LQ Security Report May 28th 2004
May 25th 2004
31 issues handled (ISS) 1. libtASN1 DER parsing issue 2. Linux Kernel e1000 driver buffer overflow 3. BusyBox netlink message spoofing 4. KDE URL handler allows attacker unauthorized access 5. Turbo Traffic Trader C multiple scripts cross-site 6. wget lock race condition 7. Php-Nuke show weblink path disclosure 8. Php-Nuke multiple cross-site scipting 9. osCommerce "dot dot" directory traversal 10. Zen Cart login allows SQL injection 11. passwd stdin option off-by-one buffer overflow 12. passwd improper validation of pam_start 13. passwd memory leak 14. libuser denial of service 15. Subversion date parsing allows command execution 16. neon library ne_rfc1036_parse function buffer 17. CVS entry line buffer overflow 18. Sun JSSE incorrectly validates digital 19. LHA extract_one buffer overflows 20. cPanel Fantastico information disclosure 21. Apache mod_ssl ssl_util_uuencode_binary buffer overflow 22. Phorum allows attacker to hijack session 23. PHP-Nuke modpath PHP file include 24. vsftpd connection denial of service 25. Perl and ActivePerl duplication operator integer overflow 26. Mozilla JavaScript denial of service 27. OpenBSD procfs allows elevated privileges 28. Firebird database name buffer overflow 29. Apache HTTP Server PHP denial of service 30. e107 log.php cross-site scripting 31. Liferay Enterprise Portal message cross-site scripting May 25th 2004 12 issues handles (SF) 1. TurboTrafficTrader C Multiple Cross-Site Scripting and HTML... 2. WGet Insecure File Creation Race Condition Vulnerability 3. PHP-Nuke Modpath Parameter Potential File Include Vulnerabil... 4. PHP-Nuke Multiple Input Validation Vulnerabilities 5. LibUser Multiple Unspecified Vulnerabilities 6. Mandrake Linux passwd Potential Vulnerabilities 7. KDE Konqueror Embedded Image URI Obfuscation Weakness 8. CVS Malformed Entry Modified and Unchanged Flag Insertion He... 9. Neon WebDAV Client Library ne_rfc1036_parse Function Heap Ov... 10. Subversion Date Parsing Function Buffer Overflow Vulnerabili... 11. Netscape Navigator Embedded Image URI Obfuscation Weakness 12. SquirrelMail Unspecified SQL Injection Vulnerability May 28th 2004 24 issues across 9 distros (LAW) libneon mailman kde xpcd kdepim httpd SquirrelMail cvs Subversion cadaver metamail Firebird Opera MySQL mc Apache Heimdal apache-mod_perl kernel kolab-server utempter LHA tcpdump,libpcap,arpwatch kdelibs/kdelibs3 |
May 25th 2004 (ISS)
Internet Security Systems
1. Date Reported: 05/14/2004 Brief Description: libtASN1 DER parsing issue Risk Factor: Medium Attack Type: Network Based Platforms: libtANS1 0.1.x prior to 0.1.2, libtASN1 0.2.x prior to 0.2.7, Linux Any version, Unix Any version Vulnerability: libtasn1-der-parsing X-Force URL: http://xforce.iss.net/xforce/xfdb/16157 2. Date Reported: 05/14/2004 Brief Description: Linux Kernel e1000 driver buffer overflow Risk Factor: High Attack Type: Host Based Platforms: Linux Any version, Linux kernel 2.4 - 2.4.26 Vulnerability: linux-e1000-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16159 3. Date Reported: 05/14/2004 Brief Description: BusyBox netlink message spoofing Risk Factor: Medium Attack Type: Host Based Platforms: BusyBox Any version, SuSE Linux 8.0, SuSE Linux 8.1, SuSE Linux 8.2, SuSE Linux 9.0, SuSE Linux 9.1 Vulnerability: busybox-netlink-message-spoofing X-Force URL: http://xforce.iss.net/xforce/xfdb/16162 4. Date Reported: 05/17/2004 Brief Description: KDE URL handler allows attacker unauthorized access Risk Factor: High Attack Type: Network Based Platforms: Gentoo Linux Any version, K Desktop Environment (KDE) 3.2.2 and prior, Red Hat Advanced Workstation 2.1AS, Red Hat Enterprise Linux 2.1AS, Red Hat Hat Enterprise Linux 2.1ES, Red Hat Enterprise Linux 2.1WS, Red Hat Enterprise Linux 3AS, Red Hat Enterprise Linux 3ES, Red Hat Enterprise Linux 3WS, Red Hat Linux Desktop 3, Slackware Linux 9.0, Slackware Linux 9.1, Slackware Linux current, Unix Any version Vulnerability: kde-url-handler-gain-access X-Force URL: http://xforce.iss.net/xforce/xfdb/16163 5. Date Reported: 05/16/2004 Brief Description: Turbo Traffic Trader C multiple scripts cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, Turbo Traffic Trader C Any version Vulnerability: turbotraffictraderc-multiple-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/16164 6. Date Reported: 05/16/2004 Brief Description: wget lock race condition Risk Factor: Medium Attack Type: Host Based Platforms: Linux Any version, wget 1.9 and 1.9.1 Vulnerability: wget-lock-race-condition X-Force URL: http://xforce.iss.net/xforce/xfdb/16167 7. Date Reported: 05/17/2004 Brief Description: Php-Nuke show weblink path disclosure Risk Factor: Low Attack Type: Network Based Platforms: Any operating system Any version, PHP-Nuke 6.x through 7.3 Vulnerability: phpnuke-show-weblink-path-disclosure X-Force URL: http://xforce.iss.net/xforce/xfdb/16170 8. Date Reported: 05/17/2004 Brief Description: Php-Nuke multiple cross-site scipting Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, PHP-Nuke 6.x through 7.3 Vulnerability: phpnuke-multi-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/16172 9. Date Reported: 05/17/2004 Brief Description: osCommerce "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, osCommerce Any version, Unix Any version, Windows Any version Vulnerability: oscommerce-dotdot-directory-traversal X-Force URL: http://xforce.iss.net/xforce/xfdb/16174 10. Date Reported: 05/17/2004 Brief Description: Zen Cart login allows SQL injection Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, Zen Cart 1.1.2d Vulnerability: zencart-login-sql-injection X-Force URL: http://xforce.iss.net/xforce/xfdb/16176 11. Date Reported: 05/17/2004 Brief Description: passwd stdin option off-by-one buffer overflow Risk Factor: Medium Attack Type: Host Based Platforms: Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake Linux 9.2, Mandrake Linux Corporate Server 2.1, Mandrake Multi Network Firewall 8.2, passwd 0.68 Vulnerability: passwd-stdin-offbyone-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16178 12. Date Reported: 05/17/2004 Brief Description: passwd improper validation of pam_start Risk Factor: Medium Attack Type: Host Based Platforms: Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake Linux 9.2, Mandrake Linux Corporate Server 2.1, Mandrake Multi Network Firewall 8.2, passwd 0.68 Vulnerability: passwd-pamstart-improper-validation X-Force URL: http://xforce.iss.net/xforce/xfdb/16179 13. Date Reported: 05/17/2004 Brief Description: passwd memory leak Risk Factor: Medium Attack Type: Host Based Platforms: Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake Linux 9.2, Mandrake Linux Corporate Server 2.1, Mandrake Multi Network Firewall 8.2, passwd 0.68 Vulnerability: passwd-memory-leak X-Force URL: http://xforce.iss.net/xforce/xfdb/16180 14. Date Reported: 05/17/2004 Brief Description: libuser denial of service Risk Factor: Medium Attack Type: Host Based / Network Based Platforms: libuser 0.51.7, Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake Linux 9.2, Mandrake Linux Corporate Server 2.1 Vulnerability: libuser-dos X-Force URL: http://xforce.iss.net/xforce/xfdb/16188 15. Date Reported: 05/19/2004 Brief Description: Subversion date parsing allows command execution Risk Factor: High Attack Type: Network Based Platforms: Linux Any version, Subversion 1.0.2 and prior,Unix Any version Vulnerability: subversion-date-parsing-command-execution X-Force URL: http://xforce.iss.net/xforce/xfdb/16191 16. Date Reported: 05/19/2004 Brief Description: neon library ne_rfc1036_parse function buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Debian Linux 3.0, Linux Any version, neon 0.24.5 and earlier, Unix Any version Vulnerability: neon-library-nerfc1036parse-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16192 17. Date Reported: 05/19/2004 Brief Description: CVS entry line buffer overflow Risk Factor: High Attack Type: Network Based Platforms: CVS (Concurrent Versions System) 1.11.15 and earlier, CVS (Concurrent Versions System) 1.12.7 and earlier, Debian Linux 3.0, FreeBSD Any version, Debian Linux 3.0, Linux Any version, Red Hat Red Hat Advanced Workstation 2.1, Red Hat Enterprise Linux 2.1AS, Red Hat Enterprise Linux 2.1ES, Red Hat Enterprise Linux 2.1WS, Red Hat Enterprise Linux 3AS, Red Hat Enterprise Linux 3ES, Red Hat Enterprise Linux 3WS, Red Hat Linux Desktop 3, Unix Any version Vulnerability: cvs-entry-line-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16193 18. Date Reported: 05/18/2004 Brief Description: Sun JSSE incorrectly validates digital certificates Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, Solaris Any version, Sun JSSE 1.0.3, Sun JSSE 1.0.3_01, Sun JSSE 1.0.3_02, Windows Any version Vulnerability: sun-jsse-improper-validation X-Force URL: http://xforce.iss.net/xforce/xfdb/16194 19. Date Reported: 05/15/2004 Brief Description: LHA extract_one buffer overflows Risk Factor: High Attack Type: Network Based Platforms: LHA Any version, Linux Any version Vulnerability: lha-extractone-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16196 20. Date Reported: 05/19/2004 Brief Description: cPanel Fantastico information disclosure Risk Factor: Medium Attack Type: Network Based Platforms: cPanel 9.3.0-R5, Linux Any version, Unix Any version Vulnerability: cpanel-fantastico-obtain-information X-Force URL: http://xforce.iss.net/xforce/xfdb/16197 21. Date Reported: 05/17/2004 Brief Description: Apache mod_ssl ssl_util_uuencode_binary buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms: Apache HTTP Server Any version, Linux Any version, Unix Any version Vulnerability: apache-modssl-uuencode-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16214 22. Date Reported: 05/19/2004 Brief Description: Phorum allows attacker to hijack session Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, Phorum 4.3.7 Vulnerability: phorum-session-hijack X-Force URL: http://xforce.iss.net/xforce/xfdb/16215 23. Date Reported: 05/17/2004 Brief Description: PHP-Nuke modpath PHP file include Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, PHP-Nuke 6.x through 7.3 Vulnerability: phpnuke-modpath-file-include X-Force URL: http://xforce.iss.net/xforce/xfdb/16218 24. Date Reported: 05/21/2004 Brief Description: vsftpd connection denial of service Risk Factor: Low Attack Type: Network Based Platforms: Linux Any version, Unix Any version, vsftpd prior to 1.2.2 Vulnerability: vsftpd-connection-dos X-Force URL: http://xforce.iss.net/xforce/xfdb/16222 25. Date Reported: 05/17/2004 Brief Description: Perl and ActivePerl duplication operator integer overflow Risk Factor: High Attack Type: Network Based Platforms: ActivePerl Any version, Any operating system Any version Vulnerability: perl-duplication-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16224 26. Date Reported: 05/13/2004 Brief Description: Mozilla JavaScript denial of service Risk Factor: Low Attack Type: Network Based Platforms: Any operating system Any version, Mozilla Any version Vulnerability: mozilla-javascript-dos X-Force URL: http://xforce.iss.net/xforce/xfdb/16225 27. Date Reported: 05/13/2004 Brief Description: OpenBSD procfs allows elevated privileges Risk Factor: High Attack Type: Host Based Platforms: OpenBSD 3.4, OpenBSD 3.5, OpenBSD Packet Filter3.5 Vulnerability: openbsd-procfs-gain-privileges X-Force URL: http://xforce.iss.net/xforce/xfdb/16226 28. Date Reported: 05/23/2004 Brief Description: Firebird database name buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Debian Linux Any version, Firebird 1.0 Vulnerability: firebird-database-name-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16229 29. Date Reported: 05/23/2004 Brief Description: Apache HTTP Server PHP denial of service Risk Factor: Low Attack Type: Network Based Platforms: Any operating system Any version, Apache HTTP Server Any version Vulnerability: apache-php-dos X-Force URL: http://xforce.iss.net/xforce/xfdb/16230 30. Date Reported: 05/21/2004 Brief Description: e107 log.php cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, e107 Any version Vulnerability: e107-log-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/16231 31. Date Reported: 05/22/2004 Brief Description: Liferay Enterprise Portal message cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, Liferay Enterprise Portal Any version Vulnerability: liferay-message-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/16232 |
May 25th 2004 (SF)
Security Focus
1. TurboTrafficTrader C Multiple Cross-Site Scripting and HTML ... BugTraq ID: 10359 Remote: Yes Date Published: May 17 2004 Relevant URL: http://www.securityfocus.com/bid/10359 Summary: It has been reported that TurboTrafficTrader C does not properly sanitize input received from users. It has been conjectured that this may allow a remote user to launch cross-site scripting and HTML injection attacks. The cross-site scripting issues could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. The HTML injection issues could allow an attacker to post malicious HTML and script code that would then later be rendered in the web browser of further visitors to the affected site. These attacks would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. Other attacks are also possible. 2. WGet Insecure File Creation Race Condition Vulnerability BugTraq ID: 10361 Remote: No Date Published: May 17 2004 Relevant URL: http://www.securityfocus.com/bid/10361 Summary: wget has been reported prone to a race condition vulnerability. The issue exists because wget does not lock files that it creates and writes to during file downloads. A local attacker may exploit this condition to corrupt files with the privileges of the victim who is running the vulnerable version of wget. 3. PHP-Nuke Modpath Parameter Potential File Include Vulnerabil... BugTraq ID: 10365 Remote: Yes Date Published: May 17 2004 Relevant URL: http://www.securityfocus.com/bid/10365 Summary: PHP-Nuke is prone to a potential file include vulnerability. This issue could allow a remote attacker to include malicious files containing aribtrary code to be executed on a vulnerable system. This issue can be exploited via the 'modpath' parameter. If successful, the malicious script supplied by the attacker will be executed in the context of the web server hosting the vulnerable software. 4. PHP-Nuke Multiple Input Validation Vulnerabilities BugTraq ID: 10367 Remote: Yes Date Published: May 17 2004 Relevant URL: http://www.securityfocus.com/bid/10367 Summary: PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. An attacker can carry out cross-site scripting and path disclosure attacks. 5. LibUser Multiple Unspecified Vulnerabilities BugTraq ID: 10368 Remote: Yes Date Published: May 17 2004 Relevant URL: http://www.securityfocus.com/bid/10368 Summary: Libuser implements a standardized interface for manipulating and administering user and group accounts one Unix systems. It has been reported that several vulnerabilities exist in this library. Attackers could possibly crash applications that are linked to this library, or possibly cause the applications to write 4GB files containing garbage to disk. These issues could possibly lead to a denial of service condition, causing legitimate users to be unable to access resources. 6. Mandrake Linux passwd Potential Vulnerabilities BugTraq ID: 10370 Remote: Unknown Date Published: May 17 2004 Relevant URL: http://www.securityfocus.com/bid/10370 Summary: Two potential security issues reportedly affect the implementation of passwd included with Mandrake Linux, according to Mandrake advisory MDKSA-2004:045. According to the report, passwords supplied to passwd via stdin are incorrectly one character shorter than they should be. It is not known whether this behavior occurs at the interactive prompt or if the implementation allows for passwords to be "piped" to passwd through stdin. This may or may not have security implications as the user's password will not be stored correctly and the user will not be able to login. It is conceivable that this could result in a less secure password. The second issue reported by Mandrake is that PAM may not be initialized correctly and "safe and proper" operation may not be ensured. Further technical details are not known. 7. KDE Konqueror Embedded Image URI Obfuscation Weakness BugTraq ID: 10383 Remote: Yes Date Published: May 18 2004 Relevant URL: http://www.securityfocus.com/bid/10383 Summary: It is reported that KDE Konqueror is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag. This weakness could be employed to trick a user into following a malicious link. An attacker can exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim is to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site. 8. CVS Malformed Entry Modified and Unchanged Flag Insertion He... BugTraq ID: 10384 Remote: Yes Date Published: May 19 2004 Relevant URL: http://www.securityfocus.com/bid/10384 Summary: CVS is prone to a remote heap overflow vulnerability. This issue presents itself during the handling of user-supplied input for entry lines with 'modified' and 'unchanged' flags. This vulnerability can allow an attacker to overflow a vulnerable buffer on the heap, possibly leading to arbitrary code execution. CVS versions 1.11.15 and prior and CVS feature versions 1.12.7 and prior are prone to this issue. 9. Neon WebDAV Client Library ne_rfc1036_parse Function Heap Ov... BugTraq ID: 10385 Remote: Yes Date Published: May 19 2004 Relevant URL: http://www.securityfocus.com/bid/10385 Summary: Neon WebDAV client library is prone to a heap overflow vulnerability. This issue exists due to improper boundary checks performed on user-supplied data. Reportedly a malformed string value may cause a sscanf() string overflow into static heap variables. Neon 0.24.5 and prior are prone to this issue. 10. Subversion Date Parsing Function Buffer Overflow Vulnerabili... BugTraq ID: 10386 Remote: Yes Date Published: May 19 2004 Relevant URL: http://www.securityfocus.com/bid/10386 Summary: Subversion is prone to a buffer overflow vulnerability. This issue exists in one of the data parsing functions of the application. Specifically, Subversion calls an sscanf() function when converting data strings to different formats. This causes user-supplied data to be copied into an unspecified buffer without proper boundary checks performed by the application. Subversion versions 1.0.2 and prior are prone to this issue. 11. Netscape Navigator Embedded Image URI Obfuscation Weakness BugTraq ID: 10389 Remote: Yes Date Published: May 19 2004 Relevant URL: http://www.securityfocus.com/bid/10389 Summary: It is reported that Netscape Navigator is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag. This weakness could be employed to trick a user into following a malicious link. An attacker can exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim is to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site. 12. SquirrelMail Unspecified SQL Injection Vulnerability BugTraq ID: 10397 Remote: Yes Date Published: May 21 2004 Relevant URL: http://www.securityfocus.com/bid/10397 Summary: Reportedly, SquirrelMail is prone to an unspecified SQL injection vulnerability. The vulnerability results from insufficient sanitization of user-supplied data. This issue may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the user password hashes or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation. Due to a lack of information, further details are not currently available. This BID will be updated as more information becomes available. SquirrelMail 1.4.2 and prior versions are affected by this issue. |
May28th 2004 (LAW)
Linux Advisory Watch
Distribution: Conectiva 5/25/2004 - libneon Heap overflow vulnerability libneon library which could be abused by remote WebDAV servers to execute arbitrary code on the client accessing these servers. http://www.linuxsecurity.com/advisor...sory-4397.html 5/27/2004 - mailman Multiple vulnerabilities Fixes cross site scripting and remote password retrieval vulnerabilities, plus a denial of service. http://www.linuxsecurity.com/advisor...sory-4409.html 5/27/2004 - kde Insufficient input sanitation The telnet, rlogin, ssh and mailto URI handlers in KDE do not check for '-' at the beginning of the hostname passed. http://www.linuxsecurity.com/advisor...sory-4410.html Distribution: Debian 5/25/2004 - xpcd Buffer overflow vulnerability Bug allows copy of user-supplied data of arbitrary length into a fixed-size buffer in the pcd_open function. http://www.linuxsecurity.com/advisor...sory-4396.html Distribution: Fedora 5/25/2004 - kdepim Buffer overflow vulnerability An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. http://www.linuxsecurity.com/advisor...sory-4394.html 5/25/2004 - httpd Multiple vulnerabilities Fixes an exploitable memory leak and escapable error-log output. http://www.linuxsecurity.com/advisor...sory-4395.html Distribution: FreeBSD 5/27/2004 - core:sys Buffer cache invalidation vulnerability Multiple vulnerabilities In some situations, a user with read access to a file may be able to prevent changes to that file from being committed to disk. http://www.linuxsecurity.com/advisor...sory-4408.html Distribution: Gentoo 5/25/2004 - SquirrelMail Cross-site scripting vulnerabilities SquirrelMail is subject to several XSS and one SQL injection vulnerability. http://www.linuxsecurity.com/advisor...sory-4381.html 5/25/2004 - cvs Heap overflow vulnerability CVS is subject to a heap overflow vulnerability allowing source repository compromise. http://www.linuxsecurity.com/advisor...sory-4382.html 5/25/2004 - neon Heap overflow vulnerability A vulnerability potentially allowing remote execution of arbitrary code has been discovered in the neon library. http://www.linuxsecurity.com/advisor...sory-4383.html 5/25/2004 - Subversion Format string vulnerability There is a vulnerability in the Subversion date parsing code which may lead to denial of service attacks, or execution of arbitrary code. http://www.linuxsecurity.com/advisor...sory-4384.html 5/25/2004 - cadaver Heap overflow vulnerability There is a heap-based buffer overflow, possibly leading to execution of arbitrary code when connected to a malicious server. http://www.linuxsecurity.com/advisor...sory-4385.html 5/25/2004 - metamail Multiple vulnerabilities Several format string bugs and buffer overflows were discovered in metamail, potentially allowing execution of arbitrary code remotely. http://www.linuxsecurity.com/advisor...sory-4386.html 5/25/2004 - Firebird Buffer overflow vulnerability A buffer overflow may allow a local user to manipulate or destroy local databases and trojan the Firebird binaries. http://www.linuxsecurity.com/advisor...sory-4387.html 5/25/2004 - Opera Insufficient input sanitation A vulnerability exists in Opera's telnet URI handler that may allow a remote attacker to overwrite arbitrary files. http://www.linuxsecurity.com/advisor...sory-4388.html 5/27/2004 - MySQL Symlink vulnerability Two MySQL utilities create temporary files with hardcoded paths, allowing an attacker to use a symlink to trick MySQL into overwriting important data. http://www.linuxsecurity.com/advisor...sory-4404.html 5/27/2004 - mc Multiple vulnerabilities Multiple security issues have been discovered in Midnight Commander including several buffer overflows and string format vulnerabilities. http://www.linuxsecurity.com/advisor...sory-4405.html 5/27/2004 - Apache 1.3 Multiple vulnerabilities Several security vulnerabilites have been fixed in the latest release of Apache 1.3. http://www.linuxsecurity.com/advisor...sory-4406.html 5/27/2004 - Heimdal Buffer overflow vulnerability A possible buffer overflow in the Kerberos 4 component of Heimdal has been discovered. http://www.linuxsecurity.com/advisor...sory-4407.html Distribution: Mandrake 5/25/2004 - apache-mod_perl Multiple vulnerabilities Buffer overflow vulnerability Four security vulnerabilities were fixed with the 1.3.31 release of Apache. All of these issues have been backported and applied to the provided packages. http://www.linuxsecurity.com/advisor...sory-4392.html 5/25/2004 - kernel 2.6 Multiple vulnerabilities Several kernel 2.6 vulnerabilities have been fixed in this update. http://www.linuxsecurity.com/advisor...sory-4393.html 5/27/2004 - mailman Password leak vulnerability Mailman versions >= 2.1 have an issue where 3rd parties can retrieve member passwords from the server. http://www.linuxsecurity.com/advisor...sory-4402.html 5/27/2004 - kolab-server Plain text passwords Password leak vulnerability The affected versions store OpenLDAP passwords in plain text. http://www.linuxsecurity.com/advisor...sory-4403.html Distribution: OpenBSD 5/25/2004 - cvs Heap overflow vulnerability Malignant clients can run arbitrary code on CVS servers. http://www.linuxsecurity.com/advisor...sory-4391.html Distribution: Red Hat 5/27/2004 - utempter Symlink vulnerability An updated utempter package that fixes a potential symlink vulnerability is now available. http://www.linuxsecurity.com/advisor...sory-4399.html 5/27/2004 - LHA Multiple vulnerabilities Ulf Harnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. http://www.linuxsecurity.com/advisor...sory-4400.html 5/27/2004 - tcpdump,libpcap,arpwatch Denial of service vulnerability Multiple vulnerabilities Upon receiving specially crafted ISAKMP packets, TCPDUMP would crash. http://www.linuxsecurity.com/advisor...sory-4401.html Distribution: Slackware 5/25/2004 - cvs Heap overflow vulnerability Carefully crafted server requests to run arbitrary programs on the CVS server machine. http://www.linuxsecurity.com/advisor...sory-4390.html Distribution: SuSE 5/27/2004 - kdelibs/kdelibs3 Insufficient input sanitation Heap overflow vulnerability The URI handler of the kdelibs3 and kdelibs class library contains a flaw which allows remote attackers to create arbitrary files as the user utilizing the kdelibs3/kdelibs package. http://www.linuxsecurity.com/advisor...sory-4398.html Distribution: Turbolinux 5/25/2004 - kernel Multiple vulnerabilities The vulnerabilities may allow an attacker to cause a denial of service to the kernel and gain sensitive information from your system. http://www.linuxsecurity.com/advisor...sory-4389.html |
WARN: Remote Root Exploit in SuSE 9.1 Live CD
It has recently been identified that SuSE 9.1 Live edition (a bootable CD-ROM edition) allows passwordless remote root logins via ssh due to a configuration error. This includes the Live CD that is included with SuSE 9.1 Personal Edition. All SuSE 9.1 Live users should see the full advisory for a temporary work around as well as a URL for the fixed version. http://www.suse.com/de/security/2004_11_live_cd_91.html |
All times are GMT -5. The time now is 02:28 AM. |