dziury z 19 VIII 2002

Blues blues w ds6.pg.gda.pl
Pon, 19 Sie 2002, 10:45:24 CEST 

Tym razem bardzo mało, więc przypomnienia z poprzednich tygodni:

Ciągle dziurawe:
> Dziurawe, debian wypuścił pofixowaną wersję:
> 39. Mpack
> 
>     Vendor: Carnegie Mellon University
> 
>     Two vulnerabilities were reported in the 'mpack' (aka
>     'munpack') file decoding utility.  A remote user may be able to
>     cause an e-mail program that uses mpack/munpack to decode
>     MIME-based binary files to crash or to execute arbitrary code.  A
>     remote user may also be able to create certain files on the system.
> 
>     Impact: Denial of service via network
> 
>     Alert: http://securitytracker.com/alerts/2002/Aug/1004929.html
> 
> Ten snapshot, który mamy jest, niestety, dziurawy.
> 1. ipppd
> 
>     Vendor: isdn4linux.org
> 
>     A vulnerability was reported in the 'ipppd' component of the
>     isdn4linux utils package.  A local user can execute arbitrary
>     commands, possibly with root privileges.
> 
>     Impact: Execution of arbitrary code via local system
> 
>     Alert: http://securitytracker.com/alerts/2002/Aug/1005012.html

A teraz nowości:
----------------

konqueror z KDE3 - tymczasowo brak fixa.
24. KDE Konqueror

    Vendor: KDE.org

    A vulnerability was reported in KDE Konqueror's secure sockets
    layer (SSL) protocol implementation. A remote user with access to a
    target user's encrypted data stream could conduct a
    man-in-the-middle attack to obtain the unencrypted data.

    Impact: Disclosure of user information

    Alert: http://securitytracker.com/alerts/2002/Aug/1005031.html


Mamy to w repo, choć nie używane - przydałoby się przyjrzeć temu, patch 
jest dostępny na stronie
26. Mantis

    Vendor: mantis.sourceforge.net

    A vulnerability was reported in the Mantis web-based bug
    tracking system.  A remote user can execute arbitrary commands on
    the server.

    Impact: Execution of arbitrary code via network

    Alert: http://securitytracker.com/alerts/2002/Aug/1005029.html


-- 
---------------------------------
pozdr.  Paweł Gołaszewski        
---------------------------------
CPU not found - software emulation...

Więcej informacji o liście dyskusyjnej pld-devel-pl