All articles

August 06, 2002 01:03 Debian: New krb5 packages fix integer overflow bug

0
An integer overflow bug has been discovered in the RPC library used by the Kerberos 5 administration system, which is derived from the SunRPC library. This bug could be exploited to gain unauthorized root access to a KDC host. It is believed that the attacker needs to be able to authenticate to the kadmin daemon for this attack to be successful. No exploits are known to exist yet. Fixed packages are available from security.debian.org.

August 05, 2002 07:07 Debian: New OpenAFS packages fix integer overflow bug

0
An integer overflow bug has been discovered in the RPC library used by the OpenAFS database server, which is derived from the SunRPC library. This bug could be exploited to crash certain OpenAFS servers (volserver, vlserver, ptserver, buserver) or to obtain unauthorized root access to a host running one of these processes. No exploits are known to exist yet. Fixed packages can be obtained from security.debian.org.

No avatar August 03, 2002 00:00 The Career Programmer

3
In "The Career Programmer", Christopher Duncan provides a very understandable, cogent summary of solid project management principles for technical projects. He also gives quite a few real world examples of how projects can go awry. However, his style alienates the audience that would benefit most from his message: Management.

August 02, 2002 06:01 Debian: New mpack packages fix buffer overflow

0
Eckehard Berns discovered a buffer overflow in the munpack program which is used for decoding (respectively) binary files in MIME (Multipurpose Internet Mail Extensions) format mail messages. If munpack is run on an appropriately malformed email (or news article) then it will crash, and perhaps can be made to run arbitrary code. Herbert Xu reported a second vulnerability which affected malformed filenames that refer to files in upper directories like "../a". The security impact is limited, though, because only a single leading "../" was accepted and only new files can be created (i.e. no files will be overwritten). Fixed packages can be obtained from security.debian.org.

August 01, 2002 09:52 Debian: New libpng packages fix buffer overflow

0
Developers of the PNG library have fixed a buffer overflow in the progressive reader when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. Such deliberately malformed datastreams would crash applications which could potentially allow an attacker to execute malicious code. Programs such as Galeon, Konquerer and various others make use of these libraries. Fixed packages are available from security.debian.org.

August 01, 2002 09:50 Debian: New super packages fix local root exploit

0
GOBBLES found an insecure use of format strings in the super package. The included program super is intended to provide access to certain system users for particular users and programs, similar to the program super. Exploiting this format string vulnerability a local user can gain unauthorized root accesss. Fixed packages are available from security.debian.org.

August 01, 2002 07:59 SuSE: remote privilege escalation in wwwoffle

0
The WWWOFFLE, World Wide Web Offline Explorer, program suite acts as a HTTP, FTP and Finger proxy to allow users with dial-up access to the internet to do offline WWW browsing. The parsing code of wwwoffled that processes HTTP PUT and POST requests fails to handle a Content Length value smaller then -1. It is believed that an attacker could exploit this bug to gain remote wwwrun access to the system wwwoffled is running on. Fixed packages are available from ftp.suse.com.

August 01, 2002 02:59 Debian: Remote execution exploit in gallery

0
A problem was found in gallery (a web-based photo album toolkit): it was possible to pass in the GALLERY_BASEDIR variable remotely. This made it possible to execute commands under the uid of web-server. Fixed packages are available from security.debian.org.

August 01, 2002 01:18 Red Hat: Updated mm packages fix temporary file handling

0
The MM library provides an abstraction layer which allows related processes to share data easily. On systems where shared memory or other inter-process communication mechanisms are not available, the MM library emulates them using temporary files. MM is used in Red Hat Linux to providing shared memory pools to Apache modules. Versions of MM up to and including 1.1.3 open temporary files in an unsafe manner, allowing a malicious local user to cause an application which uses MM to overwrite any file to which it has write access. Updated packages are available from updates.redhat.com.

August 01, 2002 01:15 SuSE: local privilege escalation in mod_ssl/mm

0
This security announcement covers two different errors in packages used by and used with the apache package. The first bug is an off-by-one overflow in the code responsible for handling configuration directives in mod_ssl, the apache module that enables apache to serve SSL encrypted http protocol. This vulnerability allows a local attacker to use a specially prepared .htaccess file for a denial of service attack against a webserver child, resulting in an increased resource usage overhead on busy webservers, or possibly to execute arbitrary commands as the webserver user (wwwrun in the SuSE case). The second bug is a temporary file handling problem in libmm (package name is "mm"), a library for communication between forked processes using IPC semaphores, IPC shared memory and/or shared mmap()'ed files. The vulnerability allows a local attacker to gain root privileges once she has succeeded to gain the (local) privileges of the user wwwrun on the system running the apache webserver. Fixed packages are available from ftp.suse.com.

July 31, 2002 03:59 Debian: New mm packages fix insecure temporary file creation

0
Marcus Meissner and Sebastian Krahmer discovered and fixed a temporary file vulnerability in the mm shared memory library. This problem can be exploited to gain root access to a machine running Apache which is linked against this library, if shell access to the user "www-data" is already available (which could easily be triggered through PHP). Fixed packages are available from

July 31, 2002 03:05 SuSE: remote command execution in openssl

0
The openssl package provides encryption functions and is used by many applications on SuSE products. Several buffer overflows have been discovered in the OpenSSL library affecting the SSL implementation, as well as a signedness issue in the ASN.1 decoding routines. Fixed packages are available from ftp.suse.com.

July 30, 2002 10:38 Red Hat: Updated openssl packages fix remote vulnerabilities

0
OpenSSL is a commercial-grade, full-featured, and Open Source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. A security audit of the OpenSSL code sponsored by DARPA found several buffer overflows in OpenSSL which affect versions 0.9.7 and 0.9.6d and earlier. Updated packages are available from updates.redhat.com.

July 30, 2002 10:24 Debian: Multiple OpenSSL problems

0
The OpenSSL development team has announced that a security audit by A.L. Digital Ltd and The Bunker, under the DARPA CHATS program, has revealed remotely exploitable buffer overflow conditions in the OpenSSL code. Additionaly, the ASN1 parser in OpenSSL has a potential DoS attack independently discovered by Adi Stav and James Yonan. Fixed packages are available from security.debian.org.

July 29, 2002 11:18 Red Hat: Updated util-linux package fixes password lockin...

0
The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The 'chfn' utility included in this package allows users to modify personal information stored in the system-wide password file, /etc/passwd. In order to modify this file, this application is installed setuid root. Under certain conditions, a carefully crafted attack sequence can be performed to exploit a complex file locking and modification race present in this utility allowing changes to be made to /etc/passwd. Updated packages are available from updates.redhat.com.

No avatar July 27, 2002 00:00 XML and PHP

2
"XML and PHP" is designed to teach you just one thing: How to use PHP to create XML-based applications. Unlike some of the heavier books out there, it does not attempt to cover every single PHP function; rather, it zooms in on the XML API built into PHP and illustrates, with some well-thought-out examples, how they can be applied to different situations.

July 25, 2002 01:40 Red Hat: Updated glibc packages fix vulnerabilities in re...

0
The glibc package contains standard libraries which are used by multiple programs on the system. A buffer overflow vulnerability has been found in the way the glibc resolver handles the resolution of network names and addresses via DNS (as per Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are affected. A system would be vulnerable to this issue if the "networks" database in /etc/nsswitch.conf includes the "dns" entry. By default, Red Hat Linux ships with "networks" set to "files" and is therefore not vulnerable to this issue. A second, related, issue is a bug in the glibc-compat packages, which provide compatibility for applications compiled against glibc version 2.0.x. Applications compiled against this version (such as those distributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also be vulnerable to this issue. Updated packages can be obtained from updates.redhat.com.

No avatar July 20, 2002 00:00 Early Adopter Curl

18
Curl is an attempt to replace HTML, JavaScript, Java, and Flash with a single easy-to-learn language platform. Since I am a computer language junkie, it didn't take much convincing to get me to try Curl. To dive into new technology, I like to quickly devour a book on the subject, and, fortunately, there was one available. It proved to be sufficient for the task, despite some shortcomings.

July 17, 2002 01:23 Red Hat: Updated mod_ssl packages available

0
The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Versions of mod_ssl prior to 2.8.10 are subject to a single NULL overflow that can cause arbitrary code execution. In order to exploit this vulnerability, the Apache Web server has to be configured to allow overriding of configuration settings on a per-directory basis, and untrusted local users must be able to modify a directory in which the server is configured to allow overriding. The local attacker may then become the user that Apache is running as (usually 'www' or 'nobody'). Updated packages can be obtained from updates.redhat.com.

No avatar July 13, 2002 00:00 How To Use freshmeat

49
This article is a lost cause. Five minutes after it appears on freshmeat, one of you will come up with another clever feature, scoop will implement it, and this will be out-of-date. (In fact, it's happened as I was writing it, and required a revision.) More importantly, the people who most need to read it... won't. Still, like many lost causes, it's a noble one, so let's give it a try.

July 09, 2002 01:13 SuSE: possible remote code execution in squid

0
squid is a web proxy cache contained but not installed and activated by default on SuSE products. Several security related bugs have been found in all squid packages contained in SuSE products. These bugs are being fixed in updated packages and cover modifications in the gopher client code, the FTP directory listing parser that generates HTML output, FTP protocol sanity checks concerning server address comparison between control and data connection, in the MSNT auth helper as well as in proxy authentication forwarding code. The updated packages also contain non-security relevant additions as suggested by the squid developers. The severity of the errors in the package range from harmless to critical. The gopher client bugs as well as the bug in the FTP directory parsing code are believed to be exploitable in the sense of being able to remotely execute code introduced by the attacker. The packages can be obtained from ftp.suse.com.

July 09, 2002 01:10 Red Hat: New Squid packages available

0
Squid is a high-performance proxy caching server. A problem was found in the code used by Squid to handle compressed DNS replies where a malicious DNS server could cause Squid to crash, several buffer overflows have been found in the MSNT auth helper (msnt_auth) when configured to use denyusers or allowusers access control files, several buffer overflows were found in the gopher client of Squid, a problem was found in the handling of the FTP data channel, possibly allowing abuse of the FTP proxy to bypass firewall rules or inject false FTP replies, and several possible buffer overflows were found in the code parsing FTP directories, potentially allowing an untrusted FTP server to crash Squid. Updated packages can be obtained from updates.redhat.com

No avatar July 06, 2002 00:00 The Hacker Ethic

4
Pekka Himanen's "The Hacker Ethic" is an intriguing, if ultimately disappointing, book. It suffers from being both unsure of its audience and overly broad in its claims.

July 03, 2002 04:04 Debian: buffer overflow/DoS in libapache-mod-ssl

0
The libapache-mod-ssl package provides SSL capability to the apache webserver. Recently, a problem has been found in the handling of .htaccess files, allowing arbitrary code execution as the web server user (regardless of ExecCGI / suexec settings), DoS attacks (killing off apache children), and allowing someone to take control of apache child processes - all trough specially crafted .htaccess files. Fixed packages can be obtained from security.debian.org.

July 01, 2002 03:18 Red Hat: Updated OpenSSH packages fix various security is...

0
OpenSSH provides an implementation of the SSH (secure shell) protocol used for logging into and executing commands on remote machines. Versions of the OpenSSH server between 2.3.1 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. Fixed packages are available from updates.redhat.com.

No avatar June 29, 2002 00:00 XML Software

6
There are two separate groups of XML software: Low-level, configurable software designed to work with any XML-based format, and high-level, special-purpose software designed to work with one or more specific XML formats. Like most people writing about XML, I will focus on the first group, which includes low-level tools and libraries like parsers, editors, browsers, transformation engines, and search and query tools.

June 26, 2002 14:24 Details about the OpenSSH vulnerability disclosed

4
The ISS recently discovered a vulnerability within the "challenge-response" authentication mechanism in the OpenSSH daemon (sshd). This mechanism, part of the SSH2 protocol, verifies a user's identity by generating a challenge and forcing the user to supply a number of responses. It is possible for a remote attacker to send a specially-crafted reply that triggers an overflow. This can result in a remote denial of service attack on the OpenSSH daemon or a complete remote compromise. The OpenSSH daemon runs with superuser privilege, so remote attackers can gain superuser access by exploiting this vulnerability. OpenSSH supports the SKEY and BSD_AUTH authentication options. These are compile-time options. At least one of these options must be enabled before the OpenSSH binaries are compiled for the vulnerable condition to be present.

June 26, 2002 04:02 SuSE: Unknown vulnerability in OpenSSH

0
The OpenSSH/OpenBSD team has asked Linux vendors to upgrade their platforms to OpenSSH 3.3, and change the configuration to use the relatively new "Privilege Separation" code. According to their information, 3.3 does not fix the vulnerability, but using privilege separation prevents exploits. Setting PrivilegeSeparation to on causes large portions of the daemon to run in a so-called "chroot jail", i.e. in a very restricted environment. An attacker breaking this part of the SSH daemon will not obtain full root privilege (as he would if sshd ran without this option), but will find himself in an empty directory, inside a process running as a non privileged user (he can still do some harm this way, but it's a far cry from full root powers). Updated packages can be obtained from ftp.suse.com.

June 24, 2002 18:37 Debian: OpenSSH remote vulnerability

6
Theo de Raadt announced that the OpenBSD team is working with ISS on a remote exploit for OpenSSH (a free implementation of the Secure SHell protocol). They are refusing to provide any details on the vulnerability but instead are advising everyone to upgrade to the latest release, version 3.3. Packages for Debian are available from security.debian.org.

No avatar June 22, 2002 00:00 The Book of Zope

0
Zope is perhaps the best known of the Python Web publishing frameworks. It includes its own Web server (though you can run it behind Apache or IIS, for example), FTP server, and ACID-compliant object database. There is more to it than that, but that's Zope in a nutshell.
Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.