|
|
| |
|
| |
Security
Version v2.1 of the Metasploit Framework has been released. Metasploit looks like a script
kiddie's dream tool; it is a convenient packaging of some two dozen tools
for exploiting known vulnerabilities. A would-be attacker need only choose
the weapon of choice from a menu, and turn it loose.
In fact, it's better than that. Combined with the exploit engine is the
"payload generator"; there is also an online version
available. Simply pick the sort of behaviour you would like, set the relevant
parameters (e.g. which port to listen to), and the corresponding code pops
out the other end. Fit the payload onto your chosen exploit, and your
weapon is armed and ready.
Metasploit does not bring any new capabilities to the cracker's toolbox,
but it does make life easy for those who are unable to craft their own
exploits. It can also serve as a useful instructional and testing tool for
those of us who are charged with keeping systems secure. Metasploit can
quickly tell you if a target system is vulnerable to a given exploit, and
it shows what a breakin looks like from the outside. The attackers have
it; defenders might as well get a copy and see how it works. See the Metasploit Project page for more
information.
Comments (1 posted)
New vulnerabilities
Apache mod_proxy: denial of service
| Package(s): | apache |
CVE #(s): | CAN-2004-0492
|
| Created: | June 11, 2004 |
Updated: | October 14, 2004 |
| Description: |
A buffer overflow vulnerability in the apache mod_proxy module
can be exploited to create a denial of service. |
| Alerts: |
|
Comments (none posted)
chora: remote command execution
| Package(s): | chora |
CVE #(s): | |
| Created: | June 15, 2004 |
Updated: | June 15, 2004 |
| Description: |
Chora, a CVS/SVN repository viewer written by the HORDE project, has a vulnerability which can allow a remote attacker to inject shell code. Uploading and running of malicious binaries is also possible. Upgrading to version 1.2.2 fixes the problem. |
| Alerts: |
|
Comments (none posted)
Horde-IMP: improper input validation
| Package(s): | Horde-IMP |
CVE #(s): | |
| Created: | June 16, 2004 |
Updated: | August 10, 2004 |
| Description: |
An input validation error exists in Horde-IMP through version 3.2.4; a specially crafted message could be used to run scripts in the context of the target's browser. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CAN-2004-0554
|
| Created: | June 15, 2004 |
Updated: | July 5, 2004 |
| Description: |
2.4 and 2.6 kernels running on the i386 and x86_64 kernels have a vulnerability which can allow a local attacker to lock up the system. See this LWN article for a description of the problem.
Many of the updates for this problem also fix various potential driver vulnerabilities found while instrumenting the code for automated auditing. |
| Alerts: |
|
Comments (none posted)
Subversion: Remote heap overflow
| Package(s): | subversion |
CVE #(s): | CAN-2004-0413
|
| Created: | June 11, 2004 |
Updated: | March 7, 2005 |
| Description: |
Subversion has a remote Denial of Service vulnerability
that may allow a server that runs svnserve to execute
arbitrary code. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
webmin: denial of service
| Package(s): | webmin |
CVE #(s): | CAN-2004-0582
CAN-2004-0583
|
| Created: | June 16, 2004 |
Updated: | July 28, 2004 |
| Description: |
Versions of webmin prior to 1.150 suffer from denial of service and information disclosure vulnerabilities. See advisories for the disclosure and lockout problems for more information. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
apache2: stack-based buffer overflow in ssl_util.c
| Package(s): | apache2 |
CVE #(s): | CAN-2004-0488
|
| Created: | June 1, 2004 |
Updated: | October 14, 2004 |
| Description: |
A stack-based buffer overflow exists in the ssl_util_uuencode_binary
function in ssl_util.c in Apache. When mod_ssl is configured to trust the
issuing CA, a remote attacker may be able to execute arbitrary code via a
client certificate with a long subject DN. |
| Alerts: |
|
Comments (none posted)
cvs: heap overflow
| Package(s): | cvs |
CVE #(s): | CAN-2004-0396
|
| Created: | May 19, 2004 |
Updated: | June 11, 2004 |
| Description: |
CVS (through version 1.11.15 or 1.12.7) contains a remotely exploitable heap overflow vulnerability; see this advisory from Stefan Esser for details. If you are running cvs with the "pserver" protocol, a quick upgrade is recommended (dropping pserver is also a very good idea for security-conscious sites). |
| Alerts: |
|
Comments (none posted)
cvs: new vulnerabilities
| Package(s): | cvs |
CVE #(s): | CAN-2004-0414
CAN-2004-0416
CAN-2004-0417
CAN-2004-0418
|
| Created: | June 9, 2004 |
Updated: | June 15, 2004 |
| Description: |
Several new vulnerabilities have been found in CVS; these include a null-termination error, a double-free vulnerability, a format-string vulnerability, and a few others; see this advisory for the details. Some of these vulnerabilities are remotely exploitable; updating soon would be a good idea. |
| Alerts: |
|
Comments (none posted)
ethereal: more protocol dissector issues
| Package(s): | ethereal |
CVE #(s): | |
| Created: | June 3, 2004 |
Updated: | June 11, 2004 |
| Description: |
The 0.10.3 version may crash when you select a SIP packet. See this
post to the ethereal-users mailing list for details. |
| Alerts: |
|
Comments (1 posted)
Filename disclosure vulnerability in fam
| Package(s): | fam |
CVE #(s): | CAN-2002-0875
|
| Created: | August 19, 2002 |
Updated: | January 5, 2005 |
| Description: |
"fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible. |
| Alerts: |
|
Comments (none posted)
flim: insecure file creation
| Package(s): | flim |
CVE #(s): | CAN-2004-0422
|
| Created: | May 5, 2004 |
Updated: | December 16, 2004 |
| Description: |
The emacs "flim" mode creates temporary files in an insecure fashion, possibly allowing a local attacker to overwrite files. |
| Alerts: |
|
Comments (none posted)
gallery: unauthenticated access
| Package(s): | gallery |
CVE #(s): | |
| Created: | June 2, 2004 |
Updated: | June 15, 2004 |
| Description: |
The "gallery" photo album has a vulnerability which can allow access to the administrative account without authentication. |
| Alerts: |
|
Comments (none posted)
gtkhtml: malformed messages cause crash
| Package(s): | gtkhtml |
CVE #(s): | CAN-2003-0133
CAN-2003-0541
|
| Created: | April 14, 2003 |
Updated: | April 18, 2005 |
| Description: |
GtkHTML is the HTML rendering widget used by the Evolution mail reader.
GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug
when handling HTML messages. Alan Cox discovered that certain malformed
messages could cause the Evolution mail component to crash. |
| Alerts: |
|
Comments (none posted)
iproute: local denial of service
| Package(s): | iproute net-tools |
CVE #(s): | CAN-2003-0856
|
| Created: | November 25, 2003 |
Updated: | December 14, 2004 |
| Description: |
The iproute utility is susceptible to spoofed netlink messages sent by local users, with the result that denial of service attacks are possible. |
| Alerts: |
|
Comments (none posted)
racoon: failure to verify signatures
| Package(s): | ipsec-tools racoon |
CVE #(s): | CAN-2004-0155
|
| Created: | April 7, 2004 |
Updated: | August 19, 2004 |
| Description: |
Versions of ipsec-tools prior to 0.2.5 contain a vulnerability wherein the racoon utility fails to verify digital signatures on some packets. This hole can lead to unauthorized connections or man-in-the-middle attacks. See this advisory for details. |
| Alerts: |
|
Comments (none posted)
racoon: denial of service vulnerability
| Package(s): | ipsec-tools racoon iputils |
CVE #(s): | CAN-2004-0403
|
| Created: | April 26, 2004 |
Updated: | July 29, 2004 |
| Description: |
racoon does not check the length of ISAKMP headers. Attackers may be able
to craft an ISAKMP header of sufficient length to consume all available
system resources, causing a Denial of Service. This advisory contains additional
details. |
| Alerts: |
|
Comments (none posted)
kdelibs: cookie disclosure
| Package(s): | kdelibs |
CVE #(s): | CAN-2003-0592
|
| Created: | March 10, 2004 |
Updated: | August 24, 2004 |
| Description: |
kdelibs (and, thus, Konqueror) has a vulnerability where a hostile server can force the disclosure of cookies that should not be presented to it. KDE versions 3.1.3 and later contain a fix. |
| Alerts: |
|
Comments (none posted)
kde: URI Handler Vulnerabilities
| Package(s): | kde Opera |
CVE #(s): | CAN-2004-0411
|
| Created: | May 17, 2004 |
Updated: | June 15, 2004 |
| Description: |
iDEFENSE identified a vulnerability in the Opera Web Browser that could
allow remote attackers to create or truncate arbitrary files. The KDE team
has found that similar vulnerabilities exists in all version of KDE, up to
KDE 3.2.2 inclusive. See this advisory for
more information. |
| Alerts: |
|
Comments (none posted)
kernel: symlink overflow in the iso9660 filessytem
| Package(s): | kernel |
CVE #(s): | CAN-2004-0109
|
| Created: | April 14, 2004 |
Updated: | July 15, 2004 |
| Description: |
The 2.4 and 2.6 kernels contain a
vulnerability in the iso9660 (CDROM) filesystem which can be used by a
local attacker to obtain root privileges. The exploit requires creating a
specially-crafted filesystem and getting the kernel to mount it. Many
systems are configured to automatically mount CDs on insertion, however, so
the possibility of this vulnerability being exploited by users with
physical access to the system is real. The 2.4.26 kernel contains the fix,
which will also be merged into the upcoming 2.6.6 release. |
| Alerts: |
|
Comments (none posted)
kernel - root exploit in MCAST_MSFILTER
| Package(s): | kernel |
CVE #(s): | CAN-2004-0424
|
| Created: | April 22, 2004 |
Updated: | June 11, 2004 |
| Description: |
A locally exploitable integer overflow has been found the multicast code
of the Linux kernel versions 2.4.22 to 2.4.25 and 2.6.1 - 2.6.3. A
successful exploit could lead to full superuser privileges. |
| Alerts: |
|
Comments (1 posted)
kernel-utils: setuid vulnerability
| Package(s): | kernel-utils |
CVE #(s): | CAN-2003-0019
|
| Created: | February 7, 2003 |
Updated: | January 21, 2005 |
| Description: |
The kernel-utils package contains several utilities that can be used to
control the kernel or machine hardware. In Red Hat Linux 8.0 this package
contains user mode linux (UML) utilities.
The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was
incorrectly shipped setuid root. This could allow local users to control
certain network interfaces, add and remove arp entries and routes, and put
interfaces in and out of promiscuous mode.
All users of the kernel-utils package should update to these packages that
contain a version of uml_net that is not setuid root.
Alternatively, as a work-around to this vulnerability issue the following
command as root:
chmod -s /usr/bin/uml_net |
| Alerts: |
|
Comments (none posted)
krb5: unauthorized root privileges
| Package(s): | krb5 |
CVE #(s): | CAN-2004-0523
|
| Created: | June 3, 2004 |
Updated: | June 29, 2004 |
| Description: |
Multiple buffer overflows exist in the krb5_aname_to_localname() library
function that if exploited could lead to unauthorized root privileges. In
order to exploit this flaw, an attacker must first successfully
authenticate to a vulnerable service, which must be configured to enable
the explicit mapping or rules-based mapping functionality of
krb5_aname_to_localname, which is not a default configuration. See the
this MIT krb5 Security Advisory for more information. |
| Alerts: |
|
Comments (none posted)
LHA: stack buffer overflows and directory traversal flaws
| Package(s): | LHA |
CVE #(s): | CAN-2004-0234
CAN-2004-0235
|
| Created: | April 30, 2004 |
Updated: | June 11, 2004 |
| Description: |
LHA is an archiving and compression utility for LHarc format archives. Ulf
Harnhammar discovered two stack buffer overflows and two directory
traversal flaws in LHA. See this advisory+patch for more details.
CAN-2004-0234: An attacker could exploit the buffer overflows by creating a
carefully crafted LHA archive in such a way that arbitrary code would be
executed when the archive is tested or extracted by a victim.
CAN-2004-0235: An attacker could exploit the directory traversal issues to
create files as the victim outside of the expected directory. |
| Alerts: |
|
Comments (2 posted)
libpng: denial of service vulnerability.
| Package(s): | libpng |
CVE #(s): | CAN-2004-0421
|
| Created: | April 29, 2004 |
Updated: | June 11, 2004 |
| Description: |
The PNG library can accesses memory that is out of bounds when
creating an error message, this can be exploited by a malformed
PNG image file. |
| Alerts: |
|
Comments (none posted)
libpng, libpng3: buffer overflow
| Package(s): | libpng, libpng3 |
CVE #(s): | CAN-2002-1363
|
| Created: | December 19, 2002 |
Updated: | July 14, 2004 |
| Description: |
Glenn Randers-Pehrson discovered a problem in connection with 16-bit
samples from libpng, an interface for reading and writing PNG
(Portable Network Graphics) format files. The starting offsets for
the loops are calculated incorrectly which causes a buffer overrun
beyond the beginning of the row buffer. |
| Alerts: |
|
Comments (none posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
log2mail: format string vulnerability
| Package(s): | log2mail |
CVE #(s): | CAN-2004-0450
|
| Created: | June 3, 2004 |
Updated: | June 9, 2004 |
| Description: |
jaguar -at- felinemenace.org discovered a format string vulnerability in
log2mail, whereby a user able to log a specially crafted message to a
logfile monitored by log2mail (for example, via syslog) could cause
arbitrary code to be executed with the privileges of the log2mail process.
By default, this process runs as user 'log2mail', which is a member of
group 'adm' (which has access to read system logfiles). |
| Alerts: |
|
Comments (none posted)
logcheck: symlink vulnerability
| Package(s): | logcheck |
CVE #(s): | CAN-2004-0404
|
| Created: | April 21, 2004 |
Updated: | December 22, 2004 |
| Description: |
The logcheck utility handles temporary files in an unsafe way, possibly allowing local attackers to overwrite files. |
| Alerts: |
|
Comments (none posted)
mailman: password disclosure
| Package(s): | mailman |
CVE #(s): | CAN-2004-0412
|
| Created: | May 27, 2004 |
Updated: | July 20, 2004 |
| Description: |
In mailman versions above 2.1, third parties can retrieve
member passwords from the server. |
| Alerts: |
|
Comments (none posted)
mikmod: buffer overflow
| Package(s): | mikmod |
CVE #(s): | CAN-2003-0427
|
| Created: | June 16, 2003 |
Updated: | June 16, 2005 |
| Description: |
Ingo Saitz discovered a bug in mikmod whereby a long filename inside
an archive file can overflow a buffer when the archive is being read
by mikmod. |
| Alerts: |
|
Comments (none posted)
mod_python: denial of service vulnerability
| Package(s): | mod_python |
CVE #(s): | CAN-2003-0973
|
| Created: | January 27, 2004 |
Updated: | October 4, 2004 |
| Description: |
Apache's mod_python module could crash the httpd process if a specific,
malformed query string was sent.
The Apache Foundation has reported that mod_python may be prone to
Denial of Service attacks when handling a malformed query. Mod_python
2.7.9 was released to fix the vulnerability, however, because the
vulnerability has not been fully fixed, version 2.7.10 has been released.
Users of mod_python 3.0.4 are not affected by this vulnerability. |
| Alerts: |
|
Comments (none posted)
mozilla: multiple vulnerabilties
| Package(s): | mozilla |
CVE #(s): | CAN-2003-0594
CAN-2003-0564
|
| Created: | March 10, 2004 |
Updated: | August 19, 2004 |
| Description: |
Mozilla 1.4 contains a few vulnerabilities, including disclosure of cookies to the wrong server, a scripting vulnerability which can allow an attacker to run arbitrary code, and an S/MIME vulnerability which can lead to remote denial of service or code execution attacks. |
| Alerts: |
|
Comments (none posted)
mpg321: format string vulnerability
| Package(s): | mpg321 |
CVE #(s): | CAN-2003-0969
|
| Created: | January 6, 2004 |
Updated: | March 28, 2005 |
| Description: |
A vulnerability was discovered in mpg321, a command-line mp3 player,
whereby user-supplied strings were passed to printf(3) unsafely. This
vulnerability could be exploited by a remote attacker to overwrite
memory, and possibly execute arbitrary code. In order for this
vulnerability to be exploited, mpg321 would need to play a malicious
mp3 file (including via HTTP streaming). |
| Alerts: |
|
Comments (none posted)
MySQL: temporary file vulnerabilities
| Package(s): | mysql |
CVE #(s): | CAN-2004-0381
CAN-2004-0388
|
| Created: | April 14, 2004 |
Updated: | August 18, 2004 |
| Description: |
The mysqlbug and mysqld_multi scripts contain temporary file vulnerabilities which could be used by a local attacker to overwrite files on the system. |
| Alerts: |
|
Comments (none posted)
neon: buffer overflow
| Package(s): | neon |
CVE #(s): | CAN-2004-0398
|
| Created: | May 19, 2004 |
Updated: | September 30, 2004 |
| Description: |
The neon library (through version 0.24.5) contains a buffer overflow in its date parsing code, allowing arbitrary code execution when connecting to a hostile server. See this advisory for details. This vulnerability also affects related applications (such as cadaver). |
| Alerts: |
|
Comments (none posted)
Nessus NASL scripting engine security issues
| Package(s): | nessus |
CVE #(s): | |
| Created: | May 27, 2003 |
Updated: | August 12, 2004 |
| Description: |
Some some vulnerabilities exsist in the Nessus NASL scripting engine. To
exploit these flaws, an attacker would need to have a valid Nessus account
as well as the ability to upload arbitrary Nessus plugins in the Nessus
server (this option is disabled by default) or he/she would need to trick a
user somehow into running a specially crafted nasl script. Read the full
advisory for additional information. |
| Alerts: |
|
Comments (none posted)
netpbm: insecure temporary files
| Package(s): | netpbm |
CVE #(s): | CAN-2003-0924
|
| Created: | January 19, 2004 |
Updated: | December 29, 2004 |
| Description: |
netpbm is graphics conversion toolkit made up of a large number of
single-purpose programs. Many of these programs were found to create
temporary files in an insecure manner, which could allow a local
attacker to overwrite files with the privileges of the user invoking a
vulnerable netpbm tool. |
| Alerts: |
|
Comments (1 posted)
openssh: timing attack leads to information disclosure
| Package(s): | openssh |
CVE #(s): | CAN-2003-0190
|
| Created: | May 2, 2003 |
Updated: | November 30, 2004 |
| Description: |
From the advisory:
"During a pen-test we stumbled across a nasty bug in OpenSSH-portable
with PAM support enabled (via the --with-pam configure script switch). This
bug allows a remote attacker to identify valid users on vulnerable systems,
through a simple timing attack. The vulnerability is easy to exploit and
may have high severity, if combined with poor password policies and other
security problems that allow local privilege escalation." |
| Alerts: |
|
Comments (1 posted)
OpenSSL: denial of service vulnerabilities
Comments (1 posted)
postgresql buffer overflow in ODBC driver
| Package(s): | postgresql |
CVE #(s): | |
| Created: | June 7, 2004 |
Updated: | July 28, 2004 |
| Description: |
A buffer overflow has been discovered in the ODBC driver of PostgreSQL,
an object-relational SQL database, descended from POSTGRES. It possible
to exploit this problem and crash the surrounding application. Hence, a
PHP script using php4-odbc can be utilized to crash the surrounding
Apache webserver. Other parts of postgresql are not affected. |
| Alerts: |
|
Comments (none posted)
python: buffer overflow
| Package(s): | python |
CVE #(s): | CAN-2004-0150
|
| Created: | March 10, 2004 |
Updated: | October 11, 2004 |
| Description: |
Python (versions 2.2 and 2.2.1 only) has a buffer overflow in the getaddrinfo() function which can be exploited by a malformed IPv6 address. |
| Alerts: |
|
Comments (none posted)
rsync remote file write attack
| Package(s): | rsync |
CVE #(s): | CAN-2004-0426
|
| Created: | April 30, 2004 |
Updated: | July 12, 2004 |
| Description: |
See the rsync homepage for the
April 2004
advisory: "There is a security problem in all versions prior to
2.6.1 that affects only people running a read/write daemon WITHOUT using
chroot. If the user privs that such an rsync daemon is using is anything
above "nobody", you are at risk of someone crafting an attack that could
write a file outside of the module's "path" setting (where all its files
should be stored). Please either enable chroot or upgrade to 2.6.1. People
not running a daemon, running a read-only daemon, or running a chrooted
daemon are totally unaffected." |
| Alerts: |
|
Comments (none posted)
squid: buffer overflow
| Package(s): | squid |
CVE #(s): | CAN-2004-0541
|
| Created: | June 9, 2004 |
Updated: | September 30, 2004 |
| Description: |
The NTLM authentication helper used by the squid proxy contains a buffer overflow vulnerability; an overly-long password may be used to run arbitrary code. Sites not using NTLM authentication are not vulnerable. |
| Alerts: |
|
Comments (none posted)
SquirrelMail cross site scripting vulnerabilities
| Package(s): | squirrelmail |
CVE #(s): | CAN-2004-0519
CAN-2004-0520
CAN-2004-0521
|
| Created: | May 21, 2004 |
Updated: | October 4, 2004 |
| Description: |
Several unspecified cross-site scripting (XSS) vulnerabilities and a well
hidden SQL injection vulnerability were found in SquirrelMail versions
1.4.2 and lower. An XSS attack allows an attacker to insert malicious code
into a web-based application. SquirrelMail does not check for code when
parsing variables received via the URL query string. |
| Alerts: |
|
Comments (none posted)
sysstat: temporary file vulnerability
| Package(s): | sysstat |
CVE #(s): | CAN-2004-0107
CAN-2004-0108
|
| Created: | March 10, 2004 |
Updated: | October 4, 2004 |
| Description: |
The sysstat utility has a temporary file vulnerability which can be exploited by a local attacker to overwrite system files. |
| Alerts: |
|
Comments (none posted)
File overwrite vulnerability in tar and unzip
| Package(s): | tar unzip |
CVE #(s): | CAN-2001-1267
CAN-2001-1268
CAN-2001-1269
CAN-2002-0399
|
| Created: | October 1, 2002 |
Updated: | April 10, 2006 |
| Description: |
The tar utility does not properly filter file names containing
"../", meaning that a hostile archive can, if unpacked by an
unsuspecting user, overwrite any file that is writable by that user. GNU
tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42
has the same vulnerability. |
| Alerts: |
|
Comments (1 posted)
tcpdump: ISAKMP payload handling denial-of-service vulnerabilities
| Package(s): | tcpdump |
CVE #(s): | CAN-2004-0183
CAN-2004-0184
|
| Created: | March 30, 2004 |
Updated: | September 30, 2004 |
| Description: |
TCPDUMP v3.8.1 and earlier versions contain multiple flaws in the packet
display functions for the ISAKMP protocol. Upon receiving specially
crafted ISAKMP packets, TCPDUMP will try to read beyond the end of the
packet capture buffer and crash. More information is available in this Rapid7 advisory. |
| Alerts: |
|
Comments (none posted)
Multiple vendor telnetd vulnerability
| Package(s): | telnet Telnet netkit-telnet-ssl kerberos telnetd netkit-telnet nkitb/nkitserv/telnetd krb5 |
CVE #(s): | |
| Created: | May 21, 2002 |
Updated: | October 5, 2004 |
| Description: |
This vulnerability,
originally thought to be confined to BSD-derived systems, was first covered
in the July 26th Security
Summary. It is now known that Linux telnet daemons are vulnerable as
well.
|
| Alerts: |
|
Comments (none posted)
tripwire format string vulnerability
| Package(s): | tripwire |
CVE #(s): | CAN-2004-0536
|
| Created: | June 4, 2004 |
Updated: | July 7, 2004 |
| Description: |
The code that generates email reports contains a format string
vulnerability in pipedmailmessage.cpp. With a carefully crafted filename
on a local filesystem an attacker could cause execution of arbitrary code
with permissions of the user running tripwire, which could be the root
user. See this advisory on SecurityFocus for more details. |
| Alerts: |
|
Comments (none posted)
utempter problems with symlink and strncpy
| Package(s): | utempter |
CVE #(s): | CAN-2004-0233
|
| Created: | April 19, 2004 |
Updated: | June 11, 2004 |
| Description: |
Steve Grubb discovered two potential issues in the utempter program:
- If the path to the device contained /../ or /./ or //, the program
was not exiting as it should. It would be possible to use something like
/dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked to
another important file, programs that have root privileges that do no
further validation can then overwrite whatever the symlink pointed to.
- Several calls to strncpy without a manual termination of the string.
This would most likely crash utempter.
|
| Alerts: |
|
Comments (none posted)
XChat 2.0.x SOCKS5 Vulnerability
| Package(s): | xchat |
CVE #(s): | CAN-2004-0409
|
| Created: | April 19, 2004 |
Updated: | November 15, 2005 |
| Description: |
XChat is vulnerable to a stack overflow that may allow a remote attacker to
run arbitrary code. The SOCKS 5 proxy code in XChat is vulnerable to a
remote exploit. Users would have to be using XChat through a SOCKS 5
server, enable SOCKS 5 traversal which is disabled by default and also
connect to an attacker's custom proxy server. This vulnerability may allow
an attacker to run arbitrary code within the context of the user ID of the
XChat client. |
| Alerts: |
|
Comments (none posted)
xine-ui - insecure temporary file creation
| Package(s): | xine-ui |
CVE #(s): | CAN-2004-0372
|
| Created: | April 6, 2004 |
Updated: | April 27, 2006 |
| Description: |
Shaun Colley discovered a problem in xine-ui, the xine video player
user interface. A script contained in the package to possibly remedy
a problem or report a bug does not create temporary files in a secure
fashion. This could allow a local attacker to overwrite files with
the privileges of the user invoking xine. |
| Alerts: |
|
Comments (none posted)
Resources
Bruce Schneier's CRYPTO-GRAM newsletter for June is out; it looks at the
breaking of Iranian codes, biometric IDs, whether Microsoft should provide
security updates for pirated copies of its software, the Witty worm, and
more. " Witty represents a new chapter in malware. If it had used common
Windows vulnerabilities to spread, it would have been the most damaging
worm we have seen yet. Worm writers learn from each other, and we have
to assume that other worm writers have seen the disassembled code and
will reuse it in future worms. Even worse, Witty's author is still
unknown and at large -- and we have to assume that he's going to do
this kind of thing again."
Full Story (comments: 2)
Here is the
U.S. Federal Trade Commission's press release on its decision not to
create a national "do not spam" list at this time. " A registry of
individual email addresses also suffers from severe security/privacy risks
that would likely result in registered addresses receiving more spam
because spammers would use such a registry as a directory of valid email
addresses. It ultimately would become the National Do Spam
List. Furthermore, a registry of domains would have no impact on spam and a
third-party forwarding service model could have a devastating impact on the
e-mail system." There will be an "email authentication summit" in
the (northern hemisphere) Fall to address what the FTC sees as the real
problem.
Comments (10 posted)
Page editor: Jonathan Corbet
Next page: Kernel development>>
|
|
|