All articles

February 07, 2002 16:34 Debian: New wmtv packages fix symlink vulnerability

Nicolas Boullis found some security problems in the wmtv package (a dockable video4linux TV player for windowmaker) which is distributed in Debian GNU/Linux 2.2. With the current version of wmtv, the configuration file is written back as the superuser, and without any further checks. A mailicious user might use that to damage important files. Fixed packages are available from

January 31, 2002 03:29 Red Hat: New rsync packages available

rsync is a powerful tool used for mirroring directory structures across machines. rsync has been found to contain several signed/unsigned bugs in its I/O functions which are remotely exploitable. A remote user can crash the rsync server/client and execute code as the user running the rsync server or client. Fixed packages are available from

January 26, 2002 03:41 Debian: rsync remote exploit

Sebastian Krahmer found several places in rsync (a popular tool to synchronise files between machines) where signed and unsigned numbers were mixed which resulted in insecure code. This could be abused by remote users to write 0-bytes in rsync's memory and trick rsync into executing arbitrary code. Fixed packages are available from

January 25, 2002 11:12 SuSE: remote command execution in rsync

The rsync program allows users and administrators to synchronize files and whole directory structures on different machines. It is common practise to allow remote users to mirror ftp servers via anonymous rsync access. There exist several signedness bugs within the rsync program which allow remote attackers to write 0-bytes to almost arbitrary stack-locations, therefore being able to control the programflow and obtaining a shell remotely. These bugs have been fixed and the fixed packages may be obtained from

January 24, 2002 11:53 Red Hat: Updated 2.4 kernel available

Larry McVoy has discovered a problem in the CIPE (VPN tunnel) implementation, where a malformed packet could cause a crash. Andrew Griffiths has discovered a vulnerability that allows remote machines to read random memory using a bug in the Linux ICMP implementation. However, 2.4 kernels after version 2.4.0-test6 and 2.2 kernels after version 2.2.18 have this bug fixed. All Red Hat Linux 2.4 kernels have this fix and are not vulnerable to this bug. Fixed packages are available from

January 23, 2002 15:52 Red Hat: Updated OpenLDAP packages available

Versions of OpenLDAP from 2.0.0 through 2.0.19 do not check permissions using access control lists when a user attempts to remove an attribute from an object in the directory by replacing its values with an empty list. Because schema checking is still enforced, a user can only remove attributes which the schema does not require the object to possess. Fixed packages are available from

January 23, 2002 15:50 Red Hat: Updated at package available

A server running the latest version of at could have commands that depend on the current environment (for example, the PATH) which would then fail or run incorrectly because the environment would not be accessible when the command was executed at a later time. Additionally, in versions of Red Hat Linux prior to 7.2 a malicious local user could specify an execution time is in a carefully drafted format causing a heap corruption bug. Since the at command is installed as setuid root this bug can be exploited. Fixed packages are available from

January 21, 2002 02:08 Debian: enscript creates temporary files insecurely

The version of enscript (a tool to convert ASCII text to different formats) has been found to create temporary files insecurely. Fixed packages are available from

January 19, 2002 05:58 Red Hat: Updated enscript packages fix temporary file han...

GNU enscript is a program for converting ASCII files to PostScript(TM). When it creates temporary files, it does so with predictable filenames in a manner that would follow symbolic links. This could allow a local user to overwrite files written by the user running enscript, or read the contents of the temporary files. Fixed packages are available from

No avatar January 19, 2002 00:00 High Tech (Ir)Responsibility

Want to sell your own product but not have to worry about those silly guarantees and liabilities? It's easy -- start your own high tech company!

January 17, 2002 16:10 Red Hat: The uuxqt utility can be used to execute arbitra...

uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain uid and gid uucp privileges by calling uux and specifying an alternate configuration file with the --config option. Fixed packages are available from

January 16, 2002 17:49 Hardware outage at freshmeat

As you may or may not have noticed, freshmeat has suffered from some major downtime from 11am EST to 5pm EST. Both database servers crashed hard and refused to boot with various kernel revisions and mylex driver modules. OSDN's netop staff worked hard to get a replacement machine up and running which neither cooperated nicely at first. The site is up in semi-stable state right now and searches are still disabled while we're working on getting the search database server back up and running. Please bear with us and sorry for the inconvenience.

January 16, 2002 06:09 Debian: New at packages fix heap corruption vulnerability

zen-parse found a bug in the current implementation of at which leads into a heap corruption vulnerability which in turn could potentially lead into an exploit of the daemon user. Fixed packages are available from

January 16, 2002 00:57 Red Hat: Updated sudo packages available

Versions of sudo prior to 1.6.4 would not clear the environment before sending an email notification about unauthorized sudo attempts, making it possible for an attacker to supply parameters to the mail program. In the worst case, this could lead to a local root exploit. Fixed packages are available from

January 16, 2002 00:56 Red Hat: Updated pine packages available

Pine (version 4.43 and earlier) as released with all currently supported versions of Red Hat Linux (6.2, 7, 7.1, 7.2), contains a URL handling bug. This bug can allow a malicious attacker to cause arbitrary commands embedded in a URL to be executed on the users system upon attempting to view the URL. Fixed packages are available from

January 16, 2002 00:53 Red Hat: Updated xchat packages available

xchat is a popular IRC client. Recently xchat has been found to contain a bug in the CTCP PING handling code which can be exploited to execute IRC commands on the IRC server as the vulnerable user. This can be used for example by an attacker to /op or /deop, to /kick someone out of a channel, to force the vulnerable user out of the channel with a /part, to change channel modes via the /mode command, or to impersonate a user via private /msg commands. Fixed packages are available from

January 14, 2002 12:43 Red Hat: New groff packages available to fix security pro...

Groff is a document formatting system. The groff preprocessor contains an exploitable buffer overflow. If groff can be invoked within the LPRng printing system, an attacker can gain rights as the "lp" user. Remote exploitation may be possible if lpd is running and is accessible remotely, and the attacker knows the name of the printer and spoolfile. Fixed packages are available from

January 14, 2002 09:21 Debian: New CIPE packages fix DoS attack

Larry McVoy found a bug in the packet handling code for the CIPE VPN package: it did not check if a received packet was too short and could crash. Fixed packages are available from

January 14, 2002 09:20 Debian: New sudo packages fix local root exploit

Sebastian Krahmer from SuSE found a vulnerability in sudo which could easily lead into a local root exploit. Fixed packages are available from

January 14, 2002 09:11 SuSE: local privilege escalation in sudo

The SuSE Security Team discovered a bug in the sudo program which is installed setuid to root. Attackers may trick "sudo" to log failed sudo invocations executing the sendmail program with root-privileges and not completely cleaned environment. Depending on the installed mail-package this may enable attackers to execute code as root. This is the case for at least the postfix mailer. Other mailers may be exploited in a similar way. Fixed packages are available from

January 13, 2002 17:45 Debian: glibc buffer overflow

A buffer overflow has been found in the globbing code for glibc. This code which is used to glob patterns for filenames and is commonly used in applications like shells and FTP servers. Fixed packages are available from

January 13, 2002 07:44 Debian: New gzip packages fix potential buffer overflow

GOBBLES found a buffer overflow in gzip that occurs when compressing files with really long filenames. Even though GOBBLES claims to have developed an exploit to take advantage of this bug, it has been said by others that this problem is not likely to be exploitable as other security incidents. Fixed packages are available from

January 12, 2002 08:41 Debian: New XChat packages fix potential IRC session hija...

It is possible to trick XChat IRC clients into sending arbitrary commands to the IRC server they are on, potentially allowing social engineering attacks, channel takeovers, and denial of service. This problem exists in versions 1.4.2 and 1.4.3. Later versions of XChat are vulnerable as well, but this behaviour is controlled by the configuration variable \273percascii\253, which defaults to 0. If it is set to 1 then the problem becomes apparent in 1.6/1.8 as well.

No avatar January 12, 2002 00:00 An Open Letter to Borland/Inprise Concerning Licensing

First, I want it to be clear that I have been a Borland customer for many years, and have used your products over competitors' offerings whenever possible. I feel that I cannot remain silent after reviewing your recent license agreements.

January 11, 2002 11:07 Old Appindex categories eliminated

We've been carrying our old 2-level categorization scheme with us since the date we switched to the freshmeat II codebase on Jan 30th 2001. Over the course of the past year, people have been able to move their projects from the old category scheme to the new scheme. We have also repeatedly contacted developers, encouraging them to update their project's categorization. Effective today, all categories left over from freshmeat I have been eliminated.

January 10, 2002 02:09 Red Hat: New mutt packages available to fix security problem

An overflow exists in mutt's RFC822 address parser. A remote attacker could send a carefully crafted email message which when read by mutt would be able to overwrite arbitrary bytes in memory. Fixed packages are available from

January 09, 2002 03:14 Debian: two libgtop security problems

Two different problems where found in libgtop-daemon: The laboratory intexxia found a format string problem in the logging code from libgtop_daemon. There were two logging functions which are called when authorizing a client which could be exploited by a remote user. Also, Flavio Veloso found a buffer overflow in the function that authorizes clients. Since libgtop_daemon runs as user nobody both bugs could be used to gain access as the nobody user to a system running libgtop_daemon. Fixed packages are available from

January 08, 2002 02:42 SuSE: mutt local privilege escalation

mutt, a popular mail client for Linux-like systems, is vulnerable to a buffer overflow that is remotely exploitable. Patches have been added to the versions of mutt as shipped with the affected distributions to fix the problem. Fixed packages are available from

No avatar January 05, 2002 00:00 Why You Might Want to Try Ruby

Ruby. Perhaps you've heard of it? "Oh, yeah, I think it's one of those new object oriented scripting languages", you say. I know a lot of you might be thinking "Not another new language! I'm perfectly happy with [COBOL|C|cshell|awk|Perl|...]; why does the world need another programming language?!", while a few others are thinking "Cool, a new language to explore".

January 04, 2002 04:01 Debian: uncontrolled program execution in Exim

Patrice Fournier discovered a bug in all versions of Exim older than Exim 3.34 and Exim 3.952. The Exim maintainer, Philip Hazel, writes about this issue: "The problem exists only in the case of a run time configuration which directs or routes an address to a pipe transport without checking the local part of the address in any way. This does not apply, for example, to pipes run from alias or forward files, because the local part is checked to ensure that it is the name of an alias or of a local user. The bug's effect is that, instead of obeying the correct pipe command, a broken Exim runs the command encoded in the local part of the address." Fixed packages are available from

Project Spotlight


A JMX remoting alternative to JSR-160 connectors.


Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.