[security] Security Advisories

Lorenzo Iannuzzi nakis a libero.it
Mar 20 Apr 2004 13:19:28 CEST


There are multiple format string vulnerabilities in the neon library
used in cadaver, possibly leading to execution of arbitrary code when
connected to a malicious server.


Two new vulnerabilities have been found in the HTTP interface of monit,
possibly leading to denial of service or execution of arbitrary code.


XChat is vulnerable to a stack overflow that may allow a remote
attacker to run arbitrary code.


 Steve Grubb discovered two potential issues in the utempter program:
 1) If the path to the device contained /../ or /./ or //, the                 
 program was not exiting as it should. It would be possible to use something 
 like /dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked 
 to another important file, programs that have root privileges that do no 
 further validation can then overwrite whatever the symlink pointed to.
 2) Several calls to strncpy without a manual termination of the string.
 This would most likely crash utempter.


  This upgrade fixes a low-level security issue in utempter-0.5.2 where
  utempter could possibly be tricked into writing through a symlink, and is
  a cleaner implementation all-around.

Ciao e alla prossima!

Maggiori informazioni sulla lista security