Showing all newswire headlines

Paul Szabo discovered insecure creation of a temporary file in ps2epsi, a script that is distributed as part of gs-common which contains common files for different Ghostscript releases. ps2epsiuses a temporary file in the process of invoking ghostscript. This file was created in an insecure fashion, which could allow a local attacker to overwrite files owned by a user who invokes ps2epsi.

Karol Lewandowski discovered that psbanner, a printer filter that creates a PostScript format banner and is part of LPRng, insecurely creates a temporary file for debugging purpose when it is configured as filter. The program does not check whether this file already exists or is linked to another place writes its current environment and called arguments to the file unconditionally with the user id daemon.

The KDE team discoverd a vulnerability in the way KDE uses Ghostscript software for processing of PostScript (PS) and PDF files. An attacker could provide a malicious PostScript or PDF file via mail or websites that could lead to executing arbitrary commands under the privileges of the user viewing the file or when the browser generates a directory listing with thumbnails.

Ethan Benson discovered a problem in xfsdump, that contains administrative utilities for the XFS filesystem. When filesystem quotas are enabled xfsdump runs xfsdq to save the quota information into a file at the root of the filesystem being dumped. The manner in which this file is created is unsafe.

Updated glibc packages are available to fix an integer overflow in the XDR decoder.

A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module.

Updated httpd packages which fix a number of security issues are now available for Red Hat Linux 8.0 and 9.

Due to overzealous applied patches, the security update DSA 269-1 introduced problems in some installations, causing the hprop service to fail. This is corrected with the update below.

eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function which is also present in GNU libc. This function is part of the XDR (external data representation) encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code.

Updated kernel packages for Red Hat Linux 9 are now available. The kernel package version

Updated Samba packages that fix a security vulnerability are now available. [Updated 9 April 2003] Fixed Samba packages for Red Hat Linux 7.1 have been added to this erratum.

Knud Erik Højgaard discovered a vulnerability in moxftp (and xftp respectively), an Athena X interface to http://FTP. Insufficient bounds checking could lead to execution of arbitrary code, provided by a malicious FTP server. Erik Tews fixed this.

Updated mgetty packages are now available for Red Hat Linux 7.1, 7.2, 7.3, and 8.0. These updates close a possible buffer overflow and a permissions problem present in versions of mgetty prior to version 1.1.29.

Updated Samba packages that fix a security vulnerability are now available for Red Hat Linux 7.2, 7.3, 8.0, and 9. Packages for Red Hat Linux 7.1 will be added shortly.

The samba packages in Slackware 8.1 and 9.0 have been upgraded to Samba 2.2.8a to fix a security problem.

Digital Defense Inc. have discovered a buffer overflow in the samba file server, the widely spread implementation of the SMB protocol. The flaw allows a remote attacker to execute arbitrary commands as root on a server that runs a vulnerable version of samba. The vulnerability is known as DDI trans2.c overflow bug and is assigned the CVE ID CAN-2003-0201. Since this vulnerability was found during an analysis of an exploit happening in the wild, it should be assumed that exploits are circulating in the internet.

Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use.

An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem.

Red Hat, Inc. (Nasdaq:RHAT), the world's premier open source and Linux provider, today announced the availability of Red Hat Linux 9. Drawing from the work of the open source community, Red Hat Linux 9 allows users to take advantage of the newest open source technology first. With an improved graphical installation, new usability enhancements and end-user applications, Red Hat Linux 9 is designed for students, home computing and technology enthusiasts.

Paul Szabo and Matt Zimmerman discoverd two similar problems in metrics, a tools for software metrics. Two scripts in this package, "halstead" and "gather_stats", open temporary files without taking appropriate security precautions. "halstead" is installed as a user program, while "gather_stats" is only used in an auxiliary script included in the source code. These vulnerabilities could allow a local attacker to overwrite files owned by the user running the scripts, including root.