Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 5522 5523 5524 5525 5526 5527 5528 5529 5530 5531 ... 5532 ) Next »

SuSE alert: traceroute

  • Mailing list (Posted by dave on Oct 16, 2000 6:16 AM EDT)
  • Story Type: Security; Groups: SUSE
The security problem in the traceroute program as shipped with SuSE Linux distributions is completely different from the one reported on security mailing lists a few days ago (`traceroute -g 1 -g 1') by Pekka Savola <pekkas@netcore.fi>. SuSE distributions do not contain this particular traceroute implementation. The problem in our traceroute was discovered independently and reported to us by H D Moore <hdm@secureaustin.com>. The problem in the implementation of traceroute that we ship is a format string parsing bug in a routine that can be used to terminate a line in traceroute's output to easily embed the program in cgi scripts as used for web frontends for traceroute. Using a specially crafted sequence of characters on the commandline, it is possile to trick the traceroute program into running arbitrary code as root.

SuSE alert: gnorpm

  • Mailing list (Posted by dave on Oct 16, 2000 6:00 AM EDT)
  • Story Type: Security; Groups: SUSE
gnorpm is a graphical user interface to the rpm subsystem for the gnome desktop.

Debian alert: New version of Debian php3 packages released (updated)

  • Mailing list (Posted by dave on Oct 13, 2000 11:46 PM EDT)
  • Story Type: Security; Groups: Debian
[Updated version: corrected URLs]

Debian alert: New version of Debian php4 packages released (updated)

  • Mailing list (Posted by dave on Oct 13, 2000 11:46 PM EDT)
  • Story Type: Security; Groups: Debian
[Updated version: corrected URLs]

Debian alert: New version of Debian php4 packages released

  • Mailing list (Posted by dave on Oct 13, 2000 11:36 PM EDT)
  • Story Type: Security; Groups: Debian
In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the web server.

Debian alert: New version of Debian php3 packages released

  • Mailing list (Posted by dave on Oct 13, 2000 10:44 PM EDT)
  • Story Type: Security; Groups: Debian
In versions of the PHP 3 packages before version 3.0.17, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the web server, particularly if error logging was enabled.

Debian alert: New version of nis released

  • Mailing list (Posted by dave on Oct 13, 2000 5:03 PM EDT)
  • Story Type: Security; Groups: Debian
The version of nis as distributed in Debian GNU/Linux 2.1 and 2.2 contains an ypbind package with a security problem.

Debian alert: New version of curl fixes buffer overflow (update)

  • Mailing list (Posted by dave on Oct 13, 2000 2:26 PM EDT)
  • Story Type: Security; Groups: Debian
The first release of this advisory listed a wrongly compiled curl package for i386; this has been replaced with version 6.0-1.1.1 .

Debian alert: New version of curl fixes buffer overflow

  • Mailing list (Posted by dave on Oct 13, 2000 8:56 AM EDT)
  • Story Type: Security; Groups: Debian
The version of curl as distributed with Debian GNU/Linux 2.2 had a bug in the error logging code: when it created an error message it failed to check the size of the buffer allocated for storing the message. This could be exploited by the remote machine by returning an invalid response to a request from curl which overflows the error buffer and trick curl into executing arbitrary code.

Debian alert: New versions of Debian traceroute packages

  • Mailing list (Posted by dave on Oct 12, 2000 9:02 PM EDT)
  • Story Type: Security; Groups: Debian
In versions of the traceroute package before 1.4a5-3, it is possible for a local user to gain root access by exploiting an argument parsing error.

SuSE alert: cfengine

  • Mailing list (Posted by dave on Oct 11, 2000 9:22 AM EDT)
  • Story Type: Security; Groups: SUSE
GNU cfengine is an abstract programming language for system administrators of large heterogeneous networks, used for maintenance and administration. Pekka Savola <pekkas@netcore.fi> has found several format string vulnerabilities in syslog() calls that can be abused to either make the cfengine program to segfault and die or to execute arbitrary commands as the user the cfengine process runs as (usually root).

SuSE alert: esound

  • Mailing list (Posted by dave on Oct 11, 2000 9:08 AM EDT)
  • Story Type: Security; Groups: SUSE
esound, a daemon program for the Gnome desktop, is used for sound replay by various programs such as windowmanagers and other applications. The esound daemon creates a directory /tmp/.esd to host a unix domain socket. Upon startup, the daemon changes the modes of the socket, but a race condition allows an attacker to place a symlink into the directory to point to an arbitrary file belonging to the victim. By consequence, an attacker may be able to change the permissions of any file belonging to the victim. If the victim's userid is root, the attacker may be able to change the modes of any file in the system.

Red Hat alert: Updated gnorpm packages are available for Red Hat Linux 6.1, 6.2, and 7.0

  • Mailing list (Posted by dave on Oct 11, 2000 7:44 AM EDT)
  • Story Type: Security; Groups: Red Hat
A locally-exploitable security hole was found where a normal user could trick root running GnoRPM into writing to arbitrary files due to a bug in the gnorpm tmp file handling.

Debian alert: New versions of Boa packages available

  • Mailing list (Posted by dave on Oct 9, 2000 11:42 AM EDT)
  • Story Type: Security; Groups: Debian
In versions of boa before 0.94.8.3, it is possible to access files outside of the server's document root by the use of properly constructed URL requests.

Debian alert: Debian esound packages not affected by /tmp/.esd race condition

  • Mailing list (Posted by dave on Oct 9, 2000 10:55 AM EDT)
  • Story Type: Security; Groups: Debian
Linux-Mandrake has recently released a Security Advisory (MDKSA-2000:051) covering a race condition in the esound. Debian is not affected by this bug; the bug is specific to the unix domain socket support, which was turned off in stable (2.2/potato) and unstable (woody) on February 16, 2000. Therefore neither the current stable or unstable distribution of Debian is vulnerable to this problem. Debian 2.1 (aka "slink") is also not vulnerable to this problem; the version of esound in Debian 2.1 is 0.2.6, which predates the buggy unix domain socket code.

Red Hat alert: Updated usermode packages available

  • Mailing list (Posted by dave on Oct 9, 2000 10:23 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated usermode packages are now available for Red Hat Linux 6.x and 7.

Red Hat alert: tmpwatch has a local denial of service and root exploit

  • Mailing list (Posted by dave on Oct 6, 2000 2:01 PM EDT)
  • Story Type: Security; Groups: Red Hat
tmpwatch as shipped in Red Hat Linux 6.1, 6.2, and 7.0 uses fork() to recursively process subdirectories, enabling a local user to perform a denial of service attack. Tmpwatch from Red Hat Linux 6.2 and 7.0 also contains an option to allow it to use the fuser command to check for open files before removal. It executed fuser in an insecure fashion, allowing a local root exploit.

Red Hat alert: traceroute setuid root exploit with multiple -g options

  • Mailing list (Posted by dave on Oct 6, 2000 1:21 PM EDT)
  • Story Type: Security; Groups: Red Hat
a root exploit and several additional bugs in traceroute have been corrected.

Red Hat alert: esound contains a race condition

  • Mailing list (Posted by dave on Oct 6, 2000 1:13 PM EDT)
  • Story Type: Security; Groups: Red Hat
Esound, the Gnome sound server, contains a race condition that a malicious user could exploit to change permissions of any file owned by the esound user.

Red Hat alert: lpr has a format string security bug, LPRng compat issues, and a race cond.

  • Mailing list (Posted by dave on Oct 4, 2000 1:52 PM EDT)
  • Story Type: Security; Groups: Red Hat
lpr has a format string security bug. It also mishandles any extension to the lpd communication protocol, and assumes that the instructions contained in the extension are a file it should try to print. It also has a race condition in the handling of queue interactions that can cause the queue to wedge. Note: Packages indicated in revision -03 and earlier were not signed with the Red Hat GPG key. This has been corrected.

« Previous ( 1 ... 5522 5523 5524 5525 5526 5527 5528 5529 5530 5531 ... 5532 ) Next »