The OpenNet Project: Новости в области безопасности

Главная

lastsoft

Проект

Безопасность

Общие

Заимствованные

freshmeat

Обзор

Новости безопасности
[27 Apr 2000]	SSH client xauth Vulnerability (1)
[13 Apr 2000]	imwheel Vulnerability (1) (2)
[10 Mar 2000]	IrcII DCC Chat Buffer Overflow Vulnerability (1) (2)
[29 Feb 2000]	ht://dig Arbitrary File Inclusion Vulnerability (1)
[29 Feb 2000]	Corel Linux setxconf, buildxconfig, Dosemu Vulnerability (1)
[28 Feb 2000]	"dump" Buffer Overflow Vulnerability (1) (2)
[26 Feb 2000]	Multiple Linux Vendor man Buffer Overrun Vulnerability (1) (2)
[21 Feb 2000]	Sun Licensing Manager Symlink Vulnerability (1)
[19 Feb 2000]	HP-UX Ignite-UX Blank Password Field Vulnerability (1)
[19 Feb 2000]	FreeBSD Asmon/Ascpu Vulnerability (1)

Следующая страница (10 - 20 из 92) >>

Панель навигации

Службы поддержки

Выражение (regex)

Дата помещения

За последние:

начиная с

Тип ошибки

Класс ошибки

Система

Элементов на стр.

Вид отчета

1	27 Apr 2000	Класс: Remote User	Тип: BUG	Система: user soft	Эксплоит	Решение	Описание	BID
SSH client xauth Vulnerability A vulnerability exists in the default configuration of the SSH client that could be used to compromise the security of a client machine. By default, ssh clients will negotiate to forward X connections. This is done using the xauth program to place cookies in the authorization cache of the remote machine for the user logging in. If the superuser on the remote host cannot be trusted, or the root account has been compromised, the xauth key can be read from the user's .Xauthority file, and used to connect to the client machine. This can result in a wide range of compromises on the client host. A suitable fix is to disable X forwarding from being enabled by default. This can be permanantly done in the /etc/ssh_config file, or in $HOME/.ssh/config for individual hosts. Host * ForwardX11 no
Есть проблема: OpenSSH 1.2, SSH 1.2.1-2.0.12
Нет проблемы: OpenSSH 1.2.3

2	13 Apr 2000	Класс: Boundary	Тип: Buffer Overflow	Система: linux	Эксплоит (1)	Решение	Описание (1)	BID
imwheel Vulnerability A vulnerability exists in the 'imwheel' package for Linux. This package is known to be vulnerable to a buffer overrun in its handling of the HOME environment variable. By supplying a sufficiently long string containing machine executable code, the imwheel program can be caused to run arbitrary commands as root. This is due to a setuid root perl script named 'imwheel-solo' which invokes the imwheel program with effective UID 0.
Есть проблема: Linux 6.1, 6.2

3	10 Mar 2000	Класс: Remote User	Тип: Buffer Overflow	Система: user soft	Эксплоит	Решение	Описание (1)	BID
IrcII DCC Chat Buffer Overflow Vulnerability IrcII is a well-known Internet Relay Chat (IRC) client for unix. Version 4.4-7 and possibly previous versions are known to be vulnerable to a buffer overflow condition in their direct client-to-client (DCC) chat implementation. It may be possible to execute arbitrary code on a client attempting to initiate a dcc chat. Exploitation this vulnerability could result in a remote compromise with the privileges of the user running the ircII client. This vulnerability was present in the "port" made available with FreeBSD. It is not installed by default.
Есть проблема: IrcII 4.4-7
Нет проблемы: IrcII 4.4M

4	29 Feb 2000	Класс: Remote File	Тип: Buffer Overflow	Система: user soft	Эксплоит	Решение	Описание	BID
ht://dig Arbitrary File Inclusion Vulnerability ht://dig is a web content search engine for Unix platforms. The software is set up to allow for file inclusion from configuration files. Any string surrounded by the opening singlw quote character ( ` ) is taken as a path to a file for inclusion, for example: some_parameter: `var/htdig/some_file` htdig will also allow included files to be specified via form input. Therefore, any file can be specified for inclusion into a variable by any web user. The URL: http ://target/cgi-bin/htsearch?Exclude=%60/etc/passwd%60 will return a page with the contents of /etc/passwd in the 'exclude' field.
Есть проблема: ht://Dig 3.2.0b1, ht://Dig 3.1.4
Нет проблемы: ht://Dig 3.2.0b2, ht://Dig 3.1.5

5	29 Feb 2000	Класс:	Тип: BUG	Система: linux	Эксплоит	Решение	Описание	BID
Corel Linux setxconf, buildxconfig, Dosemu Vulnerability
Есть проблема: Corel Linux OS 1.0

6	28 Feb 2000	Класс: Boundary	Тип: BUG	Система: user soft	Эксплоит	Решение	Описание (1)	BID
"dump" Buffer Overflow Vulnerability RedHat Linux (possibly other linux distributions as well) and FreeBSD ship with a file backup utility called 'dump'. Dump is installed in /sbin and is setuid and setgid root on RedHat (and derivative) linux machines and setgid tty on FreeBSD installs. When passed an oversized argument to the "-f a" parameters, dump will crash due to the stack being overrun by the excessive data. If this argument is crafted properly, it may be possible to replace the EIP (instruction pointer or return address) on the stack and execute arbitrary code with the permissions of the process (gid of root). Dump drops setuid priviliges (in Linux, at least), but does not drop effective gid. As a result, this vulnerability could be exploited to gain the effective gid priviliges, which can lead to further system compromise. Under linux, it is thought that this is not exploitable. Under FreeBSD it may be exploitable and result in an attacker gaining egid tty priviliges.
Есть проблема: dump-0.4b13
Нет проблемы: dump-0.4b14

7	26 Feb 2000	Класс: Boundary	Тип: BUG	Система: linux	Эксплоит (1)	Решение	Описание (1)	BID
Multiple Linux Vendor man Buffer Overrun Vulnerability A buffer overflow exists in the implementation of the 'man' program shipped with RedHat Linux, and other LInux vendors. By carefully crafting a long buffer of machine executable code, and placing it in the MANPAGER environmental variable, it becomes possible for a would be attacker to gain egid man. Using attacks previously outlined by Pawel Wilk, and available in the reference portion of the credit section, it is possible for an attacker to alter manpages such that code will be executed. Upon looking up an altered manpage, code will be executed with the privileges of the person running man. If this person is the root user, root privileges can be obtained.
Есть проблема: man < 1.5g

8	21 Feb 2000	Класс: Race Condition	Тип: /tmp race	Система: Sun Solaris	Эксплоит	Решение	Описание	BID
Sun Licensing Manager Symlink Vulnerability A vulnerability exists in the installation of licenses for Sun's WorkShop 5.0 compilers, and other Sun products which use the FlexLM license management system. As part of the installation process, the 'lit' program is run. This program insecurely creates files in /var/tmp. This can be used to create files owned by root, with known contents. The file will be created with root's umask, which by default is 0022. Lit is not part of Globetrotter's FlexLM distribution. It is a license installation tool supplied by Sun for convenience purposes. This vulnerability does not represent a vulnerability in lmgrd, but a flaw in the license installation process. Running lmgrd as a user other than root, while a good idea, will not eliminate this problem. exploit: ln -sf /.rhost /var/tmp/license_errors
Есть проблема: Sun Workshop 5.0

9	19 Feb 2000	Класс: Remote User	Тип: BUG	Система: HP-UX	Эксплоит	Решение	Описание	BID
HP-UX Ignite-UX Blank Password Field Vulnerability In systems running HP-UX, the password field in /etc/passwd contains a token character, "". Under some circumstances, this field can be set to empty -- leaving the HP-UX system vulnerable to compromise. One such circumstance which can cause this to occur is by creating an image of a system with Ignite-UX, which does not normally include the /etc/passwd file. When the image is loaded on a system, the password file will be left with blank entries. In the advisory HP released regarding this vulnerability, the following fix/workaround was suggested: Fixing the problem In a trusted system if the system or the /etc/passwd file has been restored, verify that the password fields in /etc/passwd are "". If Ignite-UX is used to create an image of a trusted system, _override_the_default_ so that /etc/passwd is saved in the image. See man(1M) make_sys_image and note the -f file option.
Есть проблема: HP HP-UX 11.0

10	19 Feb 2000	Класс: Access Validation	Тип: BUG	Система: freebsd	Эксплоит	Решение	Описание	BID
FreeBSD Asmon/Ascpu Vulnerability A vulnerability exists in both the ascpu and asmon ports to FreeBSD. Ascpu and asmon are applets for the popular window manager AfterStep. They retain the look and feel of this window manager, and integrate well in to it's "dock" toolbar. As part of the port to FreeBSD, it was deemed necessary to give them access to /dev/kmem, necessitating them being installed setgid kmem. By passing a command line option, it is possible for an attacker to cause these applications to execute arbitrary commands with group 'kmem' privileges. It should be noted that neither of these programs are truly part of FreeBSD. They are not part of any distribution of FreeBSD. Instead, they are part of the 'ports' section. The over 3000 packages included in ports are presented as-is, and in many cases have not been audited for security problems. exploit: asmon -e "xterm"
Есть проблема: FreeBSD 3.0-3.4

Следующая страница (10 - 20 из 92) >>

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2026 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру