Security Advisories Week: 30 May – 6 June 2002
Title: Imap server buffer overflow
Date: May 30 2002
Vendor: Mandrake
Vulnerable systems: Mandrake Linux 7.1, 7.2, 8.1, 8.2, Corporate Server 1.0.1
Full advisory:
Problem description: A buffer overflow was discovered in the imap server that could allow a malicious user to run code on the server with the uid and gid of the email owner by constructing a malformed request that would trigger the buffer overflow.
Title: Ftpd allows data connection hijacking via PASV mode
Date: May 30 2002
Vendor: Caldera
Vulnerable systems: Open UNIX 8.0.0 UnixWare 7.1.1
Full advisory:
Problem description: If an attacker can make a connection to the listening port before the client connects, the server will transmit the data to the attacker instead of the client.
Title: Updated tcpdump packages fix buffer overflow
Date: May 30 2002
Vendor: Red Hat
Vulnerable systems: Red Hat Linux 6.2 and 7.x
Full advisory:
Problem description: tcpdump is a command-line tool for monitoring network traffic. Versions of tcpdump up to and including 3.6.2 have a buffer overflow that can be triggered when tracing the network by a bad NFS packet.
Title: in.uucpd string truncation problem
Date: May 30 2002
Vendor: Debian
Vulnerable systems: Debian GNU/Linux 2.2
Full advisory:
Problem description: in.uucpd, an authentication agent in the uucp package, does not properly terminate certain long input strings.
Title: Memory allocation error in ethereal
Date: May 30 2002
Vendor: Debian
Vulnerable systems: Debian GNU/Linux 2.2
Full advisory:
Problem description: Ethereal versions prior to 0.9.3 were vulnerable to an allocation error in the ASN.1 parser. This can be triggered when analyzing traffic using the SNMP, LDAP, COPS, or Kerberos protocols in ethereal.
Title: Directory Administrator password in cleartext
Date: June 3 2002
Vendor: Caldera
Vulnerable systems: Volution Manager 1.1 Standard
Full advisory:
Problem description: Volution Manager stores the unencrypted Directory Administrator’s password in the /etc/ldap/slapd.conf file.
Title: Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources
Date: June 4 2002
Vendor: Microsoft
Vulnerable systems: Microsoft Exchange
Full advisory:
Problem description: There is a flaw in the way Exchange 2000 handles certain malformed RFC message attributes on received mail. Upon receiving a message containing such a malformation, the flaw causes the Store service to consume 100% of the available CPU in processing the message.
Title: rpc.passwd vulnerability
Date: June 5 2002
Vendor: SGI
Vulnerable systems: IRIX 6.5.*
Full advisory:
Problem description: It’s been reported that /usr/etc/rpc.passwd has a vulnerability which could allow a user to compromise root.
Title: Denial-of-Service Vulnerability in ISC BIND 9
Date: June 5 2002
Vendor: ISC
Vulnerable systems: ISC BIND 9
Full advisory:
Problem description: A denial-of-service vulnerability exists in version 9 of the Internet Software Consortium’s (ISC) Berkeley Internet Name Domain (BIND) server. ISC BIND versions 8 and 4 are not affected. Exploiting this vulnerability will cause the BIND server to shut down.
Title: Updated xchat packages fix /dns vulnerability
Date: June 5 2002
Vendor: Red Hat
Vulnerable systems: Red Hat Linux 6.2 and 7.x
Full advisory:
Problem description: A security issue in XChat allows a malicious server to execute arbitrary commands.
Title: Updated bind packages fix denial of service attack
Date: June 5 2002
Vendor: Red Hat
Vulnerable systems: Red Hat Linux 7.x
Full advisory:
Problem description: Versions of BIND 9 prior to 9.2.1 have a bug that causes certain requests to the BIND name server (named) to fail an internal consistency check, causing the name server to stop responding to requests.
Title: Ghostscript command execution vulnerability
Date: June 5 2002
Vendor: Red Hat
Vulnerable systems: Red Hat Linux 6.2 and 7.x
Full advisory:
Problem description: An untrusted PostScript file can cause ghostscript to execute arbitrary commands due to insufficient checking. Since ghostscript is often used during the course of printing a document (and is run as user ‘lp’), all users should install these fixed packages.
Title: snmpdx(1M) and mibiisa(1M) fixes available
Date: June 5 2002
Vendor: SUN
Vulnerable systems: SunOS 5.8, 5.8_x86, 5.7, 5.7_x86, 5.6, 5.6_x86
Full advisory:
Problem description: A format string vulnerability has been discovered in snmpdx and a buffer overflow found in mibiisa which may be exploited by a local or a remote attacker to gain root access on the affected system.
Title: Multiple Vulnerabilities in Yahoo! Messenger
Date: June 6 2002
Vendor: Yahoo
Vulnerable systems: Yahoo! Messenger version 5,0,0,1064 and prior for Microsoft Windows
Full advisory:
Problem description: There are multiple vulnerabilities in Yahoo! Messenger. Attackers that are able to exploit these vulnerabilities may be able to execute arbitrary code with the privileges of the victim user.
Title: Buffer Overflow when parsing NFS traffic
Date: June 6 2002
Vendor: Conectiva
Vulnerable systems: Conectiva Linux 6.0, 7.0, 8
Full advisory:
Problem description: There is a buffer overflow vulnerability in tcpdump when it is parsing NFS traffic. A remote attacker could exploit this to at least crash the tcpdump process.
Title: tcpdump AFS RPC and NFS packet vulnerabilities
Date: June 6 2002
Vendor: Caldera
Vulnerable systems: OpenLinux 3.1.1 Server prior to tcpdump-3.6.2-2.i386.rpm, OpenLinux 3.1.1 Workstation prior to tcpdump-3.6.2-2.i386.rpm, OpenLinux 3.1 Server prior to tcpdump-3.6.2-2.i386.rpm, OpenLinux 3.1 Workstation prior to tcpdump-3.6.2-2.i386.rpm
Full advisory:
Problem description: The tcpdump program is vulnerable to several buffer overflows, the most serious of which are problems with the decoding of AFS RPCpackets and the handling of malformed NFS packets.
Title: Conectiva Linux Kernel update
Date: June 6 2002
Vendor: Conectiva
Vulnerable systems: 5.0, prg graficos, ecommerce, 5.1, 6.0, 7.0
Full advisory:
Problem description: This announcement updates the kernel package and fixes zlib and lcall vulnerabilities.
Title: Remote denial of service attack in BIND
Date: June 6 2002
Vendor: SuSE
Vulnerable systems: SuSE Linux 7.0, 7.1, 7.2, 7.3, 8.0
Full advisory:
Problem description: There is a bug in the BIND9 name server that is triggered when processing certain types of DNS replies.