Brief items
This EEYE alert describes what looks like a
fairly run-of-the-mill Microsoft vulnerability. It is a buffer overflow in
the ASN.1 library; the list of software affected includes a few small
things like NT 4.0, Windows 2000, Windows XP, Internet Explorer,
Outlook, IIS, etc. It is said to be difficult to exploit, but that is not
a statement that will bring comfort to many.
The interesting thing is that EEYE claims to have reported this
vulnerability to Microsoft in July, 2003. Microsoft has only now responded
with a fix. In other words, the company left its customers open to a known
security bug for a good six months.
Free software suffers from far too many security vulnerabilities as well.
Some of them are truly serious. Many of them are embarrassing. But it is
rare indeed for a hole to remain unclosed for such a long time. Free
software developers will, almost without exception, respond to problems
much more quickly than that. They know that, should they fail to respond,
the community will simply fix the problem for them. We have a lot of
ground to cover before our security is even remotely good enough, but that
should not stop us from taking some pride in the things we do right.
Comments (5 posted)
New vulnerabilities
gallery: code injection
| Package(s): | gallery |
CVE #(s): | |
| Created: | February 12, 2004 |
Updated: | February 12, 2004 |
| Description: |
Gallery (through versions 1.4.1) suffers from a PHP code injection vulnerability which can provide a remote attacker with access to the web server process. |
| Alerts: |
|
Comments (none posted)
libtool - Insecure handling of temporary files
| Package(s): | libtool |
CVE #(s): | |
| Created: | February 5, 2004 |
Updated: | March 8, 2004 |
| Description: |
GNU libtool consists of a set of shell scripts used to build shared
libraries.
Joseph S. Myers
and Stefan
Nordhausen independently found a vulnerability in the way
the ltmain.sh script (which is part of the libtool package) creates
temporary directories for its use.
A local attacker could exploit this vulnerability to change/delete
arbitrary files in the system on behalf of the user who is calling the
script. The vulnerability has been fixed in the 1.5.2 version of libtool. |
| Alerts: |
|
Comments (none posted)
mailman denial of service
| Package(s): | mailman |
CVE #(s): | CAN-2003-0991
|
| Created: | February 9, 2004 |
Updated: | May 25, 2004 |
| Description: |
Matthew Galgoci of Red Hat discovered a Denial of Service (DoS)
vulnerability in versions of Mailman prior to 2.1. An attacker could send
a carefully-crafted message causing mailman to crash. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0991 to this issue. |
| Alerts: |
|
Comments (1 posted)
mailman: cross-site scripting vulnerabilities
| Package(s): | mailman |
CVE #(s): | CAN-2003-0965
CAN-2003-0992
|
| Created: | February 6, 2004 |
Updated: | March 5, 2004 |
| Description: |
Dirk Mueller discovered a cross-site scripting bug in the admin interface
in versions of Mailman 2.1 before 2.1.4. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0965 to
this issue.
A cross-site scripting bug in the 'create' CGI script affects versions of
Mailman 2.1 before 2.1.3. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0992 to this issue. |
| Alerts: |
|
Comments (none posted)
monkeyd: denial of service
| Package(s): | monkeyd |
CVE #(s): | |
| Created: | February 12, 2004 |
Updated: | February 12, 2004 |
| Description: |
The monkeyd HTTP server suffers from a parsing bug which can be exploited to crash the server process. Upgrading to version 0.8.2 fixes the problem. |
| Alerts: |
|
Comments (none posted)
mutt: buffer overflow
| Package(s): | mutt |
CVE #(s): | CAN-2004-0078
|
| Created: | February 12, 2004 |
Updated: | March 26, 2004 |
| Description: |
mutt suffers from a buffer overflow in its "index menu" code. This overflow can be exploited via a hostile message to crash mutt and, perhaps, execute arbitrary code. Version 1.4.2 fixes the problem; see this advisory for details. |
| Alerts: |
|
Comments (none posted)
PHP setting leaks from .htaccess files on virtual hosts
| Package(s): | php |
CVE #(s): | |
| Created: | February 9, 2004 |
Updated: | February 12, 2004 |
| Description: |
If the server configuration "php.ini" file has "register_globals = on"
and a request is made to one virtual host (which has "php_admin_flag
register_globals off") and the next request is sent to the another
virtual host (which does not have the setting) through the same Apache
child, the setting will persist.
Depending on the server and site, an attacker may be able to exploit
global variables to gain access to reserved areas, such as MySQL
passwords, or this vulnerability may simply cause a lack of
functionality. As a result, users are urged to upgrade their PHP
installations. |
| Alerts: |
|
Comments (none posted)
XFree86: buffer overflow
| Package(s): | XFree86 |
CVE #(s): | CAN-2004-0083
CAN-2004-0084
CAN-2004-0106
|
| Created: | February 12, 2004 |
Updated: | February 23, 2004 |
| Description: |
The XFree86 code which reads "fonts.alias" files suffers from a buffer overflow which may be turned into a local root exploit; see this advisory for details. |
| Alerts: |
|
Comments (none posted)
Page editor: Jonathan Corbet
Next page:
Kernel development>>
