Showing headlines posted by dave

« Previous ( 1 ... 580 581 582 583 584 585 586 587 588 589 590 ... 595 ) Next »

Debian alert: New version of BIND 8 released

  • Mailing list (Posted by dave on Jan 29, 2001 8:08 AM EDT)
  • Story Type: Security; Groups: Debian
BIND 8 suffered from several buffer overflows. It is possible to construct an inverse query that allows the stack to be read remotely exposing environment variables. CERT has disclosed information about these issues. A new upstream version fixes this. Due to the complexity of BIND we have decided to make an exception to our rule by releasin the new upstream source to our stable distribution.

Slackware alert: multiple vulnerabilities in bind 8.x

Multiple vulnerabilities exist in the versions of BIND found in Slackware 7.1 and -current. Users of BIND 8.x are urged to upgrade to 8.2.3 to fix these problems. More information can be found on the BIND website:

Debian alert: New sparc packages of OpenSSH released

  • Mailing list (Posted by dave on Jan 28, 2001 9:32 AM EDT)
  • Story Type: Security; Groups: Debian
A former security upload of OpenSSH was linked against the wrong version of libssl (providing an API to SSL), that version was not available on sparc. This ought to fix a former upload that lacked support for PAM which lead into people not being able to log in into their server. This was only a problem on the sparc architecture.

Debian alert: New sparc packages of OpenSSH released

  • Mailing list (Posted by dave on Jan 28, 2001 2:39 AM EDT)
  • Story Type: Security; Groups: Debian
A former security upload of OpenSSH lacked support for PAM which lead into people not being able to log in into their server. This was only a problem on the sparc architecture.

Debian alert: New version of cron released

  • Mailing list (Posted by dave on Jan 27, 2001 1:49 PM EDT)
  • Story Type: Security; Groups: Debian
The FreeBSD team has found a bug in the way new crontabs were handled which allowed malicious users to display arbitrary crontab files on the local system. This only affects valid crontab files so can't be used to get access to /etc/shadow or something. crontab files are not especially secure anyway, as there are other ways they can leak. No passwords or similar sensitive data should be in there.

Debian alert: New version of inn2 released

  • Mailing list (Posted by dave on Jan 27, 2001 2:07 AM EDT)
  • Story Type: Security; Groups: Debian
1. People at WireX have found several potential insecure uses of temporary files in programs provided by INN2. Some of them only lead to a vulnerability to symlink attacks if the temporary directory was set to /tmp or /var/tmp, which is the case in many installations, at least in Debian packages. An attacker could overwrite any file owned by the news system administrator, i.e. owned by news.news.

Debian alert: New version of exmh released

  • Mailing list (Posted by dave on Jan 26, 2001 7:27 AM EDT)
  • Story Type: Security; Groups: Debian
Former versions of the exmh program used /tmp for storing temporary files. No checks were made to ensure that nobody placed a symlink with the same name in /tmp in the meantime and thus was vulnerable to a symlink attack. This could lead to a malicious local user being able to overwrite any file writable by the user executing exmh. Upstream developers have reported and fixed this. The exmh program now use /tmp/login now unless TMPDIR or EXMHTMPDIR is set.

SuSE alert: shlibs/glibc

  • Mailing list (Posted by dave on Jan 26, 2001 5:45 AM EDT)
  • Story Type: Security; Groups: SUSE
ld-linux.so.2, the dynamical linker, adds shared libraries to the memoryspace of a program to be started. Its flexibility allows for some environment variables to influence the linking process such as preloading shared libraries as well as defining the path in which the linker will search for the shared libraries. Special care must be exercised when runtime-linking setuid- or setgid-binaries: The runtime-linker must not link against user-specified libraries since the code therein would then run with the elevated privileges of the suid binary. The runtime-linker as used in the SuSE distributions ignores the content of the critical environment variables if the specified path begins with a slash ("/"), or if the library file name is not cached (eg it is contained in a path from /etc/ld.so.conf). However, Solar Designer has found out that even preloading glibc- native shared libraries can be dangerous: The code in the user-linked library is not aware of the fact that the binary runs with suid or sgid privileges. Using debugging features of the glibc (and possibly other features) it is possible for a local attacker to overwrite arbitrary files with the elevated privileges of the suid/sgid binary executed. This may lead to a local root compromise.

Debian alert: New version of Apache released

  • Mailing list (Posted by dave on Jan 25, 2001 11:34 PM EDT)
  • Story Type: Security; Groups: Debian
WireX have found some occurrences of insecure opening of temporary files in htdigest and htpasswd. Both programs are not installed setuid or setgid and thus the impact should be minimal. The Apache group has released another security bugfix which fixes a vulnerability in mod_rewrite which may result the remote attacker to access arbitrary files on the web server.

Debian alert: New versions of PHP4 released

  • Mailing list (Posted by dave on Jan 25, 2001 7:50 AM EDT)
  • Story Type: Security; Groups: Debian
The Zend people have found a vulnerability in older versions of PHP4 (the original advisory speaks of 4.0.4 while the bugs are present in 4.0.3 as well). It is possible to specify PHP directives on a per-directory basis which leads to a remote attacker crafting an HTTP request that would cause the next page to be served with the wrong values for these directives. Also even if PHP is installed, it can be activated and deactivated on a per-directory or per-virtual host basis using the "engine=on" or "engine=off" directive. This setting can be leaked to other virtual hosts on the same machine, effectively disabling PHP for those hosts and resulting in PHP source code being sent to the client instead of being executed on the server.

Debian alert: New version of squid released

  • Mailing list (Posted by dave on Jan 25, 2001 7:50 AM EDT)
  • Story Type: Security; Groups: Debian
WireX discovered a potential temporary file race condition in the way that squid sends out email messages notifying the administrator about updating the program. This could lead to arbitrary files to get overwritten. However the code would only be executed if running a very bleeding edge release of squid, running a server whose time is set some number of months in the past and squid is crashing. Read it as hardly to exploit. This version also containes more upstream bugfixes wrt. dots in hostnames and unproper HTML quoting.

Red Hat alert: New micq packages are available

  • Mailing list (Posted by dave on Jan 25, 2001 6:46 AM EDT)
  • Story Type: Security; Groups: Red Hat
New micq packages are available which fix a buffer overflow vulnerability.

Red Hat alert: Updated PHP packages available for Red Hat Linux 5.2, 6.x, and 7

  • Mailing list (Posted by dave on Jan 24, 2001 11:11 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated PHP packages are now available for Red Hat Linux 5.2, 6.x, and 7.

Red Hat alert: String format vulnerability in icecast

  • Mailing list (Posted by dave on Jan 24, 2001 9:17 AM EDT)
  • Story Type: Security; Groups: Red Hat
A remote vulnerablity allows execution of arbitrary code.

Debian alert: Correction: New version of wu-ftpd released

  • Mailing list (Posted by dave on Jan 23, 2001 10:15 PM EDT)
  • Story Type: Security; Groups: Debian
Security people at WireX have noticed a temp file creation bug and the WU-FTPD development team has found a possible format string bug in wu-ftpd. Both could be remotely exploited, though no such exploit exists currently.

Debian alert: Correction: New version of wu-ftpd released

  • Mailing list (Posted by dave on Jan 23, 2001 1:56 PM EDT)
  • Story Type: Security; Groups: Debian
Security people at WireX have noticed a temp file creation bug and the WU-FTPD development team has found a possible format string bug in wu-ftpd. Both could be remotely exploited, though no such exploit exists currently.

Debian alert: New version of tinyproxy released

  • Mailing list (Posted by dave on Jan 23, 2001 12:40 PM EDT)
  • Story Type: Security; Groups: Debian
PkC have found a heap overflow in tinyproxy that could be remotely exploited. An attacker could gain a shell (user nobody) remotely.

Debian alert: Correction: New version of splitvt released

  • Mailing list (Posted by dave on Jan 23, 2001 10:04 AM EDT)
  • Story Type: Security; Groups: Debian
This advisory is only a corrected security advisory for DSA 014-1 since I wasn't careful enough last night and files from an older advisory back from June 2000 slipped through. To keep confusion to a minimum this advisory contains all relevant URLs - and only these.

Red Hat alert: Updated mysql packages available for Red Hat Linux 7

  • Mailing list (Posted by dave on Jan 23, 2001 8:00 AM EDT)
  • Story Type: Security; Groups: Red Hat
The MySQL database that shipped with Red Hat Linux 7 and the updates for it have been reported by the MySQL authors to have security problems.

Debian alert: New version of jazip released

  • Mailing list (Posted by dave on Jan 23, 2001 3:30 AM EDT)
  • Story Type: Security; Groups: Debian
With older versions of jazip a user could gain root access for members of the floppy group to the local machine. The interface doesn't run as root anymore and this very exploit was prevented. The program now also truncates DISPLAY to 256 characters if it is bigger, which closes the buffer overflow (within xforms).

« Previous ( 1 ... 580 581 582 583 584 585 586 587 588 589 590 ... 595 ) Next »