May 25th 2004
31 issues handled (ISS)
1. libtASN1 DER parsing issue
2. Linux Kernel e1000 driver buffer overflow
3. BusyBox netlink message spoofing
4. KDE URL handler allows attacker unauthorized access
5. Turbo Traffic Trader C multiple scripts cross-site
6. wget lock race condition
7. Php-Nuke show weblink path disclosure
8. Php-Nuke multiple cross-site scipting
9. osCommerce "dot dot" directory traversal
10. Zen Cart login allows SQL injection
11. passwd stdin option off-by-one buffer overflow
12. passwd improper validation of pam_start
13. passwd memory leak
14. libuser denial of service
15. Subversion date parsing allows command execution
16. neon library ne_rfc1036_parse function buffer
17. CVS entry line buffer overflow
18. Sun JSSE incorrectly validates digital
19. LHA extract_one buffer overflows
20. cPanel Fantastico information disclosure
21. Apache mod_ssl ssl_util_uuencode_binary buffer overflow
22. Phorum allows attacker to hijack session
23. PHP-Nuke modpath PHP file include
24. vsftpd connection denial of service
25. Perl and ActivePerl duplication operator integer overflow
26. Mozilla JavaScript denial of service
27. OpenBSD procfs allows elevated privileges
28. Firebird database name buffer overflow
29. Apache HTTP Server PHP denial of service
30. e107 log.php cross-site scripting
31. Liferay Enterprise Portal message cross-site scripting


May 25th 2004
12 issues handles (SF)
1. TurboTrafficTrader C Multiple Cross-Site Scripting and HTML...
2. WGet Insecure File Creation Race Condition Vulnerability
3. PHP-Nuke Modpath Parameter Potential File Include Vulnerabil...
4. PHP-Nuke Multiple Input Validation Vulnerabilities
5. LibUser Multiple Unspecified Vulnerabilities
6. Mandrake Linux passwd Potential Vulnerabilities
7. KDE Konqueror Embedded Image URI Obfuscation Weakness
8. CVS Malformed Entry Modified and Unchanged Flag Insertion He...
9. Neon WebDAV Client Library ne_rfc1036_parse Function Heap Ov...
10. Subversion Date Parsing Function Buffer Overflow Vulnerabili...
11. Netscape Navigator Embedded Image URI Obfuscation Weakness
12. SquirrelMail Unspecified SQL Injection Vulnerability


May 28th 2004
24 issues across 9 distros (LAW)
libneon
mailman
kde
xpcd
kdepim
httpd
SquirrelMail
cvs
Subversion
cadaver
metamail
Firebird
Opera
MySQL
mc
Apache
Heimdal
apache-mod_perl
kernel
kolab-server
utempter
LHA
tcpdump,libpcap,arpwatch
kdelibs/kdelibs3

Internet Security Systems


1. Date Reported: 05/14/2004
Brief Description: libtASN1 DER parsing issue
Risk Factor: Medium
Attack Type: Network Based
Platforms: libtANS1 0.1.x prior to 0.1.2, libtASN1 0.2.x prior
to 0.2.7, Linux Any version, Unix Any version
Vulnerability: libtasn1-der-parsing
X-Force URL: http://xforce.iss.net/xforce/xfdb/16157


2. Date Reported: 05/14/2004
Brief Description: Linux Kernel e1000 driver buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, Linux kernel 2.4 - 2.4.26
Vulnerability: linux-e1000-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/16159


3. Date Reported: 05/14/2004
Brief Description: BusyBox netlink message spoofing
Risk Factor: Medium
Attack Type: Host Based
Platforms: BusyBox Any version, SuSE Linux 8.0, SuSE Linux
8.1, SuSE Linux 8.2, SuSE Linux 9.0, SuSE Linux 9.1
Vulnerability: busybox-netlink-message-spoofing
X-Force URL: http://xforce.iss.net/xforce/xfdb/16162


4. Date Reported: 05/17/2004
Brief Description: KDE URL handler allows attacker unauthorized access
Risk Factor: High
Attack Type: Network Based
Platforms: Gentoo Linux Any version, K Desktop Environment
(KDE) 3.2.2 and prior, Red Hat Advanced Workstation
2.1AS, Red Hat Enterprise Linux 2.1AS, Red Hat
Hat Enterprise Linux 2.1ES, Red Hat Enterprise
Linux 2.1WS, Red Hat Enterprise Linux 3AS, Red
Hat Enterprise Linux 3ES, Red Hat Enterprise Linux
3WS, Red Hat Linux Desktop 3, Slackware Linux 9.0,
Slackware Linux 9.1, Slackware Linux current, Unix
Any version
Vulnerability: kde-url-handler-gain-access
X-Force URL: http://xforce.iss.net/xforce/xfdb/16163


5. Date Reported: 05/16/2004
Brief Description: Turbo Traffic Trader C multiple scripts cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Turbo Traffic Trader C Any version
Vulnerability: turbotraffictraderc-multiple-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/16164


6. Date Reported: 05/16/2004
Brief Description: wget lock race condition
Risk Factor: Medium
Attack Type: Host Based
Platforms: Linux Any version, wget 1.9 and 1.9.1
Vulnerability: wget-lock-race-condition
X-Force URL: http://xforce.iss.net/xforce/xfdb/16167


7. Date Reported: 05/17/2004
Brief Description: Php-Nuke show weblink path disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Any operating system Any version, PHP-Nuke 6.x through 7.3
Vulnerability: phpnuke-show-weblink-path-disclosure
X-Force URL: http://xforce.iss.net/xforce/xfdb/16170


8. Date Reported: 05/17/2004
Brief Description: Php-Nuke multiple cross-site scipting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, PHP-Nuke 6.x through 7.3
Vulnerability: phpnuke-multi-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/16172


9. Date Reported: 05/17/2004
Brief Description: osCommerce "dot dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, osCommerce Any version, Unix Any
version, Windows Any version
Vulnerability: oscommerce-dotdot-directory-traversal
X-Force URL: http://xforce.iss.net/xforce/xfdb/16174


10. Date Reported: 05/17/2004
Brief Description: Zen Cart login allows SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Zen Cart 1.1.2d
Vulnerability: zencart-login-sql-injection
X-Force URL: http://xforce.iss.net/xforce/xfdb/16176


11. Date Reported: 05/17/2004
Brief Description: passwd stdin option off-by-one buffer overflow
Risk Factor: Medium
Attack Type: Host Based
Platforms: Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake
Linux 9.2, Mandrake Linux Corporate Server 2.1,
Mandrake Multi Network Firewall 8.2, passwd 0.68
Vulnerability: passwd-stdin-offbyone-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/16178


12. Date Reported: 05/17/2004
Brief Description: passwd improper validation of pam_start
Risk Factor: Medium
Attack Type: Host Based
Platforms: Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake
Linux 9.2, Mandrake Linux Corporate Server 2.1,
Mandrake Multi Network Firewall 8.2, passwd 0.68
Vulnerability: passwd-pamstart-improper-validation
X-Force URL: http://xforce.iss.net/xforce/xfdb/16179


13. Date Reported: 05/17/2004
Brief Description: passwd memory leak
Risk Factor: Medium
Attack Type: Host Based
Platforms: Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake
Linux 9.2, Mandrake Linux Corporate Server 2.1,
Mandrake Multi Network Firewall 8.2, passwd 0.68
Vulnerability: passwd-memory-leak
X-Force URL: http://xforce.iss.net/xforce/xfdb/16180


14. Date Reported: 05/17/2004
Brief Description: libuser denial of service
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: libuser 0.51.7, Mandrake Linux 10.0, Mandrake Linux
9.1, Mandrake Linux 9.2, Mandrake Linux Corporate Server 2.1
Vulnerability: libuser-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/16188


15. Date Reported: 05/19/2004
Brief Description: Subversion date parsing allows command execution
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Subversion 1.0.2 and prior,Unix Any version
Vulnerability: subversion-date-parsing-command-execution
X-Force URL: http://xforce.iss.net/xforce/xfdb/16191


16. Date Reported: 05/19/2004
Brief Description: neon library ne_rfc1036_parse function buffer
overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Debian Linux 3.0, Linux Any version, neon 0.24.5
and earlier, Unix Any version
Vulnerability: neon-library-nerfc1036parse-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/16192


17. Date Reported: 05/19/2004
Brief Description: CVS entry line buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: CVS (Concurrent Versions System) 1.11.15 and
earlier, CVS (Concurrent Versions System) 1.12.7
and earlier, Debian Linux 3.0, FreeBSD Any version,
Debian Linux 3.0, Linux Any version, Red Hat
Red Hat Advanced Workstation 2.1, Red Hat
Enterprise Linux 2.1AS, Red Hat Enterprise Linux
2.1ES, Red Hat Enterprise Linux 2.1WS, Red Hat
Enterprise Linux 3AS, Red Hat Enterprise Linux 3ES,
Red Hat Enterprise Linux 3WS, Red Hat Linux Desktop
3, Unix Any version
Vulnerability: cvs-entry-line-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/16193


18. Date Reported: 05/18/2004
Brief Description: Sun JSSE incorrectly validates digital
certificates
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Solaris Any version, Sun JSSE
1.0.3, Sun JSSE 1.0.3_01, Sun JSSE 1.0.3_02,
Windows Any version
Vulnerability: sun-jsse-improper-validation
X-Force URL: http://xforce.iss.net/xforce/xfdb/16194


19. Date Reported: 05/15/2004
Brief Description: LHA extract_one buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: LHA Any version, Linux Any version
Vulnerability: lha-extractone-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/16196


20. Date Reported: 05/19/2004
Brief Description: cPanel Fantastico information disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: cPanel 9.3.0-R5, Linux Any version, Unix Any version
Vulnerability: cpanel-fantastico-obtain-information
X-Force URL: http://xforce.iss.net/xforce/xfdb/16197


21. Date Reported: 05/17/2004
Brief Description: Apache mod_ssl ssl_util_uuencode_binary buffer overflow
Risk Factor: Medium
Attack Type: Network Based
Platforms: Apache HTTP Server Any version, Linux Any version, Unix Any version
Vulnerability: apache-modssl-uuencode-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/16214


22. Date Reported: 05/19/2004
Brief Description: Phorum allows attacker to hijack session
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Phorum 4.3.7
Vulnerability: phorum-session-hijack
X-Force URL: http://xforce.iss.net/xforce/xfdb/16215


23. Date Reported: 05/17/2004
Brief Description: PHP-Nuke modpath PHP file include
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, PHP-Nuke 6.x through 7.3
Vulnerability: phpnuke-modpath-file-include
X-Force URL: http://xforce.iss.net/xforce/xfdb/16218


24. Date Reported: 05/21/2004
Brief Description: vsftpd connection denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, vsftpd prior to 1.2.2
Vulnerability: vsftpd-connection-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/16222


25. Date Reported: 05/17/2004
Brief Description: Perl and ActivePerl duplication operator integer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: ActivePerl Any version, Any operating system Any version
Vulnerability: perl-duplication-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/16224


26. Date Reported: 05/13/2004
Brief Description: Mozilla JavaScript denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Any operating system Any version, Mozilla Any version
Vulnerability: mozilla-javascript-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/16225


27. Date Reported: 05/13/2004
Brief Description: OpenBSD procfs allows elevated privileges
Risk Factor: High
Attack Type: Host Based
Platforms: OpenBSD 3.4, OpenBSD 3.5, OpenBSD Packet Filter3.5
Vulnerability: openbsd-procfs-gain-privileges
X-Force URL: http://xforce.iss.net/xforce/xfdb/16226


28. Date Reported: 05/23/2004
Brief Description: Firebird database name buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Debian Linux Any version, Firebird 1.0
Vulnerability: firebird-database-name-bo
X-Force URL: http://xforce.iss.net/xforce/xfdb/16229


29. Date Reported: 05/23/2004
Brief Description: Apache HTTP Server PHP denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Any operating system Any version, Apache HTTP
Server Any version
Vulnerability: apache-php-dos
X-Force URL: http://xforce.iss.net/xforce/xfdb/16230


30. Date Reported: 05/21/2004
Brief Description: e107 log.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, e107 Any version
Vulnerability: e107-log-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/16231


31. Date Reported: 05/22/2004
Brief Description: Liferay Enterprise Portal message cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Liferay
Enterprise Portal Any version
Vulnerability: liferay-message-xss
X-Force URL: http://xforce.iss.net/xforce/xfdb/16232

Security Focus


1. TurboTrafficTrader C Multiple Cross-Site Scripting and HTML ...
BugTraq ID: 10359
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10359
Summary:
It has been reported that TurboTrafficTrader C does not properly sanitize input received from users. It has been conjectured that this may allow a remote user to launch cross-site scripting and HTML injection attacks. The cross-site scripting issues could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. The HTML injection issues could allow an attacker to post malicious HTML and script code that would then later be rendered in the web browser of further visitors to the affected site. These attacks would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. Other attacks are also possible.

2. WGet Insecure File Creation Race Condition Vulnerability
BugTraq ID: 10361
Remote: No
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10361
Summary:
wget has been reported prone to a race condition vulnerability. The issue exists because wget does not lock files that it creates and writes to during file downloads. A local attacker may exploit this condition to corrupt files with the privileges of the victim who is running the vulnerable version of wget.

3. PHP-Nuke Modpath Parameter Potential File Include Vulnerabil...
BugTraq ID: 10365
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10365
Summary:
PHP-Nuke is prone to a potential file include vulnerability. This issue could allow a remote attacker to include malicious files containing aribtrary code to be executed on a vulnerable system. This issue can be exploited via the 'modpath' parameter. If successful, the malicious script supplied by the attacker will be executed in the context of the web server hosting the vulnerable software.

4. PHP-Nuke Multiple Input Validation Vulnerabilities
BugTraq ID: 10367
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10367
Summary:
PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. An attacker can carry out cross-site scripting and path disclosure attacks.

5. LibUser Multiple Unspecified Vulnerabilities
BugTraq ID: 10368
Remote: Yes
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10368
Summary:
Libuser implements a standardized interface for manipulating and administering user and group accounts one Unix systems. It has been reported that several vulnerabilities exist in this
library. Attackers could possibly crash applications that are linked to this library, or possibly cause the applications to write 4GB files containing garbage to disk. These issues could possibly lead to a denial of service condition, causing legitimate users to be unable to access resources.

6. Mandrake Linux passwd Potential Vulnerabilities
BugTraq ID: 10370
Remote: Unknown
Date Published: May 17 2004
Relevant URL: http://www.securityfocus.com/bid/10370
Summary:
Two potential security issues reportedly affect the implementation of passwd included with Mandrake Linux, according to Mandrake advisory MDKSA-2004:045. According to the report, passwords supplied to passwd via stdin are incorrectly one character shorter than they should be. It is not known whether this behavior occurs at the interactive prompt or if the implementation allows for passwords to be "piped" to passwd through stdin. This may or may not have security implications as the user's password will not be stored correctly and the user will not be able to login. It is conceivable that this could result in a less secure password. The second issue reported by Mandrake is that PAM may not be initialized correctly and "safe and proper" operation may not be ensured. Further technical details are not known.

7. KDE Konqueror Embedded Image URI Obfuscation Weakness
BugTraq ID: 10383
Remote: Yes
Date Published: May 18 2004
Relevant URL: http://www.securityfocus.com/bid/10383
Summary:
It is reported that KDE Konqueror is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag. This weakness could be employed to trick a user into following a malicious link. An attacker can exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim is to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.

8. CVS Malformed Entry Modified and Unchanged Flag Insertion He...
BugTraq ID: 10384
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10384
Summary:
CVS is prone to a remote heap overflow vulnerability. This issue presents itself during the handling of user-supplied input for entry lines with 'modified' and 'unchanged' flags. This vulnerability can allow an attacker to overflow a vulnerable buffer on the heap, possibly leading to arbitrary code execution. CVS versions 1.11.15 and prior and CVS feature versions 1.12.7 and prior are prone to this issue.

9. Neon WebDAV Client Library ne_rfc1036_parse Function Heap Ov...
BugTraq ID: 10385
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10385
Summary:
Neon WebDAV client library is prone to a heap overflow vulnerability. This issue exists due to improper boundary checks performed on user-supplied data. Reportedly a malformed string value may cause a sscanf() string overflow into static heap variables. Neon 0.24.5 and prior are prone to this issue.

10. Subversion Date Parsing Function Buffer Overflow Vulnerabili...
BugTraq ID: 10386
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10386
Summary:
Subversion is prone to a buffer overflow vulnerability. This issue exists in one of the data parsing functions of the application. Specifically, Subversion calls an sscanf() function when converting data strings to different formats. This causes user-supplied data to be copied into an unspecified buffer without proper boundary checks performed by the application. Subversion versions 1.0.2 and prior are prone to this issue.

11. Netscape Navigator Embedded Image URI Obfuscation Weakness
BugTraq ID: 10389
Remote: Yes
Date Published: May 19 2004
Relevant URL: http://www.securityfocus.com/bid/10389
Summary:
It is reported that Netscape Navigator is prone to a URI obfuscation weakness that may hide the true contents of a URI link. The issue occurs when an image is contained within a properly formatted HREF tag. This weakness could be employed to trick a user into following a malicious link. An attacker can exploit this issue by supplying a malicious image that appears to be a URI link pointing to a page designed to mimic that of a trusted site. If an unsuspecting victim is to mouseover the link in an attempt to verify the authenticity of where it references, they may be deceived into believing that the link references the actual trusted site.

12. SquirrelMail Unspecified SQL Injection Vulnerability
BugTraq ID: 10397
Remote: Yes
Date Published: May 21 2004
Relevant URL: http://www.securityfocus.com/bid/10397
Summary:
Reportedly, SquirrelMail is prone to an unspecified SQL injection vulnerability. The vulnerability results from insufficient sanitization of user-supplied data. This issue may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the user password hashes or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation. Due to a lack of information, further details are not currently available. This BID will be updated as more information becomes available. SquirrelMail 1.4.2 and prior versions are affected by this issue.

Linux Advisory Watch


Distribution: Conectiva

5/25/2004 - libneon
Heap overflow vulnerability
libneon library which could be abused by remote WebDAV servers to
execute arbitrary code on the client accessing these servers.
http://www.linuxsecurity.com/advisor...sory-4397.html

5/27/2004 - mailman
Multiple vulnerabilities
Fixes cross site scripting and remote password retrieval
vulnerabilities, plus a denial of service.
http://www.linuxsecurity.com/advisor...sory-4409.html

5/27/2004 - kde
Insufficient input sanitation
The telnet, rlogin, ssh and mailto URI handlers in KDE do not
check for '-' at the beginning of the hostname passed.
http://www.linuxsecurity.com/advisor...sory-4410.html


Distribution: Debian

5/25/2004 - xpcd
Buffer overflow vulnerability
Bug allows copy of user-supplied data of arbitrary length into a
fixed-size buffer in the pcd_open function.
http://www.linuxsecurity.com/advisor...sory-4396.html


Distribution: Fedora

5/25/2004 - kdepim
Buffer overflow vulnerability
An attacker could construct a VCF file so that when it was opened
by a victim it would execute arbitrary commands.
http://www.linuxsecurity.com/advisor...sory-4394.html

5/25/2004 - httpd
Multiple vulnerabilities
Fixes an exploitable memory leak and escapable error-log output.
http://www.linuxsecurity.com/advisor...sory-4395.html


Distribution: FreeBSD

5/27/2004 - core:sys Buffer cache invalidation vulnerability
Multiple vulnerabilities
In some situations, a user with read access to a file may be able
to prevent changes to that file from being committed to disk.
http://www.linuxsecurity.com/advisor...sory-4408.html


Distribution: Gentoo

5/25/2004 - SquirrelMail
Cross-site scripting vulnerabilities
SquirrelMail is subject to several XSS and one SQL injection
vulnerability.
http://www.linuxsecurity.com/advisor...sory-4381.html

5/25/2004 - cvs
Heap overflow vulnerability
CVS is subject to a heap overflow vulnerability allowing source
repository compromise.
http://www.linuxsecurity.com/advisor...sory-4382.html

5/25/2004 - neon
Heap overflow vulnerability
A vulnerability potentially allowing remote execution of arbitrary
code has been discovered in the neon library.
http://www.linuxsecurity.com/advisor...sory-4383.html

5/25/2004 - Subversion
Format string vulnerability
There is a vulnerability in the Subversion date parsing code which
may lead to denial of service attacks, or execution of arbitrary
code.
http://www.linuxsecurity.com/advisor...sory-4384.html

5/25/2004 - cadaver
Heap overflow vulnerability
There is a heap-based buffer overflow, possibly leading to
execution of arbitrary code when connected to a malicious server.
http://www.linuxsecurity.com/advisor...sory-4385.html

5/25/2004 - metamail
Multiple vulnerabilities
Several format string bugs and buffer overflows were discovered in
metamail, potentially allowing execution of arbitrary code
remotely.
http://www.linuxsecurity.com/advisor...sory-4386.html

5/25/2004 - Firebird
Buffer overflow vulnerability
A buffer overflow may allow a local user to manipulate or destroy
local databases and trojan the Firebird binaries.
http://www.linuxsecurity.com/advisor...sory-4387.html

5/25/2004 - Opera
Insufficient input sanitation
A vulnerability exists in Opera's telnet URI handler that may
allow a remote attacker to overwrite arbitrary files.
http://www.linuxsecurity.com/advisor...sory-4388.html

5/27/2004 - MySQL
Symlink vulnerability
Two MySQL utilities create temporary files with hardcoded paths,
allowing an attacker to use a symlink to trick MySQL into
overwriting important data.
http://www.linuxsecurity.com/advisor...sory-4404.html

5/27/2004 - mc
Multiple vulnerabilities
Multiple security issues have been discovered in Midnight
Commander including several buffer overflows and string format
vulnerabilities.
http://www.linuxsecurity.com/advisor...sory-4405.html

5/27/2004 - Apache
1.3 Multiple vulnerabilities
Several security vulnerabilites have been fixed in the latest
release of Apache 1.3.
http://www.linuxsecurity.com/advisor...sory-4406.html

5/27/2004 - Heimdal
Buffer overflow vulnerability
A possible buffer overflow in the Kerberos 4 component of Heimdal
has been discovered.
http://www.linuxsecurity.com/advisor...sory-4407.html


Distribution: Mandrake

5/25/2004 - apache-mod_perl Multiple vulnerabilities
Buffer overflow vulnerability
Four security vulnerabilities were fixed with the 1.3.31 release
of Apache. All of these issues have been backported and applied
to the provided packages.
http://www.linuxsecurity.com/advisor...sory-4392.html

5/25/2004 - kernel
2.6 Multiple vulnerabilities
Several kernel 2.6 vulnerabilities have been fixed in this update.
http://www.linuxsecurity.com/advisor...sory-4393.html

5/27/2004 - mailman
Password leak vulnerability
Mailman versions >= 2.1 have an issue where 3rd parties can
retrieve member passwords from the server.
http://www.linuxsecurity.com/advisor...sory-4402.html

5/27/2004 - kolab-server Plain text passwords
Password leak vulnerability
The affected versions store OpenLDAP passwords in plain text.
http://www.linuxsecurity.com/advisor...sory-4403.html


Distribution: OpenBSD

5/25/2004 - cvs
Heap overflow vulnerability
Malignant clients can run arbitrary code on CVS servers.
http://www.linuxsecurity.com/advisor...sory-4391.html


Distribution: Red Hat

5/27/2004 - utempter
Symlink vulnerability
An updated utempter package that fixes a potential symlink
vulnerability is now available.
http://www.linuxsecurity.com/advisor...sory-4399.html

5/27/2004 - LHA
Multiple vulnerabilities
Ulf Harnhammar discovered two stack buffer overflows and two
directory traversal flaws in LHA.
http://www.linuxsecurity.com/advisor...sory-4400.html

5/27/2004 - tcpdump,libpcap,arpwatch Denial of service vulnerability
Multiple vulnerabilities
Upon receiving specially crafted ISAKMP packets, TCPDUMP would
crash.
http://www.linuxsecurity.com/advisor...sory-4401.html


Distribution: Slackware

5/25/2004 - cvs
Heap overflow vulnerability
Carefully crafted server requests to run arbitrary programs on the
CVS server machine.
http://www.linuxsecurity.com/advisor...sory-4390.html


Distribution: SuSE

5/27/2004 - kdelibs/kdelibs3 Insufficient input sanitation
Heap overflow vulnerability
The URI handler of the kdelibs3 and kdelibs class library contains
a flaw which allows remote attackers to create arbitrary files as
the user utilizing the kdelibs3/kdelibs package.
http://www.linuxsecurity.com/advisor...sory-4398.html


Distribution: Turbolinux

5/25/2004 - kernel
Multiple vulnerabilities
The vulnerabilities may allow an attacker to cause a denial of
service to the kernel and gain sensitive information from your
system.
http://www.linuxsecurity.com/advisor...sory-4389.html

WARN: Remote Root Exploit in SuSE 9.1 Live CD

It has recently been identified that SuSE 9.1 Live edition (a bootable CD-ROM edition) allows passwordless remote root logins via ssh due to a configuration error. This includes the Live CD that is included with SuSE 9.1 Personal Edition.

All SuSE 9.1 Live users should see the full advisory for a temporary work around as well as a URL for the fixed version.

http://www.suse.com/de/security/2004_11_live_cd_91.html