Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7369 7370 7371 7372 7373 7374 7375 7376 7377 7378 7379 ... 7440 ) Next »
Red Hat alert: Updated 2.4 kernel fixes vulnerabilities
Updated kernel packages are now available fixing several security
vulnerabilities.
Mandrake alert: Updated nfs-utils packages fix buffer overflow
An off-by-one buffer overflow was found in the logging code in nfs-utils when adding a newline to the string being logged. This could allow an attacker to execute arbitrary code or cause a DoS (Denial of Service) on the server by sending certain RPC requests.
Mandrake alert: Updated apache2 packages fix multiple vulnerabilities
Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes:
Mandrake alert: Updated kernel packages fix multiple vulnerabilities
Multiple vulnerabilities were discovered and fixed in the Linux kernel.
Red Hat alert: Updated Xpdf packages fix security vulnerability.
Updated Xpdf packages are available that fix a vulnerability where a
malicious PDF document could run arbitrary code.
[Updated 16 July 2003]
Updated packages are now available, as the original errata packages did not
fix all possible ways of exploiting this vulnerability.
Debian alert: New php4 packages fix cross-site scripting vulnerability
The transparent session ID feature in the php4 package does not
properly escape user-supplied input before inserting it into the
generated HTML page. An attacker could use this vulnerability to
execute embedded scripts within the context of the generated page.
Mandrake alert: Updated kernel packages fix multiple vulnerabilities
Multiple vulnerabilities were discovered and fixed in the Linux kernel.
Slackware alert: nfs-utils packages replaced (SSA:2003-195-01b)
New nfs-utils packages are available for Slackware 8.1, 9.0, and -current
to replace the ones that were issued yesterday. A bug in has been fixed
in utils/mountd/auth.c that could cause mountd to crash.
Debian alert: New falconseye packages fix buffer overflow
The falconseye package is vulnerable to a buffer overflow exploited
via a long '-s' command line option. This vulnerability could be used
by an attacker to gain gid 'games' on a system where falconseye is
installed.
SuSE alert: nfs-utils
The nfs-utils package contains various programs to offer and manage certain RPC services such as the rpc.mountd. iSEC Security Research has reported an off-by-one bug in the xlog() function used by the rpc.mountd. It is possible for remote attackers to use this off-by-one overflow to execute arbitrary code as root. Some of the products listed above seem not vulnerable to this one byte overflow due to the stack alignment generated by the compiler during the build. Nevertheless, since there is no easy workaround except shutting down the RPC services, an update is strongly recommended for every product listed above.
Red Hat alert: Updated Mozilla packages fix security vulnerability
Updated Mozilla packages fixing various bugs and security issues are now
available.
Slackware alert: nfs-utils off-by-one overflow fixed
New nfs-utils packages are available for Slackware 8.1, 9.0, and -current
to fix an off-by-one buffer overflow in xlog.c. Thanks to Janusz
Niewiadomski for discovering and reporting this problem.
Debian alert: New nfs-utils package fixes buffer overflow
The logging code in nfs-utils contains an off-by-one buffer overrun
when adding a newline to the string being logged. This vulnerability
may allow an attacker to execute arbitrary code or cause a denial of
service condition by sending certain RPC requests.
Red Hat alert: Updated nfs-utils packages fix denial of service vulnerability
Updated nfs-utils packages are available that fix a remotely exploitable
Denial of Service vulnerability.
Debian alert: New traceroute-nanog packages fix integer overflow
traceroute-nanog, an enhanced version of the common traceroute
program, contains an integer overflow bug which could be exploited to
execute arbitrary code. traceroute-nanog is setuid root, but drops
root privileges immediately after obtaining raw ICMP and raw IP
sockets. Thus, exploitation of this bug provides only access to these
sockets, and not root privileges.
Debian alert: New teapop packages fix SQL injection
teapop, a POP-3 server, includes modules for authenticating users
against a PostgreSQL or MySQL database. These modules do not properly
escape user-supplied strings before using them in SQL queries. This
vulnerability could be exploited to execute arbitrary SQL under the
privileges of the database user as which teapop has authenticated.
Debian alert: New phpsysinfo packages fix directory traversal
Albert Puigsech Galicia <ripe@7a69ezine.org> reported that phpsysinfo,
a web-based program to display status information about the system,
contains two vulnerabilities which could allow local files to be read,
or arbitrary PHP code to be executed, under the privileges of the web
server process (usually www-data). These vulnerabilities require
access to a writable directory on the system in order to be exploited.
Debian alert: New xbl packages fix buffer overflow
Another buffer overflow was discovered in xbl, distinct from the one
addressed in DSA-327 (CAN-2003-0451), involving the -display command
line option. This vulnerability could be exploited by a local
attacker to gain gid 'games'.
Debian alert: New unzip packages fix directory traversal
A directory traversal vulnerability in UnZip 5.50 allows attackers to
bypass a check for relative pathnames ("../") by placing certain invalid
characters between the two "." characters.
Debian alert: New skk, ddskk packages fix insecure temporary file creation
skk (Simple Kana to Kanji conversion program), does not take
appropriate security precautions when creating temporary files. This
bug could potentially be exploited to overwrite arbitrary files with
the privileges of the user running Emacs and skk.
« Previous ( 1 ... 7369 7370 7371 7372 7373 7374 7375 7376 7377 7378 7379 ... 7440 ) Next »