Showing all newswire headlines

Two security problems exist in the netscape package as shipped with SuSE Linux distributions. a) Improper verification in Netscape's jpeg processing code can lead to a buffer overflow where data read from the network can overwrite memory. As a result, arbitrary code from a remote origin could be executed. The attack is particularly dangerous since it can penetrate firewall setups. Netscape version 4.74 fixes (fixed) this vulnerability. b) Due to an error in the java implementation in Netscape, it is possible for an attacker to view files and directories with the priviledges of the user running Netscape if the user visits a malisciously crafted webpage. This issue is known as "Brown Orifice" and requires the user to have Java enabled in her browser configuration. Again, this attack can penetrate firewall setups. See http://www.brumleve.com/BrownOrifice for details.

On versions of Zope prior to 2.2.1 it was possible for a user with the ability to edit DTML to gain unauthorized access to extra roles during a request. A fix was previously announced in the Debian zope package 2.1.6-5.1, but that package did not fully address the issue and has been superseded by this announcement. More information is available at http://www.zope.org/Products/Zope/Hotfix_2000-08-17/security_alert

New Netscape packages are available to fix a serious security problem with Java. It is recommended that all netscape users update to the new packages. Users of Red Hat Linux 6.0 and 6.1 should use the packages for Red Hat Linux 6.

Updated perl and mailx package are now available which fix a potential exploit made possible by incorrect assumptions made in suidperl. This advisory contains additional instructions for installing the necessary updates.

Vulnerabilities exist with all Zope-

There is a format string bug in all versions of xlockmore/xlockmore-gl. Debian 2.1 (slink) installs xlock setgid by default, and this exploit can be used to gain read access to the shadow file. We recommend upgrading immediately.

On versions of Zope prior to 2.2beta1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request.

Updated usermode packages are now available for Red Hat Linux 6.0, 6.1, and 6.

Vulnerabilities exist with all Zope-

suidperl is the perl interpreter for suid perl scripts, a part of the perl package. A maliciously implemented feature causes the interpreter to spawn the /bin/mail program to inform the superuser of its usage, thereby passing on untrusted environment that causes /bin/mail to execute arbitrary commands as user root.

Due to incorrect string parsing in the code, a remote attacker could gain root priviledges on the machine running the vulnerable rpc.kstatd.

Updated perl and mailx package are now available which fix a potential exploit made possible by incorrect assumptions made in suidperl. This advisory contains additional instructions for installing the necessary updates.

mailx is a often used by other programs to send email. Unfortunately mailx as distributed in Debian GNU/Linux 2.1 has some features that made it possible to execute system commands if a user can trick a privileged program to send email using /usr/bin/mail.

A buffer overflow has been discovered in all releases of mopd-linux included in the 6.0, 6.1, and 6.2 releases of Powertools.

The version of ntop which was included in Red Hat Powertools 6.2 has a remote exploit in which arbitrary files can be read on the host machine.

New umb-scheme packages are available for Red Hat Linux 6.2 that fix a problem with file permissions.

Updated perl and mailx package are now available which fix a potential exploit made possible by incorrect assumptions made in suidperl.

This notice addresses the latest security advisories from various Linux Vendors as well as private contributors.

The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2 (potato) are vulnerable to a root exploit. The OpenBSD team reports that the client inappropriately executes commands embedded in replies sent from a dhcp server. This means that a malicious dhcp server can execute commands on the client with root privilages. A previous Debian security advisory addressed this issue with package versions 2.0b1pl6-0.3 and 2.0-3potato1, but ISC has released a newer patch since the original advisory. You should install the latest packages even if you upgraded when the last advisory was released.

The version of userv that was distributed with Debian GNU/Linux 2.1 / slink had a problem in the fd swapping algorithm: it could sometimes make an out-of-bounds array reference. It might be possible for local users to abuse this to carry out unauthorised actions or be able to take control for service user accounts.