A security hole was discovered in the GNU make package version 3.77-44 distributed with SuSE 6.1 and 6.3. If Makefile contents are fed in via stdin, files will be created in /tmp without checking if there is a symbolic link with the same name. Implications are command execution as the user running make. Other distributions are also affected. SuSE security site here.
ea08e1d1f74ae57dec28f0224d6ad7a4b1254790603ed556b334ded009d41465A security hole was discovered in the util package (mount and umount commands) installed by default on SuSE and other flavors of linux. Local root compromise possible. SuSE security site here.
d5441c0cfdf9c9b309b67e8539ad4feae7ae7d635226df5cbeedc83b7c860831SuSE Security Announcment - A security hole was found in lprold which was distributed with all SuSE versions including 6.3. There are local and remote vulnerabilities. SuSE security site here.
e738169bb2cdb3573f768840d7317d4a7f648780d7155ba0e73a45c7e5943212The mailinglist software "majordomo" was found having several local vulnerabilties. However, the licence of the program prohibites us providing a fix. You should either remove majordomo or trust your local users until an official fix from greatcircles is available. SuSE security website here.
6494ccefa98173cb286a431e760b4b3a72f1ed68c9f590f66271894a3ae50fd1A security hole was found in wvdial which can allow regular users access to dialup passwords. SuSE security website here.
6691e23fba7b944f3c30ec907d9f37340be3a0d009a6325713258f1fe960d70dA remote denial of service attack was discovered in inn here.
466542993a4ad12faadefa87ea87012515ad1d221744c4c930e99b195c1b74beSuSE Advisory: Announcement of new security tools from SuSE. Includes SuSE FTP Proxy, SuSE Firewall (The new firewall script from SuSE, rewritten from scratch), Harden SuSE script, SuSE Secumod (This loadable kernel module enhances the security of the system by adding a symlink/hardlink/pipe protection, procfs protection, trusted path execution and capabilities), SuSE Secchk cron scripts, Yast-1, SuSE auditdisk (This tool generates a bootdisk with checksum data and all binaries etc. needed to automaticaly verify file checksums upon booting. This way it can't be subverted by lkm's like a standard e.g. tripwire installation), plus tmpwatch, arpwatch, plug, sslwrap, the newest nmap and more. SuSE security website here.
79e2c81812f8dd6ef4480bef4faaff9c9f0718e66d5f0a8f52f7f692c58108dfSuSE Security Announcement: bind8 here.
e9ff1adacc050405b9af047443d0fbd7e678cadfffa955f09d04d0898099bba3A security hole was discovered in thttpd server, distributed with SuSE 6.2 and 6.3. When overflowing a static buffer in tdate_parse() an attacker could remotely execute commands on the thttpd host with the permissions of thttpd. Patches available here.
8b5e0fbf85086d789ebdff5f9083447393cac48f65be5b050868c8efa4cf1cffThe rpc.nfsd which is part of the nfs-server package was found to have two remote vulnerabilities. Patches available here.
29d784915088dec312cde6439f632f6fc7c438e0c1e9e3c966d72df9b8cf1a42Several vulnerabilities exist: ypserv prior 1.3.9 allows an administrator in the NIS domain to inject password tables; rpc.yppasswd prior 1.3.6.92 has got a buffer overflow in the md5 hash generation [SuSE linux is unaffected by this, other linux falvors are]; rpc.yppasswdd prior 1.3.9 allows users to change GECO and login shell values of other users. Affected are all linux distributions using the ypserv package. Website for patches here.
760ce3bd92792f507a4556e1a3b80e429915e2e35a020f7efc814d176a4281a6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed