Showing headlines posted by dave

The Secure Programming Group of the Oulu University, Sweden released a testing suite for SNMP implementations. Several bugs could be triggered in the ucd-snmpd code by using this testing suite. These bugs lead to remote denial-of-service attacks and may possibly exploited to break system security remotely. Additionally, the SuSE Security Team did a full audit of the ucd-snmpd code and we hope to avoid more problems caused by other bugs in the future.

Updated LogWatch packages are available that fix tmp file race conditions which can cause a local user to gain root privileges.

Updated LogWatch packages are available that fix tmp file race conditions which can cause a local user to gain root privileges.

Yuji Takahashi discovered a bug in analog which allows a cross-site scripting type attack. It is easy for an attacker to insert arbitrary strings into any web server logfile. If these strings are then analysed by analog, they can appear in the report. By this means an attacker can introduce arbitrary Javascript code, for example, into an analog report produced by someone else and read by a third person. Analog already attempted to encode unsafe characters to avoid this type of attack, but the conversion was incomplete.

The authors of mtr released a new upstream version, noting a non-exploitable buffer overflow in their ChangeLog. Przemyslaw Frasunek, however, found an easy way to exploit this bug, which allows an attacker to gain access to the raw socket, which makes IP spoofing and other malicious network activity possible.

[Update 20 Mar 2002: Added kernel packages for Red Hat Linux 6.2 on sparc64. Updated VNC packages as the previous fix caused another denial of service vulnerability; thanks to Const Kaplinsky for reporting this] [Update 14 Mar 2002: Updated kernel packages for Red Hat Linux 6.2 and 7.0 which were missing the zlib fix; added missing kernel-headers package for 6.

Updated PHP packages are available to fix vulnerabilities in the functions that parse multipart MIME data, which are used when uploading files through forms. This revised advisory contains updated packages for Red Hat Linux 7, 7.1, and 7.

Updated imlib packages are now available for Red Hat Linux 6.2, 7, 7.1 and 7.2 which fix potential problems loading untrusted images.

A problem was discovered with the default configuration of the kdm display manager in Mandrake Linux.

Janusz Niewiadomski and Wojciech Purczynski reported a buffer overflow in the address_match of listar (a listserv style mailing-list manager).

[Update 14 Mar 2002: Updated kernel packages for Red Hat Linux 6.2 and 7.0 which were missing the zlib fix; added missing kernel-headers package for 6.

Updated cups packages which fix a security problem are available.

Ethan Benson discovered a bug in rsync where the supplementary groups that the rsync daemon runs as (such as root) would not be removed from the server process after changing to the specified unprivileged uid and gid. This seems only serious if rsync is called using "rsync --daemon" from the command line where it will inherit the group of the user starting the server (usually root). Note that, by default, Mandrake Linux uses xinetd to handle connections to the rsync daemon. This was fixed upstream in version 2.5.3, as well as the previously noted zlib fixes (see MDKSA-2002:023). The authors released 2.5.4 with some additional zlib fixes, and all users are encouraged to upgrade to this new version of rsync.

Matthias Clasen found a security issue in zlib that, when provided with certain input, causes zlib to free an area of memory twice.

Updated secureweb packages are now available for Red Hat Secure Web Server 3.2 (U.S.). These updates close a buffer overflow in mod_ssl.

Matthias Clasen found a security issue in zlib that, when provided with certain input, causes zlib to free an area of memory twice.

Matthias Clasen found a security issue in zlib that, when provided with certain input, causes zlib to free an area of memory twice. This "double free" bug can be used to crash any programs that take untrusted compressed input, such as web browsers, email clients, image viewing software, etc. This vulnerability can be used to perform Denial of Service attacks and, quite possibly, the execution of arbitrary code on the affected system. MandrakeSoft has published two advisories concerning this incident: MDKSA-2002:022 - zlib MDKSA-2002:023 - packages containing zlib The second advisory contains additional packages that bring their own copies of the zlib source, and as such need to be fixed and rebuilt. Updating the zlib library is sufficient to protect those programs that use the system zlib, but the packages as noted in MDKSA-2002:023 will need to be updated for those packages that do not use the system zlib.

New cvs packages are available to fix security problems.

New rsync packages are available to fix security problems.

New zlib packages are available to fix a security problem which may impact programs that link with zlib.