Showing headlines posted by dave

Updated glibc packages are available to fix a buffer overflow in the XDR decoder.

Updated Tcl/Tk packages for Red Hat Linux 7 and 7.1 fix two local vulnerabilities.

The i4l package contains several programs for ISDN maintenance and connectivity on Linux. The ipppd program which is part of the package contained various buffer overflows and format string bugs. Since ipppd is installed setuid to root and executable by users of group 'dialout' this may allow attackers with appropriate group membership to execute arbitrary commands as root. The i4l package is installed by default and also vulnerable if you do not have a ISDN setup. The buffer overflows and format string bugs have been fixed. We strongly recommend an update of the i4l package. If you do not consider updating the package it is also possible to remove the setuid bit from /usr/sbin/ipppd as a temporary workaround. The SuSE Security Team is aware of a published exploit for ipppd that gives a local attacker root privileges so you should either update the package or remove the setuid bit from ipppd.

A set of problems have been discovered in Hylafax, a flexible client/server fax software distributed with many GNU/Linux distributions. Quoting SecurityFocus the problems are in detail:

Various versions of the ISC BIND resolver libraries are vulnerable to a buffer overflow attack. Updated BIND packages are now available to fix this issue.

A cross-site scripting vulnerability was discovered in mailman, a software to manage electronic mailing lists. When a properly crafted URL is accessed with Internet Explorer (other browsers don't seem to be affected), the resulting webpage is rendered similar to the real one, but the javascript component is executed as well, which could be used by an attacker to get access to sensitive information. The new version for Debian 2.2 also includes backports of security related patches from mailman 2.0.11.

The upstream author of dietlibc, Felix von Leitner, discovered a potential division by zero chance in the fwrite and calloc integer overflow checks, which are fixed in the version below.

An integer overflow bug has been discovered in the RPC library used by dietlibc, a libc optimized for small size, which is derived from the SunRPC library. This bug could be exploited to gain unauthorized root access to software linking to this code. The packages below also fix integer overflows in the calloc, fread and fwrite code. They are also more strict regarding hostile DNS packets that could lead to a vulnerability otherwise.

The authors of tinyproxy, a lightweight HTTP proxy, discovered a bug in the handling of some invalid proxy requests. Under some circumstances, an invalid request may result in a allocated memory being freed twice. This can potentially result in the execution of arbitrary code.

Updated secureweb packages are now available for Red Hat Secure Web Server 3.

A problem with wwwoffle has been discovered. The web proxy didn't handle input data with negative Content-Length settings properly which causes the processing child to crash. It is at this time not obvious how this can lead to an exploitable vulnerability; however, it's better to be safe than sorry, so here's an update.

Updated OpenSSL packages are available for Red Hat Linux 6.2, 7, 7.1, 7.2, and 7.3. These updates fix multiple protocol parsing bugs which may be used in a denial of service (DoS) attack or cause SSL-enabled applications to crash.

Updated gaim packages are now available for Red Hat Linux 7.1, 7.2, and 7.3. These updates fix a buffer overflow in the Jabber plug-in module.

Updated gaim packages are now available for Red Hat Powertools 7. These updates fix a buffer overflow in the Jabber plug-in module.

An integer overflow bug has been discovered in the RPC library used by the Kerberos 5 administration system, which is derived from the SunRPC library. This bug could be exploited to gain unauthorized root access to a KDC host. It is believed that the attacker needs to be able to authenticate to the kadmin daemon for this attack to be successful. No exploits are known to exist yet.

An integer overflow bug has been discovered in the RPC library used by the OpenAFS database server, which is derived from the SunRPC library. This bug could be exploited to crash certain OpenAFS servers (volserver, vlserver, ptserver, buserver) or to obtain unauthorized root access to a host running one of these processes. No exploits are known to exist yet.

In addition to the advisory DSA 140-1 the packages below fix another potential buffer overflow. The PNG libraries implement a safety margin which is also included in a newer upstream release. Thanks to Glenn Randers-Pehrson for informing us.

Eckehard Berns discovered a buffer overflow in the munpack program which is used for decoding (respectively) binary files in MIME (Multipurpose Internet Mail Extensions) format mail messages. If munpack is run on an appropriately malformed email (or news article) then it will crash, and perhaps can be made to run arbitrary code.

Developers of the PNG library have fixed a buffer overflow in the progressive reader when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. Such deliberately malformed datastreams would crash applications which could potentially allow an attacker to execute malicious code. Programs such as Galeon, Konquerer and various others make use of these libraries.

GOBBLES found an insecure use of format strings in the super package. The included program super is intended to provide access to certain system users for particular users and programs, similar to the program super. Exploiting this format string vulnerability a local user can gain unauthorized root accesss.