Showing headlines posted by dave

The fml (a mailing list package) as distributed in Debian GNU/Linux 2.2 suffers from a cross-site scripting problem. When generating index pages for list archives the `<' and `>' characters were not properly escaped for subjects.

Updated OpenSSH packages are now available for Red Hat Linux 7, 7.1, and 7.

Updated Apache packages are now available for Red Hat Linux 6.2, 7, 7.1, and 7.

The OpenSSH daemon shipped with SuSE distributions contains various minor bugs which allows bypassing of IP-access control in some circumstances or the deletion of files named "cookies" if X11 forwarding is enabled. It has also been verified that the recent remotely exploitable crc32 bug as well as the logging-bug has been fixed in our latest ssh packages. We strongly recommend to update to OpenSSH version 2.9.9p2. Please download and update the packages as described in section 3. Then invoke

CORE ST reports that an exploit has been found for a bug in the wu-ftpd glob code (this is the code that handles filename wildcard expansion). Any logged in user (including anonymous ftp users) can exploit the bug to gain root privilege on the server.

Updated OpenSSH packages are now available for Red Hat Linux 7, 7.1, and 7.

Updated Cyrus-SASL packages are now available for Red Hat Linux 7, 7.1, and 7.

Updated Cyrus-SASL packages are now available for Red Hat Power Tools 6.

The wuftpd package as shipped with SuSE Linux distributions comes with two versions of wuftpd: wuftpd-2.4.2, installed as /usr/sbin/wuftpd, and wuftpd-2.6.0, installed as /usr/sbin/wuftpd-2.6. The admin decides which version to use by the inetd/xinetd configuration.

Updated postfix packages are now availble that will fix a possible denial of service attack.

Updated wu-ftpd packages are available to fix an overflowable buffer.

The Cyrus SASL library provides an authentication API for mail clients and servers. A format bug was found in one of the logging functions, that could be used by an attacker to gain access to a machine or to acquire higher privileges.

The susehelp package contains several CGI-scripts to provide a flexible help-system to the user. Some of these scripts open files in an insecure manner, thus allowing remote attackers to execute arbitrary commands as wwwrun-user on the server running susehelp package. These bugs have been fixed in the newly available packages. Please update your susehelp package immediately if present on your system.

We have received reports that the "SSH CRC-32 compensation attack detector vulnerability" is being actively exploited. This is the same integer type error previously corrected for OpenSSH in DSA-027-1. OpenSSH (the Debian ssh package) was fixed at that time, but ssh-nonfree and ssh-socks were not.

Due to the kernel used in the Red Hat Linux 7.1 Korean installation program, some files are written by the installation program with the wrong permissions. It is recommended that all users of the Red Hat Linux 7.1 Korean installation program use the update disk image. If users have already installed, they should check their systems and fix the permissions on the affected files. They can do this by installing the updated redhat-release package.

The lpd printing daemon provided by the lpr package posses a remotely exploitable hole.

A new version of iptables fixing various minor security problems and some other bugs is available.

Updated ht://dig packages fix a DOS attack and a potential (yet unlikely) security problem.

An input validation error in the debugging functionality of all currently released versions of sendmail can enable a local user to gain root access. New packages that fix this problem are available for Red Hat Linux 5.2, 6.2, 7.0, and 7.1.

The webalizer is a widely used tool for analyzing web server logs and produce statistics in HTML format. An exploitable bug was found in webalizer which allows a remote attacker to execute commands on other client machines or revealing sensitive information by placing HTML tags in the right place. This is possible due to missing sanity checks on untrusted data - hostnames and search keywords in this case - that are received by webalizer. This kind of attack is also known as "Cross-Site Scripting Vulnerability". Additionally the untrusted data will be written to files on the server running webalizer; this may lead to further problems when using this data as input for third-party software/scripts.