Showing all newswire headlines

A number of vulnerabilities have been discovered in the Linux kernel.

iSEC Security Research reports that wu-ftpd contains an off-by-one bug in the fb_realpath function which could be exploited by a logged-in user (local or anonymous) to gain root privileges. A demonstration exploit is reportedly available.

A vulnerability was discovered by Janusz Niewiadomski and Wojciech Purczynski in the wu-ftpd FTP server package. They found an off-by- one bug in the fb_realpath() function which could be used by a remote attacker to obtain root privileges on the server. This bug can only be successfully accomplished by using wu-ftpd binaries compiled on Linux 2.0.x and later 2.4.x kernels because the 2.2.x and earlier 2.4.x kernels define PATH_MAX to be 4095 characters.

Janusz Niewiadomski and Wojciech Purczynski of iSEC Security Research have found a single byte buffer overflow in the Washington University ftp daemon (wuftpd), a widely used ftp server for Linux-like systems. It is yet unclear if this bug is (remotely) exploitable. Positive exploitability may result in a remote root compromise of a system running the wuftpd ftp daemon.

Updated wu-ftpd packages are now available that fix a remotely exploitable security issue.

Steve Kemp discovered two buffer overflows in xtokkaetama, a puzzle game, when processing the -display command line option and the XTOKKAETAMADIR environment variable. These vulnerabilities could be exploited by a local attacker to gain gid 'games'.

Larry Nguyen discovered a cross site scripting vulnerability in gallery, a web-based photo album written in php. This security flaw can allow a malicious user to craft a URL that executes Javascript code on your website.

Steve Kemp discovered a buffer overflow in xconq, in processing the USER environment variable. In the process of fixing this bug, a similar problem was discovered with the DISPLAY environment variable. This vulnerability could be exploited by a local attacker to gain gid 'games'.

Updated OpenSSH packages are now available. These updates close an information leak caused by sshd's interaction with the PAM system.

sup, a package used to maintain collections of files in identical versions across machines, fails to take appropriate security precautions when creating temporary files. A local attacker could exploit this vulnerability to overwrite arbitrary files with the privileges of the user running sup.

Updated stunnel packages are now available for Red Hat Linux 7.1, 7.2, 7.3, and 8.0. These updates correct a potential vulnerability in stunnel's signal handling.

Multiple vulnerabilities were discovered and fixed in the Linux kernel.

Updated semi packages that fix vulnerabilities in semi's temporary file handling are now available for Red Hat Linux 7.1, 7.2, and 7.3.

fdclone creates a temporary directory in /tmp as a workspace. However, if this directory already exists, the existing directory is used instead, regardless of its ownership or permissions. This would allow an attacker to gain access to fdclone's temporary files and their contents, or replace them with other files under the attacker's control.

A vulnerability in the mpg123 mp3 player could allow local and/or remote attackers to cause a DoS and possibly execute arbitrary code via an mp3 file with a zero bitrate, which causes a negative frame size.

Martyn Gilmore discovered flaws in various PDF viewers, including xpdf. An attacker could place malicious external hyperlinks in a document that, if followed, could execute arbitary shell commands with the privileges of the person viewing the PDF document. Update: New packages are available as the previous patches that had been applied did not correct all possible ways of exploiting this issue.

The advisory announced this morning (MDKSA-2003:077 for phpgroupware) contains an incorrect CVE name which referenced a mpg123 vulnerability.

Several vulnerabilities were discovered in all versions of phpgroupware prior to 0.9.14.006. This latest version fixes an exploitable condition in all versions that can be exploited remotely without authentication and can lead to arbitrary code execution on the web server. This vulnerability is being actively exploited.

Updated Mozilla packages fixing various bugs and security issues are now available. [Updated 18 July 2003] Our Mozilla packages were found to be incompatible with Galeon. Updated versions of Galeon are now included for Red Hat Linux 7.2, 7.3, and 8.0. In addition new builds of Mozilla for Red Hat Linux 8.0 are included as the previous packages were built with the wrong compiler.

Updated kernel packages are now available fixing several security vulnerabilities.