LXer Weekly Security Roundup - Feb 23, 2004 to Mar 01, 2004

Posted by dave on Mar 1, 2004 3:23 AM EDT
Dave Whitinger
Mail this story
Print this story

There were 15 security alerts issued last week:
  • 5 from Debian
  • 1 from Fedora
  • 1 from Immunix
  • 3 from Mandrake
  • 1 from Mozilla
  • 2 from Red Hat
  • 1 from SUSE
  • 1 from Trustix

Debian: New hsftp packages fix format string vulnerability
Feb 23, 2004 1:20 PM
During an audit, Ulf Harnhammar discovered a format string vulnerability in hsftp. This vulnerability could be exploited by an attacker able to create files on a remote server with carefully crafted names, to which a user would connect using hsftp. When the user requests a directory listing, particular bytes in memory could be overwritten, potentially allowing arbitrary code to be executed with the privileges of the user invoking hsftp.

Debian: New Linux 2.4.19 packages fix several local root exploits (mips)
Feb 27, 2004 1:23 PM
An integer overflow in brk() system call (do_brk() function) for Linux allows a local attacker to gain root privileges. Fixed upstream in Linux 2.4.23.

Debian: New metamail packages fix arbitrary code execution
Feb 24, 2004 12:47 PM
Ulf Härnhammar discovered two format string bugs (CAN-2004-0104) and two buffer overflow bugs (CAN-2004-0105) in metamail, an implementation of MIME. An attacker could create a carefully-crafted mail message which will execute arbitrary code as the victim when it is opened and parsed through metamail.

Debian: New pwlib packages fix multiple vulnerabilities
Feb 23, 2004 1:20 PM
Multiple vulnerabilities were discovered in pwlib, a library used to aid in writing portable applications, whereby a remote attacker could cause a denial of service or potentially execute arbitrary code. This library is most notably used in several applications implementing the H.323 teleconferencing protocol, including the OpenH323 suite, gnomemeeting and asterisk.

Debian: New xboing packages fix buffer overflows
Feb 27, 2004 10:28 PM
Steve Kemp discovered a number of buffer overflow vulnerabilities in xboing, a game, which could be exploited by a local attacker to gain gid "games".

Fedora: libxml2 2.6.6
Feb 25, 2004 10:26 PM
Updated libxml2 packages are available to fix an overflow when parsing the URI for remote resources.

Immunix: Immunix Secured OS 7+ kernel update
Feb 26, 2004 8:52 PM
Paul Starzetz and Wojciech Purczynski report finding a flaw in the mremap(2) system call due to a missing function return value check. While they found the flaw on the 2.4 series of Linux kernels, the 2.2 series of Linux kernels is also vulnerable to the same problem.

Mandrake: Updated kernel packages [2.4.24] fix multiple vulnerabilities
Feb 24, 2004 4:42 PM
Paul Staretz discovered a flaw in return value checking in the mremap() function in the Linux kernel, versions 2.4.24 and previous that could allow a local user to obtain root privileges.

Mandrake: Updated mtools packages fix local root vulnerability
Feb 25, 2004 4:49 PM
Sebastian Krahmer found that the mformat program, when installed suid root, can create any file with 0666 permissions as root, and that it also does not drop privileges when reading local configuration files. The updated packages remove the suid bit from mformat.

Mandrake: Updated x86_64 kernel packages fix multiple vulnerabilities
Feb 26, 2004 1:36 AM
Paul Staretz discovered a flaw in return value checking in the mremap() function in the Linux kernel, versions 2.4.24 and previous that could allow a local user to obtain root privileges.

Feb 29, 2004 2:00 PM
roseman wrote in to tell us about a cross-site scripting vulnerability in Mozilla, which was discovered and fixed in December last year. An advisory from Secunia refers to the flaw as "Less critical", while a SecurityTracker note gives more precise details of the bug, which could allow a malicious site to read another site's cookies or access other data recently submitted by the user.

Red Hat: Updated libxml2 packages fix security vulnerability
Feb 26, 2004 12:31 PM
Updated libxml2 packages that fix an overflow when parsing remote resources are now available.

Red Hat: Updated mod_python packages fix denial of service vulnerability
Feb 26, 2004 12:31 PM
Updated mod_python packages that fix a denial of service vulnerability are now available for Red Hat Linux.

SUSE: xf86/XFree86 (SuSE-SA:2004:006)
Feb 23, 2004 4:45 PM
Several buffer overflows were found in the fontfile code that handles a user-supplied "fonts.alias" file. The file is processed with root privileges and therefore a successful exploitation of these bugs leads to local root access. There is no known workaround.

Trustix: kernel 2.2.25
Feb 23, 2004 2:57 PM
A hole was discovered in the mremap. Through this hole, it is possible for anyone with a local account on the system to gain root privileges. See CAN-2004-0077 for additional details. This is the kernel 2.2.25 counterpart to the security hole fixed in TSLSA-2004-0007.

» Read more about: Groups: Kernel, Debian, LXer, Fedora, Immunix, Red Hat, SUSE, Trustix, PHP, Mozilla; Story Type: News Story

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.