All articles

June 20, 2002 01:07 Red Hat: Updated Apache packages fix chunked encoding issue

0
Versions of the Apache Web server up to and including 1.3.24 contain a bug in the routines which deal with requests encoded using "chunked" encoding. A carefully crafted invalid request can cause an Apache child process to call the memcpy() function in a way that will write past the end of its buffer, corrupting the stack. Fixed packages are available from updates.redhat.com.

June 19, 2002 12:58 SuSE: buffer overflow in Apache

1
There is a bug in the way the Apache web server handles HTTP requests that use "chunked mode". Chunked mode is a HTTP 1.1 feature that allows a client to send data as a sequence of chunks rather than en bloc. This is useful if it doesn't know the overall length of the content at the time it starts transmitting. Previous versions of apache did not properly detect incorrectly encoded chunks, which caused a buffer overflow on the stack. On 32bit architectures, this overflow cannot be exploited to inject code into the httpd process and gain access to the machine, because the overflow will always result in a segmentation fault, and the process will terminate. On 64bit architectures, it may be possible for an attacker to a exploit the buffer overflow to execute arbitary code with the privileges of the httpd process. Fixed packages are available from ftp.suse.com.

June 19, 2002 05:17 Debian: Apache chunk handling vulnerability

1
Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution on 64 bit architectures. This has been fixed in version 1.3.9-14.1 of the Debian apache package, as well as upstream versions 1.3.26 and 2.0.37. Fixed Debian packages are available from security.debian.org.

No avatar June 15, 2002 00:00 A Proposal for a True Internationalization

127
7bit character streams are the most secure against misinterpretation. When I send email, I leave everything else out (though we Germans have other symbols, too), just in case there is a machine that cannot handle it. It has become a whole lifestyle; to write everything in lower-case letters and put a smiley on the end of the line seems to express global thinking. But if we are honest, we know it expresses nothing but a deficiency in modern character processing. This heritage of the 70s (the start of Unix system distribution) is a hard hurdle to overcome. Fortunately, the need for usability is getting stronger and the pride of programmers and administrators is getting weaker. As a student of the Japanese language, I went trough many sleepless nights setting up user variables, input parsers, and terminal stuff, so I think I know the difficulties. With this article, I will try to express a proposal coming from both sides in me, the programmer and the user.

June 11, 2002 02:38 Red Hat: Updated mailman packages available

0
Updated mailman packages are now available for Red Hat Linux 7.2 and 7.3. These updates resolve a cross-site scripting vulnerability present in versions of Mailman prior to 2.0.11.

No avatar June 08, 2002 00:00 Templates in Ruby

4
Templates are a valuable tool in any programmer's toolkit. I'm not talking about C++ templates, in which new concrete classes are created by replacing variable types within a template class. I'm talking about text templates, in which a string contains markers for replacement items, which are replaced with values.

June 07, 2002 01:14 Red Hat: Several security issues in Ethereal

0
Ethereal is a package designed for monitoring network traffic on your system. Several security issues have been found in Ethereal, details of which can be found in the body of this article. Fixed packages are available from updates.redhat.com.

June 06, 2002 01:17 SuSE: remote denial of service attack in bind9

0
There is a bug in the BIND9 name server that is triggered when processing certain types of DNS replies. When this happens an assertion will fail, and named will log a message to the system log before exiting. This means a remote attacker can easily shut down the name server process. Fixed packages are available from ftp.suse.com.

June 05, 2002 03:28 Red Hat: Updated nss_ldap packages fix pam_ldap vulnerabi...

1
The pam_ldap module provides authentication for user access to a system by consulting a directory using LDAP. Versions of pam_ldap prior to version 144 include a format string bug in the logging function. Fixed packaes are available from updates.redhat.com.

June 05, 2002 03:27 Red Hat: Updated xchat packages fix /dns vulnerability

0
XChat is a popular cross-platform IRC client. Versions of XChat prior to 1.8.9 do not filter the response from an IRC server when a /dns query is executed. Because XChat resolves hostnames by passing the configured resolver and hostname to a shell, an IRC server may return a maliciously formatted response that executes arbitrary commands with the privileges of the user running XChat. Fixed packages are available from updates.redhat.com.

June 05, 2002 03:25 Red Hat: Updated bind packages fix denial of service attack

0
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. Versions of BIND 9 prior to 9.2.1 have a bug that causes certain requests to the BIND name server (named) to fail an internal consistency check, causing the name server to stop responding to requests. This can be used by a remote attacker to cause a denial of service (DOS) attack against name servers. Fixed packages are available from updates.redhat.com.

June 05, 2002 03:23 Red Hat: Ghostscript command execution vulnerability

0
Ghostscript is a program for displaying PostScript files or printing them to non-PostScript printers. An untrusted PostScript file can cause ghostscript to execute arbitrary commands due to insufficient checking. Since ghostscript is often used during the course of printing a document (and is run as user 'lp'), all users should install these fixed packages which are available through updates.redhat.com.

June 03, 2002 01:16 Debian: memory allocation error in ethereal

0
Ethereal versions prior to 0.9.3 were vulnerable to an allocation error in the ASN.1 parser. This can be triggered when analyzing traffic using the SNMP, LDAP, COPS, or Kerberos protocols in ethereal. This vulnerability was announced in the ethereal security advisory enpa-sa-00003 and has been given the proposed CVE id of CAN-2002-0353. This issue has been corrected in ethereal version 0.8.0-3potato for Debian 2.2 (potato). These packages can be obtained from security.debian.org.

June 03, 2002 01:15 Debian: in.uucpd string truncation problem

0
in.uucpd, an authentication agent in the uucp package, does not properly terminate certain long input strings. This has been corrected in uucp package version 1.06.1-11potato3 for Debian 2.2 (potato) and in version 1.06.1-18 for the upcoming (woody) release. These packages can be obtained from security.debian.org.

No avatar June 01, 2002 00:00 Linux Clustering Software

12
Just a few years ago, to most people, the terms "Linux cluster" and "Beowulf cluster" were virtually synonymous. However, these days, many people are realizing that Linux clusters can not only be used to make cheap supercomputers, but can also be used for high availability, load balancing, rendering farms, and more.

May 30, 2002 11:46 Red Hat: Updated tcpdump packages fix buffer overflow

0
tcpdump is a command-line tool for monitoring network traffic. Versions of tcpdump up to and including 3.6.2 have a buffer overflow that can be triggered when tracing the network by a bad NFS packet. Fixed packages are available from updates.redhat.com.

May 30, 2002 11:44 Red Hat: Updated nss_ldap packages fix pam_ldap vulnerabi...

0
The pam_ldap module provides authentication for user access to a system by consulting a directory using LDAP. Versions of pam_ldap prior to version 144 include a format string bug in the logging function. The packages included in this erratum update pam_ldap to version 144, fixing this bug. Fixed packages are available from updates.redhat.com.

May 29, 2002 10:07 SuSE: remote command execution in tcpdump

0
The tcpdump program may be used to capture and decode network traffic. Tcpdump decodes certain packets such as AFS requests in a wrong way resulting in a buffer overflow. Since running tcpdump requires root privileges this may lead to a root compromise of the system running tcpdump. Additionally, libpcap on which most network monitoring programs rely also contained overflows which however are only exploitable by local attackers if you installed programs using libpcap setuid. Fixed packages can be obtained from ftp.suse.com.

May 27, 2002 04:44 Red Hat: Buffer overflow in UW imap daemon

0
UW imapd is an IMAP daemon from the University of Washington. Version 2000c and previous versions have a bug that allows a malicious user to construct a malformed request which overflows an internal buffer, enabling that user to execute commands on the server with the user's UID/GID. Fixed packages are available from updates.redhat.com.

May 23, 2002 01:23 SuSE: remote command execution in dhcp

0
The "Dynamic Host Configuration Protocol" (DHCP) server from the Internet Software Consortium allows hosts on a TCP/IP network to request and be assigned IP addresses, and also to discover information about the network to which they are attached. A remote exploitable format string vulnerability was found in the logging routines of the dynamic DNS code of dhcpd. This vulnerability allows an attacker, usually within the LAN served by the DHCP server, to get remote root access to the host running dhcpd. Fixed packages are available from ftp.suse.com.

May 22, 2002 01:05 Red Hat: Updated fetchmail packages available

0
When retrieving mail from an IMAP server, the fetchmail e-mail client will allocate an array to store the sizes of the messages which it will attempt to fetch. The size of the array is determined by the number of messages that the server claims to have. Unpatched versions of fetchmail prior to 5.9.10 did not check whether the number of e-mails the server claimed was too high, allowing a malicious server to cause the fetchmail process to write data outside of the array bounds. Updated packages are available from updates.redhat.com.

May 18, 2002 00:58 Red Hat: New imlib packages available

0
Imlib versions prior to 1.9.13 would fall back to loading images via the NetPBM package, which has various problems making it unsuitable for loading untrusted images. Imlib 1.9.13 also fixes various problems in arguments passed to malloc(). These problems may allow attackers to construct images that, when loaded by a viewer using Imlib, could cause crashes or potentially the execution of arbitrary code. Fixed packages are available from updates.redhat.com

No avatar May 18, 2002 00:00 The Book of Linux Music and Sound

3
Musicians aren't always technically inclined. When they look for music software to run on their computers, they're apt to buy something for the Windows system they already have or believe the advice that anything artistic is supposed to be done on a Mac. Linux systems provide cheap and powerful alternatives, and this book tells you how to get started with them.

May 17, 2002 01:05 Red Hat: Updated mpg321 packages available

0
mpg321 is a GPL command-line mp3 player. It is possible for mpg321 before version 0.2.9 to segfault if given certain specifically crafted data. In the case of network streaming, this data would be remotely supplied, which could lead to remote code execution. Fixed packages are available from updates.redhat.com.

May 16, 2002 15:12 SuSE: remote command execution in lukemftp

0
Lukemftp is a comfortable ftp client from NetBSD. A buffer overflow could be triggered by an malicious ftp server while the client parses the PASV ftp command. An attacker who control an ftp server to which a client using lukemftp is connected can gain remote access to the clients machine with the privileges of the user running lukeftp. Fixed packages are available from ftp.suse.com.

May 16, 2002 15:10 SuSE: local privilege escalation in shadow

0
The shadow package contains several useful programs to maintain the entries in the /etc/passwd and /etc/shadow files. The SuSE Security Team discovered a vulnerability that allows local attackers to destroy the contents of these files or to extend the group privileges of certain users. This is possible by setting evil filesize limits before invoking one of the programs modifying the system files. Depening on the permissions of the system binaries this allows a local attacker to gain root privileges in the worst case. This however is not possible in a default installation. Fixed packages are available from ftp.suse.com.

May 16, 2002 01:08 Red Hat: Updated Mozilla packages fix a security issue

0
One component of the XML Extras package in Mozilla 0.9.9 and earlier allows remote attackers to read arbitrary files and list directories on a client system. This exploit is performed by opening a URL that redirects the browser to the file on the client and reading the results using the responseText property. Fixed packages are available from updates.redhat.com.

May 15, 2002 01:13 Updated sharutils package fixes uudecode issue

0
The sharutils package contains a set of tools for encoding and decoding packages of files in binary or text format. The uudecode utility would create an output file without checking to see if it was about to write to a symlink or a pipe. If a user uses uudecode to extract data into open shared directories, such as /tmp, this vulnerability could be used by a local attacker to overwrite files or lead to privilege escalation. Fixed packages are available from updates.redhat.com.

No avatar May 11, 2002 00:00 The Ruby Way

1
Many Ruby programmers learned the language from Andrew Hunt and Dave Thomas's excellent "Programming Ruby: The Pragmatic Programmer's Guide". For over a year, it was the only English language Ruby book available. Now, Hal Fulton's "The Ruby Way" comes at just the right time for those of us ready to move up to the next level.

May 10, 2002 15:06 Red Hat: perl-Digest-MD5 UTF8 bug results in incorrect MD...

0
A bug in utf8 interaction between perl-Digest-MD5 and Perl results in utf8 strings having improper MD5 digests. This update works around the problem and provides correct checksums for all input. Fixed packages are available from updates.redhat.com.
Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.