[security] Security Advisories

Lorenzo Iannuzzi nakis a libero.it
Gio 20 Maggio 2004 16:32:41 CEST 

http://www.kde.org/info/security/advisory-20040517-1.txt

        iDEFENSE identified a vulnerability in the Opera Web Browser
        that could allow remote attackers to create or truncate
        arbitrary files. The KDE team has found that similar
        vulnerabilities exists in KDE.

        The telnet, rlogin, ssh and mailto URI handlers in KDE do not
        check for '-' at the beginning of the hostname passed, which
        makes it possible to pass an option to the programs started
        by the handlers.

http://www.mandrakesecure.net/en/advisories/

 Steve Grubb discovered a number of problems in the libuser library that
 can lead to a crash in applications linked to it, or possibly write 4GB
 of garbage to the disk.

 Steve Grubb found some problems in the passwd program.  Passwords given
 to passwd via stdin are one character shorter than they are supposed to
 be.  He also discovered that pam may not have been sufficiently
 initialized to ensure safe and proper operation.  A few small memory
 leaks have been fixed as well.

 Four security vulnerabilities were fixed with the 1.3.31 release of
 Apache.  All of these issues have been backported and applied to the
 provided packages.  Thanks to Ralf Engelschall of OpenPKG for providing
 the patches.
 
 Apache 1.3 prior to 1.3.30 did not filter terminal escape sequences
 from its error logs.  This could make it easier for attackers to insert
 those sequences into the terminal emulators of administrators viewing
 the error logs that contain vulnerabilities related to escape sequence
 handling (CAN-2003-0020).
 
 mod_digest in Apache 1.3 prior to 1.3.31 did not properly verify the
 nonce of a client response by using an AuthNonce secret.  Apache now
 verifies the nonce returned in the client response to check whether it
 was issued by itself by means of a "AuthDigestRealmSeed" secret exposed
 as an MD5 checksum (CAN-2004-0987).
 
 mod_acces in Apache 1.3 prior to 1.3.30, when running on big-endian
 64-bit platforms, did not properly parse Allow/Deny rules using IP
 addresses without a netmask.  This could allow a remote attacker to
 bypass intended access restrictions (CAN-2003-0993).
 
 Apache 1.3 prior to 1.3.30, when using multiple listening sockets on
 certain platforms, allows a remote attacker to cause a DoS by blocking
 new connections via a short-lived connection on a rarely-accessed
 listening socket (CAN-2004-0174).  While this particular vulnerability
 does not affect Linux, we felt it prudent to include the fix.
-- 

Ciao e alla prossima!
Lorenzo

Maggiori informazioni sulla lista security