Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
91
security advisorydenial of servicegentooGentoo: GLSA 200907-04 High: Apache Privilege Escalation and DoS
Multiple vulnerabilities in the Apache HTTP daemon allow for local privilege escalation, information disclosure or Denial of Service attacks. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache: Multiple vulnerabilities Date: July 12, 2009 Bugs: #268154, #271470, #276426, #276792 ID: 200907-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities in the Apache HTTP daemon allow for local privilege escalation, information disclosure or Denial of Service attacks. Background ========= The Apache HTTP server is one of the most popular web servers on the Internet. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/apache < 2.2.11-r2 > = 2.2.11-r2 Description ========== Multiple vulnerabilities have been discovered in the Apache HTTP server: * Jonathan Peatfield reported that the "Options=IncludesNoEXEC" argument to the "AllowOverride" directive is not processed properly (CVE-2009-1195). * Sander de Boer discovered that the AJP proxy module (mod_proxy_ajp) does not correctly handle POST requests that do not contain a request body (CVE-2009-1191). * The vendor reported that the HTTP proxy module (mod_proxy_http), when being used as a reverse proxy, does not properly handle requests containing more data as stated in the "Content-Length" header (CVE-2009-1890). * Francois Guerraz discovered that mod_deflate does not abort the compression of large files even when the requesting connection is closed prematurely (CVE-2009-1891). Impact ===== A local attacker could circumvent restrictions put up by the server administrator and execute arbitrary commands with the privileges of the user running the Apache server. A remote attacker could send multiple requests to a server with the AJP proxy module, possibly resulting in the disclosure of a request intended for another client, or cause a Denial of Service by sending specially crafted requests to serversrunning mod_proxy_http or mod_deflate. Workaround ========= Remove "include", "mod_proxy_ajp", "mod_proxy_http" and "deflate" from APACHE2_MODULES in make.conf and rebuild Apache, or disable the aforementioned modules in the Apache configuration. Resolution ========= All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-servers/apache-2.2.11-r2" References ========= [ 1 ] CVE-2009-1195 https://www.cve.org/CVERecord?id=CVE-2009-1195 [ 2 ] CVE-2009-1191 https://www.cve.org/CVERecord?id=CVE-2009-1191 [ 3 ] CVE-2009-1890 https://www.cve.org/CVERecord?id=CVE-2009-1890 [ 4 ] CVE-2009-1891 https://www.cve.org/CVERecord?id=CVE-2009-1891 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200907-04 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jul 12, 2009
Gentoo
91
security advisorygentoocode executionGentoo: 200403-07 High: Ethereal Remote Overflows and Threats
Mulitple overflows and vulnerabilities exist in Ethereal which may allow an attacker to crash the program or run arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200403-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple remote overflows and vulnerabilities in Ethereal Date: March 28, 2004 Bugs: #45543 ID: 200403-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Mulitple overflows and vulnerabilities exist in Ethereal which may allow an attacker to crash the program or run arbitrary code. Background ========= Quote from https://www.afternic.com/forsale/ethereal.com "Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source license allows talented experts in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows." Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- net-analyzer/ethereal = 0.10.3 Description ========== There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.3, including: * Thirteen buffer overflows in the following protocol dissectors: NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP. * A zero-length Presentation protocol selector could make Ethereal crash. * A vulnerability in the RADIUS packetdissector which may crash ethereal. * A corrupt color filter file could cause a segmentation fault. Impact ===== These vulnerabilities may cause Ethereal to crash or may allow an attacker to run arbitrary code on the user's computer. Workaround ========= While a workaround is not currently known for this issue, all users are advised to upgrade to the latest version of the affected package. Resolution ========= All users should upgrade to the current version of the affected package: # emerge sync # emerge -pv "> =net-analyzer/ethereal-0.10.3" # emerge "> =net-analyzer/ethereal-0.10.3" References ========= [ 1 ] [ 2 ] [ 3 ] [ 4 ] Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Mar 29, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!