"Lupper" takes advantage of vulnerabilities in Web server software to propagate and install a backdoor.
New worm targets Linux systems
New worm targets Linux systems
Cornell researchers discovered that the average domain name is directly served by only two owner-controlled Domain Name Servers, but indirectly dependent on 46 servers. Thus, they say, a domain name can often be stolen by hijacking the two servers of the 46 that are most poorly maintained
DNS' Biggest Threats: You, Me, and Them
DNS' Biggest Threats: You, Me, and Them
A vulnerability in the popular open-source intrusion detection software could let an outsider commandeer an affected system.
Networks at risk from Snort bug
Networks at risk from Snort bug
Email Battles send words that many Linux systems are at risk because of a LDAP security problem
OSNews reports that no Hyper Threading vulnerability is in Linux Kernel
Linux users who patched their systems for a serious security vulnerability in KDE last month will have to patch once again, due to errors in the original patch, according to the KDE project.
Read more
Read more
Servers running PHP are vulnerable to a number of serious security exploits, including some that could allow an attacker to execute malicious code, as well as denial-of-service exploits, according to the PHP Group.
Read more
Read more
New CUPS packages fix arbitrary code execution
--------------------------------------------------------------------------
Package : cupsys
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1125
Debian Bug : 286988
--------------------------------------------------------------------------
Problem:
An iDEFENSE security researcher discovered a buffer overflow in xpdf,the Portable Document Format (PDF) suite. Similar code is present in the PDF processing part of CUPS. A maliciously crafted PDF file could exploit this problem, leading to the execution of arbitrary code.
--------------------------------------------------------------------------
Package : cupsys
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1125
Debian Bug : 286988
--------------------------------------------------------------------------
Problem:
An iDEFENSE security researcher discovered a buffer overflow in xpdf,the Portable Document Format (PDF) suite. Similar code is present in the PDF processing part of CUPS. A maliciously crafted PDF file could exploit this problem, leading to the execution of arbitrary code.
New xpdf packages are available for Debian GNU/Linux
_______________________________________________________________________
Package : xpdf
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1125
Debian Bug : 286742 286983
_______________________________________________________________________
Problem:
An iDEFENSE security researcher discovered a buffer overflow in xpdf,the portable document format (PDF) suite. A maliciously crafted PDFfile could exploit this problem, resulting in the execution of arbitrarycode.
_______________________________________________________________________
Package : xpdf
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1125
Debian Bug : 286742 286983
_______________________________________________________________________
Problem:
An iDEFENSE security researcher discovered a buffer overflow in xpdf,the portable document format (PDF) suite. A maliciously crafted PDFfile could exploit this problem, resulting in the execution of arbitrarycode.
New perl packages are available for Debian GNU/Linux
_______________________________________________________________________
Package : perl
Vulnerability : insecure temporary files / directories
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0452 CAN-2004-0976
_______________________________________________________________________
Problem Description:
Several vulnerabilities have been discovered in Perl, the popular scripting language. The Common Vulnerabilities and Exposures project identifies the following problems:
_______________________________________________________________________
Package : perl
Vulnerability : insecure temporary files / directories
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0452 CAN-2004-0976
_______________________________________________________________________
Problem Description:
Several vulnerabilities have been discovered in Perl, the popular scripting language. The Common Vulnerabilities and Exposures project identifies the following problems:
A quick note that someone has posted a fake security advisory for Red Hat Linux on the GNOME announcement list:
Users of the increasingly popular, open-source MySQL database may be at risk from remote attacks due to a bug in phpMyAdmin, a widely used Web-based MySQL administration tool.
Read more
Read more
A libpng update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libpng: Numerous vulnerabilities
Date: August 05, 2004
Bugs: #59424
ID: 200408-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
libpng contains numerous vulnerabilities potentially allowing an attacker to perform a Denial of Service attack or even execute arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libpng: Numerous vulnerabilities
Date: August 05, 2004
Bugs: #59424
ID: 200408-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
libpng contains numerous vulnerabilities potentially allowing an attacker to perform a Denial of Service attack or even execute arbitrary code.
A libpng update is available for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libpng: Buffer overflow on row buffers
Date: July 08, 2004
Bugs: #56307
ID: 200407-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
libpng contains a buffer overflow vulnerability potentially allowing an attacker to perform a Denial of Service attack or even execute arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200407-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libpng: Buffer overflow on row buffers
Date: July 08, 2004
Bugs: #56307
ID: 200407-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
libpng contains a buffer overflow vulnerability potentially allowing an attacker to perform a Denial of Service attack or even execute arbitrary code.
______________________________________________________________________________ SUSE Security Announcement Package: kernel Announcement-ID: SUSE-SA:2004:020 Date: Tuesday, Jul 2nd 2004 18:00 MEST Affected products: 8.0, 8.1, 8.2, 9.0, 9.1 SUSE Linux Database Server, SUSE eMail Server III, 3.1 SUSE Linux Enterprise Server 7, 8 SUSE Linux Firewall on CD/Admin host SUSE Linux Connectivity Server SUSE Linux Office Server Vulnerability Type: local privilege escalation Severity (1-10): 6 SUSE default package: yes Cross References:=09CAN-2004-0495 =09=09=09=09CAN-2004-0496 =09=09=09=09CAN-2004-0497 =09=09=09=09CAN-2004-0535 =09=09=09=09CAN-2004-0626 Content of this advisory: 1) security vulnerability resolved: - chown: users can change the group affiliation of arbitrary files to the group they belong to - missing DAC check in chown(2): local privilege escalation - overflow with signals: local denial-of-service - pss, mpu401 sound driver: read/write to complete memory - airo driver: read/write to complete memory - ALSA: copy_from_user/copy_to_user confused - acpi_asus: read from random memory - decnet: write to memory without checking - e1000 driver: read complete memory problem description, discussion, solution and upgrade informatio n 2) pending vulnerabilities, solutions, workarounds: - icecast - sitecopy - cadaver - OpenOffice_org - tripwire - postgresql* - mod_proxy - freeswan - ipsec-tools - less - libpng - pavuk - XFree86* - kdebase3 3) standard appendix (further information) ______________________________________________________________________________
A young programmer found a new way to crash most Linux 2.4 or 2.6 distributions running on an x86 architecture, but a fix is being distributed.
Read more
Read more
SUSE has released an updated mc package for SUSE Linux
______________________________________________________________________________
SUSE Security Announcement
Package: mc
Announcement-ID: SuSE-SA:2004:012
Date: Friday, May 14th 2004 16:00 MEST
Affected products: 8.0, 8.1, 8.2, 9.0, 9.1
SuSE Linux Database Server,
SuSE eMail Server III, 3.1
SuSE Linux Enterprise Server 7, 8
SuSE Linux Firewall on CD/Admin host
SuSE Linux Connectivity Server
SuSE Linux Office Server
Vulnerability Type: local privilege escalation
Severity (1-10): 3
SUSE default package: yes
Cross References: CAN-2004-0226
CAN-2004-0231
CAN-2004-0232
Content of this advisory:
1) security vulnerability resolved:
- buffer overflows
- tmp file problems
- format string bugs
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds:
- sharutils
- apache2*
- xine*
- sysconfig
- clamav
- exim
- utempter
- busybox
- monit
- ethereal
- kphone
3) standard appendix (further information)
______________________________________________________________________________
______________________________________________________________________________
SUSE Security Announcement
Package: mc
Announcement-ID: SuSE-SA:2004:012
Date: Friday, May 14th 2004 16:00 MEST
Affected products: 8.0, 8.1, 8.2, 9.0, 9.1
SuSE Linux Database Server,
SuSE eMail Server III, 3.1
SuSE Linux Enterprise Server 7, 8
SuSE Linux Firewall on CD/Admin host
SuSE Linux Connectivity Server
SuSE Linux Office Server
Vulnerability Type: local privilege escalation
Severity (1-10): 3
SUSE default package: yes
Cross References: CAN-2004-0226
CAN-2004-0231
CAN-2004-0232
Content of this advisory:
1) security vulnerability resolved:
- buffer overflows
- tmp file problems
- format string bugs
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds:
- sharutils
- apache2*
- xine*
- sysconfig
- clamav
- exim
- utempter
- busybox
- monit
- ethereal
- kphone
3) standard appendix (further information)
______________________________________________________________________________
An exim-tls update has been released for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 502-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 11th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : exim-tls
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0399 CAN-2004-0400
Georgi Guninski discovered two stack-based buffer overflows in exim and exim-tls. They can not be exploited with the default configuration from the Debian system, though. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update:
CAN-2004-0399
When "sender_verify = true" is configured in exim.conf a buffer overflow can happen during verification of the sender. This problem is fixed in exim 4.
CAN-2004-0400
When headers_check_syntax is configured in exim.conf a buffer overflow can happen during the header check. This problem does also exist in exim 4.
For the stable distribution (woody) these problems have been fixed in version 3.35-3woody2.
The unstable distribution (sid) does not contain exim-tls anymore. The functionality has been incorporated in the main exim versions which have these problems fixed in version 3.36-11 for exim 3 and in version 4.33-1 for exim 4.
We recommend that you upgrade your exim-tls package.
---------------------------------------------------------------------------
Debian Security Advisory DSA 502-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
May 11th, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : exim-tls
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0399 CAN-2004-0400
Georgi Guninski discovered two stack-based buffer overflows in exim and exim-tls. They can not be exploited with the default configuration from the Debian system, though. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update:
CAN-2004-0399
When "sender_verify = true" is configured in exim.conf a buffer overflow can happen during verification of the sender. This problem is fixed in exim 4.
CAN-2004-0400
When headers_check_syntax is configured in exim.conf a buffer overflow can happen during the header check. This problem does also exist in exim 4.
For the stable distribution (woody) these problems have been fixed in version 3.35-3woody2.
The unstable distribution (sid) does not contain exim-tls anymore. The functionality has been incorporated in the main exim versions which have these problems fixed in version 3.36-11 for exim 3 and in version 4.33-1 for exim 4.
We recommend that you upgrade your exim-tls package.
A kernel update is available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: kernel
Advisory ID: MDKSA-2004:037
Date: April 27th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A vulnerability was found in the framebuffer driver of the 2.6 kernel. This is due to incorrect use of the fb_copy_cmap function. (CAN-2004-0229)
A vulnerability has been found in the Linux kernel in the ip_setsockopt() function code. There is an exploitable integer overflow inside the code handling the MCAST_MSFILTER socket option in the IP_MSFILTER_SIZE macro calculation. This issue is present in both 2.4 (2.4.25) and 2.6 kernels. (CAN-2004-0424)
There is a minor issue with the static buffer in 2.4 kernel's panic() function. Although it's a possibly buffer overflow, it most like not exploitable due to the nature of panic(). (CAN-2004-0394)
In do_fork(), if an error occurs after the mm_struct for the child has been allocated, it is never freed. The exit_mm() meant to free it increments the mm_count and this count is never decremented. (For a running process that is exitting, schedule() takes care this; however, the child process being cleaned up is not running.) In the CLONE_VM case, the parent's mm_struct will get an extra mm_count and so it will never be freed. This issue is present in both 2.4 and 2.6 kernels.
The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels.
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: kernel
Advisory ID: MDKSA-2004:037
Date: April 27th, 2004
Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A vulnerability was found in the framebuffer driver of the 2.6 kernel. This is due to incorrect use of the fb_copy_cmap function. (CAN-2004-0229)
A vulnerability has been found in the Linux kernel in the ip_setsockopt() function code. There is an exploitable integer overflow inside the code handling the MCAST_MSFILTER socket option in the IP_MSFILTER_SIZE macro calculation. This issue is present in both 2.4 (2.4.25) and 2.6 kernels. (CAN-2004-0424)
There is a minor issue with the static buffer in 2.4 kernel's panic() function. Although it's a possibly buffer overflow, it most like not exploitable due to the nature of panic(). (CAN-2004-0394)
In do_fork(), if an error occurs after the mm_struct for the child has been allocated, it is never freed. The exit_mm() meant to free it increments the mm_count and this count is never decremented. (For a running process that is exitting, schedule() takes care this; however, the child process being cleaned up is not running.) In the CLONE_VM case, the parent's mm_struct will get an extra mm_count and so it will never be freed. This issue is present in both 2.4 and 2.6 kernels.
The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels.
Thanks Vermyndax for this one:
