Red Hat has released updated glibc packages for Red Hat Linux 6.2 - 8.0
A new security update for Debian GNU/Linux is available
DSA-264-1 lxr -- missing filename sanitizing
Upstream developers of lxr, a general hypertext cross-referencing tool, have been alerted of a vulnerability that allows a remote attacker to read arbitrary files on the host system as user www-data. This could disclose local files that were not meant to be shared with the public.
For the stable distribution (woody) this problem has been fixed in version 0.3-3.
The old stable distribution (potato) is not affected since it does not contain an lxr package.
For the unstable distribution (sid) this problem has been fixed in version 0.3-4.
Read more
DSA-264-1 lxr -- missing filename sanitizing
Upstream developers of lxr, a general hypertext cross-referencing tool, have been alerted of a vulnerability that allows a remote attacker to read arbitrary files on the host system as user www-data. This could disclose local files that were not meant to be shared with the public.
For the stable distribution (woody) this problem has been fixed in version 0.3-3.
The old stable distribution (potato) is not affected since it does not contain an lxr package.
For the unstable distribution (sid) this problem has been fixed in version 0.3-4.
Read more
MandrakeSoft has released zlib update for Mandrake Linux 7.2 - 9.0
Red Hat has released updated samba packages for Red Hat Linux 7.2 - 8.0
A new security update for Debian GNU/Linux has been released
DSA-263-1 netpbm-free -- math overflow errors
Al Viro and Alan Cox discovered several maths overflow errors in NetPBM, a set of graphics conversion tools. These programs are not installed setuid root but are often installed to prepare data for processing. These vulnerabilities may allow remote attackers to cause a denial of service or execute arbitrary code.
For the stable distribution (woody) this problem has been fixed in version 9.20-8.2.
The old stable distribution (potato) does not seem to be affected by this problem.
For the unstable distribution (sid) this problem has been fixed in version 9.20-9.
Read more
DSA-263-1 netpbm-free -- math overflow errors
Al Viro and Alan Cox discovered several maths overflow errors in NetPBM, a set of graphics conversion tools. These programs are not installed setuid root but are often installed to prepare data for processing. These vulnerabilities may allow remote attackers to cause a denial of service or execute arbitrary code.
For the stable distribution (woody) this problem has been fixed in version 9.20-8.2.
The old stable distribution (potato) does not seem to be affected by this problem.
For the unstable distribution (sid) this problem has been fixed in version 9.20-9.
Read more
A security update for qpopper under Gentoo Linux is out
Red Hat has release the following security updates for Red Hat Linux:
Updated rxvt packages fix various vulnerabilites
Updated rxvt packages are available which fix a number of vulnerabilities in the handling of escape sequences.
Read more
Updated 2.4 kernel fixes vulnerability
Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now available. These packages fix a ptrace-related vulnerability that can lead to elevated (root) privileges.
Read more
Updated rxvt packages fix various vulnerabilites
Updated rxvt packages are available which fix a number of vulnerabilities in the handling of escape sequences.
Read more
Updated 2.4 kernel fixes vulnerability
Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now available. These packages fix a ptrace-related vulnerability that can lead to elevated (root) privileges.
Read more
A new security update for Gentoo Linux is out
PACKAGE : samba
The SuSE security audit team, in particular Sebastian Krahmer , has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server.
Read more
PACKAGE : samba
The SuSE security audit team, in particular Sebastian Krahmer , has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server.
Read more
An updated Gnome-lokkit package for Red Hat Linux 8.0 has been released
A new secuity update for Samba under Debian GNU/Linux 3.0 has been released
MandrakeSoft has released a samba update for Mandrake Linux
Thanks Toby. From the Samba website:
(14th Mar, 2003) Security Release - Samba 2.2.8
A flaw has been detected in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a serious problem and all sites should either upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139 and 445.
Read more
(14th Mar, 2003) Security Release - Samba 2.2.8
A flaw has been detected in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a serious problem and all sites should either upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139 and 445.
Read more
A new security update for Debian GNU/Linux has been released
DSA-261-1 tcpdump -- infinite loop
DSA-261-1 tcpdump -- infinite loop
Two new security updates for Debian GNU/Linux has been released:
DSA-259-1 qpopper -- mail user privilege escalation
Florian Heinz heinz@cronon-ag.de posted to the Bugtraq mailing list an exploit for qpopper based on a bug in the included vsnprintf implementation. The sample exploit requires a valid user account and password, and overflows a string in the pop_msg() function to give the user "mail" group privileges and a shell on the system. Since the Qvsnprintf function is used elsewhere in qpopper, additional exploits may be possible.
The qpopper package in Debian 2.2 (potato) does not include the vulnerable snprintf implementation. For Debian 3.0 (woody) an updated package is available in version 4.0.4-2.woody.3. Users running an unreleased version of Debian should upgrade to 4.0.4-9 or newer. We recommend you upgrade your qpopper package immediately.
Read more
DSA-260-1 file -- buffer overflow
iDEFENSE discovered a buffer overflow vulnerability in the ELF format parsing of the "file" command, one which can be used to execute arbitrary code with the privileges of the user running the command. The vulnerability can be exploited by crafting a special ELF binary which is then input to file. This could be accomplished by leaving the binary on the file system and waiting for someone to use file to identify it, or by passing it to a service that uses file to classify input. (For example, some printer filters run file to determine how to process input going to a printer.)
Fixed packages are available in version 3.28-1.potato.1 for Debian 2.2 (potato) and version 3.37-3.1.woody.1 for Debian 3.0 (woody). We recommend you upgrade your file package immediately.
Read more
DSA-259-1 qpopper -- mail user privilege escalation
Florian Heinz heinz@cronon-ag.de posted to the Bugtraq mailing list an exploit for qpopper based on a bug in the included vsnprintf implementation. The sample exploit requires a valid user account and password, and overflows a string in the pop_msg() function to give the user "mail" group privileges and a shell on the system. Since the Qvsnprintf function is used elsewhere in qpopper, additional exploits may be possible.
The qpopper package in Debian 2.2 (potato) does not include the vulnerable snprintf implementation. For Debian 3.0 (woody) an updated package is available in version 4.0.4-2.woody.3. Users running an unreleased version of Debian should upgrade to 4.0.4-9 or newer. We recommend you upgrade your qpopper package immediately.
Read more
DSA-260-1 file -- buffer overflow
iDEFENSE discovered a buffer overflow vulnerability in the ELF format parsing of the "file" command, one which can be used to execute arbitrary code with the privileges of the user running the command. The vulnerability can be exploited by crafting a special ELF binary which is then input to file. This could be accomplished by leaving the binary on the file system and waiting for someone to use file to identify it, or by passing it to a service that uses file to classify input. (For example, some printer filters run file to determine how to process input going to a printer.)
Fixed packages are available in version 3.28-1.potato.1 for Debian 2.2 (potato) and version 3.37-3.1.woody.1 for Debian 3.0 (woody). We recommend you upgrade your file package immediately.
Read more
MandrakeSoft has released updated usermode packages for Mandrake Linux
The following new security updates for Gentoo Linux are available:
PACKAGE : mysqlcc
Versions prior to 0.8.9 had all configuration and connection files world readable.
Read more
PACKAGE : netscape-flash
The cumulative security patch is available today and addresses the potential for exploits surrounding buffer overflows (read/write) and sandbox integrity within the player, which might allow malicious users to gain access to a user's computer.
Read more
PACKAGE : ethereal
The SOCKS dissector in Ethereal 0.9.9 is susceptible to a format string overflow.
Read more
PACKAGE : mysqlcc
Versions prior to 0.8.9 had all configuration and connection files world readable.
Read more
PACKAGE : netscape-flash
The cumulative security patch is available today and addresses the potential for exploits surrounding buffer overflows (read/write) and sandbox integrity within the player, which might allow malicious users to gain access to a user's computer.
Read more
PACKAGE : ethereal
The SOCKS dissector in Ethereal 0.9.9 is susceptible to a format string overflow.
Read more
A new security update for Debian GNU/Linux has been released:
DSA-258-1 ethereal -- format string vulnerability
Georgi Guninski discovered a problem in ethereal, a network traffic analyzer. The program contains a format string vulnerability that could probably lead to execution of arbitrary code.
For the stable distribution (woody) this problem has been fixed in version 0.9.4-1woody3.
The old stable distribution (potato) does not seem to be affected by this problem.
For the unstable distribution (sid) this problem has been fixed in version 0.9.9-2.
Read more
DSA-258-1 ethereal -- format string vulnerability
Georgi Guninski discovered a problem in ethereal, a network traffic analyzer. The program contains a format string vulnerability that could probably lead to execution of arbitrary code.
For the stable distribution (woody) this problem has been fixed in version 0.9.4-1woody3.
The old stable distribution (potato) does not seem to be affected by this problem.
For the unstable distribution (sid) this problem has been fixed in version 0.9.9-2.
Read more
MandrakeSoft has released two security updates for Mandrake Linux
MDKSA-2003:029 : snort
A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable.
Read more
MDKSA-2003:030 : file
A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file.
Read more
MDKSA-2003:029 : snort
A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable.
Read more
MDKSA-2003:030 : file
A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file.
Read more
