Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7457 7458 7459 7460 7461 7462 7463 7464 7465 ... 7466 ) Next »
Debian alert: New version of curl fixes buffer overflow (update)
The first release of this advisory listed a wrongly compiled curl
package for i386; this has been replaced with version 6.0-1.1.1 .
Debian alert: New version of curl fixes buffer overflow
The version of curl as distributed with Debian GNU/Linux 2.2 had a bug
in the error logging code: when it created an error message it failed to
check the size of the buffer allocated for storing the message. This
could be exploited by the remote machine by returning an invalid
response to a request from curl which overflows the error buffer and
trick curl into executing arbitrary code.
Debian alert: New versions of Debian traceroute packages
In versions of the traceroute package before 1.4a5-3, it is possible for a
local user to gain root access by exploiting an argument parsing error.
SuSE alert: cfengine
GNU cfengine is an abstract programming language for system administrators of large heterogeneous networks, used for maintenance and administration. Pekka Savola <pekkas@netcore.fi> has found several format string vulnerabilities in syslog() calls that can be abused to either make the cfengine program to segfault and die or to execute arbitrary commands as the user the cfengine process runs as (usually root).
SuSE alert: esound
esound, a daemon program for the Gnome desktop, is used for sound replay by various programs such as windowmanagers and other applications. The esound daemon creates a directory /tmp/.esd to host a unix domain socket. Upon startup, the daemon changes the modes of the socket, but a race condition allows an attacker to place a symlink into the directory to point to an arbitrary file belonging to the victim. By consequence, an attacker may be able to change the permissions of any file belonging to the victim. If the victim's userid is root, the attacker may be able to change the modes of any file in the system.
Red Hat alert: Updated gnorpm packages are available for Red Hat Linux 6.1, 6.2, and 7.0
A locally-exploitable security hole was found where a normal user could
trick root running GnoRPM into writing to arbitrary files due to a bug in
the gnorpm tmp file handling.
Debian alert: New versions of Boa packages available
In versions of boa before 0.94.8.3, it is possible to access files outside
of the server's document root by the use of properly constructed URL
requests.
Debian alert: Debian esound packages not affected by /tmp/.esd race condition
Linux-Mandrake has recently released a Security Advisory (MDKSA-2000:051)
covering a race condition in the esound. Debian is not affected by this bug;
the bug is specific to the unix domain socket support, which was turned off in
stable (2.2/potato) and unstable (woody) on February 16, 2000. Therefore
neither the current stable or unstable distribution of Debian is vulnerable
to this problem. Debian 2.1 (aka "slink") is also not vulnerable to this problem;
the version of esound in Debian 2.1 is 0.2.6, which predates the buggy unix domain
socket code.
Red Hat alert: Updated usermode packages available
Updated usermode packages are now available for Red Hat Linux 6.x and 7.
Red Hat alert: tmpwatch has a local denial of service and root exploit
tmpwatch as shipped in Red Hat Linux 6.1, 6.2, and 7.0 uses fork() to
recursively process subdirectories, enabling a local user to perform a
denial of service attack. Tmpwatch from Red Hat Linux 6.2 and 7.0 also
contains an option to allow it to use the fuser command to check for open
files before removal. It executed fuser in an insecure fashion, allowing a
local root exploit.
Red Hat alert: traceroute setuid root exploit with multiple -g options
a root exploit and several additional bugs in traceroute have been
corrected.
Red Hat alert: esound contains a race condition
Esound, the Gnome sound server, contains a race condition that a malicious
user could exploit to change permissions of any file owned by the esound
user.
Red Hat alert: lpr has a format string security bug, LPRng compat issues, and a race cond.
lpr has a format string security bug. It also mishandles any extension to
the lpd communication protocol, and assumes that the instructions contained
in the extension are a file it should try to print. It also has a race
condition in the handling of queue interactions that can cause the queue to
wedge.
Note: Packages indicated in revision -03 and earlier were not signed with
the Red Hat GPG key. This has been corrected.
Red Hat alert: lpr has a format string security bug, LPRng compat issues, and a race cond.
lpr has a format string security bug. It also mishandles any extension to
the lpd communication protocol, and assumes that the instructions contained
in the extension are a file it should try to print. It also has a race
condition in the handling of queue interactions that can cause the queue to
wedge.
Red Hat alert: LPRng contains a critical string format bug
LPRng has a string format bug in the use_syslog function which could lead
to root compromise.
Slackware alert: wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current
A vulnerability involving an input validation error in the "site exec"
command has recently been identified in the wu-ftpd program (CERT Advisory
CA-2000-13).
SuSE alert: Crypto packages for 7.0
Many customers have asked to publish the packages of the SuSE-7.0
distribution that are not included in the US version due to US crypto
regulations.
Debian alert: Security policy for Debian 2.1 (slink) (updated)
We value your input during this transitional phase. Please direct your
comments to feedback@security.debian.org
Red Hat alert: glint symlink vulnerability
glint blindly follows a symlink in /tmp, overwriting the target file, so it
can conceivably be used to destroy any file on the system.
SuSE alert: syslogd/klogd
The syslogd package consists of two daemons that are being launched upon system startup: klogd and syslogd. The former collects kernel messages and passes them on to the syslog(3) facility. syslogd will pick up the logging messages and write them to the logfiles as specified by the syslogd configuration file /etc/syslog.conf. Errors in both the klogd and the syslogd can cause both daemons do die when specially designed strings get passed to the kernel by the user, eg. with a malformed structure in a system call. These errors have been discovered by Jouko Pynnönen, Solar Designer, a fix for one of the bugs has been provided by Daniel Jacobowitz.
« Previous ( 1 ... 7457 7458 7459 7460 7461 7462 7463 7464 7465 ... 7466 ) Next »