SuSE Linux Distribution - Page 2
Find the information you need for your favorite open source distribution .
Security hole in lprold <= 3.0.1
The file access permissions aren't properly checked by the lpr and lpd program.
Security hole in ypserv < 1.3.9
The package ypserv is the former "yellow pages", now called NIS information service, which is used for e.g. central network user account management. Several vulnerability exists: ypserv prior 1.3.9 allows an administrator in the NIS domain to inject password tables; rpc.yppasswd prior 1.3.6.92 has got a buffer overflow in the md5 hash generation [SuSE linux is unaffected by this, other linux falvors are]; rpc.yppasswdd prior 1.3.9 allows users to change GECO and login shell values of other users.
Security hole in cdwtools < 093
The cdwtools package is a frontend for various programs used to create CDs. Several buffer overflows and /tmp vulnerabilities exist in the cdwtools package. Thanks to Brock Tellier bringing this problem to our attention.
Security hole in mirror
The mirror package is a tool to duplicate the contents of ftp servers. A vulnerability exists when attackers can create directory like " .." on the target mirror ftp server.
Security hole in sccw (Part II)
sccw does insufficient bounds checking, trust it's environment and calls insecure system functions. On a default installation sccw is setuid root.
Security hole in pbpg
The /usr/bin/pg and /usr/bin/pb tools can be used to read any file on the system.
Security hole in ProFTPD
Several buffer overflows have been found in proftpd which have been verified to be exploitable from an remote attacker. The fixing and finding of new holes is going on for over 2 weeks now, and there is no end in sight. Even with all known fixes, proftpd is still vulnerable to remote exploitation.
Security hole in lynx
When lynx calls external programs for protocols (e.g. telnet), the location is passed unchecked. This can be used to activate commandline parameters. For example, this reference [A HREF="telnet://-n.rhosts"]click me[/A] would activate the tracefile options on the telnet client, with the result, that a .rhosts in the current directory would created or overwritten.
Update for Pine (fixed IMAP support)
On June the 28th SuSE released a new pine package, which fixes a security bug. Unfortunately the patch brokes IMAP support for pine. Now there is a new package available which works correctly.
Security hole in cron
Three security threats were found in the vixie crond, which is shipped with SuSE Linux. 1) no boundchecking on a local buffer, while copying data from MAILTO 2) passing invalid options to sendmail 3) it doesn't drop root privileges while sending acknowledge mail to a user
Security hole in rsync
The security breach occurs when you try to transfer an empty directory into a non-existent directory. In that case rsync sets the permissions of the working directory to those of the empty directory; this means, that the permissions of your home directory are changed to the file access mode of the empty directory if you do a remote rsync by using ssh/rsh.
Security hole in netcfg
The way in.identd is started by inetd from a standard /etc/inetd.conf on a SuSE Linux distribution may be exploited to mount a Denial-of-Service attack against the system. When inetd starts in.identd with the "wait" flag and the "-w -t120" options, the in.identd will start to listen on the well known port while inetd deactivates its own listener for the time in.identd is alive.
Security hole in termcap
A buffer overflow has been found in libtermcap's tgetent() function. If a setuid root program uses this function, the user could execute arbitrary code. SuSE Linux 6.0, 6.1 and 6.2 are not affected, since the only program using libtermcap is bc. This program is not setuid root.
Security hole in i4l (xmonisdn)
xmonisdn which is part of the i4l package is installed setuid root by default. To control and display the status of the ISDN network connections xmonisdn uses external programs, which are executed by the system() systemcall, without taking care of a safe environment. The problem arises by old libc, that don't overwrite the IFS environment variable.
Security hole in samba
a) A setuid root installed smbmnt could lead to a security breach due to a race condition. b) The NetBIOS name server nmbd is vulnerable to a denial-of-service attack. c) The message service of the SMB-/CIFS-server has got a buffer overflow.
Security hole in Klock
The KDE screensaver klock includes a bug, which allows to bypass the password authentication. While klock waits for kcheckpass to verify the password a timer is triggered and the dialog box is deleted. After kcheckpass completes klock crashs.
- 739
- 740
