Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7418 7419 7420 7421 7422 7423 7424 7425 7426 7427 7428 ... 7440 ) Next »

SuSE alert: samba

  • Mailing list (Posted by dave on Jun 29, 2001 4:56 AM EDT)
  • Story Type: Security; Groups: SUSE
Michal Zalewski discovered that a remote attacker can write to files owned by root if the samba config file /etc/smb.conf contains the %m macro to specify the logfile for logging access to the samba server. The %m macro substitutes the NetBIOS name - improper validation of this name allows an attacker to write to any file in the system.

Red Hat alert: New Samba packages available for Red Hat Linux 5.2, 6.2, 7 and 7.1

  • Mailing list (Posted by dave on Jun 26, 2001 3:15 AM EDT)
  • Story Type: Security; Groups: Red Hat
New Samba packages are available for Red Hat Linux 5.2, 6.2, 7 and 7.1. These packages fix a security problem with remote clients giving special NetBIOS names to the server. It is recommended that all Samba users upgrade to the fixed packages. Please note that the packages for Red Hat Linux 6.2 require an updated logrotate package.

Debian alert: samba remote file append/creation problem

  • Mailing list (Posted by dave on Jun 23, 2001 7:08 AM EDT)
  • Story Type: Security; Groups: Debian
Michal Zalewski discovered that samba does not properly validate NetBIOS names from remote machines.

Red Hat alert: New updated XFree86 packages available

  • Mailing list (Posted by dave on Jun 22, 2001 1:35 PM EDT)
  • Story Type: Security; Groups: Red Hat
New updated XFree86 3.3.6 packages are available for Red Hat Linux 7.1, 7.0, and 6.2 which contain many security updates, bug fixes, and updated drivers for various different families of video hardware including: S3 Savage, S3 Trio64, S3 ViRGE, Intel i810/i815, ATI Rage Mobility Mach64, and numerous other driver fixes and improvements.

Red Hat alert: Kernel: FTP iptables vulnerability in 2.4 kernel and general bug fixes

  • Mailing list (Posted by dave on Jun 22, 2001 10:30 AM EDT)
  • Story Type: Security; Groups: Red Hat
A security hole has been found that does not affect the default configuration of Red Hat Linux, but it can affect some custom configurations of Red Hat Linux 7.1. The bug is specific to the Linux

Debian alert: two xinetd problems

  • Mailing list (Posted by dave on Jun 17, 2001 7:47 AM EDT)
  • Story Type: Security; Groups: Debian
zen-parse reported on bugtraq that there is a possible buffer overflow in the logging code from xinetd. This could be triggered by using a fake identd that returns special replies when xinetd does an ident request.

Debian alert: rxvt buffer overflow

  • Mailing list (Posted by dave on Jun 16, 2001 11:41 AM EDT)
  • Story Type: Security; Groups: Debian
Samuel Dralet reported on bugtraq that version 2.6.2 of rxvt (a VT102 terminal emulator for X) have a buffer overflow in the tt_printf() function. A local user could abuse this making rxvt print a special string using that function, for example by using the -T or -name command-line options. That string would cause a stack overflow and contain code which rxvt will execute.

Debian alert: multiple gnupg problems

  • Mailing list (Posted by dave on Jun 16, 2001 9:57 AM EDT)
  • Story Type: Security; Groups: Debian
The version of GnuPG (GNU Privacy Guard, an OpenPGP implementation) as distributed in Debian GNU/Linux 2.2 suffers from two problems:

Debian alert: fetchmail buffer overflow

  • Mailing list (Posted by dave on Jun 16, 2001 8:15 AM EDT)
  • Story Type: Security; Groups: Debian
Wolfram Kleff found a problem in fetchmail: it would crash when processing emails with extremely long headers. The problem was a buffer overflow in the header parser which could be exploited.

Red Hat alert: LPRng fails to drop supplemental group membership

  • Mailing list (Posted by dave on Jun 12, 2001 12:29 PM EDT)
  • Story Type: Security; Groups: Red Hat
When LPRng drops uid and gid, it fails to drop membership in its supplemental groups.

Debian alert: man-db symlink attack

  • Mailing list (Posted by dave on Jun 12, 2001 6:43 AM EDT)
  • Story Type: Security; Groups: Debian
Luki R. reported a bug in man-db: it did handle nested calls of drop_effective_privs() and regain_effective_privs() correctly which would cause it to regain privileges to early. This could be abused to make man create files as user man.

Debian alert: exim printf format attack

  • Mailing list (Posted by dave on Jun 9, 2001 3:46 PM EDT)
  • Story Type: Security; Groups: Debian
Megyer Laszlo found a printf format bug in the exim mail transfer agent. The code that checks the header syntax of an email logs an error without protecting itself against printf format attacks.

Red Hat alert: Updated GnuPG packages available

  • Mailing list (Posted by dave on Jun 7, 2001 12:04 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated GnuPG packages are now available for Red Hat Linux 6.2, 7, and 7.1. These updates include fixes for the recently-discovered format string vulnerability.

Red Hat alert: Updated ispell packages available for Red Hat Linux 5.2 and 6.2

  • Mailing list (Posted by dave on Jun 5, 2001 3:20 PM EDT)
  • Story Type: Security; Groups: Red Hat
The ispell program uses mktemp() to open temporary files - this makes it vulnerable to symlink attacks.

Red Hat alert: Updated xinetd package available for Red Hat Linux 7 and 7.1

  • Mailing list (Posted by dave on Jun 5, 2001 3:20 PM EDT)
  • Story Type: Security; Groups: Red Hat
Xinetd runs with umask 0 - this means that applications using the xinetd umask and not setting the permissions themselves (like swat from the samba package), will create world writable files.

Red Hat alert: Updated ispell packages available for Red Hat Linux 5.2 and 6.2

  • Mailing list (Posted by dave on Jun 5, 2001 3:20 PM EDT)
  • Story Type: Security; Groups: Red Hat
The ispell program uses mktemp() to open temporary files - this makes it vulnerable to symlink attacks.

SuSE alert: gpg/GnuPG

  • Mailing list (Posted by dave on Jun 3, 2001 4:23 AM EDT)
  • Story Type: Security; Groups: SUSE
GnuPG (the SuSE package is named "gpg") is a powerful encryption and signing program with a widespread usership in the free software world. It is designed to be a replacement for PGP and conforms to the OpenPGP standard.

SuSE alert: man

  • Mailing list (Posted by dave on May 29, 2001 10:46 AM EDT)
  • Story Type: Security; Groups: SUSE
Two vulnerabilities have been found in the man package that is installed by default in all SuSE Linux distributions. The first error is a format string bug in the error handling routine of the man command that can allow a local attacker to gain the privileges of the user "man" on SuSE Linux systems (the man command in /usr/bin is installed setuid man). After getting write access to the /usr/bin/man binary, an attacker can place a cuckook's egg into the executable, waiting for root to view manpages. The second problem is a segmentation fault that can be caused by the options "-S ::: foo" to the man command. On other Linux distributions, this problem has been found exploitable. On SuSE and Debian systems, the code responsible for the bug is different from the one found in other distributions and is not exploitable. We consider the existence of this bug a beauty flaw that will be fixed in future releases of the SuSE Linux distribution, but the fix was not included in the man packages that can be found on our ftp server. Since the error() format string bug was discovered earlier than we announced that the SuSE Linux distributions 6.0, 6.1 and 6.2 will be discontinued, we also provide fixed packages for the said distributions for the i386 Intel architecture. We strongly encourage our usership to upgrade their systems to a newer distribution. Both bugs are fixed in the upcoming release of SuSE Linux 7.2.

Red Hat alert: Updated man package fixing security problems available

  • Mailing list (Posted by dave on May 21, 2001 10:40 AM EDT)
  • Story Type: Security; Groups: Red Hat
A heap overrun exists in the man packages shipped with Red Hat Linux 5.x, 6.x and 7.0. Since man is setgid man, users could gain gid man privileges. Red Hat Linux 7.1 is not affected by this problem.

Red Hat alert: Updated mktemp packages available

  • Mailing list (Posted by dave on May 21, 2001 10:35 AM EDT)
  • Story Type: Security; Groups: Red Hat
The version of mktemp shipped with Red Hat Linux prior to version 7 does not support creating temporary directories.

« Previous ( 1 ... 7418 7419 7420 7421 7422 7423 7424 7425 7426 7427 7428 ... 7440 ) Next »