Articles / Security

All articles tagged with Security

November 07, 2002 06:03 Red Hat: Updated glibc packages fix vulnerabilities in re...

0
The GNU C library package, glibc, contains standard libraries used by multiple programs on the system. A read buffer overflow vulnerability exists in the glibc resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes and can cause applications to crash. Fixed packages are available from updates.redhat.com.

November 06, 2002 13:08 Debian: New luxman packages fix local root exploit

0
iDEFENSE reported about a vulnerability in LuxMan, a maze game for GNU/Linux, similar to the PacMan arcade game. When successfully exploited it a local attacker with read write access to the Memory, leading to a local root compromise in many ways, examples of which include scanning the file for fragments of the master password file and modifying kernel memory to re-map system calls. Fixed packages are available from security.debian.org.

November 05, 2002 12:03 SuSE: remote command execution in perl-MailTools

0
The SuSE Security Team reviewed critical Perl modules, including the Mail::Mailer package. This package contains a security hole which allows remote attackers to execute arbitrary commands in certain circumstances. This is due to the usage of mailx as default mailer which allows commands to be embedded in the mail body. Vulnerable to this attack are custom auto reply programs or spam filters which use Mail::Mailer directly or indirectly. Fixed packages are available from ftp.suse.com.

November 05, 2002 12:01 Debian: New Apache-SSL packages fix several vulnerabilities

0
According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache package, a commonly used webserver. Most of the code is shared between the Apache and Apache-SSL packages, so vulnerabilities are shared as well. These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross scripting attack, or steal cookies from other web site users. Vulnerabilities in the included lecacy programs htdigest, htpasswd and ApacheBench can be exploited when called via CGI. Additionally the insecure temporary file creation in htdigest and htpasswd can also be exploited locally. Fixed packages are available from security.debian.org.

November 04, 2002 11:17 Debian: New Apache packages fix several vulnerabilities

0
According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several remotely exploitable vulnerabilities have been found in the Apache package, a commonly used webserver. These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross scripting attack. Fixed packages are available from security.debian.org.

November 01, 2002 10:41 Debian: New log2mail packages fix several vulnerabilities

0
Enrico Zini discovered a buffer overflow in log2mail, a daemon for watching logfiles and sending lines with matching patterns via mail. The log2mail daemon is started upon system boot and runs as root. A specially crafted (remote) log message could overflow a static buffer, potentially leaving log2mail to execute arbitrary code as root. Fixed packages are available from security.debian.org.

October 31, 2002 10:27 Debian: New heimdal packages fix buffer overflows

0
A stack buffer overflow in the kadm_ser_wrap_in function in the Kerberos v4 administration server was discovered, which is provided by Heimdal as well. A working exploit for this kadmind bug is already circulating, hence it is considered serious. The roken library also contains a vulnerability which could lead to another root exploit. Fixed packages are available from security.debian.org.

October 31, 2002 06:06 SuSE: local privilege escalation and remote command execu...

0
The lprng package contains the "runlpr" program which allows the lp user to execute the lpr program as root. Local attackers can pass certain commandline arguments to lpr running as root, fooling it to execute arbitrary commands as root. This has been fixed. Additionally, the html2ps printfilter, which is installed as part of the LPRng print system, allowed remote attackers to execute arbitrary commands in the context of the lp user. These two issues combined allow attackers to mount a remote root attack. Fixed packages are available from ftp.suse.com.

October 31, 2002 05:54 SuSE: remote command execution in syslog-ng

0
The syslog-ng package is a portable syslog implementation which can be used as syslogd replacement. Syslog-ng contained buffer overflows in its macro expansion routines. These overflows could be triggered by remote attackers if certain configuration options were enabled. Syslog-ng is not used by default on SuSE Linux, and even if installed, the problematic options are not enabled by default. Fixed packages are available from ftp.suse.com.

October 30, 2002 13:46 Debian: New krb4 packages fix buffer overflow

0
Tom Yu and Sam Hartman of MIT discovered another stack buffer overflow in the kadm_ser_wrap_in function in the Kerberos v4 administration server. This kadmind bug has a working exploit code circulating, hence it is considered serious. Fixed packages are available from security.debian.org.

October 29, 2002 15:38 Debian: New krb5 packages fix buffer overflow

0
Tom Yu and Sam Hartman of MIT discovered another stack buffer overflow in the kadm_ser_wrap_in function in the Kerberos v4 administration server. This kadmind bug has a working exploit code circulating, hence it is considered serious. The MIT krb5 implementation includes support for version 4, including a complete v4 library, server side support for krb4, and limited client support for v4. Fixed packages are available from security.debian.org.

October 29, 2002 04:36 Debian: New kghostview packages fix buffer overflow

0
Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. The same code is present in kghostview which is part of the KDE-Graphics package. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim. Fixed packages are available from security.debian.org.

October 25, 2002 09:53 Red Hat: Updated ypserv packages fixes memory leak

0
ypserv is an NIS authentication server. ypserv versions before 2.5 contain a memory leak that can be triggered remotely. When someone requests a map that doesn't exist, a previous mapname may be leaked. This happens, for instance, if you run "ypmatch foo aaaaaaaaaaaaaaaaaaaa". Repeated runs will result in the yp server using more and more memory, and running more slowly. It could also result in ypserv being killed due to the system being out of memory. Fixed packages are available from updates.redhat.com.

October 23, 2002 00:53 Debian: New mod_ssl packages fix cross site scripting

0
Joe Orton discovered a cross site scripting problem in mod_ssl, an Apache module that adds Strong cryptography (i.e. HTTPS support) to the webserver. The module will return the server name unescaped in the response to an HTTP request on an SSL port. Like the other recent Apache XSS bugs, this only affects servers using a combination of "UseCanonicalName off" (default in the Debian package of Apache) and wildcard DNS. This is very unlikely to happen, though. Apache 2.0/mod_ssl is not vulnerable since it already escapes this HTML. With this setting turned on, whenever Apache needs to construct a self-referencing URL (a URL that refers back to the server the response is coming from) it will use ServerName and Port to form a "canonical" name. With this setting off, Apache will use the hostname:port that the client supplied, when possible. This also affects SERVER_NAME and SERVER_PORT in CGI scripts. Fixed packages are available from security.debian.org.

October 21, 2002 18:05 SuSE: remote privilege escalation in postgresql

0
The PostgreSQL Object-Relational DBMS was found vulnerable to several security related buffer overflow problems. The buffer overflows are located in handling long datetime input, lpad() and rpad() function with multibyte, the repeat() function, as well as in the TZ and SET TIME ZONE environment variables. These bugs could just be exploited by attackers who have access to the postgresql server to gain the privileges postgres user ID . Fixed packages are available from ftp.suse.com.

October 21, 2002 17:58 Debian: New NIS packages fix information leak

0
Thorsten Kukuck discovered a problem in the ypserv program which is part of the Network Information Services (NIS). A memory leak in all versions of ypserv prior to 2.5 is remotely exploitable. When a malicious user could request a non-existing map the server will leak parts of an old domainname and mapname. Fixed packages are available from security.debian.org.

October 19, 2002 03:09 Red Hat: Updated Mozilla packages fix security vulnerabil...

0
Mozilla is an open source web browser. Versions of Mozilla previous to version 1.0.1 contain various security vulnerabilities. These vulnerabilities could be used by an attacker to read data off of the local hard drive, to gain information that should normally be kept private, and in some cases to execute arbitrary code. For more information on the specific vulnerabilities fixed please see the references below. Fixed packages are available from updates.redhat.com.

October 19, 2002 03:07 Debian: New gnome-gv packages fix buffer overflow

0
Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. The same code is present in gnome-gv. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim. Fixed packages are available from security.debian.org.

October 17, 2002 15:31 Debian: New PAM packages fix serious security violation i...

0
Paul Aurich and Samuele Giovanni Tonon discovered a serious security violation in PAM. Disabled passwords (i.e. those with '*' in the password file) were classified as empty password and access to such accounts is granted through the regular login procedure (getty, telnet, ssh). This works for all such accounts whose shell field in the password file does not refer to /bin/false. Only version 0.76 of PAM seems to be affected by this problem. Fixed packages are available from security.debian.org.

October 17, 2002 15:30 Debian: New Heimdal packages fix remote command execution

0
The SuSE Security Team has reviewed critical parts of the Heimdal package such as the kadmind and kdc server. While doing so several potential buffer overflows and other bugs have been uncovered and fixed. Remote attackers can probably gain remote root access on systems without fixes. Since these services usually run on authentication servers these bugs are considered very serious. Fixed packages are available from security.debian.org.

October 17, 2002 09:27 Red Hat: New kernel fixes local security issues

0
The Linux kernel handles the basic functions of the operating system. A security code audit of the 2.4 kernel found a number of possible local security vulnerabilities which could allow a local user to obtain elevated (root) privileges. The vulnerabilities were found in the ixj telephony card driver, the pcilynx firewire driver, and the bttv video capture card driver. Fixed packages are available from updates.redhat.com.

October 17, 2002 08:43 Red Hat: Updated xinetd packages fix denial of service vu...

0
Xinetd is a secure replacement for inetd, the Internet services daemon. Versions 2.3.4 through 2.3.7 of Xinetd leak file descriptors for the signal pipe to services that are launched by xinetd. This could allow an attacker to execute a DoS attack via the pipe. Fixed packages are available from updates.redhat.com.

October 17, 2002 02:48 Debian: New gv packages fix buffer overflow

0
Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim. Fixed packages are available from security.debian.org.

October 17, 2002 02:47 Debian: New syslog-ng packages fix buffer overflow

0
Péter Höltzl discovered a problem in the way syslog-ng handles macro expansion. When a macro is expanded a static length buffer is used accompanied by a counter. However, when constant chharacters are appended, the counter is not updated properly, leading to incorrect boundary checking. An attacker may be able to use specially crafted log messages inserted via UDP which overflows the buffer. Fixed packages are available from security.debian.org.

October 15, 2002 09:21 Red Hat: Command execution vulnerability in dvips

0
The dvips utility converts DVI format into PostScript(TM), and is used in Red Hat Linux as a print filter for printing DVI files. A vulnerability has been found in dvips which uses the system() function insecurely when managing fonts. Since dvips is used in a print filter, this allows local or remote attackers who have print access to carefully craft a print job that would allow them to execute arbitrary code as the user 'lp'. Fixed packages are available from updates.redhat.com.

October 15, 2002 09:18 Red Hat: Updated squirrelmail packages close cross-site s...

0
SquirrelMail is a webmail package written in PHP. Two vulnerabilities have been found that affect SquirrelMail version 1.2.7 and earlier. Cross-site scripting vulnerabilities allow remote attackers to execute script as other web users via addressbook.php, options.php, search.php, or help.php. It is possible for remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. Fixed packages are available from updates.redhat.com.

October 14, 2002 12:48 SuSE: Remote root vulnerability in heartbeat

0
Heartbeat is a monitoring service that is used to implement failover in high-availablity environments. It can be configured to monitor other systems via serial connections, or via UDP/IP. Several format string bugs have been discovered in the heartbeat package. One of these format string bugs is in the normal path of execution, all the remaining ones can only be triggered if heartbeat is running in debug mode. Since heartbeat is running with root privilege, this problem can possibly be exploited by remote attackers, provided they are able to send packets to the UDP port heartbeat is listening on (port 694 by default). Fixed packages can be obtained from ftp.suse.com.

October 14, 2002 09:56 Debian: New heartbeat packages fix buffer overflows

0
Nathan Wallwork discovered a buffer overflow in heartbeat, a subsystem for High-Availability Linux. A remote attacker could send a specially crafted TCP packet that overflows a buffer, leaving heartbeat to execute arbitrary code as root. Fixed packages are available from security.debian.org.

October 11, 2002 02:47 Red Hat: Updated packages fix PostScript and PDF security...

0
Both gv and ggv are applications which use the Ghostscript PostScript interpreter to display PostScript and PDF documents under the X Window System. Zen Parse found a local buffer overflow in gv version 3.5.8 and earlier. Under this vulnerability, an attacker can create a carefully crafted, malformed PDF or PostScript file that, when viewed using gv, executes arbitrary commands on the system. Because ggv contains code derived from gv, it has the same vulnerability. Fixed packages are available from updates.redhat.com.

October 09, 2002 11:57 Debian: New bugzilla packages fix privilege escalation

0
The developers of Bugzilla, a web-based bug tracking system, discovered a problem in the handling of more than 47 groups. When a new product is added to an installation with 47 groups or more and "usebuggroups" is enabled, the new group will be assigned a groupset bit using Perl math that is not exact beyond 2^48. This results in the new group being defined with a "bit" that has several bits set. As users are given access to the new group, those users will also gain access to spurious lower group privileges. Also, group bits were not always reused when groups were deleted. Fixed packages are available from security.debian.org.
Screenshot

Project Spotlight

milter manager

A flexible and low administrative cost anti-spam system.

Screenshot

Project Spotlight

PyQt

Python bindings for the Qt GUI toolkit