Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7389 7390 7391 7392 7393 7394 7395 7396 7397 7398 7399 ... 7439 ) Next »

Debian alert: New geneweb packages fix information exposure

  • Mailing list (Posted by dave on Jan 7, 2003 6:27 AM EDT)
  • Story Type: Security; Groups: Debian
A security issue has been discovered by Daniel de Rauglaudre, upstream author of geneweb, a genealogical software with web interface. It runs as a daemon on port 2317 by default. Paths are not properly sanitized, so a carefully crafted URL lead geneweb to read and display arbitrary files of the system it runs on.

Red Hat alert: Updated cyrus-sasl packages fix buffer overflows

  • Mailing list (Posted by dave on Jan 7, 2003 12:13 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated cyrus-sasl packages are now available for Red Hat Linux 8.0. These packages close buffer overflows present in Cyrus SASL

Debian alert: New xpdf packages fix arbitrary command execution

  • Mailing list (Posted by dave on Jan 6, 2003 7:22 AM EDT)
  • Story Type: Security; Groups: Debian
iDEFENSE discovered an integer overflow in the pdftops filter from the xpdf package that can be exploited to gain the privileges of the target user. This can lead to gaining privileged access to the 'lp' user if thee pdftops program is part of the print filter.

Red Hat alert: Updated pine packages available

  • Mailing list (Posted by dave on Jan 3, 2003 10:34 AM EDT)
  • Story Type: Security; Groups: Red Hat
A vulnerability in Pine version 4.44 and earlier releases can cause Pine to crash when sent a carefully crafted email.

Debian alert: New mhonarc packages fix cross site scripting

  • Mailing list (Posted by dave on Jan 3, 2003 6:57 AM EDT)
  • Story Type: Security; Groups: Debian
Earl Hood, author of mhonarc, a mail to HTML converter, discovered a cross site scripting vulnerability in this package. A specially crafted HTML mail message can introduce foreign scripting content in archives, by-passing MHonArc's HTML script filtering.

Debian alert: New squirrelmail packages fix cross site scripting problem

  • Mailing list (Posted by dave on Jan 2, 2003 6:03 AM EDT)
  • Story Type: Security; Groups: Debian
A cross site scripting vulnerability has been discovered in squirrelmail, a feature-rich webmail package written in PHP4. Squirrelmail doesn't sanitize user provided variables in all places, leaving it vulnerable to a cross site scripting attack.

SuSE alert: mysql

  • Mailing list (Posted by dave on Jan 2, 2003 5:33 AM EDT)
  • Story Type: Security; Groups: SUSE
Stefan Esser from e-matters reported various bugs in MySQL. Within the MySQL server the password checking and a signedness issue has been fixed. These could lead to a remote compromise of the system running an unpatched MySQL server. In order to exploit this bug, the remote attacker needs a valid MySQL account. Further, a buffer overflow in the mysqlclient library has been reported and fixed. Applications using this library (as commonly used from within PHP scripts) are vulnerable to this attack and could also be compromised by remote attackers.

SuSE alert: cups

  • Mailing list (Posted by dave on Jan 2, 2003 2:29 AM EDT)
  • Story Type: Security; Groups: SUSE
CUPS is a well known and widely used printing system for unix-like systems. iDFENSE reported several security issues with CUPS that can lead to local and remote root compromise. The following list includes all vulnerabilities: - integer overflow in HTTP interface to gain remote access with CUPS privileges - local file race condition to gain root (bug mentioned above has to be exploited first) - remotely add printers - remote denial-of-service attack due to negative length in memcpy() call - integer overflow in image handling code to gain higher privileges - gain local root due to buffer overflow of 'options' buffer - design problem to gain local root (needs added printer, see above) - wrong handling of zero width images can be abused to gain higher privileges - file descriptor leak and denial-of-service due to missing checks of return values of file/socket operations

SuSE alert: fetchmail

  • Mailing list (Posted by dave on Jan 2, 2003 2:29 AM EDT)
  • Story Type: Security; Groups: SUSE
fetchmail is used to download emails from POP-, IMAP-, ETRN- or ODMR- servers. Stefan Esser of e-matters reported a bug in fetchmail's mail address expanding code which can lead to remote system compromise. When fetchmail expands email addresses in mail headers it doesn not allocated enough memory. An attacker can send a malicious formatted mail header to exhaust the memory allocated by fetchmail to overwrite parts of the heap. This can be exploited to execute arbitrary code.

Debian alert: New dhcpcd packages fix remote command execution vulnerability

  • Mailing list (Posted by dave on Dec 31, 2002 4:19 AM EDT)
  • Story Type: Security; Groups: Debian
Simon Kelly discovered a vulnerability in dhcpcd, an RFC2131 and RFC1541 compliant DHCP client daemon, that runs with root privileges on client machines. A malicious administrator of the regular or an untrusted DHCP server may execute any command with root privileges on the DHCP client machine by sending the command enclosed in shell metacharacters in one of the options provided by the DHCP server.

Debian alert: New bugzilla packages fix cross site scripting problem

  • Mailing list (Posted by dave on Dec 30, 2002 5:11 AM EDT)
  • Story Type: Security; Groups: Debian
A cross site scripting vulnerability has been reported for Bugzilla, a web-based bug tracking system. Bugzilla does not properly sanitize any input submitted by users. As a result, it is possible for a remote attacker to create a malicious link containing script code which will be executed in the browser of a legitimate user, in the context of the website running Bugzilla. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software.

Debian alert: New typespeed packages fix buffer overflow

  • Mailing list (Posted by dave on Dec 27, 2002 6:06 AM EDT)
  • Story Type: Security; Groups: Debian
A problem has been discovered in the typespeed, a game that lets you measure your typematic speed. By overflowing a buffer a local attacker could execute arbitrary commands under the group id games.

Debian alert: New fetchmail packages fix buffer overflow

  • Mailing list (Posted by dave on Dec 24, 2002 3:55 AM EDT)
  • Story Type: Security; Groups: Debian
Stefan Esser of e-matters discovered a buffer overflow in fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder. When fetchmail retrieves a mail all headers that contain addresses are searched for local addresses. If a hostname is missing, fetchmail appends it but doesn't reserve enough space for it. This heap overflow can be used by remote attackers to crash it or to execute arbitrary code with the privileges of the user running fetchmail.

Debian alert: New cyrus-imapd packages fix remote command execution

  • Mailing list (Posted by dave on Dec 23, 2002 5:38 AM EDT)
  • Story Type: Security; Groups: Debian
Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server, which could be exploited by a remote attacker prior to logging in. A malicious user could craft a request to run commands on the server under the UID and GID of the cyrus server.

SuSE alert: cyrus-imapd

  • Mailing list (Posted by dave on Dec 20, 2002 9:01 AM EDT)
  • Story Type: Security; Groups: SUSE
The cyrus imapd contains a buffer overflow which could be exploited by remote attackers prior to logging in. Attackers could generate oversized error messages and overflow buffers inside imapd. Additionally to this fix, an overflow in the SASL library (as used by the cyrus imapd) has been fixed. This bug only affects SuSE Linux 8.1, the SuSE Linux Enterprise Server 8 and the SuSE Linux Openexchange Server.

Debian alert: New kdentwork packages fix buffer overflows

  • Mailing list (Posted by dave on Dec 20, 2002 7:02 AM EDT)
  • Story Type: Security; Groups: Debian
Olaf Kirch from SuSE Linux AG discovered another vulnerability in the klisa package, that provides a LAN information service similar to "Network Neighbourhood". The lisa daemon contains a buffer overflow vulnerability which potentially enables any local user, as well any any remote attacker on the LAN who is able to gain control of the LISa port (7741 by default), to obtain root privileges. In addition, a remote attacker potentially may be able to gain access to a victim's account by using an "rlan://" URL in an HTML page or via another KDE application.

Debian alert: New libpng packages fix buffer overflow

  • Mailing list (Posted by dave on Dec 19, 2002 5:44 AM EDT)
  • Story Type: Security; Groups: Debian
Glenn Randers-Pehrson discovered a problem in connection with 16-bit samples from libpng, an interface for reading and writing PNG (Portable Network Graphics) format files. The starting offsets for the loops are calculated incorrectly which causes a buffer overrun beyond the beginning of the row buffer.

Mandrake alert: Updated MySQL packages fix multiple vulnerabilities

Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '

Mandrake alert: Updated apache packages fix multiple vulnerabilities

A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache.

Debian alert: Multiple MySQL vulnerabilities

  • Mailing list (Posted by dave on Dec 17, 2002 2:55 AM EDT)
  • Story Type: Security; Groups: Debian
While performing an audit of MySQL e-matters found several problems:

« Previous ( 1 ... 7389 7390 7391 7392 7393 7394 7395 7396 7397 7398 7399 ... 7439 ) Next »