Showing headlines posted by dave

« Previous ( 1 ... 549 550 551 552 553 554 555 556 557 558 559 ... 595 ) Next »

Debian alert: New luxman packages fix local root exploit

  • Mailing list (Posted by dave on Nov 6, 2002 8:10 AM EDT)
  • Story Type: Security; Groups: Debian
iDEFENSE reported about a vulnerability in LuxMan, a maze game for GNU/Linux, similar to the PacMan arcade game. When successfully exploited it a local attacker with read write access to the Memory, leading to a local root compromise in many ways, examples of which include scanning the file for fragments of the master password file and modifying kernel memory to re-map system calls.

Debian alert: New Apache-SSL packages fix several vulnerabilities

  • Mailing list (Posted by dave on Nov 5, 2002 5:55 AM EDT)
  • Story Type: Security; Groups: Debian
According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache package, a commonly used webserver. Most of the code is shared between the Apache and Apache-SSL packages, so vulnerabilities are shared as well. These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross scripting attack, or steal cookies from other web site users. Vulnerabilities in the included lecacy programs htdigest, htpasswd and ApacheBench can be exploited when called via CGI. Additionally the insecure temporary file creation in htdigest and htpasswd can also be exploited locally. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities:

SuSE alert: perl-MailTools

  • Mailing list (Posted by dave on Nov 5, 2002 2:09 AM EDT)
  • Story Type: Security; Groups: SUSE
The SuSE Security Team reviewed critical Perl modules, including the Mail::Mailer package. This package contains a security hole which allows remote attackers to execute arbitrary commands in certain circumstances. This is due to the usage of mailx as default mailer which allows commands to be embedded in the mail body. Vulnerable to this attack are custom auto reply programs or spam filters which use Mail::Mailer directly or indirectly.

Debian alert: New Apache packages fix several vulnerabilities

  • Mailing list (Posted by dave on Nov 4, 2002 6:26 AM EDT)
  • Story Type: Security; Groups: Debian
According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several remotely exploitable vulnerabilities have been found in the Apache package, a commonly used webserver. These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross scripting attack. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities:

Debian alert: New log2mail packages fix several vulnerabilities

  • Mailing list (Posted by dave on Nov 1, 2002 6:31 AM EDT)
  • Story Type: Security; Groups: Debian
Enrico Zini discovered a buffer overflow in log2mail, a daemon for watching logfiles and sending lines with matching patterns via mail. The log2mail daemon is started upon system boot and runs as root. A specially crafted (remote) log message could overflow a static buffer, potentially leaving log2mail to execute arbitrary code as root.

Mandrake alert: mozilla update

Numerous security fixes are available in Mozilla 1.0.1. For a detailed list, refer to the "Recently fixed security issues" page on the Mozilla website (see the first reference). All users are encouraged to upgrade to this latest stable 1.0.x release of Mozilla.

Debian alert: New heimdal packages fix buffer overflows

  • Mailing list (Posted by dave on Oct 31, 2002 6:10 AM EDT)
  • Story Type: Security; Groups: Debian
A stack buffer overflow in the kadm_ser_wrap_in function in the Kerberos v4 administration server was discovered, which is provided by Heimdal as well. A working exploit for this kadmind bug is already circulating, hence it is considered serious. The roken library also contains a vulnerability which could lead to another root exploit.

SuSE alert: lprng/html2ps

  • Mailing list (Posted by dave on Oct 31, 2002 2:01 AM EDT)
  • Story Type: Security; Groups: SUSE
The lprng package contains the "runlpr" program which allows the lp user to execute the lpr program as root. Local attackers can pass certain commandline arguments to lpr running as root, fooling it to execute arbitrary commands as root. This has been fixed. Note that this vulnerability can only be exploited if the attacker has previously gained access to the lp account.

SuSE alert: syslog-ng

  • Mailing list (Posted by dave on Oct 31, 2002 1:24 AM EDT)
  • Story Type: Security; Groups: SUSE
The syslog-ng package is a portable syslog implementation which can be used as syslogd replacement. Syslog-ng contained buffer overflows in its macro expansion routines. These overflows could be triggered by remote attackers if certain configuration options were enabled. Syslog-ng is not used by default on SuSE Linux, and even if installed, the problematic options are not enabled by default. We recommend an update of the syslog-ng package nevertheless if you use syslog-ng for logging. To be sure the update takes effect you have to restart the daemon by issuing the following command as root:

Debian alert: New krb4 packages fix buffer overflow

  • Mailing list (Posted by dave on Oct 30, 2002 7:58 AM EDT)
  • Story Type: Security; Groups: Debian
Tom Yu and Sam Hartman of MIT discovered another stack buffer overflow in the kadm_ser_wrap_in function in the Kerberos v4 administration server. This kadmind bug has a working exploit code circulating, hence it is considered serious.

Mandrake alert: krb5 update

A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the krb5 package can be exploited to gain unauthorized root access to a KDC host. Authentication to the daemon is not required to successfully perform the attack and according to MIT at least one exploit is known to exist. kadmind4 is used only by sites that require compatibility with legacy administrative clients, and sites that do not have these needs are likely not using kadmind4 and are not affected. MandrakeSoft encourages all users who use Kerberos to upgrade to these packages immediately.

Debian alert: New krb5 packages fix buffer overflow

  • Mailing list (Posted by dave on Oct 29, 2002 9:55 AM EDT)
  • Story Type: Security; Groups: Debian
Tom Yu and Sam Hartman of MIT discovered another stack buffer overflow in the kadm_ser_wrap_in function in the Kerberos v4 administration server. This kadmind bug has a working exploit code circulating, hence it is considered serious. The MIT krb5 implementation includes support for version 4, including a complete v4 library, server side support for krb4, and limited client support for v4.

Debian alert: New kghostview packages fix buffer overflow

  • Mailing list (Posted by dave on Oct 28, 2002 6:15 AM EDT)
  • Story Type: Security; Groups: Debian
Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. The same code is present in kghostview which is part of the KDE-Graphics package. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim.

Mandrake alert: mod_ssl update

A cross-site scripting vulnerability was discovered in mod_ssl by Joe Orton. This only affects servers using a combination of wildcard DNS and "UseCanonicalName off" (which is not the default in Mandrake Linux). With this setting turned off, Apache will attempt to use the hostname:port that the client supplies, which is where the problem comes into play. With this setting turned on (the default), Apache constructs a self-referencing URL and will use ServerName and Port to form the canonical name. It is recommended that all users upgrade, regardless of the setting of the "UseCanonicalName" configuration option.

Mandrake alert: kdegraphics update

A vulnerability exists in KGhostview, part of the kdegraphics package. It includes a DSC 3.0 parser from GSview then is vulnerable to a buffer overflow while parsing a specially crafted .ps file. It also contains code from gv which is vulnerable to a similar buffer overflow triggered by malformed PostScript and PDF files. This has been fixed in KDE 3.0.4 and patches have been applied to correct these packages.

Red Hat alert: Updated ypserv packages fixes memory leak

  • Mailing list (Posted by dave on Oct 24, 2002 4:14 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated ypserv packages which fix a memory leak are now available for Red Hat Linux 7.x and 6.

Mandrake alert: tetex update

A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer.

Debian alert: New mod_ssl packages fix cross site scripting

  • Mailing list (Posted by dave on Oct 22, 2002 6:48 AM EDT)
  • Story Type: Security; Groups: Debian
Joe Orton discovered a cross site scripting problem in mod_ssl, an Apache module that adds Strong cryptography (i.e. HTTPS support) to the webserver. The module will return the server name unescaped in the response to an HTTP request on an SSL port.

Mandrake alert: gv update

A buffer overflow was discovered in gv versions 3.5.8 and earlier by Zen Parse. The problem is triggered by scanning a file and can be exploited by an attacker sending a malformed PostScript or PDF file. This would result in arbitrary code being executed with the privilege of the user viewing the file. ggv uses code derived from gv and has the same vulnerability. These updates provide patched versions of gv and ggv to fix the vulnerabilities.

SuSE alert: postgresql

  • Mailing list (Posted by dave on Oct 21, 2002 7:52 AM EDT)
  • Story Type: Security; Groups: SUSE
The PostgreSQL Object-Relational DBMS was found vulnerable to several security related buffer overflow problems. The buffer overflows are located in: * handling long datetime input * lpad() and rpad() function with multibyte * repeat() function * TZ and SET TIME ZONE environment variables These bugs could just be exploited by attackers who have access to the postgresql server to gain the privileges postgres user ID .

« Previous ( 1 ... 549 550 551 552 553 554 555 556 557 558 559 ... 595 ) Next »