Security Linux News for Nov 26, 2000
Conectiva Linux Security Announcement - openssh
"In versions prior to 2.3.0, if the openssh client receives a
request for ssh-agent or X11 forwarding, it does not check if this
feature has been negotiated during session setup and grants access.
This could allow remote access to the client's display and
Conectiva Linux Security Announcement - netscape
"Netscape navigator and communicator versions 4.75 and earlier
have a buffer overflow in the HTML parsing code that can be
exploited by a remote attacker."
SuSE Security Announcement: openssh/ssh
"Many vulnerabilities have been found in the openssh package,
along with a compilation problem in the openssh and ssh packages in
the SuSE-7.0 distribution."
Debian Security Advisory: New version of ghostscript released
"ghostscript uses temporary files to do some of its work.
Unfortunately the method used to create those files wasn't secure:
mktemp was used to create a name for a temporary file, but the file
was not opened safely. A second problem is that during build the
LD_RUN_PATH environment variable was set to the empty string, which
causes the dynamic linker to look in the current directory for
Conectiva Linux Security Announcement - ghostscript
"ghostscript" as shipped with Conectiva Linux has two security
problems that could be used to get higher privileges on a system:
1) insecure temporary file handling could allow symlink attacks; 2)
a compile time option that was incorrectly being used made
ghostscript pick up dynamic libraries in the current directory
instead of the system directories."
Conectiva Linux Security Announcement - tcsh
"When using in-here documents (via the "<<" redirect),
tcsh creates a temporary file in an insecure manner that could
allow a symlink attack to overwrite arbitrary files."
Red Hat Security Advisory: new modutils release addresses more local root compromise possibilities
"The previous packages of modutils released to address a local
root compromise contained an error in new safe guards that caused
them to not properly be enabled when run as root from the kmod
process. These new safe guards check the arguments passed to
modules. The new 2.3.21 modutils package fixes this error and
correctly checks the arguments when running from kmod, limiting
kernel module arguments to those specified in /etc/conf.modules (on
Red Hat Linux 6.2) or /etc/modules.conf (on Red Hat Linux 7). This
release supersedes the previous modutils errata packages."
Conectiva Linux Security Announcement - ethereal (2000-11-26 15:36:00)
"Ethereal has some buffer overflows in some protocol decoders (mainly in AFS, but Netbios, ntp, icq, ppp and resolver also have possible buffer overflow problems). An attacker could send crafted packets to a network that is being monitored by ethereal to exploit these overflows."
Debian Security Advisory: New version of mc released
"Maurycy Prodeus found a problem in cons.saver, a screensaver
for the console that is included in the mc package. cons.saver does
not check if it is started with a valid stdout, which combined with
a bug in its check to see if its argument is a tty (it forgot to
close the file-descriptor after opening the supposed tty) causes it
to write a NUL character to the file given as its parameter."