Showing all newswire headlines

openssh is an implementation of the secure shell protocol, available under the BSD license, primarily maintained by the OpenBSD Project.

If you are any setuid applications that use ncurses and its cursor movement functionality, local users may gain access to the program's privileges.

ghostscript uses temporary files to do some of its work. Unfortunately the method used to create those files wasn't secure: mktemp was used to create a name for a temporary file, but the file was not opened safely. A second problem is that during build the LD_RUN_PATH environment variable was set to the empty string, which causes the dynamic linker to look in the current directory for shared libraries.

A new modutils-

ghostscript makes use of mktemp instead of mkstemp to create temp files; and also uses improper LD_RUN_PATH values, causing it to search for libraries in the current directory.

Sebastian Krahmer raised an issue in modutils. In an ideal world modprobe should trust the kernel to only pass valid parameters to modprobe. However he has found at least one local root exploit because high level kernel code passed unverified parameters direct from the user to modprobe. So modprobe no longer trusts kernel input and switches to a safemode.

Guido Bakker has reported a local root vulnerability that can result in local users gaining root permission on a host running koules.sndsrv.linux using a buffer overflow.

Topi Miettinen audited elvis-tiny and raised an issue covering the use and creation of temporary files. Those files are created with a predictable pattern and O_EXCL flag is not used when opening. This makes users of elvis-tiny vulnerable to race conditions and/or data lossage.

The Debian GNU/Linux xmcd package has historically installed two setuid helpers for accessing cddb databases and SCSI cdrom drives. More recently, the package offered the administrator the chance to remove these setuid flags, but did so incorrectly.

The version of the ncurses display library shipped with Debian GNU/Linux 2.2 is vulnerable to several buffer overflows in the parsing of terminfo database files. This problem was discovered by Jouko Pynnönen <jouko@solutions.fi>. The problems are only exploitable in the presence of setuid binaries linked to ncurses which use these particular functions, including xmcd versions before 2.5pl1-7.1.

hacksware reported a buffer overflow in the AFS packet parsing code in ethereal. Gerald Combs then found more overflows in the netbios and ntp decoding logic as well. An attacker can exploit those overflows by sending carefully crafted packets to a network that is being monitored by ethereal.

When joe (Joe's Own Editor) dies due to a signal instead of a normal exit it saves a list of the files it is editing to a file called `DEADJOE' in its current directory. Unfortunately this wasn't done safely which made joe vulnerable to a symlink attack.

Updated openssh packages are now available for Red Hat Linux 7.

Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7.

During internal source code auditing by FreeBSD several buffer overflows were found which allow an attacker to make tcpdump crash by sending carefully crafted packets to a network that is being monitored with tcpdump.

Sebastian Krahmer found a problem in the modprobe utility that could be exploited by local users to run arbitrary commands as root if the machine is running a kernel with kmod enabled.

Mandrake has recently released a security advisory against CUPS raising two issues:

The version of Vixie Cron shipped with Debian GNU/Linux 2.2 is vulnerable to a local attack, discovered by Michal Zalewski. Several problems, including insecure permissions on temporary files and race conditions in their deletion, allowed attacks from a denial of service (preventing the editing of crontabs) to an escalation of priviledge (when another user edited their crontab).

The adv.fwd security advisory from OpenBSD reported a problem with openssh that Jacob Langseth <jwl@pobox.com> found: when the connection is established the remote ssh server can force the ssh client to enable agent and X11 forwarding.

A local root exploit in modutils has been fixed. 2000-11-17: New packages available for Red Hat Linux 6.2 to fix an error in the previous packages.