The ifup-dhcp script which is part of the sysconfig package is responsible for setting up network-devices using configuration data obtained from a DHCP server by the dhcpcd DHCP client. It is possible for remote attackers to feed this script with evil data via spoofed DHCP replies for example. This way ifup-dhcp could be tricked into executing arbitrary commands as root. Fixed packages are available from ftp.suse.com
The imlib library can be used by X11 applications to handle various kinds of image data. Imlib could, under certain circumstances, revert to using a netpbm library which is well known to have security problems and should not be used for handling untrusted data. Furthermore a heap corruption could occur in the imlib code. An attacker could send a maliciously formated image file to trigger a Denial-of-Service attack or even execute arbitrary code on the victim's machine. Fixed packages are available from ftp.suse.com
Recently, I downloaded about 2,000 free fonts. Most of them are of high quality, but you can easily imagine my problem: There are just too many of them for one graphics designer. I don’t have time to browse through them all to find the one optimal for my needs.
The Nautilus file manager (used by default in the GNOME desktop environment) writes metadata files containing information about files and directories that have been visited in the file manager. The metadata file code in Red Hat Linux 7.2 can be tricked into chasing a symlink and overwriting the symlink target. Fixed packages are available from updates.redhat.com
mod_python versions 2.7.6 and earlier allow a module which is indirectly imported by a published module to then be accessed by the publisher handler. This could allow a remote attacker to abuse imported modules leading to file modifications or more serious breaches. Fixed packages are available from updates.redhat.com
The default stylesheet used when converting a DocBook document to multiple HTML files allows an untrusted document to write files outside of the current directory. This is because element identifiers (specified in the document) are used to form the names of the output files. If an untrusted document uses a full pathname as an identifier, it can cause that file to be written to -- as long as the
user performing the conversion has write access. Fixed packages are available from updates.redhat.com
So, you've just gotten a PalmOS-based PDA... now what? Here are some
suggestions for Open Source Software/Free Software available for the Palm,
grouped into the following topics: electronic books, games,
miscellaneous software, and how to locate other software. I'll close
with a few comments about the future of Palms.
Themes.org has become part of freshmeat today. I'd like to share a
short history of the site and explain the reasons behind the decision
to do this.
The sudo program allows local users to execute certain configured commands with root priviledges. Sudo contains a heap overflow in its prompt assembling function. The input used to create the password prompt is user controlled and not properly length-checked before copied to certain heap locations. This allows local attackers to overflow the heap of sudo, thus executing arbitrary commands as root. We would like to thank GlobalInterSec for finding and researching this vulnerability. Fixed packages are available from ftp.suse.com
The radius daemon as shipped with the radiusd-cistron package is responsible for the RADIUS authentication service in networks and therefore considered a security critical application. ZARAZA reported security releated bugs in various radius server and client software. The list of vulnerable servers includes the cistron radius package. Within the cistron package, a buffer overflow in the digest calculation function and miscalculations of attribute lengths have been fixed which could allow remote attackers to execute arbitrary commands on the system running the radius server. Beside the cistron radius package the following radius packages have been vulnerable to the same attacks and have been fixed: freeradius, radiusclient and livingston-radius. Fixed packages are available from ftp.suse.com
Like computers on large heterogeneous environments, networked printers
and other peripherals have vulnerabilities that can lead to exposure
of data, denial of service, and gateways for attacks on other
systems. Yet, while many organizations seek to protect their
computers, they ignore printers and other peripherals. In this
articles, I'll discuss general attacks against printers and other
peripherals, with specifics on known vulnerabilities in several brands
of printers, and propose possible solutions to keep both computers and
networked peripherals from attack.
fc found a buffer overflow in the variable expansion code used by sudo for its prompt. Since sudo is necessarily installed suid root a local user can use this to gain root access. Fixed packages are available from security.debian.org
The sudo (superuser do) utility allows system administrators to give certain
users the ability to run commands as root with logging. Global InterSec LLC found an issue with Sudo 1.6.5p2 and earlier which can be exploited to allow a local attacker to gain root privileges. Fixed packages are available from updates.redhat.com
I'm afraid to read Linux Device Drivers. It's not that I didn't do a
good first reading; of course I did. It's not that I'm not prepared.
I read K and R (The C Programming Language), lovingly doing every
exercise, around 1986, and have used C on-and-off since then. These
days, I read man pages and info documentation on a daily basis, and am
thoroughly comfortable with compiling and installing kernels. You
will need these skills to read Linux Device Drivers.
An internal audit by the xpilot (a multi-player tactical manoeuvring game for X) maintainers revealed a buffer overflow in xpilot server. This overflow can be abused by remote attackers to gain access to the server under which the xpilot server is running. Fixed packages are available from security.debian.org
A cross-site scripting (CSS) problem was discovered in Horde and IMP (a web based IMAP mail package). This was fixed upstream in Horde version 1.2.8 and IMP version 2.2.8. The relevant patches have been back-ported to version 1.2.6-0.potato.5 of the horde package and version 2.2.6-0.potato.5 of the imp package.
Fixed packages are available from security.debian.org
There are lots of reasons to like Ruby. It's a pure object oriented
language. The syntax is elegant, and the use of blocks creates a
novel feel. Another reason to like Ruby is its scalability. I don't
mean scalability in the performance sense, but in regards to how you
can code simple Ruby macros to solve small problems and also use Ruby
in its object oriented form to support very large or complex
The Secure Programming Group of the Oulu University, Sweden released a testing suite for SNMP implementations. Several bugs could be triggered in the ucd-snmpd code by using this testing suite. These bugs lead to remote denial-of-service attacks and may possibly exploited to break system security remotely. Updated packages can be obtained from ftp.suse.com
Versions of LogWatch 2.1.1 and earlier have a vulnerability due to a race condition during the creation of a temporary directory. This vulnerability can allow a local user to gain root privileges. An additional race condition was found in versions of LogWatch 2.5 and earlier. Fixed packages can be obtained from updates.redhat.com
Each year, more money is spent on security, and each year, there are
more incidents, more losses, and greater average losses. 2001 set
records for security spending, security vulnerabilities, attacks, and
security losses. 2002 is expected to be worse. It should be obvious
that the security industry is missing something critical when it comes
to reigning in the losses caused by security incidents. The potential
for tens or hundreds of thousands of systems to be compromised
literally overnight is a systemic failure that must be corrected. The
increased reliance on the Internet and other networked systems makes
developing a real and workable preventive solution for computer
security an economic necessity. A security process that can keep
systems secure in spite of their vulnerabilities is becoming a
necessity. The current vulnerability-driven security process is just
not up to the challenge.
It's been a little over a year since the major code revision that led
to freshmeat ][. The Web waits for no man, and the time has come to
make sure we're in step with recent developments. Today, we're happy
to announce our new name and our plans to incorporate important new
technologies into the site.
The telephony software category includes applications that let you
communicate via voice and/or video through the Internet to other
people, software that lets you set up a software-based telephony PBX
based on standard hardware, tools that let you analyze data from or
control legacy telephony switchgears, and small, simple pieces of
software that let you set up an answering machine using an old voice
type of attack, but the conversion was incomplete. Fixed packages can be obtained from security.debian.org
On my Linux Users Group's mailing list, an old question recently
surfaced again: What book would you recommend for someone who is new
to Unix (but not to computers)? I didn't have any suggestions at the
time, but after looking at "The Linux Cookbook", I do. It's a book I
wish I'd had when I started, and one I'm happy to have beside me now.
Imlib versions prior to 1.9.13 would fall back to loading images via the NetPBM package, which has various problems that make it unsuitable for loading untrusted images. Imlib 1.9.13 also fixes various problems in arguments passed to malloc(). These problems may allow attackers to construct images that, when loaded by a viewer using Imlib, could cause crashes or potentially the execution of arbitrary code. Fixed packages are available from updates.redhat.com
Janusz Niewiadomski and Wojciech Purczynski reported a buffer overflow
in the address_match of listar (a listserv style mailing-list manager). Fixed packages are available from security.debian.org
Remember those heady days of the mid-to-late 1990s? When Webmonkey
was required daily reading, Hotdog and HoTMetaL Pro were the "cool"
HTML editors (though vi and Notepad predominated), and the Browser
Wars were relevant? When virtually all Web sites were collections of
static pages, even if generated via some dynamic process(es) such as
VB widgets or Perl scripts? When Perl CGIs and .shtml pages were the
only true approximation of dynamic Web development available? When
Java still meant coffee, ASP was a snake, and Linus was a character in
the Peanuts cartoon? Remember? Ah, the bad old days.
The compression library zlib has a flaw in which it attempts to free memory more than once under certain conditions. This can possibly be exploited to run arbitrary code in a program that includes zlib. If a network application running as root is linked to zlib, this could potentially lead to a remote root compromise. No exploits are known at this time. This vulnerability is assigned the CVE candidate name of
CAN-2002-0059. Fixed packages are available from security.debian.org
The zlib compression library is being used by many applications to provide data compression/decompression routines. An error in a decompression routine can corrupt the internal data structures of malloc by a double call to the free() function. If the data processed by the compression library is provided from an untrusted source, it may be possible for an attacker to interfere with the process using the zlib routines. The attack scenario includes a denial of service attack and memory/data disclosure, but it may also be possible to insert arbitrary code into the running program and to execute this code. This update fixes the known problems in the libz/zlib as a permanent fix. There exists no temporary workaround that can efficiently remedy the problem. Fixed packages are available from ftp.suse.com
Several security related problems have been found in the xtell package, a simple messaging client and server. In detail, these problems contain several buffer overflows, a problem in connection with symbolic links, unauthorized directory traversal when the path contains "..". These problems could lead into an attacker being able to execute arbitrary code on the server machine. The server runs with
nobody privileges by default, so this would be the account to be exploited. Fixed packages are available from security.debian.org