Showing headlines posted by dave

The UW imap daemon contains a buffer overflow which allows a logged in, remote user to execute commands on the server with the user's UID/GID.

The UW imap daemon contains a buffer overflow which allows a logged in, remote user to execute commands on the server with the user's UID/GID.

The "Dynamic Host Configuration Protocol" (DHCP) server from the Internet Software Consortium allows hosts on a TCP/IP network to request and be assigned IP addresses, and also to discover information about the network to which they are attached.

A vulnerability exists in all versions of Webmin prior to 0.970 that allows a remote attacker to login to Webmin as any user. All users of Webmin are encouraged to upgrade immediately. Users of Mandrake Linux 8.0 and earlier will need to install some additional perl modules for this new version of webmin to work correctly.

Updated fetchmail packages are available for Red Hat Linux 6.2, 7, 7.1, 7.2, and 7.3 which close a remotely-exploitable vulnerability in unpatched versions of fetchmail prior to 5.9.10.

Updated imlib packages are now available for Red Hat Linux 6.2, 7, 7.1 and 7.2 which fix potential problems loading untrusted images.

Several buffer overflows were found in the tcpdump package by FreeBSD developers during a code audit, in versions prior to 3.5. However, newer versions of tcpdump, including 3.6.2, are also vulnerable to another buffer overflow in the AFS RPC decoding functions, which was discovered by Nick Cleaton. These vulnerabilities could be used by a remote attacker to crash the the tcpdump process or possibly even be exploited to execute arbitrary code as the user running tcpdump, which is usually root. The newer libpcap 0.6 has also been audited to make it more safe by implementing better buffer boundary checks in several functions.

Wojciech Purczynski reported a race condition in some utilities in the GNU fileutils package that may cause root to delete the entire filesystem. This only affects version 4.1 stable and 4.1.6 development versions, and the authors have fixed this in the latest development version.

Updated mpg321 packages are available for Red Hat Linux 7.2, which fix a buffer overflow in the network streaming code as well as other bugs.

Lukemftp (ftp(1), /usr/bin/ftp, /usr/bin/pftp) is a compfortable ftp client from NetBSD. A buffer overflow could be triggered by an malicious ftp server while the client parses the PASV ftp command. An attacker who control an ftp server to which a client using lukemftp is connected can gain remote access to the clients machine with the privileges of the user running lukeftp.

The shadow package contains several useful programs to maintain the entries in the /etc/passwd and /etc/shadow files. The SuSE Security Team discovered a vulnerability that allows local attackers to destroy the contents of these files or to extend the group privileges of certain users. This is possible by setting evil filesize limits before invoking one of the programs modifying the system files. Depening on the permissions of the system binaries this allows a local attacker to gain root privileges in the worst case. This however is not possible in a default installation. The bug has been fixed by ensuring the integrity of the data written to temporary files before moving them to the appropriate location of the system. There is no workaround so we recommend an update in any case. It is necessary to update the shadow package as well as the pam-modules package in order to prevent the truncation attacks.

Updated packages are available which fix a security issue in Mozilla.

Updated packages for sharutils are available which fix potential privilege escalation using the uudecode utility.

Updated perl-Digest-MD5 packages are available which work around a bug in the utf8 interaction between perl-Digest-MD5 and Perl.

A problem was discovered with Netfilter Network Address Translation (NAT) capabilities. It was found that iptables can leak information about how port forwarding is accomplished in unfiltered ICMP packets.

Netfilter ("iptables") can leak information about how port forwarding is done in unfiltered ICMP packets. The older "ipchains" code is not affected. This bug only affects users using the Network Address Translation features of firewalls built with netfilter ("iptables"). Red Hat Linux's firewall configuration tools use "ipchains," and those configurations are not vulnerable to this bug.

Updated mod_python packages have been made available for Red Hat Linux 7.2 and 7.3. These updates close a security issue in mod_python which allows the publisher handler to use modules which have only been indirectly imported. This re-issue adds packages for Red Hat Linux 7.3.

The ifup-dhcp script which is part of the sysconfig package is responsible for setting up network-devices using configuration data obtained from a DHCP server by the dhcpcd DHCP client. It is possible for remote attackers to feed this script with evil data via spoofed DHCP replies for example. This way ifup-dhcp could be tricked into executing arbitrary commands as root. The ifup-dhcp shellscript has been fixed to not source the file containing the possible evil data anymore. Even though the sysconfig package is installed by default, this problem only affects systems with certain dhcp network-setups so only users using DHCP should update their sysconfig package.

The imlib library can be used by X11 applications to handle various kinds of image data.

RALEIGH, NC--May 6, 2002--Red Hat, Inc. (Nasdaq:RHAT) today released Red Hat Linux version 7.3, a highly configurable operating system (OS) designed for deployments ranging from games and personal productivity to file, print and web serving. Red Hat Linux 7.3 adds new productivity tools, personal firewall configuration at installation, and video conferencing software to deliver everything individual users, educational institutions and small businesses need for flexible Internet-based computing.