Showing all newswire headlines

Steve Kemp discovered a buffer overflow in marbles, when processing the HOME environment variable. This vulnerability could be exploited by a local user to gain gid 'games'.

Upgraded WU-FTPD packages are available for Slackware 9.0 and - -current. These fix a problem where an attacker could use a specially crafted filename in conjunction with WU-FTPD's conversion feature (mostly used to compress files, or produce tar archives) to execute arbitrary commands on the server.

Upgraded ProFTPD packages are available for Slackware 8.1, 9.0 and - -current. These fix a security issue where an attacker could gain a root shell by downloading a specially crafted file.

Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1, 9.0 and -current. This fixes security problems with PAM authentication. It also includes several code cleanups from Solar Designer.

Updated Perl packages that fix a security issue in Safe.pm and a cross-site scripting (XSS) vulnerability in CGI.pm are now available.

Updated Apache and mod_ssl packages that fix several minor security issues are now available for Red Hat Linux 7.1, 7.2, and 7.3.

This advisory is an addition to the earlier DSA-383-1 advisory: Solar Designer found four more bugs in OpenSSH that may be exploitable.

This advisory is an addition to the earlier DSA-382-1 and DSA-382-3 advisories: Solar Designer found four more bugs in OpenSSH that may be exploitable.

ipmasq is a package which simplifies configuration of Linux IP masquerading, a form of network address translation which allows a number of hosts to share a single public IP address. Due to use of certain improper filtering rules, traffic arriving on the external interface addressed for an internal host would be forwarded, regardless of whether it was associated with an established connection. This vulnerability could be exploited by an attacker capable of forwarding IP traffic with an arbitrary destination address to the external interface of a system with ipmasq installed.

sendmail is the most widely used mail transport agent (MTA) in the internet. A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SuSE products. These versions include sendmail-8.11 and sendmail-8.12 releases. sendmail is the MTA subsystem that is installed by default on all SuSE products up to and including SuSE Linux 8.0 and the SuSE Linux Enterprise Server 7.

Two vulnerabilities were discovered in kdebase:

A buffer overflow was discovered in MySQL that could be executed by any user with "ALTER TABLE" privileges on the "mysql" database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The "mysql" database is used by MySQL for internal record keeping and by default only the "root" user, or MySQL administrative account, has permission to alter its tables.

Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash due to a null pointer dereference in the GtkHTML library, versions prior to 1.1.0.

gopherd, a gopher server from the University of Minnesota, contains a number of buffer overflows which could be exploited by a remote attacker to execute arbitrary code with the privileges of the gopherd process (the "gopher" user by default).

The SuSE security team discovered during an audit that the Mail::Mailer module, a Perl module used for sending email, whereby potentially untrusted input is passed to a program such as mailx, which may interpret certain escape sequences as commands to be executed.

Jens Steube reported a pair of buffer overflow vulnerabilities in hztty, a program to translate Chinese character encodings in a terminal session. These vulnerabilities could be exploited by a local attacker to gain root privileges on a system where hztty is installed.

The openssh package is the most widely used implementation of the secure shell protocol family (ssh). It provides a set of network connectivity tools for remote (shell) login, designed to substitute the traditional BSD-style r-protocols (rsh, rlogin). openssh has various authentification mechanisms and many other features such as TCP connection and X11 display forwarding over the fully encrypted network connection as well as file transfer facilities.

A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CAN-2003-0694).

Two vulnerabilities were reported in sendmail.

Updated Sendmail packages that fix a potentially-exploitable vulnerability are now available.