Debian Essential And Critical Security Patch Updates - Page 296
Find the information you need for your favorite open source distribution .
Debian: dhcp remote root exploit
The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2 (potato) are vulnerable to a root exploit.
Debian: remote root exploit
The version of wu-ftpd distributed in Debian GNU/Linux 2.1 (a.k.a. slink), as well as in the frozen (potato) and unstable (woody) distributions, is vulnerable to a remote root compromise.
Debian: splitvt local root exploit
The version of splitvt distributed in Debian GNU/Linux 2.1, the frozen (potato) and unstable (woody) distributions, is vulnerable to a local buffer overflow.
Debian: mailx local exploit
The version of mailx distributed in Debian GNU/Linux 2.1, the frozen (potato) and unstable (woody) distributions is vulnerable to a local buffer overflow.
Debian 2.1: majordomo vulnerability
Any local user can trick majordomo into executing arbitrary code or to create or write files as the majordomo user anywhere on the filesystem.
Debian Security Advisory: mtr
The version of mtr as distributed in Debian GNU/Linux 2l1 (aka slink) did not drop root privileges correctly. While there are no known exploits it is conceivable that a weakness in gtk or ncurses could be used to exploit this.
Debian 2.1: nmh remote exploit
nmh did not check incoming mail messages properly. This could be exploited byusing carefully designed MIME headers to trick mhshow into executing arbitrary shell code. [Found on LWN]
Debian 2.1: race condition present in make
The make package as shipped in Debian GNU/Linux 2.1 is vulnerable to arace condition that can be exploited with a symlink attack. make usedmktemp while creating temporary files in /tmp. and that is a knownpotential security hole, as documented in the man page of mktemp.
apcd: symlink attack in apcd
The apcd package as shipped in Debian GNU/Linux 2.1 is vulnerable to a symlink attack. If the apcd process gets a SIGUSR1 signal it will dump its status to /tmp/upsstat. However this file is not opened safely, which makes it a good target for a symlink attack. This has been fixed in version 0.6a.nr-4slink1. We recommend you upgrade your apcd package immediately.
Deb: Root compromise in ftpwatch
This vulnerability exists in all distributed versions of the ftpwatch package. We recommend that you remove ftpwatch package until a corrected version is released.
Deb: buffer overflows in bootpd and ftp
Vulnerabilities have been found in the bootpd and ftp programs.
Deb: Buffer overflow in some ftp servers
The wu-ftpd-academ and proftpd packages distributed in Debian GNU/Linux 2.0 (hamm) are vulnerable to a buffer overflow. It is possible to gain shell access to the machine, and we recommend upgrading these packages immediately.
TDeb: Security problem with temp file handling
There is an error in the way the cfengine package handles temporary files whenit runs the tidy action on homedirectories. This error makes it susceptible tosymlink attacks.
New version of samba released
The version of samba as distributed in Debian GNU/Linux 2.1 has a couple ofsecurity problems:* a Denial-of-Service attack against nmbd was possible* it was possible to exploit smbd if you had a message command defined which used the %f or %M formatter.* smbmnt's check to see if a user is allowed to create a mount was flawed which allowed users to mount at arbitraty mountpoints in the filesystem
New version of htdig released
The version of htdig that was shipped in Debian GNU/Linux 2.1 has a problem with calling external programs to handle non-HTML documents: it calls the external program with the document as a parameter, but does not check for shell escapes. This can be exploited by creating files with filenames that include shell escapes to run arbitraty commands on the machine that runs htdig.
New version of sendmail-wide released
The version of sendmail-wide that was distributed with Debian GNU/Linux 2.1 has a slight problem in the code to regenerate the aliases database. Sendmail allowed any user to run sendmail with the -bi option to (re)initialize the aliases database. The user could then interrupt sendmail and leave the system with a broken aliases database.
Updated i386 package for sendmail
The version of sendmail that was listed in the earlier advisory today was compiled with the wrong version of libc. This has been corrected in version 8.9.3-3slink1.0.1 .
