LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Closed Thread
 
Search this Thread
Old 12-31-2004, 01:47 PM   #1
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
LQ Security Report - December 31st 2004


December 28th 2004
21 issues handled (SF)
1. HTGET URI Buffer Overflow Vulnerability
2. PHP Shared Memory Module Offset Memory Corruption Vulnerabil...
3. KDE Konqueror Multiple Remote Java Sandbox Bypass Vulnerabil...
4. CHPOX Unspecified Vulnerability
5. GNU Troff (Groff) Insecure Temporary File Creation Vulnerabi...
6. MIT Kerberos 5 Administration Library Add_To_History Heap-Ba...
7. LibVNCServer Multiple Unspecified Vulnerabilities
8. Rosiello Security RFTPD Multiple Remote And Local Vulnerabil...
9. Perl RMTree Local Race Condition Vulnerability
10. Rosiello Security RPF Multiple Remote And Local Vulnerabilit...
11. libTIFF Heap Corruption Integer Overflow Vulnerabilities
12. MPlayer And Xine PNM_Get_Chunk Multiple Remote Client-Side B...
13. Debian Debmake Local Insecure Temporary File Creation Vulner...
14. Linux Kernel 32 Bit Compatibility System Call Handler AMD64 ...
15. Skype Technologies Skype Internet Telephony Insecure Default...
16. Snort DecodeTCPOptions Remote Denial Of Service Vulnerabilit...
17. SSLTelnetd Unspecified Format String Vulnerability
18. NetWin SurgeMail Webmail Unspecified Vulnerability
19. Linux Security Modules Process Capabilities Design Error
20. Nullsoft SHOUTcast File Request Format String Vulnerability
21. Linux Kernel ELF Binary Loading Denial Of Service Vulnerabil...

December 30th 2004
41 issues handled (SN)
[SA13692] Mandrake update for koffice
[SA13691] Mandrake update for kdegraphics
[SA13689] Mandrake update for gpdf
[SA13686] Mandrake update for tetex
[SA13685] Mandrake update for xpdf
[SA13667] Debian update for imlib
[SA13666] Debian update for tiff
[SA13663] Debian update for netkit-telnet-ssl
[SA13656] SSLtelnet Unspecified Format String Vulnerability
[SA13646] Fedora update for xpdf
[SA13690] Mandrake update for cups
[SA13683] Gentoo update for ViewCVS
[SA13669] Fedora update for cups
[SA13668] CUPS xpdf "doImage()" Buffer Overflow Vulnerability
[SA13664] Snort TCP/IP Options Denial of Service Vulnerability
[SA13658] Red Hat update for SquirrelMail
[SA13672] Gentoo update for cups
[SA13662] Mandrake update for samba
[SA13653] Netscape Directory Server for HP-UX Buffer Overflow Vulnerability
[SA13696] KDE kio_ftp FTP Command Injection Vulnerability
[SA13688] Mandrake update for kdelibs
[SA13651] HP Secure Web Server Denial of Service Vulnerability
[SA13648] HP Tru64 TCP Connection Reset Denial of Service
[SA13659] Red Hat update for kernel
[SA13684] Mandrake update for glibc
[SA13682] Conectiva update for netpbm
[SA13679] aStats Insecure Temporary File Creation
[SA13670] Atari800 Unspecified Buffer Overflow Vulnerabilities
[SA13655] HP-UX SAM Privilege Escalation Vulnerability
[SA13654] Linux Kernel SACF Instruction Privilege Escalation Vulnerability
[SA13650] Linux Security Modules Running Processes Capability Security Issue
[SA13687] Mozilla "MSG_UnEscapeSearchUrl()" Buffer Overflow Vulnerability
[SA13673] WHM AutoPilot Multiple Vulnerabilities
[SA13661] SHOUTcast Filename Format String Vulnerability
[SA13660] PHProjekt "path_pre" Parameter Arbitrary File Inclusion Vulnerability
[SA13657] e107 Image Manager File Upload Vulnerability
[SA13652] Help Center Live Multiple Vulnerabilities
[SA13649] Zeroboard Two Vulnerabilities
[SA13677] MySQL Eventum Multiple Vulnerabilities
[SA13665] PHP-Blogger Disclosure of Sensitive Information Security Issue
[SA13694] Moodle "search" Cross-Site Scripting Vulnerability

December 31st 2004
7 issues handled over 4 distros (LAW)
netpbm
libtiff
imlib
Xpdf/Gpdf
CUPS
ViewCVS
smbd
 
Old 12-31-2004, 01:50 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Original Poster
Rep: Reputation: 57
December 28th 2004 (SF)

Security Focus

1. HTGET URI Buffer Overflow Vulnerability
BugTraq ID: 12039
Remote: Yes
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12039
Summary:
HTGET is prone to a buffer overflow vulnerability. This vulnerability is exposed when the software handles a malformed URI. Successful exploitation may result in execution of arbitrary code in the context of the client user.

2. PHP Shared Memory Module Offset Memory Corruption Vulnerabil...
BugTraq ID: 12045
Remote: No
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12045
Summary:
PHP shared memory module (shmop) is reported prone to an integer handling vulnerability. The issue exists in the PHP_FUNCTION(shmop_write) function and is as a result of a lack of sufficient sanitization performed on 'offset' data. This vulnerability may be exploited to make an almost arbitrary write into process memory. It is reported that the vulnerability may be leveraged to disable PHP 'safe mode', this may result in further compromise in a shared-server environment.

3. KDE Konqueror Multiple Remote Java Sandbox Bypass Vulnerabil...
BugTraq ID: 12046
Remote: Yes
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12046
Summary:
KDE Konqueror is a freely available, open source web browser distributed and maintained by the KDE project. It is available for the UNIX and Linux operating systems. Multiple remote Java sandbox bypass vulnerabilities affect KDE Konqueror. These issues are due to a failure of the application to properly secure the Java web plug-in. The first issue is a failure of the application to restrict access to sensitive Java classes from the Java browser plug-in. The second issue is a failure of the application to restrict access to sensitive Java classes from JavaScript scripts. These issues may be leveraged to carry out a variety of unspecified attacks including sensitive information disclosure and denial of service attacks. Any successful exploitation would take place with the privileges of the user running the affected browser application.

4. CHPOX Unspecified Vulnerability
BugTraq ID: 12055
Remote: Unknown
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12055
Summary:
chpox is affected by an unspecified vulnerability; it is not known if this issue is local or remote. The underlying cause of this issue is currently unknown. The potential impact of this issue is also unknown. Users are advised to upgrade to the latest version of the affected software. More information is not currently available. This BID will be updated as more details are released.

5. GNU Troff (Groff) Insecure Temporary File Creation Vulnerabi...
BugTraq ID: 12058
Remote: No
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12058
Summary:
GNU Troff (groff) is affected by multiple insecure temporary file creation vulnerabilities. These issues are due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage these issues to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. GNU Troff (groff) 1.18 is reported vulnerable to these issues. Other versions are likely to be vulnerable as well. This BID will be updated when more information becomes available.

6. MIT Kerberos 5 Administration Library Add_To_History Heap-Ba...
BugTraq ID: 12059
Remote: No
Date Published: Dec 20 2004
Relevant URL: http://www.securityfocus.com/bid/12059
Summary:
It is reported that the MIT Kerberos 5 administration library is affected by a heap-based buffer overflow vulnerability. The vulnerability presents itself in the 'add_to_history()' function of the 'svr_principal.c' source file. The vulnerability exists due to an indexing error that occurs under certain circumstances. An authenticated attacker may potentially exploit this vulnerability on a Key Distribution Center (KDC) to execute arbitrary code in the context of the vulnerable service, ultimately resulting in the compromise of an entire Kerberos realm.

7. LibVNCServer Multiple Unspecified Vulnerabilities
BugTraq ID: 12068
Remote: Yes
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12068
Summary:
Multiple, unspecified vulnerabilities reportedly affect LibVNCServer. The underlying cause of these issues is currently unknown. The potential impacts of these issues are unknown. Due to the nature of the affected software it is possible that these issues may be leveraged to conduct denial of service and even system compromise, although this is not confirmed.

8. Rosiello Security RFTPD Multiple Remote And Local Vulnerabil...
BugTraq ID: 12071
Remote: Yes
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12071
Summary:
Multiple remote vulnerabilities reportedly affect Rosiello Security's rftpd. These issues are due to buffer mismanagement and failures to handle certain network data. The first issue is a failure of the application to properly implement an authentication scheme. Multiple information leaks reportedly affects the application due to a failure to properly NULL terminate strings created with the 'strncpy()' function. Multiple remote buffer overflows are reported to affect various commands of the affected server application. A local buffer overflow exists in the processing of the Message Of The Day (MOTD) file. Finally, the affected application is affected by an access validation vulnerability. These issues may be exploited to gain unauthorized access to the FTP server, reveal potentially sensitive memory, trigger a denial of service condition, bypass file and directory permissions, and execute arbitrary code with the privilege of the affected server process.

9. Perl RMTree Local Race Condition Vulnerability
BugTraq ID: 12072
Remote: No
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12072
Summary:
Perl is reported prone to a local race condition. The vulnerability is present in the 'rmtree()' function provided by the 'File::Path' module. A local attacker may exploit this condition to disclose potentially sensitive data, or to launch other attacks against an application that employs the vulnerable function.

10. Rosiello Security RPF Multiple Remote And Local Vulnerabilit...
BugTraq ID: 12073
Remote: Yes
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12073
Summary:
A remote buffer overflow and a local symbolic link vulnerability reportedly affect Rosiello Security rpf. These issues are due to a failure of the application to properly validate user-supplied string lengths and a design error facilitating local symbolic link attacks. The buffer overflow will allow a remote attacker execute arbitrary code with the privileges of a user running the vulnerable application, facilitating unauthorized access and privilege escalation. An attacker may leverage the symbolic link issue to corrupt arbitrary files with the privileges of the user that activated the affected application.

11. libTIFF Heap Corruption Integer Overflow Vulnerabilities
BugTraq ID: 12075
Remote: Yes
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12075
Summary:
It has been reported that libtiff is affected by two heap corruption vulnerabilities due to integer overflow errors that can be triggered when malicious or malformed image files are processed. Theoretically, anattacker can exploit the vulnerabilities to execute arbitrary code in the context of an application linked to the library, when TIFF image data is processed (i.e. displayed). Because image data is frequently external in origin, these vulnerabilities are considered remotely exploitable.

12. MPlayer And Xine PNM_Get_Chunk Multiple Remote Client-Side B...
BugTraq ID: 12076
Remote: Yes
Date Published: Dec 21 2004
Relevant URL: http://www.securityfocus.com/bid/12076
Summary:
Multiple buffer overflow vulnerabilities are reported to exist in the xine and MPlayer utilities. The following issues are reported: Several buffer overflow vulnerabilities are reported to exist in the 'pnm_get_chunk()' function. Reports indicate that the vulnerabilities present themselves in the RMF_TAG, DATA_TAG, PROP_TAG, MDPR_TAG and CONT_TAG handling code of 'pnm_get_chunk()'. A remote attacker may potentially leverage this memory corruption to execute arbitrary code in the context of a user that uses the vulnerable utility to connect to a malicious PNM server. An additional buffer overflow vulnerability is reported to exist in the PNA_TAG handling code of the 'pnm_get_chunk()' function. It is reported that supplied PNA_TAG data is copied into a finite buffer without sufficient boundary checks. This results in memory corruption. A remote attacker may potentially leverage this memory corruption to execute arbitrary code in the context of a user that uses the vulnerable utility to connect to a malicious PNM server.

13. Debian Debmake Local Insecure Temporary File Creation Vulner...
BugTraq ID: 12078
Remote: No
Date Published: Dec 22 2004
Relevant URL: http://www.securityfocus.com/bid/12078
Summary:
A local insecure file creation vulnerability affects Debian's debmake. This issue is due to a design error that causes the affected application to create temporary files insecurely. An attacker may leverage this issue to corrupt arbitrary files with the privileges of the user that activates the affected application.

14. Linux Kernel 32 Bit Compatibility System Call Handler AMD64 ...
BugTraq ID: 12079
Remote: No
Date Published: Dec 22 2004
Relevant URL: http://www.securityfocus.com/bid/12079
Summary:
Linux Kernel is reported prone to a local privilege escalation vulnerability. This issue may allow an attacker to gain elevated privileges leading to a complete compromise of a vulnerable computer. It is reported that this issue arises as the 32 bit compatibility system call handler fails to verify an unspecified argument properly. This vulnerability only presents itself on the AMD64 platform. This issue reportedly affects 2.4.x versions of the kernel. Further details about this issue are currently unavailable. This BID will be updated if more information is released.

15. Skype Technologies Skype Internet Telephony Insecure Default...
BugTraq ID: 12081
Remote: No
Date Published: Dec 22 2004
Relevant URL: http://www.securityfocus.com/bid/12081
Summary:
An insecure default installation vulnerability reportedly affects Skype Technologies Skype. This issue is due to a failure of the application to properly secure files and directories that are installed. This issue is only reported to affect Skype for the Linux platform. An attacker may leverage this issue to create, delete, and write to arbitrary files and create files in the insecure directory.

16. Snort DecodeTCPOptions Remote Denial Of Service Vulnerabilit...
BugTraq ID: 12084
Remote: Yes
Date Published: Dec 22 2004
Relevant URL: http://www.securityfocus.com/bid/12084
Summary:
Snort is reported prone to a remote denial of service vulnerability. The vulnerability is reported to exist in the DecodeTCPOptions() function of 'decode.c', and is as a result of a failure to sufficiently handle malicious TCP packets. A remote attacker may trigger this vulnerability to crash a remote Snort server and in doing so may prevent subsequent malicious attacks from being detected.

17. SSLTelnetd Unspecified Format String Vulnerability
BugTraq ID: 12085
Remote: Yes
Date Published: Dec 23 2004
Relevant URL: http://www.securityfocus.com/bid/12085
Summary:
Reportedly SSLTelnetd is affected by an unspecified format string vulnerability. This issue is due to an improper implementation of a formatted string function. Specific technical details about this issue were not disclosed. It is conjectured that due to the nature of the affected application, this issue is remotely exploitable. This vulnerability is reported to affect Linux Netkit netkit-telnet-ssl 0.17.17, however, it is likely that other versions are affected as well. This BID will be updated when more information becomes available.

18. NetWin SurgeMail Webmail Unspecified Vulnerability
BugTraq ID: 12086
Remote: Yes
Date Published: Dec 23 2004
Relevant URL: http://www.securityfocus.com/bid/12086
Summary:
SurgeMail is reported prone to an unspecified vulnerability. This issue affects the Webmail functionality of the SurgeMail server. Further details were not released in the report by the vendor. It is conjectured that due to the nature of this application, this vulnerability may result from an input validation error. Although unconfirmed, this issue is considered to be remotely exploitable. SurgeMail releases prior to 2.2c9 are affected by this vulnerability. Due to a lack of details, further information is not available at the moment. This BID will be updated when more information becomes available.

19. Linux Security Modules Process Capabilities Design Error
BugTraq ID: 12093
Remote: No
Date Published: Dec 23 2004
Relevant URL: http://www.securityfocus.com/bid/12093
Summary:
It has been reported that Linux Security Modules suffers from a design error that could result in host compromise. According to the report, when LSM is loaded as a kernel module, existing processes on the system will be granted unauthorized capabilities. This includes non-root processes. A malicious user on the system at this time will have effectively gained administrative access. Reported affected are versions of LSM for Linux kernels 2.5.x and 2.6.x. LSM on Linux 2.4.x is reportedly not vulnerable.

20. Nullsoft SHOUTcast File Request Format String Vulnerability
BugTraq ID: 12096
Remote: Yes
Date Published: Dec 23 2004
Relevant URL: http://www.securityfocus.com/bid/12096
Summary:
Nullsoft SHOUTcast is prone to a remotely exploitable format string vulnerability. The vulnerability is exposed when the server attempts to handle a client request for a file. Successful exploitation may allow execution of arbitrary code in the context of the server process. This could also be exploited to crash the server and, possibly, to read process memory (which could increase reliability of an exploit). This issue was reported to exist in version 1.9.4 on Linux. It is likely that versions for other platforms are also affected by the vulnerability, though it is not known to what degree they are exploitable. Earlier versions of the software are also likely affected.

21. Linux Kernel ELF Binary Loading Denial Of Service Vulnerabil...
BugTraq ID: 12101
Remote: Yes
Date Published: Dec 24 2004
Relevant URL: http://www.securityfocus.com/bid/12101
Summary:
The Linux kernel is affected by an ELF binary loading vulnerability. This issue is due to a failure of the affected kernel to properly handle malformed ELF binaries. An attacker may leverage this issue to cause the affected kernel to crash, denying service to legitimate users.
 
Old 12-31-2004, 01:55 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Original Poster
Rep: Reputation: 57
December 30th 2004 (SN)

Secunia

[SA13692] Mandrake update for koffice
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-30
MandrakeSoft has issued an update for koffice. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory: http://secunia.com/advisories/13692/

[SA13691] Mandrake update for kdegraphics
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-30
MandrakeSoft has issued an update for kdegraphics. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.
Full Advisory: http://secunia.com/advisories/13691/

[SA13689] Mandrake update for gpdf
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-30
MandrakeSoft has issued updates for gpdf. These fix a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory: http://secunia.com/advisories/13689/

[SA13686] Mandrake update for tetex
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-30
MandrakeSoft has issued an update for tetex. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory: http://secunia.com/advisories/13686/

[SA13685] Mandrake update for xpdf
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-30
MandrakeSoft has issued an update for xpdf. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory: http://secunia.com/advisories/13685/

[SA13667] Debian update for imlib
Critical: Highly critical
Where: From remote
Impact: System access, DoS
Released: 2004-12-25
Debian has issued an update for imlib. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory: http://secunia.com/advisories/13667/

[SA13666] Debian update for tiff
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-25
Debian has issued an update for tiff. This fixes a vulnerability, which
can be exploited by malicious people to compromise a vulnerable system.
Full Advisory: http://secunia.com/advisories/13666/

[SA13663] Debian update for netkit-telnet-ssl
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-24
Debian has issued an update for netkit-telnet-ssl. This fixes a
vulnerability, which potentially allows malicious people to compromise
a vulnerable system.
Full Advisory: http://secunia.com/advisories/13663/

[SA13656] SSLtelnet Unspecified Format String Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-24
Joel Eriksson has reported a vulnerability in SSLtelnet, which
potentially allows malicious people to compromise a vulnerable system
Full Advisory: http://secunia.com/advisories/13656/

[SA13646] Fedora update for xpdf
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-25
Fedora has issued an update for xpdf. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.
Full Advisory: http://secunia.com/advisories/13646/

[SA13690] Mandrake update for cups
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-12-30
MandrakeSoft has issued an update for cups. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory: http://secunia.com/advisories/13690/

[SA13683] Gentoo update for ViewCVS
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2004-12-29
Gentooo has issued an update for ViewCVS. This fixes two
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions and conduct cross-site scripting
attacks.
Full Advisory: http://secunia.com/advisories/13683/

[SA13669] Fedora update for cups
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-12-26
Fedora has issued an update for cups. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory: http://secunia.com/advisories/13669/

[SA13668] CUPS xpdf "doImage()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-12-26
A vulnerability has been reported in CUPS, which potentially can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory: http://secunia.com/advisories/13668/

[SA13664] Snort TCP/IP Options Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-12-24
Marcin Zgorecki has reported a vulnerability in Snort, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory: http://secunia.com/advisories/13664/

[SA13658] Red Hat update for SquirrelMail
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-12-24
Red Hat has issued an update for SquirrelMail. This fixes a
vulnerability, which can be exploited by malicious people to conduct
script insertion attacks.
Full Advisory: http://secunia.com/advisories/13658/

[SA13672] Gentoo update for cups
Critical: Moderately critical
Where: From local network
Impact: Manipulation of data, DoS, System access
Released: 2004-12-28
Gentoo has issued an update for cups. This fixes multiple
vulnerabilities, which can be exploited by malicious users to
manipulate certain files, cause a DoS (Denial of Service), or
compromise a vulnerable system.
Full Advisory: http://secunia.com/advisories/13672/

[SA13662] Mandrake update for samba
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-12-28
MandrakeSoft has issued an update for samba. This fixes a
vulnerability, which can be exploited by malicious users to compromise
a vulnerable system.
Full Advisory: http://secunia.com/advisories/13662/

[SA13653] Netscape Directory Server for HP-UX Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2004-12-24
A vulnerability has been reported in Netscape Directory Server for
HP-UX, which can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.
Full Advisory: http://secunia.com/advisories/13653/

[SA13696] KDE kio_ftp FTP Command Injection Vulnerability
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-12-30
The vendor has acknowledged a vulnerability in kio_ftp, which can be
exploited by malicious people to conduct FTP command injection
attacks.
Full Advisory: http://secunia.com/advisories/13696/

[SA13688] Mandrake update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2004-12-30
MandrakeSoft has issued an update for kdelibs. This fixes a
vulnerability, which can be exploited by malicious people to conduct
FTP command injection attacks.
Full Advisory: http://secunia.com/advisories/13688/

[SA13651] HP Secure Web Server Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-12-24
HP has acknowledged a vulnerability in Secure Web Server, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory: http://secunia.com/advisories/13651/

[SA13648] HP Tru64 TCP Connection Reset Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2004-12-24
HP has acknowledged a vulnerability in Tru64 UNIX, which can be
exploited by malicious people to reset established TCP connections on a
vulnerable system.
Full Advisory: http://secunia.com/advisories/13648/

[SA13659] Red Hat update for kernel
Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS
Released: 2004-12-24
Red Hat has issued updated packages for the kernel. These fixes some
vulnerabilities, allowing malicious, local users to escalate their
privileges, cause a DoS (Denial of Service), and gain knowledge of
sensitive information or malicious people to cause a DoS.
Full Advisory: http://secunia.com/advisories/13659/

[SA13684] Mandrake update for glibc
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-12-30
MandrakeSoft has issued an update for glibc. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
Full Advisory: http://secunia.com/advisories/13684/

[SA13682] Conectiva update for netpbm
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-12-30
Conectiva has issued an update for netpbm. This fixes a vulnerability,
which can be exploited by malicious, local users to escalate their
privileges on a vulnerable system.
Full Advisory: http://secunia.com/advisories/13682/

[SA13679] aStats Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-12-29
Javier Fernández-Sanguino Peña has reported a vulnerability in aStats,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory: http://secunia.com/advisories/13679/

[SA13670] Atari800 Unspecified Buffer Overflow Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-12-28
Some vulnerabilities have been reported in Atari800, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory: http://secunia.com/advisories/13670/

[SA13655] HP-UX SAM Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-12-24
A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory: http://secunia.com/advisories/13655/

[SA13654] Linux Kernel SACF Instruction Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-12-27
Martin Schwidefsky has reported a vulnerability in the Linux Kernel,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory: http://secunia.com/advisories/13654/

[SA13650] Linux Security Modules Running Processes Capability Security Issue
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-12-27
LiangBin has reported a security issue in Linux Security Modules (LSM),
which may grant normal user processes escalated privileges.
Full Advisory: http://secunia.com/advisories/13650/

[SA13687] Mozilla "MSG_UnEscapeSearchUrl()" Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access, DoS
Released: 2004-12-30
Maurycy Prodeus has reported a vulnerability in Mozilla, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory: http://secunia.com/advisories/13687/

[SA13673] WHM AutoPilot Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,System access
Released: 2004-12-29
James Bercegay has reported some vulnerabilities in WHM AutoPilot,
which can be exploited by malicious people to conduct cross-site
scripting, compromise a vulnerable system and disclose system
information.
Full Advisory: http://secunia.com/advisories/13673/

[SA13661] SHOUTcast Filename Format String Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-26
Tomasz Trojanowski and Damian Put have discovered a vulnerability in
SHOUTcast, which potentially can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory: http://secunia.com/advisories/13661/

[SA13660] PHProjekt "path_pre" Parameter Arbitrary File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-28
cYon has reported a vulnerability in PHProjekt, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory: http://secunia.com/advisories/13660/

[SA13657] e107 Image Manager File Upload Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-26
sysbug has reported a vulnerability in e107, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory: http://secunia.com/advisories/13657/

[SA13652] Help Center Live Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information,System access
Released: 2004-12-26
James Bercegay has reported some vulnerabilities in Help Center Live,
which can be exploited by malicious people to conduct cross-site
scripting attacks, compromise a vulnerable system and disclose
sensitive information.
Full Advisory: http://secunia.com/advisories/13652/

[SA13649] Zeroboard Two Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2004-12-24
Jeremy Bae has reported two vulnerabilities in Zeroboard, which can be
exploited by malicious people to compromise a vulnerable system and
conduct cross-site scripting attacks.
Full Advisory: http://secunia.com/advisories/13649/

[SA13677] MySQL Eventum Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2004-12-30
sullo has reported multiple vulnerabilities in Eventum, which can be
exploited by malicious people to conduct cross-site scripting and
script insertion attacks and potentially bypass certain security
restrictions.
Full Advisory: http://secunia.com/advisories/13677/

[SA13665] PHP-Blogger Disclosure of Sensitive Information Security Issue
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-12-24
snilabs has reported a security issue in PHP-Blogger, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory: http://secunia.com/advisories/13665/

[SA13694] Moodle "search" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-12-30
Bartek Nowotarski has reported a vulnerability in Moodle, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory: http://secunia.com/advisories/13694/
 
Old 12-31-2004, 01:58 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Original Poster
Rep: Reputation: 57
December 31st 2004 (LAW)

Linux Advisory Watch

Distribution: Conectiva
netpbm Insecure temporary file creation
Utilities provided by the netpbm package prior to the 9.25 version contain defects[2] in temporary file handling. They create temporary files with predictable names without checking if the target file already exists.
http://www.linuxsecurity.com/content/view/117694


Distribution: Debian
libtiff arbitrary code execution fix
"infamous41md" discovered a problem in libtiff, the Tag Image File Format library for processing TIFF graphics files. Upon reading a TIFF file it is possible to allocate a zero sized buffer and write to it which would lead to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/117664

imlib arbitrary code execution fix
Pavel Kankovsky discovered that several overflows found in the libXpm library were also present in imlib, an imaging library for X and X11. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a victim.
http://www.linuxsecurity.com/content/view/117667


Distribution: Gentoo
Xpdf, Gpdf New integer overflows
New integer overflows were discovered in Xpdf, potentially resulting in the execution of arbitrary code. GPdf includes Xpdf code and therefore is vulnerable to the same issues.
http://www.linuxsecurity.com/content/view/117690

CUPS Multiple vulnerabilities
Multiple vulnerabilities have been found in CUPS, ranging from local Denial of Service attacks to the remote execution of arbitrary code.
http://www.linuxsecurity.com/content/view/117691

ViewCVS Information leak and XSS vulnerabilities
ViewCVS is vulnerable to an information leak and to cross-site scripting (XSS) issues.
http://www.linuxsecurity.com/content/view/117692


Distribution: Mandrake
integer overflow vulnerabilities update
Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.
http://www.linuxsecurity.com/content/view/117683
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LQ Security Report - December 22nd 2004 Capt_Caveman Linux - Security 2 12-22-2004 05:08 PM
LQ Security Report - December 11th 2004 unSpawn Linux - Security 3 12-11-2004 06:10 AM
LQ Security Report - June 27 2004 Capt_Caveman Linux - Security 3 06-27-2004 01:37 AM
LQ Security Report May 28th 2004 Capt_Caveman Linux - Security 4 05-28-2004 01:26 PM
LQ Security Report - May 8th 2004 Capt_Caveman Linux - Security 3 05-08-2004 11:39 AM


All times are GMT -5. The time now is 07:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration