Articles / Security

All articles tagged with Security

October 08, 2002 16:45 Debian: New ht://Check packages fix cross site scripting ...

0
Ulf Harnhammer discovered a problem in ht://Check's PHP interface. The PHP interface displays information unchecked which was gathered from crawled external web servers. This could lead into a cross site scripting attack if somebody has control over the server responses of a remote web server which is crawled by ht://Check. Fixed packages are available from security.debian.org.

October 08, 2002 16:43 Debian: New fetchmail packages fix buffer overflows

0
Stefan Esser discovered several buffer overflows and a broken boundary check within fetchmail. If fetchmail is running in multidrop mode these flaws can be used by remote attackers to crash it or to execute arbitrary code under the user id of the user running fetchmail. Depending on the configuration this even allows a remote root compromise. Fixed packages are available from security.debian.org.

October 08, 2002 16:41 Red Hat: Updated fetchmail packages fix vulnerabilities

0
Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links such as SLIP and PPP connections. Two bugs have been found in the header parsing code in versions of Fetchmail prior to 6.1.0. The first bug allows a remote attacker to crash Fetchmail by sending a carefully crafted DNS packet. The second bug allows a remote attacker to carefully craft an email in such a way that when it is parsed by Fetchmail a heap overflow occurs, allowing remote arbitrary code execution. Both of these bugs are only exploitable if Fetchmail is being used in multidrop mode (using the "multiple-local-recipients" feature). Fixed packages are available from updates.redhat.com.

October 08, 2002 16:01 Debian: New tkmail packages fix insecure temporary file c...

0
It has been discovered that tkmail creates temporary files insecurely. Exploiting this an attacker with local access can easily create and overwrite files as another user. Fixed packages are available from security.debian.org.

October 08, 2002 13:31 SuSE: remote privilege escalation in mod_php4

0
PHP is a well known and widely used web programming language. If a PHP script runs in "safe mode" several restrictions are applied to it including limits on execution of external programs. An attacker can pass shell meta-characters or sendmail(8) command line options via the 5th argument (introduced in version 4.0.5) of the mail() function to execute shell commands or control the behavior of sendmail(8). The CRLF injection vulnerabilities in fopen(), file(), header(), ... allow an attacker to bypass ACLs or trigger cross-side scripting. Fixed packages are available from ftp.suse.com.

October 08, 2002 13:28 SuSE: remote privilege escalation in hylafax

1
HylaFAX is a client-server architecture for receiving and sending facsimiles. The logging function of faxgetty prior version 4.1.3 was vulnerable to a format string bug when handling the TSI value of a received facsimile. This bug could easily be used to trigger a denial-of-service attack or to execute arbitrary code remotely. Another bug in faxgetty, a buffer overflow, can be abused by a remote attacker by sending a large line of image data to execute arbitrary commands too. Several format string bugs in local helper applications were fixed too. These bugs can not be exploited to gain higher privileges on a system running SuSE Linux because of the absence of setuid bits. Fixed packages can be obtained from ftp.suse.com.

October 04, 2002 12:14 Debian: New tomcat packages fix unintended source code di...

0
A security vulnerability has been found in all Tomcat 4.x releases. This problem allows an attacker to use a specially crafted URL to return the unprocessed source code of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraints, without the need for being properly authenticated. Fixed packages are available from security.debian.org.

October 04, 2002 12:12 Red Hat: Updated tcpdump packages fix buffer overflow

0
tcpdump is a command-line tool for monitoring network traffic. Versions of tcpdump up to and including 3.6.2 have a buffer overflow that can be triggered when tracing the network by a bad NFS packet. Fixed packages are available from updates.redhat.com.

October 04, 2002 12:10 Red Hat: Updated nss_ldap packages fix buffer overflow

0
Updated nss_ldap packages are now available for Red Hat Linux 6.2, 7, 7.1, 7.2, and 7.3. These updates fix a potential buffer overflow which can occur when nss_ldap is set to configure itself using information stored in DNS, a format string bug in logging functions used in pam_ldap, and to properly handle truncated DNS responses. Fixed packages are available from updates.redhat.com.

October 04, 2002 12:08 Red Hat: Updated glibc packages fix vulnerabilities in re...

0
The GNU C library package, glibc, contains standard libraries which are used by multiple programs on the system. A read buffer overflow vulnerability exists in the glibc resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes and can cause applications to crash. Fixed packages are available from updates.redhat.com.

September 30, 2002 12:02 SuSE: remote command execution in heimdal

0
The Heimdal package is a free Kerberos implementation offering flexible authentication mechanisms based on the Kerberos 5 and Kerberos 4 scheme. The SuSE Security Team has reviewed critical parts of the Heimdal package such as the kadmind and kdc server. While doing so several possible buffer overflows and other bugs have been uncovered and fixed. Remote attackers can probably gain remote root access on unpatched systems. Since these services run usually on authentication servers we consider these bugs to be very serious. An update is strongly recommended if you are using the Heimdal package. Fixed packages are available from ftp.suse.com.

September 29, 2002 13:18 Red Hat: Updated unzip and tar packages fix vulnerabilities

0
The unzip and tar utilities contain vulnerabilities which can allow arbitrary files to be overwritten during archive extraction. Fixed packages are available from updates.redhat.com.

September 26, 2002 13:36 Debian: New glibc packages fix division by zero

0
Wolfram Gloger discovered that the bugfix from DSA 149-1 unintentially replaced potential integer overflows in connection with malloc() with more likely divisions by zero. This called for an update. Fixed packages are available from security.debian.org.

September 18, 2002 09:59 SuSE: local privilege escalation in xf86

0
The xf86 package contains various libraries and programs which are fundamental for the X server to function. The libX11.so library from this package dynamically loads other libraries where the pathname is controlled by the user invoking the program linked against libX11.so. Unfortunately, libX11.so also behaves the same way when linked against setuid programs. This behavior allows local users to execute arbitrary code under a different UID which can be the root-UID in the worst case. Fixed packages are available from ftp.suse.com.

September 16, 2002 12:57 Red Hat: Updated gaim client fixes URL vulnerability

0
Gaim is an all-in-one instant messaging client that lets you use a number of messaging protocols such as AIM, ICQ, and Yahoo, all at once. Versions of gaim prior to 0.59.1 contain a bug in the URL handler of the manual browser option. A link can be carefully crafted to contain an arbitrary shell script which will be executed if the user clicks on the link. Updated packages are available from updates.redhat.com.

September 16, 2002 09:23 Debian: New kdelibs fix cross site scripting bug

0
A cross site scripting problem has been discovered in Konquerer, a famous browser for KDE and other programs using KHTML. The KDE team reports that Konqueror's cross site scripting protection fails to initialize the domains on sub-(i)frames correctly. As a result, Javascript is able to access any foreign subframe which is defined in the HTML source. Users of Konqueror and other KDE software that uses the KHTML rendering engine may become victim of a cookie stealing and other cross site scripting attacks. Fixed packages are available from security.debian.org.

September 13, 2002 10:22 Debian: New purity packages fix potential buffer overflows

0
Two buffer overflows have been discovered in purity, a game for nerds and hackers, which is installed setgid games on a Debian system. This problem could be exploited to gain unauthorized access to the group games. A malicious user could alter the highscore of several games. Fixed packages are available from security.debian.org.

September 12, 2002 11:56 Debian: New PostgreSQL packages fix several vulnerabilities

0
Mordred Labs and others found several vulnerabilities in PostgreSQL, an object-relational SQL database. They are inherited from several buffer overflows and integer overflows. Specially crafted long date and time input, currency, repeat data and long timezone names could cause the PostgreSQL server to crash as well as specially crafted input data for lpad() and rpad(). More buffer/integer overflows were found in circle_poly(), path_encode() and path_addr(). Fixed packages are available from security.debian.org.

September 10, 2002 13:12 Debian: New cacti package fixes arbitrary code execution

0
A problem in cacti, a PHP based frontend to rrdtool for monitoring systems and services, has been discovered. This could lead into cacti executing arbitrary program code under the user id of the web server. This problem, however, is only persistant to users who already have administrator privileges in the cacti system. Fixed packages are available from security.debian.org.

September 10, 2002 13:09 Debian: New mhonarc packages fix cross site scripting pro...

0
Jason Molenda and Hiromitsu Takagi found ways to exploit cross site scripting bugs in mhonarc, a mail to HTML converter. When processing maliciously crafted mails of type text/html, mhonarc, does not deactivate all scripting parts properly. This is fixed in upstream version 2.5.3. Fixed packages are available from security.debian.org.

September 10, 2002 13:06 Red Hat: New wordtrans packages fix remote vulnerabilities

0
The wordtrans-web package provides an interface to query multilingual dictionaries via a web browser. Guardent discovered vulnerabilities which affect versions of wordtrans up to and including 1.1pre8. Improper input validation allows for the execution of arbitrary code or injection of cross-site scripting code by passing in unexpected parameters to the wordtrans.php script. The wordtrans.php script then unsafely executes the wordtrans binary with the malformed parameters. Fixed packages are available from updates.redhat.com.

September 06, 2002 18:14 Debian: New ethereal packages fix buffer overflow

0
Ethereal developers discovered a buffer overflow in the ISIS protocol dissector. It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems. Fixed packages are available from security.debian.org.

September 04, 2002 11:23 Debian: New Mantis package fixes privilege escalation

0
A problem with user privileges has been discovered in the Mantis package, a PHP based bug tracking system. The Mantis system didn't check whether a user is permitted to view a bug, but displays it right away if the user entered a valid bug id. Another bug in Mantis caused the 'View Bugs' page to list bugs from both public and private projects when no projects are accessible to the current user. Fixed packages are available from security.debian.org.

September 04, 2002 01:37 Red Hat: Updated scrollkeeper packages fix tempfile vulne...

0
ScrollKeeper is a cataloging system for documentation. All versions of ScrollKeeper between 0.3 and 0.3.11 have a tempfile vulnerability. The scrollkeeper-get-cl command generates temporary files in the /tmp directory. These files are named scrollkeeper-tempfile.[0-4], and while creating these files scrollkeeper-get-cl follows symbolic links. These files are created when a user logs in to a GNOME session and are created as the user who logged in. This means an attacker with local access can easily create and overwrite files as another user. Fixed packages are available from updates.redhat.com.

September 03, 2002 09:19 Debian: New scrollkeeper packages fix insecure temporary ...

0
Spybreak discovered a problem in scrollkeeper, a free electronic cataloging system for documentation. The scrollkeeper-get-cl program creates temporary files in an insecure manner in /tmp using guessable filenames. Since scrollkeeper is called automatically when a user logs into a Gnome session, an attacker with local access can easily create and overwrite files as another user. Fixed packages are available from security.debian.org.

August 30, 2002 13:16 SuSE: local/remote privilege escalation in glibc

0
An integer overflow has been discovered in the xdr_array() function, contained in the Sun Microsystems RPC/XDR library, which is part of the glibc library package on all SuSE products. This overflow allows a remote attacker to overflow a buffer, leading to remote execution of arbitrary code supplied by the attacker. Fixed packages are available from ftp.suse.com.

August 29, 2002 15:22 Red Hat: Updated ethereal packages are available

0
Ethereal is a package designed for monitoring network traffic on your system. Several security issues have been found in the Ethereal packages distributed with Red Hat Linux 7.2 and 7.3. A buffer overflow in Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via the ISIS dissector. Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector. Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump. Fixed packages are available from updates.redhat.com.

August 28, 2002 12:34 Red Hat: Updated mailman packages close cross-site script...

0
Mailman versions prior to 2.0.12 contain a cross-site scripting vulnerability in the processing of invalid requests to edit a subscriber's list subscription options. Fixed packages are available from updates.redhat.com.

August 28, 2002 07:41 Debian: New Python packages fix insecure temporary file use

0
Zack Weinberg discovered an insecure use of a temporary file in os._execvpe from os.py. It uses a predictable name which could lead execution of arbitrary code. Fixed packages are available from security.debian.org.

August 27, 2002 10:49 Debian: New gaim packages fix arbitrary program execution

0
The developers of Gaim, an instant messenger client that combines several different networks, found a vulnerability in the hyperlink handling code. The 'Manual' browser command passes an untrusted string to the shell without escaping or reliable quoting, permitting an attacker to execute arbitrary commands on the users machine. Unfortunately, Gaim doesn't display the hyperlink before the user clicks on it. Users who use other inbuilt browser commands aren't vulnerable. Fixed packages are available from security.debian.org.
Screenshot

Project Spotlight

milter manager

A flexible and low administrative cost anti-spam system.

Screenshot

Project Spotlight

PyQt

Python bindings for the Qt GUI toolkit