Articles / Security

All articles tagged with Security

May 30, 2002 11:44 Red Hat: Updated nss_ldap packages fix pam_ldap vulnerabi...

0
The pam_ldap module provides authentication for user access to a system by consulting a directory using LDAP. Versions of pam_ldap prior to version 144 include a format string bug in the logging function. The packages included in this erratum update pam_ldap to version 144, fixing this bug. Fixed packages are available from updates.redhat.com.

May 29, 2002 10:07 SuSE: remote command execution in tcpdump

0
The tcpdump program may be used to capture and decode network traffic. Tcpdump decodes certain packets such as AFS requests in a wrong way resulting in a buffer overflow. Since running tcpdump requires root privileges this may lead to a root compromise of the system running tcpdump. Additionally, libpcap on which most network monitoring programs rely also contained overflows which however are only exploitable by local attackers if you installed programs using libpcap setuid. Fixed packages can be obtained from ftp.suse.com.

May 27, 2002 04:44 Red Hat: Buffer overflow in UW imap daemon

0
UW imapd is an IMAP daemon from the University of Washington. Version 2000c and previous versions have a bug that allows a malicious user to construct a malformed request which overflows an internal buffer, enabling that user to execute commands on the server with the user's UID/GID. Fixed packages are available from updates.redhat.com.

May 23, 2002 01:23 SuSE: remote command execution in dhcp

0
The "Dynamic Host Configuration Protocol" (DHCP) server from the Internet Software Consortium allows hosts on a TCP/IP network to request and be assigned IP addresses, and also to discover information about the network to which they are attached. A remote exploitable format string vulnerability was found in the logging routines of the dynamic DNS code of dhcpd. This vulnerability allows an attacker, usually within the LAN served by the DHCP server, to get remote root access to the host running dhcpd. Fixed packages are available from ftp.suse.com.

May 22, 2002 01:05 Red Hat: Updated fetchmail packages available

0
When retrieving mail from an IMAP server, the fetchmail e-mail client will allocate an array to store the sizes of the messages which it will attempt to fetch. The size of the array is determined by the number of messages that the server claims to have. Unpatched versions of fetchmail prior to 5.9.10 did not check whether the number of e-mails the server claimed was too high, allowing a malicious server to cause the fetchmail process to write data outside of the array bounds. Updated packages are available from updates.redhat.com.

May 18, 2002 00:58 Red Hat: New imlib packages available

0
Imlib versions prior to 1.9.13 would fall back to loading images via the NetPBM package, which has various problems making it unsuitable for loading untrusted images. Imlib 1.9.13 also fixes various problems in arguments passed to malloc(). These problems may allow attackers to construct images that, when loaded by a viewer using Imlib, could cause crashes or potentially the execution of arbitrary code. Fixed packages are available from updates.redhat.com

May 17, 2002 01:05 Red Hat: Updated mpg321 packages available

0
mpg321 is a GPL command-line mp3 player. It is possible for mpg321 before version 0.2.9 to segfault if given certain specifically crafted data. In the case of network streaming, this data would be remotely supplied, which could lead to remote code execution. Fixed packages are available from updates.redhat.com.

May 16, 2002 15:12 SuSE: remote command execution in lukemftp

0
Lukemftp is a comfortable ftp client from NetBSD. A buffer overflow could be triggered by an malicious ftp server while the client parses the PASV ftp command. An attacker who control an ftp server to which a client using lukemftp is connected can gain remote access to the clients machine with the privileges of the user running lukeftp. Fixed packages are available from ftp.suse.com.

May 16, 2002 15:10 SuSE: local privilege escalation in shadow

0
The shadow package contains several useful programs to maintain the entries in the /etc/passwd and /etc/shadow files. The SuSE Security Team discovered a vulnerability that allows local attackers to destroy the contents of these files or to extend the group privileges of certain users. This is possible by setting evil filesize limits before invoking one of the programs modifying the system files. Depening on the permissions of the system binaries this allows a local attacker to gain root privileges in the worst case. This however is not possible in a default installation. Fixed packages are available from ftp.suse.com.

May 16, 2002 01:08 Red Hat: Updated Mozilla packages fix a security issue

0
One component of the XML Extras package in Mozilla 0.9.9 and earlier allows remote attackers to read arbitrary files and list directories on a client system. This exploit is performed by opening a URL that redirects the browser to the file on the client and reading the results using the responseText property. Fixed packages are available from updates.redhat.com.

May 15, 2002 01:13 Updated sharutils package fixes uudecode issue

0
The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. The uudecode utility would create an output file without checking to see if it was about to write to a symlink or a pipe. If a user uses uudecode to extract data into open shared directories, such as /tmp, this vulnerability could be used by a local attacker to overwrite files or lead to privilege escalation. Fixed packages are available from updates.redhat.com.

May 10, 2002 15:06 Red Hat: perl-Digest-MD5 UTF8 bug results in incorrect MD...

0
A bug in utf8 interaction between perl-Digest-MD5 and Perl results in utf8 strings having improper MD5 digests. This update works around the problem and provides correct checksums for all input. Fixed packages are available from updates.redhat.com.

May 08, 2002 06:57 SuSE: remote command execution in sysconfig

0
The ifup-dhcp script which is part of the sysconfig package is responsible for setting up network-devices using configuration data obtained from a DHCP server by the dhcpcd DHCP client. It is possible for remote attackers to feed this script with evil data via spoofed DHCP replies for example. This way ifup-dhcp could be tricked into executing arbitrary commands as root. Fixed packages are available from ftp.suse.com.

May 07, 2002 09:16 SuSE: remote privilege escalation in imlib

0
The imlib library can be used by X11 applications to handle various kinds of image data. Imlib could, under certain circumstances, revert to using a netpbm library which is well known to have security problems and should not be used for handling untrusted data. Furthermore a heap corruption could occur in the imlib code. An attacker could send a maliciously formated image file to trigger a Denial-of-Service attack or even execute arbitrary code on the victim's machine. Fixed packages are available from ftp.suse.com.

May 03, 2002 01:06 Red Hat: Updated Nautilus for symlink vulnerability writi...

0
The Nautilus file manager (used by default in the GNOME desktop environment) writes metadata files containing information about files and directories that have been visited in the file manager. The metadata file code in Red Hat Linux 7.2 can be tricked into chasing a symlink and overwriting the symlink target. Fixed packages are available from updates.redhat.com.

May 03, 2002 01:04 Red Hat: Updated mod_python packages available

0
mod_python versions 2.7.6 and earlier allow a module which is indirectly imported by a published module to then be accessed by the publisher handler. This could allow a remote attacker to abuse imported modules leading to file modifications or more serious breaches. Fixed packages are available from updates.redhat.com.

May 01, 2002 13:03 Red Hat: Insecure DocBook stylesheet option

0
The default stylesheet used when converting a DocBook document to multiple HTML files allows an untrusted document to write files outside of the current directory. This is because element identifiers (specified in the document) are used to form the names of the output files. If an untrusted document uses a full pathname as an identifier, it can cause that file to be written to -- as long as the user performing the conversion has write access. Fixed packages are available from updates.redhat.com.

April 30, 2002 17:26 SuSE: local privilege escalation in sudo

0
The sudo program allows local users to execute certain configured commands with root priviledges. Sudo contains a heap overflow in its prompt assembling function. The input used to create the password prompt is user controlled and not properly length-checked before copied to certain heap locations. This allows local attackers to overflow the heap of sudo, thus executing arbitrary commands as root. We would like to thank GlobalInterSec for finding and researching this vulnerability. Fixed packages are available from ftp.suse.com.

April 29, 2002 09:05 SuSE: remote command execution in radiusd-cistron

0
The radius daemon as shipped with the radiusd-cistron package is responsible for the RADIUS authentication service in networks and therefore considered a security critical application. ZARAZA reported security releated bugs in various radius server and client software. The list of vulnerable servers includes the cistron radius package. Within the cistron package, a buffer overflow in the digest calculation function and miscalculations of attribute lengths have been fixed which could allow remote attackers to execute arbitrary commands on the system running the radius server. Beside the cistron radius package the following radius packages have been vulnerable to the same attacks and have been fixed: freeradius, radiusclient and livingston-radius. Fixed packages are available from ftp.suse.com.

April 26, 2002 01:05 Debian: sudo buffer overflow

0
fc found a buffer overflow in the variable expansion code used by sudo for its prompt. Since sudo is necessarily installed suid root a local user can use this to gain root access. Fixed packages are available from security.debian.org.

April 26, 2002 01:02 Red Hat: Updated sudo packages are available

0
The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root with logging. Global InterSec LLC found an issue with Sudo 1.6.5p2 and earlier which can be exploited to allow a local attacker to gain root privileges. Fixed packages are available from updates.redhat.com.

April 17, 2002 05:28 Debian: buffer overflow in xpilot-server

0
An internal audit by the xpilot (a multi-player tactical manoeuvring game for X) maintainers revealed a buffer overflow in xpilot server. This overflow can be abused by remote attackers to gain access to the server under which the xpilot server is running. Fixed packages are available from security.debian.org.

April 17, 2002 05:26 Debian: Horde and IMP cross-site scripting attack

0
A cross-site scripting (CSS) problem was discovered in Horde and IMP (a web based IMAP mail package). This was fixed upstream in Horde version 1.2.8 and IMP version 2.2.8. The relevant patches have been back-ported to version 1.2.6-0.potato.5 of the horde package and version 2.2.6-0.potato.5 of the imp package. Fixed packages are available from security.debian.org.

April 09, 2002 01:22 SuSE: remote denial-of-service in ucd-snmp

1
The Secure Programming Group of the Oulu University, Sweden released a testing suite for SNMP implementations. Several bugs could be triggered in the ucd-snmpd code by using this testing suite. These bugs lead to remote denial-of-service attacks and may possibly exploited to break system security remotely. Updated packages can be obtained from ftp.suse.com.

April 06, 2002 00:28 Red Hat: Race conditions in logwatch

0
Versions of LogWatch 2.1.1 and earlier have a vulnerability due to a race condition during the creation of a temporary directory. This vulnerability can allow a local user to gain root privileges. An additional race condition was found in versions of LogWatch 2.5 and earlier. Fixed packages can be obtained from updates.redhat.com.

March 28, 2002 10:33 Debian: New analog packages fix cross-site scripting vuln...

0
Yuji Takahashi discovered a bug in analog which allows a cross-site scripting type attack. It is easy for an attacker to insert arbitrary strings into any web server logfile. If these strings are then analysed by analog, they can appear in the report. By this means an attacker can introduce arbitrary Javascript code, for example, into an analog report produced by someone else and read by a third person. Analog already attempted to encode unsafe characters to avoid this type of attack, but the conversion was incomplete. Fixed packages can be obtained from security.debian.org.

March 21, 2002 16:43 Red Hat: New imlib packages available

1
Imlib versions prior to 1.9.13 would fall back to loading images via the NetPBM package, which has various problems that make it unsuitable for loading untrusted images. Imlib 1.9.13 also fixes various problems in arguments passed to malloc(). These problems may allow attackers to construct images that, when loaded by a viewer using Imlib, could cause crashes or potentially the execution of arbitrary code. Fixed packages are available from updates.redhat.com.

March 19, 2002 15:51 Debian: buffer overflow in listar

0
Janusz Niewiadomski and Wojciech Purczynski reported a buffer overflow in the address_match of listar (a listserv style mailing-list manager). Fixed packages are available from security.debian.org.

March 13, 2002 02:27 Debian: New zlib & other packages fix buffer overflow

0
The compression library zlib has a flaw in which it attempts to free memory more than once under certain conditions. This can possibly be exploited to run arbitrary code in a program that includes zlib. If a network application running as root is linked to zlib, this could potentially lead to a remote root compromise. No exploits are known at this time. This vulnerability is assigned the CVE candidate name of CAN-2002-0059. Fixed packages are available from security.debian.org.

March 13, 2002 02:25 SuSE: remote command execution in libz/zlib

0
The zlib compression library is being used by many applications to provide data compression/decompression routines. An error in a decompression routine can corrupt the internal data structures of malloc by a double call to the free() function. If the data processed by the compression library is provided from an untrusted source, it may be possible for an attacker to interfere with the process using the zlib routines. The attack scenario includes a denial of service attack and memory/data disclosure, but it may also be possible to insert arbitrary code into the running program and to execute this code. This update fixes the known problems in the libz/zlib as a permanent fix. There exists no temporary workaround that can efficiently remedy the problem. Fixed packages are available from ftp.suse.com.
Screenshot

Project Spotlight

milter manager

A flexible and low administrative cost anti-spam system.

Screenshot

Project Spotlight

PyQt

Python bindings for the Qt GUI toolkit