A critical flaw in Sendmail, the Internet's most popular e-mail server, has become the first test for the newly minted Department of Homeland Security and its cyberdefense arm.
Read more
Read more
WEBpplance.info has published an inofficial sendmail update for Ensim WEBpplance 3.1
PkgMaster has released a Sendmail update for Cobalt RaQ4 servers.
MandrakeSoft has released two new updates for Mandrake Linux:
MDKSA-2003:028 : sendmail
MDKSA-2003:028 : sendmail
Two security patches for Debian GNU/Linux has been released:
DSA-255-1 tcpdump -- infinite loop
Andrew Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a powerful tool for network monitoring and data acquisition. An attacker is able to send a specially crafted network packet which causes tcpdump to enter an infinite loop.
In addition to the above problem the tcpdump developers discovered a potential infinite loop when parsing malformed BGP packets. They also discovered a buffer overflow that can be exploited with certain malformed NFS packets.
For the stable distribution (woody) these problems have been fixed in version 3.6.2-2.3.
For the old stable distribution (potato) does not seem to be affected by this problem.
For the unstable distribution (sid) these problems have been fixed in version 3.7.1-1.2.
Read more
DSA-256-1 mhc -- insecure temporary file
DSA-255-1 tcpdump -- infinite loop
Andrew Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a powerful tool for network monitoring and data acquisition. An attacker is able to send a specially crafted network packet which causes tcpdump to enter an infinite loop.
In addition to the above problem the tcpdump developers discovered a potential infinite loop when parsing malformed BGP packets. They also discovered a buffer overflow that can be exploited with certain malformed NFS packets.
For the stable distribution (woody) these problems have been fixed in version 3.6.2-2.3.
For the old stable distribution (potato) does not seem to be affected by this problem.
For the unstable distribution (sid) these problems have been fixed in version 3.7.1-1.2.
Read more
DSA-256-1 mhc -- insecure temporary file
Ensim has released WEBppliance 3.1.6 LS for Linux
MandrakeSoft has released the following security updates for Mandrake Linux:
MDKSA-2003:026 : shadow-utils
MDKSA-2003:026 : shadow-utils
A new security update for Debian GNU/Linux is available:
DSA-254-1 traceroute-nanog -- buffer overflow
A vulnerability has been discovered in NANOG traceroute, an enhanced version of the Van Jacobson/BSD traceroute program. A buffer overflow occurs in the 'get_origin()' function. Due to insufficient bounds checking performed by the whois parser, it may be possible to corrupt memory on the system stack. This vulnerability can be exploited by a remote attacker to gain root privileges on a target host. Though, most probably not in Debian.
Read more
DSA-254-1 traceroute-nanog -- buffer overflow
A vulnerability has been discovered in NANOG traceroute, an enhanced version of the Van Jacobson/BSD traceroute program. A buffer overflow occurs in the 'get_origin()' function. Due to insufficient bounds checking performed by the whois parser, it may be possible to corrupt memory on the system stack. This vulnerability can be exploited by a remote attacker to gain root privileges on a target host. Though, most probably not in Debian.
Read more
vnc/tightvnc security updates are available for Gentoo Linux:
MandrakeSoft has released new security updates for Mandrake Linux:
MDKSA-2003:022 : vnc
A vulnerability was discovered in the VNC server script that generates an X cookie, used by X authentication. The script generated a cookie that was not strong enough and allow an attacker to more easily guess the authentication cookie, thus obtaining unauthorized access to the VNC server.
Read more
MDKSA-2003:023 : lynx
A vulnerability was discovered in lynx, a text-mode web browser. The HTTP queries that lynx constructs are from arguments on the command line or the $WWW_HOME environment variable, but lynx does not properly sanitize special characters such as carriage returns or linefeeds. Extra headers can be inserted into the request because of this, which can cause scripts that use lynx to fetch data from the wrong site from servers that use virtual hosting.
Read more
MDKSA-2003:024 : MNF8.2
The following packages are now available for Multi Network Firewall 8.2 and bring it up to the same errata level as Mandrake Linux 8.2 with all patches and updates available to date applied. In order to bring your MNF8.2 configuration up to date, you will have to follow a few steps.
Read more
MDKSA-2003:022 : vnc
A vulnerability was discovered in the VNC server script that generates an X cookie, used by X authentication. The script generated a cookie that was not strong enough and allow an attacker to more easily guess the authentication cookie, thus obtaining unauthorized access to the VNC server.
Read more
MDKSA-2003:023 : lynx
A vulnerability was discovered in lynx, a text-mode web browser. The HTTP queries that lynx constructs are from arguments on the command line or the $WWW_HOME environment variable, but lynx does not properly sanitize special characters such as carriage returns or linefeeds. Extra headers can be inserted into the request because of this, which can cause scripts that use lynx to fetch data from the wrong site from servers that use virtual hosting.
Read more
MDKSA-2003:024 : MNF8.2
The following packages are now available for Multi Network Firewall 8.2 and bring it up to the same errata level as Mandrake Linux 8.2 with all patches and updates available to date applied. In order to bring your MNF8.2 configuration up to date, you will have to follow a few steps.
Read more
Red Hat has released updated vte packages for Red Hat Linux 8.0
Counting viruses is simplistic, but there is evidence that Windows is becoming more resistent, and Linux is becoming more of a target
Read more
Read more
Two new security updates are available for Gentoo Linux:
usermin
usermin
A new OpenSSL update for Debian GNU/Linux has been released
MandrakeSoft S.A. has released three new security updates for Mandrake Linux:
MDKSA-2003:019 : php
A buffer overflow was discovered in the wordwrap() function in versions of PHP greater than 4.1.2 and less than 4.3.0. Under certain circumstances, this buffer overflow can be used to overwite heap memory and could potentially lead to remote system compromise.
Read more
MDKSA-2003:020 : openssl
In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a).
Read more
MDKSA-2003:021 : krb5
A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client.
Read more
MDKSA-2003:019 : php
A buffer overflow was discovered in the wordwrap() function in versions of PHP greater than 4.1.2 and less than 4.3.0. Under certain circumstances, this buffer overflow can be used to overwite heap memory and could potentially lead to remote system compromise.
Read more
MDKSA-2003:020 : openssl
In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a).
Read more
MDKSA-2003:021 : krb5
A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client.
Read more
A new security update for Debian GNU/Linux has been released
DSA-252-1 slocate -- buffer overflow
For the unstable distribution (sid) this problem has been fixed in version 2.7-1.
We recommend that you upgrade your slocate package immediately.
Read more
DSA-252-1 slocate -- buffer overflow
A problem has been discovered in slocate, a secure locate replacement. A buffer overflow in the setuid program slocate can be used to execute arbitrary code as superuser.The old stable distribution (potato) is not affected by this problem.
For the stable distribution (woody) this problem has been fixed in version 2.6-1.3.1.
For the unstable distribution (sid) this problem has been fixed in version 2.7-1.
We recommend that you upgrade your slocate package immediately.
Read more
Red Hat has released updated VNC packages for Red Hat Linux 7.0 - 8.0
New security updates for Gentoo Linux are available:
mod_php
PHP contains code for preventing direct access to the CGI binary with configure option "--enable-force-cgi-redirect" and php.ini option "cgi.force_redirect". In PHP 4.3.0 there is a bug which renders these options useless.
Read more
NetHack
Overflowing a buffer in nethack may lead to privelige escalation to games uid.
Read more
w3m
Hironori SAKAMOTO found another security vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag in img alt attribute, so malicious frame html may deceive you to access your local files, cookies and so on.
Read more
SYSLINUX
Security flaws have been found in the SYSLINUX installer when running
setuid root.
Read more
Mailmain
The email variable and the default error page in mailmain 2.1 contains cross site scripting vulnerabilities.
Read more
bitchx
A denial of service vulnerability exists in BitchX. Sending a malformed RPL_NAMREPLY numeric 353 causes BitchX to segfault.
Read more
mod_php
PHP contains code for preventing direct access to the CGI binary with configure option "--enable-force-cgi-redirect" and php.ini option "cgi.force_redirect". In PHP 4.3.0 there is a bug which renders these options useless.
Read more
NetHack
Overflowing a buffer in nethack may lead to privelige escalation to games uid.
Read more
w3m
Hironori SAKAMOTO found another security vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag in img alt attribute, so malicious frame html may deceive you to access your local files, cookies and so on.
Read more
SYSLINUX
Security flaws have been found in the SYSLINUX installer when running
setuid root.
Read more
Mailmain
The email variable and the default error page in mailmain 2.1 contains cross site scripting vulnerabilities.
Read more
bitchx
A denial of service vulnerability exists in BitchX. Sending a malformed RPL_NAMREPLY numeric 353 causes BitchX to segfault.
Read more
Red Hat has released updated shadow-utils packages for Red Hat Linux 7.2 - 8.0
SuSE has released two new security updates for SuSE Linux:
- mod_php4: remote system compromise
- imp: remote system compromise
- mod_php4: remote system compromise
- imp: remote system compromise
