[security] Security Advisories
Lorenzo Iannuzzi
nakis a libero.it
Sab 22 Maggio 2004 16:59:23 CEST
http://www.sgi.com/support/security/
It has been reported that under certain conditions rpc.mountd goes
into infinite loop while processing some RPC requests.
SGI has released Patch 10072 - SGI ProPack 3:Kernel Update #1 - Security
and other fixes, which includes updated SGI ProPack 3 RPMs for the
SGI Altix family of systems, in response to the following security
issues:
* possible buffer overrun in panic() (SGI BUG 913069)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0394
http://www.osvdb.org/displayvuln.php?osvdb_id=5668
* do_fork() memory leak DoS (SGI BUG 913115)
http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0427
* Updated IA64 kernel packages resolve vulnerabilities (SGI BUG 913475)
http://rhn.redhat.com/errata/RHSA-2004-183.html
http://rhn.redhat.com/errata/RHSA-2004-106.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0109
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0424
* potential memory access to free memory in /proc handling (SGI BUG
913756)
http://www.osvdb.org/displayvuln.php?osvdb_id=2093
SGI has released Patch 10074 - SGI ProPack v2.4:Kernel Update #4 -
Security
and other fixes, which includes updated SGI ProPack v2.4 RPMs for the
SGI Altix family of systems, in response to the following security
issues:
* possible buffer overrun in panic() (SGI BUG 913069)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0394
http://www.osvdb.org/displayvuln.php?osvdb_id=5668
* do_fork() memory leak DoS (SGI BUG 913115)
http://marc.theaimsgroup.com/?l=linux-kernel&m=108139073506983&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0427
* potential memory access to free memory in /proc handling (SGI BUG
913756)
http://www.osvdb.org/displayvuln.php?osvdb_id=2093
http://security.gentoo.org/
There is a format string flaw in Pound, allowing remote execution of
arbitrary code with the rights of the Pound process.
Version 1.2.9 of ProFTPD introduced a vulnerability that causes
CIDR-based Access Control Lists (ACLs) to be treated as "AllowAll",
thereby allowing remote users full access to files available to the
FTP daemon.
http://www.freebsd.org/security/
Due to a programming error in code used to parse data received from
the client, malformed data can cause a heap buffer to overflow,
allowing the client to overwrite arbitrary portions of the server's
memory.
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode
A potential security vulnerability has been identified with HP
ProCurve Routing Switches running TCP where the vulnerability
could be exploited remotely to create a Denial of Service (DoS).
--
Ciao e alla prossima!
Lorenzo
Maggiori informazioni sulla lista
security