Showing headlines posted by dave

« Previous ( 1 ... 534 535 536 537 538 539 540 541 542 543 544 ... 595 ) Next »

Debian alert: New xftp packages fix arbitrary code execution

  • Mailing list (Posted by dave on Apr 8, 2003 7:45 AM EDT)
  • Story Type: Security; Groups: Debian
Knud Erik Højgaard discovered a vulnerability in moxftp (and xftp respectively), an Athena X interface to http://FTP. Insufficient bounds checking could lead to execution of arbitrary code, provided by a malicious FTP server. Erik Tews fixed this.

Red Hat alert: Updated mgetty packages available

  • Mailing list (Posted by dave on Apr 8, 2003 4:17 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated mgetty packages are now available for Red Hat Linux 7.1, 7.2, 7.3, and 8.0. These updates close a possible buffer overflow and a permissions problem present in versions of mgetty prior to version 1.1.29.

Red Hat alert: New samba packages fix security vulnerability

  • Mailing list (Posted by dave on Apr 7, 2003 11:02 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Samba packages that fix a security vulnerability are now available for Red Hat Linux 7.2, 7.3, 8.0, and 9. Packages for Red Hat Linux 7.1 will be added shortly.

Slackware alert: Samba security problem fixed

The samba packages in Slackware 8.1 and 9.0 have been upgraded to Samba 2.2.8a to fix a security problem.

SuSE alert: samba

  • Mailing list (Posted by dave on Apr 7, 2003 12:26 PM EDT)
  • Story Type: Security; Groups: SUSE
Digital Defense Inc. have discovered a buffer overflow in the samba file server, the widely spread implementation of the SMB protocol. The flaw allows a remote attacker to execute arbitrary commands as root on a server that runs a vulnerable version of samba. The vulnerability is known as DDI trans2.c overflow bug and is assigned the CVE ID CAN-2003-0201. Since this vulnerability was found during an analysis of an exploit happening in the wild, it should be assumed that exploits are circulating in the internet.

Debian alert: New samba packages fix remote root exploit

  • Mailing list (Posted by dave on Apr 7, 2003 10:48 AM EDT)
  • Story Type: Security; Groups: Debian
Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use.

Mandrake alert: Updated samba packages fix remote root vulnerability

An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem.

Announcing Red Hat Linux 9

Red Hat, Inc. (Nasdaq:RHAT), the world's premier open source and Linux provider, today announced the availability of Red Hat Linux 9. Drawing from the work of the open source community, Red Hat Linux 9 allows users to take advantage of the newest open source technology first. With an improved graphical installation, new usability enhancements and end-user applications, Red Hat Linux 9 is designed for students, home computing and technology enthusiasts.

Debian alert: New metrics packages fix insecure temporary file creation

  • Mailing list (Posted by dave on Apr 7, 2003 12:34 AM EDT)
  • Story Type: Security; Groups: Debian
Paul Szabo and Matt Zimmerman discoverd two similar problems in metrics, a tools for software metrics. Two scripts in this package, "halstead" and "gather_stats", open temporary files without taking appropriate security precautions. "halstead" is installed as a user program, while "gather_stats" is only used in an auxiliary script included in the source code. These vulnerabilities could allow a local attacker to overwrite files owned by the user running the scripts, including root.

Debian alert: New mutt packages fix arbitrary code execution in potato

  • Mailing list (Posted by dave on Apr 6, 2003 10:05 PM EDT)
  • Story Type: Security; Groups: Debian
Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This problem could potentially allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder.

Debian alert: New sendmail packages fix DoS and arbitrary code execution

  • Mailing list (Posted by dave on Apr 4, 2003 5:57 AM EDT)
  • Story Type: Security; Groups: Debian
This is a major brown paperbag update. The old packages for the stable distribution (woody) did not work as expected and you should only update to the neww packages mentioned in this advisory. The packages in the old stable distribution (potato) are working properly. I'm awfully sorry for the inconvenience.

Debian alert: New sendmail packages fix denial of service

  • Mailing list (Posted by dave on Apr 4, 2003 4:08 AM EDT)
  • Story Type: Security; Groups: Debian
Michal Zalewski discovered a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail, a widely used powerful, efficient, and scalable mail transport agent. This problem is potentially remotely exploitable.

SuSE alert: openssl

  • Mailing list (Posted by dave on Apr 4, 2003 3:35 AM EDT)
  • Story Type: Security; Groups: SUSE
Researchers from the University of Stanford have discovered certain weaknesses in OpenSSL's RSA decryption algorithm. It allows remote attackers to compute the private RSA key of a server by observing its timing behavior. This bug has been fixed by enabling "RSA blinding", by default. Additionally an extension of the "Bleichenbacher attack" has been developed by Czech researchers against OpenSSL. This weakness has also been fixed.

Red Hat alert: Updated balsa and mutt packages fix vulnerabilities

  • Mailing list (Posted by dave on Apr 3, 2003 11:34 AM EDT)
  • Story Type: Security; Groups: Red Hat
New Balsa, Mutt, and libesmtp packages that fix potential buffer overflow vulnerabilities are now available.

Debian alert: New apcupsd packages fix remote root exploit

  • Mailing list (Posted by dave on Apr 3, 2003 5:44 AM EDT)
  • Story Type: Security; Groups: Debian
The controlling and management daemon apcupsd for APC's Unbreakable Power Supplies is vulnerable to several buffer overflows and format string attacks. These bugs can be exploited remotely by an attacker to gain root access to the machine apcupsd is running on.

Debian alert: New Linux kernel packages (s390) fix local root exploit

  • Mailing list (Posted by dave on Apr 3, 2003 4:22 AM EDT)
  • Story Type: Security; Groups: Debian
The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible.

Red Hat alert: Updated NetPBM packages fix multiple vulnerabilities

  • Mailing list (Posted by dave on Apr 2, 2003 11:08 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated NetPBM packages are available that fix a number of vulnerabilities in the netpbm libraries.

Red Hat alert: Updated Eye of GNOME packages fix vulnerability

  • Mailing list (Posted by dave on Apr 2, 2003 11:07 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated eog packages that fix a security vulnerability are now available.

End of Life: Red Hat Linux 6.2, 7

In accordance with our errata support policy the Red Hat Linux 6.2 and Red Hat Linux 7 distributions have now reached their end-of-life for errata maintenance. This means that we will no longer be producing security, bugfix, or enhancement updates for these products.

Debian alert: New lpr-ppd packages fix local root exploit

  • Mailing list (Posted by dave on Apr 2, 2003 6:10 AM EDT)
  • Story Type: Security; Groups: Debian
A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly.

« Previous ( 1 ... 534 535 536 537 538 539 540 541 542 543 544 ... 595 ) Next »