dziury z 2 IX 2002
Blues
blues w ds6.pg.gda.pl
Pon, 2 Wrz 2002, 11:27:58 CEST
Ciągle dziurawe:
On Wed, 28 Aug 2002, Blues wrote:
> > > 39. Mpack
> > > Vendor: Carnegie Mellon University
> > > Two vulnerabilities were reported in the 'mpack' (aka
> > > 'munpack') file decoding utility. A remote user may be able to
> > > cause an e-mail program that uses mpack/munpack to decode
> > > MIME-based binary files to crash or to execute arbitrary code. A
> > > remote user may also be able to create certain files on the system.
> > > Impact: Denial of service via network
> > > Alert: http://securitytracker.com/alerts/2002/Aug/1004929.html
>
> mc - jest wersja 4.6cośtam. Zdalne wykonanie programu przy VFS. Problem
> jest w tym, że wg anonsu wyleciało z paczki wsparcie dla gnome (gmc),
> więc sprawa jest średnio ciekawa...
>
> mozilla - było trochę dziur, a pojawiła się 1.1 - IMHO do upgrade.
>
> Fix jest w cvs-ie php-a... Pewnie w miarę szybko pojawi się nowsza wersja,
> ale do tego czasu wartoby to jednak załatać... RH wypuścił połatane 4.1.2
> 19. Php
> Vendor: PHP Group
> An input validation vulnerability was reported in PHP in the
> mail() function. A remote user can bypass safe_mode and cause
> arbitrary scripts to be executed. A remote user may be able to
> send mail via an open relay.
>
> Impact: Host/resource access via network
>
> Alert: http://securitytracker.com/alerts/2002/Aug/1005098.html
NOWOŚCI:
--------
To co mamy _jest_ dziurawe... Przydałby się upgrade
> gaim - w debianie połatane ukazało się
1. Gaim
Vendor: Gaim.sourceforge.net
A vulnerability was reported in the Gaim instant messaging
client software. A remote user can cause arbitrary operating
system commands to be executed on the target user's system when the
target user clicks on a malicious Instant Messaging link.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2002/Aug/1005165.html
To się potwierdziło "patch avaible in cvs" - root lokalnie...:
> python (sprzed momentu) - debian wypuścił połatane wersje - niebezpieczne
> używanie tmp.
5. Python
Vendor: Python.org
A vulnerability was reported in Python. A local user may be
able to execute arbitrary commands with elevated privileges.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2002/Aug/1005155.html
To leży w cvs-ie nie skończone, ale warto to mieć na uwadze
11. Webmin
Vendor: Cameron, Jamie
A vulnerability was reported in the Webmin system
administration application. An authenticated remote user could
gain elevated privileges on the system in certain situations
Impact: Root access via network
Alert: http://securitytracker.com/alerts/2002/Aug/1005147.html
Z ciekawostek :) :
7. Linuxconf
Vendor: Gelinas,Jacques et al
A buffer overflow vulnerability was reported in the 'linuxconf'
Linux administration utilities. A local user may be able to
execute arbitrary code to gain root privileges on the system.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2002/Aug/1005153.html
To już nas nie dotyczy:
12. Xinetd
Vendor: Xinetd.org
A denial of service vulnerability was reported in xinetd. A
remote user may be able to cause xinetd to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2002/Aug/1005143.html
--
---------------------------------
pozdr. Paweł Gołaszewski
---------------------------------
CPU not found - software emulation...
Więcej informacji o liście dyskusyjnej pld-devel-pl