SuSE Security Advisory - SuSE's traceroute (nanog) has a completely different local root vulnerability than the one reported last week. A format string bug was discovered in a routine that can be used to terminate a line in traceroute's output to easily embed the program in cgi scripts.
96c1b99142636132b324379d6a844d895deaeb497136fb0856e8974c973cb5b2
SuSE Security Advisory - Gnorpm, a graphical user interface to the rpm subsystem for the gnome desktop, handles tempfiles insecurely and can overwrite arbitrary files on the system.
e622695dd71e6bdb9d84ffae1dae2588103bfbaafea9c97d639d626fb1d6841a
SuSE Security Advisory - GNU cfengine, an abstract programming language for system administrators of large networks, has several local root format string vulnerabilities.
f52aec0643cadd4f2fb5e2f95f5fd9d3969b607abef7aebde0e82ce715404736
SuSE Security Advisory - esound, a daemon program for the Gnome desktop, has a race condition which allows local attackers to change the permissions on any file on the filesystem.
6c6d344c26218475b41876a24d93ef04e105e8ff868b589b666644cce3691bc5
A security hole was discovered in syslogd distributed with SuSE 6.2 and 6.3. Local denial of service. Patches available here.
f9eda213e0b80c0aada004c3af66d392c1f5e5c90aea89f48c4d4610eab0854d
SuSE Security Advisory - pam_smb is a package that allows Linux/Unix user authentication using a Windows NT server. Versions 1.1.5 and before contain a buffer overflow that would allow a remote attacker to gain root access on the target host. In addition, Zope needs updating again and the Xchat IRC client can be tricked to execute arbitrary commands if the user clicks on an URL. SuSE security site here.
5a5cc35d33db367672c5f0cd1d3602494bd48a405273b950e7dabe93aac239c6
SuSE Security Advisory - The default package selection in SuSE distributions includes apache. The configuration file that comes with the package allows remote users to read the cgi script sources of the server, and webDAV is installed by default with no access control or authentification activated.
f92847ba2aff6bdbefd20587d7b2ffb12c18a8eeec48d3170b3b886b024544ad
SuSE Security Advisory - Suidperl is the perl interpreter for suid perl scripts, a part of the perl package. A maliciously implemented feature causes the interpreter to spawn the /bin/mail program, thereby passing on untrusted environment that causes /bin/mail to execute arbitrary commands as user root. SuSE security site here.
014ed0af6fcd3148a794ea9fc8ef4e1118024f8702a2a3d00d41005ed9cc8956
SuSE Security Advisory - Due to incorrect string parsing in the code, a remote attacker could gain root priviledges on the machine running the vulnerable rpc.kstatd, which was distributed in the package linuxnfs or knfsd. SuSE security site here.
4fc97e2211f496c84ae3546f1ae36d7e425e0a9e13e7d63bd4f8100763e8c53b
SuSE Security Advisory - Several security issues affecting SuSE machines are noted in this advisory including jpeg buffer overflows in netscape, rpc.kstatd (other vendors named it rpc.statd), user 'nobody's HOME directory set to / and misconfigured webservers, problems around pam_console, gpm DoS, setgid() return value, modes of openldap package files, and the mailman problem. SuSE security site here.
719f4656db59a2596fff860acfda1238b2e51e9f455e962fc306ebf63368ff81
SuSE Security Announcement - A security hole was discovered in the FTP server in nkitb version less than 2000.7.11-0 contains a remote root vulnerability. The standard ftp server does directly pass untrusted data from a DNS server to the setproctitle() function in a unsecure manner, allowing an attacker to modify his/her DNS record to execute abitrary machine code as root while connecting to the standard ftp daemon.
736fef8cf6af36ad331b57ed0ef2b54ea785d6ef402650a95644b54305ef2a9c
SuSE Security Advisory - dhclient below version 2.0 contains a remote root vulnerability because dhclient does not do quoting of server messages before passing them to /sbin/dhclient-script. Dhclient could be tricked by a rogue DHCP server to execute commands as user root.
5c0ca149e1c91461b1be9085c16c3c08f82278eece473c6d97b23dc05060c7f1
SuSE Security Advisory - Tnef v0-124 and below contains a remote vulnerability. Tnef extracts eMails compressed with MS-Outlook. The compressed file includes the path name to which the decompressed data should be written. When specifing a path name like /etc/passwd and sending a compressed mail to root an adversary could gain remote root access to a system by overwriting the local password database. The same could happen if a mail virus scanner, like AMaVIS, process a malicious mail.
c34b8f70cc33bc9bfea5066759f565c2a0f8e35122032b8c67b556e5073b3801
SuSE Security Advisory - Linux Kernel 2.2.x allows local root up to linux-2.2.16.
c0076bac48adc2c9e2c3573d080067b19b42213b21a688c388da664bd56f11b2
SuSE Security Advisory - The wu-ftp FTP server does not do proper bounds checking while processing the SITE EXEC command, allowing a remote attacker to execute arbitrary machine code as root on a FTP server using wu-ftpd. SuSE recommends using the audited 2.4er version of wu-ftpd.
f75a345da50da0a1aeeb54882a3fe6fce1b92f2b6cf41bf6bbc6704dd7b20178
SuSE Security Advisory - Qpop 2.53 does not check the mail header for invalid input, allowing an attacker could send a mail with a malicously formated mail header to a person, that reveives it's mail via qpop 2.53, to execute code with the privileges of user 'mail' at the qpop server.
664c98fc21db37c8fd0c437a504953f31e4c132062a73cbcd08e8ee68479edcc
SuSE Security Announcement - A local security hole was discovered in the KDE CD player, kmulti here.
3d6e3eea20f253e2d757f141b870e0c57ded66217a446d1cc10dd0bab9e94906
SuSE Security Advisory - gdm prior to 2.0beta4 allows remote root compromise. Gdm is the GNOME replacment for xdm, handling graphical console and network logins. The gdm code, that process' logins over the network, could be tricked into writing data from the network right into the stack. This condition exists while gdm is running with root privileges and before the user is authenticated. Other distributions are affected as well. SuSE security site here.
b72a3c3c3aa5a34597dc9a0e68ba79f13b25815e8ef3f544fb17b99017973c2e
SuSE Security Advisory - aaa_base is the basic package which comes with any SuSE Linux installation. Two vulnerabilities have been found: 1) The cron job /etc/cron.daily/aaa_base does a daily checking of files in /tmp and /var/tmp, where old files will be deleted if configured to do so. Please note that this feature is NOT activated by default. 2) Some system accounts have their homedirectories set to /tmp by default. These are the users games, firewall, wwwrun and nobody on a SuSE 6.4.
5a3e2e3231a4460b85f1219b5ea705fbcc5e0ff1be6878fc5be1742a41f15b0a
SuSE Security Announcement - A security hole was discovered in kreatecd version 0.3.8b and below. Kreatecd is a KDE tool used to burn cd-roms, in which an exploitable buffer overflow was found allowing local users to get root. SuSE security website here.
d143541083c4cd2e4218fc0c810424545d121f5db2811df201e4f8074bdabac7
SuSE Security Announcement - A security hole was discovered in gpm verison 1.18.1 and before, allowing local users to execute commands as EUID 0. SuSE security page here.
da04ad53049b68946f42d5b38d8d36f0ad7afa0ac85e1424a0e34694d3db7200
SuSE Security Advisory - A security hole was discovered in ircii, a buffer overflow in the dcc chat feature was found which is exploitable by remote users, allowing remote users may execute commands as the user running ircii-4.4 and below. SuSE security site here.
0bc3a0cdd5c4ee42eb866ece9fb7c575460a3289015501c4102dc9de690e2c7d
SuSE Security Advisory - A security hole was discovered in the SuSE IMAP server which allows remote attackers to receive imap administrator privilige which can be used e.g. to create or delete folders. This is unrelated to the SuSE linux distribution, which is unaffected. SuSE security site here.
70f7eaca71bd1b6e0f93aeb55fc676996c8bcf24b496476f3b61cbf476fb6f90
SuSE Security Advisory - A security hole was discovered in htdig 3.14 and below. SuSE security site here.
67510eb1f47d7625e5bfc697884b66426c38c14f9221f6bc197370fee1f64ff6
A security hole was discovered in mysql, version 3.22.30 and below, allowing remote database access. SuSE security site here.
37c0c417de4b3cc6bc05888e062992dfc4c00d0ad7ac4fa0dc01dcf60a1760b1