Security Advisories Week: 22-29 May 2002
Title: OpenServer popper buffer overflow and denial of service
Date: May 22 2002
Vendor: Caldera
Vulnerable systems: OpenServer 5.0.5 and OpenServer 5.0.6
Full advisory: http://www.net-security.org/advisory.php?id=716
Problem description: /etc/popper will go into a loop if a character string of length 2048 (or more) is sent to it. If the bulldir variable in the user's config file is longer than 256 characters, popper will memory fault.



Title: Remote buffer overflow in imap
Date: May 24 2002
Vendor: Connectiva
Vulnerable systems: Conectiva Linux 6.0, 7.0, 8
Full advisory: http://www.net-security.org/advisory.php?id=717
Problem description: This vulnerability can be exploited by a remote attacker after he or she has been successfully authenticated by the server. Arbitrary code could then be executed, but with the privileges of the authenticated user.



Title: Cross site scripting vulnerability in mailman
Date: May 24 2002
Vendor: Conectiva
Vulnerable systems: Conectiva Linux 6.0, 7.0, 8
Full advisory: http://www.net-security.org/advisory.php?id=718
Problem description: Barry A. Warsaw announced a new version of mailman that fixes two cross site scripting vulnerabilities. According to this announcement, "office" reported such a vulnerability in the login page, and Tristan Roddis reported one in the Pipermail index summaries.



Title: Buffer overflow in UW imap daemon
Date: May 22 2002
Vendor: Red Hat
Vulnerable systems: Red Hat Linux 6.2, 7.1, 7.2
Full advisory: http://www.net-security.org/advisory.php?id=719
Problem description: The UW imap daemon contains a buffer overflow which allows a logged in, remote user to execute commands on the server with the user's UID/GID.



Title: Updated nss_ldap packages fix pam_ldap vulnerability
Date: May 26 2002
Vendor: Red Hat
Vulnerable systems: Red Hat Linux 6.2, 7.1, 7.2, 7.3
Full advisory: http://www.net-security.org/advisory.php?id=721
Problem description: Updated nss_ldap packages are now available for Red Hat Linux 6.2, 7.0, 7.1, 7.2, and 7.3. These packages fix a string format vulnerability in the pam_ldap module.



Title: perl-Digest-MD5 bug
Date: May 28 2002
Vendor: Mandrake
Vulnerable systems: Mandrake Linux 8.2
Full advisory: http://www.net-security.org/advisory.php?id=722
Problem description: A bug exists in the UTF8 interaction between the perl-Digest-MD5 module and perl that results in UTF8 strings having improper MD5 digests. The 2.20 version of the module corrects this problem.



Title: Fetchmail prior 5.9.10 vulnerable
Date: May 28 2002
Vendor: Mandrake
Vulnerable systems: Mandrake Linux 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1, Single Network Firewall 7.2
Full advisory: http://www.net-security.org/advisory.php?id=723

Spotlight

Staples customers likely the latest victims of credit card breach

Posted on 21 October 2014.  |  Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //