LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   LQ Security Report - October 17th 2004 (https://www.linuxquestions.org/questions/linux-security-4/lq-security-report-october-17th-2004-a-243999/)

Capt_Caveman 10-17-2004 10:15 PM

LQ Security Report - October 17th 2004
 
October 15th 2004
26 issues handled over 7 distros (LAW)
cups
samba
python2.2
mysql
cyrus-sasl arbitrary code execution fix
mpg123
sox
squid
pcmcia-cs
gimp
tzdata
libuser
system-config-users
k3b
libtiff
ruby
Ed
ncompress
LessTif
gettext
xfree86
tiff
wordpress
BNC
libpng
rsync


October 14th 2004
40 issues handled (SN)
1. Debian update for mpg123
2. ocPortal "index.php" Arbitrary File Inclusion Vulnerability
3. UnixWare update for libpng
4. Sun Solaris libXpm Vulnerabilities
5. Debian update for xfree86
6. Gentoo update for lesstif
7. Debian update for lesstif
8. Gentoo update for cyrus-sasl
9. Debian update for sox
10. Gentoo update for ncompress
11. BNC IRC Proxy Backspace User Identity Spoofing Vulnerability
12. Slackware update for rsync
13. Yeemp Spoofed Sender File Transfer Vulnerability
14. Unarj Directory Traversal Vulnerability
15. Fedora update for squid
16. UnixWare update for CUPS
17. Squid "asn_parse_header()" Function Denial of Service Vulnerability
18. Debian update for mysql
19. Debian update for cyrus-sasl
20. Gentoo update for ed
21. Gentoo update for gettext
22. GNU gettext Insecure Temporary File Creation Vulnerability
23. Fedora update for cyrus-sasl
24. Gentoo update for cups
25. Red Hat update for cyrus-sasl
26. Mandrake update for cyrus-sasl
27. renattach "pipe" Potential Shell Command Injection Security Issue
28. phpMyAdmin Unspecified Arbitrary Command ExecutionVulnerability
29. ZanfiCmsLite "index.php" Arbitrary File Inclusion Vulnerability
30. Cyrus SASL Library Buffer Overflow and "SASL_PATH" Privilege Escalation
31. Adobe Acrobat / Adobe Reader Disclosure of Sensitive Information
32. The ASN.1 Compiler Unspecified Security Issues
33. Turbo Traffic Trader Nitro Cross-Site Scripting and SQL Injection
34. Wordpress "wp-login.php" HTTP Response Splitting Vulnerability
35. Rippy the Aggregator Unspecified Filter Dependence Security Issue
36. RealNetworks Helix Universal Server Denial of Service Vulnerability
37. CubeCart "cat_id" SQL Injection Vulnerability
38. Apache2 mod_ssl SSLCipherSuite Security Bypass
39. CJOverkill "trade.php" Cross-Site Scripting Vulnerabilities
40. MySQL Two Vulnerabilities


October 12th 2004
13 issues handled (SF)
1. Mozilla Firefox DATA URI File Deletion Vulnerability
2. Debian GNU/Linux Telnetd Invalid Memory Handling Vulnerabili...
3. Roaring Penguin PPPoE Arbitrary File Overwrite Vulnerability
4. Macromedia ColdFusion MX Template Handling Privilege Escalat...
5. DistCC Access Control Bypass Vulnerability
6. IBM DB2 Multiple Critical Remote Vulnerabilities
7. Jetty Directory Traversal Vulnerability
8. Macromedia ColdFusion MX Remote File Content Disclosure Vuln...
9. Invision Power Board Referer Cross-Site Scripting Vulnerabil...
10. RealOne Player and RealPlayer Multiple Unspecified Remote Vu...
11. MySQL MaxDB WebDBM Server Name Denial of Service Vulnerabili...
12. Cyrus SASL Multiple Remote And Local Vulnerabilities
13. Nathaniel Bray Yeemp File Transfer Public Key Verification B...


October 8th 2004
18 issues handled over 9 distros (LAW)
netkit-telnet
rp-pppoe
libapache-mod-dav
net-acct
cups
syscons
sharutils
netpbm
PHP
samba
kernel
kdelibs
XFree86
getmail
zlib
mozilla
mod_php4
squid


October 5th 2004
29 issues handled (SF)
1. Multiple Vendor TCP Packet Fragmentation Handling Denial Of...
2. MySQL Bounded Parameter Statement Execution Remote Buffer Ov...
3. Debian GNU/Linux Sendmail Package Default SASL Password Vuln...
4. IBM CTSTRTCASD Utility Local File Corruption Vulnerability
5. Illustrate dBpowerAMP Music Converter and Audio Player Buffe...
6. XMLStarlet Command Line XML Toolkit Multiple Unspecified Buf...
7. Icecast Server HTTP Header Buffer Overflow Vulnerability
8. ParaChat Directory Traversal Vulnerability
9. Freenet6 Client Default Installation Configuration File Perm...
10. Samba Remote Arbitrary File Access Vulnerability
11. GNU GetText Unspecified Insecure Temporary File Creation Vul...
12. W-Agora Multiple Remote Input Validation Vulnerabilities
13. GhostScript Unspecified Insecure Temporary File Creation Vul...
14. GNU GLibC Unspecified Insecure Temporary File Creation Vulne...
15. GNU Troff (Groff) Unspecified Insecure Temporary File Creati...
16. GNU GZip Unspecified Insecure Temporary File Creation Vulner...
17. MIT Kerberos 5 Unspecified Insecure Temporary File Creation...
18. Trustix LVM Utilities Unspecified Insecure Temporary File Cr...
19. MySQL Unspecified Insecure Temporary File Creation Vulnerabi...
20. NetaTalk Unspecified Insecure Temporary File Creation Vulner...
21. OpenSSL Unspecified Insecure Temporary File Creation Vulnera...
22. Perl Unspecified Insecure Temporary File Creation Vulnerabil...
23. PostgreSQL Unspecified Insecure Temporary File Creation Vuln...
24. GNU Sharutils Multiple Buffer Overflow Vulnerabilities
25. Proxytunnel Local Proxy Credential Disclosure Vulnerability
26. Kerio MailServer Unspecified Vulnerability
27. RealNetworks RealOne Player And RealPlayer Unspecified Web P...
28. RealNetworks RealOne Player And RealPlayer Unspecified File...
29. RealNetworks RealOne Player And RealPlayer PNen3260.DLL

Capt_Caveman 10-17-2004 10:42 PM

October 5th 2004 (SF)
 
Security Focus

1. Multiple Vendor TCP Packet Fragmentation Handling Denial Of ...
BugTraq ID: 11258
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11258
Summary:
Multiple vendor implementations of the TCP stack are reported prone to a remote denial of service vulnerability. The issue is reported to present itself due to inefficiencies present when handling fragmented TCP packets. The discoverer of this issue has dubbed the attack style the "New Dawn attack", it is a variation of a previously reported attack that was named the "Rose Attack". This vulnerability may aid a remote attacker in impacting resources on an affected computer. Specifically, a remote attacker may exploit this vulnerability to deny service to a vulnerable computer. Microsoft Windows 2000/XP, Linux kernel 2.4 tree and undisclosed Cisco systems are reported prone to this vulnerability other products may also be affected.

2. MySQL Bounded Parameter Statement Execution Remote Buffer Ov...
BugTraq ID: 11261
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11261
Summary:
It is reported that MySQL is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly ensure the size of a buffer is sufficient to handle user-supplied input data before performing operations that may overflow into adjacent memory regions. This vulnerability reportedly allows for remote attackers to crash affected servers. It is unconfirmed, but there may be a possibility of remote code execution in the context of the affected server. It would likely require a complex exploit, in order to take advantage of overwriting memory contents with NULL bytes. Attackers may be able to take advantage of the structured, predictable nature of the memory operations in order to control the flow of execution of the application. MySQL versions 4.1.3-beta and 4.1.4 are reported vulnerable, but other versions are also likely affected.

3. Debian GNU/Linux Sendmail Package Default SASL Password Vuln...
BugTraq ID: 11262
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11262
Summary:
It is reported that the Sendmail package contained in the Debian GNU/Linux operating system is prone to a default password vulnerability, potentially allowing unauthorized use of the Sendmail MTA. This would likely facilitate UCE (Unsolicited Commercial Email, or SPAM) message relaying through affected installations. Versions of the Debian Sendmail packages prior to 8.12.3-7.1 for Debian stable (woody), and versions prior to 8.13.1-13 for Debian unstable (sid) are reported vulnerable.

4. IBM CTSTRTCASD Utility Local File Corruption Vulnerability
BugTraq ID: 11264
Remote: No
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11264
Summary:
It is reported that IBMs 'ctstrtcasd' utility is susceptible to a local file corruption vulnerability. This issue is due to a failure of the application to properly validate the permissions of the invoking user before overwriting a file specified by the user. This utility is setuid to the superuser, allowing for the overwriting of any file on affected computers, or the creation of files in any location. As this vulnerability allows attackers to overwrite arbitrary files with superuser privileges, attackers have the ability to destroy data, or cause the computer to fail in such a manner that it will have to be reinstalled from backups. This will deny service to legitimate users. RSCT versions 2.3.0.0 and higher running on AIX 5.2 and 5.3 on pSeries, AIX on i5/OS (iSeries), Linux (pSeries, xSeries, zSeries), and pSeries/iSeries Hardware Management Console are reported vulnerable.

5. Illustrate dBpowerAMP Music Converter and Audio Player Buffe...
BugTraq ID: 11266
Remote: Yes
Date Published: Sep 28 2004
Relevant URL: http://www.securityfocus.com/bid/11266
Summary:
dBpowerAMP Music Converter and Audio Player reported prone to remote buffer overflow vulnerabilities when processing malformed audio and playlist files. This issues exists due to insufficient boundary checks performed by the applications and may allow an attacker to gain unauthorized access to a vulnerable computer. Reportedly, these issues affect dBPowerAmp Music Converter 10.0 and Audio Player 2.0. Other versions may be vulnerable as well.

6. XMLStarlet Command Line XML Toolkit Multiple Unspecified Buf...
BugTraq ID: 11270
Remote: Yes
Date Published: Sep 28 2004
Relevant URL: http://www.securityfocus.com/bid/11270
Summary:
XMLStarlet command line XML toolkit is affected by multiple unspecified buffer overflow vulnerabilities. These issues are caused by a failure of the application to validate the lengths of user-supplied strings prior to copying them into finite process buffers. An attacker may leverage this issue to manipulate process memory, potentially facilitating arbitrary code execution.

7. Icecast Server HTTP Header Buffer Overflow Vulnerability
BugTraq ID: 11271
Remote: Yes
Date Published: Sep 28 2004
Relevant URL: http://www.securityfocus.com/bid/11271
Summary:
It is reported that the Icecast server is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly enforce boundary conditions when dealing with user-supplied input data. This vulnerability allows for remote code execution in the context of the Icecast server. It is reported that this vulnerability is only exploitable to execute remote code on Microsoft Windows platforms. This buffer overflow affects all platforms, however it is only exploitable if a sensitive address is located adjacent to the affected buffer. On other platforms, denial of service or code execution may be possible, but this has not been confirmed. Verions 2.x up to 2.0.1 are reported vulnerable to this issue.

8. ParaChat Directory Traversal Vulnerability
BugTraq ID: 11272
Remote: Yes
Date Published: Sep 28 2004
Relevant URL: http://www.securityfocus.com/bid/11272
Summary:
It is reported that ParaChat is susceptible to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data. This vulnerability allows remote attackers to retrieve the contents of arbitrary, potentially sensitive files located on the serving computer with the credentials of the ParaChat server process. Version 5.5 is reported susceptible to this vulnerability. Other versions may also be affected.

9. Freenet6 Client Default Installation Configuration File Perm...
BugTraq ID: 11280
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11280
Summary:
Freenet6 is affected by a default install configuration file permission vulnerability. This issue is due to a default configuration error.. An attacker may leverage this issue to steal authentication information from the configuration file that is by default set as world readable.

10. Samba Remote Arbitrary File Access Vulnerability
BugTraq ID: 11281
Remote: Yes
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11281
Summary:
Samba is affected by a remote arbitrary file access vulnerability. This issue is due to a failure of the application to properly validate user-supplied file names. An attacker may leverage this issue to gain access to files outside of a Samba share's path on a vulnerable computer. Information gained in this way may reveal sensitive information aiding in further attacker against the computer.

11. GNU GetText Unspecified Insecure Temporary File Creation Vul...
BugTraq ID: 11282
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11282
Summary:
GNU gettext is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.

12. W-Agora Multiple Remote Input Validation Vulnerabilities
BugTraq ID: 11283
Remote: Yes
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11283
Summary:
Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, and HTTP response splitting attacks. These issues were identified in W-Agora 4.1.6a, however, it is possible that other versions are also affected.

13. GhostScript Unspecified Insecure Temporary File Creation Vul...
BugTraq ID: 11285
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11285
Summary:
Ghostscript is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with
the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.

14. GNU GLibC Unspecified Insecure Temporary File Creation Vulne...
BugTraq ID: 11286
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11286
Summary:
GNU glibc is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.

15. GNU Troff (Groff) Unspecified Insecure Temporary File Creati...
BugTraq ID: 11287
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11287
Summary:
GNU Troff (groff) is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.

16. GNU GZip Unspecified Insecure Temporary File Creation Vulner...
BugTraq ID: 11288
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11288
Summary:
GNU gzip is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.

17. MIT Kerberos 5 Unspecified Insecure Temporary File Creation ...
BugTraq ID: 11289
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11289
Summary:
MIT Kerberos 5 is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.

18. Trustix LVM Utilities Unspecified Insecure Temporary File Cr...
BugTraq ID: 11290
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11290
Summary:
Trustix LVM Utilities are affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify a files existence before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.

19. MySQL Unspecified Insecure Temporary File Creation Vulnerabi...
BugTraq ID: 11291
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11291
Summary:
MySQL is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.

20. NetaTalk Unspecified Insecure Temporary File Creation Vulner...
BugTraq ID: 11292
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11292
Summary:
Netatalk is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.

21. OpenSSL Unspecified Insecure Temporary File Creation Vulnera...
BugTraq ID: 11293
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11293
Summary:
OpenSSL is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.

22. Perl Unspecified Insecure Temporary File Creation Vulnerabil...
BugTraq ID: 11294
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11294
Summary:
Perl is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.

23. PostgreSQL Unspecified Insecure Temporary File Creation Vuln...
BugTraq ID: 11295
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11295
Summary:
PostgreSQL is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.

24. GNU Sharutils Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 11298
Remote: Yes
Date Published: Oct 01 2004
Relevant URL: http://www.securityfocus.com/bid/11298
Summary:
GNU Sharutils are affected by multiple buffer overflow] vulnerabilities. These issues are due to a failure of the affected application to verify the length of user-supplied strings prior to copying them into finite process buffers. Successful exploitation would immediately produce a denial of service condition in the affected process. This issue may also be leveraged to execute code on the affected system with the privileges of the user that invoked the vulnerable application.

25. Proxytunnel Local Proxy Credential Disclosure Vulnerability
BugTraq ID: 11299
Remote: No
Date Published: Oct 01 2004
Relevant URL: http://www.securityfocus.com/bid/11299
Summary:
A vulnerability exists in proxytunnel that has the potential to expose proxy credentials to other local users. Reportedly proxyuser/proxypass data is not passed to the program in a secure manner, potentially exposing this data to other users on the computer.

26. Kerio MailServer Unspecified Vulnerability
BugTraq ID: 11300
Remote: Yes
Date Published: Oct 01 2004
Relevant URL: http://www.securityfocus.com/bid/11300
Summary:
Kerio MailServer version 6.0.3 has been released. This release addresses a potential security vulnerability in the Kerio MailServer application. The cause and impact of this issue is currently unknown, however this BID will be updated as more information becomes available. All versions of Kerio MailServer prior to 6.0.3 are considered vulnerable.

27. RealNetworks RealOne Player And RealPlayer Unspecified Web P...
BugTraq ID: 11307
Remote: Yes
Date Published: Sep 29 2004
Relevant URL: http://www.securityfocus.com/bid/11307
Summary:
RealOne Player and RealPlayer are affected by an unspecified vulnerability. This issue may reportedly be exploited by a malicious Web page to execute arbitrary code in the context of the software. This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID.

28. RealNetworks RealOne Player And RealPlayer Unspecified File ...
BugTraq ID: 11308
Remote: Yes
Date Published: Sep 29 2004
Relevant URL: http://www.securityfocus.com/bid/11308
Summary:
RealPlayer and RealOne Player are prone to a vulnerability that may allow an attacker to delete files on the client computer. The attacker must know the path to the file that is targeted. This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID.

29. RealNetworks RealOne Player And RealPlayer PNen3260.DLL Remo...
BugTraq ID: 11309
Remote: Yes
Date Published: Sep 29 2004
Relevant URL: http://www.securityfocus.com/bid/11309
Summary:
RealPlayer and RealOne Player are prone to a remote integer overflow vulnerability. It is reported that the vulnerability exists in the 'pnen3260.dll' linked library of both RealPlayer and RealOne Player for Microsoft Windows, Linux, and Mac OS platforms. The 'pnen3260.dll' library is responsible for processing real-media '.rm' files The overflow will cause the corruption of heap-based memory management structures. Ultimately this may permit an attacker to write to an arbitrary location in the memory of the active process and in doing so control execution flow. A remote attacker may therefore exploit this vulnerability to execute arbitrary attacker-supplied instructions in the context of a user that is running a vulnerable version of the software. This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID.

Capt_Caveman 10-17-2004 10:46 PM

October 8th 2004 (LAW)
 
Linux Advisory Watch

Distribution: Debian

10/2/2004 - netkit-telnet invalid free(3)
Michal Zalewski discovered a bug in the netkit-telnet server
(telnetd) whereby a remote attacker could cause the telnetd
process to free an invalid pointer.
http://www.linuxsecurity.com/advisor...sory-4886.html

10/4/2004 - rp-pppoe, pppoe missing privilegue dropping
Max Vozeler discovered a vulnerability in pppoe, the PPP over
Ethernet driver from Roaring Penguin. When the program is running
setuid root (which is not the case in a default Debian
installation), an attacker could overwrite any file on the file
system.
http://www.linuxsecurity.com/advisor...sory-4887.html

10/6/2004 - libapache-mod-dav potential denial of service
Julian Reschke reported a problem in mod_dav of Apache 2 in
connection with a NULL pointer dereference. When running in a
threaded model, especially with Apache 2, a segmentation fault can
take out a whole process and hence create a denial of service for
the whole server.
http://www.linuxsecurity.com/advisor...sory-4910.html

10/6/2004 - net-acct insecure temporary file creation
Stefan Nordhausen has identified a local security hole in
net-acct, a user-mode IP accounting daemon. Old and redundant code
from some time way back in the past created a temporary file in an
insecure fashion.
http://www.linuxsecurity.com/advisor...sory-4913.html


Distribution: Fedora

10/5/2004 - cups-1.1.20-11.4 Update
This update fixes an information leakage problem when printing to
SMB shares requiring authentication. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0923 to this issue.
http://www.linuxsecurity.com/advisor...sory-4908.html


Distribution: FreeBSD

10/4/2004 - syscons
Boundary checking errors in syscons
The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of
its input arguments. In particular, negative coordinates or large
coordinates may cause unexpected behavior.
http://www.linuxsecurity.com/advisor...sory-4904.html


Distribution: Gentoo

10/1/2004 - sharutils
Buffer overflows
sharutils contains two buffer overflow vulnerabilities that could
lead to arbitrary code execution.
http://www.linuxsecurity.com/advisor...sory-4883.html

10/4/2004 - netpbm
Multiple temporary file issues
Utilities included in old Netpbm versions are vulnerable to
multiple temporary files issues, potentially allowing a local
attacker to overwrite files with the rights of the user running
the utility.
http://www.linuxsecurity.com/advisor...sory-4898.html

10/5/2004 - NetKit-telnetd buffer overflows in telnet and telnetd
and kdebase security issues
Buffer overflows exist in the telnet client and daemon provided by
netkit-telnetd, which could possibly allow a remote attacker to
gain root privileges and compromise the system.
http://www.linuxsecurity.com/advisor...sory-4909.html

10/5/2004 - PHP
Memory disclosure and arbitrary location file upload
Two bugs in PHP may allow the disclosure of portions of memory and
allow remote attackers to upload files to arbitrary locations.
http://www.linuxsecurity.com/advisor...sory-4911.html


Distribution: Mandrake

10/1/2004 - samba
fix vulnerability
Karol Wiesek discovered a bug in the input validation routines
used to convert DOS path names to path names on the Samba host's
file system. This bug can be exploited to gain access to files
outside of the share's path as defined in the smb.conf
configuration file.
http://www.linuxsecurity.com/advisor...sory-4888.html

10/5/2004 - kernel
various enhancements
New kernels are available for Mandrakelinux 10.0 that fix a few
bugs and/or adds enhancements.
http://www.linuxsecurity.com/advisor...sory-4906.html


Distribution: RedHat

10/4/2004 - kdelibs
and kdebase security issues
Updated kdelib and kdebase packages that resolve multiple security
issues are now available.
http://www.linuxsecurity.com/advisor...sory-4899.html

10/4/2004 - samba
security issue
Updated samba packages that fix an input validation vulnerability
are now available.
http://www.linuxsecurity.com/advisor...sory-4901.html

10/4/2004 - XFree86
security issues and bugs
Updated XFree86 packages that fix several security flaws in
libXpm, as well as other bugs, are now available for Red Hat
Enterprise Linux 3.
http://www.linuxsecurity.com/advisor...sory-4900.html

10/6/2004 - XFree86
security issues and bugs
Updated XFree86 packages that fix several security issues in
libXpm, as well as other bug fixes, are now available for Red Hat
Enterprise Linux 2.1.
http://www.linuxsecurity.com/advisor...sory-4914.html


Distribution: Slackware

10/4/2004 - getmail
security issue
New getmail packages are available for Slackware 9.1, 10.0 and
-current to fix a security issue. If getmail is used as root to
deliver to user owned files or directories, it can be made to
overwrite system files.
http://www.linuxsecurity.com/advisor...sory-4902.html

10/4/2004 - zlib
DoS
New zlib packages are available for Slackware 10.0 and -current to
fix a possible denial of service security issue.
http://www.linuxsecurity.com/advisor...sory-4903.html


Distribution: SuSE

10/5/2004 - samba
remote file disclosure
The Samba server, which allows to share files and resources via
the SMB/CIFS protocol, contains a bug in the sanitation code of
path names which allows remote attackers to access files outside
of the defined share.
http://www.linuxsecurity.com/advisor...sory-4907.html

10/6/2004 - mozilla
various vulnerabilities
During the last months a number of security problems have been
fixed in Mozilla and Mozilla based brwosers.
http://www.linuxsecurity.com/advisor...sory-4912.html


Distribution: Trustix

10/1/2004 - samba
access files outside of defined path
A security vulnerability has been located in Samba 2.2.x <=2.2.11
and Samba 3.0.x <= 3.0.5. A remote attacker may be able to gain
access to files which exist outside of the share's defined path.
http://www.linuxsecurity.com/advisor...sory-4884.html

10/1/2004 - mod_php4, hwdata bugfix update
access files outside of defined path
This update contains bug fixes and additional features for
mod_php4 and hwdata.
http://www.linuxsecurity.com/advisor...sory-4885.html


Distribution: Turbolinux

10/5/2004 - squid
DoS vulnerability
A vulnerability in the NTLM helpers in squid. The vulnerabilities
allow remote attackers to cause a denial of service of sauid
server services.
http://www.linuxsecurity.com/advisor...sory-4905.html

Capt_Caveman 10-17-2004 10:57 PM

October 12th 2004 (SF)
 
Security Focus

1. Mozilla Firefox DATA URI File Deletion Vulnerability
BugTraq ID: 11311
Remote: Yes
Date Published: Oct 02 2004
Relevant URL: http://www.securityfocus.com/bid/11311
Summary:
It is reported that Mozilla Firefox is susceptible to a file deletion vulnerability. This vulnerability allows attackers that can lure unsuspecting users to view malicious HTML or script code to cause the recursive deletion of the victim users configured download directory. They can achieve this by crafting malicious web pages containing either HTML or script code that utilizes the 'data:' URI scheme. This vulnerability is reported to exist in Mozilla Firefox in versions prior to 0.10.1.

2. Debian GNU/Linux Telnetd Invalid Memory Handling Vulnerabili...
BugTraq ID: 11313
Remote: Yes
Date Published: Oct 03 2004
Relevant URL: http://www.securityfocus.com/bid/11313
Summary:
Telnetd as provided by Debian/GNU Linux is reported susceptible to an invalid memory handling vulnerability. This issue is due to a failure of the application to ensure that memory buffers are properly allocated and deallocated. It is conjectured that attackers may potentially leverage this vulnerability to execute code in the context of the telnetd process. Debian GNU/Linux runs the process as the unprivileged "telnetd' user by default. Versions of telnetd prior to 0.17-18woody1 for the stable branch, and 0.17-26 for the unstable branch are reported to be affected by this vulnerability.

3. Roaring Penguin PPPoE Arbitrary File Overwrite Vulnerability
BugTraq ID: 11315
Remote: No
Date Published: Oct 04 2004
Relevant URL: http://www.securityfocus.com/bid/11315
Summary:
Roaring Penguin PPPoE is vulnerable to a local arbitrary file overwrite vulnerability. This issue is due to a failure of the affected driver to properly validate the existence of temporary files prior to writing to them. An attacker may exploit this vulnerability to overwrite any file on the affected computer if the setuid superuser bit is set privileges. It should be noted that this application is not installed with the setuid bit set by default.

4. Macromedia ColdFusion MX Template Handling Privilege Escalat...
BugTraq ID: 11316
Remote: Yes
Date Published: Oct 04 2004
Relevant URL: http://www.securityfocus.com/bid/11316
Summary:
Reportedly Macromedia ColdFusion MX is affected by privilege escalation vulnerability when handling templates. This issue is due to an access validation error that allows a user to perform actions with administrator privileges. An attacker may exploit this issue to gain administrative privileges on a computer running the vulnerable application.

5. DistCC Access Control Bypass Vulnerability
BugTraq ID: 11319
Remote: Yes
Date Published: Oct 04 2004
Relevant URL: http://www.securityfocus.com/bid/11319
Summary:
It is reported that the distcc access controls may malfunction under certain circumstances. This may result in access controls not being enforced. A remote attacker may potentially exploit this vulnerability to gain access to the affected distcc service regardless of access control rules that are set in place. This vulnerability is addressed in distcc 2.16.

6. IBM DB2 Multiple Critical Remote Vulnerabilities
BugTraq ID: 11327
Remote: Yes
Date Published: Oct 05 2004
Relevant URL: http://www.securityfocus.com/bid/11327
Summary:
The reported vulnerabilities include 20 remote vulnerabilities, most of which are buffer overflows. All of these issues are apparently of 'critical' severity. Details about any of the vulnerabilities are not known at this time. This BID will be updated and split into individual BIDs as further information becomes available.

7. Jetty Directory Traversal Vulnerability
BugTraq ID: 11330
Remote: Yes
Date Published: Oct 05 2004
Relevant URL: http://www.securityfocus.com/bid/11330
Summary:
It is reported that Jetty is susceptible to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize HTTP request URIs. This vulnerability allows remote attackers to retrieve the contents of arbitrary, potentially sensitive files located on the serving computer with the credentials of the affected process. It is unclear at this time exactly which versions of Jetty are affected by this vulnerability. This BID will be updated as further information is disclosed. This vulnerability may be related to BID 4360.

8. Macromedia ColdFusion MX Remote File Content Disclosure Vuln...
BugTraq ID: 11331
Remote: Yes
Date Published: Oct 05 2004
Relevant URL: http://www.securityfocus.com/bid/11331
Summary:
Macromedia ColdFusion MX is affected by a remote file content disclosure vulnerability. This vulnerability is caused by access validation issue that allows an attacker to bypass protections to reveal the contents of files. It should be noted that this issue does not reveal directory contents, therefore attackers must have prior knowledge of target files. An attacker may leverage this issue to read the contents of files contained under the webroot directory that are readable by the ColdFusion process on the affected computer; affectively bypassing access restrictions set in the IIS management system.

9. Invision Power Board Referer Cross-Site Scripting Vulnerabil...
BugTraq ID: 11332
Remote: Yes
Date Published: Oct 05 2004
Relevant URL: http://www.securityfocus.com/bid/11332
Summary:
Reportedly Invision Power Board is affected by a remote cross-site scripting vulnerability. This issue is due to a failure of the application to validate or sanitize user supplied input prior to including it in dynamic Web content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the vulnerable application, facilitating the theft of cookie-based authentication credentials as well as other attacks.

10. RealOne Player and RealPlayer Multiple Unspecified Remote Vu...
BugTraq ID: 11335
Remote: Yes
Date Published: Oct 06 2004
Relevant URL: http://www.securityfocus.com/bid/11335
Summary:
NGSSoftware have reported that multiple buffer overflow and unauthorized file access vulnerabilities exist in RealOne and RealPlayer. Details about these vulnerabilities have been withheld until a later date, but it appears that some of the issues may overlap with existing BIDs 11307 and 11308. There also appears to be other vulnerabilities that are not covered in these two BIDs. Real Networks have reportedly released fixes for all of the issues.

11. MySQL MaxDB WebDBM Server Name Denial of Service Vulnerabili...
BugTraq ID: 11346
Remote: Yes
Date Published: Oct 07 2004
Relevant URL: http://www.securityfocus.com/bid/11346
Summary:
A remotely exploitable denial of service vulnerability exists in MaxDB. The cause of this condition is an input validation error that is exposed when an internal function in the WebDBM handles a client-supplied 'Server' name in an HTTP request that includes specific values. This will reportedly trigger an exception due to an assert directive failing, resulting in a denial of service condition in the web agent. This issue was reportedly tested on Windows and Linux versions. Other versions could also be affected.

12. Cyrus SASL Multiple Remote And Local Vulnerabilities
BugTraq ID: 11347
Remote: Yes
Date Published: Oct 07 2004
Relevant URL: http://www.securityfocus.com/bid/11347
Summary:
Cyrus SASL is affected by multiple critical vulnerabilities that may be remotely exploitable. The first issue is due to a boundary condition error, the second issue is due to a failure of the application to properly handle environment variables. Information currently available regarding these issues is insufficient to provide a more detailed analysis. This BID will be updated and split into separate BIDs when more information becomes available. An attacker can leverage the boundary condition issue to exploit arbitrary code on the affected computer. The impact of the environment variable issue is currently unknown.

13. Nathaniel Bray Yeemp File Transfer Public Key Verification B...
BugTraq ID: 11353
Remote: Yes
Date Published: Oct 08 2004
Relevant URL: http://www.securityfocus.com/bid/11353
Summary:
It is reported that Yeemp does not properly verify public keys when a file is transferred. Yeemp clients are assigned public keys and Yeemp uses public keys to authenticate users and encrypt messages. Reportedly, the application does not verify keys on incoming files. Due to this, remote attackers are able to spoof sender information and send potentially malicious files to users. Yeemp versions 0.9.9 and earlier are affected by this issue.

Capt_Caveman 10-17-2004 11:01 PM

October 14th 2004 (SN)
 
Secunia

1. Debian update for mpg123
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-10-13
Debian has issued an update for mpg123. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/12820/

2. ocPortal "index.php" Arbitrary File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-10-13
Exoduks has reported a vulnerability in ocPortal, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12811/

3. UnixWare update for libpng
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-10-13
SCO has issued an update for libpng. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12810/

4. Sun Solaris libXpm Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-10-11
Sun has acknowledged some vulnerabilities in Solaris, which potentially
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/12782/

5. Debian update for xfree86
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-10-11
Debian has issued an update for XFree86. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious
people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12781/

6. Gentoo update for lesstif
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-10-11
Gentoo has issued an update for lesstif. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious
people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12777/

7. Debian update for lesstif
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-10-08
Debian has issued an update for lesstif. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious
people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12763/

8. Gentoo update for cyrus-sasl
Critical: Highly critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2004-10-08
Gentoo has issued an update for cyrus-sasl. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system and by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/12762/

9. Debian update for sox
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-10-13
Debian has issued an update for SoX. This fixes two vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/12819/

10. Gentoo update for ncompress
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-10-11
Gentoo has issued an update for ncompress. This fixes an old
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12779/

11. BNC IRC Proxy Backspace User Identity Spoofing Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2004-10-09
Yak has reported a vulnerability in BNC IRC proxy, which can be
exploited by malicious users to spoof their identity.
Full Advisory:
http://secunia.com/advisories/12770/

12. Slackware update for rsync
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-10-12
Slackware has issued an update for rsync. This fixes a vulnerability,
which potentially can be exploited by malicious users to read or write
arbitrary files on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12797/

13. Yeemp Spoofed Sender File Transfer Vulnerability
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2004-10-12
A vulnerability has been reported in Yeemp, which can be exploited by
malicious people to spoof their identity.
Full Advisory:
http://secunia.com/advisories/12795/

14. Unarj Directory Traversal Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2004-10-12
Doubles has reported a vulnerability in Unarj, which potentially can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/12788/

15. Fedora update for squid
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-10-13
Fedora has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12821/

16. UnixWare update for CUPS
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-10-13
SCO has issued an update for CUPS. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/12812/

17. Squid "asn_parse_header()" Function Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-10-12
A vulnerability has been reported in Squid, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/12791/

18. Debian update for mysql
Critical: Less critical
Where: From local network
Impact: Security Bypass, DoS, System access
Released: 2004-10-11
Debian has issued an update for mysql. This fixes multiple
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions, cause a DoS (Denial of Service), and
potentially compromise the system.
Full Advisory:
http://secunia.com/advisories/12784/

19. Debian update for cyrus-sasl
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-12
Debian has issued an update for cyrus-sasl. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/12798/

20. Gentoo update for ed
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-11
Gentoo has issued an update for ed. This fixes an old vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/12780/

21. Gentoo update for gettext
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-11
Gentoo has issued an update for gettext. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/12775/

22. GNU gettext Insecure Temporary File Creation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-11
A vulnerability has been reported in gettext, which can be exploited by
malicious, local users to perform certain actions on a vulnerable
system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/12774/

23. Fedora update for cyrus-sasl
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-09
Fedora has issued an update for cyrus-sasl. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/12771/

24. Gentoo update for cups
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2004-10-09
Gentoo has issued an update for cups. This fixes a vulnerability, which
can be exploited by malicious, local users to gain knowledge of
sensitive information.
Full Advisory:
http://secunia.com/advisories/12768/

25. Red Hat update for cyrus-sasl
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-08
Red Hat has issued an update for cyrus-sasl. This fixes a
vulnerability, which can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/12767/

26. Mandrake update for cyrus-sasl
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-10-08
MandrakeSoft has issued an update for cyrus-sasl. This fixes a
vulnerability, which can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/12761/

27. renattach "pipe" Potential Shell Command Injection Security Issue
Critical: Not critical
Where: From remote
Impact: Unknown
Released: 2004-10-11
A security issue has been reported in renattach, which has an unknown
impact, but potentially could allow execution of arbitrary commands.
Full Advisory:
http://secunia.com/advisories/12778/

28. phpMyAdmin Unspecified Arbitrary Command Execution Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-10-13
A vulnerability has been reported in phpMyAdmin, which potentially can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12813/

29. ZanfiCmsLite "index.php" Arbitrary File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-10-12
Cracklove has reported a vulnerability in ZanfiCmsLite, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/12792/

30. Cyrus SASL Library Buffer Overflow and "SASL_PATH" Privilege Escalation
Critical: Highly critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2004-10-08
Two vulnerabilities have been reported in Cyrus SASL library, which can
be exploited by malicious people to compromise a vulnerable system and
by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/12760/

31. Adobe Acrobat / Adobe Reader Disclosure of Sensitive Information
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2004-10-13
Jelmer has discovered a vulnerability in Adobe Acrobat and Adobe
Reader, which can be exploited by malicious people to disclose
sensitive information.
Full Advisory:
http://secunia.com/advisories/12809/

32. The ASN.1 Compiler Unspecified Security Issues
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-10-12
Two security issues with unknown impacts have been reported in The
ASN.1 Compiler.
Full Advisory:
http://secunia.com/advisories/12794/

33. Turbo Traffic Trader Nitro Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2004-10-11
aCiDBiTS has reported some vulnerabilities in Turbo Traffic Trader
Nitro, which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/12785/

34. Wordpress "wp-login.php" HTTP Response Splitting Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-10-11
Chaotic Evil has reported a vulnerability in Wordpress, which can be
exploited by malicious people to conduct script insertion and
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/12773/

35. Rippy the Aggregator Unspecified Filter Dependence Security Issue
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2004-10-09
A security issue with an unknown impact has been reported in Rippy the
Aggregator.
Full Advisory:
http://secunia.com/advisories/12769/

36. RealNetworks Helix Universal Server Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-10-08
A vulnerability has been reported in Helix Universal Server, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/12766/

37. CubeCart "cat_id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2004-10-08
Pedro Sanches has reported a vulnerability in CubeCart, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/12764/

38. Apache2 mod_ssl SSLCipherSuite Security Bypass
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-10-11
A security issue has been reported in Apache2, which can be exploited
by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/12787/

39. CJOverkill "trade.php" Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-10-11
aCiDBiTS has reported some vulnerabilities in CJOverkill, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/12786/

40. MySQL Two Vulnerabilities
Critical: Less critical
Where: From local network
Impact: Security Bypass, DoS
Released: 2004-10-11
Two vulnerabilities have been reported in MySQL, which can be
exploited
by malicious users to bypass certain security restrictions or cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/12783/

Capt_Caveman 10-17-2004 11:04 PM

October 15th 2004 (LAW)
 
Linux Advisory Watch

Distribution: Conectiva

10/14/2004 - cups
denial of service vulnerability fix
Alvaro Martinez Echevarria found a vulnerability[2] in the CUPS
Internet Printing Protocol (IPP) implementation that allows remote
attackers to make CUPS stop listening on the IPP port by sending
an empty UDP datagram packet to the IPP port, causing a denial of
service situation.
http://www.linuxsecurity.com/advisor...sory-4948.html

10/14/2004 - samba
vulnerabilities fix
This announcement fixes two denial of service vulnerabilities via
certain malformed requests[2] and via a SAM_UAS_CHANGE request
with a big length value[3] when domain logons are enabled.
http://www.linuxsecurity.com/advisor...sory-4949.html


Distribution: Debian

10/10/2004 - python2.2
buffer overflow and restore functionality fix vulnerabilities fix
This security advisory corrects DSA 458-2 which caused a problem
in the gethostbyaddr routine.
http://www.linuxsecurity.com/advisor...sory-4917.html

10/11/2004 - mysql
several vulnerabilities fix
Severl problems have been discovered in MySQL, a commonly used SQL
database on Unix servers.
http://www.linuxsecurity.com/advisor...sory-4931.html

10/12/2004 - cyrus-sasl arbitrary code execution fix
several vulnerabilities fix
A vulnerability has been discovered in the Cyrus implementation of
the SASL library, the Simple Authentication and Security Layer, a
method for adding authentication support to connection-based
protocols.
http://www.linuxsecurity.com/advisor...sory-4936.html

10/12/2004 - cyrus-sasl arbitrary code execution real fix
several vulnerabilities fix
This advisory corrects DSA 563-1 which contained a library that
caused other programs to fail unindented.
http://www.linuxsecurity.com/advisor...sory-4937.html

10/13/2004 - mpg123
arbitrary code exceution fix
Davide Del Vecchio discovered a vulnerability mpg123, a popular
(but non-free) MPEG layer 1/2/3 audio player. A malicious MPEG
layer 2/3 file could cause the header checks in mpg123 to fail,
which could in turn allow arbitrary code to be executed with the
privileges of the user running mpg123.
http://www.linuxsecurity.com/advisor...sory-4941.html

10/13/2004 - sox
buffer overflow fix
Ulf Harnhammar has reported two vulnerabilities in SoX, a
universal sound sample translator, which may be exploited by
malicious people to compromise a user's system with a specially
crafted .wav file.
http://www.linuxsecurity.com/advisor...sory-4942.html

10/14/2004 - cyrus-sasl arbitrary code execution fix
buffer overflow fix
This advisory is an addition to DSA 563-1 and 563-2 which weren't
able to supersede the library on sparc and arm due to a different
version number for them in the stable archive.
http://www.linuxsecurity.com/advisor...sory-4950.html

10/14/2004 - CUPS
information leak fix
An information leak has been detected in CUPS, the Common UNIX
Printing System, which may lead to the disclosure of sensitive
information, such as user names and passwords which are written
into log files.
http://www.linuxsecurity.com/advisor...sory-4952.html


Distribution: Fedora

10/11/2004 - squid-2.5.STABLE5-4.fc2.1 update
information leak fix
This update fixes a potential DoS against squid that was reported
by Secunia.
http://www.linuxsecurity.com/advisor...sory-4920.html

10/8/2004 - cyrus-sasl-2.1.18-2.2 update
information leak fix
In situations where an untrusted local user can affect the
environment of a privileged process, this behavior could be
exploited to run arbitrary code with the privileges of a setuid or
setgid application.
http://www.linuxsecurity.com/advisor...sory-4922.html

10/11/2004 - pcmcia-cs-3.2.7-1.8.2.1 update
information leak fix
This update fixes a few problems in the PCMCIA init script.
http://www.linuxsecurity.com/advisor...sory-4933.html

10/11/2004 - gimp-2.0.5-0.fc2.1 update
information leak fix
The GIMP (GNU Image Manipulation Program) is a powerful image
composition and editing program, which can be extremely useful for
creating logos and other graphics for webpages.
http://www.linuxsecurity.com/advisor...sory-4934.html

10/12/2004 - tzdata-2004e-1.fc2 update
information leak fix
This package contains data files with rules for various timezones
around the world.
http://www.linuxsecurity.com/advisor...sory-4940.html

10/13/2004 - libuser-0.52.5-0.FC2.1 update
information leak fix
This update fixes many bugs, mostly in the LDAP backend and the
Python bindings.
http://www.linuxsecurity.com/advisor...sory-4944.html

10/13/2004 - squid-2.5.STABLE5-4.fc2.2 update
information leak fix
Backport fix for CAN-2004-0918 (Remote Denial of Service attack)
http://www.linuxsecurity.com/advisor...sory-4945.html

10/13/2004 - system-config-users-1.2.25-0.fc2.1 update
information leak fix
when renaming users, ensure that groups forget about the old user
name (#135280)
http://www.linuxsecurity.com/advisor...sory-4946.html

10/14/2004 - k3b-0.11.14-0.FC2.2 version string parsing fix
information leak fix
K3b provides a comfortable user interface to perform most CD/DVD
burning tasks. While the experienced user can take influence in
all steps of the burning process the beginner may find comfort in
the automatic settings and the reasonable k3b defaults which allow
a quick start.
http://www.linuxsecurity.com/advisor...sory-4951.html

10/14/2004 - gimp-2.0.5-0.fc2.2 update
information leak fix
This update fixes the bug that catches the wrong values of bpp in
the BMP plugin.
http://www.linuxsecurity.com/advisor...sory-4953.html

10/14/2004 - libtiff-3.5.7-20.2 update
information leak fix
Chris Evans discovered a number of integer overflow bugs that
affect libtiff. An attacker who has the ability to trick a user
into opening a malicious TIFF file could cause the application
linked to libtiff to crash or possibly execute arbitrary code.
http://www.linuxsecurity.com/advisor...sory-4954.html

10/14/2004 - w3m-0.5.1-3.1 update
information leak fix
The w3m program is a pager (or text file viewer) that can also be
used as a text-mode Web browser.
http://www.linuxsecurity.com/advisor...sory-4955.html

10/14/2004 - ruby-1.8.1-6 update
information leak fix
A security fix [CAN-2004-0755].
ruby-1.8.1-cgi_session_perms.patch: sets the permission of the
session data file to 0600. (#130063)
http://www.linuxsecurity.com/advisor...sory-4956.html


Distribution: Gentoo

10/9/2004 - CUPS
Leakage of sensitive information
CUPS leaks information about user names and passwords when using
remote printing to SMB-shared printers which require
authentication.
http://www.linuxsecurity.com/advisor...sory-4926.html

10/9/2004 - Ed
Insecure temporary file handling
The ed utility is vulnerable to symlink attacks, potentially
allowing a local user to overwrite or change rights on arbitrary
files with the rights of the user running ed, which could be the
root user.
http://www.linuxsecurity.com/advisor...sory-4927.html

10/9/2004 - ncompress
Buffer overflow
compress and uncompress, which could be used by daemon programs,
contain a buffer overflow that could lead to remote execution of
arbitrary code with the rights of the daemon process.
http://www.linuxsecurity.com/advisor...sory-4928.html

10/9/2004 - LessTif
Integer and stack overflows in libXpm
Multiple vulnerabilities have been discovered in libXpm, which is
included in LessTif, that can potentially lead to remote code
execution.
http://www.linuxsecurity.com/advisor...sory-4929.html

10/10/2004 - gettext
Insecure temporary file handling
The gettext utility is vulnerable to symlink attacks, potentially
allowing a local user to overwrite or change permissions on
arbitrary files with the rights of the user running gettext, which
could be the root user.
http://www.linuxsecurity.com/advisor...sory-4930.html

10/11/2004 - xfree86
integer and stack overflows
Chris Evans discovered several stack and integer overflows in the
libXpm library which is provided by X.Org, XFree86 and LessTif.
http://www.linuxsecurity.com/advisor...sory-4932.html

10/13/2004 - tiff
Buffer overflows in image decoding
Multiple heap-based overflows have been found in the tiff library
image decoding routines, potentially allowing to execute arbitrary
code with the rights of the user viewing a malicious image.
http://www.linuxsecurity.com/advisor...sory-4943.html

10/14/2004 - wordpress
HTTP response splitting and XSS vulnerabilities
WordPress contains HTTP response splitting and cross-site
scripting vulnerabilities.
http://www.linuxsecurity.com/advisor...sory-4947.html

10/15/2004 - BNC
Input validation flaw
BNC contains an input validation flaw which might allow a remote
attacker to issue arbitrary IRC related commands.
http://www.linuxsecurity.com/advisor...sory-4957.html


Distribution: Other

10/12/2004 - CUPS
before 1.1.21 allows remote attackers to cause a denial of service
The Internet Printing Protocol (IPP) implementation in CUPS before
1.1.21 allows remote attackers to cause a denial of service via a
certain UDP packet to the IPP port.
http://www.linuxsecurity.com/advisor...sory-4938.html

10/12/2004 - libpng
Multiple Vulnerabilities
Several vulnerabilities exist in the libpng library, the most
serious of which could allow a remote attacker to execute
arbitrary code on an affected system.
http://www.linuxsecurity.com/advisor...sory-4939.html


Distribution: Slackware

10/12/2004 - rsync
security update
New rsync 2.6.3 packages are available for Slackware 8.1, 9.0,
9.1, 10.0, and -current to a fix security issue when rsync is run
as a non-chrooted server.
http://www.linuxsecurity.com/advisor...sory-4935.html


Distribution: Trustix

10/8/2004 - cyrus-sasl Insecure handling of environment variable
security update
Kurt Lieber reported that libsasl
honors the environment variable SASL_PATH blindly, allowing a
local user to compile a "library" locally that is executed with
the EID of SASL.
http://www.linuxsecurity.com/advisor...sory-4919.html


All times are GMT -5. The time now is 09:32 AM.