All articles

March 11, 2002 14:31 Red Hat: Vulnerability in zlib library

0
While performing tests on the gdk-pixbuf library, Matthias Clasen created an invalid PNG image that caused libpng to crash. Upon further investigation, this turned out to be a bug in zlib 1.1.3 where certain types of input will cause zlib to free the same area of memory twice (called a "double free"). This bug can be used to crash any program that takes untrusted compressed input. Web browsers or email programs that display image attachments or other programs that uncompress data are particularly affected. This vulnerability makes it easy to perform various denial-of-service attacks against such programs. Fixed packages are available from updates.redhat.com.

March 11, 2002 00:45 Debian: New mod_ssl and Apache/SSL packages fix buffer ov...

0
Ed Moyle recently found a buffer overflow in Apache-SSL and mod_ssl. With session caching enabled, mod_ssl will serialize SSL session variables to store them for later use. These variables were stored in a buffer of a fixed size without proper boundary checks. To exploit the overflow, the server must be configured to require client certificates, and an attacker must obtain a carefully crafted client certificate that has been signed by a Certificate Authority which is trusted by the server. If these conditions are met, it would be possible for an attacker to execute arbitrary code on the server. Fixed packages are available from security.debian.org.

No avatar March 09, 2002 00:00 How to Build a Beowulf

4
I've set up two Beowulfs so far, and in both cases it involved gathering material from various Web sites and somehow putting it all together. I got everything up and running, but it was quite a "time sink" for me, so I was interested to receive a book entitled "How to Build a Beowulf". Finally, information regarding Beowulfs would be available in one place and I could save my bandwidth for other stuff!

March 08, 2002 16:55 Debian: ssh channel bug

0
Joost Pol reports that OpenSSH versions 2.0 through 3.0.2 have an off-by-one bug in the channel allocation code. This vulnerability can be exploited by authenticated users to gain root privilege or by a malicious server exploiting a client with this bug. Since Debian 2.2 (potato) shipped with OpenSSH (the "ssh" package) version 1.2.3, it is not vulnerable to this exploit. No fix is required for Debian 2.2 (potato).

March 08, 2002 12:33 Red Hat: Updated OpenSSH packages available

0
Joost Pol has discovered an off-by-one error in all versions of the OpenSSH daemon (sshd) prior to version 3.1. This issue could allow an authenticated user to cause sshd to corrupt its heap, potentially allowing arbitrary code to be executed on the remote server. Alternatively, a malicious SSH server could be crafted to attack a vulnerable OpenSSH client. Fixed packages are available from updates.redhat.com.

March 08, 2002 06:44 Red Hat: Updated mod_ssl packages available

0
When session caching is enabled, mod_ssl will serialize SSL session variables to store them for later use. Unpatched versions of mod_ssl prior to version 2.8.7 which use the 'shm' or 'dbm' session caches would store session variables using a buffer with a fixed size, making it vulnerable to overflow. To exploit the overflow, the server must be configured to require client certificates, and an attacker must obtain a carefully crafted client certificate that has been signed by a Certificate Authority which is trusted by the server. If these conditions are met, it would be possible for an attacker to execute arbitrary code on the server. Fixed packages are available from updates.redhat.com.

March 08, 2002 06:41 SuSE: local and remote command execution in OpenSSH

0
Joost Pol discovered an off-by-one bug in a routine in the openssh code for checking channel IDs. This bug can be exploited on the remote side by an already authenticated user, qualifying this bug as a local security vulnerability, and on the local side if a malicious server attacks the connected client, qualifying this bug as a remote vulnerability. If the error is being exploited, it leads to arbitrary code execution in the process under attack (either a local ssh client, attacking the userID of the client user, or a remote secure shell daemon that has an authenticated user session running, attacking the root account of the remote system). Fixed packages can be obtained from ftp.suse.com.

March 08, 2002 06:39 SuSE: remote command execution in squid

0
The widely used proxy-server squid contains a heap overflow in one of its URL constructing functions. Incorrect length-calculations for the user and passwd fields in ftp-URLs turned out to be the origin of the problem. Only users from hosts listed in squids ACL-files could trigger the overflow. The ftp-URL problem is not present in the 6.4, 7.0 and 7.1 distributions, but other security releated bugs have been fixed there. Fixed packages can be obtained from ftp.suse.com.

March 08, 2002 06:37 Debian: New xsane packages fix insecure temporary files

0
Tim Waugh found several insecure uses of temporary files in the xsane program, which is used for scanning. This was fixed for Debian/stable by moving those files into a securely created directory within the /tmp directory. Fixed packages are available from security.debian.org.

March 08, 2002 06:34 Debian: New CVS packages fix potential security problems

0
Kim Nielsen recently found an internal problem with the CVS server and reported it to the vuln-dev mailing list. The problem is triggered by an improperly initialized global variable. A user exploiting this can crash the CVS server, which may be accessed through the pserver service and running under a remote user id. It is not yet clear if the remote account can be exposed, through. Fixed packages are available from security.debian.org.

March 08, 2002 06:32 Debian: New CFS packages fix security problems

0
Zorgon found several buffer overflows in cfsd, a daemon that pushes encryption services into the Unix(tm) file system. We are not yet sure if these overflows can successfully be exploited to gain root access to the machine running the CFS daemon. However, since cfsd can easily be forced to die, a malicious user can easily perform a denial of service attack to it. Fixed packages are available from security.debian.org.

March 08, 2002 06:29 Debian: New PHP packages fix security problems

0
Stefan Esser, who is also a member of the PHP team, found several flaws in the way PHP handles multipart/form-data POST requests (as described in RFC1867) known as POST fileuploads. Each of the flaws could allow an attacker to execute arbitrary code on the victim's system. For PHP3 flaws contain a broken boundary check and an arbitrary heap overflow. For PHP4 they consist of a broken boundary check and a heap off by one error. Fixed packages are available from security.debian.org.

No avatar March 02, 2002 00:00 My Ergonomic Nightmare

23
A couple of years ago, I experienced the worst form of Repetitive Stress Injury, leading up to the dreaded Carpal Tunnel Syndrome. I responded by reducing my time with the keyboard, using ergonomic gadgets, following every bit of advice I could find, seeking medical help, adopting voice recognition software, and undergoing physical therapy, none of which provided a lasting solution. Not to be content, I kept looking for a permanent cure. Eventually, I found the cure in Muscle Learning Therapy, which brought about a remarkable recovery. In this article, I recount the experience of living through the trauma, despair, and recovery.

February 28, 2002 21:01 SuSE: remote command execution in php4

1
The e-matters team have found multiple remotely exploitable vulnerabilites in the source code responsible for file upload in the apache modules mod_php and mod_php4 (versions 3 and 4). The weakness can be used to have the webserver execute arbitrary code as supplied by the attacker. Fixed packages are available from ftp.suse.com.

February 28, 2002 20:59 Red Hat: Updated PHP packages are available

0
Updated PHP packages are available to fix vulnerabilities in the functions that parse multipart MIME data, which are used when uploading files through forms. Updates can be found on updates.redhat.com.

February 27, 2002 04:42 Red Hat: New squid packages available

0
New squid packages are available that fix various vulnerabilities. Some of these vulnerabilities could be used to perform a denial of service (DoS) attack or allow remote users to execute code as the user squid. They are available through updates.redhat.com.

February 25, 2002 08:45 SuSE: remote privilege escalation in cups

0
The well known Common Unix Printing System (CUPS) was found vulnerable to a buffer overflow in the Internet Printing Protocol (IPP) handling code. The buffer overflow could be exploited by a remote attacker as long as their IP address is allowed to connect to the CUPS server. Fixed packages are available from ftp.suse.com.

No avatar February 23, 2002 00:00 Weaving the Web

4
I finally got around to reading the book everyone told me not to bother with, and had a pleasant surprise, as I expected I might. While I'll admit that it's heavy going at times, it's also sadly underrated and misunderstood.

February 22, 2002 02:43 Debian: Updated ncurses4 compat packages are available

0
The ncurses library provides a terminal-independent method of screen handling. A problem has been found in ncurses version 5.0 that could cause a buffer overflow. This overflow could be locally exploited if the library is linked into a program that runs setuid or setgid. Red Hat Linux ships with a compatibility package 'ncurses4' that is actually based on ncurses version 5.0 but has been made ABI compatible with ncurses 4. No programs that ship with Red Hat Linux are exploitable. A program could only be exploited if it uses the ncurses 4 compatiblity package and if it is run setuid or setgid. Fixed packages are available from updates.redhat.com.

February 21, 2002 14:49 Debian: New GNUJSP packages fix directory and script sour...

0
Thomas Springer found a vulnerability in GNUJSP, a Java servlet that allows you to insert Java source code into HTML files. The problem can be used to bypass access restrictions in the web server. An attacker can view the contents of directories and download files directly rather then receiving their HTML output. This means that the source code of scripts could also be revealed. Fixed packages are available from security.debian.org.

February 19, 2002 05:45 Debian: New ncurses packages available

0
Several buffer overflows were fixed in the "ncurses" library in November 2000. Unfortunately, one was missed. This can lead to crashes when using ncurses applications in large windows. Fixed packages can be obtained from security.debian.org.

February 16, 2002 15:48 Debian: New hanterm packages fix buffer overflow

0
A set of buffer overflow problems have been found in hanterm, a Hangul terminal for X11 derived from xterm, that will read and display Korean characters in its terminal window. The font handling code in hanterm uses hard limited string variables but didn't check for boundaries. This problem can be exploited by a malicious user to gain access to the utmp group which is able to write the wtmp and utmp files. These files record login and logout activities. Fixed packages are available from security.debian.org.

No avatar February 16, 2002 00:00 How to Fix the Unix Configuration Nightmare

120
Unix is steadily evolving into something much easier to use. The trick is to find tools that make things friendlier, but which fit in well with existing tools and are easier for people to take and use for new projects.

February 15, 2002 01:02 Debian: Multiple SNMP vulnerabilities

0
The Secure Programming Group of the Oulu University did a study on SNMP implementations and uncovered multiple problems which can cause problems ranging from Denial of Service attacks to remote exploits. Fixed packages are available from security.debian.org.

February 14, 2002 01:13 Debian: New CUPS packages fix buffer overflow

0
The authors of CUPS, the Common UNIX Printing System, have found a potential buffer overflow bug in the code of the CUPS daemon where it reads the names of attributes. This affects all versions of CUPS. Fixed packages are available from security.debian.org.

February 13, 2002 08:11 Debian: New Faq-O-Matic packages fix cross-site scripting...

0
Due to unescaped HTML code Faq-O-Matic returned unverified scripting code to the browser. With some tweaking this enables an attacker to steal cookies from one of the Faq-O-Matic moderators or the admin. Cross-Site Scripting is a type of problem that allows a malicious person to make another person run some JavaScript in their browser. The JavaScript is executed on the victims machine and is in the context of the website running the Faq-O-Matic Frequently Asked Question manager. Fixed packages can be found at security.debian.org.

February 13, 2002 01:22 Red Hat: Updated ucd-snmp packages available

0
The Simple Network Management Protocol (SNMP) enables monitoring and configuration of network nodes. The Oulu University Secure Programming Group performed a vulnerability assessment of various SNMP implementations through syntax testing and test-suite creation. Updated packages are available from updates.redhat.com The test-suite showed several failures in the ucd-snmp tools in version 4.2.2 and earlier. These vulnerabilities can cause denial-of-service conditions, service interruptions, and in some cases could result in a remote security breach.

February 09, 2002 05:10 Red Hat: Updated at package available

0
A server running the latest version of at could have commands that depend on the current environment (for example, the PATH) which would then fail or run incorrectly because the environment would not be accessible when the command was executed at a later time. Additionally, in versions of Red Hat Linux prior to 7.2 a malicious local user could specify an execution time is in a carefully drafted format causing a heap corruption bug. Since the at command is installed as setuid root this bug can be exploited. Fixed packages are available from updates.redhat.com.

No avatar February 09, 2002 00:00 Build and Release Management

11
So, you want to write software? Don't forget that you'll need to build or package it, test it, fix some stuff, test it again, and ultimately release it... somehow. The "somehow" is the art and science of Build and Release Management.

February 08, 2002 06:08 Debian: New UUCP packages finally fix uucp uid/gid access

0
Zenith Parsec discovered a security hole in Taylor UUCP 1.06.1. It permits a local user to copy any file to anywhere which is writable by the uucp uid, which effectively means that a local user can completely subvert the UUCP subsystem, including stealing mail, etc. It was thought that this problem has been fixed with DSA 079-1, but that didn't fix all variations of the problem. Updated packages are available from security.debian.org.
Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.