Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7406 7407 7408 7409 7410 7411 7412 7413 7414 7415 7416 ... 7439 ) Next »
Debian alert: ssh channel bug
Joost Pol <joost@pine.nl> reports that OpenSSH versions 2.0 through 3.0.2
have an off-by-one bug in the channel allocation code. This vulnerability
can be exploited by authenticated users to gain root privilege or by a
malicious server exploiting a client with this bug.
Red Hat alert: Updated openssh packages available
Updated openssh packages are now available for Red Hat Linux 7, 7.1, and
7.2 which close a remotely-exploitable vulnerability in sshd.
Mandrake alert: mod_frontpage update
A problem was found in versions of improved mod_frontpage prior to 1.6.1 regarding a lack of boundary checks in fpexec.c. This means that the suid root binary is exploitable for buffer overflows. This could be exploited by remote attackers to execute arbitrary code on the server with superuser privileges. Although there are no known exploits available, if you use mod_frontpage you are strongly encouraged to upgrade. This update for Mandrake Linux has been completely reworked and is easier to configure and use, as well as supporting the new FrontPage 2002 extensions.
Mandrake alert: mod_ssl update
Ed Moyle discovered a buffer overflow in mod_ssl's session caching mechanisms that use shared memory and dbm. This could potentially be triggered by sending a very long client certificate to the server.
Mandrake alert: openssh update
Joost Pol found a bug in the channel code of all versions of OpenSSH from 2.0 to 3.0.2. This bug can allow authenticated users with an existing account on the vulnerable system to obtain root privilege or by a malicious server attacking a vulnerable client. OpenSSH 3.1 is not vulnerable to this problem. The provided packages fix this vulnerability.
Slackware alert: OpenSSH security problem fixed
New openssh packages are available to fix security problems.
Red Hat alert: Updated mod_ssl packages available
Updated mod_ssl packages for Red Hat Linux 7, 7.1, and
7.2 are available which close a buffer overflow in mod_ssl.
SuSE alert: openssh
Joost Pol discovered an off-by-one bug in a routine in the openssh code for checking channel IDs. This bug can be exploited on the remote side by an already authenticated user, qualifying this bug as a local security vulnerability, and on the local side if a malicious server attacks the connected client, qualifying this bug as a remote vulnerability. If the error is being exploited, it leads to arbitrary code execution in the process under attack (either a local ssh client, attacking the userID of the client user, or a remote secure shell daemon that has an authenticated user session running, attacking the root account of the remote system). Please note that the possible attack scenario is different from the usual attack scheme because "local vulnerability" refers to the remote side and vice versa.
Debian alert: New xsane packages fix insecure temporary files
Tim Waugh found several insecure uses of temporary files in the xsane
program, which is used for scanning. This was fixed for Debian/stable
by moving those files into a securely created directory within the
/tmp directory.
Debian alert: New CVS packages fix potential security problems
Kim Nielsen recently found an internal problem with the CVS server and
reported it to the vuln-dev mailing list. The problem is triggered by
an improperly initialized global variable. A user exploiting this can
crash the CVS server, which may be accessed through the pserver
service and running under a remote user id. It is not yet clear if
the remote account can be exposed, through.
Red Hat alert: Updated radiusd-cistron packages are available
Updated radiusd-cistron packages, which fix various security issues, are now
available.
SuSE alert: squid
The widely used proxy-server squid contains a heap overflow in one of its URL constructing functions. Incorrect length-calculations for the user and passwd fields in ftp-URLs turned out to be the origin of the problem. Only users from hosts listed in squids ACL-files could trigger the overflow. The ftp-URL problem is not present in the 6.4, 7.0 and 7.1 distributions, but other security releated bugs have been fixed there. A complete history can be found at
Slackware alert: mod_php update fixes security problems
This fixes several security problems in the POST handling code used for
uploading files through forms. All sites using PHP are urged to upgrade as
soon as possible.
Debian alert: New CFS packages fix security problems
Zorgon found several buffer overflows in cfsd, a daemon that pushes
encryption services into the Unix(tm) file system. We are not yet
sure if these overflows can successfully be exploited to gain root
access to the machine running the CFS daemon. However, since cfsd can
easily be forced to die, a malicious user can easily perform a denial
of service attack to it.
Debian alert: New PHP packages fix security problems
Stefan Esser, who is also a member of the PHP team, found several
flaws in the way PHP handles multipart/form-data POST requests (as
described in RFC1867) known as POST fileuploads. Each of the flaws
could allow an attacker to execute arbitrary code on the victim's
system.
Mandrake alert: cyrus-sasl update
Kari Hurtta discovered that a format bug exists in the Cyrus SASL library, which is used to provide an authentication API for mail clients and servers, as well as other services such as LDAP. The format bug was found in one of the logging functions which could be used by an attacker to obtain acces to a machine or to possibly acquire elevated privileges. Thanks to the SuSE security team for providing the fix.
Mandrake alert: php update
Several flaws exist in various versions of PHP in the way it handles multipart/form-data POST requests, which are used for file uploads. The php_mime_split() function could be used by an attacker to execute arbitrary code on the server. This affects both PHP4 and PHP3. The authors have fixed this in PHP 4.1.2 and provided patches for older versions of PHP.
SuSE alert: mod_php/mod_php4
The e-matters team have found multiple remotely exploitable vulnerabilites in the source code responsible for file upload in the apache modules mod_php and mod_php4 (versions 3 and 4). The weakness can be used to have the webserver execute arbitrary code as supplied by the attacker.
Red Hat alert: Updated PHP packages are available
Updated PHP packages are available to fix vulnerabilities in the functions
that parse multipart MIME data, which are used when uploading files
through forms.
Debian alert: Update for SNMP security fix
Some of the changes made in the DSA-111-1 security fix for SNMP
changed the API and ABI for the SNMP library which broke some
other applications.
« Previous ( 1 ... 7406 7407 7408 7409 7410 7411 7412 7413 7414 7415 7416 ... 7439 ) Next »