Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7419 7420 7421 7422 7423 7424 7425 7426 7427 7428 7429 ... 7439 ) Next »

Debian alert: man-db local exploit

  • Mailing list (Posted by dave on May 8, 2001 5:55 AM EDT)
  • Story Type: Security; Groups: Debian
Ethan Benson found a bug in man-db packages as distributed in Debian/GNU/Linux 2.2. man-db includes a mandb tool which is used to build an index of the manual pages installed on a system. When the -u or - -c option were given on the command-line to tell it to write its database to a different location it failed to properly drop privileges before creating a temporary file. This makes it possible for an attacked to do a standard symlink attack to trick mandb into overwriting any file that is writable by uid man, which includes the man and mandb binaries.

Debian alert: zope remote unauthorized access

  • Mailing list (Posted by dave on May 7, 2001 7:01 AM EDT)
  • Story Type: Security; Groups: Debian
A new Zope hotfix has been released which fixes a problem in ZClasses. The README for the 2001-05-01 hotfix describes the problem as `any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance.'

Debian alert: cron local root exploit

  • Mailing list (Posted by dave on May 7, 2001 4:11 AM EDT)
  • Story Type: Security; Groups: Debian
A recent (fall 2000) security fix to cron introduced an error in giving up privileges before invoking the editor. A malicious user could easily gain root access.

SuSE alert: sgmltool

  • Mailing list (Posted by dave on May 4, 2001 4:54 AM EDT)
  • Story Type: Security; Groups: SUSE
The sgmltool programs ("sgml2html" and others) are used to convert SGML-files into various other formats.

Red Hat alert: Updated mount package available

  • Mailing list (Posted by dave on May 2, 2001 12:51 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated mount packages fixing a potential security problem are available.

Red Hat alert: Updated kdelibs packages fixing security problem and memory leaks available

  • Mailing list (Posted by dave on Apr 30, 2001 9:35 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated kdelibs packages fixing a security problem, some memory leaks and some minor bugs are available.

Debian alert: nedit symlink attack

  • Mailing list (Posted by dave on Apr 26, 2001 2:32 PM EDT)
  • Story Type: Security; Groups: Debian
The nedit (Nirvana editor) package as shipped in the non-free section accompanying Debian GNU/Linux 2.2/potato had a bug in its printing code: when printing text it would create a temporary file with the to be printed text and pass that on to the print system. The temporary file was not created safely, which could be exploited by an attacked to make nedit overwrite arbitrary files.

Debian alert: New versions of Zope fix vulnerabilities

  • Mailing list (Posted by dave on Apr 25, 2001 11:49 PM EDT)
  • Story Type: Security; Groups: Debian
This is an addition to DSA 043-1 which fixes several vulnerabilities in Zope. Something went wrong so it has to be corrected. The previous security release 2.1.6-7 has two severe problems:

Red Hat alert: gftp format string vulnerability corrected

  • Mailing list (Posted by dave on Apr 25, 2001 12:30 PM EDT)
  • Story Type: Security; Groups: Red Hat
An updated gftp package is available for Red Hat Linux 6.2 and 7.1. This package contains an upgrade to gftp version

Debian alert: New sendfile packages fix root exploit

  • Mailing list (Posted by dave on Apr 23, 2001 2:14 AM EDT)
  • Story Type: Security; Groups: Debian
Daniel Kobras has discovered and fixed a problem in sendfiled which caused the daemon not to drop privileges as expected when sendnig notification mails. Exploiting this a local user can easily make it execute arbitrary code under root privileges.

Debian alert: New Netscape packages available

  • Mailing list (Posted by dave on Apr 23, 2001 2:05 AM EDT)
  • Story Type: Security; Groups: Debian
Florian Wesch has discovered a problem (reported to bugtraq) with the way how Netscape handles comments in GIF files. The Netscape browser does not escape the GIF file comment in the image information page. This allows javascript execution in the "about:" protocol and can for example be used to upload the History (about:global) to a webserver, thus leaking private information. This problem has been fixed upstream in Netscape 4.77. Since we haven't received sourcecode for these packages they are not part of the Debian GNU/Linux distribution but are packaged up as `.deb' files for a convenient installation.

Red Hat alert: Updated mgetty packages available

  • Mailing list (Posted by dave on Apr 20, 2001 10:04 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated mgetty packages are now available for Red Hat Linux 6.2 and 7.x. These packages fix packaging errors present in previous versions.

SuSE alert: hylafax

  • Mailing list (Posted by dave on Apr 20, 2001 1:34 AM EDT)
  • Story Type: Security; Groups: SUSE
The HylaFax program hfaxd(8c) implements the server part of the HylaFax package. It is started either by inetd(8) or runs in standalone mode. hfaxd(8c) offers three different protocols to process fax jobs. When hfaxd(8c) tries to change to it's queue directory and fails, it prints an error message via syslog by directly passing user supplied data as format string. As long as hfaxd(8c) is installed setuid root, this behavior could be exploited to gain root access locally.

Debian alert: New version sendfile fix local root exploit

  • Mailing list (Posted by dave on Apr 19, 2001 2:36 PM EDT)
  • Story Type: Security; Groups: Debian
Colin Phipps and Daniel Kobras discovered and fixed several serious bugs in the saft daemon `sendfiled' which caused it to drop privileges incorrectly. Exploiting this a local user can easily make it execute arbitrary code under root privileges.

Red Hat alert: FTP iptables vulnerability in 2.4 kernel

  • Mailing list (Posted by dave on Apr 19, 2001 12:00 PM EDT)
  • Story Type: Security; Groups: Red Hat
A security hole has been found that does not affect the default configuration of Red Hat Linux, but can affect some custom configurations of Red Hat Linux 7.1 only. The bug is specific to the Linux

SuSE alert: nedit

  • Mailing list (Posted by dave on Apr 19, 2001 1:32 AM EDT)
  • Story Type: Security; Groups: SUSE
The Nirvana Editor, NEdit, is a GUI-style text editor based on popular Macintosh and MS Windows editors. When printing a whole text or selected parts of a text, nedit(1) creates a temporary file in an insecure manner. This behavior could be exploited to gain access to other users privileges, even root.

SuSE alert: sudo

  • Mailing list (Posted by dave on Apr 19, 2001 1:31 AM EDT)
  • Story Type: Security; Groups: SUSE
The setuid application sudo(8) allows a user to execute commands under the privileges of another user (including root). sudo(8) previous to version 1.6.3p6 is vulnerable by a buffer overflow in it's logging code, which could lead to local root compromise.

Debian alert: exuberant-ctags for sparc was incorrectly built

  • Mailing list (Posted by dave on Apr 19, 2001 12:48 AM EDT)
  • Story Type: Security; Groups: Debian
The updated exuberant-ctags that was mentioned in DSA-046-1 was unfortunately compiled incorrectly: the stable chroot we used turned out to be running unstable instead.

Debian alert: samba for sparc was incorrectly built

  • Mailing list (Posted by dave on Apr 19, 2001 12:48 AM EDT)
  • Story Type: Security; Groups: Debian
The updated samba packages that were mentioned in DSA-048-1 were unfortunately compiled incorrectly: the stable chroot we used turned out to be running unstable instead.

Debian alert: remote cfingerd exploit

  • Mailing list (Posted by dave on Apr 18, 2001 5:02 PM EDT)
  • Story Type: Security; Groups: Debian
Megyer Laszlo report on Bugtraq that the cfingerd Debian as distributed with Debian GNU/Linux 2.2 was not careful in its logging code. By combining this with an off-by-one error in the code that copied the username from an ident response cfingerd could exploited by a remote user. Since cfingerd does not drop its root privileges until after it has determined which user to finger an attacker can gain root privileges.

« Previous ( 1 ... 7419 7420 7421 7422 7423 7424 7425 7426 7427 7428 7429 ... 7439 ) Next »