LQ Security Report

unSpawn · 12-11-2004, 05:58 AM

Dec 10th 2004
49 issues handled (LAW)
Debian: hpsockd denial of service fix
Debian: viewcvs information leak fix
Debian: nfs-util denial of service fix
Fedora: cyrus-imapd-2.2.10-3.fc2 update
Fedora: cyrus-imapd-2.2.10-3.fc3 update
Fedora: netatalk-1.6.4-2.2 update
Fedora: netatalk-1.6.4-4 update
Fedora: gaim-1.1.0-0.FC2 update
Fedora: gaim-1.1.0-0.FC3 update
Fedora: rhpl-0.148.1-2 update
Fedora: ttfonts-ja-1.2-36.FC3.0 update
Fedora: mc-4.6.1-0.11FC3 update
Fedora: udev-039-10.FC3.4 update
Fedora: udev-039-10.FC3.5 update
Fedora: gnome-bluetooth-0.5.1-5.FC3.1 update
Fedora: rsh update
Fedora: Omni-0.9.2-1.1 update
Fedora: mysql-3.23.58-9.1 update
Fedora: libpng-1.2.8-1.fc2 update
Fedora: libpng10-1.0.18-1.fc2 update
Fedora: glib2-2.4.8-1.fc2 update
Fedora: gtk2-2.4.14-1.fc2 update
Fedora: libpng10-1.0.18-1.fc3 update
Fedora: libpng-1.2.8-1.fc3 update
Fedora: glib2-2.4.8-1.fc3 update
Fedora: gtk2-2.4.14-1.fc3 update
Fedora: postgresql-odbc-7.3-6.2 update
Fedora: postgresql-odbc-7.3-8.FC3.1 update
Fedora: postgresql-7.4.6-1.FC2.1 update
Fedora: shadow-utils-4.0.3-55 update
Fedora: shadow-utils-4.0.3-56 update
Gentoo: rssh, scponly Unrestricted command execution
Gentoo: PDFlibs Multiple overflows in the included TIFF library
Gentoo: imlib Buffer overflows in image decoding
Gentoo: perl Insecure temporary file creation
Gentoo: mirrorselect Insecure temporary file creation
Mandrake: drakxtools update
Mandrake: dietlibc fix
Mandrake: gzip fix
Mandrake: ImageMagick fix
Mandrake: lvml fix
Mandrake: rp-pppoe fix
Mandrake: nfs-utils fix
Mandrake: openssl fix
Trustix: multiple package bugfixes
Trustix: nfs-util Remote denial of service
Red Hat: ImageMagick security vulnerability fix
SuSE: cyrus-imapd remote command execution
TurboLinux: samba, cups vulnerabilities

Dec 9th 2004
39 issues handled (SN)
Red Hat update for ImageMagick
SUSE Updates for Multiple Packages
Mandrake update for ImageMagick
Gentoo update for imlib
Imlib Image Decoding Integer Overflow Vulnerabilities
LessTif libXpm Multiple Image Processing Vulnerabilities
Gentoo update for pdflib
SUSE update for cyrus-imapd
Mac OS X Security Update Fixes Multiple Vulnerabilities
Debian update for ViewCVS
Darwin Streaming Server "DESCRIBE" Request Denial of Service
Big Medium Unspecified Script Upload Vulnerability
Sun Solaris in.rwhod Unspecified Vulnerability
Debian hpsockd Buffer Overflow Vulnerability
Red Hat update for kernel
Fedora update for mysql
Debian update for nfs-utils
Mandrake update for nfs-utils
nfs-utils "SIGPIPE" TCP Connection Termination Denial of
rootsh Escape Sequences Logging Security Bypass
Gentoo mirrorselect Insecure Temporary File Creation
Gentoo update for perl
Mandrake update for gzip
Mandrake update for lvm
Mandrake update for openssl
Gentoo rssh Arbitrary Command Execution Vulnerability
file Unspecified ELF Header Parsing Vulnerability
AIX Unspecified System Startup Scripts Vulnerability
Gentoo update for scponly
scponly Security Bypass Arbitrary Command Execution
rssh Security Bypass Arbitrary Command Execution
Netscape Window Injection Vulnerability
WebLibs Directory Traversal Vulnerability
ViewCVS Restricted Directory Access Security Bypass
MaxDB Web Tools Buffer Overflow and Denial of Service
Codestriker Unspecified Repository Security Bypass Issue
Jakarta Lucene "results.jsp" Cross-Site Scripting
Serendipity "searchTerm" Cross-Site Scripting Vulnerability
Novell NetMail Default NMAP Authentication Credential

Dec 7th 2004
24 of 36 issues handled (SF)
2. File ELF Header Unspecified Buffer Overflow Vulnerability
4. Groupmax World Wide Web Cross-Site Scripting And Directory T...
5. 21-6 Productions Orbz Remote Buffer Overflow Vulnerability
8. EnergyMech IRC Bot Unspecified Buffer Overflow Vulnerability
9. FreeImage Interleaved Bitmap Image Buffer Overflow Vulnerabi...
10. IPCop Web Administration Interface Proxy Log HTML Injection ...
12. OpenSSH-portable PAM Authentication Remote Information Discl...
14. SuSE Linux Enterprise Server NFS Unspecified Denial Of Servi...
15. SuSE Linux Kernel Unauthorized SCSI Command Vulnerability
16. Linux NFS RPC.STATD Remote Denial Of Service Vulnerability
17. ACPID Proxy Unspecified Local Denial Of Service Vulnerabilit...
18. gnubiff Multiple Remote Denial Of Service Vulnerabilities
20. FreeBSD Linux ProcFS Local Kernel Denial Of Service And Info...
21. S9Y Serendipity Remote Cross-Site Scripting Vulnerability
22. SCPOnly Remote Arbitrary Command Execution Vulnerability
23. RSSH Remote Arbitrary Command Execution Vulnerability
25. Linux Kernel Unspecified Local TSS Vulnerability For AMD64 A...
26. Blog Torrent Remote Directory Traversal Vulnerability
27. Global Moxie Big Medium Unspecified Remote Script Code Execu...
28. PHProjekt Unspecified Authentication Bypass Vulnerability
29. Advanced Guestbook Cross-Site Scripting Vulnerability
30. Burut Kreed Game Server Multiple Remote Vulnerabilities
34. Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulne...
36. Sandino Flores Moreno Gaim Festival Plug-in Remote Denial Of...

unSpawn · 12-11-2004, 06:00 AM

SecurityFocus

2. File ELF Header Unspecified Buffer Overflow Vulnerability
BugTraq ID: 11771
Remote: Yes
Date Published: Nov 29 2004
Relevant URL: http://www.securityfocus.com/bid/11771
Summary:
The file command is affected by a buffer overflow vulnerability. This issue is due to a failure of the application to properly validate string lengths in the affected file prior to copying them into static process buffers.

An attacker may leverage this issue to execute arbitrary code with the privileges of a user that processes the malicious file with the affected utility. This may be leveraged to escalate privileges or to gain unauthorized access.

4. Groupmax World Wide Web Cross-Site Scripting And Directory T...
BugTraq ID: 11773
Remote: Yes
Date Published: Nov 29 2004
Relevant URL: http://www.securityfocus.com/bid/11773
Summary:
It is reported that Groupmax World Wide Web is susceptible to both a cross-site scripting vulnerability and a directory traversal vulnerability. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied input.

The cross-site scripting issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.

The directory traversal vulnerability allows remote attackers to retrieve the contents of potentially sensitive files with the privileges of the web server. Reportedly, only files with an 'html' extension are retrievable.

Both of these vulnerabilities reportedly require attackers to successfully authenticate to the server prior to exploitation.

5. 21-6 Productions Orbz Remote Buffer Overflow Vulnerability
BugTraq ID: 11774
Remote: Yes
Date Published: Nov 29 2004
Relevant URL: http://www.securityfocus.com/bid/11774
Summary:
A remote buffer overflow vulnerability has been reported in 21-6 Productions Orbz. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into finite process buffers.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

8. EnergyMech IRC Bot Unspecified Buffer Overflow Vulnerability
BugTraq ID: 11777
Remote: Unknown
Date Published: Nov 30 2004
Relevant URL: http://www.securityfocus.com/bid/11777
Summary:
An unspecified buffer overflow vulnerability affects EnergyMech. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into finite process buffers.

Although the impact of this issue is currently unknown, it is likely that an attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

9. FreeImage Interleaved Bitmap Image Buffer Overflow Vulnerabi...
BugTraq ID: 11778
Remote: Yes
Date Published: Nov 26 2004
Relevant URL: http://www.securityfocus.com/bid/11778
Summary:
A buffer overflow vulnerability exists in FreeImage. This issue is due to a boundary condition error that is presented when the library handles malformed Interleaved Bitmap (ILBM) images.

This issue could potentially be exploited to execute arbitrary code in the context of an application that uses the library.

10. IPCop Web Administration Interface Proxy Log HTML Injection ...
BugTraq ID: 11779
Remote: Yes
Date Published: Nov 30 2004
Relevant URL: http://www.securityfocus.com/bid/11779
Summary:
IPCop is reported susceptible to an HTML injection vulnerability in its proxy log viewer. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated web pages.

This vulnerability allows remote, attacker-supplied malicious HTML or script code to be displayed to administrative users. This code would be executed in the context of the affected Web application. It is conjectured that it may be possible for attackers to cause administrative actions to be executed on their behalf when an administrator views the Squid logs. Theft of cookie-based authentication credentials and other attacks are also likely.

Version 1.4.1 of IPCop is reportedly vulnerable. Other versions may also be affected.

12. OpenSSH-portable PAM Authentication Remote Information Discl...
BugTraq ID: 11781
Remote: Yes
Date Published: Nov 30 2004
Relevant URL: http://www.securityfocus.com/bid/11781
Summary:
It is reported that OpenSSH contains an information disclosure vulnerability. This issue exists in the portable version of OpenSSH. The portable version is the version that is distributed for operating systems other than its native OpenBSD platform.

This issue is related to BID 7467. It is reported that the previous fix for BID 7476 was insufficient to completely fix the issue. It is not confirmed at this time, but this current issue may involve differing code paths in PAM, resulting in a new vulnerability.

This vulnerability allows remote users to test for the existence of valid usernames. Knowledge of usernames may aid them in further attacks.

14. SuSE Linux Enterprise Server NFS Unspecified Denial Of Servi...
BugTraq ID: 11783
Remote: Yes
Date Published: Dec 01 2004
Relevant URL: http://www.securityfocus.com/bid/11783
Summary:
A remote denial of service and storage corruption vulnerability affects SuSE Linux enterprise Server. This underlying nature of this issue is currently unknown; this BID will be updated as further details are released.

An attacker may leverage this issue to cause the affected server to crash, denying service to legitimate users. It has also been reported that this issue may be exploited to corrupt data stored on disk.

15. SuSE Linux Kernel Unauthorized SCSI Command Vulnerability
BugTraq ID: 11784
Remote: No
Date Published: Dec 01 2004
Relevant URL: http://www.securityfocus.com/bid/11784
Summary:
SuSE Linux is reported susceptible to an unauthorized SCSI command vulnerability.

Malicious users may be able to send commands to SCSI devices that result in the overwriting of their firmware. This potentially results in the failure of the targeted device to further operate. This may result in the permanent, unrecoverable destruction of SCSI devices, requiring that they be sent to the vendor for service or replacement.

SuSE Linux 9.1, and SuSE Linux Enterprise Server 9 are reported to be vulnerable to this issue. Other versions, and other distributions of Linux are also potentially affected.

16. Linux NFS RPC.STATD Remote Denial Of Service Vulnerability
BugTraq ID: 11785
Remote: Yes
Date Published: Dec 01 2004
Relevant URL: http://www.securityfocus.com/bid/11785
Summary:
It is reported that rpc.statd is vulnerable to a remote denial of service vulnerability.

This vulnerability allows remote attackers to crash the affected application. This may result in the failure to cleanup NFS network locks, possibly resulting in denied access to files, as they may be considered permanently locked.

Verion 1.0.6 of nfs-utils is reported vulnerable to this issue. Other versions may also be affected.

17. ACPID Proxy Unspecified Local Denial Of Service Vulnerabilit...
BugTraq ID: 11786
Remote: No
Date Published: Dec 01 2004
Relevant URL: http://www.securityfocus.com/bid/11786
Summary:
An unspecified local denial of service vulnerability affected acpid_proxy. The underlying issue causing this vulnerability is currently unknown, this BID will be updated as more details are released.

A local attacker may leverage this issue to cause the affected computer to crash, denying service to legitimate users.

18. gnubiff Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 11787
Remote: Yes
Date Published: Dec 01 2004
Relevant URL: http://www.securityfocus.com/bid/11787
Summary:
It is reported that gnubiff contains multiple remote denial of service vulnerabilities.

gnubiff is reportedly unable to properly handle unterminated responses to certain IMAP and POP commands.

These vulnerabilities reportedly affect versions prior to 2.0.2 for cleartext connections, and versions prior to 2.0.3 for SSL connections.

20. FreeBSD Linux ProcFS Local Kernel Denial Of Service And Info...
BugTraq ID: 11789
Remote: No
Date Published: Dec 02 2004
Relevant URL: http://www.securityfocus.com/bid/11789
Summary:
A local denial of service and information disclosure vulnerability affects the procfs and linprocfs implementation on FreeBSD. This issue is due to a design error that causes the mismanagement of memory references.

An attacker may leverage this issue to cause a kernel panic on an affected computer, denying service to legitimate users. It is also possible to leverage this issue to disclose kernel memory, potentially facilitating access to sensitive information in kernel buffers.

21. S9Y Serendipity Remote Cross-Site Scripting Vulnerability
BugTraq ID: 11790
Remote: Yes
Date Published: Dec 02 2004
Relevant URL: http://www.securityfocus.com/bid/11790
Summary:
A cross-site scripting vulnerability affects S9Y Serendipity. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.=20

An attacker may leverage this issue to have arbitrary HTML and script code rendered and executed in the browser of an unsuspecting user. This may facilitate theft of cookie-based authentication credentials as well as other attacks.

22. SCPOnly Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 11791
Remote: Yes
Date Published: Dec 02 2004
Relevant URL: http://www.securityfocus.com/bid/11791
Summary:
scponly is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a vulnerable computer.

Versions prior to 4.0 are reported susceptible to this issue.

23. RSSH Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 11792
Remote: Yes
Date Published: Dec 02 2004
Relevant URL: http://www.securityfocus.com/bid/11792
Summary:
rssh is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a vulnerable computer.

All versions of rssh are considered vulnerable at the moment.

25. Linux Kernel Unspecified Local TSS Vulnerability For AMD64 A...
BugTraq ID: 11794
Remote: No
Date Published: Dec 02 2004
Relevant URL: http://www.securityfocus.com/bid/11794
Summary:
The Linux kernel is reported prone to an unspecified local TSS-related (Task State Segment) vulnerability. This vulnerability reportedly only affects the AMD64, and the EMT64T CPU architectures.

This vulnerability reportedly allows local attackers to crash the kernel, or possibly gain elevated privileges.

It is reported that Linux kernels prior to version 2.4.23 are susceptible to this vulnerability.

26. Blog Torrent Remote Directory Traversal Vulnerability
BugTraq ID: 11795
Remote: Yes
Date Published: Dec 02 2004
Relevant URL: http://www.securityfocus.com/bid/11795
Summary:
It is reported that Blog Torrent is prone to a remote directory traversal vulnerability. This issue is due to a failure of the server process to properly filter user supplied input.=20

Blog Torrent preview 0.8 version is affected by this vulnerability.

27. Global Moxie Big Medium Unspecified Remote Script Code Execu...
BugTraq ID: 11796
Remote: Yes
Date Published: Dec 02 2004
Relevant URL: http://www.securityfocus.com/bid/11796
Summary:
Global Moxie Big Medium is reported prone to a remote unspecified code execution vulnerability. It is reported that this vulnerability may be exploited to allow a remote user to upload arbitrary files into the Big Medium "web" directory.

28. PHProjekt Unspecified Authentication Bypass Vulnerability
BugTraq ID: 11797
Remote: Yes
Date Published: Dec 02 2004
Relevant URL: http://www.securityfocus.com/bid/11797
Summary:
PHPProject is reported prone to an unspecified authentication bypass vulnerability. Reports indicate that the vulnerability is present in the 'setup.php' source file and may be exploited by a remote attacker to gain access to the 'setup.php' file without requiring authentication.

29. Advanced Guestbook Cross-Site Scripting Vulnerability
BugTraq ID: 11798
Remote: Yes
Date Published: Dec 02 2004
Relevant URL: http://www.securityfocus.com/bid/11798
Summary:
It is reported that Advanced Guestbook is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.

This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.

This vulnerability is reported to exist in version 2.3.1 of Advanced Guestbook. Other versions may also be affected.

30. Burut Kreed Game Server Multiple Remote Vulnerabilities
BugTraq ID: 11799
Remote: Yes
Date Published: Dec 02 2004
Relevant URL: http://www.securityfocus.com/bid/11799
Summary:
Kreed game server is reported prone to multiple vulnerabilities. The following individual issues are reported:

It is reported that the game server is prone to a format string handling vulnerability. This vulnerability may potentially be exploited by a remote attacker to write to arbitrary locations in process memory potentially resulting in remote code execution.

The second reported issue, a denial of service, is reported to affect the Kreed game server. Reports indicate that when a large UDP datagram is handled, the server will crash. A remote attacker may exploit this vulnerability to deny service to legitimate users.

Finally, a denial of service is reported in the Kreed server scripts. It is reported that a malicious nickname or model type will trigger the vulnerability. A remote attacker may exploit this vulnerability to deny service to legitimate users.

34. Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulne...
BugTraq ID: 11803
Remote: Yes
Date Published: Dec 03 2004
Relevant URL: http://www.securityfocus.com/bid/11803
Summary:
It is reported that Jakarta Lucene is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input.

This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link is followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.

This vulnerability is reported to exist in version 1.4.2 and previous of Jakarta Lucene. Other versions may also be affected.

36. Sandino Flores Moreno Gaim Festival Plug-in Remote Denial Of...
BugTraq ID: 11805
Remote: Yes
Date Published: Dec 03 2004
Relevant URL: http://www.securityfocus.com/bid/11805
Summary:
The Gaim Festival Plug-in is reported prone to a remote denial of service vulnerability. Reports indicate that the plug-in does not handle certain characters correctly and will crash if these characters are parsed from an incoming message.

A remote attacker may exploit this condition to deny service to legitimate users. Further attacks may also be possible.

unSpawn · 12-11-2004, 06:04 AM

Secunia

[SA13406] Red Hat update for ImageMagick

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-09

Red Hat has issued an update for ImageMagick. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13406/

[SA13395] SUSE Updates for Multiple Packages

Critical: Highly critical
Where: From remote
Impact: Privilege escalation, DoS, System access
Released: 2004-12-08

SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited to overwrite files, gain
escalated privileges, or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13395/

[SA13386] Mandrake update for ImageMagick

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-07

MandrakeSoft has issued an update for ImageMagick. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/13386/

[SA13382] Gentoo update for imlib

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-12-07

Gentoo has issued an update for imlib. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/13382/

[SA13381] Imlib Image Decoding Integer Overflow Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-12-07

Pavel Kankovsky has reported multiple vulnerabilities in imlib, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/13381/

[SA13378] LessTif libXpm Multiple Image Processing Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-12-06

Multiple vulnerabilities have been reported in LessTif, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13378/

[SA13373] Gentoo update for pdflib

Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2004-12-06

Gentoo has issued an update for pdflib. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/13373/

[SA13366] SUSE update for cyrus-imapd

Critical: Highly critical
Where: From remote
Impact: System access
Released: 2004-12-06

SUSE has issued an update for cyrus-imapd. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13366/

[SA13362] Mac OS X Security Update Fixes Multiple Vulnerabilities

Critical: Highly critical
Where: From remote
Impact: Security Bypass, Spoofing, Exposure of sensitive
information, Privilege escalation, DoS, System access
Released: 2004-12-03

Apple has issued a security update for Mac OS X, which fixes various
vulnerabilities.

Full Advisory:
http://secunia.com/advisories/13362/

[SA13380] Debian update for ViewCVS

Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-12-06

Debian has issued an update for viewcvs. This fixes a vulnerability,
which can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/13380/

[SA13367] Darwin Streaming Server "DESCRIBE" Request Denial of Service
Vulnerability

Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2004-12-08

A vulnerability has been reported in Darwin Streaming Server, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/13367/

[SA13358] Big Medium Unspecified Script Upload Vulnerability

Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2004-12-02

A vulnerability has been reported in Big Medium, which potentially can
be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13358/

[SA13401] Sun Solaris in.rwhod Unspecified Vulnerability

Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2004-12-08

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13401/

[SA13371] Debian hpsockd Buffer Overflow Vulnerability

Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2004-12-03

infamous41md has reported a vulnerability in hpsockd, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13371/

[SA13359] Red Hat update for kernel

Critical: Moderately critical
Where: From local network
Impact: Security Bypass, Privilege escalation, DoS
Released: 2004-12-03

Red Hat has issued an update for the kernel. This fixes multiple
vulnerabilities, which potentially can be exploited to gain escalated
privileges, bypass certain security restrictions, or cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/13359/

[SA13407] Fedora update for mysql

Critical: Less critical
Where: From local network
Impact: Security Bypass, Privilege escalation, DoS, System access
Released: 2004-12-09

Fedora has issued an update for mysql. This fixes multiple
vulnerabilities, which can be exploited to perform certain actions on a
system with escalated privileges, bypass certain security restrictions,
cause a DoS (Denial of Service), or potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/13407/

[SA13403] Debian update for nfs-utils

Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-12-09

Debian has issued an update for nfs-utils. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/13403/

[SA13390] Mandrake update for nfs-utils

Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-12-07

MandrakeSoft has issued an update for nfs-utils. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/13390/

[SA13384] nfs-utils "SIGPIPE" TCP Connection Termination Denial of
Service Vulnerability

Critical: Less critical
Where: From local network
Impact: DoS
Released: 2004-12-07

SGI has reported a vulnerability in nfs-utils, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/13384/

[SA13405] rootsh Escape Sequences Logging Security Bypass

Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2004-12-09

A security issue has been reported in rootsh, which can be exploited by
malicious, local users to bypass the logging functionality.

Full Advisory:
http://secunia.com/advisories/13405/

[SA13392] Gentoo mirrorselect Insecure Temporary File Creation
Vulnerability

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-12-07

Ervin Nemeth has reported a vulnerability in mirrorselect, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/13392/

[SA13388] Gentoo update for perl

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-12-07

Gentoo has issued an update for perl. This fixes some vulnerabilities,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/13388/

[SA13387] Mandrake update for gzip

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-12-07

MandrakeSoft has issued an update for gzip. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/13387/

[SA13385] Mandrake update for lvm

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-12-07

MandrakeSoft has issued an update for lvm. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/13385/

[SA13383] Mandrake update for openssl

Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2004-12-07

MandrakeSoft has issued an update for openssl. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/13383/

[SA13379] Gentoo rssh Arbitrary Command Execution Vulnerability

Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2004-12-06

Gentoo has acknowledged a vulnerability in rssh, which can be exploited
by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/13379/

[SA13376] file Unspecified ELF Header Parsing Vulnerability

Critical: Less critical
Where: Local system
Impact: Unknown
Released: 2004-12-06

A vulnerability with an unknown impact has been reported in file.

Full Advisory:
http://secunia.com/advisories/13376/

[SA13370] AIX Unspecified System Startup Scripts Vulnerability

Critical: Less critical
Where: Local system
Impact: Manipulation of data, DoS
Released: 2004-12-03

A vulnerability has been reported in AIX, which can be exploited by
malicious, local users to inject arbitrary data into the ODM (Object
Data Manager) or cause a vulnerable system to hang during boot.

Full Advisory:
http://secunia.com/advisories/13370/

[SA13369] Gentoo update for scponly

Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2004-12-06

Gentoo has issued an update for scponly. This fixes a vulnerability,
which can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/13369/

[SA13364] scponly Security Bypass Arbitrary Command Execution
Vulnerability

Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2004-12-03

Jason Wies has reported a vulnerability in scponly, which can be
exploited by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/13364/

[SA13363] rssh Security Bypass Arbitrary Command Execution
Vulnerability

Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2004-12-03

Jason Wies has reported a vulnerability in rssh, which can be exploited
to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/13363/

Cross Platform:--

[SA13402] Netscape Window Injection Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2004-12-08

A vulnerability has been reported in Netscape, which can be exploited
by malicious people to spoof the content of websites.

Full Advisory:
http://secunia.com/advisories/13402/

[SA13400] WebLibs Directory Traversal Vulnerability

Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2004-12-08

John Bissell has reported a vulnerability in WebLibs, which can be
exploited by malicious people to access sensitive information.

Full Advisory:
http://secunia.com/advisories/13400/

[SA13375] ViewCVS Restricted Directory Access Security Bypass

Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2004-12-06

Hajvan Sehic has reported a vulnerability in ViewCVS, which can be
exploited by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/13375/

[SA13397] MaxDB Web Tools Buffer Overflow and Denial of Service
Vulnerabilities

Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2004-12-08

Evgeny Demidov has reported two vulnerabilities in MaxDB, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/13397/

[SA13393] Codestriker Unspecified Repository Security Bypass Issue

Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2004-12-08

A security issue has been reported in Codestriker, which can be
exploited by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/13393/

[SA13360] Jakarta Lucene "results.jsp" Cross-Site Scripting
Vulnerability

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-12-03

A vulnerability has been reported in Jakarta Lucene, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/13360/

[SA13357] Serendipity "searchTerm" Cross-Site Scripting Vulnerability

Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2004-12-02

Stefan Esser has reported a vulnerability in Serendipity, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/13357/

[SA13377] Novell NetMail Default NMAP Authentication Credential
Security Issue

Critical: Less critical
Where: From local network
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2004-12-06

A security issue has been reported in NetMail, which can be exploited
by malicious people to access the mail store.

Full Advisory:
http://secunia.com/advisories/13377/

unSpawn · 12-11-2004, 06:10 AM

Linux Advisory Watch

Distribution: Debian

* Debian: hpsockd denial of service fix 3rd, December, 2004

"infamous41md" discovered a buffer overflow condition in hpsockd, the socks server written at Hewlett-Packard. An exploit could cause the program to crash or may have worse effect.
http://www.linuxsecurity.com/content/view/117313

* Debian: viewcvs information leak fix 6th, December, 2004

Hajvan Sehic discovered several vulnerabilities in viewcvs, a utility for viewing CVS and Subversion repositories via HTTP. When exporting a repository as a tar archive the hide_cvsroot and forbidden settings were not honoured enough.
http://www.linuxsecurity.com/content/view/117392

* Debian: nfs-util denial of service fix 8th, December, 2004

SGI has discovered that rpc.statd from the nfs-utils package, the Network Status Monitor, did not ignore the "SIGPIPE". Hence, a client prematurely terminating the TCP connection could also terminate the server process.
http://www.linuxsecurity.com/content/view/117423

Distribution: Fedora

* Fedora: cyrus-imapd-2.2.10-3.fc2 update 3rd, December, 2004

The recent update to cyrus-imapd-2.2.10-1.fc2 for security exploits revealed a package installation problem.
http://www.linuxsecurity.com/content/view/117366

* Fedora: cyrus-imapd-2.2.10-3.fc3 update 3rd, December, 2004

The recent update to cyrus-imapd-2.2.10-1.fc3 for security exploits revealed a package installation problem. If the main configuration files for cyrus-imapd
http://www.linuxsecurity.com/content/view/117367

* Fedora: netatalk-1.6.4-2.2 update 6th, December, 2004

Fix to temp file vulnerability in /etc/psf/etc2ps
http://www.linuxsecurity.com/content/view/117395

* Fedora: netatalk-1.6.4-4 update 6th, December, 2004

Fix temp file vulnerability in /etc/psf/etc2ps
http://www.linuxsecurity.com/content/view/117396

* Fedora: gaim-1.1.0-0.FC2 update 6th, December, 2004

Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor.
http://www.linuxsecurity.com/content/view/117397

* Fedora: gaim-1.1.0-0.FC3 update 6th, December, 2004

Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor.
http://www.linuxsecurity.com/content/view/117398

* Fedora: rhpl-0.148.1-2 update 6th, December, 2004

Remove synaptics requires (#137935)
http://www.linuxsecurity.com/content/view/117399

* Fedora: ttfonts-ja-1.2-36.FC3.0 update 7th, December, 2004

reverted the previous changes so that it broke ghostscript working. (#139798)
http://www.linuxsecurity.com/content/view/117404

* Fedora: mc-4.6.1-0.11FC3 update 7th, December, 2004

The updated version of Midnight Commander contains finished CAN-2004-0494 security fixes in extfs scripts and has better support for UTF-8, contains subshell prompt fixes and enhanced large file support.
http://www.linuxsecurity.com/content/view/117417

* Fedora: udev-039-10.FC3.4 update 7th, December, 2004

udev is a implementation of devfs in userspace using sysfs and /sbin/hotplug. It requires a 2.6 kernel to run properly.
http://www.linuxsecurity.com/content/view/117418

* Fedora: udev-039-10.FC3.5 update 7th, December, 2004

fixed udev.rules for cdrom symlinks (bug 141897)
http://www.linuxsecurity.com/content/view/117419

* Fedora: gnome-bluetooth-0.5.1-5.FC3.1 update 7th, December, 2004

fixed again gnome-bluetooth-manager script for 64bit (bug 134864)
http://www.linuxsecurity.com/content/view/117420

* Fedora: rsh update 8th, December, 2004

fixed rexec fails with "Invalid Argument" (#118630)
http://www.linuxsecurity.com/content/view/117432

* Fedora: Omni-0.9.2-1.1 update 8th, December, 2004

This is the 0.9.2 release of the Omni printer driver collection. It also fixes a library path problem on multilib architectures such as x86_64.
http://www.linuxsecurity.com/content/view/117433

* Fedora: mysql-3.23.58-9.1 update 8th, December, 2004

fix security issues CAN-2004-0835, CAN-2004-0836, CAN-2004-0837 (bugs #135372, 135375, 135387)
http://www.linuxsecurity.com/content/view/117434

* Fedora: libpng-1.2.8-1.fc2 update 9th, December, 2004

Updates libpng to the current release 1.2.8. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html
http://www.linuxsecurity.com/content/view/117439

* Fedora: libpng10-1.0.18-1.fc2 update 9th, December, 2004

Updates libpng10 to the current release 1.0.18. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html
http://www.linuxsecurity.com/content/view/117440

* Fedora: glib2-2.4.8-1.fc2 update 9th, December, 2004

Updates GLib to the current stable release 2.4.8. For details about the bugs which have been fixed in this release, see http://mail.gnome.org/archives/gnome...nce-list/2004- December/msg00004.html
http://www.linuxsecurity.com/content/view/117441

* Fedora: gtk2-2.4.14-1.fc2 update 9th, December, 2004

Updates GTK+ to the current stable release 2.4.14. For details about the bugs which have been fixed in this release, see http://mail.gnome.org/archives/gnome...nce-list/2004- December/msg00007.html
http://www.linuxsecurity.com/content/view/117442

* Fedora: libpng10-1.0.18-1.fc3 update 9th, December, 2004

Updates libpng10 to the current release 1.0.18. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html
http://www.linuxsecurity.com/content/view/117443

* Fedora: libpng-1.2.8-1.fc3 update 9th, December, 2004

Updates libpng to the current release 1.2.8. For details about the bugs which have been fixed in this release, see http://www.libpng.org/pub/png/libpng.html
http://www.linuxsecurity.com/content/view/117444

* Fedora: glib2-2.4.8-1.fc3 update 9th, December, 2004

Updates GLib to the current stable release 2.4.8. For details about the bugs which have been fixed in this release, see http://mail.gnome.org/archives/gnome...nce-list/2004- December/msg00004.html
http://www.linuxsecurity.com/content/view/117445

* Fedora: gtk2-2.4.14-1.fc3 update 9th, December, 2004

Updates GTK+ to the current stable release 2.4.14. For details about the bugs which have been fixed in this release, see http://mail.gnome.org/archives/gnome...nce-list/2004- December/msg00007.html
http://www.linuxsecurity.com/content/view/117446

* Fedora: postgresql-odbc-7.3-6.2 update 9th, December, 2004

This update fixes problems occurring on 64-bit platforms.
http://www.linuxsecurity.com/content/view/117447

* Fedora: postgresql-odbc-7.3-8.FC3.1 update 9th, December, 2004

This update fixes problems occurring on 64-bit platforms.
http://www.linuxsecurity.com/content/view/117448

* Fedora: postgresql-7.4.6-1.FC2.1 update 9th, December, 2004

This update synchronizes PostgreSQL for FC2 with the version already released in FC3.
http://www.linuxsecurity.com/content/view/117449

* Fedora: shadow-utils-4.0.3-55 update 9th, December, 2004

A regression has been fixed where strict enforcement of POSIX rules for user and group names prevented Samba 3 from using its "add machine script" feature...
http://www.linuxsecurity.com/content/view/117452

* Fedora: shadow-utils-4.0.3-56 update 9th, December, 2004

A regression has been fixed where strict enforcement of POSIX rules for user and group names prevented Samba 3 from using its "add machine script" feature...
http://www.linuxsecurity.com/content/view/117453

* Gentoo: rssh, scponly Unrestricted command execution 3rd, December, 2004

rssh and scponly do not filter command-line options that can be exploited to execute any command, thereby allowing a remote user to completely bypass the restricted shell.
http://www.linuxsecurity.com/content/view/117364

Distribution: Gentoo

* Gentoo: PDFlibs Multiple overflows in the included TIFF library 6th, December, 2004

PDFlib is vulnerable to multiple overflows, which can potentially lead to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/117393

* Gentoo: imlib Buffer overflows in image decoding 6th, December, 2004

Multiple overflows have been found in the imlib library image decoding routines, potentially allowing execution of arbitrary code.
http://www.linuxsecurity.com/content/view/117394

* Gentoo: perl Insecure temporary file creation 6th, December, 2004

Perl is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
http://www.linuxsecurity.com/content/view/117402

* Gentoo: mirrorselect Insecure temporary file creation 7th, December, 2004

mirrorselect is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.
http://www.linuxsecurity.com/content/view/117403

* Mandrake: drakxtools update 7th, December, 2004

Beginning immediately, all bug reports for stable releases will be handled via Bugzilla at http://qa.mandrakesoft.com/. The drakbug tool has been updated to point users of stable releases to Bugzilla.
http://www.linuxsecurity.com/content/view/117405

Distribution: Mandrake

* Mandrake: dietlibc fix 7th, December, 2004

There was a problem with dietlibc in Mandrakelinux 10.0/amd64 where it would not provide proper support for the AMD64 architecture. The updated package fixes this.
http://www.linuxsecurity.com/content/view/117406

* Mandrake: gzip fix 7th, December, 2004

The Trustix developers found some insecure temporary file creation problems in the zdiff, znew, and gzeze supplemental scripts in the gzip package. These flaws could allow local users to overwrite files via a symlink attack.
http://www.linuxsecurity.com/content/view/117407

* Mandrake: ImageMagick fix 7th, December, 2004

A vulnerability was discovered in ImageMagick where, due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could potentially lead to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/117408

* Mandrake: lvml fix 7th, December, 2004

The Trustix developers discovered that the lvmcreate_initrd script, part of the lvm1 package, created a temporary directory in an insecure manner. This could allow for a symlink attack to create or overwrite arbitrary files with the privileges of the user running the script.
http://www.linuxsecurity.com/content/view/117409

* Mandrake: rp-pppoe fix 7th, December, 2004

Max Vozeler discovered a vulnerability in pppoe, part of the rp-pppoe package. When pppoe is running setuid root, an attacker can overwrite any file on the system. Mandrakelinux does not install pppoe setuid root, however the packages have been patched to prevent this problem.
http://www.linuxsecurity.com/content/view/117410

* Mandrake: nfs-utils fix 7th, December, 2004

SGI developers discovered a remote DoS (Denial of Service) condition in the NFS statd server. rpc.statd did not ignore the "SIGPIPE" signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely.
http://www.linuxsecurity.com/content/view/117411

* Mandrake: openssl fix 7th, December, 2004

The Trustix developers found that the der_chop script, included in the openssl package, created temporary files insecurely. This could allow local users to overwrite files using a symlink attack.
http://www.linuxsecurity.com/content/view/117412

* Trustix: multiple package bugfixes 9th, December, 2004

amavisd-new AMaViS is a script that interfaces a mail transport agent (MTA) with one or more virus scanners.
http://www.linuxsecurity.com/content/view/117437

Distribution: Trustix

* Trustix: nfs-util Remote denial of service 9th, December, 2004

SGI developers discovered a remote Denial of Service in the NFS statd server where it did not ignore the "SIGPIPE" signal. This could cause the server to shut down if a client terminates prematurely.
http://www.linuxsecurity.com/content/view/117438

Distribution: Red Hat

* Red Hat: ImageMagick security vulnerability fix 8th, December, 2004 Updated ImageMagick packages that fixes a buffer overflow are now available.

http://www.linuxsecurity.com/content/view/117431

Distribution: SuSE

* SuSE: cyrus-imapd remote command execution 3rd, December, 2004

Stefan Esser reported various bugs within the Cyrus IMAP Server. These include buffer overflows and out-of-bounds memory access which could allow remote attackers to execute arbitrary commands as root. The bugs occur in the pre-authentication phase, therefore an update is strongly recommended.
http://www.linuxsecurity.com/content/view/117317

Distribution: TurboLinux

* TurboLinux: samba, cups vulnerabilities 8th, December, 2004

Two vulnerabilities discovered in Samba. DoS vulnerability in cups.
http://www.linuxsecurity.com/content/view/117424