Showing headlines posted by dave

« Previous ( 1 ... 577 578 579 580 581 582 583 584 585 586 587 ... 595 ) Next »

Debian alert: New version of ntp released

  • Mailing list (Posted by dave on Apr 9, 2001 2:59 PM EDT)
  • Story Type: Security; Groups: Debian
Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL> reported that ntp daemons such as that released with Debian GNU/Linux are vulnerable to a buffer overflow that can lead to a remote root exploit. A previous advisory (DSA-045-1) partially addressed this issue, but introduced a potential denial of service attack. This has been corrected for Debian 2.2 (potato) in ntp version 4.0.99g-2potato2.

SuSE alert: xntp

  • Mailing list (Posted by dave on Apr 9, 2001 12:36 PM EDT)
  • Story Type: Security; Groups: SUSE
xntp is the network time protocol package widely used with many unix and linux systems for system time synchronization over a network. An exploit published by Przemyslaw Frasunek demonstrates a buffer overflow in the control request parsing code. The exploit allows a remote attacker to execute arbitrary commands as root. All versions as shipped with SuSE Linux are affected by the buffer overflow problem.

Slackware alert: buffer overflow fix for NTP

The version of xntp3 that shipped with Slackware 7.1 as well as the version that was in Slackware -current contains a buffer overflow bug that could lead to a root compromise. Slackware 7.1 and Slackware -current users are urged to upgrade to the new packages available for their release.

Red Hat alert: Network Time Daemon (ntpd) has potential remote root exploit

  • Mailing list (Posted by dave on Apr 8, 2001 1:25 PM EDT)
  • Story Type: Security; Groups: Red Hat
The Network Time Daemon (ntpd) supplied with all releases of Red Hat Linux is vulnerable to a buffer overflow, allowing a remote attacker to potentially gain root level access to a machine. All users of ntpd are strongly encouraged to upgrade.

Debian alert: ntp remote root exploit fixed

  • Mailing list (Posted by dave on Apr 5, 2001 6:48 AM EDT)
  • Story Type: Security; Groups: Debian
Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL> reported that ntp daemons such as that released with Debian GNU/Linux are vulnerable to a buffer overflow that can lead to a remote root exploit. This has been corrected for Debian 2.2 (potato) in ntp version 4.0.99g-2potato1.

Red Hat alert: Updated openssh packages available

  • Mailing list (Posted by dave on Apr 2, 2001 12:59 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated openssh packages are now available for Red Hat Linux 7. These packages fix an error in the supplied init script and PAM configuration file.

SuSE alert: joe

  • Mailing list (Posted by dave on Mar 28, 2001 1:28 AM EDT)
  • Story Type: Security; Groups: SUSE
A bug in joe(1), a userfriendly text editor, was found by Christer Öberg of Wkit Security AB a few weeks ago. After starting joe(1) it tries to open its configuration file joerc in the current directory, the users home directory and some other locations. joe(1) doesn't check the ownership of joerc when trying the current directory. An attacker could place a malicious joerc file in a public writeable directory, like /tmp, to execute commands with the privilege of any user (including root), which runs joe while being in this directory.

SuSE alert: eperl

  • Mailing list (Posted by dave on Mar 28, 2001 1:27 AM EDT)
  • Story Type: Security; Groups: SUSE
The ePerl program is a interpreter for the Embedded Perl 5 Language. It's main purpose is to serve as Webserver scripting language for dynamic HTML page programming. Besides this it could also serve as a standalone Unix filter. Fumitoshi Ukai and Denis Barbier have found several potential buffer overflows, which could lead to local privilege escalation if installed setuid (note: it's not installed setuid per default) or to remote compromise.

Red Hat alert: Updated Kerberos 5 and pam_krb5 packages available

  • Mailing list (Posted by dave on Mar 27, 2001 11:24 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Kerberos 5 packages are now available for Red Hat Linux 6 and 7. These packages fix a vulnerability in the handling of Kerberos IV ticket files. Updated pam_krb5 packages are now available for Red Hat Linux 7.

Red Hat alert: Updated openssh packages available

  • Mailing list (Posted by dave on Mar 27, 2001 11:24 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated openssh packages are now available for Red Hat Linux 7. These packages reduce the amount of information a passive attacker can deduce from observing an encrypted session.

SuSE alert: nkitb/nkitserv

  • Mailing list (Posted by dave on Mar 23, 2001 12:39 AM EDT)
  • Story Type: Security; Groups: SUSE
Two parts of the nkitb/nkitserv package are vulnerable to security related bugs. in.ftpd(8): A one-byte bufferoverflow was discovered in the OpenBSD port of the FTP daemon in.ftpd(8) several weeks ago. This bug could just be triggered by authenticated users, which have write access. This bug is believed to not be exploitable under Linux. However, we prefer to provide a fixed update package to make sure that the daemon is on the safe side. in.ftpd(8) will be invoked by inetd(8) and is activated by default.

SuSE alert: pop

  • Mailing list (Posted by dave on Mar 22, 2001 10:48 AM EDT)
  • Story Type: Security; Groups: SUSE
The eMail access daemons imapd(8), ipop2d(8) and ipop3d(8) of SuSE 6.1 are vulnerable to several buffer overflows. Due to a misconfiguration these vulnerbilities could be triggered remotely after a user had been authenticated.

SuSE alert: nkitb/nkitserv

  • Mailing list (Posted by dave on Mar 22, 2001 9:50 AM EDT)
  • Story Type: Security; Groups: SUSE
Two parts of the nkitb/nkitserv package are vulnerable to security related bugs. in.ftpd(8): A one-byte bufferoverflow was discovered in the OpenBSD port of the FTP daemon in.ftpd(8) several weeks ago. This bug could just be triggered by authenticated users, which have write access. This bug is believed to not be exploitable under Linux. However, we prefer to provide a fixed update package to make sure that the daemon is on the safe side. in.ftpd(8) will be invoked by inetd(8) and is activated by default.

SuSE alert: impad

  • Mailing list (Posted by dave on Mar 22, 2001 7:35 AM EDT)
  • Story Type: Security; Groups: SUSE
The eMail access daemons impad(8), ipop2d(8) and ipop3d(8) of SuSE 6.1 are vulnerable to several buffer overflows. Due to a misconfiguration these vulnerbilities could be triggered remotely after a user had been authenticated.

Red Hat alert: Updated licq packages fixing security problems available

  • Mailing list (Posted by dave on Mar 22, 2001 4:15 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Red Hat Powertools 6.2 packages fixing two security problems in licq are available.

Red Hat alert: Updated vim packages available

  • Mailing list (Posted by dave on Mar 21, 2001 2:53 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated vim packages fixing a security problem are available.

Red Hat alert: Updated licq packages fixing security problems available

  • Mailing list (Posted by dave on Mar 21, 2001 2:49 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Red Hat Linux 7 packages fixing two security problems in licq are available.

Red Hat alert: Updated sudo packages fixing buffer overrun available

  • Mailing list (Posted by dave on Mar 21, 2001 2:31 PM EDT)
  • Story Type: Security; Groups: Red Hat
An overrunnable buffer exists in sudo versions prior to 1.6.3p6

Red Hat alert: rpm-4.0.2 for all Red Hat platforms and releases.

  • Mailing list (Posted by dave on Mar 19, 2001 10:25 AM EDT)
  • Story Type: Security; Groups: Red Hat
A common version of rpm for all Red Hat distributions is being released. This version of rpm understands legacy version 3 packaging used in Red Hat 6.x/5.x distributions as well as version 4 packaging used in Red Hat 7.x. In addition, rpm-4.0.2 has support for both the legacy db1 format used in Red Hat 6.x/5.x databases as well as support for the db3 format database used in Red Hat 7.x

Red Hat alert: Updated sgml-tools packages fix insecure temporary file handling

  • Mailing list (Posted by dave on Mar 14, 2001 1:44 PM EDT)
  • Story Type: Security; Groups: Red Hat
Insecure handling of temporary file permissions could lead to other users on a multi-user system being able to read the documents being converted.

« Previous ( 1 ... 577 578 579 580 581 582 583 584 585 586 587 ... 595 ) Next »