LXer Weekly Security Roundup - Apr 05, 2004 to Apr 12, 2004

Posted by dave on Apr 12, 2004 4:03 AM EDT
Dave Whitinger
Mail this story
Print this story

There were 22 security alerts issued last week:
  • 4 from Debian
  • 12 from Gentoo
  • 2 from Mandrake
  • 4 from OpenPKG

Debian: New heimdal packages fix cross-realm vulnerability
Apr 6, 2004 4:31 PM
"a cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path."

Debian: New Linux 2.4.18 packages fix several local root exploits (hppa)
Apr 5, 2004 12:49 PM
Several local root exploits have been discovered recently in the Linux kernel. This security advisory updates the PA-RISC kernel 2.4.18 for Debian GNU/Linux.

Debian: New tcpdump packages fix denial of service
Apr 7, 2004 12:52 AM
tcpdump, a tool for network monitoring and data acquisition, was found to contain two vulnerabilities whereby tcpdump could be caused to crash through attempts to read from invalid memory locations. This bug is triggered by certain invalid ISAKMP packets.

Debian: New xine-ui packages fix insecure temporary file creation
Apr 6, 2004 6:26 PM
Shaun Colley discovered a problem in xine-ui, the xine video player user interface. A script contained in the package to possibly remedy a problem or report a bug does not create temporary files in a secure fashion. This could allow a local attacker to overwrite files with the privileges of the user invoking xine.

Gentoo: ClamAV RAR Archive Remote Denial Of Service Vulnerability
Apr 7, 2004 6:25 PM
"Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. Most importantly, the virus database is kept up to date."

Gentoo: Cross-realm trust vulnerability in Heimdal
Apr 9, 2004 12:15 PM
Heimdal contains cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path.

Gentoo: GNU Automake symbolic link vulnerability
Apr 8, 2004 2:19 PM
Automake may be vulnerable to a symbolic link attack which may allow an attacker to modify data or elevate their privileges.

Gentoo: Insecure sandbox temporary lockfile vulnerabilities in Portage
Apr 6, 2004 4:17 PM
A flaw has been found in the temporary file handling algorithms for the sandboxing code used within Portage. Lockfiles created during normal Portage operation of portage could be manipulated by local users resulting in the truncation of hard linked files; causing a Denial of Service attack on the system.

Gentoo: iproute local Denial of Service Vulnerability
Apr 9, 2004 12:15 PM
The iproute package allows local users to cause a denial of service.

Gentoo: ipsec-tools contains an X.509 certificates vulnerability
Apr 7, 2004 3:02 PM
ipsec-tools contains a vulnerability that affects connections authenticated with X.509 certificates.

Gentoo: KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability
Apr 6, 2004 6:26 PM
KDE-PIM may be vulnerable to a remote buffer overflow attack that may allow unauthorized access to an affected system.

Gentoo: Multiple Vulnerabilities in pwlib
Apr 9, 2004 1:28 PM
Multiple vulnerabilites have been found in pwlib that may lead to a remote denial of service or buffer overflow attack.

Gentoo: Multiple vulnerabilities in sysstat
Apr 7, 2004 2:08 PM
Multiple vulnerabilities in the way sysstat handles symlinks may allow an attacker to execute arbitrary code or overwrite arbitrary files.

Gentoo: Scorched 3D server chat box format string vulnerability
Apr 9, 2004 1:41 PM
Scorched 3D is vulnerable to a format string attack in the chat box that leads to Denial of Service on the game server and possibly allows execution of arbitrary code.

Gentoo: Tcpdump Vulnerabilities in ISAKMP Parsing
Apr 6, 2004 8:35 PM
There are multiple vulnerabilities in tcpdump and libpcap related to parsing of ISAKMP packets.

Gentoo: Util-linux login may leak sensitive data
Apr 7, 2004 6:25 PM
The login program included in util-linux could leak sensitive information under certain conditions.

Mandrake: Updated ipsec-tools packages fix vulnerability in racoon
Apr 9, 2004 12:25 PM
A very serious security flaw was discovered by Ralf Spenneberg in racoon, the IKE daemon of the KAME-tools. Racoon does not very the RSA signature during phase one of a connection using either main or aggressive mode. Only the certificate of the client is verified, the certificate is not used to verify the client's signature.

Mandrake: Updated mplayer packages fix remotely exploitable vulnerability
Apr 6, 2004 12:40 AM
A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header ("Location:"), and trick MPlayer into executing arbitrary code upon parsing that header.

OpenPKG: OpenPKG Security Advisory (fetchmail)
Apr 8, 2004 3:48 PM
According to a Mandrake Linux security advisory [0], a denial of service (DoS) vulnerability exists in the header rewriting code of Fetchmail [1]. The code's intention is to hack message headers so replies work properly. However, logic in the reply_hack() function fails to allocate enough memory for long lines and may write past a memory boundary. This could allow an attacker to cause a denial of service by sending a specially crafted email and crashing fetchmail. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2003-0792 [2] to the problem.

OpenPKG: OpenPKG Security Advisory (mc)
Apr 5, 2004 2:37 PM
According to a message from Ilya Teterin posted on Bugtraq [0], the Midnight Commander application [1] uses a uninitialized buffer to handle symlinks in VFS. This allows attackers to execute arbitrary code during symlink conversion. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2003-1023 [2] to the problem.

OpenPKG: OpenPKG Security Advisory (sharutils)
Apr 7, 2004 9:28 PM
According to a posting on Bugtraq [1], Shaun Colley discovered and researched a stack-based buffer overflow vulnerability which exists in the GNU Sharutils [2] due to lack of bounds checking when handling the '-o' command-line option.

OpenPKG: OpenPKG Security Advisory (tcpdump)
Apr 7, 2004 9:28 PM
According to a security advisory published by Rapid7 [0], two vulnerabilities exists in the ISAKMP packet display functions of tcpdump [1]. The Common Vulnerabilities and Exposures (CVE) project has reviewed both problems. CAN-2004-0183 [2] identifies an overflow when displaying ISAKMP delete payloads with large number of SPIs, while CAN-2004-0184 [3] identifies an integer underflow when displaying ISAKMP identification payload. These vulnerabilities appear only when verbose packet display is enabled by running tcpdump with the -v option.

» Read more about: Story Type: Roundups

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.