SuSE Linux Distribution - Page 735
Find the information you need for your favorite open source distribution .
SuSe: OpenLDAP2 buffer overflow vulnerability
Multiple buffer overflow vulnerabilities exist in OpenLDAP2.
SuSe: pine address buffer overflow vulnerability
While parsing and escaping characters of eMail addresses pine does not allocate enough memory for storing the escaped mailbox part of an address.
SuSe: samba password buffer overflow vulnerability
There was a bug in the length checking for encrypted password change requests from clients.
SuSe: bind multiple vulnerabilities
The security research company ISS (Internet Security Services) has discovered several vulnerabilities in the BIND8 name server, including a remotely exploitable buffer overflow.
SuSe: traceroute buffer overflow
Traceroute-nanog requires root privilege to open a raw socket. It does not relinquish these privileges after doing so. This allows a malicious user to gain root access by exploiting a buffer overflow at a later point.
SuSe: 'kdenetwork' Local buffer overflow
It is possible for a local attacker to exploit a buffer overflow condition in resLISa, a restricted version of KLISa.
SuSe: perl-MailTools arbitrary command execution vulnerability
This package contains a security hole which allows remote attackers to execute arbitrary commands in certain circumstances.
SuSe: lpr arbitrary commands vulnerability
There is a vulnerability where local attackers can pass certain commandline arguments to lpr running as root, fooling it to execute arbitrary commands as root.
SuSe: syslog-ng buffer overflow
Syslog-ng contained buffer overflows in its macro expansion routines.
SuSE eMail Server: 'postgresql' Remote privilege escalation
The PostgreSQL Object-Relational DBMS was found vulnerable to several security related buffer overflow problems.
SuSE: 'heartbeat' Remote format string overflow vulnerability
A remote attacker could send a speciallycrafted TCP packet that overflows a buffer, leaving heartbeat to execute arbitrary code as root.
SuSE: 'mod_php4' Multiple vulnerabilities
Multiple vulnerabilities including improper behavior and XSS exploits have been fixed.
SuSE: 'hylafax' Format string vulnerability
The logging function of faxgetty prior version 4.1.3 was vulnerable to a format string bug when handling the TSI value of a received facsimile.
SuSE: 'heimdal' Multiple vulnerabilities
While doing so several possible buffer overflows and other bugs have been uncovered and fixed.
SuSe: Slapper Worm Advisory
On July 30, we (SuSe) released a security advisory concerning vulnerabilities in OpenSSL, including a buffer overflow in the SSL code. This vulnerability is currently being exploited by a worm called Slapper, propagating through Apache's mod_ssl module.
SuSe: libX11 vulnerability
The libX11 library from this package dynamically loads other libraries where the pathname is controlled by the user invoking the program linked against libX11. Unfortunately, libX11 also behaves the same way when linked against setuid programs. This behavior allows local users to execute arbitrary code under a different UID which can be the root-UID in the worst case.
SuSe: RPC buffer overflow
An integer overflow has been discovered in the xdr_array() function, contained in the Sun Microsystems RPC/XDR library, which is part of the glibc library package on all SuSE products. This overflow allows a remote attacker to overflow a buffer, leading to remote execution of arbitrary code supplied by the attacker.
SuSE: ipppd buffer overflows
The ipppd program contained various buffer overflows and format string bugs. Since ipppd is installed setuid to root and executable by users of group 'dialout' this may allow attackers with appropriate group membership to execute arbitrary commands as root.
SuSE: 'wwwoffle' Remote privilege escalation
The parsing code of wwwoffled that processes HTTP PUT and POST requests fails to handle a Content Length value smaller then -1. It is believed that an attacker could exploit this bug to gain remote wwwrun access to the system wwwoffled is running on.
SuSE: 'mod_ssl / mm' Multiple vulnerabilities
This security announcement covers two different errors in packages used by and used with the apache package.
