Articles / Security

All articles tagged with Security

January 24, 2002 11:53 Red Hat: Updated 2.4 kernel available

0
Larry McVoy has discovered a problem in the CIPE (VPN tunnel) implementation, where a malformed packet could cause a crash. Andrew Griffiths has discovered a vulnerability that allows remote machines to read random memory using a bug in the Linux ICMP implementation. However, 2.4 kernels after version 2.4.0-test6 and 2.2 kernels after version 2.2.18 have this bug fixed. All Red Hat Linux 2.4 kernels have this fix and are not vulnerable to this bug. Fixed packages are available from updates.redhat.com.

January 23, 2002 15:52 Red Hat: Updated OpenLDAP packages available

0
Versions of OpenLDAP from 2.0.0 through 2.0.19 do not check permissions using access control lists when a user attempts to remove an attribute from an object in the directory by replacing its values with an empty list. Because schema checking is still enforced, a user can only remove attributes which the schema does not require the object to possess. Fixed packages are available from updates.redhat.com.

January 23, 2002 15:50 Red Hat: Updated at package available

0
A server running the latest version of at could have commands that depend on the current environment (for example, the PATH) which would then fail or run incorrectly because the environment would not be accessible when the command was executed at a later time. Additionally, in versions of Red Hat Linux prior to 7.2 a malicious local user could specify an execution time is in a carefully drafted format causing a heap corruption bug. Since the at command is installed as setuid root this bug can be exploited. Fixed packages are available from updates.redhat.com.

January 21, 2002 02:08 Debian: enscript creates temporary files insecurely

0
The version of enscript (a tool to convert ASCII text to different formats) has been found to create temporary files insecurely. Fixed packages are available from security.debian.org.

January 19, 2002 05:58 Red Hat: Updated enscript packages fix temporary file han...

0
GNU enscript is a program for converting ASCII files to PostScript(TM). When it creates temporary files, it does so with predictable filenames in a manner that would follow symbolic links. This could allow a local user to overwrite files written by the user running enscript, or read the contents of the temporary files. Fixed packages are available from updates.redhat.com.

January 17, 2002 16:10 Red Hat: The uuxqt utility can be used to execute arbitra...

0
uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain uid and gid uucp privileges by calling uux and specifying an alternate configuration file with the --config option. Fixed packages are available from updates.redhat.com.

January 16, 2002 06:09 Debian: New at packages fix heap corruption vulnerability

0
zen-parse found a bug in the current implementation of at which leads into a heap corruption vulnerability which in turn could potentially lead into an exploit of the daemon user. Fixed packages are available from security.debian.org.

January 16, 2002 00:57 Red Hat: Updated sudo packages available

0
Versions of sudo prior to 1.6.4 would not clear the environment before sending an email notification about unauthorized sudo attempts, making it possible for an attacker to supply parameters to the mail program. In the worst case, this could lead to a local root exploit. Fixed packages are available from updates.redhat.com.

January 16, 2002 00:56 Red Hat: Updated pine packages available

0
Pine (version 4.43 and earlier) as released with all currently supported versions of Red Hat Linux (6.2, 7, 7.1, 7.2), contains a URL handling bug. This bug can allow a malicious attacker to cause arbitrary commands embedded in a URL to be executed on the users system upon attempting to view the URL. Fixed packages are available from updates.redhat.com.

January 16, 2002 00:53 Red Hat: Updated xchat packages available

0
xchat is a popular IRC client. Recently xchat has been found to contain a bug in the CTCP PING handling code which can be exploited to execute IRC commands on the IRC server as the vulnerable user. This can be used for example by an attacker to /op or /deop, to /kick someone out of a channel, to force the vulnerable user out of the channel with a /part, to change channel modes via the /mode command, or to impersonate a user via private /msg commands. Fixed packages are available from updates.redhat.com.

January 14, 2002 12:43 Red Hat: New groff packages available to fix security pro...

0
Groff is a document formatting system. The groff preprocessor contains an exploitable buffer overflow. If groff can be invoked within the LPRng printing system, an attacker can gain rights as the "lp" user. Remote exploitation may be possible if lpd is running and is accessible remotely, and the attacker knows the name of the printer and spoolfile. Fixed packages are available from updates.redhat.com.

January 14, 2002 09:21 Debian: New CIPE packages fix DoS attack

0
Larry McVoy found a bug in the packet handling code for the CIPE VPN package: it did not check if a received packet was too short and could crash. Fixed packages are available from security.debian.org.

January 14, 2002 09:20 Debian: New sudo packages fix local root exploit

0
Sebastian Krahmer from SuSE found a vulnerability in sudo which could easily lead into a local root exploit. Fixed packages are available from security.debian.org.

January 14, 2002 09:11 SuSE: local privilege escalation in sudo

0
The SuSE Security Team discovered a bug in the sudo program which is installed setuid to root. Attackers may trick "sudo" to log failed sudo invocations executing the sendmail program with root-privileges and not completely cleaned environment. Depending on the installed mail-package this may enable attackers to execute code as root. This is the case for at least the postfix mailer. Other mailers may be exploited in a similar way. Fixed packages are available from ftp.suse.com.

January 13, 2002 17:45 Debian: glibc buffer overflow

0
A buffer overflow has been found in the globbing code for glibc. This code which is used to glob patterns for filenames and is commonly used in applications like shells and FTP servers. Fixed packages are available from security.debian.org.

January 13, 2002 07:44 Debian: New gzip packages fix potential buffer overflow

0
GOBBLES found a buffer overflow in gzip that occurs when compressing files with really long filenames. Even though GOBBLES claims to have developed an exploit to take advantage of this bug, it has been said by others that this problem is not likely to be exploitable as other security incidents. Fixed packages are available from security.debian.org.

January 12, 2002 08:41 Debian: New XChat packages fix potential IRC session hija...

1
It is possible to trick XChat IRC clients into sending arbitrary commands to the IRC server they are on, potentially allowing social engineering attacks, channel takeovers, and denial of service. This problem exists in versions 1.4.2 and 1.4.3. Later versions of XChat are vulnerable as well, but this behaviour is controlled by the configuration variable \273percascii\253, which defaults to 0. If it is set to 1 then the problem becomes apparent in 1.6/1.8 as well.

January 10, 2002 02:09 Red Hat: New mutt packages available to fix security problem

0
An overflow exists in mutt's RFC822 address parser. A remote attacker could send a carefully crafted email message which when read by mutt would be able to overwrite arbitrary bytes in memory. Fixed packages are available from updates.redhat.com.

January 09, 2002 03:14 Debian: two libgtop security problems

0
Two different problems where found in libgtop-daemon: The laboratory intexxia found a format string problem in the logging code from libgtop_daemon. There were two logging functions which are called when authorizing a client which could be exploited by a remote user. Also, Flavio Veloso found a buffer overflow in the function that authorizes clients. Since libgtop_daemon runs as user nobody both bugs could be used to gain access as the nobody user to a system running libgtop_daemon. Fixed packages are available from security.debian.org.

January 08, 2002 02:42 SuSE: mutt local privilege escalation

0
mutt, a popular mail client for Linux-like systems, is vulnerable to a buffer overflow that is remotely exploitable. Patches have been added to the versions of mutt as shipped with the affected distributions to fix the problem. Fixed packages are available from ftp.suse.com.

January 04, 2002 04:01 Debian: uncontrolled program execution in Exim

0
Patrice Fournier discovered a bug in all versions of Exim older than Exim 3.34 and Exim 3.952. The Exim maintainer, Philip Hazel, writes about this issue: "The problem exists only in the case of a run time configuration which directs or routes an address to a pipe transport without checking the local part of the address in any way. This does not apply, for example, to pipes run from alias or forward files, because the local part is checked to ensure that it is the name of an alias or of a local user. The bug's effect is that, instead of obeying the correct pipe command, a broken Exim runs the command encoded in the local part of the address." Fixed packages are available from security.debian.org.

January 03, 2002 08:46 Debian: mutt buffer overflow

0
Joost Pol found a buffer overflow in the address handling code of mutt (a popular mail user agent). Even though this is a one byte overflow this is exploitable. Fixed packages are available from security.debian.org.

December 28, 2001 01:57 Debian: gpm (gpm-root) format string vulnerabilities

0
The package 'gpm' contains the 'gpm-root' program, which can be used to create mouse-activated menus on the console. Among other problems, the gpm-root program contains a format string vulnerability, which allows an attacker to gain root privileges. Fixed packages are available from security.debian.org.

December 24, 2001 17:16 SuSE: remote privilege escalation in glibc/shlibs, in.ftpd

0
The file globbing (matching filenames against patterns such as "*.bak") routines in the glibc exhibits an error that results in a heap corruption and that may allow a remote attacker to execute arbitrary commands from processes that take globbing strings from user input. Fixed packages are available from ftp.suse.com.

December 22, 2001 05:56 Red Hat: Updated Mailman packages available

0
A server running Mailmain versions prior to 2.0.8 will send certain user-modifiable data to clients without escaping embedded tags. This data may contain scripts which will then be executed by an unwary client, possibly transmitting private information to a third party. Fixed packages are available from updates.redhat.com.

December 16, 2001 03:29 Debian: mailman cross-site scripting problem

0
Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables. Fixed packages are available from security.debian.org.

December 15, 2001 03:55 RedHat: Updated glibc packages are available

0
An overflowable buffer exists in earlier versions of glibc glob(3) implementation. It may be possible to exploit programs that pass user modifiable input to the glibc glob function. Fixed packages are available from updates.redhat.com.

December 13, 2001 00:50 Debian: postfix memory exhaustion

0
Wietse Venema reported he found a denial of service vulnerability in postfix. The SMTP session log that postfix keeps for debugging purposes could grow to an unreasonable size. Fixed packages are available from security.debian.org.

December 07, 2001 00:34 SuSE: local privilege escalation in OpenSSH

0
This re-release of SuSE Security Announcement SuSE-SA:2001:044 adds another patch to the openssh-2.9.9p2 packages: A bug allows a local attacker on the server to specify environment variables that can influence the login process if the "UseLogin" configuration option on the server side is set to "yes". If exploited, the local attacker on the secure shell server can execute arbitrary commands as root. In the default configuration of the package, the UseLogin option is set to "no", which means that the administrator of the server must have set the option to "yes" manually before the bug can be exploited. Fixed packages are available from ftp.suse.com.

December 06, 2001 01:58 Debian: local root in wmtv

0
Nicolas Boullis found a nasty security problem in the wmtv (a dockable video4linux tv player for windowmaker) package as distributed in Debian GNU/Linux 2.2. wmtv can optionally run a command if you double-click on the tv window. This command can be specified using the -e command-line option. However since wmtv is installed suid root this command was also run as root, which gives local users a very simple way to get root access. Fixed packages are available from security.debian.org.
Screenshot

Project Spotlight

milter manager

A flexible and low administrative cost anti-spam system.

Screenshot

Project Spotlight

PyQt

Python bindings for the Qt GUI toolkit