LXer Weekly Security Roundup - Mar 8, 2004 to Mar 15, 2004

Posted by dave on Mar 15, 2004 3:20 AM EDT
Dave Whitinger
Mail this story
Print this story

There were 16 security alerts issued last week:
  • 7 from Debian
  • 4 from Mandrake
  • 2 from OpenPKG
  • 3 from Red Hat

Debian: New calife packages fix buffer overflow
Mar 11, 2004 5:14 PM
Calife, a program which provides super user privileges to specific users, was found to contain a buffer overflow related to the getpass(3) library function. A local attacker could potentially exploit this vulnerability, given knowledge of a local user's password and the presence of at least one entry in /etc/calife.auth, to execute arbitrary code with root privileges.

Debian: New kdelibs, kdelibs-crypto packages fix cookie traversal bug
Mar 10, 2004 10:21 PM
A vulnerability was discovered in KDE where the path restrictions on cookies could be bypassed using encoded relative path components (e.g., "/../"). This means that a cookie which should only be sent by the browser to an application running at /app1, the browser could inadvertently include it with a request sent to /app2 on the same server.

Debian: New python2.2 packages fix buffer overflow
Mar 10, 2004 12:27 PM
Sebastian Schmidt discovered a buffer overflow bug in Python's getaddrinfo function, which could allow an IPv6 address, supplied by a remote attacker via DNS, to overwrite memory on the stack.

Debian: New samba packages fix privilege escalation in smbmnt
Mar 13, 2004 5:06 AM
Samba was found to contain a vulnerability whereby a local user could use the "smbmnt" utility, which is setuid root, to mount a file share from a remote server which contained setuid programs under the control of the user. These programs could then be executed to gain privileges on the local system.

Debian: New sysstat packages fix insecure temporary file creation
Mar 10, 2004 10:25 PM
Alan Cox discovered that the isag utility (which graphically displays data collected by the sysstat tools), creates a temporary file without taking proper precautions. This vulnerability could allow a local attacker to overwrite files with the privileges of the user invoking isag.

Debian: New wu-ftpd packages fix multiple vulnerabilities
Mar 9, 2004 12:55 PM
Two vulnerabilities were discovered in wu-ftpd

Debian: New xitalk packages fix local group utmp exploit
Mar 12, 2004 2:36 PM
Steve Kemp from the GNU/Linux audit project discovered a problem in xitalk, a talk intercept utility for the X Window System. A local user can exploit this problem and execute arbitrary commands under the GID utmp. This could be used by an attacker to remove traces from the utmp file.

Mandrake: Updated gdk-pixbuf packages fix BMP-handling vulnerability
Mar 10, 2004 4:48 PM
A vulnerability in gdk-pixbuf versions before 0.20 exists that could allow a malicious BMP file to crash the Evolution mail client. The updated packages have been patched to use gdk-pixbuf 0.22.0's BMP- handling code.

Mandrake: Updated kdelibs packages fix cookie theft vulnerability
Mar 10, 2004 5:28 PM
Corsaire discovered that a number of HTTP user agents contained a flaw in how they handle cookies. This flaw could allow an attacker to avoid the path restrictions specified by a cookie's originator.

Mandrake: Updated mozilla packages fix multiple vulnerabilities
Mar 10, 2004 5:28 PM
A number of vulnerabilities were discovered in Mozilla 1.4.

Mandrake: Updated python packages fix buffer overflow vulnerability
Mar 10, 2004 12:29 PM
A buffer overflow in python 2.2's getaddrinfo() function was discovered by Sebastian Schmidt.

OpenPKG: OpenPKG Security Advisory (mutt)
Mar 9, 2004 3:12 PM
According to a posting on Bugtraq [0], a buffer overflow exists in the mail user agent Mutt [1]. It can be triggered by incoming messages and there are reports about spam that has actually triggered this problem and crashed Mutt. The bug was reported to Red Hat by Niels Heinen. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2004-0078 [2] to the problem.

OpenPKG: OpenPKG Security Advisory (uudeview)
Mar 12, 2004 3:26 PM
Alerted by a posting on Bugtraq [1] the UUDeview [2] package was reviewed. It was found that 0.5.19 and later contains a bug which leads to failure retrieving the filename during decode. All versions suffered from insecure temporary file handling. Version 0.5.20 contains bug fixes for the parsing of header lines, exact handling of maximum line length and fixes for two buffer overflows which needed backporting. The corected packages listed above remedy all of these problems.

Red Hat: Updated gdk-pixbuf packages fix denial of service vulnerability
Mar 10, 2004 3:05 PM
Updated gdk-pixbuf packages that fix a denial of service vulnerability that could affect applications such as Evolution are now available.

Red Hat: Updated kdelibs packages resolve cookie security issue
Mar 10, 2004 3:05 PM
Updated kdelibs packages that fix a flaw in cookie path handling are now available.

Red Hat: Updated sysstat packages fix security vulnerabilities
Mar 10, 2004 3:05 PM
Updated sysstat packages that fix various bugs and a minor security issue are now available.

» Read more about: Story Type: Roundups

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.