|
LQ Security Report - December 11th 2004
Dec 10th 2004
49 issues handled (LAW) Debian: hpsockd denial of service fix Debian: viewcvs information leak fix Debian: nfs-util denial of service fix Fedora: cyrus-imapd-2.2.10-3.fc2 update Fedora: cyrus-imapd-2.2.10-3.fc3 update Fedora: netatalk-1.6.4-2.2 update Fedora: netatalk-1.6.4-4 update Fedora: gaim-1.1.0-0.FC2 update Fedora: gaim-1.1.0-0.FC3 update Fedora: rhpl-0.148.1-2 update Fedora: ttfonts-ja-1.2-36.FC3.0 update Fedora: mc-4.6.1-0.11FC3 update Fedora: udev-039-10.FC3.4 update Fedora: udev-039-10.FC3.5 update Fedora: gnome-bluetooth-0.5.1-5.FC3.1 update Fedora: rsh update Fedora: Omni-0.9.2-1.1 update Fedora: mysql-3.23.58-9.1 update Fedora: libpng-1.2.8-1.fc2 update Fedora: libpng10-1.0.18-1.fc2 update Fedora: glib2-2.4.8-1.fc2 update Fedora: gtk2-2.4.14-1.fc2 update Fedora: libpng10-1.0.18-1.fc3 update Fedora: libpng-1.2.8-1.fc3 update Fedora: glib2-2.4.8-1.fc3 update Fedora: gtk2-2.4.14-1.fc3 update Fedora: postgresql-odbc-7.3-6.2 update Fedora: postgresql-odbc-7.3-8.FC3.1 update Fedora: postgresql-7.4.6-1.FC2.1 update Fedora: shadow-utils-4.0.3-55 update Fedora: shadow-utils-4.0.3-56 update Gentoo: rssh, scponly Unrestricted command execution Gentoo: PDFlibs Multiple overflows in the included TIFF library Gentoo: imlib Buffer overflows in image decoding Gentoo: perl Insecure temporary file creation Gentoo: mirrorselect Insecure temporary file creation Mandrake: drakxtools update Mandrake: dietlibc fix Mandrake: gzip fix Mandrake: ImageMagick fix Mandrake: lvml fix Mandrake: rp-pppoe fix Mandrake: nfs-utils fix Mandrake: openssl fix Trustix: multiple package bugfixes Trustix: nfs-util Remote denial of service Red Hat: ImageMagick security vulnerability fix SuSE: cyrus-imapd remote command execution TurboLinux: samba, cups vulnerabilities Dec 9th 2004 39 issues handled (SN) Red Hat update for ImageMagick SUSE Updates for Multiple Packages Mandrake update for ImageMagick Gentoo update for imlib Imlib Image Decoding Integer Overflow Vulnerabilities LessTif libXpm Multiple Image Processing Vulnerabilities Gentoo update for pdflib SUSE update for cyrus-imapd Mac OS X Security Update Fixes Multiple Vulnerabilities Debian update for ViewCVS Darwin Streaming Server "DESCRIBE" Request Denial of Service Big Medium Unspecified Script Upload Vulnerability Sun Solaris in.rwhod Unspecified Vulnerability Debian hpsockd Buffer Overflow Vulnerability Red Hat update for kernel Fedora update for mysql Debian update for nfs-utils Mandrake update for nfs-utils nfs-utils "SIGPIPE" TCP Connection Termination Denial of rootsh Escape Sequences Logging Security Bypass Gentoo mirrorselect Insecure Temporary File Creation Gentoo update for perl Mandrake update for gzip Mandrake update for lvm Mandrake update for openssl Gentoo rssh Arbitrary Command Execution Vulnerability file Unspecified ELF Header Parsing Vulnerability AIX Unspecified System Startup Scripts Vulnerability Gentoo update for scponly scponly Security Bypass Arbitrary Command Execution rssh Security Bypass Arbitrary Command Execution Netscape Window Injection Vulnerability WebLibs Directory Traversal Vulnerability ViewCVS Restricted Directory Access Security Bypass MaxDB Web Tools Buffer Overflow and Denial of Service Codestriker Unspecified Repository Security Bypass Issue Jakarta Lucene "results.jsp" Cross-Site Scripting Serendipity "searchTerm" Cross-Site Scripting Vulnerability Novell NetMail Default NMAP Authentication Credential Dec 7th 2004 24 of 36 issues handled (SF) 2. File ELF Header Unspecified Buffer Overflow Vulnerability 4. Groupmax World Wide Web Cross-Site Scripting And Directory T... 5. 21-6 Productions Orbz Remote Buffer Overflow Vulnerability 8. EnergyMech IRC Bot Unspecified Buffer Overflow Vulnerability 9. FreeImage Interleaved Bitmap Image Buffer Overflow Vulnerabi... 10. IPCop Web Administration Interface Proxy Log HTML Injection ... 12. OpenSSH-portable PAM Authentication Remote Information Discl... 14. SuSE Linux Enterprise Server NFS Unspecified Denial Of Servi... 15. SuSE Linux Kernel Unauthorized SCSI Command Vulnerability 16. Linux NFS RPC.STATD Remote Denial Of Service Vulnerability 17. ACPID Proxy Unspecified Local Denial Of Service Vulnerabilit... 18. gnubiff Multiple Remote Denial Of Service Vulnerabilities 20. FreeBSD Linux ProcFS Local Kernel Denial Of Service And Info... 21. S9Y Serendipity Remote Cross-Site Scripting Vulnerability 22. SCPOnly Remote Arbitrary Command Execution Vulnerability 23. RSSH Remote Arbitrary Command Execution Vulnerability 25. Linux Kernel Unspecified Local TSS Vulnerability For AMD64 A... 26. Blog Torrent Remote Directory Traversal Vulnerability 27. Global Moxie Big Medium Unspecified Remote Script Code Execu... 28. PHProjekt Unspecified Authentication Bypass Vulnerability 29. Advanced Guestbook Cross-Site Scripting Vulnerability 30. Burut Kreed Game Server Multiple Remote Vulnerabilities 34. Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulne... 36. Sandino Flores Moreno Gaim Festival Plug-in Remote Denial Of... |
Dec 7th 2004 (SF)
SecurityFocus
2. File ELF Header Unspecified Buffer Overflow Vulnerability BugTraq ID: 11771 Remote: Yes Date Published: Nov 29 2004 Relevant URL: http://www.securityfocus.com/bid/11771 Summary: The file command is affected by a buffer overflow vulnerability. This issue is due to a failure of the application to properly validate string lengths in the affected file prior to copying them into static process buffers. An attacker may leverage this issue to execute arbitrary code with the privileges of a user that processes the malicious file with the affected utility. This may be leveraged to escalate privileges or to gain unauthorized access. 4. Groupmax World Wide Web Cross-Site Scripting And Directory T... BugTraq ID: 11773 Remote: Yes Date Published: Nov 29 2004 Relevant URL: http://www.securityfocus.com/bid/11773 Summary: It is reported that Groupmax World Wide Web is susceptible to both a cross-site scripting vulnerability and a directory traversal vulnerability. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied input. The cross-site scripting issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. The directory traversal vulnerability allows remote attackers to retrieve the contents of potentially sensitive files with the privileges of the web server. Reportedly, only files with an 'html' extension are retrievable. Both of these vulnerabilities reportedly require attackers to successfully authenticate to the server prior to exploitation. 5. 21-6 Productions Orbz Remote Buffer Overflow Vulnerability BugTraq ID: 11774 Remote: Yes Date Published: Nov 29 2004 Relevant URL: http://www.securityfocus.com/bid/11774 Summary: A remote buffer overflow vulnerability has been reported in 21-6 Productions Orbz. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into finite process buffers. An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation. 8. EnergyMech IRC Bot Unspecified Buffer Overflow Vulnerability BugTraq ID: 11777 Remote: Unknown Date Published: Nov 30 2004 Relevant URL: http://www.securityfocus.com/bid/11777 Summary: An unspecified buffer overflow vulnerability affects EnergyMech. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into finite process buffers. Although the impact of this issue is currently unknown, it is likely that an attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation. 9. FreeImage Interleaved Bitmap Image Buffer Overflow Vulnerabi... BugTraq ID: 11778 Remote: Yes Date Published: Nov 26 2004 Relevant URL: http://www.securityfocus.com/bid/11778 Summary: A buffer overflow vulnerability exists in FreeImage. This issue is due to a boundary condition error that is presented when the library handles malformed Interleaved Bitmap (ILBM) images. This issue could potentially be exploited to execute arbitrary code in the context of an application that uses the library. 10. IPCop Web Administration Interface Proxy Log HTML Injection ... BugTraq ID: 11779 Remote: Yes Date Published: Nov 30 2004 Relevant URL: http://www.securityfocus.com/bid/11779 Summary: IPCop is reported susceptible to an HTML injection vulnerability in its proxy log viewer. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated web pages. This vulnerability allows remote, attacker-supplied malicious HTML or script code to be displayed to administrative users. This code would be executed in the context of the affected Web application. It is conjectured that it may be possible for attackers to cause administrative actions to be executed on their behalf when an administrator views the Squid logs. Theft of cookie-based authentication credentials and other attacks are also likely. Version 1.4.1 of IPCop is reportedly vulnerable. Other versions may also be affected. 12. OpenSSH-portable PAM Authentication Remote Information Discl... BugTraq ID: 11781 Remote: Yes Date Published: Nov 30 2004 Relevant URL: http://www.securityfocus.com/bid/11781 Summary: It is reported that OpenSSH contains an information disclosure vulnerability. This issue exists in the portable version of OpenSSH. The portable version is the version that is distributed for operating systems other than its native OpenBSD platform. This issue is related to BID 7467. It is reported that the previous fix for BID 7476 was insufficient to completely fix the issue. It is not confirmed at this time, but this current issue may involve differing code paths in PAM, resulting in a new vulnerability. This vulnerability allows remote users to test for the existence of valid usernames. Knowledge of usernames may aid them in further attacks. 14. SuSE Linux Enterprise Server NFS Unspecified Denial Of Servi... BugTraq ID: 11783 Remote: Yes Date Published: Dec 01 2004 Relevant URL: http://www.securityfocus.com/bid/11783 Summary: A remote denial of service and storage corruption vulnerability affects SuSE Linux enterprise Server. This underlying nature of this issue is currently unknown; this BID will be updated as further details are released. An attacker may leverage this issue to cause the affected server to crash, denying service to legitimate users. It has also been reported that this issue may be exploited to corrupt data stored on disk. 15. SuSE Linux Kernel Unauthorized SCSI Command Vulnerability BugTraq ID: 11784 Remote: No Date Published: Dec 01 2004 Relevant URL: http://www.securityfocus.com/bid/11784 Summary: SuSE Linux is reported susceptible to an unauthorized SCSI command vulnerability. Malicious users may be able to send commands to SCSI devices that result in the overwriting of their firmware. This potentially results in the failure of the targeted device to further operate. This may result in the permanent, unrecoverable destruction of SCSI devices, requiring that they be sent to the vendor for service or replacement. SuSE Linux 9.1, and SuSE Linux Enterprise Server 9 are reported to be vulnerable to this issue. Other versions, and other distributions of Linux are also potentially affected. 16. Linux NFS RPC.STATD Remote Denial Of Service Vulnerability BugTraq ID: 11785 Remote: Yes Date Published: Dec 01 2004 Relevant URL: http://www.securityfocus.com/bid/11785 Summary: It is reported that rpc.statd is vulnerable to a remote denial of service vulnerability. This vulnerability allows remote attackers to crash the affected application. This may result in the failure to cleanup NFS network locks, possibly resulting in denied access to files, as they may be considered permanently locked. Verion 1.0.6 of nfs-utils is reported vulnerable to this issue. Other versions may also be affected. 17. ACPID Proxy Unspecified Local Denial Of Service Vulnerabilit... BugTraq ID: 11786 Remote: No Date Published: Dec 01 2004 Relevant URL: http://www.securityfocus.com/bid/11786 Summary: An unspecified local denial of service vulnerability affected acpid_proxy. The underlying issue causing this vulnerability is currently unknown, this BID will be updated as more details are released. A local attacker may leverage this issue to cause the affected computer to crash, denying service to legitimate users. 18. gnubiff Multiple Remote Denial Of Service Vulnerabilities BugTraq ID: 11787 Remote: Yes Date Published: Dec 01 2004 Relevant URL: http://www.securityfocus.com/bid/11787 Summary: It is reported that gnubiff contains multiple remote denial of service vulnerabilities. gnubiff is reportedly unable to properly handle unterminated responses to certain IMAP and POP commands. These vulnerabilities reportedly affect versions prior to 2.0.2 for cleartext connections, and versions prior to 2.0.3 for SSL connections. 20. FreeBSD Linux ProcFS Local Kernel Denial Of Service And Info... BugTraq ID: 11789 Remote: No Date Published: Dec 02 2004 Relevant URL: http://www.securityfocus.com/bid/11789 Summary: A local denial of service and information disclosure vulnerability affects the procfs and linprocfs implementation on FreeBSD. This issue is due to a design error that causes the mismanagement of memory references. An attacker may leverage this issue to cause a kernel panic on an affected computer, denying service to legitimate users. It is also possible to leverage this issue to disclose kernel memory, potentially facilitating access to sensitive information in kernel buffers. 21. S9Y Serendipity Remote Cross-Site Scripting Vulnerability BugTraq ID: 11790 Remote: Yes Date Published: Dec 02 2004 Relevant URL: http://www.securityfocus.com/bid/11790 Summary: A cross-site scripting vulnerability affects S9Y Serendipity. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.=20 An attacker may leverage this issue to have arbitrary HTML and script code rendered and executed in the browser of an unsuspecting user. This may facilitate theft of cookie-based authentication credentials as well as other attacks. 22. SCPOnly Remote Arbitrary Command Execution Vulnerability BugTraq ID: 11791 Remote: Yes Date Published: Dec 02 2004 Relevant URL: http://www.securityfocus.com/bid/11791 Summary: scponly is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a vulnerable computer. Versions prior to 4.0 are reported susceptible to this issue. 23. RSSH Remote Arbitrary Command Execution Vulnerability BugTraq ID: 11792 Remote: Yes Date Published: Dec 02 2004 Relevant URL: http://www.securityfocus.com/bid/11792 Summary: rssh is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a vulnerable computer. All versions of rssh are considered vulnerable at the moment. 25. Linux Kernel Unspecified Local TSS Vulnerability For AMD64 A... BugTraq ID: 11794 Remote: No Date Published: Dec 02 2004 Relevant URL: http://www.securityfocus.com/bid/11794 Summary: The Linux kernel is reported prone to an unspecified local TSS-related (Task State Segment) vulnerability. This vulnerability reportedly only affects the AMD64, and the EMT64T CPU architectures. This vulnerability reportedly allows local attackers to crash the kernel, or possibly gain elevated privileges. It is reported that Linux kernels prior to version 2.4.23 are susceptible to this vulnerability. 26. Blog Torrent Remote Directory Traversal Vulnerability BugTraq ID: 11795 Remote: Yes Date Published: Dec 02 2004 Relevant URL: http://www.securityfocus.com/bid/11795 Summary: It is reported that Blog Torrent is prone to a remote directory traversal vulnerability. This issue is due to a failure of the server process to properly filter user supplied input.=20 Blog Torrent preview 0.8 version is affected by this vulnerability. 27. Global Moxie Big Medium Unspecified Remote Script Code Execu... BugTraq ID: 11796 Remote: Yes Date Published: Dec 02 2004 Relevant URL: http://www.securityfocus.com/bid/11796 Summary: Global Moxie Big Medium is reported prone to a remote unspecified code execution vulnerability. It is reported that this vulnerability may be exploited to allow a remote user to upload arbitrary files into the Big Medium "web" directory. 28. PHProjekt Unspecified Authentication Bypass Vulnerability BugTraq ID: 11797 Remote: Yes Date Published: Dec 02 2004 Relevant URL: http://www.securityfocus.com/bid/11797 Summary: PHPProject is reported prone to an unspecified authentication bypass vulnerability. Reports indicate that the vulnerability is present in the 'setup.php' source file and may be exploited by a remote attacker to gain access to the 'setup.php' file without requiring authentication. 29. Advanced Guestbook Cross-Site Scripting Vulnerability BugTraq ID: 11798 Remote: Yes Date Published: Dec 02 2004 Relevant URL: http://www.securityfocus.com/bid/11798 Summary: It is reported that Advanced Guestbook is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. This vulnerability is reported to exist in version 2.3.1 of Advanced Guestbook. Other versions may also be affected. 30. Burut Kreed Game Server Multiple Remote Vulnerabilities BugTraq ID: 11799 Remote: Yes Date Published: Dec 02 2004 Relevant URL: http://www.securityfocus.com/bid/11799 Summary: Kreed game server is reported prone to multiple vulnerabilities. The following individual issues are reported: It is reported that the game server is prone to a format string handling vulnerability. This vulnerability may potentially be exploited by a remote attacker to write to arbitrary locations in process memory potentially resulting in remote code execution. The second reported issue, a denial of service, is reported to affect the Kreed game server. Reports indicate that when a large UDP datagram is handled, the server will crash. A remote attacker may exploit this vulnerability to deny service to legitimate users. Finally, a denial of service is reported in the Kreed server scripts. It is reported that a malicious nickname or model type will trigger the vulnerability. A remote attacker may exploit this vulnerability to deny service to legitimate users. 34. Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulne... BugTraq ID: 11803 Remote: Yes Date Published: Dec 03 2004 Relevant URL: http://www.securityfocus.com/bid/11803 Summary: It is reported that Jakarta Lucene is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link is followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. This vulnerability is reported to exist in version 1.4.2 and previous of Jakarta Lucene. Other versions may also be affected. 36. Sandino Flores Moreno Gaim Festival Plug-in Remote Denial Of... BugTraq ID: 11805 Remote: Yes Date Published: Dec 03 2004 Relevant URL: http://www.securityfocus.com/bid/11805 Summary: The Gaim Festival Plug-in is reported prone to a remote denial of service vulnerability. Reports indicate that the plug-in does not handle certain characters correctly and will crash if these characters are parsed from an incoming message. A remote attacker may exploit this condition to deny service to legitimate users. Further attacks may also be possible. |
Dec 9th 2004 (SN)
Secunia
[SA13406] Red Hat update for ImageMagick Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-09 Red Hat has issued an update for ImageMagick. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13406/ [SA13395] SUSE Updates for Multiple Packages Critical: Highly critical Where: From remote Impact: Privilege escalation, DoS, System access Released: 2004-12-08 SUSE has issued updates for multiple packages. These fix various vulnerabilities, which can be exploited to overwrite files, gain escalated privileges, or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13395/ [SA13386] Mandrake update for ImageMagick Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-07 MandrakeSoft has issued an update for ImageMagick. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/13386/ [SA13382] Gentoo update for imlib Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-12-07 Gentoo has issued an update for imlib. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13382/ [SA13381] Imlib Image Decoding Integer Overflow Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-12-07 Pavel Kankovsky has reported multiple vulnerabilities in imlib, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13381/ [SA13378] LessTif libXpm Multiple Image Processing Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-12-06 Multiple vulnerabilities have been reported in LessTif, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13378/ [SA13373] Gentoo update for pdflib Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-12-06 Gentoo has issued an update for pdflib. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/13373/ [SA13366] SUSE update for cyrus-imapd Critical: Highly critical Where: From remote Impact: System access Released: 2004-12-06 SUSE has issued an update for cyrus-imapd. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13366/ [SA13362] Mac OS X Security Update Fixes Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2004-12-03 Apple has issued a security update for Mac OS X, which fixes various vulnerabilities. Full Advisory: http://secunia.com/advisories/13362/ [SA13380] Debian update for ViewCVS Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-12-06 Debian has issued an update for viewcvs. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/13380/ [SA13367] Darwin Streaming Server "DESCRIBE" Request Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-12-08 A vulnerability has been reported in Darwin Streaming Server, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/13367/ [SA13358] Big Medium Unspecified Script Upload Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2004-12-02 A vulnerability has been reported in Big Medium, which potentially can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13358/ [SA13401] Sun Solaris in.rwhod Unspecified Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2004-12-08 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13401/ [SA13371] Debian hpsockd Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2004-12-03 infamous41md has reported a vulnerability in hpsockd, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13371/ [SA13359] Red Hat update for kernel Critical: Moderately critical Where: From local network Impact: Security Bypass, Privilege escalation, DoS Released: 2004-12-03 Red Hat has issued an update for the kernel. This fixes multiple vulnerabilities, which potentially can be exploited to gain escalated privileges, bypass certain security restrictions, or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/13359/ [SA13407] Fedora update for mysql Critical: Less critical Where: From local network Impact: Security Bypass, Privilege escalation, DoS, System access Released: 2004-12-09 Fedora has issued an update for mysql. This fixes multiple vulnerabilities, which can be exploited to perform certain actions on a system with escalated privileges, bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13407/ [SA13403] Debian update for nfs-utils Critical: Less critical Where: From local network Impact: DoS Released: 2004-12-09 Debian has issued an update for nfs-utils. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/13403/ [SA13390] Mandrake update for nfs-utils Critical: Less critical Where: From local network Impact: DoS Released: 2004-12-07 MandrakeSoft has issued an update for nfs-utils. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/13390/ [SA13384] nfs-utils "SIGPIPE" TCP Connection Termination Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2004-12-07 SGI has reported a vulnerability in nfs-utils, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/13384/ [SA13405] rootsh Escape Sequences Logging Security Bypass Critical: Less critical Where: Local system Impact: Security Bypass Released: 2004-12-09 A security issue has been reported in rootsh, which can be exploited by malicious, local users to bypass the logging functionality. Full Advisory: http://secunia.com/advisories/13405/ [SA13392] Gentoo mirrorselect Insecure Temporary File Creation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-07 Ervin Nemeth has reported a vulnerability in mirrorselect, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/13392/ [SA13388] Gentoo update for perl Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-07 Gentoo has issued an update for perl. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/13388/ [SA13387] Mandrake update for gzip Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-07 MandrakeSoft has issued an update for gzip. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/13387/ [SA13385] Mandrake update for lvm Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-07 MandrakeSoft has issued an update for lvm. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/13385/ [SA13383] Mandrake update for openssl Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-12-07 MandrakeSoft has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/13383/ [SA13379] Gentoo rssh Arbitrary Command Execution Vulnerability Critical: Less critical Where: Local system Impact: Security Bypass Released: 2004-12-06 Gentoo has acknowledged a vulnerability in rssh, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/13379/ [SA13376] file Unspecified ELF Header Parsing Vulnerability Critical: Less critical Where: Local system Impact: Unknown Released: 2004-12-06 A vulnerability with an unknown impact has been reported in file. Full Advisory: http://secunia.com/advisories/13376/ [SA13370] AIX Unspecified System Startup Scripts Vulnerability Critical: Less critical Where: Local system Impact: Manipulation of data, DoS Released: 2004-12-03 A vulnerability has been reported in AIX, which can be exploited by malicious, local users to inject arbitrary data into the ODM (Object Data Manager) or cause a vulnerable system to hang during boot. Full Advisory: http://secunia.com/advisories/13370/ [SA13369] Gentoo update for scponly Critical: Less critical Where: Local system Impact: Security Bypass Released: 2004-12-06 Gentoo has issued an update for scponly. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/13369/ [SA13364] scponly Security Bypass Arbitrary Command Execution Vulnerability Critical: Less critical Where: Local system Impact: Security Bypass Released: 2004-12-03 Jason Wies has reported a vulnerability in scponly, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/13364/ [SA13363] rssh Security Bypass Arbitrary Command Execution Vulnerability Critical: Less critical Where: Local system Impact: Security Bypass Released: 2004-12-03 Jason Wies has reported a vulnerability in rssh, which can be exploited to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/13363/ Cross Platform:-- [SA13402] Netscape Window Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2004-12-08 A vulnerability has been reported in Netscape, which can be exploited by malicious people to spoof the content of websites. Full Advisory: http://secunia.com/advisories/13402/ [SA13400] WebLibs Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2004-12-08 John Bissell has reported a vulnerability in WebLibs, which can be exploited by malicious people to access sensitive information. Full Advisory: http://secunia.com/advisories/13400/ [SA13375] ViewCVS Restricted Directory Access Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2004-12-06 Hajvan Sehic has reported a vulnerability in ViewCVS, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/13375/ [SA13397] MaxDB Web Tools Buffer Overflow and Denial of Service Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2004-12-08 Evgeny Demidov has reported two vulnerabilities in MaxDB, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/13397/ [SA13393] Codestriker Unspecified Repository Security Bypass Issue Critical: Less critical Where: From remote Impact: Security Bypass Released: 2004-12-08 A security issue has been reported in Codestriker, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/13393/ [SA13360] Jakarta Lucene "results.jsp" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-12-03 A vulnerability has been reported in Jakarta Lucene, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/13360/ [SA13357] Serendipity "searchTerm" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-12-02 Stefan Esser has reported a vulnerability in Serendipity, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/13357/ [SA13377] Novell NetMail Default NMAP Authentication Credential Security Issue Critical: Less critical Where: From local network Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2004-12-06 A security issue has been reported in NetMail, which can be exploited by malicious people to access the mail store. Full Advisory: http://secunia.com/advisories/13377/ |
Dec 10th 2004 (LAW)
Linux Advisory Watch
Distribution: Debian * Debian: hpsockd denial of service fix 3rd, December, 2004 "infamous41md" discovered a buffer overflow condition in hpsockd, the socks server written at Hewlett-Packard. An exploit could cause the program to crash or may have worse effect. http://www.linuxsecurity.com/content/view/117313 * Debian: viewcvs information leak fix 6th, December, 2004 Hajvan Sehic discovered several vulnerabilities in viewcvs, a utility for viewing CVS and Subversion repositories via HTTP. When exporting a repository as a tar archive the hide_cvsroot and forbidden settings were not honoured enough. http://www.linuxsecurity.com/content/view/117392 * Debian: nfs-util denial of service fix 8th, December, 2004 SGI has discovered that rpc.statd from the nfs-utils package, the Network Status Monitor, did not ignore the "SIGPIPE". Hence, a client prematurely terminating the TCP connection could also terminate the server process. http://www.linuxsecurity.com/content/view/117423 Distribution: Fedora * Fedora: cyrus-imapd-2.2.10-3.fc2 update 3rd, December, 2004 The recent update to cyrus-imapd-2.2.10-1.fc2 for security exploits revealed a package installation problem. http://www.linuxsecurity.com/content/view/117366 * Fedora: cyrus-imapd-2.2.10-3.fc3 update 3rd, December, 2004 The recent update to cyrus-imapd-2.2.10-1.fc3 for security exploits revealed a package installation problem. If the main configuration files for cyrus-imapd http://www.linuxsecurity.com/content/view/117367 * Fedora: netatalk-1.6.4-2.2 update 6th, December, 2004 Fix to temp file vulnerability in /etc/psf/etc2ps http://www.linuxsecurity.com/content/view/117395 * Fedora: netatalk-1.6.4-4 update 6th, December, 2004 Fix temp file vulnerability in /etc/psf/etc2ps http://www.linuxsecurity.com/content/view/117396 * Fedora: gaim-1.1.0-0.FC2 update 6th, December, 2004 Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. http://www.linuxsecurity.com/content/view/117397 * Fedora: gaim-1.1.0-0.FC3 update 6th, December, 2004 Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. http://www.linuxsecurity.com/content/view/117398 * Fedora: rhpl-0.148.1-2 update 6th, December, 2004 Remove synaptics requires (#137935) http://www.linuxsecurity.com/content/view/117399 * Fedora: ttfonts-ja-1.2-36.FC3.0 update 7th, December, 2004 reverted the previous changes so that it broke ghostscript working. (#139798) http://www.linuxsecurity.com/content/view/117404 * Fedora: mc-4.6.1-0.11FC3 update 7th, December, 2004 The updated version of Midnight Commander contains finished CAN-2004-0494 security fixes in extfs scripts and has better support for UTF-8, contains subshell prompt fixes and enhanced large file support. http://www.linuxsecurity.com/content/view/117417 * Fedora: udev-039-10.FC3.4 update 7th, December, 2004 udev is a implementation of devfs in userspace using sysfs and /sbin/hotplug. It requires a 2.6 kernel to run properly. http://www.linuxsecurity.com/content/view/117418 * Fedora: udev-039-10.FC3.5 update 7th, December, 2004 fixed udev.rules for cdrom symlinks (bug 141897) http://www.linuxsecurity.com/content/view/117419 * Fedora: gnome-bluetooth-0.5.1-5.FC3.1 update 7th, December, 2004 fixed again gnome-bluetooth-manager script for 64bit (bug 134864) http://www.linuxsecurity.com/content/view/117420 * Fedora: rsh update 8th, December, 2004 fixed rexec fails with "Invalid Argument" (#118630) http://www.linuxsecurity.com/content/view/117432 * Fedora: Omni-0.9.2-1.1 update 8th, December, 2004 This is the 0.9.2 release of the Omni printer driver collection. It also fixes a library path problem on multilib architectures such as x86_64. http://www.linuxsecurity.com/content/view/117433 * Fedora: mysql-3.23.58-9.1 update 8th, December, 2004 fix security issues CAN-2004-0835, CAN-2004-0836, CAN-2004-0837 (bugs #135372, 135375, 135387) http://www.linuxsecurity.com/content/view/117434 * Fedora: libpng-1.2.8-1.fc2 update 9th, December, 2004 Updates libpng to the current release 1.2.8. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html http://www.linuxsecurity.com/content/view/117439 * Fedora: libpng10-1.0.18-1.fc2 update 9th, December, 2004 Updates libpng10 to the current release 1.0.18. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html http://www.linuxsecurity.com/content/view/117440 * Fedora: glib2-2.4.8-1.fc2 update 9th, December, 2004 Updates GLib to the current stable release 2.4.8. For details about the bugs which have been fixed in this release, see http://mail.gnome.org/archives/gnome...nce-list/2004- December/msg00004.html http://www.linuxsecurity.com/content/view/117441 * Fedora: gtk2-2.4.14-1.fc2 update 9th, December, 2004 Updates GTK+ to the current stable release 2.4.14. For details about the bugs which have been fixed in this release, see http://mail.gnome.org/archives/gnome...nce-list/2004- December/msg00007.html http://www.linuxsecurity.com/content/view/117442 * Fedora: libpng10-1.0.18-1.fc3 update 9th, December, 2004 Updates libpng10 to the current release 1.0.18. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html http://www.linuxsecurity.com/content/view/117443 * Fedora: libpng-1.2.8-1.fc3 update 9th, December, 2004 Updates libpng to the current release 1.2.8. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html http://www.linuxsecurity.com/content/view/117444 * Fedora: glib2-2.4.8-1.fc3 update 9th, December, 2004 Updates GLib to the current stable release 2.4.8. For details about the bugs which have been fixed in this release, see http://mail.gnome.org/archives/gnome...nce-list/2004- December/msg00004.html http://www.linuxsecurity.com/content/view/117445 * Fedora: gtk2-2.4.14-1.fc3 update 9th, December, 2004 Updates GTK+ to the current stable release 2.4.14. For details about the bugs which have been fixed in this release, see http://mail.gnome.org/archives/gnome...nce-list/2004- December/msg00007.html http://www.linuxsecurity.com/content/view/117446 * Fedora: postgresql-odbc-7.3-6.2 update 9th, December, 2004 This update fixes problems occurring on 64-bit platforms. http://www.linuxsecurity.com/content/view/117447 * Fedora: postgresql-odbc-7.3-8.FC3.1 update 9th, December, 2004 This update fixes problems occurring on 64-bit platforms. http://www.linuxsecurity.com/content/view/117448 * Fedora: postgresql-7.4.6-1.FC2.1 update 9th, December, 2004 This update synchronizes PostgreSQL for FC2 with the version already released in FC3. http://www.linuxsecurity.com/content/view/117449 * Fedora: shadow-utils-4.0.3-55 update 9th, December, 2004 A regression has been fixed where strict enforcement of POSIX rules for user and group names prevented Samba 3 from using its "add machine script" feature... http://www.linuxsecurity.com/content/view/117452 * Fedora: shadow-utils-4.0.3-56 update 9th, December, 2004 A regression has been fixed where strict enforcement of POSIX rules for user and group names prevented Samba 3 from using its "add machine script" feature... http://www.linuxsecurity.com/content/view/117453 * Gentoo: rssh, scponly Unrestricted command execution 3rd, December, 2004 rssh and scponly do not filter command-line options that can be exploited to execute any command, thereby allowing a remote user to completely bypass the restricted shell. http://www.linuxsecurity.com/content/view/117364 Distribution: Gentoo * Gentoo: PDFlibs Multiple overflows in the included TIFF library 6th, December, 2004 PDFlib is vulnerable to multiple overflows, which can potentially lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/117393 * Gentoo: imlib Buffer overflows in image decoding 6th, December, 2004 Multiple overflows have been found in the imlib library image decoding routines, potentially allowing execution of arbitrary code. http://www.linuxsecurity.com/content/view/117394 * Gentoo: perl Insecure temporary file creation 6th, December, 2004 Perl is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. http://www.linuxsecurity.com/content/view/117402 * Gentoo: mirrorselect Insecure temporary file creation 7th, December, 2004 mirrorselect is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files. http://www.linuxsecurity.com/content/view/117403 * Mandrake: drakxtools update 7th, December, 2004 Beginning immediately, all bug reports for stable releases will be handled via Bugzilla at http://qa.mandrakesoft.com/. The drakbug tool has been updated to point users of stable releases to Bugzilla. http://www.linuxsecurity.com/content/view/117405 Distribution: Mandrake * Mandrake: dietlibc fix 7th, December, 2004 There was a problem with dietlibc in Mandrakelinux 10.0/amd64 where it would not provide proper support for the AMD64 architecture. The updated package fixes this. http://www.linuxsecurity.com/content/view/117406 * Mandrake: gzip fix 7th, December, 2004 The Trustix developers found some insecure temporary file creation problems in the zdiff, znew, and gzeze supplemental scripts in the gzip package. These flaws could allow local users to overwrite files via a symlink attack. http://www.linuxsecurity.com/content/view/117407 * Mandrake: ImageMagick fix 7th, December, 2004 A vulnerability was discovered in ImageMagick where, due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could potentially lead to the execution of arbitrary code. http://www.linuxsecurity.com/content/view/117408 * Mandrake: lvml fix 7th, December, 2004 The Trustix developers discovered that the lvmcreate_initrd script, part of the lvm1 package, created a temporary directory in an insecure manner. This could allow for a symlink attack to create or overwrite arbitrary files with the privileges of the user running the script. http://www.linuxsecurity.com/content/view/117409 * Mandrake: rp-pppoe fix 7th, December, 2004 Max Vozeler discovered a vulnerability in pppoe, part of the rp-pppoe package. When pppoe is running setuid root, an attacker can overwrite any file on the system. Mandrakelinux does not install pppoe setuid root, however the packages have been patched to prevent this problem. http://www.linuxsecurity.com/content/view/117410 * Mandrake: nfs-utils fix 7th, December, 2004 SGI developers discovered a remote DoS (Denial of Service) condition in the NFS statd server. rpc.statd did not ignore the "SIGPIPE" signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely. http://www.linuxsecurity.com/content/view/117411 * Mandrake: openssl fix 7th, December, 2004 The Trustix developers found that the der_chop script, included in the openssl package, created temporary files insecurely. This could allow local users to overwrite files using a symlink attack. http://www.linuxsecurity.com/content/view/117412 * Trustix: multiple package bugfixes 9th, December, 2004 amavisd-new AMaViS is a script that interfaces a mail transport agent (MTA) with one or more virus scanners. http://www.linuxsecurity.com/content/view/117437 Distribution: Trustix * Trustix: nfs-util Remote denial of service 9th, December, 2004 SGI developers discovered a remote Denial of Service in the NFS statd server where it did not ignore the "SIGPIPE" signal. This could cause the server to shut down if a client terminates prematurely. http://www.linuxsecurity.com/content/view/117438 Distribution: Red Hat * Red Hat: ImageMagick security vulnerability fix 8th, December, 2004 Updated ImageMagick packages that fixes a buffer overflow are now available. http://www.linuxsecurity.com/content/view/117431 Distribution: SuSE * SuSE: cyrus-imapd remote command execution 3rd, December, 2004 Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an update is strongly recommended. http://www.linuxsecurity.com/content/view/117317 Distribution: TurboLinux * TurboLinux: samba, cups vulnerabilities 8th, December, 2004 Two vulnerabilities discovered in Samba. DoS vulnerability in cups. http://www.linuxsecurity.com/content/view/117424 |
| All times are GMT -5. The time now is 06:03 AM. |