Showing headlines posted by dave

« Previous ( 1 ... 521 522 523 524 525 526 527 528 529 530 531 ... 595 ) Next »

Debian alert: New mah-jong packages fix buffer overflows, denial of service

  • Mailing list (Posted by dave on Sep 7, 2003 2:48 PM EDT)
  • Story Type: Security; Groups: Debian
Nicolas Boullis discovered two vulnerabilities in mah-jong, a network-enabled game.

Debian alert: New exim packages fix incorrect permissions on documentation

  • Mailing list (Posted by dave on Sep 7, 2003 7:54 AM EDT)
  • Story Type: Security; Groups: Debian
A buffer overflow exists in exim, which is the standard mail transport agent in Debian. By supplying a specially crafted HELO or EHLO command, an attacker could cause a constant string to be written past the end of a buffer allocated on the heap. This vulnerability is not believed at this time to be exploitable to execute arbitrary code.

Debian alert: New wu-ftpd packages fix insecure program execution

  • Mailing list (Posted by dave on Sep 4, 2003 5:03 PM EDT)
  • Story Type: Security; Groups: Debian
wu-ftpd, an FTP server, implements a feature whereby multiple files can be fetched in the form of a dynamically constructed archive file, such as a tar archive. The names of the files to be included are passed as command line arguments to tar, without protection against them being interpreted as command-line options. GNU tar supports several command line options which can be abused, by means of this vulnerability, to execute arbitrary programs with the privileges of the wu-ftpd process.

Debian alert: New exim, exim-tls packages fix buffer overflow

  • Mailing list (Posted by dave on Sep 4, 2003 3:34 PM EDT)
  • Story Type: Security; Groups: Debian
A buffer overflow exists in exim, which is the standard mail transport agent in Debian. By supplying a specially crafted HELO or EHLO command, an attacker could cause a constant string to be written past the end of a buffer allocated on the heap. This vulnerability is not believed at this time to be exploitable to execute arbitrary code.

Red Hat alert: Updated httpd packages fix Apache security vulnerabilities

  • Mailing list (Posted by dave on Sep 3, 2003 11:41 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated httpd packages that fix several minor security issues are now available for Red Hat Linux 8.0 and 9.

SuSE alert: pam_smb

  • Mailing list (Posted by dave on Sep 3, 2003 7:47 AM EDT)
  • Story Type: Security; Groups: SUSE
The PAM module (and server) pam_smb allows users of Linux systems to be authenticated by querying an NT server. Dave Airlie <airlied@samba.org> informed us about a bug in the authentication code of pam_smb that allows a remote attacker to gain access to a system using pam_smb by issuing a too long password string.

Mandrake alert: Updated pam_ldap packages fix vulnerability with pam filtering

A bug was fixed in pam_ldap 162 with the pam_filter mechanism which is commonly used for host-based access restriction in environments using LDAP for authentication. Mandrake Linux 9.1 provided pam_ldap 161 which had this problem and as a result, systems relying on pam_filter for host-based access restriction would allow any user, regardless of the host attribute associated with their account, to log into the system. All users who use LDAP-based authentication are encouraged to upgrade immediately.

Mozilla Links Newsletter - 1 - September 2, 2003



You will find simple, brief, valuable and centralized information about everything Mozilla: the main project, independent projects running here and there to extend Mozilla products' capabilities, tips for people starting with these products and not so starters and a chance for everybody to let his/her voice be counted on our monthly polls.

Red Hat alert: New up2date available with updated SSL certificate authority file

  • Mailing list (Posted by dave on Aug 29, 2003 3:39 AM EDT)
  • Story Type: Security; Groups: Red Hat
New versions of the up2date and rhn_register clients are available and are required for continued access to Red Hat Network.

Debian alert: New node packages fix remote root vulnerability

  • Mailing list (Posted by dave on Aug 29, 2003 12:13 AM EDT)
  • Story Type: Security; Groups: Debian
Morgan alias SM6TKY discovered and fixed several security related problems in LinuxNode, an Amateur Packet Radio Node program. The buffer overflow he discovered can be used to gain unauthorised root access and can be remotely triggered.

Mandrake alert: Updated gkrellm packages fix remote arbitrary code executeion vulnerability

A buffer overflow was discovered in gkrellmd, the server component of the gkrellm monitor package, in versions of gkrellm 2.1.x prior to 2.1.14. This buffer overflow occurs while reading data from connected gkrellm clients and can lead to possible arbitrary code execution as the user running the gkrellmd server.

Mandrake alert: Updated apache2 packages fix multiple vulnerabilities

Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes:

Red Hat alert: Updated Sendmail packages fix vulnerability.

  • Mailing list (Posted by dave on Aug 27, 2003 11:00 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Sendmail packages are available to fix a vulnerability in the handling of DNS maps.

SuSE alert: sendmail

  • Mailing list (Posted by dave on Aug 26, 2003 9:04 AM EDT)
  • Story Type: Security; Groups: SUSE
The well known and widely used MTA sendmail is vulnerable to a remote denial-of-service attack in version 8.12.8 and earlier (but not before 8.12). The bug exists in the DNS map code. This feature is enabled by specifying FEATURE(`enhdnsbl'). When sendmail receives an invalid DNS response it tries to call free(3) on random data which results in a process crash.

Debian alert: New libpam-smb packages fix buffer overflow

  • Mailing list (Posted by dave on Aug 26, 2003 7:51 AM EDT)
  • Story Type: Security; Groups: Debian
libpam-smb is a PAM authentication module which makes it possible to authenticate users against a password database managed by Samba or a Microsoft Windows server. If a long password is supplied, this can cause a buffer overflow which could be exploited to execute arbitrary code with the privileges of the process which invokes PAM services.

Red Hat alert: Updated pam_smb packages fix remote buffer overflow.

  • Mailing list (Posted by dave on Aug 26, 2003 4:25 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated pam_smb packages are now available which fix a security vulnerability (buffer overflow).

Mandrake alert: Updated sendmail packages fix vulnerability

A vulnerability was discovered in all 8.12.x versions of sendmail up to and including 8.12.8. Due to wrong initialization of RESOURCE_RECORD_T structures, if sendmail receives a bad DNS reply it will call free() on random addresses which usually causes sendmail to crash.

Debian alert: New unzip packages fix directory traversal vulnerability

  • Mailing list (Posted by dave on Aug 25, 2003 8:53 PM EDT)
  • Story Type: Security; Groups: Debian
A directory traversal vulnerability in UnZip 5.50 allows attackers to bypass a check for relative pathnames ("../") by placing certain invalid characters between the two "." characters. The fix which was implemented in DSA-344-1 may not have protected against all methods of exploiting this vulnerability.

Slackware alert: unzip vulnerability patched (SSA:2003-237-01)



Upgraded infozip packages are available for Slackware 9.0 and -current. These fix a security issue where a specially crafted archive may overwrite files (including system files anywhere on the filesystem) upon extraction by a user with sufficient permissions.

Red Hat alert: Updated iptables packages are available

  • Mailing list (Posted by dave on Aug 25, 2003 5:07 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated iptables packages which are fully compatible with recent kernel updates are now available.

« Previous ( 1 ... 521 522 523 524 525 526 527 528 529 530 531 ... 595 ) Next »