Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7451 7452 7453 7454 7455 7456 7457 7458 7459 7460 7461 ... 7467 ) Next »
SuSE alert: bind8
bind-8.x in all versions of the SuSE distributions contain a bug in the transaction signature handling code that can allow to remotely over- flow a buffer and thereby execute arbitrary code as the user running the nameserver (this is user named by default on SuSE systems). In addition to this bug, another problem allows for a remote attacker to collect information about the running bind process (this has been found by Claudio Musmarra <a9605121@unet.univie.ac.at>). For more information on these bugs, please visit the CERT webpage at http://www.cert.org/advisories/CA-2001-02.html and the bind bugs webpage at http://www.isc.org/products/BIND/bind-security.html .
Red Hat alert: Updated inetd packages available for Red Hat Linux 6.2
The inetd server as shipped with Red Hat Linux 6.2 fails to close sockets
for internal services properly.
SuSE alert: kdesu
kdesu is a KDE frontend for su(1). When invoked it prompts for the root password and runs su(1). kdesu itself does not run setuid/setgid.
Red Hat alert: Updated bind packages available
Several security problems have been found in the bind 8.
Debian alert: New version of BIND 8 released
BIND 8 suffered from several buffer overflows. It is possible to
construct an inverse query that allows the stack to be read remotely
exposing environment variables. CERT has disclosed information about
these issues. A new upstream version fixes this. Due to the
complexity of BIND we have decided to make an exception to our rule by
releasin the new upstream source to our stable distribution.
Slackware alert: multiple vulnerabilities in bind 8.x
Multiple vulnerabilities exist in the versions of BIND found in Slackware
7.1 and -current. Users of BIND 8.x are urged to upgrade to 8.2.3 to fix
these problems. More information can be found on the BIND website:
Debian alert: New sparc packages of OpenSSH released
A former security upload of OpenSSH was linked against the wrong
version of libssl (providing an API to SSL), that version was not
available on sparc. This ought to fix a former upload that lacked
support for PAM which lead into people not being able to log in into
their server. This was only a problem on the sparc architecture.
Debian alert: New sparc packages of OpenSSH released
A former security upload of OpenSSH lacked support for PAM which lead
into people not being able to log in into their server. This was only
a problem on the sparc architecture.
Debian alert: New version of cron released
The FreeBSD team has found a bug in the way new crontabs were handled
which allowed malicious users to display arbitrary crontab files on
the local system. This only affects valid crontab files so can't be
used to get access to /etc/shadow or something. crontab files are not
especially secure anyway, as there are other ways they can leak. No
passwords or similar sensitive data should be in there.
Debian alert: New version of inn2 released
1. People at WireX have found several potential insecure uses of
temporary files in programs provided by INN2. Some of them only
lead to a vulnerability to symlink attacks if the temporary
directory was set to /tmp or /var/tmp, which is the case in many
installations, at least in Debian packages. An attacker could
overwrite any file owned by the news system administrator,
i.e. owned by news.news.
Debian alert: New version of exmh released
Former versions of the exmh program used /tmp for storing temporary
files. No checks were made to ensure that nobody placed a symlink
with the same name in /tmp in the meantime and thus was vulnerable to
a symlink attack. This could lead to a malicious local user being
able to overwrite any file writable by the user executing exmh.
Upstream developers have reported and fixed this. The exmh program
now use /tmp/login now unless TMPDIR or EXMHTMPDIR is set.
SuSE alert: shlibs/glibc
ld-linux.so.2, the dynamical linker, adds shared libraries to the memoryspace of a program to be started. Its flexibility allows for some environment variables to influence the linking process such as preloading shared libraries as well as defining the path in which the linker will search for the shared libraries. Special care must be exercised when runtime-linking setuid- or setgid-binaries: The runtime-linker must not link against user-specified libraries since the code therein would then run with the elevated privileges of the suid binary. The runtime-linker as used in the SuSE distributions ignores the content of the critical environment variables if the specified path begins with a slash ("/"), or if the library file name is not cached (eg it is contained in a path from /etc/ld.so.conf). However, Solar Designer has found out that even preloading glibc- native shared libraries can be dangerous: The code in the user-linked library is not aware of the fact that the binary runs with suid or sgid privileges. Using debugging features of the glibc (and possibly other features) it is possible for a local attacker to overwrite arbitrary files with the elevated privileges of the suid/sgid binary executed. This may lead to a local root compromise.
Debian alert: New version of Apache released
WireX have found some occurrences of insecure opening of temporary
files in htdigest and htpasswd. Both programs are not installed
setuid or setgid and thus the impact should be minimal. The Apache
group has released another security bugfix which fixes a vulnerability
in mod_rewrite which may result the remote attacker to access
arbitrary files on the web server.
Debian alert: New versions of PHP4 released
The Zend people have found a vulnerability in older versions of PHP4
(the original advisory speaks of 4.0.4 while the bugs are present in
4.0.3 as well). It is possible to specify PHP directives on a
per-directory basis which leads to a remote attacker crafting an HTTP
request that would cause the next page to be served with the wrong
values for these directives. Also even if PHP is installed, it can be
activated and deactivated on a per-directory or per-virtual host basis
using the "engine=on" or "engine=off" directive. This setting can be
leaked to other virtual hosts on the same machine, effectively
disabling PHP for those hosts and resulting in PHP source code being
sent to the client instead of being executed on the server.
Debian alert: New version of squid released
WireX discovered a potential temporary file race condition in the way
that squid sends out email messages notifying the administrator about
updating the program. This could lead to arbitrary files to get
overwritten. However the code would only be executed if running a
very bleeding edge release of squid, running a server whose time is
set some number of months in the past and squid is crashing. Read it
as hardly to exploit. This version also containes more upstream
bugfixes wrt. dots in hostnames and unproper HTML quoting.
Red Hat alert: New micq packages are available
New micq packages are available which fix a buffer overflow vulnerability.
Red Hat alert: Updated PHP packages available for Red Hat Linux 5.2, 6.x, and 7
Updated PHP packages are now available for Red Hat Linux 5.2, 6.x, and 7.
Red Hat alert: String format vulnerability in icecast
A remote vulnerablity allows execution of arbitrary code.
Debian alert: Correction: New version of wu-ftpd released
Security people at WireX have noticed a temp file creation bug and the
WU-FTPD development team has found a possible format string bug in
wu-ftpd. Both could be remotely exploited, though no such exploit
exists currently.
Debian alert: Correction: New version of wu-ftpd released
Security people at WireX have noticed a temp file creation bug and the
WU-FTPD development team has found a possible format string bug in
wu-ftpd. Both could be remotely exploited, though no such exploit
exists currently.
« Previous ( 1 ... 7451 7452 7453 7454 7455 7456 7457 7458 7459 7460 7461 ... 7467 ) Next »