Security Advisories Week: 22-29 May 2002
Title: OpenServer popper buffer overflow and denial of service
Date: May 22 2002
Vendor: Caldera
Vulnerable systems: OpenServer 5.0.5 and OpenServer 5.0.6
Full advisory: http://www.net-security.org/advisory.php?id=716
Problem description: /etc/popper will go into a loop if a character string of length 2048 (or more) is sent to it. If the bulldir variable in the user's config file is longer than 256 characters, popper will memory fault.



Title: Remote buffer overflow in imap
Date: May 24 2002
Vendor: Connectiva
Vulnerable systems: Conectiva Linux 6.0, 7.0, 8
Full advisory: http://www.net-security.org/advisory.php?id=717
Problem description: This vulnerability can be exploited by a remote attacker after he or she has been successfully authenticated by the server. Arbitrary code could then be executed, but with the privileges of the authenticated user.



Title: Cross site scripting vulnerability in mailman
Date: May 24 2002
Vendor: Conectiva
Vulnerable systems: Conectiva Linux 6.0, 7.0, 8
Full advisory: http://www.net-security.org/advisory.php?id=718
Problem description: Barry A. Warsaw announced a new version of mailman that fixes two cross site scripting vulnerabilities. According to this announcement, "office" reported such a vulnerability in the login page, and Tristan Roddis reported one in the Pipermail index summaries.



Title: Buffer overflow in UW imap daemon
Date: May 22 2002
Vendor: Red Hat
Vulnerable systems: Red Hat Linux 6.2, 7.1, 7.2
Full advisory: http://www.net-security.org/advisory.php?id=719
Problem description: The UW imap daemon contains a buffer overflow which allows a logged in, remote user to execute commands on the server with the user's UID/GID.



Title: Updated nss_ldap packages fix pam_ldap vulnerability
Date: May 26 2002
Vendor: Red Hat
Vulnerable systems: Red Hat Linux 6.2, 7.1, 7.2, 7.3
Full advisory: http://www.net-security.org/advisory.php?id=721
Problem description: Updated nss_ldap packages are now available for Red Hat Linux 6.2, 7.0, 7.1, 7.2, and 7.3. These packages fix a string format vulnerability in the pam_ldap module.



Title: perl-Digest-MD5 bug
Date: May 28 2002
Vendor: Mandrake
Vulnerable systems: Mandrake Linux 8.2
Full advisory: http://www.net-security.org/advisory.php?id=722
Problem description: A bug exists in the UTF8 interaction between the perl-Digest-MD5 module and perl that results in UTF8 strings having improper MD5 digests. The 2.20 version of the module corrects this problem.



Title: Fetchmail prior 5.9.10 vulnerable
Date: May 28 2002
Vendor: Mandrake
Vulnerable systems: Mandrake Linux 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1, Single Network Firewall 7.2
Full advisory: http://www.net-security.org/advisory.php?id=723

Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //