LQ Security Report - October 17th 2004
October 15th 2004
26 issues handled over 7 distros (LAW) cups samba python2.2 mysql cyrus-sasl arbitrary code execution fix mpg123 sox squid pcmcia-cs gimp tzdata libuser system-config-users k3b libtiff ruby Ed ncompress LessTif gettext xfree86 tiff wordpress BNC libpng rsync October 14th 2004 40 issues handled (SN) 1. Debian update for mpg123 2. ocPortal "index.php" Arbitrary File Inclusion Vulnerability 3. UnixWare update for libpng 4. Sun Solaris libXpm Vulnerabilities 5. Debian update for xfree86 6. Gentoo update for lesstif 7. Debian update for lesstif 8. Gentoo update for cyrus-sasl 9. Debian update for sox 10. Gentoo update for ncompress 11. BNC IRC Proxy Backspace User Identity Spoofing Vulnerability 12. Slackware update for rsync 13. Yeemp Spoofed Sender File Transfer Vulnerability 14. Unarj Directory Traversal Vulnerability 15. Fedora update for squid 16. UnixWare update for CUPS 17. Squid "asn_parse_header()" Function Denial of Service Vulnerability 18. Debian update for mysql 19. Debian update for cyrus-sasl 20. Gentoo update for ed 21. Gentoo update for gettext 22. GNU gettext Insecure Temporary File Creation Vulnerability 23. Fedora update for cyrus-sasl 24. Gentoo update for cups 25. Red Hat update for cyrus-sasl 26. Mandrake update for cyrus-sasl 27. renattach "pipe" Potential Shell Command Injection Security Issue 28. phpMyAdmin Unspecified Arbitrary Command ExecutionVulnerability 29. ZanfiCmsLite "index.php" Arbitrary File Inclusion Vulnerability 30. Cyrus SASL Library Buffer Overflow and "SASL_PATH" Privilege Escalation 31. Adobe Acrobat / Adobe Reader Disclosure of Sensitive Information 32. The ASN.1 Compiler Unspecified Security Issues 33. Turbo Traffic Trader Nitro Cross-Site Scripting and SQL Injection 34. Wordpress "wp-login.php" HTTP Response Splitting Vulnerability 35. Rippy the Aggregator Unspecified Filter Dependence Security Issue 36. RealNetworks Helix Universal Server Denial of Service Vulnerability 37. CubeCart "cat_id" SQL Injection Vulnerability 38. Apache2 mod_ssl SSLCipherSuite Security Bypass 39. CJOverkill "trade.php" Cross-Site Scripting Vulnerabilities 40. MySQL Two Vulnerabilities October 12th 2004 13 issues handled (SF) 1. Mozilla Firefox DATA URI File Deletion Vulnerability 2. Debian GNU/Linux Telnetd Invalid Memory Handling Vulnerabili... 3. Roaring Penguin PPPoE Arbitrary File Overwrite Vulnerability 4. Macromedia ColdFusion MX Template Handling Privilege Escalat... 5. DistCC Access Control Bypass Vulnerability 6. IBM DB2 Multiple Critical Remote Vulnerabilities 7. Jetty Directory Traversal Vulnerability 8. Macromedia ColdFusion MX Remote File Content Disclosure Vuln... 9. Invision Power Board Referer Cross-Site Scripting Vulnerabil... 10. RealOne Player and RealPlayer Multiple Unspecified Remote Vu... 11. MySQL MaxDB WebDBM Server Name Denial of Service Vulnerabili... 12. Cyrus SASL Multiple Remote And Local Vulnerabilities 13. Nathaniel Bray Yeemp File Transfer Public Key Verification B... October 8th 2004 18 issues handled over 9 distros (LAW) netkit-telnet rp-pppoe libapache-mod-dav net-acct cups syscons sharutils netpbm PHP samba kernel kdelibs XFree86 getmail zlib mozilla mod_php4 squid October 5th 2004 29 issues handled (SF) 1. Multiple Vendor TCP Packet Fragmentation Handling Denial Of... 2. MySQL Bounded Parameter Statement Execution Remote Buffer Ov... 3. Debian GNU/Linux Sendmail Package Default SASL Password Vuln... 4. IBM CTSTRTCASD Utility Local File Corruption Vulnerability 5. Illustrate dBpowerAMP Music Converter and Audio Player Buffe... 6. XMLStarlet Command Line XML Toolkit Multiple Unspecified Buf... 7. Icecast Server HTTP Header Buffer Overflow Vulnerability 8. ParaChat Directory Traversal Vulnerability 9. Freenet6 Client Default Installation Configuration File Perm... 10. Samba Remote Arbitrary File Access Vulnerability 11. GNU GetText Unspecified Insecure Temporary File Creation Vul... 12. W-Agora Multiple Remote Input Validation Vulnerabilities 13. GhostScript Unspecified Insecure Temporary File Creation Vul... 14. GNU GLibC Unspecified Insecure Temporary File Creation Vulne... 15. GNU Troff (Groff) Unspecified Insecure Temporary File Creati... 16. GNU GZip Unspecified Insecure Temporary File Creation Vulner... 17. MIT Kerberos 5 Unspecified Insecure Temporary File Creation... 18. Trustix LVM Utilities Unspecified Insecure Temporary File Cr... 19. MySQL Unspecified Insecure Temporary File Creation Vulnerabi... 20. NetaTalk Unspecified Insecure Temporary File Creation Vulner... 21. OpenSSL Unspecified Insecure Temporary File Creation Vulnera... 22. Perl Unspecified Insecure Temporary File Creation Vulnerabil... 23. PostgreSQL Unspecified Insecure Temporary File Creation Vuln... 24. GNU Sharutils Multiple Buffer Overflow Vulnerabilities 25. Proxytunnel Local Proxy Credential Disclosure Vulnerability 26. Kerio MailServer Unspecified Vulnerability 27. RealNetworks RealOne Player And RealPlayer Unspecified Web P... 28. RealNetworks RealOne Player And RealPlayer Unspecified File... 29. RealNetworks RealOne Player And RealPlayer PNen3260.DLL |
October 5th 2004 (SF)
Security Focus
1. Multiple Vendor TCP Packet Fragmentation Handling Denial Of ... BugTraq ID: 11258 Remote: Yes Date Published: Sep 27 2004 Relevant URL: http://www.securityfocus.com/bid/11258 Summary: Multiple vendor implementations of the TCP stack are reported prone to a remote denial of service vulnerability. The issue is reported to present itself due to inefficiencies present when handling fragmented TCP packets. The discoverer of this issue has dubbed the attack style the "New Dawn attack", it is a variation of a previously reported attack that was named the "Rose Attack". This vulnerability may aid a remote attacker in impacting resources on an affected computer. Specifically, a remote attacker may exploit this vulnerability to deny service to a vulnerable computer. Microsoft Windows 2000/XP, Linux kernel 2.4 tree and undisclosed Cisco systems are reported prone to this vulnerability other products may also be affected. 2. MySQL Bounded Parameter Statement Execution Remote Buffer Ov... BugTraq ID: 11261 Remote: Yes Date Published: Sep 27 2004 Relevant URL: http://www.securityfocus.com/bid/11261 Summary: It is reported that MySQL is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly ensure the size of a buffer is sufficient to handle user-supplied input data before performing operations that may overflow into adjacent memory regions. This vulnerability reportedly allows for remote attackers to crash affected servers. It is unconfirmed, but there may be a possibility of remote code execution in the context of the affected server. It would likely require a complex exploit, in order to take advantage of overwriting memory contents with NULL bytes. Attackers may be able to take advantage of the structured, predictable nature of the memory operations in order to control the flow of execution of the application. MySQL versions 4.1.3-beta and 4.1.4 are reported vulnerable, but other versions are also likely affected. 3. Debian GNU/Linux Sendmail Package Default SASL Password Vuln... BugTraq ID: 11262 Remote: Yes Date Published: Sep 27 2004 Relevant URL: http://www.securityfocus.com/bid/11262 Summary: It is reported that the Sendmail package contained in the Debian GNU/Linux operating system is prone to a default password vulnerability, potentially allowing unauthorized use of the Sendmail MTA. This would likely facilitate UCE (Unsolicited Commercial Email, or SPAM) message relaying through affected installations. Versions of the Debian Sendmail packages prior to 8.12.3-7.1 for Debian stable (woody), and versions prior to 8.13.1-13 for Debian unstable (sid) are reported vulnerable. 4. IBM CTSTRTCASD Utility Local File Corruption Vulnerability BugTraq ID: 11264 Remote: No Date Published: Sep 27 2004 Relevant URL: http://www.securityfocus.com/bid/11264 Summary: It is reported that IBMs 'ctstrtcasd' utility is susceptible to a local file corruption vulnerability. This issue is due to a failure of the application to properly validate the permissions of the invoking user before overwriting a file specified by the user. This utility is setuid to the superuser, allowing for the overwriting of any file on affected computers, or the creation of files in any location. As this vulnerability allows attackers to overwrite arbitrary files with superuser privileges, attackers have the ability to destroy data, or cause the computer to fail in such a manner that it will have to be reinstalled from backups. This will deny service to legitimate users. RSCT versions 2.3.0.0 and higher running on AIX 5.2 and 5.3 on pSeries, AIX on i5/OS (iSeries), Linux (pSeries, xSeries, zSeries), and pSeries/iSeries Hardware Management Console are reported vulnerable. 5. Illustrate dBpowerAMP Music Converter and Audio Player Buffe... BugTraq ID: 11266 Remote: Yes Date Published: Sep 28 2004 Relevant URL: http://www.securityfocus.com/bid/11266 Summary: dBpowerAMP Music Converter and Audio Player reported prone to remote buffer overflow vulnerabilities when processing malformed audio and playlist files. This issues exists due to insufficient boundary checks performed by the applications and may allow an attacker to gain unauthorized access to a vulnerable computer. Reportedly, these issues affect dBPowerAmp Music Converter 10.0 and Audio Player 2.0. Other versions may be vulnerable as well. 6. XMLStarlet Command Line XML Toolkit Multiple Unspecified Buf... BugTraq ID: 11270 Remote: Yes Date Published: Sep 28 2004 Relevant URL: http://www.securityfocus.com/bid/11270 Summary: XMLStarlet command line XML toolkit is affected by multiple unspecified buffer overflow vulnerabilities. These issues are caused by a failure of the application to validate the lengths of user-supplied strings prior to copying them into finite process buffers. An attacker may leverage this issue to manipulate process memory, potentially facilitating arbitrary code execution. 7. Icecast Server HTTP Header Buffer Overflow Vulnerability BugTraq ID: 11271 Remote: Yes Date Published: Sep 28 2004 Relevant URL: http://www.securityfocus.com/bid/11271 Summary: It is reported that the Icecast server is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly enforce boundary conditions when dealing with user-supplied input data. This vulnerability allows for remote code execution in the context of the Icecast server. It is reported that this vulnerability is only exploitable to execute remote code on Microsoft Windows platforms. This buffer overflow affects all platforms, however it is only exploitable if a sensitive address is located adjacent to the affected buffer. On other platforms, denial of service or code execution may be possible, but this has not been confirmed. Verions 2.x up to 2.0.1 are reported vulnerable to this issue. 8. ParaChat Directory Traversal Vulnerability BugTraq ID: 11272 Remote: Yes Date Published: Sep 28 2004 Relevant URL: http://www.securityfocus.com/bid/11272 Summary: It is reported that ParaChat is susceptible to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data. This vulnerability allows remote attackers to retrieve the contents of arbitrary, potentially sensitive files located on the serving computer with the credentials of the ParaChat server process. Version 5.5 is reported susceptible to this vulnerability. Other versions may also be affected. 9. Freenet6 Client Default Installation Configuration File Perm... BugTraq ID: 11280 Remote: No Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11280 Summary: Freenet6 is affected by a default install configuration file permission vulnerability. This issue is due to a default configuration error.. An attacker may leverage this issue to steal authentication information from the configuration file that is by default set as world readable. 10. Samba Remote Arbitrary File Access Vulnerability BugTraq ID: 11281 Remote: Yes Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11281 Summary: Samba is affected by a remote arbitrary file access vulnerability. This issue is due to a failure of the application to properly validate user-supplied file names. An attacker may leverage this issue to gain access to files outside of a Samba share's path on a vulnerable computer. Information gained in this way may reveal sensitive information aiding in further attacker against the computer. 11. GNU GetText Unspecified Insecure Temporary File Creation Vul... BugTraq ID: 11282 Remote: No Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11282 Summary: GNU gettext is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. 12. W-Agora Multiple Remote Input Validation Vulnerabilities BugTraq ID: 11283 Remote: Yes Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11283 Summary: Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks. These issues were identified in W-Agora 4.1.6a, however, it is possible that other versions are also affected. 13. GhostScript Unspecified Insecure Temporary File Creation Vul... BugTraq ID: 11285 Remote: No Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11285 Summary: Ghostscript is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. 14. GNU GLibC Unspecified Insecure Temporary File Creation Vulne... BugTraq ID: 11286 Remote: No Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11286 Summary: GNU glibc is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. 15. GNU Troff (Groff) Unspecified Insecure Temporary File Creati... BugTraq ID: 11287 Remote: No Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11287 Summary: GNU Troff (groff) is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. 16. GNU GZip Unspecified Insecure Temporary File Creation Vulner... BugTraq ID: 11288 Remote: No Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11288 Summary: GNU gzip is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. 17. MIT Kerberos 5 Unspecified Insecure Temporary File Creation ... BugTraq ID: 11289 Remote: No Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11289 Summary: MIT Kerberos 5 is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. 18. Trustix LVM Utilities Unspecified Insecure Temporary File Cr... BugTraq ID: 11290 Remote: No Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11290 Summary: Trustix LVM Utilities are affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify a files existence before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. 19. MySQL Unspecified Insecure Temporary File Creation Vulnerabi... BugTraq ID: 11291 Remote: No Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11291 Summary: MySQL is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. 20. NetaTalk Unspecified Insecure Temporary File Creation Vulner... BugTraq ID: 11292 Remote: No Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11292 Summary: Netatalk is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. 21. OpenSSL Unspecified Insecure Temporary File Creation Vulnera... BugTraq ID: 11293 Remote: No Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11293 Summary: OpenSSL is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. 22. Perl Unspecified Insecure Temporary File Creation Vulnerabil... BugTraq ID: 11294 Remote: No Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11294 Summary: Perl is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. 23. PostgreSQL Unspecified Insecure Temporary File Creation Vuln... BugTraq ID: 11295 Remote: No Date Published: Sep 30 2004 Relevant URL: http://www.securityfocus.com/bid/11295 Summary: PostgreSQL is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation. 24. GNU Sharutils Multiple Buffer Overflow Vulnerabilities BugTraq ID: 11298 Remote: Yes Date Published: Oct 01 2004 Relevant URL: http://www.securityfocus.com/bid/11298 Summary: GNU Sharutils are affected by multiple buffer overflow] vulnerabilities. These issues are due to a failure of the affected application to verify the length of user-supplied strings prior to copying them into finite process buffers. Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with the privileges of the user that invoked the vulnerable application. 25. Proxytunnel Local Proxy Credential Disclosure Vulnerability BugTraq ID: 11299 Remote: No Date Published: Oct 01 2004 Relevant URL: http://www.securityfocus.com/bid/11299 Summary: A vulnerability exists in proxytunnel that has the potential to expose proxy credentials to other local users. Reportedly proxyuser/proxypass data is not passed to the program in a secure manner, potentially exposing this data to other users on the computer. 26. Kerio MailServer Unspecified Vulnerability BugTraq ID: 11300 Remote: Yes Date Published: Oct 01 2004 Relevant URL: http://www.securityfocus.com/bid/11300 Summary: Kerio MailServer version 6.0.3 has been released. This release addresses a potential security vulnerability in the Kerio MailServer application. The cause and impact of this issue is currently unknown, however this BID will be updated as more information becomes available. All versions of Kerio MailServer prior to 6.0.3 are considered vulnerable. 27. RealNetworks RealOne Player And RealPlayer Unspecified Web P... BugTraq ID: 11307 Remote: Yes Date Published: Sep 29 2004 Relevant URL: http://www.securityfocus.com/bid/11307 Summary: RealOne Player and RealPlayer are affected by an unspecified vulnerability. This issue may reportedly be exploited by a malicious Web page to execute arbitrary code in the context of the software. This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID. 28. RealNetworks RealOne Player And RealPlayer Unspecified File ... BugTraq ID: 11308 Remote: Yes Date Published: Sep 29 2004 Relevant URL: http://www.securityfocus.com/bid/11308 Summary: RealPlayer and RealOne Player are prone to a vulnerability that may allow an attacker to delete files on the client computer. The attacker must know the path to the file that is targeted. This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID. 29. RealNetworks RealOne Player And RealPlayer PNen3260.DLL Remo... BugTraq ID: 11309 Remote: Yes Date Published: Sep 29 2004 Relevant URL: http://www.securityfocus.com/bid/11309 Summary: RealPlayer and RealOne Player are prone to a remote integer overflow vulnerability. It is reported that the vulnerability exists in the 'pnen3260.dll' linked library of both RealPlayer and RealOne Player for Microsoft Windows, Linux, and Mac OS platforms. The 'pnen3260.dll' library is responsible for processing real-media '.rm' files The overflow will cause the corruption of heap-based memory management structures. Ultimately this may permit an attacker to write to an arbitrary location in the memory of the active process and in doing so control execution flow. A remote attacker may therefore exploit this vulnerability to execute arbitrary attacker-supplied instructions in the context of a user that is running a vulnerable version of the software. This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID. |
October 8th 2004 (LAW)
Linux Advisory Watch
Distribution: Debian 10/2/2004 - netkit-telnet invalid free(3) Michal Zalewski discovered a bug in the netkit-telnet server (telnetd) whereby a remote attacker could cause the telnetd process to free an invalid pointer. http://www.linuxsecurity.com/advisor...sory-4886.html 10/4/2004 - rp-pppoe, pppoe missing privilegue dropping Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root (which is not the case in a default Debian installation), an attacker could overwrite any file on the file system. http://www.linuxsecurity.com/advisor...sory-4887.html 10/6/2004 - libapache-mod-dav potential denial of service Julian Reschke reported a problem in mod_dav of Apache 2 in connection with a NULL pointer dereference. When running in a threaded model, especially with Apache 2, a segmentation fault can take out a whole process and hence create a denial of service for the whole server. http://www.linuxsecurity.com/advisor...sory-4910.html 10/6/2004 - net-acct insecure temporary file creation Stefan Nordhausen has identified a local security hole in net-acct, a user-mode IP accounting daemon. Old and redundant code from some time way back in the past created a temporary file in an insecure fashion. http://www.linuxsecurity.com/advisor...sory-4913.html Distribution: Fedora 10/5/2004 - cups-1.1.20-11.4 Update This update fixes an information leakage problem when printing to SMB shares requiring authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0923 to this issue. http://www.linuxsecurity.com/advisor...sory-4908.html Distribution: FreeBSD 10/4/2004 - syscons Boundary checking errors in syscons The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of its input arguments. In particular, negative coordinates or large coordinates may cause unexpected behavior. http://www.linuxsecurity.com/advisor...sory-4904.html Distribution: Gentoo 10/1/2004 - sharutils Buffer overflows sharutils contains two buffer overflow vulnerabilities that could lead to arbitrary code execution. http://www.linuxsecurity.com/advisor...sory-4883.html 10/4/2004 - netpbm Multiple temporary file issues Utilities included in old Netpbm versions are vulnerable to multiple temporary files issues, potentially allowing a local attacker to overwrite files with the rights of the user running the utility. http://www.linuxsecurity.com/advisor...sory-4898.html 10/5/2004 - NetKit-telnetd buffer overflows in telnet and telnetd and kdebase security issues Buffer overflows exist in the telnet client and daemon provided by netkit-telnetd, which could possibly allow a remote attacker to gain root privileges and compromise the system. http://www.linuxsecurity.com/advisor...sory-4909.html 10/5/2004 - PHP Memory disclosure and arbitrary location file upload Two bugs in PHP may allow the disclosure of portions of memory and allow remote attackers to upload files to arbitrary locations. http://www.linuxsecurity.com/advisor...sory-4911.html Distribution: Mandrake 10/1/2004 - samba fix vulnerability Karol Wiesek discovered a bug in the input validation routines used to convert DOS path names to path names on the Samba host's file system. This bug can be exploited to gain access to files outside of the share's path as defined in the smb.conf configuration file. http://www.linuxsecurity.com/advisor...sory-4888.html 10/5/2004 - kernel various enhancements New kernels are available for Mandrakelinux 10.0 that fix a few bugs and/or adds enhancements. http://www.linuxsecurity.com/advisor...sory-4906.html Distribution: RedHat 10/4/2004 - kdelibs and kdebase security issues Updated kdelib and kdebase packages that resolve multiple security issues are now available. http://www.linuxsecurity.com/advisor...sory-4899.html 10/4/2004 - samba security issue Updated samba packages that fix an input validation vulnerability are now available. http://www.linuxsecurity.com/advisor...sory-4901.html 10/4/2004 - XFree86 security issues and bugs Updated XFree86 packages that fix several security flaws in libXpm, as well as other bugs, are now available for Red Hat Enterprise Linux 3. http://www.linuxsecurity.com/advisor...sory-4900.html 10/6/2004 - XFree86 security issues and bugs Updated XFree86 packages that fix several security issues in libXpm, as well as other bug fixes, are now available for Red Hat Enterprise Linux 2.1. http://www.linuxsecurity.com/advisor...sory-4914.html Distribution: Slackware 10/4/2004 - getmail security issue New getmail packages are available for Slackware 9.1, 10.0 and -current to fix a security issue. If getmail is used as root to deliver to user owned files or directories, it can be made to overwrite system files. http://www.linuxsecurity.com/advisor...sory-4902.html 10/4/2004 - zlib DoS New zlib packages are available for Slackware 10.0 and -current to fix a possible denial of service security issue. http://www.linuxsecurity.com/advisor...sory-4903.html Distribution: SuSE 10/5/2004 - samba remote file disclosure The Samba server, which allows to share files and resources via the SMB/CIFS protocol, contains a bug in the sanitation code of path names which allows remote attackers to access files outside of the defined share. http://www.linuxsecurity.com/advisor...sory-4907.html 10/6/2004 - mozilla various vulnerabilities During the last months a number of security problems have been fixed in Mozilla and Mozilla based brwosers. http://www.linuxsecurity.com/advisor...sory-4912.html Distribution: Trustix 10/1/2004 - samba access files outside of defined path A security vulnerability has been located in Samba 2.2.x <=2.2.11 and Samba 3.0.x <= 3.0.5. A remote attacker may be able to gain access to files which exist outside of the share's defined path. http://www.linuxsecurity.com/advisor...sory-4884.html 10/1/2004 - mod_php4, hwdata bugfix update access files outside of defined path This update contains bug fixes and additional features for mod_php4 and hwdata. http://www.linuxsecurity.com/advisor...sory-4885.html Distribution: Turbolinux 10/5/2004 - squid DoS vulnerability A vulnerability in the NTLM helpers in squid. The vulnerabilities allow remote attackers to cause a denial of service of sauid server services. http://www.linuxsecurity.com/advisor...sory-4905.html |
October 12th 2004 (SF)
Security Focus
1. Mozilla Firefox DATA URI File Deletion Vulnerability BugTraq ID: 11311 Remote: Yes Date Published: Oct 02 2004 Relevant URL: http://www.securityfocus.com/bid/11311 Summary: It is reported that Mozilla Firefox is susceptible to a file deletion vulnerability. This vulnerability allows attackers that can lure unsuspecting users to view malicious HTML or script code to cause the recursive deletion of the victim users configured download directory. They can achieve this by crafting malicious web pages containing either HTML or script code that utilizes the 'data:' URI scheme. This vulnerability is reported to exist in Mozilla Firefox in versions prior to 0.10.1. 2. Debian GNU/Linux Telnetd Invalid Memory Handling Vulnerabili... BugTraq ID: 11313 Remote: Yes Date Published: Oct 03 2004 Relevant URL: http://www.securityfocus.com/bid/11313 Summary: Telnetd as provided by Debian/GNU Linux is reported susceptible to an invalid memory handling vulnerability. This issue is due to a failure of the application to ensure that memory buffers are properly allocated and deallocated. It is conjectured that attackers may potentially leverage this vulnerability to execute code in the context of the telnetd process. Debian GNU/Linux runs the process as the unprivileged "telnetd' user by default. Versions of telnetd prior to 0.17-18woody1 for the stable branch, and 0.17-26 for the unstable branch are reported to be affected by this vulnerability. 3. Roaring Penguin PPPoE Arbitrary File Overwrite Vulnerability BugTraq ID: 11315 Remote: No Date Published: Oct 04 2004 Relevant URL: http://www.securityfocus.com/bid/11315 Summary: Roaring Penguin PPPoE is vulnerable to a local arbitrary file overwrite vulnerability. This issue is due to a failure of the affected driver to properly validate the existence of temporary files prior to writing to them. An attacker may exploit this vulnerability to overwrite any file on the affected computer if the setuid superuser bit is set privileges. It should be noted that this application is not installed with the setuid bit set by default. 4. Macromedia ColdFusion MX Template Handling Privilege Escalat... BugTraq ID: 11316 Remote: Yes Date Published: Oct 04 2004 Relevant URL: http://www.securityfocus.com/bid/11316 Summary: Reportedly Macromedia ColdFusion MX is affected by privilege escalation vulnerability when handling templates. This issue is due to an access validation error that allows a user to perform actions with administrator privileges. An attacker may exploit this issue to gain administrative privileges on a computer running the vulnerable application. 5. DistCC Access Control Bypass Vulnerability BugTraq ID: 11319 Remote: Yes Date Published: Oct 04 2004 Relevant URL: http://www.securityfocus.com/bid/11319 Summary: It is reported that the distcc access controls may malfunction under certain circumstances. This may result in access controls not being enforced. A remote attacker may potentially exploit this vulnerability to gain access to the affected distcc service regardless of access control rules that are set in place. This vulnerability is addressed in distcc 2.16. 6. IBM DB2 Multiple Critical Remote Vulnerabilities BugTraq ID: 11327 Remote: Yes Date Published: Oct 05 2004 Relevant URL: http://www.securityfocus.com/bid/11327 Summary: The reported vulnerabilities include 20 remote vulnerabilities, most of which are buffer overflows. All of these issues are apparently of 'critical' severity. Details about any of the vulnerabilities are not known at this time. This BID will be updated and split into individual BIDs as further information becomes available. 7. Jetty Directory Traversal Vulnerability BugTraq ID: 11330 Remote: Yes Date Published: Oct 05 2004 Relevant URL: http://www.securityfocus.com/bid/11330 Summary: It is reported that Jetty is susceptible to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize HTTP request URIs. This vulnerability allows remote attackers to retrieve the contents of arbitrary, potentially sensitive files located on the serving computer with the credentials of the affected process. It is unclear at this time exactly which versions of Jetty are affected by this vulnerability. This BID will be updated as further information is disclosed. This vulnerability may be related to BID 4360. 8. Macromedia ColdFusion MX Remote File Content Disclosure Vuln... BugTraq ID: 11331 Remote: Yes Date Published: Oct 05 2004 Relevant URL: http://www.securityfocus.com/bid/11331 Summary: Macromedia ColdFusion MX is affected by a remote file content disclosure vulnerability. This vulnerability is caused by access validation issue that allows an attacker to bypass protections to reveal the contents of files. It should be noted that this issue does not reveal directory contents, therefore attackers must have prior knowledge of target files. An attacker may leverage this issue to read the contents of files contained under the webroot directory that are readable by the ColdFusion process on the affected computer; affectively bypassing access restrictions set in the IIS management system. 9. Invision Power Board Referer Cross-Site Scripting Vulnerabil... BugTraq ID: 11332 Remote: Yes Date Published: Oct 05 2004 Relevant URL: http://www.securityfocus.com/bid/11332 Summary: Reportedly Invision Power Board is affected by a remote cross-site scripting vulnerability. This issue is due to a failure of the application to validate or sanitize user supplied input prior to including it in dynamic Web content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the vulnerable application, facilitating the theft of cookie-based authentication credentials as well as other attacks. 10. RealOne Player and RealPlayer Multiple Unspecified Remote Vu... BugTraq ID: 11335 Remote: Yes Date Published: Oct 06 2004 Relevant URL: http://www.securityfocus.com/bid/11335 Summary: NGSSoftware have reported that multiple buffer overflow and unauthorized file access vulnerabilities exist in RealOne and RealPlayer. Details about these vulnerabilities have been withheld until a later date, but it appears that some of the issues may overlap with existing BIDs 11307 and 11308. There also appears to be other vulnerabilities that are not covered in these two BIDs. Real Networks have reportedly released fixes for all of the issues. 11. MySQL MaxDB WebDBM Server Name Denial of Service Vulnerabili... BugTraq ID: 11346 Remote: Yes Date Published: Oct 07 2004 Relevant URL: http://www.securityfocus.com/bid/11346 Summary: A remotely exploitable denial of service vulnerability exists in MaxDB. The cause of this condition is an input validation error that is exposed when an internal function in the WebDBM handles a client-supplied 'Server' name in an HTTP request that includes specific values. This will reportedly trigger an exception due to an assert directive failing, resulting in a denial of service condition in the web agent. This issue was reportedly tested on Windows and Linux versions. Other versions could also be affected. 12. Cyrus SASL Multiple Remote And Local Vulnerabilities BugTraq ID: 11347 Remote: Yes Date Published: Oct 07 2004 Relevant URL: http://www.securityfocus.com/bid/11347 Summary: Cyrus SASL is affected by multiple critical vulnerabilities that may be remotely exploitable. The first issue is due to a boundary condition error, the second issue is due to a failure of the application to properly handle environment variables. Information currently available regarding these issues is insufficient to provide a more detailed analysis. This BID will be updated and split into separate BIDs when more information becomes available. An attacker can leverage the boundary condition issue to exploit arbitrary code on the affected computer. The impact of the environment variable issue is currently unknown. 13. Nathaniel Bray Yeemp File Transfer Public Key Verification B... BugTraq ID: 11353 Remote: Yes Date Published: Oct 08 2004 Relevant URL: http://www.securityfocus.com/bid/11353 Summary: It is reported that Yeemp does not properly verify public keys when a file is transferred. Yeemp clients are assigned public keys and Yeemp uses public keys to authenticate users and encrypt messages. Reportedly, the application does not verify keys on incoming files. Due to this, remote attackers are able to spoof sender information and send potentially malicious files to users. Yeemp versions 0.9.9 and earlier are affected by this issue. |
October 14th 2004 (SN)
Secunia
1. Debian update for mpg123 Critical: Highly critical Where: From remote Impact: System access Released: 2004-10-13 Debian has issued an update for mpg123. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12820/ 2. ocPortal "index.php" Arbitrary File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-10-13 Exoduks has reported a vulnerability in ocPortal, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12811/ 3. UnixWare update for libpng Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2004-10-13 SCO has issued an update for libpng. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12810/ 4. Sun Solaris libXpm Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2004-10-11 Sun has acknowledged some vulnerabilities in Solaris, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12782/ 5. Debian update for xfree86 Critical: Highly critical Where: From remote Impact: System access Released: 2004-10-11 Debian has issued an update for XFree86. This fixes multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12781/ 6. Gentoo update for lesstif Critical: Highly critical Where: From remote Impact: System access Released: 2004-10-11 Gentoo has issued an update for lesstif. This fixes multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12777/ 7. Debian update for lesstif Critical: Highly critical Where: From remote Impact: System access Released: 2004-10-08 Debian has issued an update for lesstif. This fixes multiple vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12763/ 8. Gentoo update for cyrus-sasl Critical: Highly critical Where: From remote Impact: Privilege escalation, System access Released: 2004-10-08 Gentoo has issued an update for cyrus-sasl. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system and by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12762/ 9. Debian update for sox Critical: Moderately critical Where: From remote Impact: System access Released: 2004-10-13 Debian has issued an update for SoX. This fixes two vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12819/ 10. Gentoo update for ncompress Critical: Moderately critical Where: From remote Impact: System access Released: 2004-10-11 Gentoo has issued an update for ncompress. This fixes an old vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12779/ 11. BNC IRC Proxy Backspace User Identity Spoofing Vulnerability Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2004-10-09 Yak has reported a vulnerability in BNC IRC proxy, which can be exploited by malicious users to spoof their identity. Full Advisory: http://secunia.com/advisories/12770/ 12. Slackware update for rsync Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2004-10-12 Slackware has issued an update for rsync. This fixes a vulnerability, which potentially can be exploited by malicious users to read or write arbitrary files on a vulnerable system. Full Advisory: http://secunia.com/advisories/12797/ 13. Yeemp Spoofed Sender File Transfer Vulnerability Critical: Less critical Where: From remote Impact: Spoofing Released: 2004-10-12 A vulnerability has been reported in Yeemp, which can be exploited by malicious people to spoof their identity. Full Advisory: http://secunia.com/advisories/12795/ 14. Unarj Directory Traversal Vulnerability Critical: Less critical Where: From remote Impact: System access Released: 2004-10-12 Doubles has reported a vulnerability in Unarj, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/12788/ 15. Fedora update for squid Critical: Less critical Where: From local network Impact: DoS Released: 2004-10-13 Fedora has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12821/ 16. UnixWare update for CUPS Critical: Less critical Where: From local network Impact: DoS Released: 2004-10-13 SCO has issued an update for CUPS. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12812/ 17. Squid "asn_parse_header()" Function Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2004-10-12 A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12791/ 18. Debian update for mysql Critical: Less critical Where: From local network Impact: Security Bypass, DoS, System access Released: 2004-10-11 Debian has issued an update for mysql. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise the system. Full Advisory: http://secunia.com/advisories/12784/ 19. Debian update for cyrus-sasl Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-10-12 Debian has issued an update for cyrus-sasl. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12798/ 20. Gentoo update for ed Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-10-11 Gentoo has issued an update for ed. This fixes an old vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/12780/ 21. Gentoo update for gettext Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-10-11 Gentoo has issued an update for gettext. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/12775/ 22. GNU gettext Insecure Temporary File Creation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-10-11 A vulnerability has been reported in gettext, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/12774/ 23. Fedora update for cyrus-sasl Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-10-09 Fedora has issued an update for cyrus-sasl. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12771/ 24. Gentoo update for cups Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2004-10-09 Gentoo has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/12768/ 25. Red Hat update for cyrus-sasl Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-10-08 Red Hat has issued an update for cyrus-sasl. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12767/ 26. Mandrake update for cyrus-sasl Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2004-10-08 MandrakeSoft has issued an update for cyrus-sasl. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12761/ 27. renattach "pipe" Potential Shell Command Injection Security Issue Critical: Not critical Where: From remote Impact: Unknown Released: 2004-10-11 A security issue has been reported in renattach, which has an unknown impact, but potentially could allow execution of arbitrary commands. Full Advisory: http://secunia.com/advisories/12778/ 28. phpMyAdmin Unspecified Arbitrary Command Execution Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-10-13 A vulnerability has been reported in phpMyAdmin, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12813/ 29. ZanfiCmsLite "index.php" Arbitrary File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2004-10-12 Cracklove has reported a vulnerability in ZanfiCmsLite, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/12792/ 30. Cyrus SASL Library Buffer Overflow and "SASL_PATH" Privilege Escalation Critical: Highly critical Where: From remote Impact: Privilege escalation, System access Released: 2004-10-08 Two vulnerabilities have been reported in Cyrus SASL library, which can be exploited by malicious people to compromise a vulnerable system and by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/12760/ 31. Adobe Acrobat / Adobe Reader Disclosure of Sensitive Information Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2004-10-13 Jelmer has discovered a vulnerability in Adobe Acrobat and Adobe Reader, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/12809/ 32. The ASN.1 Compiler Unspecified Security Issues Critical: Moderately critical Where: From remote Impact: Unknown Released: 2004-10-12 Two security issues with unknown impacts have been reported in The ASN.1 Compiler. Full Advisory: http://secunia.com/advisories/12794/ 33. Turbo Traffic Trader Nitro Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2004-10-11 aCiDBiTS has reported some vulnerabilities in Turbo Traffic Trader Nitro, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/12785/ 34. Wordpress "wp-login.php" HTTP Response Splitting Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2004-10-11 Chaotic Evil has reported a vulnerability in Wordpress, which can be exploited by malicious people to conduct script insertion and cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/12773/ 35. Rippy the Aggregator Unspecified Filter Dependence Security Issue Critical: Moderately critical Where: From remote Impact: Unknown Released: 2004-10-09 A security issue with an unknown impact has been reported in Rippy the Aggregator. Full Advisory: http://secunia.com/advisories/12769/ 36. RealNetworks Helix Universal Server Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2004-10-08 A vulnerability has been reported in Helix Universal Server, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12766/ 37. CubeCart "cat_id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2004-10-08 Pedro Sanches has reported a vulnerability in CubeCart, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/12764/ 38. Apache2 mod_ssl SSLCipherSuite Security Bypass Critical: Less critical Where: From remote Impact: Security Bypass Released: 2004-10-11 A security issue has been reported in Apache2, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/12787/ 39. CJOverkill "trade.php" Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2004-10-11 aCiDBiTS has reported some vulnerabilities in CJOverkill, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/12786/ 40. MySQL Two Vulnerabilities Critical: Less critical Where: From local network Impact: Security Bypass, DoS Released: 2004-10-11 Two vulnerabilities have been reported in MySQL, which can be exploited by malicious users to bypass certain security restrictions or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/12783/ |
October 15th 2004 (LAW)
Linux Advisory Watch
Distribution: Conectiva 10/14/2004 - cups denial of service vulnerability fix Alvaro Martinez Echevarria found a vulnerability[2] in the CUPS Internet Printing Protocol (IPP) implementation that allows remote attackers to make CUPS stop listening on the IPP port by sending an empty UDP datagram packet to the IPP port, causing a denial of service situation. http://www.linuxsecurity.com/advisor...sory-4948.html 10/14/2004 - samba vulnerabilities fix This announcement fixes two denial of service vulnerabilities via certain malformed requests[2] and via a SAM_UAS_CHANGE request with a big length value[3] when domain logons are enabled. http://www.linuxsecurity.com/advisor...sory-4949.html Distribution: Debian 10/10/2004 - python2.2 buffer overflow and restore functionality fix vulnerabilities fix This security advisory corrects DSA 458-2 which caused a problem in the gethostbyaddr routine. http://www.linuxsecurity.com/advisor...sory-4917.html 10/11/2004 - mysql several vulnerabilities fix Severl problems have been discovered in MySQL, a commonly used SQL database on Unix servers. http://www.linuxsecurity.com/advisor...sory-4931.html 10/12/2004 - cyrus-sasl arbitrary code execution fix several vulnerabilities fix A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. http://www.linuxsecurity.com/advisor...sory-4936.html 10/12/2004 - cyrus-sasl arbitrary code execution real fix several vulnerabilities fix This advisory corrects DSA 563-1 which contained a library that caused other programs to fail unindented. http://www.linuxsecurity.com/advisor...sory-4937.html 10/13/2004 - mpg123 arbitrary code exceution fix Davide Del Vecchio discovered a vulnerability mpg123, a popular (but non-free) MPEG layer 1/2/3 audio player. A malicious MPEG layer 2/3 file could cause the header checks in mpg123 to fail, which could in turn allow arbitrary code to be executed with the privileges of the user running mpg123. http://www.linuxsecurity.com/advisor...sory-4941.html 10/13/2004 - sox buffer overflow fix Ulf Harnhammar has reported two vulnerabilities in SoX, a universal sound sample translator, which may be exploited by malicious people to compromise a user's system with a specially crafted .wav file. http://www.linuxsecurity.com/advisor...sory-4942.html 10/14/2004 - cyrus-sasl arbitrary code execution fix buffer overflow fix This advisory is an addition to DSA 563-1 and 563-2 which weren't able to supersede the library on sparc and arm due to a different version number for them in the stable archive. http://www.linuxsecurity.com/advisor...sory-4950.html 10/14/2004 - CUPS information leak fix An information leak has been detected in CUPS, the Common UNIX Printing System, which may lead to the disclosure of sensitive information, such as user names and passwords which are written into log files. http://www.linuxsecurity.com/advisor...sory-4952.html Distribution: Fedora 10/11/2004 - squid-2.5.STABLE5-4.fc2.1 update information leak fix This update fixes a potential DoS against squid that was reported by Secunia. http://www.linuxsecurity.com/advisor...sory-4920.html 10/8/2004 - cyrus-sasl-2.1.18-2.2 update information leak fix In situations where an untrusted local user can affect the environment of a privileged process, this behavior could be exploited to run arbitrary code with the privileges of a setuid or setgid application. http://www.linuxsecurity.com/advisor...sory-4922.html 10/11/2004 - pcmcia-cs-3.2.7-1.8.2.1 update information leak fix This update fixes a few problems in the PCMCIA init script. http://www.linuxsecurity.com/advisor...sory-4933.html 10/11/2004 - gimp-2.0.5-0.fc2.1 update information leak fix The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for webpages. http://www.linuxsecurity.com/advisor...sory-4934.html 10/12/2004 - tzdata-2004e-1.fc2 update information leak fix This package contains data files with rules for various timezones around the world. http://www.linuxsecurity.com/advisor...sory-4940.html 10/13/2004 - libuser-0.52.5-0.FC2.1 update information leak fix This update fixes many bugs, mostly in the LDAP backend and the Python bindings. http://www.linuxsecurity.com/advisor...sory-4944.html 10/13/2004 - squid-2.5.STABLE5-4.fc2.2 update information leak fix Backport fix for CAN-2004-0918 (Remote Denial of Service attack) http://www.linuxsecurity.com/advisor...sory-4945.html 10/13/2004 - system-config-users-1.2.25-0.fc2.1 update information leak fix when renaming users, ensure that groups forget about the old user name (#135280) http://www.linuxsecurity.com/advisor...sory-4946.html 10/14/2004 - k3b-0.11.14-0.FC2.2 version string parsing fix information leak fix K3b provides a comfortable user interface to perform most CD/DVD burning tasks. While the experienced user can take influence in all steps of the burning process the beginner may find comfort in the automatic settings and the reasonable k3b defaults which allow a quick start. http://www.linuxsecurity.com/advisor...sory-4951.html 10/14/2004 - gimp-2.0.5-0.fc2.2 update information leak fix This update fixes the bug that catches the wrong values of bpp in the BMP plugin. http://www.linuxsecurity.com/advisor...sory-4953.html 10/14/2004 - libtiff-3.5.7-20.2 update information leak fix Chris Evans discovered a number of integer overflow bugs that affect libtiff. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. http://www.linuxsecurity.com/advisor...sory-4954.html 10/14/2004 - w3m-0.5.1-3.1 update information leak fix The w3m program is a pager (or text file viewer) that can also be used as a text-mode Web browser. http://www.linuxsecurity.com/advisor...sory-4955.html 10/14/2004 - ruby-1.8.1-6 update information leak fix A security fix [CAN-2004-0755]. ruby-1.8.1-cgi_session_perms.patch: sets the permission of the session data file to 0600. (#130063) http://www.linuxsecurity.com/advisor...sory-4956.html Distribution: Gentoo 10/9/2004 - CUPS Leakage of sensitive information CUPS leaks information about user names and passwords when using remote printing to SMB-shared printers which require authentication. http://www.linuxsecurity.com/advisor...sory-4926.html 10/9/2004 - Ed Insecure temporary file handling The ed utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite or change rights on arbitrary files with the rights of the user running ed, which could be the root user. http://www.linuxsecurity.com/advisor...sory-4927.html 10/9/2004 - ncompress Buffer overflow compress and uncompress, which could be used by daemon programs, contain a buffer overflow that could lead to remote execution of arbitrary code with the rights of the daemon process. http://www.linuxsecurity.com/advisor...sory-4928.html 10/9/2004 - LessTif Integer and stack overflows in libXpm Multiple vulnerabilities have been discovered in libXpm, which is included in LessTif, that can potentially lead to remote code execution. http://www.linuxsecurity.com/advisor...sory-4929.html 10/10/2004 - gettext Insecure temporary file handling The gettext utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite or change permissions on arbitrary files with the rights of the user running gettext, which could be the root user. http://www.linuxsecurity.com/advisor...sory-4930.html 10/11/2004 - xfree86 integer and stack overflows Chris Evans discovered several stack and integer overflows in the libXpm library which is provided by X.Org, XFree86 and LessTif. http://www.linuxsecurity.com/advisor...sory-4932.html 10/13/2004 - tiff Buffer overflows in image decoding Multiple heap-based overflows have been found in the tiff library image decoding routines, potentially allowing to execute arbitrary code with the rights of the user viewing a malicious image. http://www.linuxsecurity.com/advisor...sory-4943.html 10/14/2004 - wordpress HTTP response splitting and XSS vulnerabilities WordPress contains HTTP response splitting and cross-site scripting vulnerabilities. http://www.linuxsecurity.com/advisor...sory-4947.html 10/15/2004 - BNC Input validation flaw BNC contains an input validation flaw which might allow a remote attacker to issue arbitrary IRC related commands. http://www.linuxsecurity.com/advisor...sory-4957.html Distribution: Other 10/12/2004 - CUPS before 1.1.21 allows remote attackers to cause a denial of service The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service via a certain UDP packet to the IPP port. http://www.linuxsecurity.com/advisor...sory-4938.html 10/12/2004 - libpng Multiple Vulnerabilities Several vulnerabilities exist in the libpng library, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. http://www.linuxsecurity.com/advisor...sory-4939.html Distribution: Slackware 10/12/2004 - rsync security update New rsync 2.6.3 packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to a fix security issue when rsync is run as a non-chrooted server. http://www.linuxsecurity.com/advisor...sory-4935.html Distribution: Trustix 10/8/2004 - cyrus-sasl Insecure handling of environment variable security update Kurt Lieber reported that libsasl honors the environment variable SASL_PATH blindly, allowing a local user to compile a "library" locally that is executed with the EID of SASL. http://www.linuxsecurity.com/advisor...sory-4919.html |
All times are GMT -5. The time now is 09:32 AM. |