LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

LWN Weekly Edition

Front page
Security
Kernel development
Distributions
Development
Linux in the news
Announcements
Letters to the editor
->One big page

 

This page

Previous week
Following week

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security

Interview with Rootkit Hunter author Michael Boelen

September 29, 2004

This article was contributed by Joe Klemmer

One of the greatest joys we Linux users have is to say to our Windows-running friends, family and co-workers that we do not suffer from viruses like they do. However, the reality is that we aren't immune from being attacked. There are plenty of nasty things out there that would be happy to trash our systems. One of these nasty things is something called a rootkit. Rootkits allow a cracker to ensure future access to a compromised system while hiding the evidence from administrators and users; see LWN's look at the Adore rootkit for an example.

So how do you detect them? One way is to use the tool Rootkit Hunter. The following is an interview with the author of this utility, Michael Boelen.

Joe Klemmer: Tell us a bit about yourself. Who is Michael Boelen?

Michael Boelen: I'm a 22 years old guy, working for a small company (small webhosting, maintaining servers/services and application development). My task it to maintain the internal servers and perform administration for our customers. I live in The Netherlands at my parents. Computers are my hobby and my work, so I'm the author of Rootkit Hunter :-)

My main interests are networking, hardware, security and small application development. As many people, I like to read, but especially interested in computer related stuff.

JK: What led you into system security?

MB: It's a special part of computer services, which attracts me because it's never the same. It's a dynamic world inside the big computer world. Although a lot of companies aren't aware of the consequences of (a missing plan for) security, I think it's a very important part. That's why almost everyone in the computer world will use/need some security enhancements sooner or later. In my case, open relays, Trojans and viruses were the first signals to have a better look at security.

JK: What, specifically, are rootkits?

MB: Rootkits are often little packages with some binaries, some sources and an easy-to-use installer. These packages are being created to 'stay root' after a successful comprise of a host. The installer in these packages do check the host and replaces the default binaries with the one in the package. Most times these are binaries like 'ps', 'ls', 'top', 'netstat', where traces of the hacker/cracker/scriptkiddie are being filtered, with one purpose: hide evil processes, network connections etc.

Because rootkits are unwanted and difficult to find without good searching, automated tools are being created. Although an UNIX specialist is often able to find bad things better/quicker than automated tools, it can be a very valuable tool. Of course it is a nice addition to UNIX specialists, but also for average UNIX users which aren't able to find out with things of a UNIX system are good or evil (like hidden files, bad strings, not usual network ports etc).

JK: You've said elsewhere that you built rkhunter because you didn't find the existing tools to your liking. What was it about them that you felt needed changing?

MB: The lack of active development is the most important one. I won't say my tool is better than the others, but I try to maintain it as active as possible. When users come with (nice) new ideas, most times I try to implement it as soon as possible.

JK: Over the course of rkhunter's evolution, have you found anything interesting about root kits? Any similarities or differences? Are there any trends?

MB: Yes, a lot of interesting information. I also have a better idea now (since the development) why hackers/crackers/scriptkiddies use rootkits and what to do to detect them. The most difficult part is to maintain an utility which keeps smart enough to detect suspicious traces on a system.

Most tools use the same approach, so I tried to combine as many as possible ways to detect these suspicious traces. And although it gets better every release, a lot of things have to be done.

Rootkits don't have a 'normal' trend like viruses/worms have, because viruses aren't often used for a single person to achieve his goal (beside breaking up systems, sending spam or planting a trojan). In fact, some individuals create rootkits for their needs at the moment they need them. These custom made rootkits contain often simple things like IRC bots, backdoors and sniffers. Within the next few months, those things will be getting special attention from me and added to Rootkit Hunter. Rootkits won't quickly disappear, so the war isn't yet over.

JK: Do you know if rkhunter has had an impact on the root kit community? Are they now trying to design kits to work around rkhunter?

MB: I have really no idea, because most rootkits and backdoors are still being used by individuals and use private parts (although there are a lot of often used public tools). So I haven't seen any tools yet, which are build to hide for Rootkit Hunter. But I'll guess there will be variants already available.

JK: I would guess that the battle between the root kit "developers" and the security community is similar to the anti-virus wars. Is the bulk of your work spent in catching up to new root kits? Or are you in a position of developing preemptive technologies to head off the kit builders?

MB: On both ways, because maintaining a 'rootkit hunter' is almost similar to maintaining an anti-virus tool, with one exception, viruses aren't made to be hidden for the system (yet?). So anti-virus developers try to discover as quick as possible new (unknown) viruses. The approach on rootkits is a little bit different. It means also adding unknown rootkits, but more important, adding new ways to discover all kinds of hack traces.

JK: What do you see for the future of rkhunter? With the advent of SElinux will there still be a need for rkhunter and it's kind?

MB: I guess tools like this one, won't be quickly useless, because even if you have a secured system (like with SElinux and all other kernel and application improvements), it's always possible someone breaks your system. At that stage, tools like Rootkit Hunter (and the few others) can provide an administrator very useful information.

This interview gives me the opportunity to ask people an easy question: If you find something interesting for me, can you send it to me?

The question above gives an answer to your question, because although I can improve Rootkit Hunter a lot, I really need input from the users and the guys on the field. Rootkits, sniffers, ideas and even books are needed to keep on improving. Till now I have already got a lot of input, but I still need more information. So have a simple thought about the future: it only will be better, but only if I get support from the community!

Comments (3 posted)

New vulnerabilities

apache: protected pages vulnerability

Package(s):apache CVE #(s):CAN-2004-0811
Created:September 23, 2004 Updated:September 29, 2004
Description: Apache 2.0.51 may allow the viewing of protected pages because of a problem merging the Satisfy directive.
Alerts:
Gentoo 200409-33 2004-09-24
Trustix TSLSA-2004-0049 2004-09-23

Comments (none posted)

getmail: filesystem overwrite vulnerability

Package(s):getmail CVE #(s):CAN-2004-0880 CAN-2004-0881
Created:September 23, 2004 Updated:October 4, 2004
Description: Getmail has a vulnerability that may allow a local user to create or overwrite files in any directory on the system.
Alerts:
Slackware SSA:2004-278-01 2004-10-04
Debian DSA-553-1 2004-09-27
Gentoo 200409-32 2004-09-23

Comments (none posted)

jabberd: remote denial of service vulnerability

Package(s):jabberd CVE #(s):
Created:September 23, 2004 Updated:September 29, 2004
Description: Jabberd's XML parsing routines have a vulnerability that may be exploited to create a remote denial of service.
Alerts:
Gentoo 200409-31 2004-09-23

Comments (none posted)

sendmail: pre-set password

Package(s):sendmail CVE #(s):CAN-2004-0833
Created:September 27, 2004 Updated:September 29, 2004
Description: Hugo Espuny discovered a problem in sendmail, a commonly used program to deliver electronic mail. When installing "sasl-bin" to use sasl in connection with sendmail, the sendmail configuration script use fixed user/pass information to initialize the sasl database. Any spammer with Debian systems knowledge could utilize such a sendmail installation to relay spam.
Alerts:
Debian DSA-554-1 2004-09-27

Comments (none posted)

subversion: metadata information disclosure

Package(s):subversion CVE #(s):CAN-2004-0749
Created:September 23, 2004 Updated:November 4, 2004
Description: The subversion version control system has vulnerabilities in the handling of metadata such as log file entries related to using mod_authz_svn.
Alerts:
Conectiva CLA-2004:883 2004-11-04
Gentoo 200409-35 2004-09-29
Fedora FEDORA-2004-318 2004-09-23

Comments (none posted)

Updated vulnerabilities

Apache mod_proxy: denial of service

Package(s):apache CVE #(s):CAN-2004-0492
Created:June 11, 2004 Updated:October 14, 2004
Description: A buffer overflow vulnerability in the apache mod_proxy module can be exploited to create a denial of service.
Alerts:
Fedora-Legacy FLSA:1737 2004-10-13
Mandrake MDKSA-2004:065 2004-06-29
Debian DSA-525-1 2004-06-24
Gentoo 200406-16 2004-06-21
OpenPKG OpenPKG-SA-2004.029 2004-06-11

Comments (none posted)

apache2: stack-based buffer overflow in ssl_util.c

Package(s):apache2 CVE #(s):CAN-2004-0488
Created:June 1, 2004 Updated:October 14, 2004
Description: A stack-based buffer overflow exists in the ssl_util_uuencode_binary function in ssl_util.c in Apache. When mod_ssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN.
Alerts:
Fedora-Legacy FLSA:1888 2004-10-13
Debian DSA-532-2 2004-07-27
Debian DSA-532-1 2004-07-22
Red Hat RHSA-2004:245-01 2004-06-14
Gentoo 200406-05 2004-06-09
Slackware SSA:2004-154-01 2004-06-02
OpenPKG OpenPKG-SA-2004.026 2004-05-27
Trustix TSLSA-2004-0031 2004-06-02
Mandrake MDKSA-2004:054 2004-06-01
Mandrake MDKSA-2004:055 2004-06-01

Comments (none posted)

aspell: bounds checking problem

Package(s):aspell CVE #(s):CAN-2004-0548
Created:June 17, 2004 Updated:December 20, 2004
Description: Aspell's word-list-compress utility fails to properly check bounds when dealing with words that are more than 256 bytes long. This can lead to arbitrary code execution by an attacker.
Alerts:
Mandrake MDKSA-2004:153 2004-12-20
OpenPKG OpenPKG-SA-2004.042 2004-09-15
Gentoo 200406-14 2004-06-17

Comments (none posted)

cdrecord: failure to drop privilege

Package(s):cdrecord CVE #(s):CAN-2004-0806
Created:September 8, 2004 Updated:February 21, 2005
Description: The cdrecord utility, which is installed setuid on some distributions, fails to drop privilege before running a user-specified program.
Alerts:
Fedora-Legacy FLSA:2058 2005-02-20
Gentoo 200409-18 2004-09-14
Fedora FEDORA-2004-298 2004-09-09
Fedora FEDORA-2004-297 2004-09-09
Mandrake MDKSA-2004:091 2004-09-07

Comments (none posted)

cups: denial of service

Package(s):cups cupsys CVE #(s):CAN-2004-0558
Created:September 15, 2004 Updated:October 14, 2004
Description: Versions of cups prior to 1.1.21 contain a denial of service vulnerability in their IPP implementation. A malicious UDP packet can cause cups to stop listening to the IPP port.
Alerts:
Conectiva CLA-2004:872 2004-10-14
Fedora FEDORA-2004-275 2004-09-28
Slackware SSA:2004-266-01 2004-09-22
Whitebox WBSA-2004:449-01 2004-09-20
Gentoo 200409-25 2004-09-20
SuSE SUSE-SA:2004:031 2004-09-15
Red Hat RHSA-2004:449-01 2004-09-15
Mandrake MDKSA-2004:097 2004-09-15
Debian DSA-545-1 2004-09-15

Comments (none posted)

Filename disclosure vulnerability in fam

Package(s):fam CVE #(s):CAN-2002-0875
Created:August 19, 2002 Updated:January 5, 2005
Description: "fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible.
Alerts:
Red Hat RHSA-2005:005-01 2005-01-05
Debian DSA-154-1 2002-08-15

Comments (none posted)

flim: insecure file creation

Package(s):flim CVE #(s):CAN-2004-0422
Created:May 5, 2004 Updated:December 16, 2004
Description: The emacs "flim" mode creates temporary files in an insecure fashion, possibly allowing a local attacker to overwrite files.
Alerts:
Fedora FEDORA-2004-546 2004-12-15
Red Hat RHSA-2004:344-01 2004-08-18
Debian DSA-500-1 2004-05-01

Comments (none posted)

Foomatic: Arbitrary command execution in foomatic-rip

Package(s):foomatic CVE #(s):CAN-2004-0801
Created:September 20, 2004 Updated:May 31, 2006
Description: There is a vulnerability in the foomatic-filters package. This vulnerability is due to insufficient checking of command-line parameters and environment variables in the foomatic-rip filter. This vulnerability may allow both local and remote attackers to execute arbitrary commands on the print server with the permissions of the spooler.
Alerts:
SuSE SUSE-SA:2006:026 2006-05-30
Fedora-Legacy FLSA:2076 2004-11-05
Conectiva CLA-2004:880 2004-10-27
Fedora FEDORA-2004-303 2004-09-21
Gentoo 200409-24 2004-09-20

Comments (none posted)

FreeRADIUS: denial of service

Package(s):freeradius CVE #(s):CAN-2004-0938 CAN-2004-0960 CAN-2004-0961
Created:September 22, 2004 Updated:February 2, 2005
Description: FreeRADIUS (through version 1.0.1) suffers from several denial of service vulnerabilities in its packet reception code.
Alerts:
Fedora-Legacy FLSA:2187 2005-02-01
Red Hat RHSA-2004:609-01 2004-11-12
Gentoo 200409-29 2004-09-22

Comments (none posted)

Gaim: remote code execution vulnerability

Package(s):gaim CVE #(s):CAN-2004-0500
Created:August 12, 2004 Updated:October 18, 2004
Description: The Gaim IRC client (versions 0.81 and prior) has a remote code execution vulnerability in the MSN-protocol parsing functions.
Alerts:
Fedora-Legacy FLSA:1237 2004-10-16
Whitebox WBSA-2004:400-01 2004-09-20
Slackware SSA:2004-239-01 2004-08-26
Fedora FEDORA-2004-279 2004-08-26
Fedora FEDORA-2004-278 2004-08-26
Mandrake MDKSA-2004:081 2004-08-12
SuSE SUSE-SA:2004:025 2004-08-12
Gentoo 200408-12 2004-08-12

Comments (none posted)

gtk2, gdk-pixbuf: buffer overflows

Package(s):gdk-pixbuf gtk2 CVE #(s):CAN-2004-0753 CAN-2004-0782 CAN-2004-0783 CAN-2004-0788
Created:September 15, 2004 Updated:February 25, 2005
Description: The gdk-pixbuf and gtk2 libraries contain vulnerabilities in their handling of BMP and XPM files which can lead to denial of service and, potentially, code execution attacks.
Alerts:
Fedora-Legacy FLSA:2005 2005-02-23
Conectiva CLA-2004:875 2004-10-18
Slackware SSA:2004-266-02 2004-09-22
Gentoo 200409-28 2004-09-21
Mandrake MDKSA-2004:095-1 2004-09-17
SuSE SUSE-SA:2004:033 2004-09-17
Debian DSA-549-1 2004-09-17
Red Hat RHSA-2004:447-02 2004-09-15
Debian DSA-546-1 2004-09-16
Red Hat RHSA-2004:466-01 2004-09-15
Red Hat RHSA-2004:447-01 2004-09-15
Mandrake MDKSA-2004:095 2004-09-15
Fedora FEDORA-2004-289 2004-09-15
Fedora FEDORA-2004-288 2004-09-15
Fedora FEDORA-2004-287 2004-09-15
Fedora FEDORA-2004-286 2004-09-15

Comments (none posted)

glFTPd: Local buffer overflow vulnerability

Package(s):glFTPd CVE #(s):
Created:September 21, 2004 Updated:September 22, 2004
Description: The glFTPd server is vulnerable to a buffer overflow in the 'dupescan' program. This vulnerability is due to an unsafe strcpy() call which can cause the program to crash when a large argument is passed. A local user with malicious intent can pass a parameter to the dupescan program that exceeds the size of the buffer, causing it to overflow. This can lead the program to crash, and potentially allow arbitrary code execution with the permissions of the user running glFTPd, which could be the root user.
Alerts:
Gentoo 200409-27 2004-09-21

Comments (none posted)

glibc: Information leak with LD_DEBUG

Package(s):glibc CVE #(s):CAN-2004-1453
Created:August 17, 2004 Updated:May 26, 2005
Description: Silvio Cesare discovered a potential information leak in glibc. It allows LD_DEBUG on SUID binaries where it should not be allowed. This has various security implications, which may be used to gain confidential information. An attacker can gain the list of symbols a SUID application uses and their locations and can then use a trojaned library taking precedence over those symbols to gain information or perform further exploitation.
Alerts:
Red Hat RHSA-2005:256-01 2005-05-18
Gentoo 200408-16 2004-08-16

Comments (1 posted)

gnome-vfs: backend script vulnerabilities

Package(s):gnome-vfs CVE #(s):CAN-2004-0494
Created:August 4, 2004 Updated:February 21, 2005
Description: Several scripts packaged with gnome-vfs, using its "extfs" capability, have security flaws. These scripts tend not to be used on many systems, but their presence can still be a threat.
Alerts:
Fedora-Legacy FLSA:1944 2005-02-20
Whitebox WBSA-2004:373-01 2004-08-19
Red Hat RHSA-2004:373-01 2004-08-04

Comments (none posted)

gtkhtml: malformed messages cause crash

Package(s):gtkhtml CVE #(s):CAN-2003-0133 CAN-2003-0541
Created:April 14, 2003 Updated:April 18, 2005
Description: GtkHTML is the HTML rendering widget used by the Evolution mail reader.

GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug when handling HTML messages. Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash.

Alerts:
Debian DSA-710-1 2005-04-18
Mandrake MDKSA-2003:093 2003-09-18
Conectiva CLA-2003:737 2003-09-12
Red Hat RHSA-2003:264-01 2003-09-09
Mandrake MDKSA-2003:046 2003-04-15
Red Hat RHSA-2003:126-01 2003-04-14

Comments (none posted)

heimdal: root escalation

Package(s):heimdal CVE #(s):CAN-2004-0794
Created:September 16, 2004 Updated:September 22, 2004
Description: The Heimdal FTP daemon has several bugs that can allow a remote attacker to gain root privileges.
Alerts:
Debian DSA-551-1 2004-09-21
Gentoo 200409-19 2004-09-16

Comments (none posted)

httpd: mod_ssl input filter denial of service vulnerability

Package(s):httpd CVE #(s):CAN-2004-0748
Created:September 2, 2004 Updated:September 23, 2004
Description: Apache httpd has a denial of service vulnerability in mod_ssl in which an attacker can force an SSL connection to abort, resulting in the Apache child process entering an infinite loop. This affects httpd versions up to and including 2.0.50.
Alerts:
Fedora FEDORA-2004-313 2004-09-23
Conectiva CLA-2004:868 2004-09-23
SuSE SUSE-SA:2004:030 2004-09-06
Red Hat RHSA-2004:349-01 2004-09-01

Comments (none posted)

apache2: IPv6 denial of service

Package(s):httpd apache2 CVE #(s):CAN-2004-0747 CAN-2004-0751 CAN-2004-0786 CAN-2004-0809
Created:September 15, 2004 Updated:October 6, 2004
Description: Apache2 contains an integer error in the apr_uri_parse() function when handling IPv6 addresses. The result is a code execution vulnerability on BSD systems, and a denial of service vulnerability under Linux.
Alerts:
Debian DSA-558-1 2004-10-06
Trustix TSLSA-2004-0047 2004-09-16
Mandrake MDKSA-2004:096 2004-09-15
Gentoo 200409-21 2004-09-16
Fedora FEDORA-2004-308 2004-09-16
Fedora FEDORA-2004-307 2004-09-16
SuSE SUSE-SA:2004:032 2004-09-15
Red Hat RHSA-2004:463-01 2004-09-15

Comments (none posted)

imagemagick: buffer overflow vulnerability

Package(s):imagemagick CVE #(s):CAN-2004-0827
Created:September 16, 2004 Updated:November 30, 2004
Description: The ImageMagick graphics library has several buffer overflow vulnerabilities that allow an attacker to crash the reading process by creating mal-formed video or image files in the AVI, BMP, or DIB format.
Alerts:
Ubuntu USN-35-1 2004-11-30
Ubuntu USN-7-1 2004-10-27
Red Hat RHSA-2004:480-01 2004-10-20
Red Hat RHSA-2004:494-01 2004-10-20
Mandrake MDKSA-2004:102 2004-09-22
Debian DSA-547-1 2004-09-16

Comments (none posted)

imlib2: buffer overflows

Package(s):imlib2 CVE #(s):CAN-2004-0802 CAN-2004-0817
Created:September 8, 2004 Updated:October 26, 2005
Description: The imlib2 library contains buffer overflows in the BMP handling code.
Alerts:
Debian DSA-548-2 2005-10-26
Conectiva CLA-2004:870 2004-09-28
Debian DSA-552-1 2004-09-22
Debian DSA-548-1 2004-09-16
Red Hat RHSA-2004:465-01 2004-09-15
Gentoo 200409-12 2004-09-08
Fedora FEDORA-2004-301 2004-09-09
Fedora FEDORA-2004-300 2004-09-09
Mandrake MDKSA-2004:089 2004-09-07

Comments (none posted)

iproute: local denial of service

Package(s):iproute net-tools CVE #(s):CAN-2003-0856
Created:November 25, 2003 Updated:December 14, 2004
Description: The iproute utility is susceptible to spoofed netlink messages sent by local users, with the result that denial of service attacks are possible.
Alerts:
Mandrake MDKSA-2004:148 2004-12-13
Fedora FEDORA-2004-154 2004-06-03
Fedora FEDORA-2004-115 2004-05-11
Debian DSA-492-1 2004-04-18
Gentoo 200404-10 2004-04-09
Red Hat RHSA-2003:316-01 2003-11-24

Comments (none posted)

kdebase: multiple vulnerabilities

Package(s):kdebase CVE #(s):CAN-2004-0689 CAN-2004-0690 CAN-2004-0721 CAN-2004-0746
Created:August 12, 2004 Updated:October 4, 2004
Description: Three separate vulnerabilities have been identified in the KDE 3.2 "kdebase" package; see this advisory for details. These problems include two temporary file vulnerabilities and a "frame injection" problem in konqueror which could help with phishing attacks. In a fourth vulnerability, described here, Konqueror allows websites to set cookies for certain country specific secondary top level domains.
Alerts:
Red Hat RHSA-2004:412-01 2004-10-04
Conectiva CLA-2004:864 2004-09-13
Fedora FEDORA-2004-293 2004-09-08
Fedora FEDORA-2004-292 2004-09-08
Fedora FEDORA-2004-291 2004-09-08
Fedora FEDORA-2004-290 2004-09-08
Slackware SSA:2004-247-01 2004-09-03
Mandrake MDKSA-2004:086 2004-08-20
Debian DSA-539-1 2004-08-17
Gentoo 200408-13 2004-08-12

Comments (none posted)

kernel allows unauthorized changes to the group ID

Package(s):kernel CVE #(s):CAN-2004-0497
Created:July 2, 2004 Updated:September 27, 2004
Description: During an audit of the Linux kernel, SUSE discovered a flaw that allowed a user to make unauthorized changes to the group ID of files in certain circumstances - such as when the files are exported via NFS.
Alerts:
Conectiva CLA-2004:869 2004-09-27
Gentoo 200407-16 2004-07-22
Whitebox WBSA-2004:360-01 2004-07-07
Mandrake MDKSA-2004:066 2004-07-06
SuSE SUSE-SA:2004:020 2004-07-02
Fedora FEDORA-2004-206 2004-07-02
Fedora FEDORA-2004-205 2004-07-02
Red Hat RHSA-2004:354-01 2004-07-02
Red Hat RHSA-2004:360-01 2004-07-02

Comments (none posted)

kernel information leak

Package(s):kernel CVE #(s):CAN-2004-0415
Created:August 3, 2004 Updated:October 26, 2004
Description: Paul Starzetz discovered flaws in the Linux kernel when handling file offset pointers. These consist of invalid conversions of 64 to 32-bit file offset pointers and possible race conditions. A local unprivileged user could make use of these flaws to access large portions of kernel memory. Note that this vulnerability affects all 2.4 kernels through 2.4.26 and 2.6 kernels through 2.6.7.

A fix for this problem was added to the fifth 2.4.27 release candidate.

Alerts:
Conectiva CLA-2004:879 2004-10-26
Fedora-Legacy FLSA:1804 2004-10-18
Mandrake MDKSA-2004:087 2004-08-26
Gentoo 200408-24 2004-08-25
Whitebox WBSA-2004:413-01 2004-08-19
Red Hat RHSA-2004:327-01 2004-08-18
Fedora FEDORA-2004-251 2004-08-10
Trustix TSLSA-2004-0041 2004-08-09
SuSE SUSE-SA:2004:024 2004-08-09
Red Hat RHSA-2004:413-01 2004-08-03
Red Hat RHSA-2004:418-01 2004-08-03
Fedora FEDORA-2004-247 2004-08-03

Comments (none posted)

kernel-utils: setuid vulnerability

Package(s):kernel-utils CVE #(s):CAN-2003-0019
Created:February 7, 2003 Updated:January 21, 2005
Description: The kernel-utils package contains several utilities that can be used to control the kernel or machine hardware. In Red Hat Linux 8.0 this package contains user mode linux (UML) utilities.

The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was incorrectly shipped setuid root. This could allow local users to control certain network interfaces, add and remove arp entries and routes, and put interfaces in and out of promiscuous mode.

All users of the kernel-utils package should update to these packages that contain a version of uml_net that is not setuid root.

Alternatively, as a work-around to this vulnerability issue the following command as root:

chmod -s /usr/bin/uml_net

Alerts:
Red Hat RHSA-2003:056-08 2003-02-07

Comments (none posted)

lha: stack-based buffer overflow

Package(s):lha CVE #(s):CAN-2004-0769 CAN-2004-0771 CAN-2004-0694 CAN-2004-0745
Created:September 2, 2004 Updated:October 14, 2004
Description: The lha archiving and compression utility has a stack-based buffer overflow vulnerability. A modified archive could allow an attacker to execute code when a victim extracts or test the archive.
Alerts:
Fedora-Legacy FLSA:1833 2004-10-13
Whitebox WBSA-2004:323-01 2004-09-20
Gentoo 200409-13 2004-09-08
Fedora FEDORA-2004-295 2004-09-08
Fedora FEDORA-2004-294 2004-09-08
Red Hat RHSA-2004:323-01 2004-09-01

Comments (none posted)

libpng: multiple vulnerabilities

Package(s):libpng CVE #(s):CAN-2002-1363 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599
Created:August 4, 2004 Updated:February 10, 2005
Description: There is yet another set of holes in libpng, versions 1.2.5 and prior, which can be exploited by a malicious image file; see this advisory from Chris Evans or this CERT advisory for details.
Alerts:
Fedora-Legacy FLSA:1943 2005-02-08
Red Hat RHSA-2004:421-01 2004-08-04
Gentoo 200408-22 2004-08-23
Whitebox WBSA-2004:402-01 2004-08-19
Mandrake MDKSA-2004:082 2004-08-12
Slackware SSA:2004-223-01 2004-08-09
Slackware SSA:2004-223-02 2004-08-07
Slackware SSA:2004-222-01b 2004-08-10
Slackware SSA:2004-222-01 2004-08-07
Conectiva CLA-2004:856 2004-08-06
Trustix TSLSA-2004-0040 2004-08-05
Gentoo 200408-03 2004-08-05
Debian DSA-536-1 2004-08-04
Mandrake MDKSA-2004:079 2004-08-04
SuSE SUSE-SA:2004:023 2004-08-04
Red Hat RHSA-2004:402-01 2004-08-04
OpenPKG OpenPKG-SA-2004.035 2004-08-04

Comments (1 posted)

libxml2 - arbitrary code execution

Package(s):libxml2 CVE #(s):CAN-2004-0110
Created:February 26, 2004 Updated:August 19, 2009
Description: Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Fedora-Legacy FLSA:1324 2004-07-19
Conectiva CLA-2004:836 2004-03-31
Gentoo 200403-01 2004-03-06
Trustix TSLSA-2004-0010 2004-03-05
OpenPKG OpenPKG-SA-2004.003 2004-03-05
Netwosix NW-2004-0004 2004-03-04
Debian DSA-455-1 2004-03-03
Mandrake MDKSA-2004:018 2004-03-03
Red Hat RHSA-2004:091-02 2004-03-03
Whitebox WBSA-2004:090-01 2004-03-01
Red Hat RHSA-2004:090-01 2004-02-26
Fedora FEDORA-2004-087 2004-02-25
Red Hat RHSA-2004:091-01 2004-02-26

Comments (none posted)

libxpm4: stack and integer overflows

Package(s):libxpm4 CVE #(s):CAN-2004-0687 CAN-2004-0688
Created:September 16, 2004 Updated:February 14, 2005
Description: There are several stack and integer overflow bugs in the libXpm code of XFree86 that may be used for a denial of service.
Alerts:
Conectiva CLA-2005:924 2005-02-14
Red Hat RHSA-2005:004-01 2005-01-12
Red Hat RHSA-2004:537-01 2004-12-02
Ubuntu USN-27-1 2004-11-17
Mandrake MDKSA-2004:124 2004-11-04
Debian DSA-561-1 2004-10-11
Gentoo 200410-09 2004-10-09
Debian DSA-560-1 2004-10-07
Red Hat RHSA-2004:479-01 2004-10-06
Red Hat RHSA-2004:478-01 2004-10-04
Gentoo 200409-34 2004-09-27
SuSE SUSE-SA:2004:034 2004-09-17
Mandrake MDKSA-2004:099 2004-09-15
Mandrake MDKSA-2004:098 2004-09-15

Comments (none posted)

logcheck: symlink vulnerability

Package(s):logcheck CVE #(s):CAN-2004-0404
Created:April 21, 2004 Updated:December 22, 2004
Description: The logcheck utility handles temporary files in an unsafe way, possibly allowing local attackers to overwrite files.
Alerts:
Mandrake MDKSA-2004:155 2004-12-22
Debian DSA-488-1 2004-04-16

Comments (none posted)

Midnight Commander: extfs vfs vulnerability

Package(s):mc CVE #(s):CAN-2004-0494
Created:September 2, 2004 Updated:January 5, 2005
Description: Midnight Commander has a vfs vulnerability with shell quoting in extfs perl scripts.
Alerts:
Red Hat RHSA-2004:464-02 2005-01-05
Red Hat RHSA-2004:464-01 2004-09-15
Fedora FEDORA-2004-273 2004-09-01
Fedora FEDORA-2004-272 2004-09-01

Comments (none posted)

mikmod: buffer overflow

Package(s):mikmod CVE #(s):CAN-2003-0427
Created:June 16, 2003 Updated:June 16, 2005
Description: Ingo Saitz discovered a bug in mikmod whereby a long filename inside an archive file can overflow a buffer when the archive is being read by mikmod.
Alerts:
Fedora FEDORA-2005-405 2005-06-16
Red Hat RHSA-2005:506-01 2005-06-13
Fedora FEDORA-2005-404 2005-06-09
Gentoo 200307-01 2003-07-02
Debian DSA-320-1 2003-06-13

Comments (none posted)

mod_python: denial of service vulnerability

Package(s):mod_python CVE #(s):CAN-2003-0973
Created:January 27, 2004 Updated:October 4, 2004
Description: Apache's mod_python module could crash the httpd process if a specific, malformed query string was sent.

The Apache Foundation has reported that mod_python may be prone to Denial of Service attacks when handling a malformed query. Mod_python 2.7.9 was released to fix the vulnerability, however, because the vulnerability has not been fully fixed, version 2.7.10 has been released.

Users of mod_python 3.0.4 are not affected by this vulnerability.

Alerts:
Fedora-Legacy FLSA:1325 2004-10-03
Conectiva CLA-2004:837 2004-04-12
Whitebox WBSA-2004:058-01 2004-03-01
Debian DSA-452-1 2004-02-29
Red Hat RHSA-2004:058-01 2004-02-26
Red Hat RHSA-2004:063-01 2004-02-26
Gentoo 200401-03 2004-01-27

Comments (none posted)

mozilla products: arbitrary code execution and other vulnerabilities

Package(s):mozilla firefox thunderbird CVE #(s):CAN-2004-0902 CAN-2004-0903 CAN-2004-0904 CAN-2004-0905 CAN-2004-0908
Created:September 20, 2004 Updated:January 13, 2005
Description: Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. See the CERT advisory for details.
Alerts:
Gentoo 200501-03 2005-01-05
Fedora-Legacy FLSA:2089 2004-10-27
Conectiva CLA-2004:877 2004-10-22
Mandrake MDKSA-2004:107 2004-10-19
SuSE SUSE-SA:2004:036 2004-10-06
Red Hat RHSA-2004:486-01 2004-09-30
Slackware SSA:2004-266-03 2004-09-22
Gentoo 200409-26 2004-09-20

Comments (none posted)

mpg123: buffer overflow bug

Package(s):mpg123 CVE #(s):CAN-2004-0805
Created:September 16, 2004 Updated:January 11, 2005
Description: The mpg123 audio playing utility has a buffer overflow bug that may allow arbitrary execution of code.
Alerts:
Gentoo 200501-14 2005-01-10
Debian DSA-564-1 2004-10-13
Mandrake MDKSA-2004:100 2004-09-22
Gentoo 200409-20 2004-09-16

Comments (none posted)

mpg321: format string vulnerability

Package(s):mpg321 CVE #(s):CAN-2003-0969
Created:January 6, 2004 Updated:March 28, 2005
Description: A vulnerability was discovered in mpg321, a command-line mp3 player, whereby user-supplied strings were passed to printf(3) unsafely. This vulnerability could be exploited by a remote attacker to overwrite memory, and possibly execute arbitrary code. In order for this vulnerability to be exploited, mpg321 would need to play a malicious mp3 file (including via HTTP streaming).
Alerts:
Gentoo 200503-34 2005-03-28
Debian DSA-411-1 2004-01-05

Comments (none posted)

neon: buffer overflow

Package(s):neon CVE #(s):CAN-2004-0398
Created:May 19, 2004 Updated:September 30, 2004
Description: The neon library (through version 0.24.5) contains a buffer overflow in its date parsing code, allowing arbitrary code execution when connecting to a hostile server. See this advisory for details. This vulnerability also affects related applications (such as cadaver).
Alerts:
Fedora-Legacy FLSA:1552 2004-09-29
Mandrake MDKSA-2004:078 2004-07-29
Gentoo 200406-03 2004-06-05
Gentoo 200405-25b 2004-06-02
Gentoo 200405-25 2004-05-30
Conectiva CLA-2004:841 2004-05-25
Gentoo 200405-15 2004-05-20
Gentoo 200405-13 2004-05-20
OpenPKG OpenPKG-SA-2004.024 2004-05-19
Mandrake MDKSA-2004:049 2004-05-19
Fedora FEDORA-2004-130 2004-05-19
Fedora FEDORA-2004-129 2004-05-19
Red Hat RHSA-2004:191-01 2004-05-19
Debian DSA-507-1 2004-05-19
Debian DSA-506-1 2004-05-19

Comments (none posted)

netpbm: insecure temporary files

Package(s):netpbm CVE #(s):CAN-2003-0924
Created:January 19, 2004 Updated:December 29, 2004
Description: netpbm is graphics conversion toolkit made up of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool.
Alerts:
Conectiva CLA-2004:909 2004-12-29
Gentoo 200410-02 2004-10-04
Mandrake MDKSA-2004:011-1 2004-09-27
Whitebox WBSA-2004:031-01 2004-02-12
Mandrake MDKSA-2004:011 2004-02-11
Red Hat RHSA-2004:030-01 2004-02-05
Fedora FEDORA-2004-068 2004-02-06
Red Hat RHSA-2004:031-01 2004-01-22
Debian DSA-426-1 2004-01-18

Comments (1 posted)

OpenOffice: information disclosure

Package(s):openoffice.org CVE #(s):CAN-2004-0752
Created:September 15, 2004 Updated:October 20, 2004
Description: OpenOffice.org contains a temporary file handling vulnerability which can allow one local user to read the contents of another user's open files.
Alerts:
Gentoo 200410-17 2004-10-20
Mandrake MDKSA-2004:103 2004-09-27
Red Hat RHSA-2004:446-01 2004-09-15

Comments (none posted)

openssh: timing attack leads to information disclosure

Package(s):openssh CVE #(s):CAN-2003-0190
Created:May 2, 2003 Updated:November 30, 2004
Description: From the advisory: "During a pen-test we stumbled across a nasty bug in OpenSSH-portable with PAM support enabled (via the --with-pam configure script switch). This bug allows a remote attacker to identify valid users on vulnerable systems, through a simple timing attack. The vulnerability is easy to exploit and may have high severity, if combined with poor password policies and other security problems that allow local privilege escalation."
Alerts:
Ubuntu USN-34-1 2004-11-30
OpenPKG OpenPKG-SA-2003.035 2003-08-06
Red Hat RHSA-2003:222-01 2003-07-29
Gentoo 200305-02 2003-05-13
Gentoo 200305-01 2002-03-05

Comments (1 posted)

OpenSSL: denial of service vulnerabilities

Package(s):OpenSSL CVE #(s):CAN-2004-0081 CAN-2003-0851
Created:March 17, 2004 Updated:November 2, 2005
Description: Versions 0.9.7a-c of the OpenSSL library suffer from two denial of service vulnerabilities; see the version 0.9.7d release announcement for details.
Alerts:
Red Hat RHSA-2005:830-00 2005-11-02
Red Hat RHSA-2005:829-00 2005-11-02
Fedora FEDORA-2005-1042 2005-10-31
Fedora-Legacy FLSA:1395 2004-05-08
Conectiva CLA-2004:834 2004-03-31
Whitebox WBSA-2004:084-01 2004-03-23
Red Hat RHSA-2004:084-01 2004-03-23
Fedora FEDORA-2004-095 2004-03-19
Whitebox WBSA-2004:120-01 2004-03-22
Trustix TSLSA-2004-0012 2004-03-17
Slackware SSA:2004-077-01 2004-03-17
Red Hat RHSA-2004:121-01 2004-03-17
OpenPKG OpenPKG-SA-2004.007 2004-03-18
Gentoo 200403-03 2004-03-17
Debian DSA-465-1 2004-03-17
Netwosix NW-2004-0005 2004-03-17
Mandrake MDKSA-2004:023 2004-03-17
SuSE SuSE-SA:2004:007 2004-03-17
Red Hat RHSA-2004:120-01 2004-03-17
Red Hat RHSA-2004:119-01 2004-03-17
EnGarde ESA-20040317-003 2004-03-17

Comments (1 posted)

pavuk: buffer overflow

Package(s):pavuk CVE #(s):CAN-2004-0456
Created:June 30, 2004 Updated:November 11, 2004
Description: Versions of the pavuk web spider through 0.9.28-r1 contain a buffer overflow which could be exploited by a hostile server.
Alerts:
Gentoo 200411-19 2004-11-10
Debian DSA-527-1 2004-07-03
Gentoo 200406-22 2004-06-30

Comments (none posted)

php: remotely exploitable memory errors

Package(s):php CVE #(s):CAN-2004-0594
Created:July 14, 2004 Updated:February 7, 2005
Description: Stefan Esser has issued an advisory regarding a remotely exploitable hole in PHP (through version 4.3.7). If the memory_limit feature is in use (as it should be, to prevent denial of service attacks), allocation failures can be forced at highly inopportune times, and those failures can be exploited to execute arbitrary code. The exploit is described as "quite easy," and it can be done regardless of whether Apache1 or Apache2 is in use. Upgrading to PHP 4.3.8 fixes the problem; yesterday's PHP 5.0 release also contains the fix (but the final release candidate did not).
Alerts:
Debian DSA-669-1 2005-02-07
Whitebox WBSA-2004:392-01 2004-08-19
Fedora FEDORA-2004-223 2004-07-23
Fedora FEDORA-2004-222 2004-07-23
OpenPKG OpenPKG-SA-2004.034 2004-07-22
Slackware SSA:2004-202-01 2004-07-20
Debian DSA-531-1 2004-07-20
Red Hat RHSA-2004:392-01 2004-07-19
Red Hat RHSA-2004:395-01 2004-07-19
Conectiva CLA-2004:847 2004-07-16
SuSE SUSE-SA:2004:021 2004-07-16
Mandrake MDKSA-2004:068 2004-07-14
Gentoo 200407-13 2004-07-15
tinysofa TSSA-2004-013 2004-07-14

Comments (none posted)

phpGroupWare: cross site scripting vulnerability

Package(s):phpgroupware CVE #(s):
Created:September 16, 2004 Updated:September 22, 2004
Description: The wiki module in phpGroupWare has a cross-site scripting vulnerability.
Alerts:
Gentoo 200409-22 2004-09-16

Comments (none posted)

PuTTY: pre-authentication arbitrary code execution problem

Package(s):putty CVE #(s):
Created:August 5, 2004 Updated:October 28, 2004
Description: PuTTY, a telnet and SSH client, contains a vulnerability that can allow an SSH server to execute arbitrary code on a connecting client.
Alerts:
Gentoo 200410-29 2004-10-27
Gentoo 200408-04 2004-08-05

Comments (none posted)

python: buffer overflow

Package(s):python CVE #(s):CAN-2004-0150
Created:March 10, 2004 Updated:October 11, 2004
Description: Python (versions 2.2 and 2.2.1 only) has a buffer overflow in the getaddrinfo() function which can be exploited by a malformed IPv6 address.
Alerts:
Debian DSA-458-3 2004-10-10
Gentoo 200409-03 2004-09-02
Debian DSA-458-2 2004-08-31
Mandrake MDKSA-2004:019 2004-03-09
Debian DSA-458-1 2004-03-09

Comments (none posted)

qt3: BMP image parser heap overflow

Package(s):qt3/qt3-non-mt/qt3-32bit/qt3-static CVE #(s):CAN-2004-0691 CAN-2004-0692 CAN-2004-0693
Created:August 19, 2004 Updated:May 15, 2005
Description: A heap overflow in the qt3 BMP image format parser in Qt versions prior to 3.3.3 may allow remote code execution.
Alerts:
Fedora-Legacy FLSA:152763 2005-05-12
Conectiva CLA-2004:866 2004-09-22
Whitebox WBSA-2004:414-01 2004-09-20
Debian DSA-542-1 2004-08-30
Fedora FEDORA-2004-271 2004-08-23
Fedora FEDORA-2004-270 2004-08-23
Gentoo 200408-20 2004-08-22
Red Hat RHSA-2004:414-01 2004-08-20
Mandrake MDKSA-2004:085 2004-08-18
SuSE SUSE-SA:2004:027 2004-08-19

Comments (none posted)

rsync: path-sanitizing bug

Package(s):rsync CVE #(s):CAN-2004-0792
Created:August 16, 2004 Updated:November 1, 2004
Description: This August 2004 rsync advisory reports that there is a path-sanitizing bug that affects daemon mode in all recent rsync versions (including 2.6.2) but only if chroot is disabled. It does NOT affect the normal send/receive filenames that specify what files should be transferred (this is because these names happen to get sanitized twice, and thus the second call removes any lingering leading slash(es) that the first call left behind). It does affect certain option paths that cause auxilliary files to be read or written.
Alerts:
Conectiva CLA-2004:881 2004-11-01
Slackware SSA:2004-285-01 2004-10-12
Whitebox WBSA-2004:436-01 2004-09-20
Red Hat RHSA-2004:436-01 2004-09-01
Fedora FEDORA-2004-269 2004-08-19
Fedora FEDORA-2004-268 2004-08-19
Gentoo 200408-17 2004-08-17
Mandrake MDKSA-2004:083 2004-08-17
Netwosix NW-2004-0017 2004-08-17
Trustix TSLSA-2004-0042 2004-08-17
tinysofa TSSA-2004-020-ES 2004-08-16
Debian DSA-538-1 2004-08-17
SuSE SUSE-SA:2004:026 2004-08-16
OpenPKG OpenPKG-SA-2004.037 2004-08-15

Comments (none posted)

ruby: insecure file permissions

Package(s):ruby CVE #(s):CAN-2004-0755
Created:August 16, 2004 Updated:October 14, 2004
Description: Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore (and presumably PStore, but not in Debian woody) implementations store session information insecurely. They simply create files, ignoring permission issues. This can lead an attacker who has also shell access to the webserver to take over a session.
Alerts:
Fedora FEDORA-2004-264 2004-10-15
Red Hat RHSA-2004:441-01 2004-09-30
Gentoo 200409-08 2004-09-03
Debian DSA-537-1 2004-08-16

Comments (none posted)

Samba: Denial of Service vulnerabilities

Package(s):samba CVE #(s):CAN-2004-0807 CAN-2004-0808
Created:September 13, 2004 Updated:September 22, 2004
Description: There is a defect in smbd's ASN.1 parsing. A bad packet received during the authentication request could throw newly-spawned smbd processes into an infinite loop (CAN-2004-0807). Another defect was found in nmbd's processing of mailslot packets, where a bad NetBIOS request could crash the nmbd process (CAN-2004-0808). See this advisory for details.
Alerts:
Red Hat RHSA-2004:467-01 2004-09-22
OpenPKG OpenPKG-SA-2004.040 2004-09-15
Trustix TSLSA-2004-0046 2004-09-14
Slackware SSA:2004-257-01 2004-09-13
Mandrake MDKSA-2004:092 2004-09-13
Fedora FEDORA-2004-305 2004-09-13
Fedora FEDORA-2004-304 2004-09-13
Gentoo 200409-16 2004-09-13

Comments (none posted)

SnipSnap: HTTP errors

Package(s):snipsnap-bin CVE #(s):
Created:September 22, 2004 Updated:September 22, 2004
Description: SnipSnap, a content management system, is vulnerable to several "HTTP response splitting" attacks, leading to cross-site scripting and cache poisoning problems. Version 1.0_beta1 fixes things.
Alerts:
Gentoo 200409-23 2004-09-17

Comments (none posted)

sox: buffer overflow

Package(s):sox CVE #(s):CAN-2004-0557
Created:July 28, 2004 Updated:February 21, 2005
Description: Sox suffers from buffer overflows in its WAV file handling; these overflows could conceivably be exploited by way of a malicious sound file.
Alerts:
Fedora-Legacy FLSA:1945 2005-02-20
Debian DSA-565-1 2004-10-13
Whitebox WBSA-2004:409-01 2004-08-19
Slackware SSA:2004-223-03 2004-08-07
Conectiva CLA-2004:855 2004-07-30
Gentoo 200407-23 2004-07-30
Mandrake MDKSA-2004:076 2004-07-28
Red Hat RHSA-2004:409-01 2004-07-29
Fedora FEDORA-2004-244 2004-07-28
Fedora FEDORA-2004-235 2004-07-28

Comments (none posted)

SpamAssassin: Denial of Service vulnerability

Package(s):spamassassin CVE #(s):CAN-2004-0796
Created:August 9, 2004 Updated:August 11, 2005
Description: SpamAssassin contains an unspecified Denial of Service vulnerability. By sending a specially crafted message an attacker could cause a Denial of Service attack against the SpamAssassin service.
Alerts:
Fedora-Legacy FLSA:129284 2005-08-10
Fedora-Legacy FLSA:2268 2005-03-24
Red Hat RHSA-2004:451-01 2004-09-30
Conectiva CLA-2004:867 2004-09-22
OpenPKG OpenPKG-SA-2004.041 2004-09-15
Mandrake MDKSA-2004:084 2004-08-18
Gentoo 200408-06 2004-08-09

Comments (none posted)

squid: buffer overflow

Package(s):squid CVE #(s):CAN-2004-0541
Created:June 9, 2004 Updated:September 30, 2004
Description: The NTLM authentication helper used by the squid proxy contains a buffer overflow vulnerability; an overly-long password may be used to run arbitrary code. Sites not using NTLM authentication are not vulnerable.
Alerts:
Red Hat RHSA-2004:462-01 2004-09-30
Mandrake MDKSA-2004:093 2004-09-15
Gentoo 200409-04 2004-09-02
Gentoo 200406-13 2004-06-17
Whitebox WBSA-2004:242-01 2004-06-10
Trustix TSLSA-2004-0033 2004-06-10
Mandrake MDKSA-2004:059 2004-06-09
SuSE SuSE-SA:2004:016 2004-06-09
Red Hat RHSA-2004:242-01 2004-06-09
Fedora FEDORA-2004-164 2004-06-09
Fedora FEDORA-2004-163 2004-06-09

Comments (none posted)

SquirrelMail cross site scripting vulnerabilities

Package(s):squirrelmail CVE #(s):CAN-2004-0519 CAN-2004-0520 CAN-2004-0521
Created:May 21, 2004 Updated:October 4, 2004
Description: Several unspecified cross-site scripting (XSS) vulnerabilities and a well hidden SQL injection vulnerability were found in SquirrelMail versions 1.4.2 and lower. An XSS attack allows an attacker to insert malicious code into a web-based application. SquirrelMail does not check for code when parsing variables received via the URL query string.
Alerts:
Fedora-Legacy FLSA:1733 2004-10-02
Conectiva CLA-2004:858 2004-08-12
Whitebox WBSA-2004:240-01 2004-06-21
Gentoo 200406-08 2004-06-15
Red Hat RHSA-2004:240-01 2004-06-14
Fedora FEDORA-2004-160 2004-06-09
Fedora FEDORA-2004-159 2004-06-09
Gentoo 200405-16:02 2004-05-25
Gentoo 200405-16 2004-05-21

Comments (none posted)

Subversion: Remote heap overflow

Package(s):subversion CVE #(s):CAN-2004-0413
Created:June 11, 2004 Updated:March 7, 2005
Description: Subversion has a remote Denial of Service vulnerability that may allow a server that runs svnserve to execute arbitrary code. See this advisory for more information.
Alerts:
Fedora-Legacy FLSA:1748 2005-03-07
SuSE SuSE-SA:2004:018 2004-06-17
Fedora FEDORA-2004-166 2004-06-11
Fedora FEDORA-2004-165 2004-06-11
OpenPKG OpenPKG-SA-2004.028 2004-06-11
Gentoo 200406-07 2004-06-10

Comments (none posted)

sysstat: temporary file vulnerability

Package(s):sysstat CVE #(s):CAN-2004-0107 CAN-2004-0108
Created:March 10, 2004 Updated:October 4, 2004
Description: The sysstat utility has a temporary file vulnerability which can be exploited by a local attacker to overwrite system files.
Alerts:
Fedora-Legacy FLSA:1372 2004-10-03
Gentoo 200404-04 2004-04-06
Debian DSA-460-2 2004-04-03
Trustix TSLSA-2004-0011 2004-03-16
Whitebox WBSA-2004:053-01 2004-03-10
Red Hat RHSA-2004:053-01 2004-03-10
Red Hat RHSA-2004:093-01 2004-03-10
Debian DSA-460-1 2004-03-10

Comments (none posted)

File overwrite vulnerability in tar and unzip

Package(s):tar unzip CVE #(s):CAN-2001-1267 CAN-2001-1268 CAN-2001-1269 CAN-2002-0399
Created:October 1, 2002 Updated:April 10, 2006
Description: The tar utility does not properly filter file names containing "../", meaning that a hostile archive can, if unpacked by an unsuspecting user, overwrite any file that is writable by that user. GNU tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42 has the same vulnerability.
Alerts:
Fedora-Legacy FLSA:183571-1 2006-04-04
Red Hat RHSA-2006:0195-01 2006-02-21
Conectiva CLA-2002:538 2002-10-29
Mandrake MDKSA-2002:066 2002-10-10
Mandrake MDKSA-2002:065 2002-10-10
EnGarde ESA-20021003-022 2002-10-03
Gentoo unzip-20021001 2002-10-01
Gentoo tar-20021001 2002-10-01
Red Hat RHSA-2002:096-24 2002-09-18

Comments (1 posted)

tcpdump: ISAKMP payload handling denial-of-service vulnerabilities

Package(s):tcpdump CVE #(s):CAN-2004-0183 CAN-2004-0184
Created:March 30, 2004 Updated:September 30, 2004
Description: TCPDUMP v3.8.1 and earlier versions contain multiple flaws in the packet display functions for the ISAKMP protocol. Upon receiving specially crafted ISAKMP packets, TCPDUMP will try to read beyond the end of the packet capture buffer and crash. More information is available in this Rapid7 advisory.
Alerts:
Fedora-Legacy FLSA:1468 2004-09-29
Whitebox WBSA-2004:219-01 2004-06-10
Red Hat RHSA-2004:219-01 2004-05-26
Fedora FEDORA-2004-120 2004-05-13
Slackware SSA:2004-108-01 2004-04-17
Mandrake MDKSA-2004:030 2004-04-14
OpenPKG OpenPKG-SA-2004.010 2004-04-07
Debian DSA-478-1 2004-04-06
Trustix TSLSA-2004-0015 2004-03-30

Comments (none posted)

Multiple vendor telnetd vulnerability

Package(s):telnet Telnet netkit-telnet-ssl kerberos telnetd netkit-telnet nkitb/nkitserv/telnetd krb5 CVE #(s):
Created:May 21, 2002 Updated:October 5, 2004
Description: This vulnerability, originally thought to be confined to BSD-derived systems, was first covered in the July 26th Security Summary. It is now known that Linux telnet daemons are vulnerable as well.
Alerts:
Gentoo 200410-03 2004-10-05
Yellow Dog YDU-20010810-2 2001-08-10
Yellow Dog YDU-20010810-1 2001-08-10
SuSE SuSE-SA:2001:029 2001-09-03
Slackware sl-997726350 2001-08-09
Red Hat RHSA-2001:100-02 2001-08-09
Red Hat RHSA-2001:099-09 2002-02-07
Red Hat RHSA-2001:099-06 2001-08-09
Progeny PROGENY-SA-2001-27 2001-08-14
Mandrake MDKSA-2001:093 2001-12-17
Mandrake MDKSA-2001:068 2001-08-13
HP HPSBTL0202-023 2002-02-12
Debian DSA-075-2 2001-08-14
Debian DSA-075-1 2001-08-14
Conectiva CLA-2001:413 2001-08-24
SCO Group CSSA-2001-030.0 2001-08-10

Comments (none posted)

Webmin, Usermin: Multiple vulnerabilities in Usermin

Package(s):webmin usermin CVE #(s):CAN-2004-0559
Created:September 13, 2004 Updated:September 23, 2004
Description: There is an input validation bug in the webmail feature of Usermin. Additionally, the Webmin and Usermin installation scripts write to /tmp/.webmin without properly checking if it exists first.

The first vulnerability allows a remote attacker to inject arbitrary shell code in a specially-crafted e-mail. This could lead to remote code execution with the privileges of the user running Webmin or Usermin.

The second could allow local users who know Webmin or Usermin is going to be installed to have arbitrary files be overwritten by creating a symlink by the name /tmp/.webmin that points to some target file, e.g. /etc/passwd.

Alerts:
Mandrake MDKSA-2004:101 2004-09-22
Debian DSA-544-1 2004-09-14
Gentoo 200409-15 2004-09-12

Comments (none posted)

wv: buffer overflow

Package(s):wv CVE #(s):CAN-2004-0645
Created:July 14, 2004 Updated:February 10, 2005
Description: wv, a viewer for MS Word files, contains a buffer overflow which may be exploited by a suitably-crafted file. Version 1.0.0-r1 fixes the problem.
Alerts:
Fedora-Legacy FLSA:1906 2005-02-08
Conectiva CLA-2004:902 2004-12-01
Debian DSA-579-1 2004-11-01
Debian DSA-550-1 2004-09-20
Conectiva CLA-2004:863 2004-09-10
Mandrake MDKSA-2004:077 2004-07-29
Fedora FEDORA-2004-225 2004-07-23
Fedora FEDORA-2004-224 2004-07-23
Gentoo 200407-11 2004-07-14

Comments (none posted)

XChat 2.0.x SOCKS5 Vulnerability

Package(s):xchat CVE #(s):CAN-2004-0409
Created:April 19, 2004 Updated:November 15, 2005
Description: XChat is vulnerable to a stack overflow that may allow a remote attacker to run arbitrary code. The SOCKS 5 proxy code in XChat is vulnerable to a remote exploit. Users would have to be using XChat through a SOCKS 5 server, enable SOCKS 5 traversal which is disabled by default and also connect to an attacker's custom proxy server. This vulnerability may allow an attacker to run arbitrary code within the context of the user ID of the XChat client.
Alerts:
Fedora-Legacy FLSA:123013 2005-11-14
Red Hat RHSA-2004:585-01 2004-10-27
Netwosix NW-2004-0014 2004-05-01
Red Hat RHSA-2004:177-01 2004-04-30
Mandrake MDKSA-2004:036 2004-04-21
Debian DSA-493-1 2004-04-21
Gentoo 200404-15 2004-04-19

Comments (none posted)

xine-lib: buffer overflows

Package(s):xine-lib CVE #(s):CAN-2004-1379
Created:September 22, 2004 Updated:April 10, 2006
Description: xine-lib (through version 1_rc6) contains buffer overflows in the subtitle parsing and DVD sub-picture decoder code.
Alerts:
Fedora-Legacy FLSA:152873 2006-04-04
Debian DSA-657-1 2005-01-25
Mandrake MDKSA-2004:105 2004-10-06
Slackware SSA:2004-266-04 2004-09-22
Gentoo 200409-30 2004-09-22

Comments (none posted)

xine-ui - insecure temporary file creation

Package(s):xine-ui CVE #(s):CAN-2004-0372
Created:April 6, 2004 Updated:April 27, 2006
Description: Shaun Colley discovered a problem in xine-ui, the xine video player user interface. A script contained in the package to possibly remedy a problem or report a bug does not create temporary files in a secure fashion. This could allow a local attacker to overwrite files with the privileges of the user invoking xine.
Alerts:
Gentoo 200404-20 2004-04-27
Slackware SSA:2004-111-01 2004-04-20
Mandrake MDKSA-2004:033 2004-04-19
Debian DSA-477-1 2004-04-06

Comments (none posted)

zlib: denial of service

Package(s):zlib CVE #(s):CAN-2004-0797
Created:August 25, 2004 Updated:June 10, 2005
Description: Versions 1.2.x of the zlib library contain an error handling vulnerability which can enable denial of service attacks.
Alerts:
OpenPKG OpenPKG-SA-2005.007 2005-06-10
Fedora-Legacy FLSA:2043 2005-02-23
Conectiva CLA-2004:878 2004-10-25
Slackware SSA:2004-278-02 2004-10-04
Conectiva CLA-2004:865 2004-09-13
Mandrake MDKSA-2004:090 2004-09-07
SuSE SUSE-SA:2004:029 2004-09-02
Gentoo 200408-26 2004-08-27
OpenPKG OpenPKG-SA-2004.038 2004-08-25

Comments (none posted)

Page editor: Jonathan Corbet
Next page: Kernel development>>

Copyright © 2004, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds