All articles

November 01, 2002 10:41 Debian: New log2mail packages fix several vulnerabilities

0
Enrico Zini discovered a buffer overflow in log2mail, a daemon for watching logfiles and sending lines with matching patterns via mail. The log2mail daemon is started upon system boot and runs as root. A specially crafted (remote) log message could overflow a static buffer, potentially leaving log2mail to execute arbitrary code as root. Fixed packages are available from security.debian.org.

October 31, 2002 10:27 Debian: New heimdal packages fix buffer overflows

0
A stack buffer overflow in the kadm_ser_wrap_in function in the Kerberos v4 administration server was discovered, which is provided by Heimdal as well. A working exploit for this kadmind bug is already circulating, hence it is considered serious. The roken library also contains a vulnerability which could lead to another root exploit. Fixed packages are available from security.debian.org.

October 31, 2002 06:06 SuSE: local privilege escalation and remote command execu...

0
The lprng package contains the "runlpr" program which allows the lp user to execute the lpr program as root. Local attackers can pass certain commandline arguments to lpr running as root, fooling it to execute arbitrary commands as root. This has been fixed. Additionally, the html2ps printfilter, which is installed as part of the LPRng print system, allowed remote attackers to execute arbitrary commands in the context of the lp user. These two issues combined allow attackers to mount a remote root attack. Fixed packages are available from ftp.suse.com.

October 31, 2002 05:54 SuSE: remote command execution in syslog-ng

0
The syslog-ng package is a portable syslog implementation which can be used as syslogd replacement. Syslog-ng contained buffer overflows in its macro expansion routines. These overflows could be triggered by remote attackers if certain configuration options were enabled. Syslog-ng is not used by default on SuSE Linux, and even if installed, the problematic options are not enabled by default. Fixed packages are available from ftp.suse.com.

October 30, 2002 13:46 Debian: New krb4 packages fix buffer overflow

0
Tom Yu and Sam Hartman of MIT discovered another stack buffer overflow in the kadm_ser_wrap_in function in the Kerberos v4 administration server. This kadmind bug has a working exploit code circulating, hence it is considered serious. Fixed packages are available from security.debian.org.

October 29, 2002 15:38 Debian: New krb5 packages fix buffer overflow

0
Tom Yu and Sam Hartman of MIT discovered another stack buffer overflow in the kadm_ser_wrap_in function in the Kerberos v4 administration server. This kadmind bug has a working exploit code circulating, hence it is considered serious. The MIT krb5 implementation includes support for version 4, including a complete v4 library, server side support for krb4, and limited client support for v4. Fixed packages are available from security.debian.org.

October 29, 2002 04:36 Debian: New kghostview packages fix buffer overflow

0
Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. The same code is present in kghostview which is part of the KDE-Graphics package. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim. Fixed packages are available from security.debian.org.

No avatar October 26, 2002 00:00 Linux Routers: A Primer For Network Administrators

3
Linux Routers is a quirky, very personal look at implementing TCP/IP networks using Linux servers by an obvious master of the field. Despite the book's subtitle, however, this book is much better suited for Linux system administrators thrown into the world of network administration than it is for network administrators who are looking to save money on hardware costs by moving to Linux.

October 25, 2002 09:53 Red Hat: Updated ypserv packages fixes memory leak

0
ypserv is an NIS authentication server. ypserv versions before 2.5 contain a memory leak that can be triggered remotely. When someone requests a map that doesn't exist, a previous mapname may be leaked. This happens, for instance, if you run "ypmatch foo aaaaaaaaaaaaaaaaaaaa". Repeated runs will result in the yp server using more and more memory, and running more slowly. It could also result in ypserv being killed due to the system being out of memory. Fixed packages are available from updates.redhat.com.

October 23, 2002 00:53 Debian: New mod_ssl packages fix cross site scripting

0
Joe Orton discovered a cross site scripting problem in mod_ssl, an Apache module that adds Strong cryptography (i.e. HTTPS support) to the webserver. The module will return the server name unescaped in the response to an HTTP request on an SSL port. Like the other recent Apache XSS bugs, this only affects servers using a combination of "UseCanonicalName off" (default in the Debian package of Apache) and wildcard DNS. This is very unlikely to happen, though. Apache 2.0/mod_ssl is not vulnerable since it already escapes this HTML. With this setting turned on, whenever Apache needs to construct a self-referencing URL (a URL that refers back to the server the response is coming from) it will use ServerName and Port to form a "canonical" name. With this setting off, Apache will use the hostname:port that the client supplied, when possible. This also affects SERVER_NAME and SERVER_PORT in CGI scripts. Fixed packages are available from security.debian.org.

October 21, 2002 18:05 SuSE: remote privilege escalation in postgresql

0
The PostgreSQL Object-Relational DBMS was found vulnerable to several security related buffer overflow problems. The buffer overflows are located in handling long datetime input, lpad() and rpad() function with multibyte, the repeat() function, as well as in the TZ and SET TIME ZONE environment variables. These bugs could just be exploited by attackers who have access to the postgresql server to gain the privileges postgres user ID . Fixed packages are available from ftp.suse.com.

October 21, 2002 17:58 Debian: New NIS packages fix information leak

0
Thorsten Kukuck discovered a problem in the ypserv program which is part of the Network Information Services (NIS). A memory leak in all versions of ypserv prior to 2.5 is remotely exploitable. When a malicious user could request a non-existing map the server will leak parts of an old domainname and mapname. Fixed packages are available from security.debian.org.

October 19, 2002 03:09 Red Hat: Updated Mozilla packages fix security vulnerabil...

0
Mozilla is an open source web browser. Versions of Mozilla previous to version 1.0.1 contain various security vulnerabilities. These vulnerabilities could be used by an attacker to read data off of the local hard drive, to gain information that should normally be kept private, and in some cases to execute arbitrary code. For more information on the specific vulnerabilities fixed please see the references below. Fixed packages are available from updates.redhat.com.

October 19, 2002 03:07 Debian: New gnome-gv packages fix buffer overflow

0
Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. The same code is present in gnome-gv. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim. Fixed packages are available from security.debian.org.

October 17, 2002 15:31 Debian: New PAM packages fix serious security violation i...

0
Paul Aurich and Samuele Giovanni Tonon discovered a serious security violation in PAM. Disabled passwords (i.e. those with '*' in the password file) were classified as empty password and access to such accounts is granted through the regular login procedure (getty, telnet, ssh). This works for all such accounts whose shell field in the password file does not refer to /bin/false. Only version 0.76 of PAM seems to be affected by this problem. Fixed packages are available from security.debian.org.

October 17, 2002 15:30 Debian: New Heimdal packages fix remote command execution

0
The SuSE Security Team has reviewed critical parts of the Heimdal package such as the kadmind and kdc server. While doing so several potential buffer overflows and other bugs have been uncovered and fixed. Remote attackers can probably gain remote root access on systems without fixes. Since these services usually run on authentication servers these bugs are considered very serious. Fixed packages are available from security.debian.org.

October 17, 2002 09:27 Red Hat: New kernel fixes local security issues

0
The Linux kernel handles the basic functions of the operating system. A security code audit of the 2.4 kernel found a number of possible local security vulnerabilities which could allow a local user to obtain elevated (root) privileges. The vulnerabilities were found in the ixj telephony card driver, the pcilynx firewire driver, and the bttv video capture card driver. Fixed packages are available from updates.redhat.com.

October 17, 2002 08:43 Red Hat: Updated xinetd packages fix denial of service vu...

0
Xinetd is a secure replacement for inetd, the Internet services daemon. Versions 2.3.4 through 2.3.7 of Xinetd leak file descriptors for the signal pipe to services that are launched by xinetd. This could allow an attacker to execute a DoS attack via the pipe. Fixed packages are available from updates.redhat.com.

October 17, 2002 02:48 Debian: New gv packages fix buffer overflow

0
Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim. Fixed packages are available from security.debian.org.

October 17, 2002 02:47 Debian: New syslog-ng packages fix buffer overflow

0
Péter Höltzl discovered a problem in the way syslog-ng handles macro expansion. When a macro is expanded a static length buffer is used accompanied by a counter. However, when constant chharacters are appended, the counter is not updated properly, leading to incorrect boundary checking. An attacker may be able to use specially crafted log messages inserted via UDP which overflows the buffer. Fixed packages are available from security.debian.org.

October 15, 2002 09:21 Red Hat: Command execution vulnerability in dvips

0
The dvips utility converts DVI format into PostScript(TM), and is used in Red Hat Linux as a print filter for printing DVI files. A vulnerability has been found in dvips which uses the system() function insecurely when managing fonts. Since dvips is used in a print filter, this allows local or remote attackers who have print access to carefully craft a print job that would allow them to execute arbitrary code as the user 'lp'. Fixed packages are available from updates.redhat.com.

October 15, 2002 09:18 Red Hat: Updated squirrelmail packages close cross-site s...

0
SquirrelMail is a webmail package written in PHP. Two vulnerabilities have been found that affect SquirrelMail version 1.2.7 and earlier. Cross-site scripting vulnerabilities allow remote attackers to execute script as other web users via addressbook.php, options.php, search.php, or help.php. It is possible for remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script. Fixed packages are available from updates.redhat.com.

October 14, 2002 12:48 SuSE: Remote root vulnerability in heartbeat

0
Heartbeat is a monitoring service that is used to implement failover in high-availablity environments. It can be configured to monitor other systems via serial connections, or via UDP/IP. Several format string bugs have been discovered in the heartbeat package. One of these format string bugs is in the normal path of execution, all the remaining ones can only be triggered if heartbeat is running in debug mode. Since heartbeat is running with root privilege, this problem can possibly be exploited by remote attackers, provided they are able to send packets to the UDP port heartbeat is listening on (port 694 by default). Fixed packages can be obtained from ftp.suse.com.

October 14, 2002 09:56 Debian: New heartbeat packages fix buffer overflows

0
Nathan Wallwork discovered a buffer overflow in heartbeat, a subsystem for High-Availability Linux. A remote attacker could send a specially crafted TCP packet that overflows a buffer, leaving heartbeat to execute arbitrary code as root. Fixed packages are available from security.debian.org.

No avatar October 12, 2002 00:00 The Antidesktop

89
Over the years, I've used 4Dwm, Afterstep, Blackbox, Enlightenment, FVWM, Icewm, KWM, PWM, Sawfish, Window Maker, and wmx, and played with many other window managers. I used Window Maker more than any other, but generally would only stick with one for a couple of months before getting restless and trying something else. Finally, though, I settled on a setup I've used exclusively for over a year. It's decidedly not for everyone, but may be of interest to some.

October 11, 2002 02:47 Red Hat: Updated packages fix PostScript and PDF security...

0
Both gv and ggv are applications which use the Ghostscript PostScript interpreter to display PostScript and PDF documents under the X Window System. Zen Parse found a local buffer overflow in gv version 3.5.8 and earlier. Under this vulnerability, an attacker can create a carefully crafted, malformed PDF or PostScript file that, when viewed using gv, executes arbitrary commands on the system. Because ggv contains code derived from gv, it has the same vulnerability. Fixed packages are available from updates.redhat.com.

October 09, 2002 11:57 Debian: New bugzilla packages fix privilege escalation

0
The developers of Bugzilla, a web-based bug tracking system, discovered a problem in the handling of more than 47 groups. When a new product is added to an installation with 47 groups or more and "usebuggroups" is enabled, the new group will be assigned a groupset bit using Perl math that is not exact beyond 2^48. This results in the new group being defined with a "bit" that has several bits set. As users are given access to the new group, those users will also gain access to spurious lower group privileges. Also, group bits were not always reused when groups were deleted. Fixed packages are available from security.debian.org.

October 08, 2002 16:45 Debian: New ht://Check packages fix cross site scripting ...

0
Ulf Harnhammer discovered a problem in ht://Check's PHP interface. The PHP interface displays information unchecked which was gathered from crawled external web servers. This could lead into a cross site scripting attack if somebody has control over the server responses of a remote web server which is crawled by ht://Check. Fixed packages are available from security.debian.org.

October 08, 2002 16:43 Debian: New fetchmail packages fix buffer overflows

0
Stefan Esser discovered several buffer overflows and a broken boundary check within fetchmail. If fetchmail is running in multidrop mode these flaws can be used by remote attackers to crash it or to execute arbitrary code under the user id of the user running fetchmail. Depending on the configuration this even allows a remote root compromise. Fixed packages are available from security.debian.org.

October 08, 2002 16:41 Red Hat: Updated fetchmail packages fix vulnerabilities

0
Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links such as SLIP and PPP connections. Two bugs have been found in the header parsing code in versions of Fetchmail prior to 6.1.0. The first bug allows a remote attacker to crash Fetchmail by sending a carefully crafted DNS packet. The second bug allows a remote attacker to carefully craft an email in such a way that when it is parsed by Fetchmail a heap overflow occurs, allowing remote arbitrary code execution. Both of these bugs are only exploitable if Fetchmail is being used in multidrop mode (using the "multiple-local-recipients" feature). Fixed packages are available from updates.redhat.com.
Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.