SuSE Security Advisory SuSE-SA:2002:033 - SuSE Linux warns its users about several packages that were statically linked against vulnerable OpenSSL libraries. The affected packages are mod_ssl, sendmail-tls, openssh and freeswan.
7c5d3b640aa744d799ffbe833a3010bdSuSE security advisory SuSE-SA:2002:022 - A vulnerability found in the chucked encoding implementation in Apache versions 1.3.24, 2.0.36 or prior can be used to remotely execute code on systems running this software. This vulnerability affects SuSE linux version 6.4, 7.0, 7.1, 7.2, 7.3 and 8.0.
0f13f7e1efd9ab88617e08d01f2ebd63SuSE Linux Security Announcement SuSE-SA:2002:019 - ISC DHCPD v3.0 to 3.0.1rc8 is vulnerable to a remote root format string bug attack when reporting the result of a dns-update request. This affects SuSE distributions based upon 7.2, 7.3 and 8.0.
8ecf9f6858b9348a875859858c4d3c3aSuSE Linux security advisory SuSE-SA:2002:018 - A buffer overflow that allows remote code execution has been found in the code used by Lukemftp to process information returned from the PASV FTP command. Lukemftp is the standard ftp client in /usr/bin/ftp.
4f27e39155d83c9a2bc1b37928cc8c59SuSE Security Announcement: sysconfig (SuSE-SA:2002:016) - On SuSE 8.0 information gained from DHCP packets is used in commands line execution by the ifup-dhcp script. This vulnerability has been fixed in the sysconfig-0.23.14-60.i386.rpm package.
3ce9c5a58f551a5241627e11bc678f7bSuSE Security Announcement: imlib (SuSE-SA:2002:015) - Imlib used to depend on a netpbm library which is well known to have security problems. This and a heap corruption bug have been corrected.
bc2e8f64a86b00615632838f170fc5b5SuSE Security Advisory SuSE-SA:2001:17 - The crontab program is running setuser-id root and invokes the editor specified in the EDITOR environment variable, usually vi. If crontab discovers that the format of the edited file is incorrect, it executes the editor again but fails to drop its root privileges before. Therefore it is possible to execute arbitrary commands as root.
af4bf7959b96f7cf6142027943e692c7SuSE Security Advisory SuSE-SA:2001:15 - Hfaxd v4.1 contains format string local root vulnerabilities.
c978d7b79e53e78dfdcd43c33f80c664SuSE Security Advisory SuSE-SA:2001:14 - When printing a whole text or selected parts of a text, nedit(1) creates a temporary file in an insecure manner. This behavior could be exploited to gain access to other users privileges, even root.
e85a878c46bb62976fbfdfc486a7c2d2SuSE Security Advisory SuSE-SA:2001:13 - sudo(8) previous to version 1.6.3p6 is vulnerable by a buffer overflow in it's logging code, which could lead to local root compromise.
f3bb1e3dd5c1b37ac6c014677f1312adSuSE Security Advisory SuSE-SA:2001:12 - Vim and gvim have two vulnerabilities - A /tmp race condition and vim commands in regular files will be executed if the status line of vim is enabled in vimrc. Both vulnerabilities could be used to gain unauthorized access to more privileges. Patches available.
03fd1a645b922870b08353392abd4f08SuSE Security Advisory SuSE-SA:2001:11 - The Midnight Commander, mc(1), is a ncurses-based file manager. A local attacker could trick mc(1) into executing commands with the privileges of the user running mc(1) by creating malicious directory names. This attack leads to local privilege escalation. Update mc to the newest version!
54e4d40efca1045195b4c53df8ebaa4fSuSE Security Advisory SuSE-SA:2001:10 - xntp is the network time protocol package widely used with many unix and linux systems for system time synchronization over a network. An exploit published by Przemyslaw Frasunek demonstrates a buffer overflow in the control request parsing code. The exploit allows a remote attacker to execute arbitrary commands as root. All versions as shipped with SuSE Linux are affected by the buffer overflow problem.
88b0f4e9a928b9a9c930195843b483d1SuSE Security Advisory SuSE-SA:2001:05 - CUPS contains remote root vulnerabilities which can be exploited over TCP port 631.
04ed3a0d15aaf90b6ed4625d351d5b87SuSE Security Advisory SuSE-SA:2001:04 - SSH1 allows remote users to brute-force passwords without getting noticed or logged, SSH session key recovery, and remote root compromise. Switch to openssh.
530084336eedabe30d2d04bac3df3d64SuSE Security Announcement - bind-8.x in all versions of the SuSE distributions contain a bug in the transaction signature handling code that can allow to remotely overflow a buffer and thereby execute arbitrary code as the user running the nameserver (this is user named by default on SuSE systems). In addition to this bug, another problem allows for a remote attacker to collect information about the running bind process.
b6d80be28007588d5d9912654c22270bSuSE Security Announcement SuSE-SA:2001:02 - Kdesu can give users the root password if the 'keep password' option is enabled.
ada78eef21012bc9e8a433760d3d2b50SuSE Security Announcement SuSE-SA:2001:01 - The runtime-linker as used in the SuSE distributions ignores the content of the critical environment variables, allowing local users to link against user-specified libraries and obtain the privilege level of a setuid binary. To eliminate these problems, we provide update packages that completely disregard the LD_* variables upon runtime-linking of a binary that has an effective uid different from the caller's userid.
22bf41a5074c90f697f9bc3c1d60bf8fSuSE Security Announcement - openssh is an implementation of the secure shell protocol, available under the BSD license, primarily maintained by the OpenBSD Project. Many vulnerabilities have been found in the openssh package: An openssh client (the ssh program) can accept X11- or ssh-agent forwarding requests even though these forwarding capabilities have not been requested by the client side after successful authentication. Using these weaknesses, an attacker could gain access to the authentication agent which may hold multiple user-owned authentication identities, or to the X-server on the client side as if requested by the user.
7f97be0212f0dff802a15f9082d28125SuSE Security Advisory - SuSE Security Advisory - Two security problems exist in the netscape packages shipped with SuSE Linux distributions. The first one involves improper verification in Netscape's jpeg processing code that can lead to a buffer overflow where data from the network can overwrite memory. The second involves an error in the java implentation in Netscape where it is possible for an attacker to view files and directories with the priviledge of the user running Netscape if the user visits a maliciously crafted web site. Upgrade to 4.76!!! SuSE security site here
f02fade66ff0d7958fd5a645cc788564SuSE Security Announcement - Tcpdump contains remotely exploitable buffer overflows. Fully patched upgrade not yet available.
ab73d550ff27f8a2a66afd1b6e8c5742SuSE Security Advisory - Several recent issues are covered in this advisory, including a gpg, bind8, pine, gs, global, tcpdump, tcsh, and the module package.
5eb5dba77927e614650b559abd517d31SuSE Security Announcement - Newer versions of /sbin/modprobe can be tricked into executing commands as root if setuid programs which can trigger the loading of modules are installed.
5c3590a0ad4361f6be5332c29da131afSuSE Security Advisory - A vulnerability has been found in the ncurses library, which is used by many text based applications. Insufficient boundary checking leads to a buffer overflow if a user supplies a specially drafted terminfo database file. If an ncurses-linked binary is installed setuid root, it is possible for a local attacker to exploit this hole and gain local root access. SuSE recommends patching this vulnerability by removing the SUID bits from xaos, screen, and cda.
898e03004864a6e80967310900737ec5SuSE Security Advisory - Ypbind suffers from remote root format string bugs and needs to be updated.
6948959682e6e887aae904ead542d0b5
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed