Showing headlines posted by dave

« Previous ( 1 ... 565 566 567 568 569 570 571 572 573 574 575 ... 595 ) Next »

Red Hat alert: Updated at package available

  • Mailing list (Posted by dave on Jan 23, 2002 6:39 AM EDT)
  • Story Type: Security; Groups: Red Hat
This updated at package fixes two minor problems and one major problem where the environment can get wiped out prior to the execution of a scheduled command. For versions of Red Hat Linux prior to 7.2, this package also fixes a potential security vulnerability which can result in heap corruption (Red Hat Linux 7.2 is not vulnerable to this security exploit).

Mandrake alert: jmcce update

A problem exists in the jmcce program that is used for Chinese text on the console. jmcce is installed setuid root and places log files in /tmp; because jmcce does not perform suitable checking on the files it writes to and because it uses a predictable logfile name, an attacker could exploit this to arbitrarily overwrite any file on the system.

Slackware alert: Security updates: at, sudo, xchat

New packages are now available to address security issues with the at scheduler program (found in Slackware 8.0's bin.tgz package), sudo, and xchat.

Debian alert: updated i386 icecast-server package

  • Mailing list (Posted by dave on Jan 21, 2002 11:27 AM EDT)
  • Story Type: Security; Groups: Debian
In Debian Security Advisory DSA-089-1 we reported that icecast-server has several security problems. For details please see that advisory.

Debian alert: enscript creates temporary files insecurely

  • Mailing list (Posted by dave on Jan 20, 2002 3:07 PM EDT)
  • Story Type: Security; Groups: Debian
The version of enscript (a tool to convert ASCII text to different formats) has been found to create temporary files insecurely.

Mandrake alert: at update

zen-parse discovered a problem in the at command containing an extra call to free() which can lead to a segfault with a carefully crafted, but incorrect, format. This is caused due to a heap corruption that can be exploited under certain circumstances because the at command is installed setuid root. Thanks to SuSE for an additional security improvement that ads the O_EXCL (exclusive) option to the open(2) system call inside the at code.

Red Hat alert: Updated enscript packages fix temporary file handling vulnerabilities

  • Mailing list (Posted by dave on Jan 18, 2002 9:14 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated enscript packages that fix insecure handling of temporary files are available.

Debian alert: New at packages really fix heap corruption vulnerability

  • Mailing list (Posted by dave on Jan 18, 2002 3:50 AM EDT)
  • Story Type: Security; Groups: Debian
Basically, this is the same Security Advisory as DSA 102-1, except that the uploaded binary packages really fix the problem this time. Unfortunately the bugfix from DSA 102-1 wasn't propagated properly due to a packaging bug. While the file parsetime.y was fixed, and yy.tab.c should be generated from it, yy.tab.c from the original source was still used. This has been fixed now.

Mandrake alert: xchat update

zen-parse discovered a problem in versions 1.4.2 and 1.4.3 of xchat that could allow a malicious user to send commands to the IRC server they are on which would take advantage of the CTCP PING reply handler in xchat. This could be used for denial of service, channel takeovers, and other similar attacks. The problem exists in 1.6 and 1.8 versions, however it is controlled by the "percascii" variable which defaults to 0. It "percascii" is set to 1, the problem is exploitable. This vulnerability has been fixed upstream in version 1.8.7.

Mandrake alert: proftpd update

Matthew S. Hallacy discovered that ProFTPD was not forward resolving reverse-resolved hostnames. A remote attacker could exploit this to bypass ProFTPD access controls or have false information logged. Frank Denis discovered that a remote attacker could send malicious commands to the ProFTPD server and it would force the process to consume all CPU and memory resources available to it. This DoS vulnerability could bring the server down with repeated attacks. Finally, Mattias found a segmentation fault problem that is considered by the developers to be unexploitable.

Mandrake alert: mutt update

Joost Pol reported a remotely exploitable buffer overflow in the mutt email client. It is recommended that all mutt users upgrade their packages immediately. Update: The previous packages released for 8.x were unable to recall postponed messages due to an incorrect patch. These new packages also provide the compressed folders patch that was unavailable when MDKSA-2002:002 was announced.

Red Hat alert: The uuxqt utility can be used to execute arbitrary commands as uucp.uucp

  • Mailing list (Posted by dave on Jan 17, 2002 10:14 AM EDT)
  • Story Type: Security; Groups: Red Hat
uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain uid and gid uucp privileges by calling uux and specifying an alternate configuration file with the --config option.

Mandrake alert: stunnel update

All versions of stunnel from 3.15 to 3.21c are vulnerable to format string bugs in the functions which implement smtp, pop, and nntp client negotiations. Using stunnel with the "-n service" option and the "-c" client mode option, a malicious server could use the format sting vulnerability to run arbitrary code as the owner of the current stunnel process. Version 3.22 is not vulnerable to this bug.

SuSE alert: at

  • Mailing list (Posted by dave on Jan 16, 2002 6:40 AM EDT)
  • Story Type: Security; Groups: SUSE
The 'at' command reads commands from standard input for execution at a later time specified on the command line. If such an execution time is given in a carefully drafted (but wrong) format, the at command may crash as a result of a surplus call to free(). The cause of the crash is a heap corruption that is exploitable under certain circumstances since the /usr/bin/at command is installed setuid root.

Debian alert: New at packages fix heap corruption vulnerability

  • Mailing list (Posted by dave on Jan 16, 2002 1:39 AM EDT)
  • Story Type: Security; Groups: Debian
zen-parse found a bug in the current implementation of at which leads into a heap corruption vulnerability which in turn could potentially lead into an exploit of the daemon user.

Mandrake alert: sudo update

The SuSE Security Team discovered a vulnerability in sudo that can be exploited to obtain root privilege because sudo is installed setuid root. An attacker could trick sudo to log failed sudo calls executing the sendmail (or equivalent mailer) program with root privileges and an environment that is not completely clean. This problem has been fixed upstream by the author in sudo 1.6.4 and it is highly recommended that all users upgrade regardless of what mailer you are using.

Red Hat alert: Updated xchat packages are available

  • Mailing list (Posted by dave on Jan 15, 2002 7:08 AM EDT)
  • Story Type: Security; Groups: Red Hat
Versions of xchat prior to version 1.8.7 contain a vulnerability which allows an attacker to cause a vulnerable client to execute arbitrary IRC server commands as if the vulnerable user had typed them. This security erratum updates xchat to version 1.8.7, which is not vulnerable to this attack.

Red Hat alert: Updated pine packages are available

  • Mailing list (Posted by dave on Jan 15, 2002 7:01 AM EDT)
  • Story Type: Security; Groups: Red Hat
Pine (version 4.43 and earlier) as released with all currently supported versions of Red Hat Linux (6.2, 7, 7.1, 7.2), contains a URL handling bug. This bug can allow a malicious attacker to cause arbitrary commands embedded in a URL to be executed on the users system upon attempting to view the URL.

Red Hat alert: Updated sudo package is available

  • Mailing list (Posted by dave on Jan 14, 2002 11:55 PM EDT)
  • Story Type: Security; Groups: Red Hat
This updated sudo package fixes a potential local root exploit.

Red Hat alert: Updated bugzilla packages available

  • Mailing list (Posted by dave on Jan 14, 2002 11:55 PM EDT)
  • Story Type: Security; Groups: Red Hat
A number of security-related bugs have been found in Bugzilla version

« Previous ( 1 ... 565 566 567 568 569 570 571 572 573 574 575 ... 595 ) Next »