Showing headlines posted by dave

A bug was discovered in the getgrouplist function in glibc that can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segementation faults in various user applications, some of which may lead to additional security problems. The problem can only be triggered if the user is in a larger number of groups than expected by an application.

Updated XFree86 packages for Red Hat Linux 9 provide security fixes to font libraries and XDM.

The sane (Scanner Access Now Easy) package provides access to scanners either locally or remotely over the network.

A security-related problem has been discovered in minimalist, a mailing list manager, which allows a remote attacker to execute arbitrary commands.

The SuSE Security Team discovered several exploitable formats string vulnerabilities in hylafax, a flexible client/server fax system, which could lead to executing arbitrary code as root on the fax server.

Herbert Xu reported that various applications can accept spoofed messages sent on the kernel netlink interface by other users on the local machine. This could lead to a local denial of service attack. The glibc function getifaddrs uses netlink and could therefore be vulnerable to this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0859 to this issue.

Updated glibc packages that resolve vulnerabilities and address several bugs are now available.

Updated zebra packages that close a locally-exploitable and a remotely-exploitable denial of service vulnerability are now available.

Updated PostgreSQL packages that correct a buffer overflow in the to_ascii routines are now available.

A memory starvation denial of service vulnerability in the ls program was discovered by Georgi Guninski. It is possible to allocate a huge amount of memory by specifying certain command-line arguments. It is also possible to exploit this remotely via programs that call ls such as wu-ftpd (although wu-ftpd is no longer shipped with Mandrake Linux).

Updated glibc packages that resolve vulnerabilities and address several bugs are now available.

On our last issue we asked which e-mail application (client) you used to read this newsletter. A surprising 20% of respondants said they use another e-mail client besides Mozilla, Microsoft Outlook, Opera and Eudora and I wonder which could it be. So if you answer or use another e-mail application, let us know which is it, and we will share those names with other readers.

Steve Kemp discovered a buffer overflow in the commandline and environment variable handling of omega-rpg, a text-based rogue-style game of dungeon exploration, which could lead a local attacker to gain unauthorised access to the group games.

During a code review of the hfaxd server, part of the hylafax package, the SuSE Security Team discovered a format bug condition that allows remote attackers to execute arbitrary code as the root user. Updated packages have been patched to correct the problem.

Updated Ethereal packages that fix a number of exploitable security issues are now available.

Hylafax is an Open Source fax server which allows sharing of fax equipment among computers by offering its service to clients by a protocol similar to http://FTP. The SuSE Security Team found a format bug condition during a code review of the hfaxd server. It allows remote attackers to execute arbitrary code as root. However, the bug can not be triggered in hylafax' default configuration.

Jeremy Nelson discovered a remotely exploitable buffer overflow in EPIC4, a popular client for Internet Relay Chat (IRC). A malicious server could craft a reply which triggers the client to allocate a negative amount of memory. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.

Steve Kemp discovered a buffer overflow in the environment variable handling of conquest, a curses based, real-time, multi-player space warfare game, which could lead a local attacker to gain unauthorised access to the group conquest.

Tom Lane discovered a buffer overflow in the to_ascii function in PostgreSQL. This allows remote attackers to execute arbitrary code on the host running the database.

The Fedora Project is a Red Hat-sponsored and community-supported open source project that promotes rapid development of innovative open source software through a collaborative, community effort.