Showing headlines posted by dave

« Previous ( 1 ... 538 539 540 541 542 543 544 545 546 547 548 ... 595 ) Next »

Mandrake alert: Updated usermode packages remove insecure shutdown command

The /usr/bin/shutdown command that comes with the usermode package can be executed by local users to shutdown all running processes and drop into a root shell. This command is not really needed to shutdown a system, so it has been removed and all users are encouraged to upgrade. Please note that the user must have local console access in order to obtain a root shell in this fashion.

Debian alert: New ethereal packages fix arbitrary code execution

  • Mailing list (Posted by dave on Mar 10, 2003 5:44 AM EDT)
  • Story Type: Security; Groups: Debian
Georgi Guninski discovered a problem in ethereal, a network traffic analyzer. The program contains a format string vulnerability that could probably lead to execution of arbitrary code.

Red Hat alert: Updated file packages fix vulnerability

  • Mailing list (Posted by dave on Mar 7, 2003 6:00 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated file packages are available to close a buffer overflow vulnerability.

Mandrake alert: Updated file packages fix stack overflow vulnerability

A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file.

Mandrake alert: Updated snort packages fix buffer overflow vulnerability

A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable.

Red Hat alert: Updated OpenSSL packages fix timing attack

  • Mailing list (Posted by dave on Mar 6, 2003 6:12 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated OpenSSL packages are available that fix a potential timing-based attack.

Red Hat alert: Updated im packages fix insecure handling of temporary files

  • Mailing list (Posted by dave on Mar 6, 2003 6:09 AM EDT)
  • Story Type: Security; Groups: Red Hat
New im packages are available that fix the insecure handling of temporary files.

Red Hat alert: Updated squirrelmail packages close cross-site scripting vulnerabilities

  • Mailing list (Posted by dave on Mar 4, 2003 11:45 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated squirrelmail packages are now available for Red Hat Linux.

Debian alert: sendmail-wide remote exploit

  • Mailing list (Posted by dave on Mar 4, 2003 1:10 PM EDT)
  • Story Type: Security; Groups: Debian
This advisory is an addendum to DSA-257-1; the sendmail problem discussed there also applies to the sendmail-wide packages.

Debian alert: sendmail remote exploit

  • Mailing list (Posted by dave on Mar 4, 2003 2:54 AM EDT)
  • Story Type: Security; Groups: Debian
Mark Dowd of ISS X-Force found a bug in the header parsing routines of sendmail: it could overflow a buffer overflow when encountering addresses with very long comments. Since sendmail also parses headers when forwarding emails this vulnerability can hit mail-servers which do not deliver the email as well.

Slackware alert: Sendmail buffer overflow fixed

The sendmail packages in Slackware 8.1 and -current have been patched to fix a security problem. All sites running sendmail should upgrade.

Mandrake alert: Updated sendmail packages fix remotely exploitable buffer overflow vulnerability

A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail.

Mandrake alert: Updated tcpdump packages fix denial of service vulnerabilities

A vulnerability was discovered by Andrew Griffiths and iDEFENSE Labs in the tcpdump program. By sending a specially crafted network packet, an attacker is able to to cause tcpdump to enter an infinite loop. In addition, the tcpdump developers found a potential infinite loop when tcpdump parses malformed BGP packets. A buffer overflow was also discovered that can be exploited with certain malformed NFS packets.

SuSE alert: sendmail

  • Mailing list (Posted by dave on Mar 3, 2003 10:18 AM EDT)
  • Story Type: Security; Groups: SUSE
sendmail is the most widely used mail transport agent (MTA) in the internet. A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SuSE products. These versions include sendmail-8.11 and sendmail-8.12 releases. sendmail is the MTA subsystem that is installed by default on all SuSE products up to and including SuSE Linux 8.0 and the SuSE Linux Enterprise Server 7.

Red Hat alert: Updated sendmail packages fix critical security issues

  • Mailing list (Posted by dave on Mar 3, 2003 8:05 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Sendmail packages are available to fix a vulnerability that may allow remote attackers to gain root privileges by sending a carefully crafted message. These packages also fix a security bug if sendmail is configured to use smrsh.

Debian alert: New mhc-utils packages fix predictable temporary file

  • Mailing list (Posted by dave on Feb 28, 2003 6:20 AM EDT)
  • Story Type: Security; Groups: Debian
It has been discovered that adb2mhc from the mhc-utils package. The default temporary directory uses a predictable name. This adds a vulnerability that allows a local attacker to overwrite arbitrary files the users has write permissions for.

Debian alert: New tcpdump packages fix denial of service vulnerability

  • Mailing list (Posted by dave on Feb 27, 2003 11:35 AM EDT)
  • Story Type: Security; Groups: Debian
Andrew Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a powerful tool for network monitoring and data acquisition. An attacker is able to send a specially crafted network packet which causes tcpdump to enter an infinite loop.

SuSE alert: hypermail

  • Mailing list (Posted by dave on Feb 27, 2003 9:06 AM EDT)
  • Story Type: Security; Groups: SUSE
Hypermail is a tool to convert a Unix mail-box file to a set of cross- referenced HTML documents. During an internal source code review done by Thomas Biege several bugs where found in hypermail and its tools. These bugs allow remote code execution, local tmp race conditions, denial-of-service conditions and read access to files belonging to the host hypermail is running on. Additionally the mail CGI program can be abused by spammers as email- relay and should thus be disabled.

Debian alert: New NANOG traceroute packages fix buffer overflow

  • Mailing list (Posted by dave on Feb 27, 2003 5:45 AM EDT)
  • Story Type: Security; Groups: Debian
A vulnerability has been discovered in NANOG traceroute, an enhanced version of the Van Jacobson/BSD traceroute program. A buffer overflow occurs in the 'get_origin()' function. Due to insufficient bounds checking performed by the whois parser, it may be possible to corrupt memory on the system stack. This vulnerability can be exploited by a remote attacker to gain root privileges on a target host. Though, most probably not in Debian.

Mandrake alert: Updated shadow-utils packages fix improper mailspool ownership

The shadow-utils package contains the tool useradd, which is used to create or update new user information. When useradd creates an account, it would create it with improper permissions; instead of having it owned by the group mail, it would be owned by the user's primary group. If this is a shared group (ie. "users"), then all members of the shared group would be able to obtain access to the mail spools of other members of the same group. A patch to useradd has been applied to correct this problem.

« Previous ( 1 ... 538 539 540 541 542 543 544 545 546 547 548 ... 595 ) Next »