Showing headlines posted by dave
« Previous ( 1 ... 545 546 547 548 549 550 551 552 553 554 555 ... 595 ) Next »Debian alert: New canna packages fix buffer overflow and denial of service
Several vulnerabilities have been discovered in canna, a Japanese
input system. The Common Vulnerabilities and Exposures (CVE) project
identified the following vulnerabilities:
Debian alert: New geneweb packages fix information exposure
A security issue has been discovered by Daniel de Rauglaudre, upstream
author of geneweb, a genealogical software with web interface. It
runs as a daemon on port 2317 by default. Paths are not properly
sanitized, so a carefully crafted URL lead geneweb to read and display
arbitrary files of the system it runs on.
Red Hat alert: Updated cyrus-sasl packages fix buffer overflows
Updated cyrus-sasl packages are now available for Red Hat Linux 8.0. These
packages close buffer overflows present in Cyrus SASL
Debian alert: New xpdf packages fix arbitrary command execution
iDEFENSE discovered an integer overflow in the pdftops filter from the
xpdf package that can be exploited to gain the privileges of the
target user. This can lead to gaining privileged access to the 'lp'
user if thee pdftops program is part of the print filter.
Red Hat alert: Updated pine packages available
A vulnerability in Pine version 4.44 and earlier releases can cause
Pine to crash when sent a carefully crafted email.
Debian alert: New mhonarc packages fix cross site scripting
Earl Hood, author of mhonarc, a mail to HTML converter, discovered a
cross site scripting vulnerability in this package. A specially
crafted HTML mail message can introduce foreign scripting content in
archives, by-passing MHonArc's HTML script filtering.
Debian alert: New squirrelmail packages fix cross site scripting problem
A cross site scripting vulnerability has been discovered in
squirrelmail, a feature-rich webmail package written in PHP4.
Squirrelmail doesn't sanitize user provided variables in all places,
leaving it vulnerable to a cross site scripting attack.
SuSE alert: mysql
Stefan Esser from e-matters reported various bugs in MySQL. Within the MySQL server the password checking and a signedness issue has been fixed. These could lead to a remote compromise of the system running an unpatched MySQL server. In order to exploit this bug, the remote attacker needs a valid MySQL account. Further, a buffer overflow in the mysqlclient library has been reported and fixed. Applications using this library (as commonly used from within PHP scripts) are vulnerable to this attack and could also be compromised by remote attackers.
SuSE alert: cups
CUPS is a well known and widely used printing system for unix-like systems. iDFENSE reported several security issues with CUPS that can lead to local and remote root compromise. The following list includes all vulnerabilities: - integer overflow in HTTP interface to gain remote access with CUPS privileges - local file race condition to gain root (bug mentioned above has to be exploited first) - remotely add printers - remote denial-of-service attack due to negative length in memcpy() call - integer overflow in image handling code to gain higher privileges - gain local root due to buffer overflow of 'options' buffer - design problem to gain local root (needs added printer, see above) - wrong handling of zero width images can be abused to gain higher privileges - file descriptor leak and denial-of-service due to missing checks of return values of file/socket operations
SuSE alert: fetchmail
fetchmail is used to download emails from POP-, IMAP-, ETRN- or ODMR- servers. Stefan Esser of e-matters reported a bug in fetchmail's mail address expanding code which can lead to remote system compromise. When fetchmail expands email addresses in mail headers it doesn not allocated enough memory. An attacker can send a malicious formatted mail header to exhaust the memory allocated by fetchmail to overwrite parts of the heap. This can be exploited to execute arbitrary code.
Debian alert: New dhcpcd packages fix remote command execution vulnerability
Simon Kelly discovered a vulnerability in dhcpcd, an RFC2131 and
RFC1541 compliant DHCP client daemon, that runs with root privileges
on client machines. A malicious administrator of the regular or an
untrusted DHCP server may execute any command with root privileges on
the DHCP client machine by sending the command enclosed in shell
metacharacters in one of the options provided by the DHCP server.
Debian alert: New bugzilla packages fix cross site scripting problem
A cross site scripting vulnerability has been reported for Bugzilla, a
web-based bug tracking system. Bugzilla does not properly sanitize
any input submitted by users. As a result, it is possible for a
remote attacker to create a malicious link containing script code
which will be executed in the browser of a legitimate user, in the
context of the website running Bugzilla. This issue may be exploited
to steal cookie-based authentication credentials from legitimate users
of the website running the vulnerable software.
Debian alert: New typespeed packages fix buffer overflow
A problem has been discovered in the typespeed, a game that lets you
measure your typematic speed. By overflowing a buffer a local
attacker could execute arbitrary commands under the group id games.
Debian alert: New fetchmail packages fix buffer overflow
Stefan Esser of e-matters discovered a buffer overflow in fetchmail,
an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder. When
fetchmail retrieves a mail all headers that contain addresses are
searched for local addresses. If a hostname is missing, fetchmail
appends it but doesn't reserve enough space for it. This heap
overflow can be used by remote attackers to crash it or to execute
arbitrary code with the privileges of the user running fetchmail.
Debian alert: New cyrus-imapd packages fix remote command execution
Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server,
which could be exploited by a remote attacker prior to logging in. A
malicious user could craft a request to run commands on the server under
the UID and GID of the cyrus server.
SuSE alert: cyrus-imapd
The cyrus imapd contains a buffer overflow which could be exploited by remote attackers prior to logging in. Attackers could generate oversized error messages and overflow buffers inside imapd. Additionally to this fix, an overflow in the SASL library (as used by the cyrus imapd) has been fixed. This bug only affects SuSE Linux 8.1, the SuSE Linux Enterprise Server 8 and the SuSE Linux Openexchange Server.
Debian alert: New kdentwork packages fix buffer overflows
Olaf Kirch from SuSE Linux AG discovered another vulnerability in the
klisa package, that provides a LAN information service similar to
"Network Neighbourhood". The lisa daemon contains a buffer overflow
vulnerability which potentially enables any local user, as well any
any remote attacker on the LAN who is able to gain control of the LISa
port (7741 by default), to obtain root privileges. In addition, a
remote attacker potentially may be able to gain access to a victim's
account by using an "rlan://" URL in an HTML page or via another KDE
application.
Debian alert: New libpng packages fix buffer overflow
Glenn Randers-Pehrson discovered a problem in connection with 16-bit
samples from libpng, an interface for reading and writing PNG
(Portable Network Graphics) format files. The starting offsets for
the loops are calculated incorrectly which causes a buffer overrun
beyond the beginning of the row buffer.
Mandrake alert: Updated MySQL packages fix multiple vulnerabilities
Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '
Mandrake alert: Updated apache packages fix multiple vulnerabilities
A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache.
« Previous ( 1 ... 545 546 547 548 549 550 551 552 553 554 555 ... 595 ) Next »