LQ security report

Capt_Caveman · 04-15-2004, 11:52 PM

April 12th 2004
32 of 60 issues handled (ISS)
Encore Web Forum display.cgi command execution
FTE Text Editor vfte buffer overflow
texutil symlink attack
YaST Online Update symlink attack
monit Basic Authentication denial of service
monit off-by-one buffer overflow
monit POST off-by-one buffer overflow
Citrix MetaFrame Password Manager First Time Use wizard information disclosure
IGI 2 Covert Strike server rcon format string
F-Secure Backweb user interface allows elevated privileges
Portage lockfile hardlink can be used to overwrite
sharutils shar utility buffer overflow
CiscoWorks WLSE and Cisco HSE default password and
RealPlayer and RealOne Player R3T buffer overflow
Racoon crypto_openssl.c bypass authentication
Solaris Sun Secure Shell Deamon allows log bypass
NukeCalendar path disclosure
AzDGDatingLite index and view.php cross-site
Cisco 6500 and 7600 series VPNSM malformed IKE packet denial of service
NukeCalendar modules.php cross-site scripting
NukeCalendar modules.php SQL injection
LCDproc parse_all_client_messages buffer overflow
HP OpenView Operations and VantagePoint could allow administrative access
Sun Cluster Global File System denial of service
LCDproc test_func_func buffer overflow
Roger Wilco information disclosure
LCDproc test_func_func function format string
Roger Wilco allows audio access
Scorched 3D chat box format string attack
Open WebMail allows for unauthorized creation of
RSniff connection denial of service
Crackalaka hash_strcmp denial of service

April 13th 2004
11 issues handled (SF)
1. HAHTsite Scenario Server Project File Name Buffer Overrun Vu...
2. Heimdal Kerberos Cross-Realm Trust Impersonation Vulnerabili...
3. eMule Remote Buffer Overflow Vulnerability
4. FTE Multiple Local Unspecified Buffer OverflowVulnerabiliti...
5. Context Texutil Insecure Temporary Log File Vulnerability
6. ADA IMGSVR GET Request Buffer Overflow Vulnerability
7. SuSE YaST Online Update Insecure Temporary File CreationVul...
8. ADA IMGSVR Directory Traversal Vulnerability
9. Multiple Monit Administration Interface Remote Vulnerabiliti...
10. Gentoo Portage Sandbox Insecure Temporary Lockfile Creation...
11. Racoon IKE Daemon Unauthorized X.509 Certificate Connection...

April 16th 2004
18 issues handled out of 29 incidents over 8 distros (LAW)
mod_python
squid
apache
kernel
mySQL
xonix
ssmtp
openoffice
cvs
heimdal
iproute
pwlib
scorched
ipsec-tools
tcpdump
cadaver
mailman
subversion

Capt_Caveman · 04-16-2004, 12:07 AM

Internet Security Systems

Date Reported: 04/03/2004
Brief Description: Encore Web Forum display.cgi command execution
Risk Factor: High
Attack Type: Network Based
Platforms: Any operating system Any version, Encore Web Forum Any version
Vulnerability: encore-display-command-execution
X-Force URL: http://xforce.iss.net/xforce/xfdb/15725

Date Reported: 04/05/2004
Brief Description: FTE Text Editor vfte buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Any operating system Any version, Debian Linux 3.0, FTE Text Editor any version
Vulnerability: ftetexteditor-vfte-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15726

Date Reported: 04/05/2004
Brief Description: texutil symlink attack
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, textutil Any version, Unix Any version
Vulnerability: texutil-symlink-attack
X-Force URL: http://xforce.iss.net/xforce/xfdb/15728

Date Reported: 04/05/2004
Brief Description: YaST Online Update symlink attack
Risk Factor: High
Attack Type: Host Based
Platforms: SuSE Linux 8.2, SuSE Linux 9.0
Vulnerability: suse-you-symlink
X-Force URL: http://xforce.iss.net/xforce/xfdb/15731

Date Reported: 04/05/2004
Brief Description: monit Basic Authentication denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: monit 4.2 and earlier, monit 4.3 B2 and earlier, Unix Any version
Vulnerability: monit-basic-auth-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/15734

Date Reported: 04/05/2004
Brief Description: monit off-by-one buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: monit 4.2 and earlier, monit 4.3 B2 and earlier, Unix Any version
Vulnerability: monit-offbyone-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15735

Date Reported: 04/05/2004
Brief Description: monit POST off-by-one buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: monit 4.2 and earlier, monit 4.3 B2 and earlier, Unix Any version
Vulnerability: monit-post-offbyone-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15736

Date Reported: 04/02/2004
Brief Description: Citrix MetaFrame Password Manager First Time Use wizard information disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Citrix MetaFrame Password Manager 2.0
Vulnerability: metaframe-wizard-info-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/15737

Date Reported: 04/05/2004
Brief Description: IGI 2 Covert Strike server rcon format string
Risk Factor: High
Attack Type: Network Based
Platforms: IGI 2 Covert Strike server 1.3 and earlier, Linux Any version, Windows Any version
Vulnerability: igi2covertstrike-rcon-format-string
X-Force URL: http://xforce.iss.net/xforce/xfdb/15742

Date Reported: 04/06/2004
Brief Description: F-Secure Backweb user interface allows elevated privileges
Risk Factor: High
Attack Type: Host Based
Platforms: F-Secure Backweb 6.31 and earlier, Linux Any version, Windows Any version
Vulnerability: fsecure-backweb-gain-privileges
X-Force URL: http://xforce.iss.net/xforce/xfdb/15745

Date Reported: 04/06/2004
Brief Description: Portage lockfile hardlink can be used to overwrite files
Risk Factor: Medium
Attack Type: Host Based
Platforms: Gentoo Linux Any version, Portage prior to 2.0.50- r3
Vulnerability: portage-lockfile-hardlink
X-Force URL: http://xforce.iss.net/xforce/xfdb/15754

Date Reported: 04/06/2004
Brief Description: sharutils shar utility buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, sharutils 4.2.1
Vulnerability: sharutils-shar-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15759

Date Reported: 04/07/2004
Brief Description: CiscoWorks WLSE and Cisco HSE default password and username
Risk Factor: Medium
Attack Type: Network Based
Platforms: Cisco HSE 1.7, Cisco HSE 1.7.1, Cisco HSE 1.7.2,
Cisco HSE 1.7.3, CiscoWorks WLSE 2.0, CiscoWorks
WLSE 2.0.2, CiscoWorks WLSE 2.5
Vulnerability: cisco-default-password
X-Force URL: http://xforce.iss.net/xforce/xfdb/15773

Date Reported: 04/06/2004
Brief Description: RealPlayer and RealOne Player R3T buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Any operating system Any version, RealOne Player
Any version, RealPlayer 10 Beta (English),
RealPlayer 8.0, RealPlayer Enterprise Any version
Vulnerability: realplayer-r3t-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15774

Date Reported: 04/07/2004
Brief Description: Racoon crypto_openssl.c bypass authentication
Risk Factor: Medium
Attack Type: Network Based
Platforms: FreeBSD 4.9, Gentoo Linux Any version, Mandrake Linux 10.0, Racoon Any version
Vulnerability: racoon-cryptoopenssl-auth-bypass
X-Force URL: http://xforce.iss.net/xforce/xfdb/15783

Date Reported: 04/07/2004
Brief Description: Solaris Sun Secure Shell Deamon allows log bypass
Risk Factor: Low
Attack Type: Network Based
Platforms: Solaris 9 SPARC, Solaris 9 x86
Vulnerability: solaris-sshd-log-bypass
X-Force URL: http://xforce.iss.net/xforce/xfdb/15784

Date Reported: 04/07/2004
Brief Description: NukeCalendar path disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, NukeCalendar 1.1.a
Vulnerability: nuke-calendar-path-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/15795

Date Reported: 04/08/2004
Brief Description: AzDGDatingLite index and view.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, AzDGDatingLite 2.1.1
Vulnerability: azdgdating-index-view-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/15796

Date Reported: 04/08/2004
Brief Description: Cisco 6500 and 7600 series VPNSM malformed IKE packet denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Cisco 6500 Any version, Cisco 7600 Any version,
Cisco IOS 12.2SXA, Cisco IOS 12.2SXB, Cisco IOS
12.2SY, Cisco IOS 12.2ZA
Vulnerability: cisco-vpnsm-ike-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/15797

Date Reported: 04/07/2004
Brief Description: NukeCalendar modules.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, NukeCalendar 1.1.a
Vulnerability: nuke-calendar-modulesphp-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/15798

Date Reported: 04/07/2004
Brief Description: NukeCalendar modules.php SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, NukeCalendar 1.1.a
Vulnerability: nukecalendar-modulesphp-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/15799

Date Reported: 04/08/2004
Brief Description: LCDproc parse_all_client_messages buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: LCDproc Any version, Linux Any version
Vulnerability: lcdproc-parseallclientmessages-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15803

Date Reported: 04/08/2004
Brief Description: HP OpenView Operations and VantagePoint could allow administrative access
Risk Factor: High
Attack Type: Network Based
Platforms: HP OpenView Operations 6.x, HP OpenView Operations
7.x, HP OpenView VantagePoint 6.x, HP OpenView
VantagePoint 7.x, HP-UX 11.00, HP-UX 11.11
Vulnerability: hp-openview-gain-access
X-Force URL: http://xforce.iss.net/xforce/xfdb/15808

Date Reported: 04/08/2004
Brief Description: Sun Cluster Global File System denial of service
Risk Factor: Medium
Attack Type: Host Based
Platforms: Solaris 8, Solaris 9, Sun Cluster 3.0, Sun Cluster 3.1
Vulnerability: sun-cluster-file-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/15810

Date Reported: 04/08/2004
Brief Description: LCDproc test_func_func buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: LCDproc 0.4.1 and earlier, Linux Any version
Vulnerability: lcdproc-testfuncfunc-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/15814

Date Reported: 04/04/2004
Brief Description: Roger Wilco information disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: BSD Any version, Linux Any version, Roger Wilco
Dedicated Server for Win32 0.30a and earlier, Roger
Wilco Graphical Server 1.4.1.6 & earlier, Windows Any version
Vulnerability: roger-wilco-obtain-information
X-Force URL: http://xforce.iss.net/xforce/xfdb/15816

Date Reported: 04/08/2004
Brief Description: LCDproc test_func_func function format string
Risk Factor: High
Attack Type: Network Based
Platforms: LCDproc 0.4.1 and earlier, Linux Any version
Vulnerability: lcdproc-testfuncfunc-format-string
X-Force URL: http://xforce.iss.net/xforce/xfdb/15817

Date Reported: 04/04/2004
Brief Description: Roger Wilco allows audio access
Risk Factor: Low
Attack Type: Network Based
Platforms: BSD Any version, Linux Any version, Roger Wilco
Dedicated Server for Win32 0.30a and earlier, Roger
Wilco Graphical Server 1.4.1.6 & earlier, Windows Any version
Vulnerability: roger-wilco-audio-access
X-Force URL: http://xforce.iss.net/xforce/xfdb/15819

Date Reported: 04/09/2004
Brief Description: Scorched 3D chat box format string attack
Risk Factor: High
Attack Type: Network Based
Platforms: Gentoo Linux Any version, Scorched 3D build 36.2 and prior
Vulnerability: scorched3d-chatbox-format-string
X-Force URL: http://xforce.iss.net/xforce/xfdb/15820

Date Reported: 04/09/2004
Brief Description: Open WebMail allows for unauthorized creation of directories
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Open WebMail 2.30 and earlier
Vulnerability: open-webmail-directory-creation
X-Force URL: http://xforce.iss.net/xforce/xfdb/15822

Date Reported: 04/09/2004
Brief Description: RSniff connection denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, RSniff 1.0
Vulnerability: rsniff-connection-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/15823

Date Reported: 04/09/2004
Brief Description: Crackalaka hash_strcmp denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Crackalaka 1.0.8, Linux Any version, Unix Any version
Vulnerability: crackalaka-hashstrcmp-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/15824

Capt_Caveman · 04-16-2004, 12:24 AM

Security Focus

1. HAHTsite Scenario Server Project File Name Buffer Overrun Vu...
BugTraq ID: 10033
Remote: Yes
Date Published: Apr 02 2004
Relevant URL: http://www.securityfocus.com/bid/10033
Summary:
HAHTsite Scenario Server is reported to be prone to a remotely
exploitable buffer overrun vulnerability.
The issue may be triggered by submitting an HTTP GET request to the
vulnerable server component that specifies overly long project file
name parameters. hsrun.exe is name of the vulnerable component on Microsoft
Windows platforms. This could be exploited to execute arbitrary code
in the context of the server.
This issue is reported to affect HAHTsite Scenario Server 5.1 on
Windows, Solaris and Linux platforms. The name of the vulnerable component
will likely be different depending on the hosting platform.

2. Heimdal Kerberos Cross-Realm Trust Impersonation Vulnerabili...
BugTraq ID: 10035
Remote: No
Date Published: Apr 02 2004
Relevant URL: http://www.securityfocus.com/bid/10035
Summary:
It has been reported that Heimdal is prone to a cross-realm trust
impersonation vulnerability. This issue is due to a failure of the
implementation to properly validate cross-realm requests.
An attacker may leverage this issue to mask their identity,
potentially conducting attacks or other nefarious activity while feigning to be
someone else.

3. eMule Remote Buffer Overflow Vulnerability
BugTraq ID: 10039
Remote: Yes
Date Published: Apr 03 2004
Relevant URL: http://www.securityfocus.com/bid/10039
Summary:
eMule is prone to a remote buffer overflow vulnerability. This issue
is due to a failure of the application to properly validate buffer
boundaries during memory copy operations.
Successful exploitation would immediately produce a denial of service
condition in the affected process. This issue may also be leveraged to
execute code on the affected system within the security context of the
user running the vulnerable process.

4. FTE Multiple Local Unspecified Buffer Overflow Vulnerabiliti...
BugTraq ID: 10041
Remote: No
Date Published: Apr 04 2004
Relevant URL: http://www.securityfocus.com/bid/10041
Summary:
It has been reported that vfte is prone to multiple unspecified buffer
overflow vulnerabilities. These issues are due to a failure of the
application to verify buffer boundaries while processing user supplied
input.
Successful exploitation would immediately produce a denial of service
condition in the affected process. This issue may also be leveraged to
execute code on the affected system with root privileges, as this
application is setuid root.

5. Context Texutil Insecure Temporary Log File Vulnerability
BugTraq ID: 10042
Remote: No
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10042
Summary:
The ConTeXt TeXUtil program creates log files in an insecure manner
when invoked with the '--silent' command line option. This could allow a
malicious local user to launch a symbolic link attack when such a
file is created. This could cause attacker-specified files that are
writeable by the user invoking the utility to be corrupted.

6. ADA IMGSVR GET Request Buffer Overflow Vulnerability
BugTraq ID: 10046
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10046
Summary:
A vulnerability has been reported in ImgSvr that may allow a remote
attacker to corrupt local process memory, potentially leading to
arbitrary code execution. This issue is due to a failure of the application to
properly validate the size of user supplied HTTP requests.
Successful exploitation would immediately produce a denial of service
condition in the affected process. This issue may also be leveraged to
execute code on the affected system within the security context of the
user running the vulnerable process.

7. SuSE YaST Online Update Insecure Temporary File Creation Vul...
BugTraq ID: 10047
Remote: No
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10047
Summary:
SuSE YaST Online Update reportedly creates temporary files in an
insecure manner.

The source of the problem is that the online_update program will
create temporary files using predictable filenames in a world writeable
location (/usr/tmp).
Since these file names are static, it may be trivial for an attacker
to create a symbolic link in its place. A malicious local user could
take advantage of this issue by mounting a symbolic link attack to corrupt
other system files, most likely resulting in destruction of data.
The vendor has reported that the problem is present in SUSE Linux 8.2
and 9.0.

8. ADA IMGSVR Directory Traversal Vulnerability
BugTraq ID: 10048
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10048
Summary:
Reportedly ImgSvr is prone to an issue that may allow an attacker to
view files that reside outside of the server root directory. This issue
is due to a failure of the application to properly sanitize user-supplied URI
data.
Successful exploitation of this vulnerability may allow a remote
attacker to gain access to sensitive information that may be used to launch
further attacks against a vulnerable system.

9. Multiple Monit Administration Interface Remote Vulnerabiliti...
BugTraq ID: 10051
Remote: Yes
Date Published: Apr 05 2004
Relevant URL: http://www.securityfocus.com/bid/10051
Summary:
The remote administration interface of Monit has been reported to be
prone to multiple vulnerabilities.
The first issue reported may be exploited by a remote attacker to
trigger a denial of service. The issue presents itself when no password is
submitted as a part of a basic authentication request.
The second vulnerability, a stack-based buffer overflow vulnerability
has been reported to exist during basic authentication procedures. The
issue presents itself due to a lack of sufficient bounds checking performed
on user-supplied usernames.
A third issue, an off-by-one vulnerability, has also been reported to
affect Monit. The issue presents itself when a large POST submission
is handled. Depending on memory layout and compiler optimizations, this
issue may potentially be exploited on some platforms to allow an attacker to
influence the least significant byte of the stack frame base pointer.

10. Gentoo Portage Sandbox Insecure Temporary Lockfile Creation ...
BugTraq ID: 10060
Remote: No
Date Published: Apr 06 2004
Relevant URL: http://www.securityfocus.com/bid/10060
Summary:
Gentoo portage has been reported prone to an insecure temporary file
creation vulnerability. The vulnerability exists because portage
creates a lockfile with a predictable name in a world writeable location.
An attacker may create many symbolic hard links in the
"/tmp" folder, named with incrementing filenames in an attempt to predict the PID of
the vulnerable process. These links will point to a file that the attacker
wishes to corrupt. When portage is executed the file that is linked
will be overwritten with a blank file with the privileges of the user who
is invoking the portage application.

11. Racoon IKE Daemon Unauthorized X.509 Certificate Connection ...
BugTraq ID: 10072
Remote: Yes
Date Published: Apr 07 2004
Relevant URL: http://www.securityfocus.com/bid/10072
Summary:
The racoon IKE daemon is prone to a security vulnerability that may
allow unauthorized access. This issue may allow holders of valid X.509
certificates to make unauthorized connections to the VPN without being
required to be in possession of the corresponding private key.
Man-in-the-middle attacks are also possible.
This issue affects the racoon daemon included in IPsec-Tools for
Linux 2.6 Kernel and the version included in KAME's IPsec utilities.

Capt_Caveman · 04-17-2004, 11:09 AM

Linux Advisory Watch

Distribution: Conectiva
4/12/2004 - 'mod_python' DoS
This update fixes a remote denial of service vulnerabiliy in
Apache web-servers which have mod_python enabled.
http://www.linuxsecurity.com/advisor...sory-4216.html

4/13/2004 - 'squid' ACL bypass vulnerability
This update fixes a vulnerability that allows a malicious user to
bypass url_regex ACLs by using a specially crafted URL.
http://www.linuxsecurity.com/advisor...sory-4217.html

4/14/2004 - apache
Multiple vulnerabilities
Patch corrects non-filtered escape sequences and a DoS attack.
http://www.linuxsecurity.com/advisor...sory-4219.html

Distribution: Debian
4/14/2004 - kernel
Multiple vulnerabilities
This is three advisories in one, each for the same group of kernel
2.4.x vulnerabilities. The first is for the PA-RISC architecture,
the second for the IA-64 architecture, and the third for the
PowerPC/apus and S/390 architectures.
http://www.linuxsecurity.com/advisor...sory-4229.html

4/14/2004 - mysql
Insecure temporary file vulnerabilities
Two scripts contained in the package don't create temporary files
in a secure fashion, which could lead to a root exploit.
http://www.linuxsecurity.com/advisor...sory-4230.html

4/15/2004 - kernel
2.4.18 Multiple vulnerabilities
Here is a patch release specifically for kernel 2.4.18 on the i386
architecture, fixing multiple kernel security issues, and fixing a
build error from a previous patch to same.
http://www.linuxsecurity.com/advisor...sory-4231.html

4/15/2004 - xonix
Privilege retention vulnerability
A local attacker could exploit this vulnerability to gain gid "games".
http://www.linuxsecurity.com/advisor...sory-4232.html

4/15/2004 - ssmtp
Format string vulnerability
These vulnerabilities could potentially be exploited by a remote
mail relay to gain the privileges of the ssmtp process (including
potentially root).
http://www.linuxsecurity.com/advisor...sory-4233.html

Distribution: Fedora
4/14/2004 - kernel
Multiple vulnerabilities
This patch fixes a variety of buffer overflow and information leak vulnerabilities.
http://www.linuxsecurity.com/advisor...sory-4228.html

4/15/2004 - kernel
Corrected md4sums
Something went wrong with the md5sums in yesterdays announcement.
http://www.linuxsecurity.com/advisor...sory-4234.html

4/15/2004 - openoffice
Multiple format string vulnerabilities
This patch fixes vulnerabilities that may allow execution of
arbitrary code, as well as other bugfixes.
http://www.linuxsecurity.com/advisor...sory-4238.html

4/15/2004 - squid
2.5 ACL escape vulnerability
This is a backport of an older patch which prevented crafted URLs
from being able to ignore Squid's ACLs.
http://www.linuxsecurity.com/advisor...sory-4239.html

Distribution: FreeBSD
4/15/2004 - cvs
Chroot escape vulnerability
This patch fixes two cvs errors, one with the client and one with
the server. Both allow chroot escapes.
http://www.linuxsecurity.com/advisor...sory-4240.html

Distribution: Gentoo
4/9/2004 - Heimdal
Cross-realm scripting vulnerability
Heimdal contains cross-realm vulnerability allowing someone with
control over a realm to impersonate anyone in the cross-realm trust path.
http://www.linuxsecurity.com/advisor...sory-4211.html

4/9/2004 - iproute
Denial of service vulnerability
The iproute package allows local users to cause a denial of service.
http://www.linuxsecurity.com/advisor...sory-4212.html

4/9/2004 - pwlib
Multiple vulnerabilities
Multiple vulnerabilites have been found in pwlib that may lead to
a remote denial of service or buffer overflow attack.
http://www.linuxsecurity.com/advisor...sory-4213.html

4/9/2004 - Scorched
3D Format string attack vulnerability
Scorched 3D is vulnerable to a format string attack in the chat
box that leads to Denial of Service on the game server and
possibly allows execution of arbitrary code.
http://www.linuxsecurity.com/advisor...sory-4214.html

4/15/2004 - cvs
Multiple vulnerabilities
There are two vulnerabilities in CVS; one in the server and one in
the client. These vulnerabilities allow the reading and writing of
arbitrary files on both client and server.
http://www.linuxsecurity.com/advisor...sory-4235.html

Distribution: Mandrake
4/9/2004 - ipsec-tools Signature non-verification vulnerability
Multiple vulnerabilities
Racoon does not verify the RSA signature during phase one of a
connection using either main or aggressive mode. Only the
certificate of the client is verified, the certificate is not used
to verify the client's signature.
http://www.linuxsecurity.com/advisor...sory-4215.html

4/14/2004 - cvs
Chroot escape vulnerability
A maliciously configured server could then create any file with
content on the local user's disk.
http://www.linuxsecurity.com/advisor...sory-4226.html

4/14/2004 - kernel
Multiple vulnerabilities
This patch fixes a large variety of kernel bugs, including an
assortment of filesystem related vulnerabilities.
http://www.linuxsecurity.com/advisor...sory-4227.html

4/15/2004 - tcpdump
Multiple vulnerabilities
Corrects out of bounds read and DoS attack.
http://www.linuxsecurity.com/advisor...sory-4236.html

Distribution: Red Hat
4/14/2004 - cvs
Chroot escape vulnerability
Updated cvs packages that fix a client vulnerability that could be
exploited by a malicious server are now available.
http://www.linuxsecurity.com/advisor...sory-4222.html

4/14/2004 - cadaver
Multiple format string vulnerabilities
An updated cadaver package that fixes a vulnerability in neon
exploitable by a malicious DAV server is now available.
http://www.linuxsecurity.com/advisor...sory-4223.html

4/14/2004 - mailman
Denial of service vulnerability
An updated mailman package that closes a DoS vulnerability in
mailman introduced by RHSA-2004:019 is now available.
http://www.linuxsecurity.com/advisor...sory-4224.html

4/14/2004 - OpenOffice
Multiple format string vulnerabilities
An attacker could create a malicious WebDAV server in such a way
as to allow arbitrary code execution on the client.
http://www.linuxsecurity.com/advisor...sory-4225.html

4/15/2004 - subversion
Multiple format string vulnerabilities
An attacker could create a malicious WebDAV server in such a way
as to allow arbitrary code execution on the client connecting via
subserversion.
http://www.linuxsecurity.com/advisor...sory-4237.html

Distribution: Suse
4/14/2004 - kernel
Multiple vulnerabilities
Two vulnerabilities, one involving symlink names and one involving
the JFS filesystem, can both be used to gain root privileges.
http://www.linuxsecurity.com/advisor...sory-4220.html

4/14/2004 - cvs
Chroot escape vulnerability
Patches an ability for a rogue CVS server to remotely create
arbitrary absolute-path files with the user's permission.
http://www.linuxsecurity.com/advisor...sory-4221.html