving a file with a filename beginning with a pipe character, the ftp client will pass the filename to the command shell in a system() call. This could allow a malicious ftp server to write to files outside of the current directory or execute commands as the user running the ftp client. Fixed packages are available from updates.redhat.com.

January 30, 2003 06:57 Debian: New courier packages fix SQL injection

0
The developers of courier, an integrated user side mail server, discovered a problem in the PostgreSQL auth module. Not all potentially malicious characters were sanitized before the username was passed to the PostgreSQL engine. An attacker could inject arbitrary SQL commands and queries exploiting this vulnerability. The MySQL auth module is not affected. Fixed packages are available from security.debian.org.

January 29, 2003 08:17 Debian: New tomcat packages fix information exposure and ...

0
The developers of tomcat discovered several problems in tomcat version 3.x: A maliciously crafted request could return a directory listing even when an index.html, index.jsp, or other welcome file is present, a malicious web application could read the contents of some files outside the web application via its web.xml file in spite of the presence of a security manager, and a cross-site scripting vulnerability was discovered in the included sample web application that allows remote attackers to execute arbitrary script code.

January 28, 2003 09:24 Debian: New dhcp3 packages fix potential network flood

0
Florian Lohoff discovered a bug in the dhcrelay causing it to send a continuing packet storm towards the configured DHCP server(s) in case of a malicious BOOTP packet, such as sent from buggy Cisco switches. When the dhcp-relay receives a BOOTP request it forwards the request to the DHCP server using the broadcast MAC address ff:ff:ff:ff:ff:ff which causes the network interface to reflect the packet back into the socket. To prevent loops the dhcrelay checks whether the relay-address is its own, in which case the packet would be dropped. In combination with a missing upper boundary for the hop counter an attacker can force the dhcp-relay to send a continuing packet storm towards the configured dhcp server(s). Fixed packages are available from security.debian.org.

January 27, 2003 10:11 Debian: New noffle packages fix buffer overflows

0
Dan Jacobson noticed a problem in noffle, an offline news server, that leads to a segmentation fault. It is not yet clear whether this problem is exploitable. However, if it is, a remote attacker could trigger arbitrary code execution under the user that calls noffle, probably news. Fixed packages are available from security.debian.org.

No avatar January 26, 2003 00:00 Largefile Support Problems

17
The Unix98 standard requires largefile support, and many of the latest operating systems provide it. However, some systems still chose not to make it the default, resulting in two models: Some parts of the system use the traditional 32bit off_t, while others are compiled with a largefile 64bit off_t. Mixing libraries and plugins is not a good idea.

January 23, 2003 07:53 Debian: New kdepim packages fix several vulnerabilities

0
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source. Fixed packages are available from security.debian.org.

January 23, 2003 07:50 Debian: New kdenetwork packages fix several vulnerabilities

0
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source. Fixed packages are available from security.debian.org.

January 22, 2003 09:31 SuSE: remote system compromise in cvs

0
CVS (Concurrent Versions System) is a version control system which helps to manage concurrent editing of files by various authors. Stefan Esser of e-matters reported a "double free" bug in CVS server code for handling directory requests. This free() call allows an attacker with CVS read access to compromise a CVS server. Additionally two features ('Update-prog' and 'Checkin-prog') were disabled to stop clients with write access to execute arbitrary code on the server. These features may be configurable at run-time in future releases of CVS server. Fixed packages are available from ftp.suse.com.

January 22, 2003 08:39 Debian: New kdelibs packages fix several vulnerabilities

0
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source. By carefully crafting such data an attacker might be able to execute arbitary commands on a vulnerable sytem using the victim's account and privileges. The KDE Project is not aware of any existing exploits of these vulnerabilities. The patches also provide better safe guards and check data from untrusted sources more strictly in multiple places. Fixed packages are available from security.debian.org.

January 22, 2003 08:37 Debian: New kdegraphics packages fix several vulnerabilities

0
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source. By carefully crafting such data an attacker might be able to execute arbitary commands on a vulnerable sytem using the victim's account and privileges. The KDE Project is not aware of any existing exploits of these vulnerabilities. The patches also provide better safe guards and check data from untrusted sources more strictly in multiple places. Fixed packages are available from security.debian.org.

January 22, 2003 08:36 Debian: New kdeadmin packages fix several vulnerabilities

0
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source. By carefully crafting such data an attacker might be able to execute arbitary commands on a vulnerable sytem using the victim's account and privileges. The KDE Project is not aware of any existing exploits of these vulnerabilities. The patches also provide better safe guards and check data from untrusted sources more strictly in multiple places. Fixed packages are available from security.debian.org.

January 21, 2003 12:06 Red Hat: Updated python packages fix predictable temporar...

0
Python is an interpreted, interactive, object-oriented programming language. Zack Weinberg discovered that os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names. This could allow local users to execute arbitrary code via a symlink attack. Fixed packages are available from updates.redhat.com.

January 21, 2003 06:15 Debian: New cvs packages fix arbitrary code execution

0
Stefan Esser discovered a problem in cvs, a concurrent versions system, which is used for many Free Software projects. The current version contais a flaw that can be used by a remote attacker to execute arbitrary code on the CVS server under the user id the CVS server runs as. Anonymous read-only access is sufficient to exploit this problem. Fixed packages are available from security.debian.org.

January 20, 2003 13:47 Red Hat: Updated CVS packages available

0
CVS is a version control system frequently used to manage source code repositories. During an audit of the CVS sources, Stefan Esser discovered an exploitable double-free bug in the CVS server. On servers which are configured to allow anonymous read-only access, this bug could be used by anonymous users to gain write privileges. Users with CVS write privileges can then use the Update-prog and Checkin-prog features to execute arbitrary commands on the server. Fixed packages are available from updates.redhat.com.

January 20, 2003 10:20 SuSE: remote command execution in susehelp

0
During a code review of the susehelp package the SuSE Security Team recognized that the security checks done by the susehelp CGI scripts are insufficient. Remote attackers can insert certain characters in CGI queries to the susehelp system tricking it into executing arbitrary code as the "wwwrun" user. Please note that this is only a vulnerability if you have a web server running and configured to allow access to the susehelp system by remote sites. Fixed packages are available from ftp.suse.com.

January 20, 2003 10:18 SuSE: remote system compromise in dhcp

0
The ISC (Internet Software Consortium) dhcp package is an implementation of the "Dynamic Host Configuration Protocol" (DHCP). An internal source code audit done by ISC revealed several buffer overflows in the code which is responsible to handle dynamic DNS requests. These bugs allow an attacker to gain remote access to the dhcp server if the dynamic DNS feature is enabled. Dynamic DNS is not enabled by default on SuSE Linux. Fixed packages are available from ftp.suse.com.

January 20, 2003 10:05 Debian: New CUPS packages fix several vulnerabilities

0
Multiple vulnerabilities were discovered in the Common Unix Printing System (CUPS). Several of these issues represent the potential for a remote compromise or denial of service. Multiple integer overflows allow a remote attacker to execute arbitrary code via the CUPSd HTTP interface and the image handling code in CUPS filters, race conditions in connection with /etc/cups/certs/ allow local users with lp privileges to create or overwrite arbitrary files, remote attacker is able to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, negative lengths fed into memcpy() can cause a denial of service and possibly execute arbitrary code, an unsafe strncat() function call processing the options string allows a remote attacker to execute arbitrary code via a buffer overflow, zero width images allow a remote attacker to execute arbitrary code via modified chunk headers, CUPS does not properly check the return values of various file and socket operations which could allow a remote attacker to cause a denial of service, the cupsys package contains some code from the xpdf package which contains an exploitable integer overflow bug. Fixed packages are available from security.debian.org.

January 20, 2003 10:04 Debian: New dhcp3 packages fix arbitrary code execution

0
The Internet Software Consortium discoverd several vulnerabilities during an audit of the ISC DHCP Daemon. The vulnerabilities exist in error handling routines within the minires library and may be exploitable as stack overflows. This could allow a remote attacker to execute arbitrary code under the user id the dhcpd runs under, usually root. Other DHCP servers than dhcp3 doesn't seem to be affected. Fixed packages can be obtained from security.debian.org.
Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.