All articles

November 22, 2002 13:26 freshmeat move complete

12
After a slightly failed move the day it was originally intended (Wednesday) we were finally able to shift the site over to the new cluster at Exodus West today. Looks like we've been fooled once again by the VM in kernels newer than 2.4.9. After downgrading the database servers to that magic revision everything suddenly sprang back to speed. Click below for the rest of the deal.

November 22, 2002 12:29 Debian: Samba buffer overflow

0
Steve Langasek found an exploitable bug in the password handling code in samba: when converting from DOS code-page to little endian UCS2 unicode a buffer length was not checked and a buffer could be overflowed. There is no known exploit for this, but an upgrade is strongly recommended. Fixed packages are available from security.debian.org.

November 22, 2002 12:27 Red Hat: New samba packages available to fix potential se...

0
New samba packages are available that fix a security vulnerability present in samba versions 2.2.2 through 2.2.6. A potential attacker could gain root access on the target machine. It is strongly encouraged that all Samba users update to the fixed packages. There was a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password, could be used as a buffer overrun attack on smbd's stack. The attack would have to be crafted such that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. Fixed packages are available from updates.redhat.com.

November 22, 2002 12:25 SuSE: possible remote code execution in samba

0
Samba developer Steve Langasek found a security problem in samba, the widely known free implementation of the SMB protocol. The error consists of a buffer overflow in a commonly used routine that accepts user input and may write up to 127 bytes past the end of the buffer allocated with static length, leaving enough room for an exploit. The resulting vulnerability can be exploited locally in applications using the pam_smbpass Pluggable Authentication Module (PAM). It may be possible to exploit this vulnerability remotely, causing the running smbd to crash or even to execute arbitrary code. Fixed packages are available from ftp.suse.com.

November 20, 2002 06:08 freshmeat's moving

7
As many of you might have followed along, all OSDN websites are being moved from a co-location center from the east coast to a different co-location center on the west coast. freshmeat's next (or last) to move starting today, so if you see any service disruption, bear with us as we move all machine duties from here to there. OSDN netop have already duplicated the freshmeat cluster in the new center so moving should actually not be very noticable for users. But as usual, one's not always aware of all things that can possibly break. Thanks for your attention and have a nice day.

November 19, 2002 18:40 Debian: New mhonarc packages fix cross site scripting

0
Steven Christey discovered a cross site scripting vulnerability in mhonarc, a mail to HTML converter. Carefully crafted message headers can introduce cross site scripting when mhonarc is configured to display all headers lines on the web. However, it is often useful to restrict the displayed header lines to To, From and Subject, in which case the vulnerability cannot be exploited. Fixed packages are available from security.debian.org.

November 18, 2002 10:55 Debian: New nullmailer packages fix local denial of service

0
A problem has been discovered in nullmailer, a simple relay-only mail transport agent for hosts that relay mail to a fixed set of smart relays. When a mail is to be delivered locally to a user that doesn't exist, nullmailer tries to deliver it, discovers a user unknown error and stops delivering. Unfortunately, it stops delivering entirely, not only this mail. Hence, it's very easy to craft a denial of service. Fixed packages are available from security.debian.org.

November 17, 2002 03:33 Red Hat: New kernel fixes local denial of service issue

0
The Linux kernel handles the basic functions of the operating system. A vulnerability in the Linux kernel has been discovered in which a non-root user can cause the machine to freeze. This kernel addresses the vulnerability. This bug is specific to the x86 architecture kernels only, and does not affect ia64 or other architectures. Fixed packages are available from updates.redhat.com.

No avatar November 16, 2002 00:00 Open Source E-mail Security

4
Richard Blum's Open Source E-mail Security is poorly organized, rarely topical, and betrays the author's fundamental failure to understand the topic at hand. While some of the underlying technical material is useful and relevant, the author seldom supplies the details needed to proceed to a general understanding.

November 15, 2002 11:40 Debian: New sqwebmail packages fix local information expo...

0
A problem in the Courier sqwebmail package, a CGI program to grant authenticated access to local mailboxes, has been discovered. The program did not drop permissions fast enough upon startup under certain circumstances so a local shell user can execute the sqwebmail binary and manage to read an arbitrary file on the local filesystem. Fixed packages are available from security.debian.org.

November 14, 2002 13:34 Debian: New BIND packages fix several vulnerabilities

0
ISS X-Force has discovered several serious vulnerabilities in the Berkeley Internet Name Domain Server (BIND). BIND is the most common implementation of the DNS (Domain Name Service) protocol, which is used on the vast majority of DNS servers on the Internet. DNS is a vital Internet protocol that maintains a database of easy-to-remember domain names (host names) and their corresponding numerical IP addresses. Fixed packages are available from security.debian.org.

November 14, 2002 12:56 SuSE: remote command execution in bind

0
The security research company ISS (Internet Security Services) has discovered several vulnerabilities in the BIND8 name server, including a remotely exploitable buffer overflow. Fixed packages are available from ftp.suse.com.

November 13, 2002 17:24 Debian: New Apache-Perl packages fix several vulnerabilities

0
According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache server package, a commonly used webserver. Most of the code is shared between the Apache and Apache-Perl packages, so vulnerabilities are shared as well. These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross site scripting attack, or steal cookies from other web site users. Fixed packages are available from security.debian.org.

November 13, 2002 00:57 Red Hat: Remote vulnerabilities in BIND 4 and 8

0
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. Three remotely exploitable vulnerabilities were disclosed by ISC on 12 November 2002 that affect various versions of BIND 4 and 8. Versions of Red Hat Linux since 7.1, and Red Hat Linux Advanced Server shipped with BIND 9 are are therefore not vulnerable to these issues. Older releases (6.2, 7.0) of Red Hat Linux shipped with versions of BIND which are vulnerable to these issues, however a Red Hat security errata in July 2002 upgraded all our supported distributions to BIND 9.2.1 which is not vulnerable to these issues. Fixed packages are available from updates.redhat.com.

November 12, 2002 12:02 SuSE: local root vulnerability in traceroute-nanog/nkitb

0
Traceroute is a tool that can be used to track packets in a TCP/IP network to determine it's route or to find out about not working routers. Traceroute-nanog requires root privilege to open a raw socket. It does not relinquish these privileges after doing so. This allows a malicious user to gain root access by exploiting a buffer overflow at a later point. For all products prior to 8.1, the traceroute package contains the NANOG implementation. This package is installed by default. Starting with 8.1, SuSE Linux contains a traceroute program rewritten by Olaf Kirch that does not require root privileges anymore. This version of traceroute is not vulnerable. Fixed packages are available from ftp.suse.com.

November 12, 2002 11:58 SuSE: remote command execution in kdenetwork

0
During a security review, the SuSE security team has found two vulnerabilities in the KDE lanbrowsing service. LISa is used to identify CIFS and other servers on the local network. The first vulnerability found is a buffer overflow in the lisa daemon, and can be exploited by an attacker on the local network to obtain root privilege on a machine running the lisa daemon. It is not exploitable on a default installation of SuSE Linux, because the lisa daemon is not started by default. The second vulnerability is a buffer overflow in the lan:// URL handler. It can possibly be exploited by remote attackers to gain access to the victim user's account, for instance by causing the user to follow a bad lan:// link in a HTML document. Fixed packages are available from ftp.suse.com.

November 12, 2002 11:54 Debian: New masqmail packages fix buffer overflows

0
A set of buffer overflows have been discovered in masqmail, a mail transport agent for hosts without permanent internet connection. In addition to this privileges were dropped only after reading a user supplied configuration file. Together this could be exploited to gain unauthorized root access to the machine on which masqmail is installed. Fixed packages are available from security.debian.org.

November 11, 2002 16:02 Debian: New klisa packages fix buffer overflow

0
iDEFENSE reports a security vulnerability in the klisa package, that provides a LAN information service similar to "Network Neighbourhood", which was discovered by Texonet. It is possible for a local attacker to exploit a buffer overflow condition in resLISa, a restricted version of KLISa. The vulnerability exists in the parsing of the LOGNAME environment variable, an overly long value will overwrite the instruction pointer thereby allowing an attacker to seize control of the executable. Fixed packages are available from security.debian.org.

November 11, 2002 15:53 Red Hat: New PHP packages fix vulnerability in mail function

0
PHP versions up to and including 4.2.2 contain vulnerabilities in the mail() function allowing local script authors to bypass safe mode restrictions and possibly allowing remote attackers to insert arbitrary mail headers and content into the message. Fixed packages are available from updates.redhat.com.

No avatar November 09, 2002 00:00 Maximum Linux Security

10
Maximum Linux Security's author is clearly ignorant of cryptographer Bruce Schneier's claim that "Security is a process, not a product." At its best, this book is a catalogue of useful security tools. However, very little context is provided for these tools. There is no discussion of particular vulnerabilities and how they are exploited, of network architecture and the difficulties inherent in TCP/IP networking, or of application-level problems.

November 08, 2002 12:23 Debian: New html2ps packages fix arbitrary code execution

0
The SuSE Security Team found a vulnerability in html2ps, a HTML to PostScript converter, that opened files based on unsanitized input insecurely. This problem can be exploited when html2ps is installed as filter within lrpng and the attacker has previously gained access to the lp account. Fixed packages are available from security.debian.org.

November 07, 2002 12:41 Debian: New squirrelmail packages fix cross site scriptin...

0
Several cross site scripting vulnerabilities have been found in squirrelmail, a feature-rich webmail package written in PHP4. User input is not always sanitized so execution of arbitrary code on a client computer is possible. This can happen after following a malicious URL or by viewing a malicious addressbook entry. Another problem could make it possible for an attacker to gain sensitive information under some conditions. When a malformed argument is appended to a link, an error page will be generated which contains the absolute pathname of the script. However, this information is available through the Contents file of the distribution anyway. Fixed packages are available from security.debian.org.

November 07, 2002 12:40 Red Hat: Updated kerberos packages available

0
Kerberos is a network authentication system. A stack buffer overflow has been found in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4), which is part of the the MIT krb5 distribution. This vulnerability is present in version 1.2.6 and earlier of the MIT krb5 distribution and can be exploited to gain unauthorized root access to a KDC host. The attacker does not need to authenticate to the daemon to successfully perform this attack. Fixed packages are available from updates.redhat.com.

November 07, 2002 08:37 Debian: buffer overflow in Window Maker

0
Al Viro found a problem in the image handling code use in Window Maker, a popular NEXTSTEP like window manager. When creating an image it would allocate a buffer by multiplying the image width and height, but did not check for an overflow. This makes it possible to overflow the buffer. This could be exploited by using specially crafted image files (for example when previewing themes). Fixed packages are available from security.debian.org.

November 07, 2002 06:03 Red Hat: Updated glibc packages fix vulnerabilities in re...

0
The GNU C library package, glibc, contains standard libraries used by multiple programs on the system. A read buffer overflow vulnerability exists in the glibc resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes and can cause applications to crash. Fixed packages are available from updates.redhat.com.

November 06, 2002 13:08 Debian: New luxman packages fix local root exploit

0
iDEFENSE reported about a vulnerability in LuxMan, a maze game for GNU/Linux, similar to the PacMan arcade game. When successfully exploited it a local attacker with read write access to the Memory, leading to a local root compromise in many ways, examples of which include scanning the file for fragments of the master password file and modifying kernel memory to re-map system calls. Fixed packages are available from security.debian.org.

November 05, 2002 12:03 SuSE: remote command execution in perl-MailTools

0
The SuSE Security Team reviewed critical Perl modules, including the Mail::Mailer package. This package contains a security hole which allows remote attackers to execute arbitrary commands in certain circumstances. This is due to the usage of mailx as default mailer which allows commands to be embedded in the mail body. Vulnerable to this attack are custom auto reply programs or spam filters which use Mail::Mailer directly or indirectly. Fixed packages are available from ftp.suse.com.

November 05, 2002 12:01 Debian: New Apache-SSL packages fix several vulnerabilities

0
According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache package, a commonly used webserver. Most of the code is shared between the Apache and Apache-SSL packages, so vulnerabilities are shared as well. These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross scripting attack, or steal cookies from other web site users. Vulnerabilities in the included lecacy programs htdigest, htpasswd and ApacheBench can be exploited when called via CGI. Additionally the insecure temporary file creation in htdigest and htpasswd can also be exploited locally. Fixed packages are available from security.debian.org.

November 04, 2002 11:17 Debian: New Apache packages fix several vulnerabilities

0
According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several remotely exploitable vulnerabilities have been found in the Apache package, a commonly used webserver. These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross scripting attack. Fixed packages are available from security.debian.org.

No avatar November 02, 2002 00:00 A Plea for Clear Theme Copyrights

9

This is a brief request on behalf of distribution maintainers, intended for those who produce and edit themes and their content. In it, I make a request for clarity and thoroughness in the copyright and license terms applied to themes, to make it easier to include your themes in Free Software distributions.

Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.