Showing headlines posted by dave

A bug in versions of CUPS prior to 1.1.19 was reported by Paul Mitcheson in the Internet Printing Protocol (IPP) implementation would result in CUPS going into a busy loop, which could result in a Denial of Service (DoS) condition. To be able to exploit this problem, an attacker would need to be able to make a TCP connection to the IPP port (port 631 by default).

Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix local vulnerabilities that could allow users who can create or edit Apache config files to gain additional privileges. Sites running Apache should upgrade to the new packages.

A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess or httpd.conf) in order to exploit these problems.

Two bugs were discovered that lead to a buffer overflow in PostgreSQL versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type (ADT) to ASCII conversion functions. It is believed that, under the right circumstances, an attacker may use this vulnerability to execute arbitrary instructions on the PostgreSQL server.

Updated CUPS packages that fix a problem where CUPS can hang are now available.

Updated fileutils and coreutils packages that close a potential denial of service vulnerability are now available.

Updated CUPS packages that fix a problem where CUPS can hang are now available.

Two vulnerabilities were found in the "tiny" web-server thttpd. The first bug is a buffer overflow that can be exploited remotely to overwrite the EBP register of the stack. Due to memory-alignment of the stack done by gcc 3.x this bug can not be exploited. All thttpd versions mentioned in this advisory are compiled with gcc 3.x and are therefore not exploitable. The other bug occurs in the virtual-hosting code of thttpd. A remote attacker can bypass the virtual-hosting mechanism to read arbitrary files.

Several vulnerabilities have been discovered in thttpd, a tiny HTTP server.

Past couple of weeks have been pretty interesting.

Upgraded fetchmail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix a vulnerability where a specially crafted email could crash fetchmail, preventing the user from downloading or forwarding their email.

GDM is the GNOME Display Manager, and is commonly used to provide a graphical login for local users.

A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write() call in mod_cgi.

A bug was discovered in fetchmail 6.2.4 where a specially crafted email message can cause fetchmail to crash.

Two vulnerabilities were discovered in gdm by Jarno Gassenbauer that would allow a local attacker to cause gdm to crash or freeze.

Aldrin Martoq has discovered a denial of service (DoS) vulnerability in Apache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat's HTTP connector makes Tomcat reject further requests on this port until it is restarted.

Mozilla Links is now being translated into Italian, German and Dutch, making Mozilla Links available in five different languages.

Steve Henson of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code that were discovered after running a test suite by British National Infrastructure Security Coordination Centre (NISCC).

Several vulnerabilities were discovered in the saned daemon, a part of the sane package, which allows for a scanner to be used remotely. The IP address of the remote host is only checked after the first communication occurs, which causes the saned.conf restrictions to be ignored for the first connection. As well, a connection that is dropped early can cause Denial of Service issues due to a number of differing factors. Finally, a lack of error checking can cause various other unfavourable actions.

Updated MySQL server packages fix a buffer overflow vulnerability.