[security] Debian Security Advisories

Lorenzo Iannuzzi nakis a libero.it
Dom 22 Feb 2004 11:41:15 CET


http://www.debian.org/security/

During an audit, Ulf Harnhammar discovered a vulnerability in
lbreakout2, a game, where proper bounds checking was not performed on
environment variables.  This bug could be exploited by a local
attacker to gain the privileges of group "games".

Several vulnerabilities have been fixed in the mailman package:

 - CAN-2003-0038 - potential cross-site scripting via certain CGI
   parameters (not known to be exploitable in this version)

 - CAN-2003-0965 - cross-site scripting in the administrative
   interface

 - CAN-2003-0991 - certain malformed email commands could cause the
   mailman process to crash

During an audit, Ulf Harnhammar discovered a vulnerability in
synaesthesia, a program which represents sounds visually.
synaesthesia created its configuration file while holding root
privileges, allowing a local user to create files owned by root and
writable by the user's primary group.  This type of vulnerability can
usually be easily exploited to execute arbitary code with root
privileges by various means.
-- 

Ciao e alla prossima!
Lorenzo
-------------- parte successiva --------------
Un allegato non testuale  stato rimosso....
Nome:        non disponibile
Tipo:        application/pgp-signature
Dimensione:  244 bytes
Descrizione: non disponibile
Url:         http://itlists.org/pipermail/security/attachments/20040222/b29ec899/attachment.pgp 


Maggiori informazioni sulla lista security