[security] Security Advisories
nakis a libero.it
Mar 20 Apr 2004 13:19:28 CEST
There are multiple format string vulnerabilities in the neon library
used in cadaver, possibly leading to execution of arbitrary code when
connected to a malicious server.
Two new vulnerabilities have been found in the HTTP interface of monit,
possibly leading to denial of service or execution of arbitrary code.
XChat is vulnerable to a stack overflow that may allow a remote
attacker to run arbitrary code.
Steve Grubb discovered two potential issues in the utempter program:
1) If the path to the device contained /../ or /./ or //, the
program was not exiting as it should. It would be possible to use something
like /dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked
to another important file, programs that have root privileges that do no
further validation can then overwrite whatever the symlink pointed to.
2) Several calls to strncpy without a manual termination of the string.
This would most likely crash utempter.
This upgrade fixes a low-level security issue in utempter-0.5.2 where
utempter could possibly be tricked into writing through a symlink, and is
a cleaner implementation all-around.
Ciao e alla prossima!
Maggiori informazioni sulla lista