Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7411 7412 7413 7414 7415 7416 ... 7417 ) Next »

SuSE alert: suidperl (perl)

  • Mailing list (Posted by dave on Aug 10, 2000 2:36 AM EDT)
  • Story Type: Security; Groups: SUSE
suidperl is the perl interpreter for suid perl scripts, a part of the perl package. A maliciously implemented feature causes the interpreter to spawn the /bin/mail program to inform the superuser of its usage, thereby passing on untrusted environment that causes /bin/mail to execute arbitrary commands as user root.

SuSE alert: rpc.kstatd (knfsd)

  • Mailing list (Posted by dave on Aug 10, 2000 2:33 AM EDT)
  • Story Type: Security; Groups: SUSE
Due to incorrect string parsing in the code, a remote attacker could gain root priviledges on the machine running the vulnerable rpc.kstatd.

Red Hat alert: Updated mailx and perl packages are now available.

  • Mailing list (Posted by dave on Aug 9, 2000 1:46 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated perl and mailx package are now available which fix a potential exploit made possible by incorrect assumptions made in suidperl. This advisory contains additional instructions for installing the necessary updates.

Debian alert: New version of mailx released

  • Mailing list (Posted by dave on Aug 8, 2000 10:10 PM EDT)
  • Story Type: Security; Groups: Debian
mailx is a often used by other programs to send email. Unfortunately mailx as distributed in Debian GNU/Linux 2.1 has some features that made it possible to execute system commands if a user can trick a privileged program to send email using /usr/bin/mail.

Red Hat alert: mopd-linux buffer overflow

  • Mailing list (Posted by dave on Aug 8, 2000 9:39 AM EDT)
  • Story Type: Security; Groups: Red Hat
A buffer overflow has been discovered in all releases of mopd-linux included in the 6.0, 6.1, and 6.2 releases of Powertools.

Red Hat alert: Remote file access vulnerability in ntop

  • Mailing list (Posted by dave on Aug 8, 2000 7:00 AM EDT)
  • Story Type: Security; Groups: Red Hat
The version of ntop which was included in Red Hat Powertools 6.2 has a remote exploit in which arbitrary files can be read on the host machine.

Red Hat alert: New umb-scheme packages are available.

  • Mailing list (Posted by dave on Aug 8, 2000 6:20 AM EDT)
  • Story Type: Security; Groups: Red Hat
New umb-scheme packages are available for Red Hat Linux 6.2 that fix a problem with file permissions.

Red Hat alert: Updated mailx and perl packages are now available.

  • Mailing list (Posted by dave on Aug 8, 2000 6:20 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated perl and mailx package are now available which fix a potential exploit made possible by incorrect assumptions made in suidperl.

SuSE alert: SuSE Security: miscellaneous

  • Mailing list (Posted by dave on Aug 3, 2000 2:01 PM EDT)
  • Story Type: Security; Groups: SUSE
This notice addresses the latest security advisories from various Linux Vendors as well as private contributors.

Debian alert: New verion of dhcp released (updated)

  • Mailing list (Posted by dave on Jul 28, 2000 6:17 AM EDT)
  • Story Type: Security; Groups: Debian
The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2 (potato) are vulnerable to a root exploit. The OpenBSD team reports that the client inappropriately executes commands embedded in replies sent from a dhcp server. This means that a malicious dhcp server can execute commands on the client with root privilages. A previous Debian security advisory addressed this issue with package versions 2.0b1pl6-0.3 and 2.0-3potato1, but ISC has released a newer patch since the original advisory. You should install the latest packages even if you upgraded when the last advisory was released.

Debian alert: New version of userv released

  • Mailing list (Posted by dave on Jul 26, 2000 6:41 PM EDT)
  • Story Type: Security; Groups: Debian
The version of userv that was distributed with Debian GNU/Linux 2.1 / slink had a problem in the fd swapping algorithm: it could sometimes make an out-of-bounds array reference. It might be possible for local users to abuse this to carry out unauthorised actions or be able to take control for service user accounts.

Red Hat alert: Revised advisory: Updated package for nfs-utils available

  • Mailing list (Posted by dave on Jul 21, 2000 8:09 AM EDT)
  • Story Type: Security; Groups: Red Hat
This is an updated of RHSA-2000:043 that contains further upgrade instructions. The rpc.statd daemon in the nfs-utils package shipped in Red Hat Linux 6.0, 6.1, and 6.2 contains a flaw that could lead to a remote root break-in.

Red Hat alert: Revised advisory: Updated package for nfs-utils available

  • Mailing list (Posted by dave on Jul 21, 2000 8:09 AM EDT)
  • Story Type: Security; Groups: Red Hat
This is an updated of RHSA-2000:043 that contains further upgrade instructions. The rpc.statd daemon in the nfs-utils package shipped in Red Hat Linux 6.0, 6.1, and 6.2 contains a flaw that could lead to a remote root break-in.

SuSE alert: nkitb

  • Mailing list (Posted by dave on Jul 16, 2000 9:51 PM EDT)
  • Story Type: Security; Groups: SUSE
The standard ftp server does directly pass untrusted data from a DNS server to the setproctitle() function in a unsecure manner.

Debian alert: New Debian nfs-common packages released

  • Mailing list (Posted by dave on Jul 16, 2000 6:41 PM EDT)
  • Story Type: Security; Groups: Debian
The version of nfs-common distributed in Debian GNU/Linux 2.2 (a.k.a potato), as well as in the unstable (woody) distribution, is vulnerable to a remote root compromise. No exploit is known to exist in the wild, but the vulnerability has been verified. This has been fixed in version 0.1.9.1-1 of the nfs-common package. We recommend that you update nfs-common immediately.

Debian alert: New version of cvsweb released

  • Mailing list (Posted by dave on Jul 15, 2000 10:40 PM EDT)
  • Story Type: Security; Groups: Debian
The versions of cvsweb distributed in Debian GNU/Linux 2.1 (aka slink) as well as in the frozen (potato) and unstable (woody) distributions, are vulnerable to a remote shell exploit. An attacker with write access to the cvs repository can execute arbitrary code on the server, as the www-data user.

SuSE alert: dhclient

  • Mailing list (Posted by dave on Jul 11, 2000 5:54 AM EDT)
  • Story Type: Security; Groups: SUSE
The client side program of the ISC DHCP package, dhclient, does not do quoting of server messages before passing them to /sbin/dhclient-script. This script is executed with root privileges.

SuSE alert: tnef

  • Mailing list (Posted by dave on Jul 11, 2000 5:51 AM EDT)
  • Story Type: Security; Groups: SUSE
Tnef extracts eMails compressed with MS-Outlook. The compressed file includes the path name to which the decompressed data should be written.

SuSE alert: makewhatis bug

  • Mailing list (Posted by dave on Jul 10, 2000 7:50 AM EDT)
  • Story Type: Security; Groups: SUSE
a few days ago a /tmp race condition bug in the makewhatis program was posted on bugtraq. We are NOT vulnerable by this bug, because we use different code, which doesn't touch /tmp in a unsecure way.

Red Hat alert: man package's 'makewhatis' uses insecure handling of files in /tmp

  • Mailing list (Posted by dave on Jul 3, 2000 3:03 PM EDT)
  • Story Type: Security; Groups: Red Hat
The makewhatis portion of the man package used files in /tmp in an insecure fashion. It was possible for local users to exploit this vulnerability to modify files that they normally could not and gain elevated privilege.

« Previous ( 1 ... 7411 7412 7413 7414 7415 7416 ... 7417 ) Next »