Articles / Security

All articles tagged with Security

March 07, 2001 03:10 Debian: New version of sgml-tools available

0
Former versions of sgml-tools created temporary files directly in /tmp in an insecure fashion. Version 1.0.9-15 and higher create a subdirectory first and open temporary files within that directory. Fixed packages are available from security.debian.org.

March 07, 2001 03:09 Debian: New versions of Athena Widget replacement librari...

0
It has been reported that the AsciiSrc and MultiSrc widget in the Athena widget library handle temporary files insecurely. Joey Hess has ported the bugfix from XFree86 to these Xaw replacements libraries. Updated packages can be obtained from security.debian.org.

March 07, 2001 03:08 Debian: New version of Midnight Commander available

0
It has been reported that a local user could tweak Midnight Commander of another user into executing a random program under the user id of the person running Midnight Commander. This behaviour has been fixed by Andrew V. Samoilov. Updated packages can be obtained from security.debian.org.

March 07, 2001 03:07 Debian: New version of man2html available

0
It has been reported that one can tweak man2html remotely into consuming all available memory. This has been fixed by Nicolás Lichtmaier with help of Stephan Kulow. Updated packages are available from security.debian.org.

March 07, 2001 03:05 Debian: New version of ePerl packages available

0
When eperl is installed setuid root, it can switch to the UID/GID of the scripts owner. Although Debian doesn't ship the program setuid root, this is a useful feature which people may have activated locally. When the program is used as /usr/lib/cgi-bin/nph-eperl the bugs could lead into a remote vulnerability as well. Fixed packages are available from security.debian.org.

March 07, 2001 03:04 Debian: New versions of analog available

0
The author of analog, Stephen Turner, has found a buffer overflow bug in all versions of analog except of version 4.16. A malicious user could use an ALIAS command to construct very long strings which were not checked for length and boundaries. This bug is particularly dangerous if the form interface (which allows unknown users to run the program via a CGI script) has been installed. There doesn't seem to be a known exploit. Fixed packages can be obtained from security.debian.org.

March 06, 2001 03:14 Debian: New proftpd packages released

0
Two problems have been reported for the version of proftpd in Debian 2.2 (potato). There is a configuration error in the postinst script, when the user enters 'yes', when asked if anonymous access should be enabled. The postinst script wrongly leaves the 'run as uid/gid root' configuration option in /etc/proftpd.conf, and adds a 'run as uid/gid nobody' option that has no effect. The second bug comes up when /var is a symlink, and proftpd is restarted. When stopping proftpd, the /var symlink is removed; when it's started again a file named /var is created. Fixed packages are available from security.debian.org.

March 02, 2001 02:35 Red Hat: Updated joe packages are available

0
When starting, joe looks for a configuration file in the current working directory, the user's home directory, and /etc/joe. A malicious user could create a .joerc file in a world writable directory such as /tmp and make users running joe inside that directory using a .joerc file that is customized to execute commands with their own userids. The current working directory has been removed from the list of possible directories with the .joerc configuration file. Updated packages are available from updates.redhat.com.

February 26, 2001 15:00 Red Hat: New Zope packages available

0
New Zope packages are available which fix numerous security vulnerabilities. See the body of the advisory for details. Updated packages for Red Hat Powertools 6.2 and 7.0 are available from updates.redhat.com.

February 23, 2001 05:20 Red Hat: Updated analog packages are available

0
Previous releases of analog were vulnerable to a buffer overflow vulnerability where a malicious user could use an ALIAS command to construct very long strings which were not checked for length. This bug was discovered by the program author, and there is no known exploit. Updated packages are available from

February 19, 2001 02:24 Red Hat: New vixie-cron packages available

0
A buffer overflow existed in the 'crontab' command; if called by a user with a username longer than 20 characters. If the system administrator has created usernames of that length, it would be possible for those users to gain elevated privileges. Fixed packages are available from updates.redhat.com

February 12, 2001 03:22 Debian: Multiple security problems in X

1
Chris Evans, Joseph S. Myers, Michal Zalewski, Alan Cox, and others have noted a number of problems in several components of the X Window System sample implementation (from which XFree86 is derived). While there are no known reports of real-world malicious exploits of any of these problems, it is nevertheless suggested that you upgrade your XFree86 packages immediately. New packages are available from security.debian.org.

February 11, 2001 06:02 Debian: New version of proftpd released

0
Three problems have been reported for the version of proftpd in Debian 2.2 (potato) involving a memory leak in the SIZE command, a similar memory leak in the USER command, and some format string vulnerabilities. All three of the above vulnerabilities have been corrected, the updated packages are available from security.debian.org.

February 09, 2001 04:18 Red Hat: Three security holes fixed in new kernel

2
Three security holes have been fixed in the kernel. One involves ptrace, another involves sysctl, and the last is specific to some Intel CPUs. All three security holes involve local access only (they do not provide a hole to remote attackers without a local account). The ptrace and sysctl bugs provide local users with the potential to compromise the root account. Neither has an active exploit available at the time of this writing. The last security hole is a DOS (Denial Of Service) that does not provide access to the root account but does allow any user with shell access the ability to halt the CPU. The procedure for upgrading the kernel is documented at www.redhat.com.

February 08, 2001 03:41 Debian: New OpenSSH packages released

0
Prior versions of OpenSSH are vulnerable to a remote arbitrary memory overwrite attack which may eventually lead into a root exploit. No exploit program is known yet but expected to come up soon. Also, CORE-SDI has described a problem with regards to RSA key exchange and a Bleichenbacher attack to gather the session key from an ssh session. Both problems have been fixed and updated packages are available from security.debian.org.

February 08, 2001 03:36 Debian: New man-db packages released

0
Styx has reported that the program `man' mistakenly passes malicious strings (i.e. containing format characters) through routines that were not meant to use them as format strings. Since this could cause a segmentation fault and privileges were not dropped it may lead to an exploit for the 'man' user. Fixed packages may be obtained from security.debian.org.

February 06, 2001 03:08 Red Hat: Updated XEmacs packages available for Red Hat Li...

0
The XEmacs package as shipped with Red Hat Linux 7 has a security problem with gnuserv and gnuclient, due to a buffer overflow and weak security. This update also fixes other minor problems in XEmacs and adds MULE support. The packages are available from updates.redhat.com.

January 30, 2001 02:53 Red Hat: Updated inetd packages available

0
The inetd server as shipped with Red Hat Linux 6.2 fails to close sockets for internal service properly. This could make services stop working when the system had leaked sufficient resources.

January 29, 2001 02:48 Red Hat: Updated bind packages available

0
Some security problems, including a remotely exploitable information leak allowing anyone to read the stack, have been found in bind versions prior to 8.2.3. Updated packages are available from updates.redhat.com.

January 29, 2001 02:45 Debian: New version of BIND 8 released

0
BIND 8 suffered from several buffer overflows. It is possible to construct an inverse query that allows the stack to be read remotely exposing environment variables. CERT has disclosed information about these issues. A new upstream version fixes this. Updated packages are available from security.debian.org.

January 27, 2001 02:47 Debian: New version of cron released

0
The FreeBSD team has found a bug in the way new crontabs were handled which allowed malicious users to display arbitrary crontab files on the local system. This only affects valid crontab files so can't be used to get access to /etc/shadow or something. crontab files are not especially secure anyway, as there are other ways they can leak. No passwords or similar sensitive data should be in there.
Screenshot

Project Spotlight

milter manager

A flexible and low administrative cost anti-spam system.

Screenshot

Project Spotlight

PyQt

Python bindings for the Qt GUI toolkit