Showing headlines posted by dave

The LPRng print spooler, as shipped in Red Hat Linux 7.x, accepts all remote print jobs by default.

Updated mailman packages are now available for Red Hat Linux 7.2 and 7.3. These updates resolve a cross-site scripting vulnerability present in versions of Mailman prior to

Updated mailman packages are now available for Red Hat Power Tools 7 and 7.1. These updates resolve a cross-site scripting vulnerability present in versions of Mailman prior to

Updated ethereal packages are available which fix several security problems.

There is a bug in the BIND9 name server that is triggered when processing certain types of DNS replies. When this happens an assertion will fail, and named will log a message to the system log before exiting. This means a remote attacker can easily shut down the name server process.

Updated packages are available for GNU Ghostscript which fix a vulnerability found during Postscript interpretation.

Version 9 of the bind name prior to version 9.

A security issue in XChat allows a malicious server to execute arbitrary commands.

A vulnerability was discovered in the BIND9 DNS server in versions prior to 9.2.1. An error condition will trigger the shutdown of the server when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL as expected. This condition causes the server to assert an error message and shutdown the BIND server. The error condition can be remotely exploited by a special DNS packet. This can only be used to create a Denial of Service on the server; the error condition is correctly detected, so it will not allow an attacker to execute arbitrary code on the server.

Updated nss_ldap packages are now available for Red Hat Linux 6.2, 7, 7.1, 7.2, and 7.3. These packages fix a string format vulnerability in the pam_ldap module. [Update Jun 4, 2002] Replacement packages have been added for Red Hat Linux 6.

Ethereal versions prior to 0.9.3 were vulnerable to an allocation error in the ASN.1 parser. This can be triggered when analyzing traffic using the SNMP, LDAP, COPS, or Kerberos protocols in ethereal. This vulnerability was announced in the ethereal security advisory enpa-sa-00003 and has been given the proposed CVE id of CAN-2002-0353. This issue has been corrected in ethereal version 0.8.0-3potato for Debian 2.2 (potato).

We have received reports that in.uucpd, an authentication agent in the uucp package, does not properly terminate certain long input strings. This has been corrected in uucp package version 1.06.1-11potato3 for Debian 2.2 (potato) and in version 1.06.1-18 for the upcoming (woody) release.

Fermin J. Serna discovered a problem in the dhcp server and client package from versions 3.0 to 3.0.1rc8, which are affected by a format string vulnerability that can be exploited remotely.

Updated tcpdump, libpcap, and arpwatch packages are available for Red Hat Linux 6.2 and 7.x. These updates close a buffer overflow when handling NFS packets.

Fermin J. Serna discovered a problem in the dhcp server and client package from versions 3.0 to 3.0.1rc8, which are affected by a format string vulnerability that can be exploited remotely. By default, these versions of DHCP are compiled with the dns update feature enabled, which allows DHCP to update DNS records. The code that logs this update has an exploitable format string vulnerability; the update message can contain data provided by the attacker, such as a hostname. A successful exploitation could give the attacker elevated privileges equivalent to the user running the DHCP daemon, which is the user dhcpd in Mandrake Linux 8.x, but root in earlier versions.

The tcpdump program may be used to capture and decode network traffic. Tcpdump decodes certain packets such as AFS requests in a wrong way resulting in a buffer overflow. Since running tcpdump requires root privileges this may lead to a root compromise of the system running tcpdump. We strongly recommend an update for administrators using tcpdump to monitor their networks since the only safe workaround is to not use it at all. Additionally to the fixed tcpdump packages we provide new libpcap packages. Libpcap on which most network monitoring programs rely also contained overflows which however are only exploitable by local attackers if you installed programs using libpcap setuid. This is not found in a default install. More information about tcpdump and libpcap may be found at http://www.tcpdump.org

A problem was discovered with versions of fetchmail prior to 5.9.10 that was triggered by retreiving mail from an IMAP server. The fetchmail client will allocate an array to store the sizes of the messages it is attempting to retrieve. This array size is determined by the number of messages the server is claiming to have, and fetchmail would not check whether or not the number of messages the server was claiming was too high. This would allow a malicious server to make the fetchmail process write data outside of the array bounds.

A bug exists in the UTF8 interaction between the perl-Digest-MD5 module and perl that results in UTF8 strings having improper MD5 digests. The 2.20 version of the module corrects this problem.

A buffer overflow was discovered in the imap server that could allow a malicious user to run code on the server with the uid and gid of the email owner by constructing a malformed request that would trigger the buffer overflow. However, the user must successfully authenticate to the imap service in order to exploit it, which limits the scope of the vulnerability somewhat, unless you are a free mail provider or run a mail service where users do not already have shell access to the system.

Updated nss_ldap packages are now available for Red Hat Linux 6.2, 7.0, 7.1,7.2, and 7.3. These packages fix a string format vulnerability in the pam_ldap module.