Showing all newswire headlines

With older versions of jazip a user could gain root access for members of the floppy group to the local machine. The interface doesn't run as root anymore and this very exploit was prevented. The program now also truncates DISPLAY to 256 characters if it is bigger, which closes the buffer overflow (within xforms).

Security people at WireX have noticed a temp file creation bug and the WU-FTPD development team has found a possible format string bug in wu-ftpd. Both could be remotely exploited, though no such exploit exists currently.

Versions of sash prior to 3.4-4 did not clone /etc/shadow properly which lead into readable files for anybody. This was fixed by the Debian maintainer.

It was reported recently that splitvt is vulnerable to numerous buffer overflow attack and a format string attack. An attacker was able to gain access to the tty group.

Nicolas Gregoire has reported a buffer overflow in the mysql server that leads to a remote exploit. An attacker could gain mysqld privileges (and thus gaining access to all the databases).

PkC has reported that there is a buffer overflow in sprintf() in micq versions 0.4.6, that allows to a remote attacker able to sniff packets to the ICQ server to execute arbitrary code on the victim system.

A bug in GNU C Library allows unprivileged user to preload libraries located in /lib or /usr/lib directories into SUID programs even if those libraries have not been marked as such by system administrator.

A couple of bugs in GNU C library

A couple of bugs in GNU C library

glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLV_HOST_CONF environment variable to the name of the file that they wish to read, then runs any setuid root program that makes use of that variable. The file is then written to stderr.

Immunix reports that mgetty does not create temporary files in a secure manner, which could lead to a symlink attack. This has been corrected in mgetty 1.1.21-3potato1

Two bugs in GnuPG have recently been found:

Lez discovered a format string problem in stunnel (a tool to create Universal SSL tunnel for other network daemons). Brian Hatch responded by stating he was already preparing a new release with multiple security fixes:

Matt Kraai reported that he found a problem in the way dialog creates lock-files: it did not create them safely which made it susceptible to a symlink attack.

Updated stunnel packages are available for Red Hat Linux 7.

A new Zope Hotfix package is available.

Updated rp-pppoe packages fixing a denial of service attack are available.(Patch from the rp-pppoe author, David F. Skoll )

A busy week for the Zope team: on Monday another security alert was released revealing a potential problem found by Peter Kelly. This problem involved incorrect protection of data updating for Image and File objects: any user with DTML editing privileges could update the File or Image object data directly.

Updated gnupg packages are now available for Red Hat Linux 6.x and 7.

Updated stunnel packages are now available for Red Hat Linux 7.