Showing all newswire headlines

The window manager Window Maker was found vulnerable to a buffer overflow due to improper bounds checking when setting the window title. An attacker can remotely exploit this buffer overflow by using malicious web page titles or terminal escape sequences to set a excessively long window title. This attack can lead to remote command execution with the privileges of the user running Window Maker.

Pavel Machek has found a buffer overflow in the `most' pager program. The problem is part of most's tab expansion where the program would write beyond the bounds two array variables when viewing a malicious file. This could lead into other data structures being overwritten which in turn could enable most to execute arbitrary code being able to compromise the users environment.

The updated bugzilla package fixes numerous security issues which were present in previous releases of bugzilla.

The updated bugzilla package fixes numerous security issues which were present in previous releases of bugzilla.

The updated bugzilla package fixes numerous security issues which were present in previous releases of bugzilla.

The updated bugzilla package fixes numerous security issues which were present in previous releases of bugzilla.

The Apache module mod_auth_mysql 1.4,which is shipped since SuSE Linux 7.1, was found vulnerable to possible bypass authentication by MySQL command injection. An adversary could insert MySQL commands along with a password and these commands will be interpreted by MySQL while mod_auth_mysql is doing the password lookup in the database. A positive authentication could be returned.

A security audit has been done by Solar Designer on xinetd, and the results are now being made available as a preemptive measure.

A security audit has been done by Solar Designer on xinetd, and the results are now being made available as a preemptive measure.

A security audit has been done by Solar Designer on xinetd, and the results are now being made available as a preemptive measure.

A security audit has been done by Solar Designer on xinetd, and the results are now being made available as a preemptive measure.

An input validation error in the debugging functionality of all currently released versions of sendmail can enable a local user to gain root access. New packages that fix this problem are available for Red Hat Linux 5.2, 6.2, 7.0, and 7.1.

An input validation error in the debugging functionality of all currently released versions of sendmail can enable a local user to gain root access. New packages that fix this problem are available for Red Hat Linux 5.2, 6.2, 7.0, and 7.1.

An input validation error in the debugging functionality of all currently released versions of sendmail can enable a local user to gain root access. New packages that fix this problem are available for Red Hat Linux 5.2, 6.2, 7.0, and 7.1.

Updated fetchmail packages are now available for Red Hat Linux 5.2, 6.2, 7, and 7.1. These packages close a remotely-exploitable vulnerability in fetchmail.

Updated fetchmail packages are now available for Red Hat Linux 5.2, 6.2, 7, and 7.1. These packages close a remotely-exploitable vulnerability in fetchmail.

Updated fetchmail packages are now available for Red Hat Linux 5.2, 6.2, 7, and 7.1. These packages close a remotely-exploitable vulnerability in fetchmail.

screen is a terminal multiplexer program that allows reattaching to a detached session as well as multi-attached (shared) sessions.

The telnet server which is shipped with SuSE distributions contains a remotely exploitable buffer-overflow within its telnet option negotiation code. This bug is wide-spread on UN*X systems and affects almost all implementations of telnet daemons available. SuSE 7.2 distribution ships the telnet-server package which contains the vulnerable telnet daemon. This package has been fixed.

Cade Cairns of Securityfocus discovered a vulnerability in the sendmail program, the widely spread MTA used in Unix- and Unix-like systems. A local user can write arbitrary data to the process memory, resulting in user-controlled code to be executed as user root. Please note that this is a _local_ vulnerability: Local shell access is needed for the attacker to be able to take advantage of this error. The /usr/sbin/sendmail program is installed set-uid root in most installations. This special privilege is needed for the sendmail program to operate properly. The attack pattern involves running sendmail to make use of the setuid-bit. Please note that this is the first sendmail security problem since 1997.