Various signedness issues and integer overflows have been fixed within Various signedness issues and integer overflows have been fixed within kNFSd and the XDR decode functions of kernel 2.6. kNFSd and the XDR decode functions of kernel 2.6. These bugs can be triggered remotely by sending a package with a trusted source IP address and a write request with a size greater then 2^31. The resul [More...]
The QT-library is an environment for GUI-programming and is used in The QT-library is an environment for GUI-programming and is used in various well-known projects, like KDE. various well-known projects, like KDE. Chris Evans found a heap overflow in the BMP image format parser (CAN-2004-0691) which can probably be abused by remote attackers to execute arbitrary code with the privileges of [More...]
The rsync-team released an advisory about a security problem in rsync. The rsync-team released an advisory about a security problem in rsync. If rsync is running in daemon-mode and without a chroot environment it If rsync is running in daemon-mode and without a chroot environment it is possible for a remote attacker to trick rsyncd into creating an absolute pathname while sanitizing it. As [More...]
Gaim is an instant messaging client which supports a wide range of Gaim is an instant messaging client which supports a wide range of protocols. protocols. Sebastian Krahmer of the SuSE Security Team discovered various remotely exploitable buffer overflows in the MSN-protocol parsing functions during a code review of the MSN protocol handling code.
Paul Starzetz from iSEC informed us about a race condition in the 64bit Paul Starzetz from iSEC informed us about a race condition in the 64bit file offset handling code of the kernel. file offset handling code of the kernel. The file offset pointer (f_pos) is changed during reading, writing, and seeking through a file to point to the current position in a file. The Linux kernel offers a 3 [More...]
Several different security vulnerabilities were found in the PNG Several different security vulnerabilities were found in the PNG library which is used by applications to support the PNG image format. library which is used by applications to support the PNG image format. A remote attacker is able to execute arbitrary code by triggering a buffer overflow due to the incorrect handling of the [More...]
The Samba Web Administration Tool (SWAT) was found vulnerable to The Samba Web Administration Tool (SWAT) was found vulnerable to a buffer overflow in its base64 code. This buffer overflow can possibly a buffer overflow in its base64 code. This buffer overflow can possibly be exploited remotely before any authentication took place to execute arbitrary code. The same piece of vulnerable code [More...]
PHP is a well known, widely-used scripting language often used within PHP is a well known, widely-used scripting language often used within web server setups. web server setups. Stefan Esser found a problem with the "memory_limit" handling of PHP which allows remote attackers to execute arbitrary code as the user running the PHP interpreter. This problem has been fixed. Additionally a prob [More...]
Multiple security vulnerabilities are being addressed with this security update of the Linux kernel.Kernel memory access vulnerabilities are fixed in the e1000, decnet,acpi_asus, alsa, airo/WLAN, pss and mpu401 drivers. Thesevulnerabilities can lead to kernel memory read access, write accessand local denial of service conditions, resulting in access to theroot account for an attacker with a loca [More...]
The Dynamic Host Configuration Protocol (DHCP) server is used to The Dynamic Host Configuration Protocol (DHCP) server is used to configure clients that dynamically connect to a network (WLAN configure clients that dynamically connect to a network (WLAN hotspots, customer networks, ...). The CERT informed us about a buffer overflow in the logging code of the server that can be triggered by [More...]
Subversion is a version control system like the well known CVS. Subversion is a version control system like the well known CVS. The subversion code is vulnerable to a remotely exploitable buffer The subversion code is vulnerable to a remotely exploitable buffer overflow on the heap. The bug appears before any authentication took place. An attacker is able to execute arbitray code by abusing [More...]
The Linux kernel is vulnerable to a local denial-of-service attack. By using a C program it is possible to trigger a floating point exception that puts the kernel into an unusable state. To execute this attack a malicious user needs shell access to the victim's machine. The severity of this bug is considered low because local denial-of- service attacks are hard to prevent in general. Addit [More...]
Squid is a feature-rich web-proxy with support for various web-related Squid is a feature-rich web-proxy with support for various web-related protocols. protocols. The NTLM authentication helper application of Squid is vulnerable to a buffer overflow that can be exploited remotely by using a long password to execute arbitrary code. NTLM authentication is enabled by default in the Squid pac [More...]
The Concurrent Versions System (CVS) offers tools which allow developers The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. to share and maintain large software projects. Various remotely exploitable conditions have been found during a source code review of CVS done by Stefan Esser and Sebastian Krahmer (SuSE Security-Team) [More...]
The kdelibs3 (kdelibs for SLES7 based products) package is a core package The kdelibs3 (kdelibs for SLES7 based products) package is a core package for the K desktop environment (KDE). The URI handler of the kdelibs3 for the K desktop environment (KDE). The URI handler of the kdelibs3 and kdelibs class library contains a flaw which allows remote attackers to create arbitrary files as the use [More...]
The Concurrent Versions System (CVS) offers tools which allow developers The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. to share and maintain large software projects. Stefan Esser reported buffer overflow conditions within the cvs program. They allow remote attackers to execute arbitrary code as the user the cvs server [More...]
The Midnight Commander (mc) is a file manager for the console. The Midnight Commander (mc) is a file manager for the console. The mc code is vulnerable to several security related bugs like buffer The mc code is vulnerable to several security related bugs like buffer overflows, incorrect format string handling and insecure usage of temporary files. These bugs can be exploited by local users [More...]
The freshly released SUSE LINUX 9.1 comes in two variants:* SUSE LINUX 9.1 Professional (5 CD-ROMs, 2 double sided DVDs, printed manuals, for Intel i386 32Bit platform and 1 DVD for the AMD 64Bit platform) * SUSE LINUX 9.1 Personal (2 CD-ROMs: 1 installable CD-ROM, 1 Live CD-ROM for running SUSE LINUX on your PC without actually installing the system.)This SUSE Security Announcement targets the [More...]
Various vulnerabilities have been fixed in the newly available kernel Various vulnerabilities have been fixed in the newly available kernel updates. The updates consist of fixes for the following vulnerabilities: updates. The updates consist of fixes for the following vulnerabilities: - The do_fork() memory leak, which could lead to a local DoS attack.All kernels except for SLES7 are affected [More...]
The Concurrent Versions System (CVS) offers tools which allow developers The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. to share and maintain large software projects. During the analyzation of the CVS protocol and their implementation, the SuSE Security Team discovered a flaw within the handling of pathnames. Evil CVS s [More...]
