Showing all newswire headlines

Tonight we had a quick chat with YellowTAB's Bernd Korz over the Zeta OS. The German engineer, manager and spokesperson of YellowTAB is speaking of the release date, the changing goals of Zeta and more. Read more for the interesting transcript.

Updated gtkhtml packages that fix a null pointer dereference are now available.

Upgraded inetd packages are available for Slackware 8.1, 9.0 and - -current. These fix a previously hard-coded limit of 256 connections-per-minute, after which the given service is disabled for ten minutes. An attacker could use a quick burst of connections every ten minutes to effectively disable a service.

Nicolas Boullis discovered two vulnerabilities in mah-jong, a network-enabled game.

A buffer overflow exists in exim, which is the standard mail transport agent in Debian. By supplying a specially crafted HELO or EHLO command, an attacker could cause a constant string to be written past the end of a buffer allocated on the heap. This vulnerability is not believed at this time to be exploitable to execute arbitrary code.

wu-ftpd, an FTP server, implements a feature whereby multiple files can be fetched in the form of a dynamically constructed archive file, such as a tar archive. The names of the files to be included are passed as command line arguments to tar, without protection against them being interpreted as command-line options. GNU tar supports several command line options which can be abused, by means of this vulnerability, to execute arbitrary programs with the privileges of the wu-ftpd process.

A buffer overflow exists in exim, which is the standard mail transport agent in Debian. By supplying a specially crafted HELO or EHLO command, an attacker could cause a constant string to be written past the end of a buffer allocated on the heap. This vulnerability is not believed at this time to be exploitable to execute arbitrary code.

Updated httpd packages that fix several minor security issues are now available for Red Hat Linux 8.0 and 9.

The PAM module (and server) pam_smb allows users of Linux systems to be authenticated by querying an NT server. Dave Airlie <airlied@samba.org> informed us about a bug in the authentication code of pam_smb that allows a remote attacker to gain access to a system using pam_smb by issuing a too long password string.

A bug was fixed in pam_ldap 162 with the pam_filter mechanism which is commonly used for host-based access restriction in environments using LDAP for authentication. Mandrake Linux 9.1 provided pam_ldap 161 which had this problem and as a result, systems relying on pam_filter for host-based access restriction would allow any user, regardless of the host attribute associated with their account, to log into the system. All users who use LDAP-based authentication are encouraged to upgrade immediately.

You will find simple, brief, valuable and centralized information about everything Mozilla: the main project, independent projects running here and there to extend Mozilla products' capabilities, tips for people starting with these products and not so starters and a chance for everybody to let his/her voice be counted on our monthly polls.

New versions of the up2date and rhn_register clients are available and are required for continued access to Red Hat Network.

Morgan alias SM6TKY discovered and fixed several security related problems in LinuxNode, an Amateur Packet Radio Node program. The buffer overflow he discovered can be used to gain unauthorised root access and can be remotely triggered.

A buffer overflow was discovered in gkrellmd, the server component of the gkrellm monitor package, in versions of gkrellm 2.1.x prior to 2.1.14. This buffer overflow occurs while reading data from connected gkrellm clients and can lead to possible arbitrary code execution as the user running the gkrellmd server.

Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes:

Updated Sendmail packages are available to fix a vulnerability in the handling of DNS maps.

The well known and widely used MTA sendmail is vulnerable to a remote denial-of-service attack in version 8.12.8 and earlier (but not before 8.12). The bug exists in the DNS map code. This feature is enabled by specifying FEATURE(`enhdnsbl'). When sendmail receives an invalid DNS response it tries to call free(3) on random data which results in a process crash.

libpam-smb is a PAM authentication module which makes it possible to authenticate users against a password database managed by Samba or a Microsoft Windows server. If a long password is supplied, this can cause a buffer overflow which could be exploited to execute arbitrary code with the privileges of the process which invokes PAM services.

Updated pam_smb packages are now available which fix a security vulnerability (buffer overflow).

A vulnerability was discovered in all 8.12.x versions of sendmail up to and including 8.12.8. Due to wrong initialization of RESOURCE_RECORD_T structures, if sendmail receives a bad DNS reply it will call free() on random addresses which usually causes sendmail to crash.