Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7431 7432 7433 7434 7435 7436 7437 7438 7439 7440 7441 ... 7468 ) Next »
Red Hat alert: Updated nss_ldap packages fix pam_ldap vulnerability
Updated nss_ldap packages are now available for Red Hat Linux 6.2, 7,
7.1, 7.2, and 7.3. These packages fix a string format vulnerability in the
pam_ldap module.
[Update Jun 4, 2002]
Replacement packages have been added for Red Hat Linux 6.
Debian alert: memory allocation error in ethereal
Ethereal versions prior to 0.9.3 were vulnerable to an allocation error
in the ASN.1 parser. This can be triggered when analyzing traffic using
the SNMP, LDAP, COPS, or Kerberos protocols in ethereal. This
vulnerability was announced in the ethereal security advisory
enpa-sa-00003 and has been given the proposed CVE id of CAN-2002-0353.
This issue has been corrected in ethereal version 0.8.0-3potato for
Debian 2.2 (potato).
Debian alert: in.uucpd string truncation problem
We have received reports that in.uucpd, an authentication agent in the
uucp package, does not properly terminate certain long input strings.
This has been corrected in uucp package version 1.06.1-11potato3 for
Debian 2.2 (potato) and in version 1.06.1-18 for the upcoming (woody)
release.
Mandrake alert: dhcp update
Fermin J. Serna discovered a problem in the dhcp server and client package from versions 3.0 to 3.0.1rc8, which are affected by a format string vulnerability that can be exploited remotely.
Red Hat alert: Updated tcpdump packages fix buffer overflow
Updated tcpdump, libpcap, and arpwatch packages are available for Red
Hat Linux 6.2 and 7.x. These updates close a buffer overflow when handling
NFS packets.
Mandrake alert: dhcp update
Fermin J. Serna discovered a problem in the dhcp server and client package from versions 3.0 to 3.0.1rc8, which are affected by a format string vulnerability that can be exploited remotely. By default, these versions of DHCP are compiled with the dns update feature enabled, which allows DHCP to update DNS records. The code that logs this update has an exploitable format string vulnerability; the update message can contain data provided by the attacker, such as a hostname. A successful exploitation could give the attacker elevated privileges equivalent to the user running the DHCP daemon, which is the user dhcpd in Mandrake Linux 8.x, but root in earlier versions.
SuSE alert: tcpdump/libpcap
The tcpdump program may be used to capture and decode network traffic. Tcpdump decodes certain packets such as AFS requests in a wrong way resulting in a buffer overflow. Since running tcpdump requires root privileges this may lead to a root compromise of the system running tcpdump. We strongly recommend an update for administrators using tcpdump to monitor their networks since the only safe workaround is to not use it at all. Additionally to the fixed tcpdump packages we provide new libpcap packages. Libpcap on which most network monitoring programs rely also contained overflows which however are only exploitable by local attackers if you installed programs using libpcap setuid. This is not found in a default install. More information about tcpdump and libpcap may be found at http://www.tcpdump.org
Mandrake alert: fetchmail update
A problem was discovered with versions of fetchmail prior to 5.9.10 that was triggered by retreiving mail from an IMAP server. The fetchmail client will allocate an array to store the sizes of the messages it is attempting to retrieve. This array size is determined by the number of messages the server is claiming to have, and fetchmail would not check whether or not the number of messages the server was claiming was too high. This would allow a malicious server to make the fetchmail process write data outside of the array bounds.
Mandrake alert: perl-Digest-MD5 update
A bug exists in the UTF8 interaction between the perl-Digest-MD5 module and perl that results in UTF8 strings having improper MD5 digests. The 2.20 version of the module corrects this problem.
Mandrake alert: imap update
A buffer overflow was discovered in the imap server that could allow a malicious user to run code on the server with the uid and gid of the email owner by constructing a malformed request that would trigger the buffer overflow. However, the user must successfully authenticate to the imap service in order to exploit it, which limits the scope of the vulnerability somewhat, unless you are a free mail provider or run a mail service where users do not already have shell access to the system.
Red Hat alert: Updated nss_ldap packages fix pam_ldap vulnerability
Updated nss_ldap packages are now available for Red Hat Linux 6.2, 7.0,
7.1,7.2, and 7.3. These packages fix a string format vulnerability in the
pam_ldap module.
Red Hat alert: Buffer overflow in UW imap daemon
The UW imap daemon contains a buffer overflow which allows a
logged in, remote user to execute commands on the server
with the user's UID/GID.
Red Hat alert: Buffer overflow in UW imap daemon
The UW imap daemon contains a buffer overflow which allows a
logged in, remote user to execute commands on the server
with the user's UID/GID.
SuSE alert: dhcp/dhcp-server
The "Dynamic Host Configuration Protocol" (DHCP) server from the Internet Software Consortium allows hosts on a TCP/IP network to request and be assigned IP addresses, and also to discover information about the network to which they are attached.
Mandrake alert: webmin update
A vulnerability exists in all versions of Webmin prior to 0.970 that allows a remote attacker to login to Webmin as any user. All users of Webmin are encouraged to upgrade immediately. Users of Mandrake Linux 8.0 and earlier will need to install some additional perl modules for this new version of webmin to work correctly.
Red Hat alert: Updated fetchmail packages available
Updated fetchmail packages are available for Red Hat Linux 6.2, 7, 7.1,
7.2, and 7.3 which close a remotely-exploitable vulnerability in unpatched
versions of fetchmail prior to 5.9.10.
Red Hat alert: New imlib packages available
Updated imlib packages are now available for Red Hat Linux 6.2, 7,
7.1 and 7.2 which fix potential problems loading untrusted images.
Mandrake alert: tcpdump update
Several buffer overflows were found in the tcpdump package by FreeBSD developers during a code audit, in versions prior to 3.5. However, newer versions of tcpdump, including 3.6.2, are also vulnerable to another buffer overflow in the AFS RPC decoding functions, which was discovered by Nick Cleaton. These vulnerabilities could be used by a remote attacker to crash the the tcpdump process or possibly even be exploited to execute arbitrary code as the user running tcpdump, which is usually root. The newer libpcap 0.6 has also been audited to make it more safe by implementing better buffer boundary checks in several functions.
Mandrake alert: fileutils update
Wojciech Purczynski reported a race condition in some utilities in the GNU fileutils package that may cause root to delete the entire filesystem. This only affects version 4.1 stable and 4.1.6 development versions, and the authors have fixed this in the latest development version.
Red Hat alert: Updated mpg321 packages available
Updated mpg321 packages are available for Red Hat Linux 7.2, which fix
a buffer overflow in the network streaming code as well as other bugs.
« Previous ( 1 ... 7431 7432 7433 7434 7435 7436 7437 7438 7439 7440 7441 ... 7468 ) Next »