2004.07_Rsync, Libpng, Cvs, Mysql.pdf

(227 KB) Pobierz
Layout 1
NEWS
Insecurity
Insecurity News
XChat
XChat is an IRC client for X similar to
AmIRC. A remotely exploitable vulnera-
bility was discovered in the Socks-5
proxy code in XChat. By default, socks5
traversal is disabled, and one would also
need to connect to the attacker’s own
custom proxy server in order for this to
be exploited.
Successful exploitation could lead to
arbitrary code execution as the user run-
ning XChat. The Common Vulnerabilities
and Exposures project has assigned the
name CAN-2004-0409 to this issue.
Mandrake reference MDKSA-2004:036
Red Hat reference RHSA-2004:177
Debian reference DSA-493-1 xchat --
buffer overflow
Neon
Multiple format string vulnerabilities were
discovered in neon, an HTTP and Web-
DAV client library. These vulnerabilities
could potentially be exploited by a mali-
cious WebDAV server to execute arbitrary
code with the privileges of the process
using libneon. The Common Vulnerabili-
ties and Exposures project has assigned
the name CAN-2004-0179 to this issue.
Debian reference DSA-487-1 neon -- for-
mat string
tcpdump
tcpdump, a tool for network monitoring
and data acquisition, was found to con-
tain two vulnerabilities in versions prior
to 3.81, whereby tcpdump could be
caused to crash through attempts to read
from invalid memory locations.
Remote attackers can cause a denial of
service (DoS) via ISAKMP packets contai-
ning a Delete payload with a large num-
ber of SPI’s, which causes an out-of-
bounds read. The Common Vulnerabili-
ties and Exposures project has assigned
the name CAN-2004-1083 to this issue.
Integer underflow in the isakmp_id_print
allows remote attackers to cause a denial
of service via an ISAKMP packet with an
Identification payload with a length that
becomes less than 8 during byte order
conversion, which causes an out-of-
bounds read. The Common Vulnerabili-
ties and Exposures project has assigned
the name CAN-2004-0184 to this issue.
Mandrake reference MDKSA-2004:030
Debian reference DSA-478-1 tcpdump --
denial of service
rsync
A vulnerability was discovered in rsync,
a file transfer program, whereby a
remote user could cause an rsync dae-
mon to write files outside of the intended
directory tree. This vulnerability is not
exploitable when the daemon is config-
ured with the ‘chroot’ option. The
Common Vulnerabilities and Exposures
project has assigned the name CAN-
2004-0426 to this issue.
Debian reference DSA-499-1 rsync -- direc-
tory traversal
libpng
Steve Grubb discovered an error in the
Portable Network Graphics library,
libpng. When processing a broken PNG
image, the error handling routine will
access memory that is out of bounds
when creating an error message. The
impact of this bug is not clear, but it
could lead to a core dump in a program
using libpng, or could result in a DoS
(Denial of Service) condition in a dae-
mon that uses libpng to process PNG
images.
The Common Vulnerabilities and
Exposures project has assigned the name
CAN-2004-0421 to this issue.
Mandrake reference MDKSA-2004:040
Red Hat reference RHSA-2004:181
Debian reference DSA-498-1 libpng -- out
of bound access
Security Posture of Major Distributions
Distributor
Security Sources
Comments
Debian
Info: http://www.debian.org/security/
The current Debian security advisories are included
List: http://lists.debian.org/debian-
on the homepage. Advisories are provided as HTML
security-announce/ Reference: DSA-… 1)
pages with links to the patches. The security advisory
also contains a reference to the mailing list.
Gentoo
Forum: http://forums.gentoo.org/
Unfortunately, Gentoo does not offer a website with
List: http://www.gentoo.org/main/
security updates or other security information. This
en/lists.xml Reference: GLSA: … 1)
forum is the only alternative.
xine-ui
Shaun Colley discovered a problem in
xine-ui, the xine video player user inter-
face. A script contained in the package to
possibly remedy a problem or report a
bug does not create temporary files in a
secure fashion.
This could allow a local attacker to
overwrite arbitrary files with the privi-
leges of the user invoking xine user
interface script. The Common Vulnera-
bilities and Exposures project has
assigned the name CAN-2004-0372 to
this issue.
Mandrake reference MDKSA-2004:033
Debian reference DSA-477-1 xine-ui --
insecure temporary file creation
Mandrake
Info: http://www.mandrakesecure.net
MandrakeSoft runs its own Web site on security topics.
List: http://www.mandrakesecure.net/
Among other things, it includes security advisories
en/mlist.php Reference: MDKSA-… 1)
and references to the mailing lists. The advisories are
HTML pages, but there are no links to the patches.
Red Hat
Info: http://www.redhat.com/errata/
Red Hat files security advisories as so-called Errata:
List: http://www.redhat.com/mailing
Issues for each Red Hat Linux version are then
-lists/ Reference: RHSA-… 1)
grouped. The security advisories are provided in the
form of an HTML page with links to patches.
Slackware
Info: http://www.slackware.com/
The start page contains links to the security mailing
security/ List: http://www.slackware.
list archive. No additional information on Slackware
com/lists/ (slackware-security)
security is available.
Reference: [slackware-security] … 1)
Suse
Info: http://www.suse.de/uk/private/
There is no longer a link to the security page after
support/security/ Patches: http://www.
changes to the Web site. It contains information on the
suse.de/uk/private/download/updates/
mailing list and the advisories. The security patches for
List: suse-security-announce
the individual Suse Linux versions are shown in red on
Reference: SUSE-SA … 1)
the general updates site. A short description of the
vulnerability the patch resolves is provided
1) All distributors indicate security mails in the subject line.
14
July 2004
www.linux-magazine.com
591175488.001.png
MySQL
MySQL is a common database system.
Shaun Colley discovered that two scripts
distributed with MySQL, the ‘mysqld_
multi’ and ‘mysqlbug’ scripts, did not
create temporary files in a secure fash-
ion. An attacker could create symbolic
links in /tmp that could allow for over-
writing of files with the privileges of the
user running the scripts. The script
mysqlbug in MySQL allows local users to
overwrite arbitrary files via a symlink
attack. The Common Vulnerabilities and
Exposures project has assigned the name
CAN-2004-0381 to this issue.
The script mysqld_multi in MySQL
allows local users to overwrite arbitrary
files via a symlink attack. The Common
Vulnerabilities and Exposures project has
assigned the name CAN-2004-0388 to
this issue.
Mandrake reference MDKSA-2004:034
Debian reference DSA-483-1 mysql -- inse-
cure temporary file creation
Linux Kernel 2.4
A vulnerability was found in the R128
DRI driver by Alan Cox. This could theo-
retically allow local privilege escalation.
The previous fix, only partially corrected
the problem. Alan Cox and Thomas
Biege have now developed a full fix for
this. The Common Vulnerabilities and
Exposures project has assigned the name
CAN-2004-0003 to this issue.
A local root vulnerability was dis-
covered in the isofs component of the
Linux 2.4 kernel code which handles
ISO9660 filesystems, by iDefense. This
vulnerability can be triggered by per-
forming a directory listing on a
maliciously constructed ISO filesystem,
or attempting to access a file via a mal-
formed symlink on such a filesystem. A
malicious attacker exploiting this buffer
overflow could gain kernel-level access
to the system. Sebastian Krahmer and
Ernie Petrides have developed a fix for
this. The Common Vulnerabilities and
Exposures project has assigned the name
CAN-2004-0109 to this issue.
An information leak was also discov-
ered in the ext3 filesystem code by Solar
Designer. It was discovered that when
creating or writing to an ext3 filesystem,
some amount of other in-memory data
gets written to the device. The data is not
the file’s contents, not something on the
same filesystem, or even anything that
was previously in a file at all. To obtain
this data, a user with root privileges
needs to read the raw device. The Com-
mon Vulnerabilities and Exposures
project has assigned the name CAN-
2004-0177 to this issue. The same
vulnerability was also found in the XFS
filesystem code (CAN-2004-0133) and
the JFS filesystem code (CAN-2004-
0181).
Finally, a vulnerability in the OSS code
for SoundBlaster 16 devices was discov-
ered by Andreas Kies. It is possible for
local users with access to the sound sys-
tem to crash the machine. The Common
Vulnerabilities and Exposures project has
assigned the name CAN-2004-0178 to
this issue.
Suse reference SuSE-SA:2004:009
Mandrake reference MDKSA-2004:029
Red Hat reference RHSA-2004:166
Debian reference DSA-495-1 linux-kernel-
2.4.16 -- several vulnerabilities
CVS
The Concurrent Versions System (CVS)
offers tools which allow developers to
share and maintain large software pro-
jects. Sebastian Krahmer, from the Suse
security team, discovered a remotely
exploitable vulnerability in the CVS
client. When doing a CVS checkout or
update operation over a network, the
client accepts absolute pathnames in the
RCS diff files. A maliciously configured
server could then create any file with
content on the local user’s disk. This
problem affects all versions of CVS prior
to 1.11.15 which has fixed the problem.
The Common Vulnerabilities and Expo-
sures project has assigned the name
CAN-2004-0180 to this issue.
Derek Robert Price discovered another
vulnerability whereby a CVS pserver
could be abused by a malicious client to
view the contents of certain files outside
of the CVS root directory using relative
pathnames containing “../”. The Com-
mon Vulnerabilities and Exposures
project has assigned the name CAN-
2004-0405 to this issue.
Suse reference SuSE-SA:2004:008
Mandrake reference MDKSA-2004:028
Red Hat reference RHSA-2004:154
Debian reference DSA-486-1 cvs -- several
vulnerabilities
www.linux-magazine.com
July 2004
15
591175488.002.png 591175488.003.png

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin