Search...

Mandrake Linux Security Advisory : kdelibs (MDKSA-2003:079)

2004-07-31T00:00:00

ID MANDRAKE_MDKSA-2003-079.NASL
Type nessus
Reporter This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
Modified 2004-07-31T00:00:00

Description

A vulnerability in Konqueror was discovered where it could inadvertently send authentication credentials to websites other than the intended site in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form http://user:password@host/.

The provided packages have a patch that corrects this issue.

                                        
                                            #%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2003:079. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14062);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2003-0459");
  script_xref(name:"MDKSA", value:"2003:079");

  script_name(english:"Mandrake Linux Security Advisory : kdelibs (MDKSA-2003:079)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability in Konqueror was discovered where it could
inadvertently send authentication credentials to websites other than
the intended site in clear text via the HTTP-referer header when
authentication credentials are passed as part of a URL in the form
http://user:password@host/.

The provided packages have a patch that corrects this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.kde.org/info/security/advisory-20030729-1.txt"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-static-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/07/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"kdelibs-3.0.5a-1.3mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"kdelibs-devel-3.0.5a-1.3mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kdelibs-3.1-58.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kdelibs-common-3.1-58.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kdelibs-devel-3.1-58.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kdelibs-static-devel-3.1-58.2mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "MANDRAKE_MDKSA-2003-079.NASL", "bulletinFamily": "scanner", "title": "Mandrake Linux Security Advisory : kdelibs (MDKSA-2003:079)", "description": "A vulnerability in Konqueror was discovered where it could\ninadvertently send authentication credentials to websites other than\nthe intended site in clear text via the HTTP-referer header when\nauthentication credentials are passed as part of a URL in the form\nhttp://user:password@host/.\n\nThe provided packages have a patch that corrects this issue.", "published": "2004-07-31T00:00:00", "modified": "2004-07-31T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/14062", "reporter": "This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.", "references": ["http://www.kde.org/info/security/advisory-20030729-1.txt"], "cvelist": ["CVE-2003-0459"], "type": "nessus", "lastseen": "2021-01-07T11:51:19", "edition": 24, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-0459"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:4925", "SECURITYVULNS:DOC:5382"]}, {"type": "redhat", "idList": ["RHSA-2003:236"]}, {"type": "osvdb", "idList": ["OSVDB:2127"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-361.NASL", "REDHAT-RHSA-2003-236.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:53650"]}, {"type": "debian", "idList": ["DEBIAN:DSA-361-2:AB145", "DEBIAN:DSA-361-1:4ECF4"]}, {"type": "suse", "idList": ["SUSE-SA:2003:045", "SUSE-SA:2003:044", "SUSE-SA:2003:047", "SUSE-SA:2003:049", "SUSE-SA:2003:050", "SUSE-SA:2003:046"]}, {"type": "cert", "idList": ["VU:734644", "VU:325603"]}], "modified": "2021-01-07T11:51:19", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-01-07T11:51:19", "rev": 2}, "vulnersScore": 5.7}, "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:079. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14062);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0459\");\n script_xref(name:\"MDKSA\", value:\"2003:079\");\n\n script_name(english:\"Mandrake Linux Security Advisory : kdelibs (MDKSA-2003:079)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability in Konqueror was discovered where it could\ninadvertently send authentication credentials to websites other than\nthe intended site in clear text via the HTTP-referer header when\nauthentication credentials are passed as part of a URL in the form\nhttp://user:password@host/.\n\nThe provided packages have a patch that corrects this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.kde.org/info/security/advisory-20030729-1.txt\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:kdelibs-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"kdelibs-3.0.5a-1.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"kdelibs-devel-3.0.5a-1.3mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kdelibs-3.1-58.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kdelibs-common-3.1-58.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kdelibs-devel-3.1-58.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"kdelibs-static-devel-3.1-58.2mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "14062", "cpe": ["p-cpe:/a:mandriva:linux:kdelibs-common", "cpe:/o:mandrakesoft:mandrake_linux:9.1", "p-cpe:/a:mandriva:linux:kdelibs-devel", "p-cpe:/a:mandriva:linux:kdelibs-static-devel", "cpe:/o:mandrakesoft:mandrake_linux:9.0", "p-cpe:/a:mandriva:linux:kdelibs"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:33:02", "description": "KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the \"user:password@host\" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.", "edition": 3, "cvss3": {}, "published": "2003-08-27T04:00:00", "title": "CVE-2003-0459", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-0459"], "modified": "2017-10-11T01:29:00", "cpe": ["cpe:/a:redhat:kdelibs_devel:3.0.3-8", "cpe:/a:redhat:analog_real-time_synthesizer:2.1.1-5", "cpe:/a:redhat:kdelibs_sound:2.2-11", "cpe:/a:redhat:analog_real-time_synthesizer:2.2-11", "cpe:/a:kde:konqueror:3.0.2", "cpe:/a:redhat:kdelibs:3.1-10", "cpe:/a:redhat:kdelibs_sound:2.1.1-5", "cpe:/a:redhat:kdelibs:2.2-11", "cpe:/a:kde:konqueror:3.0", "cpe:/a:redhat:kdelibs_sound_devel:2.2-11", "cpe:/a:kde:konqueror_embedded:0.1", "cpe:/a:kde:konqueror:2.1.1", "cpe:/a:redhat:kdelibs:2.1.1-5", "cpe:/a:kde:konqueror:3.1.1", "cpe:/a:kde:konqueror:3.0.3", "cpe:/a:redhat:kdelibs_devel:3.1-10", "cpe:/a:redhat:kdelibs_devel:2.1.1-5", "cpe:/a:kde:konqueror:2.2.2", "cpe:/a:redhat:kdelibs_devel:3.0.0-10", "cpe:/a:kde:konqueror:3.0.5", "cpe:/a:kde:konqueror:3.1.2", "cpe:/a:kde:konqueror:3.0.1", "cpe:/a:redhat:kdelibs:3.0.0-10", "cpe:/a:kde:konqueror:3.1", "cpe:/a:redhat:kdelibs_sound_devel:2.1.1-5", "cpe:/a:redhat:kdebase:3.0.3-13", "cpe:/a:redhat:kdelibs_devel:2.2-11"], "id": "CVE-2003-0459", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0459", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:redhat:kdelibs_sound_devel:2.2-11:*:ia64_sound_dev:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs:3.0.0-10:*:i386:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs_sound_devel:2.2-11:*:i386_sound_dev:*:*:*:*:*", "cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:kdebase:3.0.3-13:*:i386:*:*:*:*:*", "cpe:2.3:a:redhat:kdebase:3.0.3-13:*:i386_dev:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs_devel:3.0.3-8:*:i386_dev:*:*:*:*:*", "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs:2.1.1-5:*:i386:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs:2.2-11:*:i386:*:*:*:*:*", "cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs_sound:2.2-11:*:i386_sound:*:*:*:*:*", "cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs_sound:2.2-11:*:ia64_sound:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs:2.2-11:*:ia64:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs_devel:2.1.1-5:*:i386_dev:*:*:*:*:*", "cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:analog_real-time_synthesizer:2.2-11:*:ia64:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs_sound:2.1.1-5:*:i386_sound:*:*:*:*:*", "cpe:2.3:a:redhat:analog_real-time_synthesizer:2.2-11:*:i386:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs_devel:3.0.0-10:*:i386_dev:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs:3.1-10:*:i386:*:*:*:*:*", "cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs_devel:2.2-11:*:i386_dev:*:*:*:*:*", "cpe:2.3:a:redhat:analog_real-time_synthesizer:2.1.1-5:*:i386:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs_devel:2.2-11:*:ia64_dev:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs_sound_devel:2.1.1-5:*:i386_sound_dev:*:*:*:*:*", "cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:kdelibs_devel:3.1-10:*:i386_dev:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:08", "bulletinFamily": "software", "cvelist": ["CVE-2003-0459"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nKDE Security Advisory: Konqueror Referer Leaking Website Authentication Credentials\r\nOriginal Release Date: 2003-07-29\r\nURL: http://www.kde.org/info/security/advisory-20030729-1.txt\r\n\r\n0. References\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0459\r\n\r\n1. Systems affected:\r\n\r\n All versions of Konqueror as distributed with KDE up to and including\r\nKDE 3.1.2 as well as Konqueror/Embedded\r\n\r\n2. Overview:\r\n\r\n Konqueror may inadvertently send authentication credentials to\r\nwebsites other than the intended website in clear text via the HTTP-referer\r\nheader when authentication credentials are passed as part of a URL in the form\r\nof http://user:password@host/\r\n\r\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2003-0459 to this issue.\r\n\r\n3. Impact:\r\n\r\n Users of Konqueror may unknowingly distribute website authentication\r\ncredentials to third parties with links on the password protected website.\r\nThis may make it possible for those third parties to gain unauthorized access\r\nto the password protected website.\r\n\r\n Users of Konqueror may unknowingly send website authentication\r\ncredentials in clear text across their local network and to websites of third \r\nparties. This may allow an attacker who is able to eavesdrop on such\r\ncommunication to obtain the credentials and use them to gain unauthorized\r\naccess to the password protected website.\r\n\r\n4. Solution:\r\n\r\n Users can reduce, but not totally eliminate, the risk by not providing\r\nany password as part of a URL. Instead they should provide the password in\r\nthe KDE authentication dialog when prompted.\r\n\r\n Users of KDE 2.2.2 are advised to upgrade to KDE 3.1.3. A patch for\r\nKDE 2.2.2 is available as well for users that are unable to upgrade to\r\nKDE 3.1.\r\n\r\n Users of KDE 3.0.x are advised to upgrade to KDE 3.1.3. A patch for\r\nKDE 3.0.5b is available as well for users that are unable to upgrade to\r\nKDE 3.1.\r\n\r\n Users of KDE 3.1.x are advised to upgrade to KDE 3.1.3.\r\n\r\n Users of Konqueror/Embedded are advised to upgrade to a snapshot of\r\nKonqueror/Embedded of July 5th, 2003 or later, available from\r\nhttp://devel-home.kde.org/~hausmann/snapshots/ :\r\n\r\n 30dc3e109124e8532c7c0ed6ad3ec6fb konqueror-embedded-snapshot-20030705.tar.gz\r\n\r\n5. Patch:\r\n A patch for KDE 2.2.2 is available from\r\nftp://ftp.kde.org/pub/kde/security_patches :\r\n\r\n 90d0a6064ee1ba99347b55e303081cd5 post-2.2.2-kdelibs-http.patch\r\n\r\n Patches for KDE 3.0.5b are available from\r\nftp://ftp.kde.org/pub/kde/security_patches :\r\n\r\n a2bd79b4a78aa7d51afe01c47a8ab6d2 post-3.0.5b-kdelibs-http.patch\r\n a5ed29d49c07aa5a2c63b9bbaec0e7b2 post-3.0.5b-kdelibs-khtml.patch\r\n\r\n Patches for KDE 3.1.2 are available from\r\nftp://ftp.kde.org/pub/kde/security_patches :\r\n\r\n 8ebafe8432e92cb4e878a37153cf12a4 post-3.1.2-kdelibs-http.patch\r\n 6f27515ca22198b4060f4a4fe3c3a6b1 post-3.1.2-kdelibs-khtml.patch\r\n\r\n6. Timeline and credits:\r\n\r\n 07/03/2003 Notification of security@kde.org by George Staikos\r\n 07/10/2003 Fixed in KDE CVS.\r\n 07/11/2003 OS vendors / binary package providers alerted and\r\n provided with patches.\r\n 07/29/2003 Public Security Advisory by the KDE Security team.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.2 (GNU/Linux)\r\n\r\niD8DBQE/JaZqvsXr+iuy1UoRAkPhAJ4536lHPU7MTTZMpA5+iRWxFUnTCACg7Wek\r\nddwqwmAs0UiCF+DHrVBKR+8=\r\n=W4W+\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2003-07-30T00:00:00", "published": "2003-07-30T00:00:00", "id": "SECURITYVULNS:DOC:4925", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4925", "title": "KDE Security Advisory: Konqueror Referrer Authentication Leak", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:08", "bulletinFamily": "software", "cvelist": ["CVE-2003-0459", "CVE-2003-0692", "CVE-2003-0886", "CVE-2003-0690"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\n\r\n______________________________________________________________________________\r\n\r\n SUSE Security Announcement\r\n\r\n Package: hylafax\r\n Announcement-ID: SuSE-SA:2003:045\r\n Date: Mon Nov 10 15:00:00 CET 2003 \r\n Affected products: 7.3, 8.0, 8.1, 8.2, 9.0\r\n SuSE Linux Enterprise Server 7\r\n SuSE Linux Standard Server 8\r\n SuSE Linux Desktop 1.0\r\n SuSE Linux Office Server\r\n Vulnerability Type: remote code execution\r\n Severity (1-10): 5\r\n SUSE default package: No\r\n Cross References: CAN-2003-0886\r\n http://www.hylafax.org\r\n\r\n Content of this advisory:\r\n 1) security vulnerability resolved: Format bug condition in hfaxd.\r\n problem description, discussion, solution and upgrade information\r\n 2) pending vulnerabilities, solutions, workarounds:\r\n - ethereal\r\n - KDE\r\n - sane\r\n - ircd\r\n - mc\r\n - apache1/2\r\n 3) standard appendix (further information)\r\n\r\n______________________________________________________________________________\r\n\r\n1) problem description, brief discussion, solution, upgrade information\r\n\r\n Hylafax is an Open Source fax server which allows sharing of fax\r\n equipment among computers by offering its service to clients by\r\n a protocol similar to FTP.\r\n The SuSE Security Team found a format bug condition during a code\r\n review of the hfaxd server. It allows remote attackers to execute\r\n arbitrary code as root. However, the bug can not be triggered in\r\n hylafax' default configuration.\r\n\r\n The "capi4hylafax" packages also need to be updated as a dependency\r\n where they are available.\r\n \r\n After the update has been successfully applied the hfaxd server has\r\n to be restarted by issuing the following command as root:\r\n\r\n /etc/rc.d/hylafax restart\r\n\r\n Please download the update package for your distribution and verify its\r\n integrity by the methods listed in section 3) of this announcement.\r\n Then, install the package using the command "rpm -Fhv file.rpm" to apply\r\n the update.\r\n Our maintenance customers are being notified individually. The packages\r\n are being offered to install from the maintenance web.\r\n\r\n Intel i386 Platform:\r\n\r\n SuSE-9.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/hylafax-4.1.7-67.i586.rpm\r\n 598081f0d8518014c122466549d3aee2\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/capi4hylafax-4.1.7-67.i586.rpm\r\n b440a0ac3debb15af86c55ce9648a0c9\r\n patch rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/hylafax-4.1.7-67.i586.patch.rpm\r\n b133d6a01100c51769edfe73842f21e5\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/capi4hylafax-4.1.7-67.i586.patch.rpm\r\n 48b02652d3efd052a99fe45346a40533\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/hylafax-4.1.7-67.src.rpm\r\n 44b246480b629ee9659ff2360999f4be\r\n\r\n SuSE-8.2:\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/hylafax-4.1.5-190.i586.rpm\r\n a17a36e3d9779aaddc074e634c1d16c2\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/capi4hylafax-4.1.5-190.i586.rpm\r\n f016a370c9428aaca1a4393e3fb1fa6c\r\n patch rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/hylafax-4.1.5-190.i586.patch.rpm\r\n f9be5873c7f8abaae23494f98463b451\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/capi4hylafax-4.1.5-190.i586.patch.rpm\r\n 715001c063280b3ff8c3ec9c918776b9\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/hylafax-4.1.5-190.src.rpm\r\n cdf6cf2e9ad8e9f96a0a76ba03921c5a\r\n\r\n SuSE-8.1:\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/hylafax-4.1.3-145.i586.rpm\r\n 85ffa634af490894d049c2c350bd5637\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/capi4hylafax-4.1.3-145.i586.rpm\r\n c3766b389e79820e88375127ce47246f\r\n patch rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/hylafax-4.1.3-145.i586.patch.rpm\r\n f6afb37c81542e75da229db6cd1f9571\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/capi4hylafax-4.1.3-145.i586.patch.rpm\r\n e3f1e42ab4a12d056ad440e4607214c9\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/hylafax-4.1.3-145.src.rpm\r\n 6babcf169ecf60cbfc83a3f8575cdf3e\r\n\r\n SuSE-8.0:\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/hylafax-4.1-303.i386.rpm\r\n e4492b144902043a38bfd71dbb683b23\r\n patch rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/n4/hylafax-4.1-303.i386.patch.rpm\r\n 02f80c2b8b28d176bbba8a6dccda4dce\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/hylafax-4.1-303.src.rpm\r\n c79d4be78cca347d5ecded4c6029f2b2\r\n\r\n SuSE-7.3:\r\n ftp://ftp.suse.com/pub/suse/i386/update/7.3/n3/hylafax-4.1-303.i386.rpm\r\n b42d4ff0c43cec7e09fe4c1bbf5c8226\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/hylafax-4.1-303.src.rpm\r\n 8bdce70f21a0362882947a1d4de760ae\r\n\r\n\r\n Sparc Platform:\r\n\r\n SuSE-7.3:\r\n ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n3/hylafax-4.1-122.sparc.rpm\r\n fa187f99f0a25df1815445dbbb6a0abe\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/hylafax-4.1-122.src.rpm\r\n 227353e1b80121f3ccfabc7fb888a485\r\n\r\n\r\n\r\n PPC Power PC Platform:\r\n\r\n SuSE-7.3:\r\n ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n3/hylafax-4.1-206.ppc.rpm\r\n 4388fa7fe1aa5173e3d33bdf1c477349\r\n source rpm(s):\r\n ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/hylafax-4.1-206.src.rpm\r\n a95fd798a47396a077d7690a3e62986b\r\n\r\n\r\n______________________________________________________________________________\r\n\r\n2) Pending vulnerabilities in SUSE Distributions and Workarounds:\r\n\r\n - ethereal\r\n A new official version of ethereal, a network traffic analyzer, was\r\n released to fix various security-related problems.\r\n An update package is currently being tested and will be released\r\n as soon as possible.\r\n\r\n - KDE\r\n New KDE packages are currently being tested. These packages fixes\r\n several vulnerabilities:\r\n + remote root compromise (CAN-2003-0690)\r\n + weak cookies (CAN-2003-0692)\r\n + SSL man-in-the-middle attack\r\n + information leak through HTML-referrer (CAN-2003-0459)\r\n The packages will be release as soon as testing is finished.\r\n\r\n - sane\r\n The scanner service sane of SuSE Linux 7.3-8.1 is vulnerable to\r\n a remote denial-of-service attack. This attack can even be triggered\r\n if the attackers host is not listed in the saned.conf file.\r\n The packages are currently tested and will be release as soon as\r\n possible.\r\n\r\n - ircd\r\n The Internet Relay Chat daemon is vulnerable to a remote denial-of-\r\n service attack. The attack can be triggered by irc clients directly\r\n connected to the daemon.\r\n The packages are currently tested and will be release as soon as\r\n possible.\r\n\r\n - mc\r\n By using a special combination of links in archive-files it is possible\r\n to execute arbitrary commands while mc tries to open it in its VFS.\r\n The packages are currently tested and will be release as soon as\r\n possible.\r\n\r\n - apache1/2\r\n The widely used HTTP server apache has several security vulnerabilities:\r\n - locally exploitable buffer overflow in the regular expression code.\r\n The attacker must be able to modify .htaccess or httpd.conf.\r\n (affects: mod_alias and mod_rewrite)\r\n - under some circumstances mod_cgid will output its data to the\r\n wrong client (affects: apache2)\r\n\r\n\r\n______________________________________________________________________________\r\n\r\n3) standard appendix: authenticity verification, additional information\r\n\r\n - Package authenticity verification:\r\n\r\n SUSE update packages are available on many mirror ftp servers all over \r\n the world. While this service is being considered valuable and important\r\n to the free and open source software community, many users wish to be \r\n sure about the origin of the package and its content before installing\r\n the package. There are two verification methods that can be used \r\n independently from each other to prove the authenticity of a downloaded\r\n file or rpm package:\r\n 1) md5sums as provided in the (cryptographically signed) announcement.\r\n 2) using the internal gpg signatures of the rpm package.\r\n\r\n 1) execute the command \r\n md5sum <name-of-the-file.rpm>\r\n after you downloaded the file from a SUSE ftp server or its mirrors.\r\n Then, compare the resulting md5sum with the one that is listed in the\r\n announcement. Since the announcement containing the checksums is \r\n cryptographically signed (usually using the key security@suse.de), \r\n the checksums show proof of the authenticity of the package.\r\n We disrecommend to subscribe to security lists which cause the \r\n email message containing the announcement to be modified so that\r\n the signature does not match after transport through the mailing \r\n list software.\r\n Downsides: You must be able to verify the authenticity of the\r\n announcement in the first place. If RPM packages are being rebuilt\r\n and a new version of a package is published on the ftp server, all \r\n md5 sums for the files are useless.\r\n\r\n 2) rpm package signatures provide an easy way to verify the authenticity\r\n of an rpm package. Use the command\r\n rpm -v --checksig <file.rpm>\r\n to verify the signature of the package, where <file.rpm> is the\r\n filename of the rpm package that you have downloaded. Of course, \r\n package authenticity verification can only target an un-installed rpm\r\n package file.\r\n Prerequisites:\r\n a) gpg is installed\r\n b) The package is signed using a certain key. The public part of this\r\n key must be installed by the gpg program in the directory \r\n ~/.gnupg/ under the user's home directory who performs the\r\n signature verification (usually root). You can import the key\r\n that is used by SUSE in rpm packages for SUSE Linux by saving\r\n this announcement to a file ("announcement.txt") and\r\n running the command (do "su -" to be root):\r\n gpg --batch; gpg < announcement.txt | gpg --import\r\n SUSE Linux distributions version 7.1 and thereafter install the\r\n key "build@suse.de" upon installation or upgrade, provided that\r\n the package gpg is installed. The file containing the public key\r\n is placed at the top-level directory of the first CD (pubring.gpg)\r\n and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .\r\n\r\n\r\n - SUSE runs two security mailing lists to which any interested party may\r\n subscribe:\r\n\r\n suse-security@suse.com\r\n - general/linux/SUSE security discussion. \r\n All SUSE security announcements are sent to this list.\r\n To subscribe, send an email to \r\n <suse-security-subscribe@suse.com>.\r\n\r\n suse-security-announce@suse.com\r\n - SUSE's announce-only mailing list.\r\n Only SUSE's security announcements are sent to this list.\r\n To subscribe, send an email to\r\n <suse-security-announce-subscribe@suse.com>.\r\n\r\n For general information or the frequently asked questions (faq) \r\n send mail to:\r\n <suse-security-info@suse.com> or\r\n <suse-security-faq@suse.com> respectively.\r\n\r\n =====================================================================\r\n SUSE's security contact is <security@suse.com> or <security@suse.de>.\r\n The <security@suse.de> public key is listed below.\r\n =====================================================================\r\n______________________________________________________________________________\r\n\r\n The information in this advisory may be distributed or reproduced,\r\n provided that the advisory is not modified in any way. In particular,\r\n it is desired that the clear-text signature shows proof of the\r\n authenticity of the text.\r\n SUSE Linux AG makes no warranties of any kind whatsoever with respect\r\n to the information contained in this security advisory.\r\n\r\nType Bits/KeyID Date User ID\r\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>\r\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>\r\n\r\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\r\nVersion: GnuPG v1.0.6 (GNU/Linux)\r\nComment: For info see http://www.gnupg.org\r\n\r\nmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff\r\n4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d\r\nM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO\r\nQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK\r\nXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE\r\nD3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd\r\nG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM\r\nCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE\r\nmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr\r\nYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD\r\nwmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d\r\nNfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe\r\nQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe\r\nLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t\r\nXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU\r\nD9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3\r\n0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot\r\n1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW\r\ncRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E\r\nExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f\r\nAJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E\r\nOe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/\r\nHZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h\r\nt5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT\r\ntGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM\r\n523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q\r\n2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8\r\nQnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw\r\nJxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ\r\n1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH\r\nORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1\r\nwwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY\r\nEQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol\r\n0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK\r\nCRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co\r\nSPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo\r\nomuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt\r\nA46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J\r\n/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE\r\nGrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf\r\nebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT\r\nZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8\r\nRQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ\r\n8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb\r\nB6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X\r\n11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA\r\n8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj\r\nqY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p\r\nWH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL\r\nhn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG\r\nBafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+\r\nAvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi\r\nRZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0\r\nzinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM\r\n/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7\r\nwhaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl\r\nD+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz\r\ndbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI\r\nRgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI\r\nDgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=\r\n=LRKC\r\n- -----END PGP PUBLIC KEY BLOCK-----\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.0.7 (GNU/Linux)\r\n\r\niQEVAwUBP6+e5Hey5gA9JdPZAQE+jAf/eFK48eMC9RHFxdk32feeVB3vF4vxSefU\r\n59UlWIC0qAyfBf0y2gEf5QKtqwJQzQi489xhjWUFAs5y41S+eYqW9L3bnmbCLdbA\r\n7htB2v/2ZddJhukVPmWop/vaucRX/UDhNKMTzOX8WfmzVhUEvX+B7wkwzVaeood+\r\nIcJzr0kfaW/WsggtIwVV9wbESkPMhguF93Aj2QDeHiFcuxSNcgcKwYkW4TUcgb13\r\nGJ22dHi1aOVDXQmZfnQ/darX6WsKWB1Np/YfbBHRHyhOLS+Z/bKUCbUUb32IO9A8\r\nu7apA51haVrNu2AbKYaoBHPYHefeuCoZISx6mlC5v4JYLexwEwAZzA==\r\n=24nB\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2003-11-13T00:00:00", "published": "2003-11-13T00:00:00", "id": "SECURITYVULNS:DOC:5382", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5382", "title": "SUSE Security Announcement: hylafax (SuSE-SA:2003:045)", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:20", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0459"], "description": "KDE is a graphical desktop environment for the X Window System.\nKonqueror is the file manager for the K Desktop Environment.\n\nGeorge Staikos reported that Konqueror may inadvertently send\nauthentication credentials to websites other than the intended website in\nclear text via the HTTP-referer header. This can occur when authentication\ncredentials are passed as part of a URL in the form http://user:password@host/\n\nUsers of Konqueror are advised to upgrade to these erratum packages, which\ncontain a backported security patch correcting this issue.", "modified": "2018-03-14T19:27:17", "published": "2003-07-30T04:00:00", "id": "RHSA-2003:236", "href": "https://access.redhat.com/errata/RHSA-2003:236", "type": "redhat", "title": "(RHSA-2003:236) kdelibs security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-17T13:05:16", "description": "This erratum provides updated KDE packages that resolve a security\nissue in Konquerer.\n\nKDE is a graphical desktop environment for the X Window System.\nKonqueror is the file manager for the K Desktop Environment.\n\nGeorge Staikos reported that Konqueror may inadvertently send\nauthentication credentials to websites other than the intended website\nin clear text via the HTTP-referer header. This can occur when\nauthentication credentials are passed as part of a URL in the form\nhttp://user:password@host/\n\nUsers of Konqueror are advised to upgrade to these erratum packages,\nwhich contain a backported security patch correcting this issue.", "edition": 27, "published": "2004-07-06T00:00:00", "title": "RHEL 2.1 : kdelibs (RHSA-2003:236)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0459"], "modified": "2004-07-06T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:kdelibs", "p-cpe:/a:redhat:enterprise_linux:kdelibs-sound-devel", "p-cpe:/a:redhat:enterprise_linux:kdelibs-devel", "p-cpe:/a:redhat:enterprise_linux:arts", "p-cpe:/a:redhat:enterprise_linux:kdelibs-sound"], "id": "REDHAT-RHSA-2003-236.NASL", "href": "https://www.tenable.com/plugins/nessus/12409", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2003:236. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12409);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2003-0459\");\n script_xref(name:\"RHSA\", value:\"2003:236\");\n\n script_name(english:\"RHEL 2.1 : kdelibs (RHSA-2003:236)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This erratum provides updated KDE packages that resolve a security\nissue in Konquerer.\n\nKDE is a graphical desktop environment for the X Window System.\nKonqueror is the file manager for the K Desktop Environment.\n\nGeorge Staikos reported that Konqueror may inadvertently send\nauthentication credentials to websites other than the intended website\nin clear text via the HTTP-referer header. This can occur when\nauthentication credentials are passed as part of a URL in the form\nhttp://user:password@host/\n\nUsers of Konqueror are advised to upgrade to these erratum packages,\nwhich contain a backported security patch correcting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2003-0459\"\n );\n # http://www.kde.org/info/security/advisory-20030729-1.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.kde.org/info/security/advisory-20030729-1.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2003:236\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:arts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-sound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-sound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/08/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2003:236\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"arts-2.2.2-9\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"kdelibs-2.2.2-9\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"kdelibs-devel-2.2.2-9\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"kdelibs-sound-2.2.2-9\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"kdelibs-sound-devel-2.2.2-9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"arts / kdelibs / kdelibs-devel / kdelibs-sound / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-06T09:49:38", "description": "Two vulnerabilities were discovered in kdelibs :\n\n - CAN-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier\n does not remove authentication credentials from URLs of\n the 'user:password@host' form in the HTTP-Referer\n header, which could allow remote web sites to steal the\n credentials for pages that link to the sites.\n - CAN-2003-0370: Konqueror Embedded and KDE 2.2.2 and\n earlier does not validate the Common Name (CN) field for\n X.509 Certificates, which could allow remote attackers\n to spoof certificates via a man-in-the-middle attack.\n\nThese vulnerabilities are described in the following security\nadvisories from KDE :\n\n - \n -", "edition": 25, "published": "2004-09-29T00:00:00", "title": "Debian DSA-361-2 : kdelibs, kdelibs-crypto - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0459", "CVE-2003-0370"], "modified": "2004-09-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:kdelibs", "p-cpe:/a:debian:debian_linux:kdelibs-crypto"], "id": "DEBIAN_DSA-361.NASL", "href": "https://www.tenable.com/plugins/nessus/15198", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-361. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15198);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2003-0370\", \"CVE-2003-0459\");\n script_bugtraq_id(7520, 8297);\n script_xref(name:\"DSA\", value:\"361\");\n\n script_name(english:\"Debian DSA-361-2 : kdelibs, kdelibs-crypto - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities were discovered in kdelibs :\n\n - CAN-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier\n does not remove authentication credentials from URLs of\n the 'user:password@host' form in the HTTP-Referer\n header, which could allow remote web sites to steal the\n credentials for pages that link to the sites.\n - CAN-2003-0370: Konqueror Embedded and KDE 2.2.2 and\n earlier does not validate the Common Name (CN) field for\n X.509 Certificates, which could allow remote attackers\n to spoof certificates via a man-in-the-middle attack.\n\nThese vulnerabilities are described in the following security\nadvisories from KDE :\n\n - \n -\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2003/dsa-361\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the current stable distribution (woody) these problems have been\nfixed in version 2.2.2-13.woody.8 of kdelibs and 2.2.2-6woody2 of\nkdelibs-crypto.\n\n\nWe recommend that you update your kdelibs and kdelibs-crypto packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kdelibs-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"kdelibs-dev\", reference:\"2.2.2-13.woody.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kdelibs3\", reference:\"2.2.2-13.woody.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kdelibs3-bin\", reference:\"2.2.2-13.woody.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kdelibs3-crypto\", reference:\"2.2.2-6woody2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kdelibs3-cups\", reference:\"2.2.2-13.woody.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"kdelibs3-doc\", reference:\"2.2.2-13.woody.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libarts\", reference:\"2.2.2-13.woody.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libarts-alsa\", reference:\"2.2.2-13.woody.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libarts-dev\", reference:\"2.2.2-13.woody.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libkmid\", reference:\"2.2.2-13.woody.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libkmid-alsa\", reference:\"2.2.2-13.woody.8\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libkmid-dev\", reference:\"2.2.2-13.woody.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:19:56", "bulletinFamily": "software", "cvelist": ["CVE-2003-0459"], "edition": 1, "description": "## Vulnerability Description\nKDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the \"user:password@host\" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.\n## Solution Description\nKDE has made fixes available. See referenced advisory for additional details. \n\nRed Hat Linux has released an advisory (RHSA-2003:235-01) that addresses this issue. Please see the referenced advisory for details on obtaining and applying fixes. \n\nDebian has issued an updated advisory (DSA 361-2). See Debian advisory in the references section for information regarding obtaining and applying fixes. \n\nMandrake Linux advisory (MDKSA-2003:079) and fixes are available to address this issue. See referenced advisory for further details on obtaining and applying fixes. \n\nTurboLinux has released fixes for this issue. Affected users are advised to run the turbopkg tool to update vulnerable systems. \n\nRed Hat has made updates available for Red Hat Linux Enterprise distributions. These updates are detailed in RHSA-2003:236-08 and may be obtained via the Red Hat Network. \n\nDebian has issued fixes. See Debian advisory DSA-361-1 in the references section for download information. \n\nSlackware has issued fixes. See Slackware advisory (SSA:2003-213-01) in the references section for download information.\n## Short Description\nKDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the \"user:password@host\" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.\n## References:\n[Vendor Specific Advisory URL](http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00171.html)\n[Secunia Advisory ID:9385](https://secuniaresearch.flexerasoftware.com/advisories/9385/)\n[Related OSVDB ID: 13682](https://vulners.com/osvdb/OSVDB:13682)\nRedHat RHSA: RHSA-2003-235\nRedHat RHSA: RHSA-2003-236\nISS X-Force ID: 12761\nGeneric Informational URL: http://www.securityfocus.com/advisories/5650\nGeneric Informational URL: http://www.securityfocus.com/advisories/5663\nGeneric Informational URL: http://www.securityfocus.com/advisories/5646\nGeneric Informational URL: http://www.securityfocus.com/advisories/5692\nGeneric Informational URL: http://www.securityfocus.com/advisories/5662\n[CVE-2003-0459](https://vulners.com/cve/CVE-2003-0459)\nBugtraq ID: 8297\n", "modified": "2003-08-09T03:41:50", "published": "2003-08-09T03:41:50", "href": "https://vulners.com/osvdb/OSVDB:2127", "id": "OSVDB:2127", "type": "osvdb", "title": "KDE Konqueror HTTP REFERER Authentication Credential Leak", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0459", "CVE-2003-0370"], "description": "The remote host is missing an update to kdelibs\nannounced via advisory DSA 361-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53650", "href": "http://plugins.openvas.org/nasl.php?oid=53650", "type": "openvas", "title": "Debian Security Advisory DSA 361-1 (kdelibs)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_361_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 361-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two vulnerabilities were discovered in kdelibs:\n\n- - CVE-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not\nremove authentication credentials from URLs of the\n'user:password@host' form in the HTTP-Referer header, which could\nallow remote web sites to steal the credentials for pages that link\nto the sites.\n\n- - CVE-2003-0370: Konqueror Embedded and KDE 2.2.2 and earlier does not\nvalidate the Common Name (CN) field for X.509 Certificates, which\ncould allow remote attackers to spoof certificates via a\nman-in-the-middle attack.\n\nThese vulnerabilities are described in the following security\nadvisories from KDE:\n\nhttp://www.kde.org/info/security/advisory-20030729-1.txt\nhttp://www.kde.org/info/security/advisory-20030602-1.txt\n\nFor the current stable distribution (woody) these problems have been\nfixed in version 2.2.2-13.woody.8.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4:3.1.3-1.\n\nWe recommend that you update your kdelibs package.\";\ntag_summary = \"The remote host is missing an update to kdelibs\nannounced via advisory DSA 361-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20361-1\";\n\nif(description)\n{\n script_id(53650);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:36:24 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2003-0459\", \"CVE-2003-0370\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 361-1 (kdelibs)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"kdelibs3-doc\", ver:\"2.2.2-13.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdelibs-dev\", ver:\"2.2.2-13.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdelibs3\", ver:\"2.2.2-13.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdelibs3-bin\", ver:\"2.2.2-13.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"kdelibs3-cups\", ver:\"2.2.2-13.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libarts\", ver:\"2.2.2-13.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libarts-alsa\", ver:\"2.2.2-13.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libarts-dev\", ver:\"2.2.2-13.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkmid\", ver:\"2.2.2-13.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkmid-alsa\", ver:\"2.2.2-13.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libkmid-dev\", ver:\"2.2.2-13.woody.8\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:38", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0459", "CVE-2003-0370"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 361-2 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nAugust 9th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : kdelibs-crypto\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE Ids : CAN-2003-0459, CAN-2003-0370\n\nTwo vulnerabilities were discovered in kdelibs:\n\n- - CAN-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not\n remove authentication credentials from URLs of the\n "user:password@host" form in the HTTP-Referer header, which could\n allow remote web sites to steal the credentials for pages that link\n to the sites.\n\n- - CAN-2003-0370: Konqueror Embedded and KDE 2.2.2 and earlier does not\n validate the Common Name (CN) field for X.509 Certificates, which\n could allow remote attackers to spoof certificates via a\n man-in-the-middle attack.\n\nThese vulnerabilities are described in the following security\nadvisories from KDE:\n\nhttp://www.kde.org/info/security/advisory-20030729-1.txt\nhttp://www.kde.org/info/security/advisory-20030602-1.txt\n\nFor the current stable distribution (woody) these problems have been\nfixed in version 2.2.2-6woody2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nkdelibs version 4:3.1.3-1.\n\nWe recommend that you update your kdelibs-crypto package.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2-6woody2.dsc\n Size/MD5 checksum: 717 8599af4329028f8665dabc117e72f76f\n http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2-6woody2.diff.gz\n Size/MD5 checksum: 27879 cb22e341dcb777db3b56965ba3cf6b9c\n http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2.orig.tar.gz\n Size/MD5 checksum: 643622 5ef84fed86c7984f99f8e44e9d5a216a\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_alpha.deb\n Size/MD5 checksum: 132246 23a0d03e1ac5203f225aa0b8dd195d72\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_arm.deb\n Size/MD5 checksum: 116806 3d31e16d92ad60db3b91f781dd3cdd5d\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_i386.deb\n Size/MD5 checksum: 114728 1b922a19c47457e0e82528be473f3225\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_ia64.deb\n Size/MD5 checksum: 165350 7447f5fa12e93891322d0d9f74d96c8b\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_hppa.deb\n Size/MD5 checksum: 136022 37906155eecc5a343eb6a799dda29905\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_m68k.deb\n Size/MD5 checksum: 113360 39576c3be30cc7f85bb35382c7ffae50\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_mips.deb\n Size/MD5 checksum: 100388 7bb05d18af371197dca7804cadb20843\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_mipsel.deb\n Size/MD5 checksum: 99248 34b1cab5af6713de57d7a5fa045b0726\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_powerpc.deb\n Size/MD5 checksum: 114196 0c9ba9eacb57305e2f4444eff479b0fe\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_s390.deb\n Size/MD5 checksum: 115462 c19494bf3b9e3a3e0314f8094e2e6506\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_sparc.deb\n Size/MD5 checksum: 114624 c29f68f9f7feeff15eef588a57daf671\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 2, "modified": "2003-08-09T00:00:00", "published": "2003-08-09T00:00:00", "id": "DEBIAN:DSA-361-2:AB145", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00171.html", "title": "[SECURITY] [DSA-361-2] New kdelibs-crypto packages fix multiple vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:28:29", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0459", "CVE-2003-0370"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 361-1 security@debian.org\nhttp://www.debian.org/security/ Matt Zimmerman\nAugust 1st, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : kdelibs\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE Ids : CAN-2003-0459, CAN-2003-0370\n\nTwo vulnerabilities were discovered in kdelibs:\n\n- - CAN-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not\n remove authentication credentials from URLs of the\n "user:password@host" form in the HTTP-Referer header, which could\n allow remote web sites to steal the credentials for pages that link\n to the sites.\n\n- - CAN-2003-0370: Konqueror Embedded and KDE 2.2.2 and earlier does not\n validate the Common Name (CN) field for X.509 Certificates, which\n could allow remote attackers to spoof certificates via a\n man-in-the-middle attack.\n\nThese vulnerabilities are described in the following security\nadvisories from KDE:\n\nhttp://www.kde.org/info/security/advisory-20030729-1.txt\nhttp://www.kde.org/info/security/advisory-20030602-1.txt\n\nFor the current stable distribution (woody) these problems have been\nfixed in version 2.2.2-13.woody.8.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4:3.1.3-1.\n\nWe recommend that you update your kdelibs package.\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.8.dsc\n Size/MD5 checksum: 1353 5c815a67ccb9603faa9a8eb966402221\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.8.diff.gz\n Size/MD5 checksum: 56799 f193bbbbe086c4d721b1da897e245c5f\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz\n Size/MD5 checksum: 6396699 7a9277a2e727821338f751855c2ce5d3\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.8_all.deb\n Size/MD5 checksum: 2564214 b05746e361304cc132ba11711b55f7a3\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_alpha.deb\n Size/MD5 checksum: 757264 fa6f0c3eb1c83241d85c1d893384a195\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_alpha.deb\n Size/MD5 checksum: 7532294 15954f4cb9b69375d3cce2568712711a\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_alpha.deb\n Size/MD5 checksum: 137266 3d40312c8cb68a694e9099943fcbe07a\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_alpha.deb\n Size/MD5 checksum: 201840 f70cdcb31526bf907e4d1473be008b2a\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_alpha.deb\n Size/MD5 checksum: 1022220 92a0bd302d8a032deea14f0a0a098ac1\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_alpha.deb\n Size/MD5 checksum: 1029292 f323f737e7f004901968f3c55fcbe4f0\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_alpha.deb\n Size/MD5 checksum: 198074 c93cd4e5e1d055cbc5ba21e6c0492991\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_alpha.deb\n Size/MD5 checksum: 174586 a59200be90a136177d7ca2d2e95e755a\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_alpha.deb\n Size/MD5 checksum: 177924 79f4eefc4d91fc4486cef938cc53c4da\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_alpha.deb\n Size/MD5 checksum: 37100 6666a0f271a4b8419be5f0a3253c7d76\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_arm.deb\n Size/MD5 checksum: 743528 80af5e2c904de9884538dd501324fd68\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_arm.deb\n Size/MD5 checksum: 6589168 1a0c58d52d0f2ce47ccc949515ea8d11\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_arm.deb\n Size/MD5 checksum: 104432 c0792835b59698a172f02d169e8f35ed\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_arm.deb\n Size/MD5 checksum: 186426 0b4adc69f78802ae4785324a389af2ed\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_arm.deb\n Size/MD5 checksum: 651612 263bd14c2e2efbcb046599ead20ccda7\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_arm.deb\n Size/MD5 checksum: 655244 a218efa916ef08c4761ee37717ac28c4\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_arm.deb\n Size/MD5 checksum: 155386 8b7213a904bffe4b586e3ef1a23272b3\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_arm.deb\n Size/MD5 checksum: 124670 94011575cb718615027bd874f4d19782\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_arm.deb\n Size/MD5 checksum: 127760 2c2b46294b71d0e58938f5c4dc677894\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_arm.deb\n Size/MD5 checksum: 37106 53018863a02bbf8527219b57e64b8cf9\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_i386.deb\n Size/MD5 checksum: 742862 d694169bd78c22556e7826e6743671ab\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_i386.deb\n Size/MD5 checksum: 6618286 93a23c4e4b60c2d22751a1d4e5e3bd44\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_i386.deb\n Size/MD5 checksum: 105992 93dbd645f4a1df07aa6dd59d15c78c06\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_i386.deb\n Size/MD5 checksum: 182852 a40d3071a7ac0dda38f8cb6c7c16089d\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_i386.deb\n Size/MD5 checksum: 625038 2eb65cf5e415b1cb4575dbd280913abf\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_i386.deb\n Size/MD5 checksum: 629376 bd686dffac6f128bf148073dd7cc5b22\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_i386.deb\n Size/MD5 checksum: 154760 3e1e8471787a474f6f28a2ac6f5650bc\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_i386.deb\n Size/MD5 checksum: 123322 43c58d4502adbe3acbcde52bfb759e8e\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_i386.deb\n Size/MD5 checksum: 126424 062e28ea18e9aa2a97175f39096862cb\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_i386.deb\n Size/MD5 checksum: 37102 bda10467f1b18c7484e4ac1aae586cd0\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_ia64.deb\n Size/MD5 checksum: 767558 3ca9c93a1b628aba1c48f9512efb0450\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_ia64.deb\n Size/MD5 checksum: 8841368 b5fff89ff6261d43781c8766aa5d7598\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_ia64.deb\n Size/MD5 checksum: 153600 51e682a99dcdd400857f5837168ee701\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_ia64.deb\n Size/MD5 checksum: 256878 bf044e843b5a7dd4739ceb11828bcda9\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_ia64.deb\n Size/MD5 checksum: 1045290 70bc69ea7ddd37b6971a83099e87cd15\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_ia64.deb\n Size/MD5 checksum: 1050638 a1f471af126b41976f951680ee76ffb8\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_ia64.deb\n Size/MD5 checksum: 199370 857ba011cd3a08d9124040da8ec6da14\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_ia64.deb\n Size/MD5 checksum: 185444 e5220a9bb8ad3798c31a5990a7857b78\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_ia64.deb\n Size/MD5 checksum: 190906 51eb58ce68471eb4c69a31fecda3c4d8\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_ia64.deb\n Size/MD5 checksum: 37096 541900e17a8c8029f45fca6696ddb028\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_hppa.deb\n Size/MD5 checksum: 749598 6851da3fa2542f371f2f0e75da214aa2\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_hppa.deb\n Size/MD5 checksum: 7343564 b0183421a4fd5ac77d0dde735e86ba6c\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_hppa.deb\n Size/MD5 checksum: 117306 67ba5d8cea098f5e41040fd0e72b5b02\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_hppa.deb\n Size/MD5 checksum: 217796 837e91368600cc315d838b6395ea33c1\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_hppa.deb\n Size/MD5 checksum: 1111424 36e98fa4aae1dcbc922f19e64f866053\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_hppa.deb\n Size/MD5 checksum: 1115322 9b08a77ed1bad67d30069413d2e0fe30\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_hppa.deb\n Size/MD5 checksum: 207342 0eab8c26829e938578d9034f4e1e2d46\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_hppa.deb\n Size/MD5 checksum: 171824 4752bcacbe1907803d70790119fdcc60\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_hppa.deb\n Size/MD5 checksum: 175920 6d390d3f27e2ee266ee1c35f5c6ed4d4\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_hppa.deb\n Size/MD5 checksum: 37102 2b13f6b456878bfc80aec171bbd25c38\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_m68k.deb\n Size/MD5 checksum: 739972 fd777221ccb53ea896b867fe0ef3caef\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_m68k.deb\n Size/MD5 checksum: 6483984 48c7ce7a820cd2edd220e064e9c06eef\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_m68k.deb\n Size/MD5 checksum: 103526 467cbbfa84eedec93c9ae401b0901706\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_m68k.deb\n Size/MD5 checksum: 178436 b9f9f61bdaf437e0257fd17f004b5a65\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_m68k.deb\n Size/MD5 checksum: 628656 ca0418d695f53e38621d3226370fe6fc\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_m68k.deb\n Size/MD5 checksum: 633070 ef87665402f954b01ce11ed52702108e\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_m68k.deb\n Size/MD5 checksum: 151010 cf006ab6d66435ff7ad023f3f14f8800\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_m68k.deb\n Size/MD5 checksum: 120656 263d7d1be4bfe02281fb05ff9e692e70\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_m68k.deb\n Size/MD5 checksum: 123560 f600fefbaa24632d3b3a9c9dbfd85ead\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_m68k.deb\n Size/MD5 checksum: 37122 dbc0802db996370b8f614f8753e70889\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_mips.deb\n Size/MD5 checksum: 739784 70629cb3e43480fe50b30eb5322c9612\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_mips.deb\n Size/MD5 checksum: 6283246 4ee744d88e2a93cc62dfbfc651cfe09c\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_mips.deb\n Size/MD5 checksum: 106762 b6addf954e89ccd8e29ecf345c64d8d2\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_mips.deb\n Size/MD5 checksum: 160934 346c6e12177f10b4298f114e5b2b1bd3\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_mips.deb\n Size/MD5 checksum: 620766 f7049ef8edb1eaca7438dc1cfeedffc3\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_mips.deb\n Size/MD5 checksum: 624932 fe0372bc4f888e003d09caf7f10120a0\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_mips.deb\n Size/MD5 checksum: 175704 ba9cf46f91e5a5d14e23d1c5094ddfdd\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_mips.deb\n Size/MD5 checksum: 124128 813bcadaa332e9aa789d310721d7d8c3\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_mips.deb\n Size/MD5 checksum: 127166 f49ad75dea8beebafc09ee9ed17cc6ff\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_mips.deb\n Size/MD5 checksum: 37108 28faaa11ff5480773306c3f6178ea11a\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_mipsel.deb\n Size/MD5 checksum: 739092 3d10cade157a3f4bde0602f64b0ff300\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_mipsel.deb\n Size/MD5 checksum: 6189916 75c94121e9b8d379f1df07d203f29cd3\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_mipsel.deb\n Size/MD5 checksum: 105754 b27b868206dbbd749313ddd037d125ef\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_mipsel.deb\n Size/MD5 checksum: 159154 4dcc6e9fa704f7e9397f14ccc46ce2ad\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_mipsel.deb\n Size/MD5 checksum: 613612 020928718d250e5c92d4be96a58596fd\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_mipsel.deb\n Size/MD5 checksum: 617226 276481a73f6a22407a77154cec8136a9\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_mipsel.deb\n Size/MD5 checksum: 174976 96f38b7225ae2b5024aa0011dc29ac5b\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_mipsel.deb\n Size/MD5 checksum: 123152 4a6cf2f5fcea212b268812f17f680294\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_mipsel.deb\n Size/MD5 checksum: 126146 738a00cff0c87ce1480040a1d90fe483\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_mipsel.deb\n Size/MD5 checksum: 37104 7f54ce8415003d0b717c929b41e8bad8\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_powerpc.deb\n Size/MD5 checksum: 740724 b5e1f0c81b55701ec79a9a74c9dc80c8\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_powerpc.deb\n Size/MD5 checksum: 6726456 50193f6730f043cfd61165791a41e1b1\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_powerpc.deb\n Size/MD5 checksum: 105866 7e721119d8c731ff17a0ece3fedf5838\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_powerpc.deb\n Size/MD5 checksum: 182522 9dac0701f1f480965806fff1fa35c33f\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_powerpc.deb\n Size/MD5 checksum: 691038 e8e31893f2385221b509e151bd01bcd2\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_powerpc.deb\n Size/MD5 checksum: 694430 cb1a09d7d22fb1ecec69e7a69c57eaf2\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_powerpc.deb\n Size/MD5 checksum: 153674 6817250ad139553026bd59854803ce6b\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_powerpc.deb\n Size/MD5 checksum: 127468 97fd8d4981c703f3af03e55b3e76645a\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_powerpc.deb\n Size/MD5 checksum: 130392 fc5c70dc535fb40e96df88d65d9b2e30\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_powerpc.deb\n Size/MD5 checksum: 37102 11ea385aa94147a7ce7361e5bd16c926\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_s390.deb\n Size/MD5 checksum: 742222 e43b2f96fab3f2eb8799c8fbdc8cad0b\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_s390.deb\n Size/MD5 checksum: 6739634 08cfb20b521e6846e04bf9355c7b991a\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_s390.deb\n Size/MD5 checksum: 110408 ca03d603ad2a470b3a894aeabeec73f0\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_s390.deb\n Size/MD5 checksum: 176894 d674123f0e6efe0b670f1df90b9b9ec8\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_s390.deb\n Size/MD5 checksum: 642158 6f35ad2827c5cf446332afbf7264c50c\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_s390.deb\n Size/MD5 checksum: 647300 6644e9c73c6a88098c46c1b29bf4e256\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_s390.deb\n Size/MD5 checksum: 151336 592491f74265d1615083dc4c4ed7fea4\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_s390.deb\n Size/MD5 checksum: 129832 99e927cb9e8c491fe537703c948face8\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_s390.deb\n Size/MD5 checksum: 133278 0461b7e0b431a64474761d14fab9b6c6\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_s390.deb\n Size/MD5 checksum: 37102 1de42b75170ef39d77d9bfd2d2c93f16\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_sparc.deb\n Size/MD5 checksum: 741602 9b61a934c926ac5ab90043657909dcec\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_sparc.deb\n Size/MD5 checksum: 6579790 514509d90e66037d93549877676d99d4\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_sparc.deb\n Size/MD5 checksum: 117708 222910767eec7164764adf2856a90bf4\n http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_sparc.deb\n Size/MD5 checksum: 184168 4e8e05b489008521946733c36d04609d\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_sparc.deb\n Size/MD5 checksum: 664932 97915d1d4130f1c44e46bc3efca40c35\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_sparc.deb\n Size/MD5 checksum: 668836 365123943821fc1d37f45cfe8e2d30d2\n http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_sparc.deb\n Size/MD5 checksum: 151726 fc9c49b87ddf7febf3a7d6590b6a6291\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_sparc.deb\n Size/MD5 checksum: 128616 a79698355c109b2b57bcfb38f2198826\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_sparc.deb\n Size/MD5 checksum: 131324 1af4d019b27ee38bb14d131a8cae6681\n http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_sparc.deb\n Size/MD5 checksum: 37104 7d5b21e1c2b4299a915e1044eb93ef21\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2003-08-01T00:00:00", "published": "2003-08-01T00:00:00", "id": "DEBIAN:DSA-361-1:4ECF4", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00158.html", "title": "[SECURITY] [DSA-361-1] New kdelibs packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:43:58", "bulletinFamily": "info", "cvelist": ["CVE-2003-0459", "CVE-2003-0690", "CVE-2003-0692", "CVE-2003-0914"], "description": "### Overview \n\nThe BIND 8 name server contains a cache poisoning vulnerability that allows attackers to conduct denial-of-service attacks on specific target domains.\n\n### Description \n\nSeveral versions of the BIND 8 name server are vulnerable to cache poisoning via negative responses. To exploit this vulnerability, an attacker must configure a name server to return authoritative negative responses for a given target domain. Then, the attacker must convince a victim user to query the attacker's maliciously configured name server. When the attacker's name server receives the query, it will reply with an authoritative negative response containing a large TTL (time-to-live) value. If the victim's site runs a vulnerable version of BIND 8, it will cache the negative response and render the target domain unreachable until the TTL expires. \n \n--- \n \n### Impact \n\nAttackers may conduct denial-of-service attacks on specific target domains by enticing users to query a malicious name server. \n \n--- \n \n### Solution \n\n**Upgrade BIND**\n\nThe ISC has prepared BIND 8.3.7 and BIND 8.4.3 to address this vulnerability. Name servers running BIND 4 are not affected. To obtain the latest versions of BIND, please visit \n \n<http://www.isc.org/products/BIND/> \n \n**Apply a patch or updated version from your vendor** \n \nMany operating system vendors include BIND with their products and will be preparing new versions to address this vulnerability. For a list of vendors that the CERT/CC has received information from regarding this vulnerability, please see the Systems Affected section of this document. \n \n--- \n \n### Vendor Information\n\n734644\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Computer Inc. __ Affected\n\nNotified: October 21, 2003 Updated: December 11, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nMac OS X 10.3 and later: Not Vulnerable. Mac OS X 10.3 uses a later version of BIND that does not have this vulnerability. \n\n\nMac OS X 10.2.x: Recommend upgrading to Mac OS X 10.2.8, then installing BIND 8.4.3 as follows: \n \nFirst install the Developer Tools if they are not already present, then perform the following steps from the command-line in an application such as Terminal: \n \n1\\. Download BIND version 8.4.3 by executing the following command: \ncurl -O <ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-src.tar.gz> \n \n2\\. Verify the integrity of this file by typing: \ncksum bind-src.tar.gz \nwhich should indicate \"3224691664 1438439 bind-src.tar.gz\" \n \n3\\. Unpack the distribution as follows: \ntar xvzf bind-src.tar.gz \n \n4\\. Now you're ready to start building the distribution. \ncd to the src/ directory and type \"make\" \n \n5\\. The next step will install the new named daemon: \nsudo cp bin/named/named /usr/sbin/ \n \n6\\. Reboot \n\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### FreeBSD __ Affected\n\nNotified: October 21, 2003 Updated: December 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nPlease see <ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:19.bind.asc>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n`\n\n`============================================================================= \nFreeBSD-SA-03:19.bind Security Advisory` \n`The FreeBSD Project \n` \n`Topic: bind8 negative cache poison attack \n` \n`Category: contrib \nModule: contrib_bind \nAnnounced: 2003-11-28 \nCredits: Internet Software Consortium \nAffects: FreeBSD versions through 4.9-RELEASE and 5.1-RELEASE` \n`4-STABLE prior to the correction date \nCorrected: 2003-11-28 22:13:47 UTC (RELENG_4, 4.9-STABLE)` \n`2003-11-27 00:54:53 UTC (RELENG_5_1, 5.1-RELEASE-p11) \n2003-11-27 16:54:01 UTC (RELENG_5_0, 5.0-RELEASE-p19) \n2003-11-27 00:56:06 UTC (RELENG_4_9, 4.9-RELEASE-p1) \n2003-11-27 16:34:22 UTC (RELENG_4_8, 4.8-RELEASE-p14) \n2003-11-27 16:35:06 UTC (RELENG_4_7, 4.7-RELEASE-p24) \n2003-11-27 16:37:00 UTC (RELENG_4_6, 4.6.2-RELEASE-p27) \n2003-11-27 16:38:36 UTC (RELENG_4_5, 4.5-RELEASE-p37) \n2003-11-27 16:40:03 UTC (RELENG_4_4, 4.4-RELEASE-p47)` \n`CVE Name: CAN-2003-0914 \nFreeBSD only: NO \n` \n`For general information regarding FreeBSD Security Advisories, \nincluding descriptions of the fields above, security branches, and the \nfollowing sections, please visit \n<URL:``<http://www.freebsd.org/security/>``>. \n` \n`I. Background \n` \n`BIND 8 is an implementation of the Domain Name System (DNS) protocols. \nThe named(8) daemon is the Internet domain name server. \n` \n`II. Problem Description \n` \n`A programming error in BIND 8 named can result in a DNS message being \nincorrectly cached as a negative response. \n` \n`III. Impact \n` \n`An attacker may arrange for malicious DNS messages to be delivered \nto a target name server, and cause that name server to cache a \nnegative response for some target domain name. The name server would \nthereafter respond negatively to legitimate queries for that domain \nname, resulting in a denial-of-service for applications that require \nDNS. Almost all Internet applications require DNS, such as the Web, \nemail, and chat networks. \n` \n`IV. Workaround \n` \n`No workaround is known. \n` \n`V. Solution \n` \n`Do one of the following: \n` \n`1) Upgrade your vulnerable system to 4.9-STABLE; or to the RELENG_5_1, \nRELENG_4_9, RELENG_4_8, or RELENG_4_7 security branch dated after the \ncorrection date. \n` \n`2) To patch your present system: \n` \n`a) Download the relevant patch from the location below, and verify the \ndetached PGP signature using your PGP utility. \n` \n`[FreeBSD 4.9 and -STABLE systems] \n# fetch ``<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch>`` \n# fetch ``<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch.asc>`` \n` \n`[FreeBSD 4.8 and 5.1 systems] \n# fetch ``<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch>`` \n# fetch ``<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch.asc>`` \n` \n`[FreeBSD 4.4, 4.5, 4.6, 4.7, and 5.0 systems] \n# fetch ``<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch>`` \n# fetch ``<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch.asc>`` \n` \n`b) Execute the following commands as root: \n` \n`# cd /usr/src \n# patch < /path/to/patch \n# cd /usr/src/lib/libbind \n# make obj && make depend && make \n# cd /usr/src/lib/libisc \n# make obj && make depend && make \n# cd /usr/src/usr.sbin/named \n# make obj && make depend && make && make install \n# cd /usr/src/libexec/named-xfer \n# make obj && make depend && make && make install \n` \n`After upgrading or patching your system, you must restart named. \nExecute the following command as root: \n` \n`# ndc restart \n` \n`VI. Correction details \n` \n`The following list contains the revision numbers of each file that was \ncorrected in FreeBSD. \n` \n`Branch Revision \nPath` \n`- ------------------------------------------------------------------------- \nRELENG_4` \n`src/contrib/bind/CHANGES 1.1.1.7.2.11 \nsrc/contrib/bind/README 1.1.1.7.2.9 \nsrc/contrib/bind/Version 1.1.1.3.2.10 \nsrc/contrib/bind/bin/named-xfer/named-xfer.c 1.3.2.8 \nsrc/contrib/bind/bin/named/Makefile 1.3.2.6 \nsrc/contrib/bind/bin/named/ns_init.c 1.1.1.2.2.6 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.11 \nsrc/contrib/bind/bin/nslookup/commands.l 1.4.2.5 \nsrc/contrib/bind/bin/nslookup/debug.c 1.3.2.6 \nsrc/contrib/bind/bin/nslookup/getinfo.c 1.3.2.9 \nsrc/contrib/bind/bin/nslookup/main.c 1.3.2.7 \nsrc/contrib/bind/doc/man/dig.1 1.3.2.4 \nsrc/contrib/bind/doc/man/host.1 1.3.2.5 \nsrc/contrib/bind/doc/man/nslookup.8 1.2.2.5 \nsrc/contrib/bind/port/freebsd/include/port_after.h 1.6.2.9 \nsrc/contrib/bind/port/freebsd/include/port_before.h 1.1.1.2.2.6` \n`RELENG_5_1 \nsrc/UPDATING 1.251.2.13 \nsrc/sys/conf/newvers.sh 1.50.2.13 \nsrc/contrib/bind/Version 1.1.1.11.2.1 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.11.2.1` \n`RELENG_5_0 \nsrc/UPDATING 1.229.2.25 \nsrc/sys/conf/newvers.sh 1.48.2.20 \nsrc/contrib/bind/Version 1.1.1.10.2.1 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.10.2.1` \n`RELENG_4_9 \nsrc/UPDATING 1.73.2.89.2.2 \nsrc/sys/conf/newvers.sh 1.44.2.32.2.2 \nsrc/contrib/bind/Version 1.1.1.3.2.9.2.1 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.10.2.1` \n`RELENG_4_8 \nsrc/UPDATING 1.73.2.80.2.16 \nsrc/sys/conf/newvers.sh 1.44.2.29.2.15 \nsrc/contrib/bind/Version 1.1.1.3.2.8.2.1 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.9.2.1` \n`RELENG_4_7 \nsrc/UPDATING 1.73.2.74.2.27 \nsrc/sys/conf/newvers.sh 1.44.2.26.2.26 \nsrc/contrib/bind/Version 1.1.1.3.2.7.2.1 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.7.2.2` \n`RELENG_4_6 \nsrc/UPDATING 1.73.2.68.2.56 \nsrc/sys/conf/newvers.sh 1.44.2.23.2.44 \nsrc/contrib/bind/Version 1.1.1.3.2.6.2.2 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.6.2.3` \n`RELENG_4_5 \nsrc/UPDATING 1.73.2.50.2.54 \nsrc/sys/conf/newvers.sh 1.44.2.20.2.38 \nsrc/contrib/bind/Version 1.1.1.3.2.4.4.2 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.4.4.3` \n`RELENG_4_4 \nsrc/UPDATING 1.73.2.43.2.55 \nsrc/sys/conf/newvers.sh 1.44.2.17.2.46 \nsrc/contrib/bind/Version 1.1.1.3.2.4.2.2 \nsrc/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.4.2.3` \n`- ------------------------------------------------------------------------- \n` \n`VII. References \n` \n`<URL:``<http://www.kb.cert.org/vuls/id/734644>``> \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.3 (FreeBSD) \n` \n`iD8DBQE/x8/PFdaIBMps37IRAsl8AJ9zgqn4QmO08d9zj9de8/uGKIQBNgCfeHKC \ntM9nSOzoCrM+O+TpNn6ewt4= \n=PJi2 \n-----END PGP SIGNATURE-----`\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Guardian Digital Inc. __ Affected\n\nNotified: October 21, 2003 Updated: December 02, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n`\n\n`+------------------------------------------------------------------------+ \n| Guardian Digital Security Advisory November 26, 2003 | \n| ``<http://www.guardiandigital.com>`` ESA-20031126-031 | \n| | \n| Packages: bind-chroot, bind-chroot-utils | \n| Summary: cache poisoning vulnerability. | \n+------------------------------------------------------------------------+ \n` \n`EnGarde Secure Linux is an enterprise class Linux platform engineered \nto enable corporations to quickly and cost-effectively build a complete \nand secure Internet presence while preventing Internet threats.` \n \n`OVERVIEW \n- --------` \n`A cache poisoning vulnerability exists in the version of BIND shipped \nwith all versions of EnGarde Secure Linux. Successful exploitation of \nthis vulnerability may result in a temporary denial of service until \nthe bad record expires from the cache.` \n \n`The Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-2003-0914 to this issue.` \n \n`Guardian Digital products affected by this issue include: \n` \n`EnGarde Secure Community v1.0.1 \nEnGarde Secure Community 2 \nEnGarde Secure Professional v1.1 \nEnGarde Secure Professional v1.2 \nEnGarde Secure Professional v1.5` \n \n`It is recommended that all users apply this update as soon as possible. \n` \n`SOLUTION \n- --------` \n`Guardian Digital Secure Network subscribers may automatically update \naffected systems by accessing their account from within the Guardian \nDigital WebTool.` \n \n`To modify your GDSN account and contact preferences, please go to: \n` \n`<https://www.guardiandigital.com/account/>`` \n` \n`Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages: \n` \n`SRPMS/bind-chroot-8.2.6-1.0.30.src.rpm \nMD5 Sum: 6127e55aaeffe9c92dcf793df910ee75` \n \n`i386/bind-chroot-8.2.6-1.0.30.i386.rpm \nMD5 Sum: b631c88d82dc4883df2271204d50abc3` \n \n`i386/bind-chroot-utils-8.2.6-1.0.30.i386.rpm \nMD5 Sum: eaac0812f751998c7f5ad66f7ba9d9d4` \n \n`i686/bind-chroot-8.2.6-1.0.30.i686.rpm \nMD5 Sum: 4b5ced2b8f72d9df3a340833ef0a60c0` \n \n`i686/bind-chroot-utils-8.2.6-1.0.30.i686.rpm \nMD5 Sum: 21f203bb6fad4a5474b179337c395442` \n \n`REFERENCES \n- ----------` \n`Guardian Digital's public key: \n``<http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY>` \n \n`BIND's Official Web Site: \n``<http://www.isc.org/products/BIND/>` \n \n`Guardian Digital Advisories: \n``<http://infocenter.guardiandigital.com/advisories/>` \n \n`Security Contact: security@guardiandigital.com \n` \n`- -------------------------------------------------------------------------- \nAuthor: Ryan W. Maple <ryan@guardiandigital.com> \nCopyright 2003, Guardian Digital, Inc. \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.2 (GNU/Linux) \n` \n`iD8DBQE/xTVoHD5cqd57fu0RAvc0AJ9kvIUaS+VjjFaI1Stwj/I1u4IX1ACfSe9P \nNkyQtP2aIVcE0Ztt4ZV0uuU= \n=2G9V \n-----END PGP SIGNATURE-----`\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Hewlett-Packard Company __ Affected\n\nNotified: October 21, 2003 Updated: December 03, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`Document ID: HPSBUX0311-303 \nDate Loaded: 20031130`\n\n`Title: SSRT3653 Bind 8.1.2 \n` \n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n` \n`----------------------------------------------------------------- \nSource: HEWLETT-PACKARD COMPANY \nSECURITY BULLETIN: HPSBUX0311-303 \nOriginally issued: 30 November 2003 \nSSRT3653 Bind 8.1.2 \n-----------------------------------------------------------------` \n \n`NOTICE: There are no restrictions for distribution of this \nBulletin provided that it remains complete and intact. \n` \n`The information in the following Security Bulletin should be \nacted upon as soon as possible. Hewlett-Packard Company will \nnot be liable for any consequences to any customer resulting \nfrom customer's failure to fully implement instructions in this \nSecurity Bulletin as soon as possible. \n` \n`----------------------------------------------------------------- \n` \n`PROBLEM: Potential security vulnerability in Bind 8.1.2. \n` \n`PLATFORM: HP-UX B.11.00 and B.11.11. \n` \n`IMPACT: Potential remotely exploitable denial of service. \n` \n`SOLUTION: Until a product upgrade is available, download and \ninstall appropriate preliminary updates or upgrade \nto Bind 9.2.0.` \n \n`B.11.11 - Install the preliminary depot: \nSSRT3653UX.depot.` \n`B.11.00 - A Bind 8.1.2 upgrade is available from \nthe ftp site listed below.` \n \n`The issue can be avoided by upgrading to \nBind 9.2.0 which is available now. The security \nbulletin HPSBUX0208-209 has details about required \nrevisions of Bind 9.2.0 for B.11.00 and B.11.11.` \n \n`MANUAL ACTIONS: Yes - NonUpdate \nB.11.11 - Install SSRT3653UX.depot.` \n`or upgrade to Bind 9.2.0. \nB.11.00 - Upgrade to Bind 9.2.0 or` \n`install BIND812v005.depot. \n` \n`AVAILABILITY: This bulletin will be revised when a patch \nis available for B.11.11.` \n \n`----------------------------------------------------------------- \nA. Background` \n`The potential for a remotely exploitable denial of service \nexists in Bind 8.1.2.` \n \n`AFFECTED VERSIONS \n` \n`The following is a list by HP-UX revision of \naffected filesets and the fileset revision or \npatch containing the fix. To determine if a \nsystem has an affected version, search the \noutput of \"swlist -a revision -l fileset\" \nfor an affected fileset, then determine if \na fixed revision or the applicable patch is \ninstalled.` \n \n`HP-UX B.11.11 \n============= \nInternetSrvcs.INETSVCS-RUN \nfix: install SSRT3653UX.depot or` \n`upgrade to Bind 9.2.0. \n` \n`HP-UX B.11.00 \n============= \nBINDv812.INETSVCS-BIND \nfix: upgrade to BIND-812 revision B.11.00.01.005 or` \n`upgrade to Bind 9.2.0. \n` \n`END AFFECTED VERSIONS \n` \n`B. Recommended solution \n` \n`Note: \nThe issue can be avoided by upgrading to \nBind 9.2.0 which is available now. The security \nbulletin HPSBUX0208-209 has details about required \nrevisions of Bind 9.2.0 for B.11.00 and B.11.11.` \n \n`HP-UX B.11.00 Bind 8.1.2 \n======================== \nBIND812 for B.11.00 has been discontinued. It will \nbecome obsolete by the end of March, 2004. A new \nversion of BIND812 for B.11.00 has been created to \naddress the issue of this bulletin. However, it is \nrecommended that customers upgrade to Bind 9.2.0 now. \nMore details can be found here:` \n \n`<<http://software.hp.com/portal/swdepot/> \ndisplayProductInfo.do?productNumber=BIND812>` \n \n`The new version of BIND812 for B.11.00 is available from \nthe ftp site listed below. Since BIND812 for B.11.00 has \nbeen discontinued, this version will not be available \nfrom software.hp.com.` \n \n`HP-UX B.11.11 Bind 8.1.2 \n========================` \n \n`Until a patch is available a temporary depot has been created \nto install a version of /usr/sbin/named which addresses the \nissue. The depot is available from the ftp site listed \nbelow. The depot will not install the new named file unless \nPHNE_28450 has been installed first. PHNE_28450 is available \nfrom <<http://itrc.hp.com>>.` \n \n`========================================================= \n` \n`For B.11.00 download BIND812v005.depot from the \nfollowing ftp site.` \n \n`For B.11.11 download SSRT3653UX.depot from the \nfollowing ftp site.` \n \n`System: hprc.external.hp.com (192.170.19.51) \nLogin: bind812 \nPassword: bind812` \n \n`FTP Access: <ftp://bind:bind1@hprc.external.hp.com/> \nor: <ftp://bind:bind1@192.170.19.51/>` \n`For B.11.11 - file: SSRT3653UX.depot \nFor B.11.00 - file: BIND812v005.depot` \n \n`Note: There is an ftp defect in IE5 that may result in \na browser hang. To work around this:` \n`- Select Tools -> Internet Options -> Advanced \n- Un-check the option:` \n`[ ] Enable folder view for FTP sites \n` \n`If you wish to verify the md5 sum please refer to: \n` \n`HPSBUX9408-016 \nPatch sums and the MD5 program` \n \n`For B11.00 - BIND812v005.depot \ncksum: 1413515727 1239040 BIND812v005.depot \nMD5 (BIND812v005.depot) = 333920fa1b74820bee15f2287bacc3c2` \n \n`For B.11.11 - SSRT3653UX.depot \ncksum: 509054485 389120 SSRT3653UX.depot \nMD5 (SSRT3653UX.depot) = ee96c169ec3712d5907b7fe983d108dc` \n \n`For B.11.00 - Install BIND812v005.depot using swinstall. \n` \n`For B.11.11 - Install SSRT3653UX.depot using swinstall \nafter PHNE_28450 has been installed.` \n \n`Further information is available in the readme file: \ncd <directory containing SSRT3653UX.depot> \nswlist -d -l product -a readme @ $PWD/SSRT3653UX.depot` \n \n \n`- ------------------------------------------------------------------ \n` \n`C. To subscribe to automatically receive future NEW HP Security \nBulletins from the HP IT Resource Center via electronic \nmail, do the following:` \n \n`Use your browser to get to the HP IT Resource Center page \nat:` \n \n`<http://itrc.hp.com> \n` \n`Use the 'Login' tab at the left side of the screen to login \nusing your ID and password. Use your existing login or the \n\"Register\" button at the left to create a login, in order to \ngain access to many areas of the ITRC. Remember to save the \nUser ID assigned to you, and your password.` \n \n`In the left most frame select \"Maintenance and Support\". \n` \n`Under the \"Notifications\" section (near the bottom of \nthe page), select \"Support Information Digests\".` \n \n`To -subscribe- to future HP Security Bulletins or other \nTechnical Digests, click the check box (in the left column) \nfor the appropriate digest and then click the \"Update \nSubscriptions\" button at the bottom of the page.` \n \n`or \n` \n`To -review- bulletins already released, select the link \n(in the middle column) for the appropriate digest.` \n \n`To -gain access- to the Security Patch Matrix, select \nthe link for \"The Security Bulletins Archive\". (near the \nbottom of the page) Once in the archive the third link is \nto the current Security Patch Matrix. Updated daily, this \nmatrix categorizes security patches by platform/OS release, \nand by bulletin topic. Security Patch Check completely \nautomates the process of reviewing the patch matrix for \n11.XX systems.` \n \n`For information on the Security Patch Check tool, see: \n<http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/> \ndisplayProductInfo.pl?productNumber=B6834AA` \n \n`The security patch matrix is also available via anonymous \nftp:` \n \n`<ftp://ftp.itrc.hp.com/export/patches/hp-ux_patch_matrix/> \n` \n`On the \"Support Information Digest Main\" page: \nclick on the \"HP Security Bulletin Archive\".` \n \n`D. To report new security vulnerabilities, send email to \n` \n`security-alert@hp.com \n` \n`Please encrypt any exploit information using the \nsecurity-alert PGP key, available from your local key \nserver, or by sending a message with a -subject- (not body) \nof 'get key' (no quotes) to security-alert@hp.com.` \n \n`---------------------------------------------------------------- \n` \n`(c) Copyright 2003 Hewlett-Packard Company \nHewlett-Packard Company shall not be liable for technical or \neditorial errors or omissions contained herein. The information \nin this document is subject to change without notice. \nHewlett-Packard Company and the names of HP products referenced \nherein are trademarks and/or service marks of Hewlett-Packard \nCompany. Other product and company names mentioned herein may be \ntrademarks and/or service marks of their respective owners. \n` \n`________________________________________________________________ \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: PGP 8.0.2 \n` \n`iQA/AwUBP8oPruAfOvwtKn1ZEQJTlwCg2y1qe8rZiKbUPHuCPkFbIIhVaPkAnja2 \n/Nbi2zNFnmk0FQ0mtBxKx48U \n=L5yo \n-----END PGP SIGNATURE----- \n-----End of Document ID: HPSBUX0311-303--------------------------------------`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### IBM __ Affected\n\nNotified: October 21, 2003 Updated: December 03, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe AIX operating system is vulnerable to the BIND8 cache poisoning attack in releases 4.3.3, 5.1.0 and 5.2.0 . The APAR's for this fix and their availablity are listed below. \n\n\nAPAR number for AIX 4.3.3: IY49899 (available 2/25/2004) \nAPAR number for AIX 5.1.0: IY49881 (available) \nAPAR number for AIX 5.2.0: IY49883 (available 12/24/2003) \n \nThese APARs can be downloaded by following the link for IBM's Fix Central at: \n\n\n<http://www-1.ibm.com/servers/eserver/support/eseries/fixes> \nEfix packages for 4.3.3 and 5.2.0 will be available by 12/02/2004 at: \n\n\n<ftp://aix.software.ibm.com/aix/efixes/security/dns_poison_efix.tar.Z>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nIBM has published APAR IY49881 regarding this vulnerability. For more information, please see:\n\n### Immunix __ Affected\n\nUpdated: December 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`[Outlook and Notes users -- please ask your system administrators to \nassist you in creating out-of-office-autoreplies that respect public \nmail lists; perhaps, creating such a reply that works only within the \norganization or business partners.] \n`\n\n`[Virus scanner administrators -- sending virus warnings to a From: or \nFrom_ header is a waste of time. Please configure your scanners to drop \nmail in the SMTP protocol, and not bounce the email after the fact. \nThanks.] \n` \n`----------------------------------------------------------------------- \nImmunix Secured OS Security Advisory` \n \n`Packages updated:bind \nAffected products:Immunix OS 7+ \nBugs fixed:VU#734644 CAN-2003-0914 \nDate:Mon Oct 27 2003 \nAdvisory ID:IMNX-2003-7+-024-01 \nAuthor:Seth Arnold <sarnold@immunix.com> \n----------------------------------------------------------------------- \n` \n`Description: \nA vulnerability has been found in BIND that \".. allows an attacker to \nconduct cache poisoning attacks on vulnerable name servers by \nconvincing the servers to retain invalid negative responses.\"` \n \n`Our bind-8.2.3-3.3_imnx_5 packages fix this problem using a patch \nderived from the BIND 8.3.7 release. This vulnerability has been named \nCAN-2003-0914 by the CVE project.` \n \n`We'd like to apologize to our US subscribers for the incredibly poor \ntiming, to release this notice a day before the Thanksgiving holiday. \nOur options were limited by ISC, the package maintainer.` \n \n`References: ``<http://www.kb.cert.org/vuls/id/734644>`` \n``<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0914>` \n \n`Package names and locations: \nPrecompiled binary packages for Immunix 7+ are available at: \n``<http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/bind-8.2.3-3.3_imnx_5.i386.rpm>`` \n``<http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/bind-devel-8.2.3-3.3_imnx_5.i386.rpm>`` \n``<http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/bind-utils-8.2.3-3.3_imnx_5.i386.rpm>` \n \n`A source package for Immunix 7+ is available at: \n``<http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/bind-8.2.3-3.3_imnx_5.src.rpm>` \n \n`Immunix OS 7+ md5sums: \n8a5874f96e1c76b11c214ab16e1183f4 RPMS/bind-8.2.3-3.3_imnx_5.i386.rpm \n83535ea7a69ab222ccf5c8664bfd66b9 RPMS/bind-devel-8.2.3-3.3_imnx_5.i386.rpm \n7669fedc653731bf54cc0dd48b258a8f RPMS/bind-utils-8.2.3-3.3_imnx_5.i386.rpm \n445c908f0c4daffe0a153bc7e5514a85 SRPMS/bind-8.2.3-3.3_imnx_5.src.rpm` \n \n \n`GPG verification: \nOur public keys are available at ``<http://download.immunix.org/GPG_KEY>`` \nImmunix, Inc., has changed policy with GPG keys. We maintain several \nkeys now: C53B2B53 for Immunix 7+ package signing, D3BA6C17 for \nImmunix 7.3 package signing, and 1B7456DA for general security issues.` \n \n \n`NOTE: \nIbiblio is graciously mirroring our updates, so if the links above are \nslow, please try:` \n`<ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/>`` \nor one of the many mirrors available at:` \n`<http://www.ibiblio.org/pub/Linux/MIRRORS.html>`` \n` \n`ImmunixOS 6.2 is no longer officially supported. \nImmunixOS 7.0 is no longer officially supported.` \n \n`Contact information: \nTo report vulnerabilities, please contact security@immunix.com. \nImmunix attempts to conform to the RFP vulnerability disclosure protocol` \n`<http://www.wiretrip.net/rfp/policy.html>``.`\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Internet Software Consortium __ Affected\n\nNotified: September 04, 2003 Updated: December 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n` Internet Software Consortium Security Advisory. \nNegative Cache Poison Attack`\n\n` 4 September 2003 \n` \n` Versions affected: \nBIND 8 prior to 8.3.7 \nBIND 8.4.3 Release (8.4.3-REL) \n` \n`BIND 8.4.3 is a maintenance release of BIND 8.4. It includes the BIND 8.4.2 \nrelease which includes a security fix (also released as BIND 8.3.7). \n` \n`Highlights. \nMaintenance Release.` \n \n`Highlights (8.4.2) \nSecurity Fix: Negative Cache Poison Fix.` \n \n`the distribution files are: \n` \n`<ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-src.tar.gz> \n<Ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-doc.tar.gz> \n<ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-contrib.tar.gz> \n` \n`the pgp signature files are: \n` \n`<ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-src.tar.gz.asc> \n<ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-doc.tar.gz.asc> \n<ftp://ftp.isc.org/isc/bind/src/8.4.3/bind-contrib.tar.gz.asc> \n` \n`the md5 checksums are: \n` \n \n`MD5 (bind-contrib.tar.gz) = 454f8e3caf1610941a656fcc17e1ecec \nMD5 (bind-contrib.tar.gz.asc) = f8f0a5b8985a8180e5bd02207f319980 \nMD5 (bind-doc.tar.gz) = fcfdaaa2fc7d6485b0e3d08299948bd3 \nMD5 (bind-doc.tar.gz.asc) = fc0671468c2e3a1e5ff817b69da21a6b \nMD5 (bind-src.tar.gz) = e78610fc1663cfe8c2db6a2d132d902b \nMD5 (bind-src.tar.gz.asc) = 40453b40819fd940ad4bfabd26425619 \n` \n`Windows NT / Windows 2000 binary distribution. \n` \n`<ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/readme1st.txt> \n<ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3.zip> \n<ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3.zip.asc> \n` \n`<ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/readme1sttools.txt> \n<ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3Tools.zip> \n<ftp://ftp.isc.org/isc/bind/contrib/ntbind-8.4.3/BIND8.4.3Tools.zip.asc> \n` \n`the md5 checksums are: \n` \n`MD5 (readme1st.txt) = ac4ce260f151dc1ab393c145f4288bba \nMD5 (BIND8.4.3.zip) = 7c3e333f90edbe3820952a62ff6ffdf3 \nMD5 (BIND8.4.3.zip.asc) = f2190cc390ce584c0cc624835bdcc8eb \n` \n`MD5 (readme1sttools.txt) = eef4c5782be1a1faac3ca0c756eaef05 \nMD5 (BIND8.4.3Tools.zip) = 8cb29c092394dfa430ef9ea47b6a02ea \nMD5 (BIND8.4.3Tools.zip.asc) = a77b2adb1f23db780f45efee32a92882 \n` \n`top of CHANGES says: \n` \n`--- 8.4.3 released --- (Mon Nov 24 17:27:52 PST 2003) \n` \n`1617.[cleanup]don't pre-fetch missing additional address records if \nwe have one of A/AAAA.` \n \n`1616.[func]turn on \"preferred-glue A;\" (if not specified in \nnamed.conf) if the answer space is a standard UDP \nmessage size or smaller.` \n \n`1615.[func]when query logging log whether TSIG (T) and/or EDNS (E) \nwas used to make the query.` \n \n`1614.[cleanup]on dual (IPv4+IPv6) stack servers delay the lookup of \nmissing glue if we have glue for one family.` \n \n`1613.[cleanup]notify: don't lookup A/AAAA records for nameservers \nif we don't support the address at the transport level.` \n \n`1612.[func]named now takes arguements -4 and -6 to limit the \nIP transport used for making queries.` \n \n`1611.[debug]better packet tracing in debug output (+ some lint). \n` \n`1610.[bug]don't explictly declare errno use <errno.h>. \n` \n`1609.[bug]drop_port() was being called with ports in network \norder rather than host order.` \n \n`1608.[port]sun: force alignment of answer in dig.c. \n` \n`1607.[bug]do not attempt to prime cache when recursion and \nfetch-glue are disabled.` \n \n`1606.[bug]sysquery duplicate detection was broken when \nusing forwarders.` \n \n`1605.[port]sun: force alignment of newmsg in ns_resp.c. \n` \n`1604.[bug]heap_delete() sometimes violated the heap invariant, \ncausing timer events not to be posted when due.` \n \n`1603.[port]ds_remove_gen() mishandled removal IPv6 interfaces. \n` \n`1602.[port]linux: work around a non-standard __P macro. \n` \n`1601.[bug]dig could report the wrong server address on transfers. \n` \n`1600.[bug]debug_freestr() prototype mismatch. \n` \n`1599.[bug]res_nsearch() save statp->res_h_errno instead of \nh_errno.` \n \n`1598.[bug]dprint_ip_match_list() fails to print the mask \ncorrectly.` \n \n`1597.[bug]use the actual presentation length of the IP address \nto determine if sprintf() is safe in write_tsig_info().` \n \n`--- 8.4.2 released --- (Thu Sep 4 06:58:22 PDT 2003) \n` \n`1596.[port]winnt: set USELOOPBACK in port_after.h \n` \n`1595.[bug]dig: strcat used instead of strcpy. \n` \n`1594.[bug]if only a single nameserver was listed in resolv.conf \nIPv6 default server was also being used.` \n \n`1593.[port]irix: update port/irix/irix_patch. \n` \n`1592.[port]irix: provide a sysctl() based getifaddrs() \nimplementation.` \n \n`1591.[port]irix: sa_len is a macro. \n` \n`1590.[port]irix: doesn't have msg_control (NO_MSG_CONTROL) \n` \n`1589.[port]linux: uninitalised variable. \n` \n`1588.[port]solaris: provide ALIGN. \n` \n`1587.[port]NGR_R_END_RESULT was not correct for some ports. \n` \n`1586.[port]winnt: revert to old socket behaviour for UDP \nsockets (Windows 2000 SP2 and later).` \n \n`1585.[port]solaris: named-xfer needs <fcntl.h>. \n` \n`1584.[port]bsdos: explictly include <netinet6/in6.h> for \n4.0 and 4.1.` \n \n`1583.[bug]add -X to named-xfer usage message. \n` \n`1582.[bug]ns_ownercontext() failed to set the correct owner \ncontext for AAAA records. ns_ptrcontext() failed \nto return the correct context for IP6.ARPA.` \n \n`1581.[bug]apply anti-cache poison techniques to negative \nanswers.` \n \n`1580.[bug]inet_net_pton() didn't fully handle implicit \nmulticast IPv4 network addresses.` \n \n`1579.[bug]ifa_addr can be NULL. \n` \n`1578.[bug]named-xfer: wrong arguement passed to getnameinfo(). \n` \n`1577. [func] return referrals for glue (NS/A/AAAA) if recursion \nis not desired (hp->rd = 0).` \n \n`1576.[bug]res_nsendsigned() incorrectly printed the truncated \nUDP response when RES_IGNTC was not set.` \n \n`1575.[bug]tcp_send() passed the wrong length to evConnect(). \n` \n`1574.[bug]res_nsendsigned() failed to handle truncation \ncleanly.` \n \n`1573.[bug]tsig_size was not being copied by ns_forw(). \n` \n`1572.[port]bsdos: missing #include <ifaddrs.h>. \n` \n`1571.[bug]AA was sometimes incorrectly set. \n` \n`1570.[port]decunix: change #1544 broke OSF1 3.2C. \n` \n`1569.[bug]remove extraneous closes. \n` \n`1568.[cleanup]reduce the memory footprint for large numbers of \nzones.` \n \n`1567.[port]winnt: install MSVC70.DLL and MFC70.DLL. \n` \n`1566.[bug]named failed to locate keys declared in masters \nclause.` \n \n`1565.[bug]named-xfer was failing to use TSIG. \n` \n`1564.[port]linux: allow static linkage to work. \n` \n`1563.[bug]ndc getargs_closure failed to NUL terminate strings. \n` \n`1562.[bug]handle non-responsive servers better. \n` \n`1561.[bug]rtt estimates were not being updated for IPv6 \naddresses.` \n \n`1560.[port]linux: add runtime support to handle old kernels \nthat don't know about msg_control.` \n \n`1559.[port]named, named-xfer: ensure that stdin, stdout and \nstderr are open.` \n \n`--- 8.4.1-P1 released --- (Sun Jun 15 17:35:10 PDT 2003) \n` \n`1558.[port]sunos4 doesn't have msg_control (NO_MSG_CONTROL). \n` \n`1557.[port]linux: socket returns EINVAL for unsupported family. \n` \n`1556.[bug]reference through NULL pointer. \n` \n`1555.[bug]sortlist wasn't being applied to AAAA queries. \n` \n`1554.[bug]IPv4 access list elements of the form number/number \n(e.g. 127/8) were not correctly defined.` \n \n`1553.[bug]getifaddrs*() failed to set ifa_dstaddr for point \nto point links (overwrote ifa_addr).` \n \n`1552.[bug]buffer overruns in getifaddrs*() if the server has \npoint to point links.` \n \n`1551.[port]freebsd: USE_IFNAMELINKIDS should be conditionally \ndefined.` \n \n`1550.[port]TruCluster support didn't build. \n` \n`1549.[port]Solaris 9 has /dev/random. \n` \n`--- 8.4.1-REL released --- (Sun Jun 8 15:11:32 PDT 2003) \n` \n`1548.[port]winnt: make recv visible from libbind. \n` \n`1547.[port]cope with spurious EINVAL from evRead. \n` \n`1546.[cleanup]dig now reports version 8.4. \n` \n`1545.[bug]getifaddrs_sun6 was broken. \n` \n`1544.[port]hpux 10.20 has a broken recvfrom(). Revert to recv() \nin named-xfer and work around deprecated recv() in \nOSF.` \n \n`1543.[bug]named failed to send notifies to servers that live \nin zones it was authoritative for.` \n \n`1542.[bug]set IPV6_USE_MIN_MTU on IPv6 sockets if the kernel \nsupports it.` \n \n`1541.[bug]getifaddrs_sun6() should be a no-op on early SunOS \nreleases.` \n \n`--- 8.4.0-REL released --- (Sun Jun 1 17:49:31 PDT 2003) \nBIND 8.3.7 Release` \n \n`BIND 8.3.7 is a security release of BIND 8.3. This is expected to \nbe the last release of BIND 8.3 except for security issues. \n` \n`The recommended version to use is BIND 9.2.3. If for whatever \nreason you must run BIND 8, use nothing earlier than 8.3.7-REL, \n8.4.2-REL. Do not under any circumstances run BIND 4. \n` \n`Highlights vs. 8.3.6 \nSecurity Fix: Negative Cache Poison Fix.` \n \n`Highlights vs. 8.3.5 \nMaintenance release.` \n \n`Highlights vs. 8.3.4 \nMaintenance release.` \n \n`Highlights vs. 8.3.3 \nSecurity Fix DoS and buffer overrun.` \n \n`Highlights vs. 8.3.2 \nSecurity Fix libbind. All applications linked against libbind \nneed to re-linked. \n'rndc restart' now preserves named's arguments` \n \n`Highlights vs. BIND 8.3.1: \ndig, nslookup, host and nsupdate have improved IPv6 support.` \n \n`Highlights vs. BIND 8.3.0: \n` \n`Critical bug fix to prevent DNS storms. If you have BIND 8.3.0 you \nneed to upgrade.` \n \n`the distribution files are: \n` \n`<ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-src.tar.gz> \n<ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-doc.tar.gz> \n<ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-contrib.tar.gz> \n` \n`the pgp signature files are: \n` \n`<ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-src.tar.gz.asc> \n<ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-doc.tar.gz.asc> \n<ftp://ftp.isc.org/isc/bind/src/8.3.7/bind-contrib.tar.gz.asc> \n` \n`the md5 checksums are: \n` \n`MD5 (bind-contrib.tar.gz) = 89009ee8d937cd652a77742644772023 \nMD5 (bind-contrib.tar.gz.asc) = 3b91ed818771d21aa37c3ecc4685ba9d \nMD5 (bind-doc.tar.gz) = b7ccbde30d8c43202eabf61a51366852 \nMD5 (bind-doc.tar.gz.asc) = 333f80ec3d12ef7fc27a19ba2f9a9be0 \nMD5 (bind-src.tar.gz) = 36cc1660eb7d73e872a1e5af6f832167 \nMD5 (bind-src.tar.gz.asc) = 50a45b11e12441142d6eac423c5d01c7 \n` \n`Windows NT / Windows 2000 binary distribution. \n` \n`There will be no Windows binary release of BIND 8.3.7. \nThe current Windows binary release is BIND 8.4.3.` \n \n`top of CHANGES says: \n` \n`--- 8.3.7-REL released --- (Wed Sep 3 21:01:37 PDT 2003) \n` \n`1581.[bug]apply anti-cache poison techniques to negative \nanswers.` \n \n`--- 8.3.6-REL released --- (Sun Jun 8 15:11:32 PDT 2003) \n`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### NetBSD __ Affected\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nNetBSD (1.6, 1.6.1 and current) is shipping with vulnerable version of BIND 8. We will upgrade to either 8.3.7 or 8.4.2 as soon as ISC releases the info to the public. Or, users might want to use BIND 9 from pkgsrc.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Nixu __ Affected\n\nNotified: October 21, 2003 Updated: November 20, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe current versions of Nixu NameSurfer are not affected by this issue as they ship with BIND 9.2.2. However, as NameSurfer Suite and NameSurfer Standard Edition also support all the earlier versions of BIND, Nixu recommends that all organizations operating an existing Nixu NameSurfer installation upgrade their visible nameservers to BIND versions 9.2.1 or newer; BIND9 is compatible with NameSurfer versions 3.0.1 or newer.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### SuSE Inc. __ Affected\n\nNotified: October 21, 2003 Updated: December 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \n`\n\n`______________________________________________________________________________ \n` \n`SUSE Security Announcement \n` \n`Package: bind8 \nAnnouncement-ID: SuSE-SA:2003:047 \nDate: Friday, Nov 28th 2003 15:30 MEST \nAffected products: 7.3, 8.0, 8.1, 8.2 \nVulnerability Type: cache poisoning/denial-of-service \nSeverity (1-10): 5 \nSUSE default package: yes \nCross References: CAN-2003-0914` \n \n`Content of this advisory: \n1) security vulnerability resolved:` \n`- caching negative answers \nproblem description, discussion, solution and upgrade information` \n`2) pending vulnerabilities, solutions, workarounds: \n- ethereal \n- KDE \n- mc \n- apache1/2 \n- gpg \n- freeradius \n- xscreensaver \n- screen \n- mod_gzip \n- gnpan` \n`3) standard appendix (further information) \n` \n`______________________________________________________________________________ \n` \n`1) problem description, brief discussion, solution, upgrade information \n` \n`To resolve IP addresses to host and domain names and vice versa the \nDNS service needs to be consulted. The most popular DNS software is \nthe BIND8 and BIND9 suite. The BIND8 code is vulnerable to a remote \ndenial-of-service attack by poisoning the cache with authoritative \nnegative responses that should not be accepted otherwise. \nTo execute this attack a name-server needs to be under malicious \ncontrol and the victim's bind8 has to query this name-server. \nThe attacker can set a high TTL value to keep his negative record as \nlong as possible in the cache of the victim. For this time the clients \nof the attacked site that rely on the bind8 service will not be able \nto reach the domain specified in the negative record. \nThese records should disappear after the time-interval (TTL) elapsed.` \n \n`There is no temporary workaround for this bug. \n` \n`To make this update effective run \"rcnamed restart\" as root please. \n` \n`Please download the update package for your distribution and verify its \nintegrity by the methods listed in section 3) of this announcement. \nThen, install the package using the command \"rpm -Fhv file.rpm\" to apply \nthe update. \nOur maintenance customers are being notified individually. The packages \nare being offered to install from the maintenance web.` \n \n \n`Intel i386 Platform: \n` \n`SuSE-8.2: \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/bind8-8.3.4-64.i586.rpm>` \n`3d44d46f0e8397c69d53e96aba9fbd6d \npatch rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/bind8-8.3.4-64.i586.patch.rpm>` \n`cce1df09a0b6fb5cbbddcc462f055c64 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/bind8-8.3.4-64.src.rpm>` \n`a980a0eca79de02f135fce1cbe84ee22 \n` \n`SuSE-8.1: \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bind8-8.2.4-336.i586.rpm>` \n`4a46d0560eac1ca5de77c12f8abe4952 \npatch rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/bind8-8.2.4-336.i586.patch.rpm>` \n`c8020302f6f161e9d86a3f1615304a23 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/bind8-8.2.4-336.src.rpm>` \n`c9ee184cbd1f1722c94de9fd66f11801 \n` \n`SuSE-8.0: \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/bind8-8.2.4-334.i386.rpm>` \n`f739fdb03a7df6685e0aa026f98a0389 \npatch rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/bind8-8.2.4-334.i386.patch.rpm>` \n`a3de26e06b689d29b4b4b08c04fa32f4 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/bind8-8.2.4-334.src.rpm>` \n`85d8d9fee3c8a029263777a45b4af011 \n` \n`SuSE-7.3: \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/bind8-8.2.4-334.i386.rpm>` \n`381c2b6f805ca30d0fefc98afaee9ba0 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/bind8-8.2.4-334.src.rpm>` \n`97a87469cfb573bdd89f8f3a2c02264f \n` \n \n \n`Sparc Platform: \n` \n`SuSE-7.3: \n``<ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/bind8-8.2.4-128.sparc.rpm>` \n`c08454b933ed2365d9d2ab1322803af6 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/bind8-8.2.4-128.src.rpm>` \n`827a7f56273c7a25ac40ffba728e9150 \n` \n \n \n`PPC Power PC Platform: \n` \n`SuSE-7.3: \n``<ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/bind8-8.2.4-243.ppc.rpm>` \n`12f1f205c08449e945c8ad344a8e3b41 \nsource rpm(s): \n``<ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/bind8-8.2.4-243.src.rpm>` \n`177093e76b3b8d2679089a1ab1c46d0e \n` \n`______________________________________________________________________________ \n` \n`2) Pending vulnerabilities in SUSE Distributions and Workarounds: \n` \n`- ethereal \nA new official version of ethereal, a network traffic analyzer, was \nreleased to fix various security-related problems. \nAn update package is currently being tested and will be released \nas soon as possible.` \n \n`- KDE \nNew KDE packages are currently being tested. These packages fixes \nseveral vulnerabilities:` \n`+ remote root compromise (CAN-2003-0690) \n+ weak cookies (CAN-2003-0692) \n+ SSL man-in-the-middle attack \n+ information leak through HTML-referrer (CAN-2003-0459) \n+ wrong file permissions of config files` \n`The packages will be release as soon as testing is finished. \n` \n`- mc \nBy using a special combination of links in archive-files it is possible \nto execute arbitrary commands while mc tries to open it in its VFS. \nThe packages are currently tested and will be release as soon as \npossible.` \n \n`- apache1/2 \nThe widely used HTTP server apache has several security vulnerabilities:` \n`- locally exploitable buffer overflow in the regular expression code. \nThe attacker must be able to modify .htaccess or httpd.conf. \n(affects: mod_alias and mod_rewrite)` \n`- under some circumstances mod_cgid will output its data to the \nwrong client (affects: apache2)` \n`The new packages are available on our FTP servers. \n` \n \n`- gpg \nIn GnuPG version 1.0.2 a new code for ElGamal was introduced. \nThis code leads to an attack on users who use ElGamal keys for \nsigning. It is possible to reconstruct the private ElGamal key \nby analyzing a public ElGamal signature. \nPlease note that the ElGamal algorithm is seldomly used and GnuPG \ndisplays several warnings when generating ElGamal signature keys. \nThe default key generation process in GnuPG will create a DSA signature \nkey and an ElGamal subkey for _encryption only_. These keys are not \naffected by this vulnerability. \nAnyone using ElGamal signature keys (type 20, check fourth field of \n\"gpg --list-keys --with-colon\" output) should revoke them.` \n \n`- freeradius \nTwo vulnerabilities were found in the FreeRADIUS package. \nThe remote denial-of-service attack bug was fixed and new packages \nwill be released as soon as testing was successfully finished. \nThe other bug is a remote buffer overflow in the module rlm_smb. \nWe do not ship this module and will fix it for future releases.` \n \n`- xscreensaver \nThe well known screen-saver for X is vulnerable to several local \ntmp file attacks as well as a crash when verifying a password. \nOnly SuSE Linux 9.0 products are affected. \nThe new packages are available on our FTP servers.` \n \n`- screen \nA buffer overflow in screen was reported. Since SuSE Linux 8.0 \nwe do not ship screen with the s-bit anymore. An update package \nwill be released for 7.3 as soon as possible.` \n \n`- mod_gzip \nThe apache module mod_gzip is vulnerable to remote code execution \nwhile running in debug-mode. We do not ship this module in debug-mode \nbut future versions will include the fix.` \n \n`- gnpan \nA remote denial-of-service attack can be run against the GNOME \nnews-reader program gnpan. This bug affects SuSE Linux 8.0, 8.1, 8.2. \nUpdate packages are available on our FTP servers.` \n \n`______________________________________________________________________________ \n` \n`3) standard appendix: authenticity verification, additional information \n` \n`- Package authenticity verification: \n` \n`SUSE update packages are available on many mirror ftp servers all over \nthe world. While this service is being considered valuable and important \nto the free and open source software community, many users wish to be \nsure about the origin of the package and its content before installing \nthe package. There are two verification methods that can be used \nindependently from each other to prove the authenticity of a downloaded \nfile or rpm package: \n1) md5sums as provided in the (cryptographically signed) announcement. \n2) using the internal gpg signatures of the rpm package.` \n \n`1) execute the command \nmd5sum <name-of-the-file.rpm>` \n`after you downloaded the file from a SUSE ftp server or its mirrors. \nThen, compare the resulting md5sum with the one that is listed in the \nannouncement. Since the announcement containing the checksums is \ncryptographically signed (usually using the key security@suse.de), \nthe checksums show proof of the authenticity of the package. \nWe disrecommend to subscribe to security lists which cause the \nemail message containing the announcement to be modified so that \nthe signature does not match after transport through the mailing \nlist software. \nDownsides: You must be able to verify the authenticity of the \nannouncement in the first place. If RPM packages are being rebuilt \nand a new version of a package is published on the ftp server, all \nmd5 sums for the files are useless.` \n \n`2) rpm package signatures provide an easy way to verify the authenticity \nof an rpm package. Use the command` \n`rpm -v --checksig <file.rpm> \nto verify the signature of the package, where <file.rpm> is the \nfilename of the rpm package that you have downloaded. Of course, \npackage authenticity verification can only target an un-installed rpm \npackage file. \nPrerequisites:` \n`a) gpg is installed \nb) The package is signed using a certain key. The public part of this` \n`key must be installed by the gpg program in the directory \n~/.gnupg/ under the user's home directory who performs the \nsignature verification (usually root). You can import the key \nthat is used by SUSE in rpm packages for SUSE Linux by saving \nthis announcement to a file (\"announcement.txt\") and \nrunning the command (do \"su -\" to be root):` \n`gpg --batch; gpg < announcement.txt | gpg --import \nSUSE Linux distributions version 7.1 and thereafter install the \nkey \"build@suse.de\" upon installation or upgrade, provided that \nthe package gpg is installed. The file containing the public key \nis placed at the top-level directory of the first CD (pubring.gpg) \nand at ``<ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de>`` .` \n \n \n`- SUSE runs two security mailing lists to which any interested party may \nsubscribe:` \n \n`suse-security@suse.com \n- general/linux/SUSE security discussion.` \n`All SUSE security announcements are sent to this list. \nTo subscribe, send an email to` \n`<suse-security-subscribe@suse.com>. \n` \n`suse-security-announce@suse.com \n- SUSE's announce-only mailing list.` \n`Only SUSE's security announcements are sent to this list. \nTo subscribe, send an email to` \n`<suse-security-announce-subscribe@suse.com>. \n` \n`For general information or the frequently asked questions (faq) \nsend mail to:` \n`<suse-security-info@suse.com> or \n<suse-security-faq@suse.com> respectively.` \n \n`===================================================================== \nSUSE's security contact is <security@suse.com> or <security@suse.de>. \nThe <security@suse.de> public key is listed below. \n=====================================================================` \n`______________________________________________________________________________ \n` \n`The information in this advisory may be distributed or reproduced, \nprovided that the advisory is not modified in any way. In particular, \nit is desired that the clear-text signature shows proof of the \nauthenticity of the text. \nSUSE Linux AG makes no warranties of any kind whatsoever with respect \nto the information contained in this security advisory.` \n \n`Type Bits/KeyID Date User ID \npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de> \npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de> \n` \n`- -----BEGIN PGP PUBLIC KEY BLOCK----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see ``<http://www.gnupg.org>`` \n` \n`mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff \n4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d \nM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO \nQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK \nXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE \nD3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd \nG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM \nCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE \nmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr \nYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD \nwmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d \nNfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe \nQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe \nLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t \nXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU \nD9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3 \n0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot \n1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW \ncRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E \nExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f \nAJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E \nOe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ \nHZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h \nt5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT \ntGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM \n523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q \n2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 \nQnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw \nJxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ \n1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH` \n`ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1` \n`wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY \nEQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol \n0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK \nCRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co \nSPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo \nomuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt \nA46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J \n/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE \nGrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf \nebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT \nZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 \nRQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ \n8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb \nB6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X \n11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA \n8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj \nqY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p \nWH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL \nhn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG \nBafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ \nAvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi \nRZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 \nzinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM \n/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 \nwhaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl \nD+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz \ndbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI \nRgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI \nDgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= \n=LRKC \n- -----END PGP PUBLIC KEY BLOCK----- \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.7 (GNU/Linux) \n` \n`iQEVAwUBP8dgT3ey5gA9JdPZAQH5LQf+MA/cLvB14QAZFTXwtqB2tNpcotkmJyF8 \noWbsWl7EnsF6hlR7tr3Hjk2bvpzE8yLShtckMvtVAy1Xj29fvWpHjtZM1TEfjWSk \nXgxeJ4n5HvKMjyOYopNgdbdQCvcr8v4eWjVA9ekK/WXikIXRWsiN9PhT6c0NQxfA \ntO7zHQYHhGwH4jae8aD6EPWJhc1sLzQMC4XCkFxIFlZouAtVr7rShDNUamKcaV63 \n5c1uhewBorqfD7o8x85OCXcAA9WEnEs7t/mJnHC0hLgYF259YxX3HtXrj18jnD8/ \nYvVnzfkQwDxRY3qALRjAfd05QGOGir75fSBCtofP2lDPg8igRFo8UQ== \n=fX7r \n-----END PGP SIGNATURE----- \n` \n`Bye, \nThomas` \n`-- \nThomas Biege <thomas@suse.de>, SUSE LINUX AG, Security Support & Auditing` \n`\"lynx -source ``<http://www.suse.de/~thomas/contact/thomas.asc>`` | pgp -fka\" \nKey fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 83` \n`-- \n... stay with me, safe and ignorant, go back to sleep...` \n`- Maynard James Keenan \n`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Sun Microsystems Inc. __ Affected\n\nNotified: October 21, 2003 Updated: December 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`All supported releases of Solaris (ie Solaris 7, 8 and 9) \nare affected by this issue. We have published a Sun Alert which is \navailable from: \n``<http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/57434>`` \n`\n\n`It describes a possible workaround that can be used until official patches \nare released. \n` \n`Supported Cobalt platforms and Sun Linux 5.0 are also affected. A Sun \nAlert will be published and will be available from: \n``<http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/>`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### The SCO Group (SCO UnixWare) __ Affected\n\nNotified: October 21, 2003 Updated: December 03, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nUnixWare 7.1.3: Unaffected current version of bind is 9.2.1. \nOpen UNIX 8.0.0 (aka UnixWare 7.1.2) Unaffected current version of bind is 9.2.0. \nUnixWare 7.1.1: Affected. Fix will be at \n\n\n \n<ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33> \nOpenServer: fix in-progress \n \nOpenLinux: also fix in-progress \n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n` \n \n`______________________________________________________________________________ \n` \n`SCO Security Advisory \n` \n`Subject:UnixWare 7.1.1 : Bind: cache poisoning BIND 8 prior to 8.3.7 and BIND 8.4.x prior 8.4.2 \nAdvisory number: CSSA-2003-SCO.33 \nIssue date: 2003 December 01 \nCross reference: sr886768 fz528464 erg712479 CAN-2003-0914 \n______________________________________________________________________________ \n` \n \n`1. Problem Description \n` \n`UnixWare 7.1.3 is unaffected by this issue because the \nversion of bind included in UnixWare 7.1.3 is 9.2.1.` \n \n`Open UNIX is also unaffected by this issue because the version \nof bind in Open UNIX 8.0.0 is 9.1.0.` \n \n`CERT/CC Incident Note VU#734644 \n` \n`BIND is an implementation of the Domain Name System (DNS) \nprotocols. Successful exploitation of this vulnerability \nmay result in a temporary denial of service.` \n \n`The Common Vulnerabilities and Exposures project (cve.mitre.org) \nhas assigned the name CAN-2003-0914 to this issue.` \n \n \n`2. Vulnerable Supported Versions \n` \n`SystemBinaries \n---------------------------------------------------------------------- \nUnixWare 7.1.1 /usr/sbin/addr` \n`/usr/sbin/dig \n/usr/sbin/dnskeygen \n/usr/sbin/dnsquery \n/usr/sbin/host \n/usr/sbin/in.named \n/usr/sbin/irpd \n/usr/sbin/mkservdb \n/usr/sbin/named-bootconf \n/usr/sbin/named-bootconf.pl \n/usr/sbin/named-xfer \n/usr/sbin/ndc \n/usr/sbin/nslookup \n/usr/sbin/nsupdate` \n \n`3. Solution \n` \n`The proper solution is to install the latest packages. \n` \n \n`4. UnixWare 7.1.1 \n` \n`4.1 Location of Fixed Binaries \n` \n`<ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33> \n` \n \n`4.2 Verification \n` \n`MD5 (erg712479.Z) = c1faea2a6a1da952e88c5123f88a2f89 \n` \n`md5 is available for download from \n<ftp://ftp.sco.com/pub/security/tools>` \n \n \n`4.3 Installing Fixed Binaries \n` \n`Upgrade the affected binaries with the following sequence: \n` \n`Unknown installation method \n` \n \n`5. References \n` \n`Specific references for this advisory: \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0914>` \n \n`SCO security resources: \n<http://www.sco.com/support/security/index.html>` \n \n`This security fix closes SCO incidents sr886768 fz528464 \nerg712479.` \n \n \n`6. Disclaimer \n` \n`SCO is not responsible for the misuse of any of the information \nwe provide on this website and/or through our security \nadvisories. Our advisories are a service to our customers \nintended to promote secure installation and use of SCO \nproducts.` \n`______________________________________________________________________________ \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.3 (SCO/UNIX_SVR5) \n` \n`iD8DBQE/y8gZaqoBO7ipriERAkRQAKCQ+f4Q5Etfz8L83tr/vGGRzI1kYQCgl/hK \ng7YQSKd9TDnf59KkuFTbrBQ= \n=XyVk \n-----END PGP SIGNATURE-----`\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Trustix Secure Linux __ Affected\n\nUpdated: December 01, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nPlease see `<http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt>`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n`\n\n`- -------------------------------------------------------------------------- \nTrustix Secure Linux Security Advisory #2003-0044 \n` \n`Package name: bind \nSummary: negative cache sec. fix \nDate: 2003-11-27 \nAffected versions: TSL 1.2, 1.5 \n` \n`- -------------------------------------------------------------------------- \nPackage description:` \n`BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain \nName System) protocols. BIND includes a DNS server (named), which resolves \nhost names to IP addresses, and a resolver library (routines for applications \nto use when interfacing with DNS). A DNS server allows clients to name \nresources or objects and share the information with other network machines. \nThe named DNS server can be used on workstations as a caching name server, \nbut is generally only needed on one machine for an entire network. Note that \nthe configuration files for making BIND act as a simple caching nameserver \nare included in the caching-nameserver package.Install the bind package if \nyou need a DNS server for your network. If you want bind to act a caching \nname server, you will also need to install the caching-nameserver package.` \n \n`Problem description: \nAccording the the bind announcment dated Thu, 27 Nov 2003, the new upstream \nbind 8.3.7 fixes a security problem:` \n \n`Security Fix: Negative Cache Poison Fix. \n` \n`This issue has been addressed in these updates. \n` \n \n`Action: \nWe recommend that all systems with this package installed be upgraded. \nPlease note that if you do not need the functionality provided by this \npackage, you may want to remove it from your system.` \n \n \n`Location: \nAll TSL updates are available from \n<URI:``<http://http.trustix.org/pub/trustix/updates/>``> \n<URI:``<ftp://ftp.trustix.org/pub/trustix/updates/>``>` \n \n \n`About Trustix Secure Linux: \nTrustix Secure Linux is a small Linux distribution for servers. With focus \non security and stability, the system is painlessly kept safe and up to \ndate from day one using swup, the automated software updater.` \n \n \n`Automatic updates: \nUsers of the SWUP tool can enjoy having updates automatically \ninstalled using 'swup --upgrade'.` \n \n \n`Public testing: \nThese packages have been available for public testing for some time. \nIf you want to contribute by testing the various packages in the \ntesting tree, please feel free to share your findings on the \ntsl-discuss mailinglist. \nThe testing tree is located at \n<URI:``<http://tsldev.trustix.org/cloud/>``>` \n \n`You may also use swup for public testing of updates: \n` \n`site { \nclass = 0 \nlocation = \"``<http://tsldev.trustix.org/cloud/rdfs/latest.rdf>``\" \nregexp = \".*\"` \n`} \n` \n \n`Questions? \nCheck out our mailing lists: \n<URI:``<http://www.trustix.org/support/>``>` \n \n \n`Verification: \nThis advisory along with all TSL packages are signed with the TSL sign key. \nThis key is available from: \n<URI:``<http://www.trustix.org/TSL-SIGN-KEY>``>` \n \n`The advisory itself is available from the errata pages at \n<URI:``<http://www.trustix.org/errata/trustix-1.2/>``> and \n<URI:``<http://www.trustix.org/errata/trustix-1.5/>``> \nor directly at \n<URI:``<http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt>``>` \n \n \n`MD5sums of the packages: \n- -------------------------------------------------------------------------- \n0e109cf7c3ec04f6adfbd3dddcbc94d3 ./1.5/srpms/bind-8.2.6-3tr.src.rpm \nb353b0517f50b18c6f2bb180151ad671 ./1.5/rpms/bind-utils-8.2.6-3tr.i586.rpm \n872ed56a159fa9e8404e30c6f6afdce0 ./1.5/rpms/bind-devel-8.2.6-3tr.i586.rpm \nade76318032b7a95f2426edcf10e75a8 ./1.5/rpms/bind-8.2.6-3tr.i586.rpm \n0e109cf7c3ec04f6adfbd3dddcbc94d3 ./1.2/srpms/bind-8.2.6-3tr.src.rpm \ndd01d1afce4afd60b08857706f2150ee ./1.2/rpms/bind-utils-8.2.6-3tr.i586.rpm \n590118f78a8cddbaf8dc8c142ef57cb3 ./1.2/rpms/bind-devel-8.2.6-3tr.i586.rpm \nca631fbe974a6926c8ba32b46c3ac7d4 ./1.2/rpms/bind-8.2.6-3tr.i586.rpm \n- -------------------------------------------------------------------------- \n` \n \n`TSL Security Team \n` \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.2 (GNU/Linux) \n` \n`iD8DBQE/xcQCi8CEzsK9IksRArTyAKCpbt7Z0zr7l/liVtKbiuGOQjBBXACgk74q \nRpVcOV3YngzwUxZcJLdDuls= \n=PazY \n-----END PGP SIGNATURE-----`\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Check Point __ Not Affected\n\nNotified: October 21, 2003 Updated: October 27, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nCheck Point products are not vulnerable to this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Cray Inc. __ Not Affected\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nCray Inc. is not vulnerable.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Hitachi __ Not Affected\n\nNotified: October 21, 2003 Updated: November 25, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nHitachi HI-UX/WE2 is NOT Vulnerable to this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Juniper Networks __ Not Affected\n\nNotified: October 21, 2003 Updated: December 03, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNo Juniper Networks products contain this vulnerability.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### MandrakeSoft __ Not Affected\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNo MandrakeSoft products are affected by this as we ship BIND9 in all of our products.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Nominum __ Not Affected\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nNominum products are not affected by this vulnerability.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Red Hat Inc. __ Not Affected\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nRed Hat ships Bind 9 in all our supported distributions and therefore we are not affected by this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### SGI __ Not Affected\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nSGI acknowledges VU#734644 reported by CERT and has determined that both SGI IRIX for MIPS systems and SGI ProPack Linux for Altix (IA64) are not vulnerable as BIND 8 does not ship with SGI IRIX or ProPack.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### adns __ Not Affected\n\nNotified: October 21, 2003 Updated: November 20, 2003 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nadns is not a nameserver and has no cache. It is not vulnerable to these kinds of problems.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### BSDI Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### BlueCat Networks Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Conectiva Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Debian Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### EMC Corporation Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Fujitsu Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### IBM eServer __ Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nIBM eServer Platform Response \n\n\nFor information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to \n[https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=3D](<https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=3D>) \n \nIn order to access this information you will require a Resource Link ID. To subscribe to Resource Link go to <http://app-06.www.ibm.com/servers/resourcelink> and follow the steps for registration. \n \nAll questions should be referred to [_servsec@us.ibm.com_](<mailto:servsec@us.ibm.com>).\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Ingrian Networks Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Lucent Technologies Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Men&Mice Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### MetaSolv Software Inc. Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### MontaVista Software Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### NEC Corporation Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Nokia Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Nortel Networks Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Novell Unknown\n\nNotified: November 17, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Sequent Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Sony Corporation Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### The SCO Group (SCO Linux) Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Unisys Unknown\n\nNotified: October 21, 2003 Updated: October 21, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Wind River Systems Inc. Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\n### Wirex Unknown\n\nNotified: October 21, 2003 Updated: November 17, 2003 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23734644 Feedback>).\n\nView all 45 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.isc.org/products/BIND/bind8.html>\n * [http://marc.theaimsgroup.com/?l=bind-announce&m=106988846219834&w=2](<http://marc.theaimsgroup.com/?l=bind-announce&m=106988846219834&w=2>)\n * [http://marc.theaimsgroup.com/?l=bind-announce&m=106988846919846&w=2](<http://marc.theaimsgroup.com/?l=bind-announce&m=106988846919846&w=2>)\n * <http://secunia.com/advisories/10300/>\n\n### Acknowledgements\n\nThe CERT/CC thanks the Internet Software Consortium for bringing this vulnerability to our attention.\n\nThis document was written by Jeffrey P. Lanza.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2003-0914](<http://web.nvd.nist.gov/vuln/detail/CVE-2003-0914>) \n---|--- \n**Severity Metric:** | 1.50 \n**Date Public:** | 2003-11-26 \n**Date First Published:** | 2003-12-01 \n**Date Last Updated: ** | 2004-01-05 00:30 UTC \n**Document Revision: ** | 42 \n", "modified": "2004-01-05T00:30:00", "published": "2003-12-01T00:00:00", "id": "VU:734644", "href": "https://www.kb.cert.org/vuls/id/734644", "type": "cert", "title": "ISC BIND 8 vulnerable to cache poisoning via negative responses", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-18T20:43:58", "bulletinFamily": "info", "cvelist": ["CVE-2003-0459", "CVE-2003-0689", "CVE-2003-0690", "CVE-2003-0692", "CVE-2003-0859", "CVE-2003-0962"], "description": "### Overview \n\nSome versions of the [rsync](<http://rsync.samba.org/>) program contain a remotely exploitable vulnerability. This vulnerability may allow an attacker to execute arbitrary code on the target system.\n\n### Description \n\nrsync is an[](<http://www.opensource.org/>) open source utility that provides fast incremental file transfer. It features the ability to operate as either a client or server when transferring data over a network.\n\nAn integer overflow error has been discovered in a portion of rsync's memory handling routines. An attacker sending an extremely large, specifically crafted file may be able to exploit this error to execute arbitrary code from the heap of the rsync process address space. This error results in a vulnerability primarily when the rsync program is used in server mode, accepting input from remote clients over the network. \n \nVersions of the rsync software 2.5.6 and earlier contain this flaw. **Note:** We have received reports of this vulnerability being used to successfully compromise systems. \n \n--- \n \n### Impact \n\nAn attacker may be able to execute arbitrary code in the context of the user running the rsync server, often `root`. \n \n--- \n \n### Solution \n\n**Apply patches** \n \nrsync version 2.5.7 has been released and contains patches to address this vulnerability. \n \nUsers using packaged versions of the rsync software are encouraged to review the vendor information in the Systems Affected section of this document for more details. Users compiling the rsync software from the distribution source code can obtain the patched version from the [rsync homepage](<http://rsync.samba.org/>). \n \n--- \n \n**Workarounds**\n\n \nAdministrators, particularly those who are unable to apply the patches in a timely fashion, are encouraged to consider implementing the following workarounds: \n\n\n * Disable the rsync service on systems that do not require it to be running.\n * Filter access to the rsync service. The rsync service normally runs on port `873/tcp`. Limiting access to this port from trusted clients may reduce exposure to this vulnerability. \n--- \n \n### Vendor Information\n\n325603\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Apple Computer, Inc. __ Affected\n\nUpdated: January 21, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe following is Apple's response for the Jaguar (MacOS X 10.2.x) product:\n\n[![APPLE-SA-2003-12-19_Jaguar.asc](https://kb.cert.org/static-bigvince-prod-kb-eb/vincepub/images/CRDY-5VET4H_0.gif)](<https://kb.cert.org/static-bigvince-prod-kb-eb/vincepub/files/CRDY-5VET4H_attach_APPLE-SA-2003-12-19_Jaguar.asc> \"APPLE-SA-2003-12-19_Jaguar.asc\" ) \n \nThe following is Apple's response for the Panther (MacOS X 10.3.x) product: \n \n[![APPLE-SA-2003-12-19_Panther.asc](https://kb.cert.org/static-bigvince-prod-kb-eb/vincepub/images/CRDY-5VET4H_1.gif)](<https://kb.cert.org/static-bigvince-prod-kb-eb/vincepub/files/CRDY-5VET4H_attach_APPLE-SA-2003-12-19_Panther.asc> \"APPLE-SA-2003-12-19_Panther.asc\" )\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### Debian Linux __ Affected\n\nUpdated: December 08, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1`\n\n`- -------------------------------------------------------------------------- \nDebian Security Advisory DSA 404-1 security@debian.org \n<http://www.debian.org/security/> Martin Schulze \nDecember 4th, 2003 <http://www.debian.org/security/faq> \n- --------------------------------------------------------------------------` \n \n`Package : rsync \nVulnerability : heap overflow \nProblem-Type : remote \nDebian-specific: no \nCVE ID : CAN-2003-0962` \n \n`The rsync team has received evidence that a vulnerability in all \nversions of rsync prior to 2.5.7, a fast remote file copy program, was \nrecently used in combination with a Linux kernel vulnerability to \ncompromise the security of a public rsync server.` \n \n`While this heap overflow vulnerability could not be used by itself to \nobtain root access on an rsync server, it could be used in combination \nwith the recently announced do_brk() vulnerability in the Linux kernel \nto produce a full remote compromise.` \n \n`Please note that this vulnerability only affects the use of rsync as \nan \"rsync server\". To see if you are running a rsync server you \nshould use the command \"netstat -a -n\" to see if you are listening on \nTCP port 873. If you are not listening on TCP port 873 then you are \nnot running an rsync server.` \n \n`For the stable distribution (woody) this problem has been fixed in \nversion 2.5.5-0.2.` \n \n`For the unstable distribution (sid) this problem has been fixed in \nversion 2.5.6-1.1.` \n \n`However, since the Debian infrastructure is not yet fully functional \nafter the recent break-in, packages for the unstable distribution are \nnot able to enter the archive for a while. Hence they were placed in \nmy home directory on the security machine:` \n \n` <<http://klecker.debian.org/~joey/rsync/>>` \n \n`We recommend that you upgrade your rsync package immediately if you \nare providing remote sync services. If you are running testing and \nprovide remote sync services please use the packages for woody.` \n \n \n`Upgrade Instructions \n- --------------------` \n \n`wget url \nwill fetch the file for you \ndpkg -i file.deb \nwill install the referenced file.` \n \n`If you are using the apt-get package manager, use the line for \nsources.list as given below:` \n \n`apt-get update \nwill update the internal database \napt-get upgrade \nwill install corrected packages` \n \n`You may use an automated update by adding the resources from the \nfooter to the proper configuration.` \n \n \n`Debian GNU/Linux 3.0 alias woody \n- --------------------------------` \n \n` Source archives:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2.dsc> \nSize/MD5 checksum: 545 466c30b8dac303dc23a4e33bb64710ca \n<http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2.diff.gz> \nSize/MD5 checksum: 91526 a81021e1b1b60ae99e3fc95262ca96d6 \n<http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5.orig.tar.gz> \nSize/MD5 checksum: 415156 39d76c62684750842d3884a77c2e5466` \n \n` Alpha architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_alpha.deb> \nSize/MD5 checksum: 227344 b885337ced8ec3c902b4ef43d560cff5` \n \n` ARM architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_arm.deb> \nSize/MD5 checksum: 206240 4e39539b438128912b4d0f4971134eb4` \n \n` Intel IA-32 architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_i386.deb> \nSize/MD5 checksum: 199034 50f61c7b8a009767093e36ba68790a7b` \n \n` Intel IA-64 architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_ia64.deb> \nSize/MD5 checksum: 255378 886348cd33646fc167da6b1a9cbdc165` \n \n` HP Precision architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_hppa.deb> \nSize/MD5 checksum: 213962 6057690f85e14d01072ab6a84ad52996` \n \n` Motorola 680x0 architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_m68k.deb> \nSize/MD5 checksum: 189620 d3c784bb621d2c7a66a2bd3fa418fad8` \n \n` Big endian MIPS architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_mips.deb> \nSize/MD5 checksum: 216122 f22358818b785d4bdb43cc56e0140f0a` \n \n` Little endian MIPS architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_mipsel.deb> \nSize/MD5 checksum: 216420 1e40db535e7b1d8340d65f101b2bb60a` \n \n` PowerPC architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_powerpc.deb> \nSize/MD5 checksum: 205436 d4bc1decf806f2102f434875ab4aa66e` \n \n` Sun Sparc architecture:` \n \n` <http://security.debian.org/pool/updates/main/r/rsync/rsync_2.5.5-0.2_sparc.deb> \nSize/MD5 checksum: 205234 510bca72eacacf257b170da8c66b2255` \n \n \n` These files will probably be moved into the stable distribution on \nits next revision.` \n \n`- --------------------------------------------------------------------------------- \nFor apt-get: deb <http://security.debian.org/> stable/updates main \nFor dpkg-ftp: <ftp://security.debian.org/debian-security> dists/stable/updates/main \nMailing list: debian-security-announce@lists.debian.org \nPackage info: `apt-cache show <pkg>' and <http://packages.debian.org/><pkg>` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.3 (GNU/Linux)` \n \n`iD8DBQE/z1w+W5ql+IAeqTIRAjA1AKC2+FkwWYUldK/vIazUi5wQkUYUaQCgl0S2 \ncKh+9lGwpAOPnSfTWxs9QgM= \n=EV6V \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### FreeBSD, Inc. __ Affected\n\nUpdated: December 08, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\n`rsync` is included as a third-party \"port\" in the FreeBSD system. A fix was committed to the FreeBSD ports collection CVS repository on 2003-12-04. FreeBSD users who have installed the `rsync` port are encouraged to update their ports tree and reinstall with the patched version.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### Gentoo Linux __ Affected\n\nUpdated: August 02, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe Gentoo Linux Security Team has released [GLSA-200312-03](<http://www.gentoo.org/security/en/glsa/glsa-200312-03.xml>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### Guardian Digital Inc. __ Affected\n\nUpdated: December 08, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1`\n\n`+------------------------------------------------------------------------+ \n| Guardian Digital Security Advisory December 04, 2003 | \n| <http://www.guardiandigital.com> ESA-20031204-032 | \n| | \n| Package: rsync | \n| Summary: heap overflow vulnerability | \n+------------------------------------------------------------------------+` \n \n` EnGarde Secure Linux is an enterprise class Linux platform engineered \nto enable corporations to quickly and cost-effectively build a complete \nand secure Internet presence while preventing Internet threats.` \n \n`OVERVIEW \n- -------- \nA heap overflow vulnerability has been discovered in all versions of \nrsync prior to 2.5.7. This vulnerability, exploitable when rsync is \nbeing run in \"server mode\", may allow the attacker to run arbitrary \ncode on the compromised server.` \n \n` Guardian Digital has backported these fixes to version 2.4.6.` \n \n` The Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the name CAN-2003-0962 to this issue.` \n \n` Guardian Digital products affected by this issue include:` \n \n` EnGarde Secure Community v1.0.1 \nEnGarde Secure Community v2 \nEnGarde Secure Professional v1.1 \nEnGarde Secure Professional v1.2 \nEnGarde Secure Professional v1.5` \n \n` It is recommended that all users apply this update as soon as possible.` \n \n`SOLUTION \n- -------- \nGuardian Digital Secure Network subscribers may automatically update \naffected systems by accessing their account from within the Guardian \nDigital WebTool.` \n \n` To modify your GDSN account and contact preferences, please go to:` \n \n` <https://www.guardiandigital.com/account/>` \n \n` Below are MD5 sums for the updated EnGarde Secure Linux 1.0.1 packages:` \n \n` SRPMS/rsync-2.4.6-1.0.7.src.rpm \nMD5 Sum: 0059b139dce38f237019ae64a5dfbd84` \n \n` i386/rsync-2.4.6-1.0.7.i386.rpm \nMD5 Sum: 3d6cba56a9ccf244f7078cdfc1704b5d` \n \n` i686/rsync-2.4.6-1.0.7.i686.rpm \nMD5 Sum: 68392cd5df92513f75107c037e7c6a29` \n \n`REFERENCES \n- ---------- \nGuardian Digital's public key: \n<http://ftp.engardelinux.org/pub/engarde/ENGARDE-GPG-KEY>` \n \n` rsync's Official Web Site: \n<http://rsync.samba.org>` \n \n` Guardian Digital Advisories: \n<http://infocenter.guardiandigital.com/advisories/>` \n \n` Security Contact: security@guardiandigital.com` \n \n`- -------------------------------------------------------------------------- \nAuthor: Ryan W. Maple <ryan@guardiandigital.com> \nCopyright 2003, Guardian Digital, Inc.` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.2 (GNU/Linux)` \n \n`iD8DBQE/z4wBHD5cqd57fu0RAtoCAKCOn4ObAhwgBnVw/iFSd+Gne8kliACeMrtV \nY2hQtIKhRq9ZZspp/BpPoDc= \n=TrBp \n-----END PGP SIGNATURE----- \n------------------------------------------------------------------------ \nTo unsubscribe email engarde-security-request@engardelinux.org \nwith \"unsubscribe\" in the subject of the message.` \n \n`Copyright(c) 2003 Guardian Digital, Inc. GuardianDigital.com \n------------------------------------------------------------------------`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### Immunix __ Affected\n\nUpdated: August 02, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe Immunix Security Team has published Immunix Secured OS Security Advisory [IMNX-2003-73-001-01](<http://download.immunix.org/ImmunixOS/7.3/Updates/errata/IMNX-2003-73-001-01>)in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### Mandriva, Inc. __ Affected\n\nUpdated: December 08, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1`\n\n`- -------------------------------------------------------------------------- \nCONECTIVA LINUX SECURITY ANNOUNCEMENT \n- --------------------------------------------------------------------------` \n \n`PACKAGE : rsync \nSUMMARY : Fix for remote vulnerability \nDATE : 2003-12-04 18:46:00 \nID : CLA-2003:794 \nRELEVANT \nRELEASES : 8, 9` \n \n`- -------------------------------------------------------------------------` \n \n`DESCRIPTION \n\"rsync\"[1] is a program used mainly to mirror files between remote \nsites. \n \nrsync versions prior to 2.5.7 have a heap buffer overflow \nvulnerability[2] which can be exploited by remote attackers to \nexecute arbitrary code. \n \nThis vulnerability specially affects installations where rsync is \nused as a server/daemon, that is, where it was started with the \n--daemon command line argument. \n \nA new rsync version, 2.5.7, was released by the authors to address \nthis vulnerability.` \n \n \n`SOLUTION \nIt is recommended that all rsync users upgrade their packages. \n \nIMPORTANT: after the update, the rsync server must be restarted \nmanually if it was already running. \n \n \nREFERENCES \n1. <http://rsync.samba.org/> \n2. <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0962>` \n \n \n`UPDATED PACKAGES \n<ftp://atualizacoes.conectiva.com.br/8/SRPMS/rsync-2.5.7-5U80_1cl.src.rpm> \n<ftp://atualizacoes.conectiva.com.br/8/RPMS/rsync-2.5.7-5U80_1cl.i386.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/SRPMS/rsync-2.5.7-13508U90_1cl.src.rpm> \n<ftp://atualizacoes.conectiva.com.br/9/RPMS/rsync-2.5.7-13508U90_1cl.i386.rpm>` \n \n \n`ADDITIONAL INSTRUCTIONS \nThe apt tool can be used to perform RPM packages upgrades:` \n \n` - run: apt-get update \n- after that, execute: apt-get upgrade` \n \n` Detailed instructions reagarding the use of apt and upgrade examples \ncan be found at <http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en>` \n \n`- ------------------------------------------------------------------------- \nAll packages are signed with Conectiva's GPG key. The key and instructions \non how to import it can be found at \n<http://distro.conectiva.com.br/seguranca/chave/?idioma=en> \nInstructions on how to check the signatures of the RPM packages can be \nfound at <http://distro.conectiva.com.br/seguranca/politica/?idioma=en>` \n \n`- ------------------------------------------------------------------------- \nAll our advisories and generic update instructions can be viewed at \n<http://distro.conectiva.com.br/atualizacoes/?idioma=en>` \n \n`- ------------------------------------------------------------------------- \nCopyright (c) 2003 Conectiva Inc. \n<http://www.conectiva.com>` \n \n`- ------------------------------------------------------------------------- \nsubscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br \nunsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see <http://www.gnupg.org>` \n \n`iD8DBQE/z50v42jd0JmAcZARAi28AKC87tMeZ78lZDrz7r2VQ37VLcE3FQCg0639 \n36tHDoREvYy7zxf45fVsP0U= \n=rxDT \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### OpenBSD __ Affected\n\nUpdated: December 08, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`A heap overflow exists in rsync versions 2.5.6 and below that can \nbe used by an attacker to run arbitrary code. The bug only affects \nrsync in server (daemon) mode and occurs *after* rsync has dropped \nprivileges. By default, server will chroot(2) to the root of the \nfile tree being served which significantly mitigates the impact of \nthe bug. Installations that disable this behavior by placing \"use \nchroot = no\" in rsyncd.conf are vulnerable to attack. \n`\n\n`Sites that do run rsync in server mode should update their rsync \npackage as soon as possible. The rsync port has been updated in \nthe 3.3 and 3.4 -stable branches and a new binary package has been \nbuilt for OpenBSD 3.4/i386. It can be downloaded from: \n` \n`<ftp://ftp.openbsd.org/pub/OpenBSD/3.4/packages/i386/rsync-2.5.7.tgz>`` \n` \n`For more information on the bug, see: \n` \n`<http://rsync.samba.org/>`` \n` \n`For more information on packages errata, see: \n` \n`<http://www.openbsd.org/pkg-stable.html>`` \n`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### OpenPKG __ Affected\n\nUpdated: August 02, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe OpenPKG Security Team has released [OpenPKG-SA-2003.051](<http://www.openpkg.org/security/OpenPKG-SA-2003.051-rsync.txt>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### SCO __ Affected\n\nUpdated: August 02, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe SCO Group has released SCO Security Advisory [CSSA-2004-010.0](<ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-010.0.txt>) in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### SGI __ Affected\n\nUpdated: January 21, 2004 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE-----`\n\n`______________________________________________________________________________ \nSGI Security Advisory` \n \n` Title : SGI Advanced Linux Environment security update #6 \nNumber : 20031202-01-U \nDate : December 10, 2003 \nReference : Red Hat Advisory RHSA-2003:399-06, CAN-2003-0962 \nFixed in : Patch 10037 for SGI ProPack v2.3 \n______________________________________________________________________________` \n \n`SGI provides this information freely to the SGI user community for its \nconsideration, interpretation, implementation and use. SGI recommends that \nthis information be acted upon as soon as possible.` \n \n`SGI provides the information in this Security Advisory on an \"AS-IS\" basis \nonly, and disclaims all warranties with respect thereto, express, implied \nor otherwise, including, without limitation, any warranty of merchantability \nor fitness for a particular purpose. In no event shall SGI be liable for \nany loss of profits, loss of business, loss of data or for any indirect, \nspecial, exemplary, incidental or consequential damages of any kind arising \nfrom your use of, failure to use or improper use of any of the instructions \nor information in this Security Advisory. \n______________________________________________________________________________` \n \n`- -------------- \n- --- Update --- \n- --------------` \n \n`SGI has released Patch 10037: SGI Advanced Linux Environment security \nupdate #6, which includes updated RPMs for SGI ProPack v2.3 for the Altix \nfamily of systems, in response to the following erratas released by Red Hat:` \n \n` New rsync packages fix remote security vulnerability \n<http://rhn.redhat.com/errata/RHSA-2003-399.html>` \n \n`Patch 10037 is available from <http://support.sgi.com/> and \n<ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/>` \n \n`The individual RPMs from Patch 10037 are available from: \n<ftp://oss.sgi.com/projects/sgi_propack/download/2.3/updates/RPMS> \n<ftp://oss.sgi.com/projects/sgi_propack/download/2.3/updates/SRPMS>` \n \n \n`- ------------- \n- --- Links --- \n- -------------` \n \n`SGI Security Advisories can be found at: \n<http://www.sgi.com/support/security/> and \n<ftp://patches.sgi.com/support/free/security/advisories/>` \n \n`Red Hat Errata: Security Alerts, Bugfixes, and Enhancements \n<http://www.redhat.com/apps/support/errata/>` \n \n`SGI Advanced Linux Environment security updates can found on: \n<ftp://oss.sgi.com/projects/sgi_propack/download/>` \n \n`SGI patches can be found at the following patch servers: \n<http://support.sgi.com/>` \n \n`The primary SGI anonymous FTP site for security advisories and \nsecurity patches is <ftp://patches.sgi.com/support/free/security/>` \n \n \n`- ----------------------------------------- \n- --- SGI Security Information/Contacts --- \n- -----------------------------------------` \n \n`If there are questions about this document, email can be sent to \nsecurity-info@sgi.com.` \n \n` ------oOo------` \n \n`SGI provides security information and patches for use by the entire SGI \ncommunity. This information is freely available to any person needing the \ninformation and is available via anonymous FTP and the Web.` \n \n`The primary SGI anonymous FTP site for security advisories and patches is \npatches.sgi.com. Security advisories and patches are located under the URL \n<ftp://patches.sgi.com/support/free/security/>` \n \n`The SGI Security Headquarters Web page is accessible at the URL: \n<http://www.sgi.com/support/security/>` \n \n`For issues with the patches on the FTP sites, email can be sent to \nsecurity-info@sgi.com.` \n \n`For assistance obtaining or working with security patches, please \ncontact your SGI support provider.` \n \n` ------oOo------` \n \n`SGI provides a free security mailing list service called wiretap and \nencourages interested parties to self-subscribe to receive (via email) all \nSGI Security Advisories when they are released. Subscribing to the mailing \nlist can be done via the Web \n(<http://www.sgi.com/support/security/wiretap.html>) or by sending email to \nSGI as outlined below.` \n \n`% mail wiretap-request@sgi.com \nsubscribe wiretap < YourEmailAddress such as midwatch@sgi.com > \nend \n^d` \n \n`In the example above, <YourEmailAddress> is the email address that you wish \nthe mailing list information sent to. The word end must be on a separate \nline to indicate the end of the body of the message. The control-d (^d) is \nused to indicate to the mail program that you are finished composing the \nmail message.` \n \n \n` ------oOo------` \n \n`SGI provides a comprehensive customer World Wide Web site. This site is \nlocated at <http://www.sgi.com/support/security/> .` \n \n` ------oOo------` \n \n`If there are general security questions on SGI systems, email can be sent to \nsecurity-info@sgi.com.` \n \n`For reporting *NEW* SGI security issues, email can be sent to \nsecurity-alert@sgi.com or contact your SGI support provider. A support \ncontract is not required for submitting a security report.` \n \n`______________________________________________________________________________ \nThis information is provided freely to all interested parties \nand may be redistributed provided that it is not altered in any \nway, SGI is appropriately credited and the document retains and \nincludes its valid PGP signature.` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: 2.6.2` \n \n`iQCVAwUBP9dSdLQ4cFApAP75AQEpvwP/VUYN6tEWVK47JO90wYp/eGobWry029x4 \nbrCSObwxcogBJhmUlc/ertL6UDAVoE99cC9Q6xqcSROw+SqAQvOs0ak0vyxEJLqR \nSY/Qlzh0RqWtw+dnCfrHd+NNlMbhg1wol9iYGFcYfvs9zq/9g7DGghZY6limDQTr \nJEGOtCeFyGA= \n=VZhA \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### SUSE Linux __ Affected\n\nUpdated: December 08, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE-----`\n\n`______________________________________________________________________________` \n \n` SUSE Security Announcement` \n \n` Package: rsync \nAnnouncement-ID: SuSE-SA:2003:050 \nDate: Thursday, Dec 4th 2003 14:30 MET \nAffected products: 7.3, 8.0, 8.1, 8.2, 9.0 \nSuSE Linux Database Server, \nSuSE eMail Server III, 3.1 \nSuSE Linux Enterprise Server 7, 8 \nSuSE Linux Firewall on CD/Admin host \nSuSE Linux Connectivity Server \nSuSE Linux Office Server \nVulnerability Type: local privilege escalation \nSeverity (1-10): 4 \nSUSE default package: no \nCross References: CAN-2003-0962` \n \n` Content of this advisory: \n1) security vulnerability resolved: heap overflow \nproblem description, discussion, solution and upgrade information \n2) pending vulnerabilities, solutions, workarounds: \n- discontinue of SuSE Linux 7.3 \n- KDE \n- mc \n- apache \n- screen \n- mod_gzip \n- unace \n3) standard appendix (further information)` \n \n`______________________________________________________________________________` \n \n`1) problem description, brief discussion, solution, upgrade information` \n \n` The rsync suite provides client and server tools to easily support an \nadministrator keeping the files of different machines in sync. \nIn most private networks the rsync client tool is used via SSH to fulfill \nhis tasks. In an open environment rsync is run in server mode accepting \nconnections from many untrusted hosts with, but mostly without, \nauthentication. \nThe rsync server drops its root privileges soon after it was started and \nper default creates a chroot environment. \nDue to insufficient integer/bounds checking in the server code a heap \noverflow can be triggered remotely to execute arbitrary code. This code \ndoes not get executed as root and access is limited to the chroot \nenvironment. The chroot environment maybe broken afterwards by abusing \nfurther holes in system software or holes in the chroot setup.` \n \n` Your are not vulnerable as long as you do not use rsync in server mode \nor you use authentication to access the rsync server.` \n \n` As a temporary workaround you can disable access to your rsync server for \nuntrusted parties, enable authentication or switch back to rsync via SSH.` \n \n` Please download the update package for your distribution and verify its \nintegrity by the methods listed in section 3) of this announcement. \nThen, install the package using the command \"rpm -Fhv file.rpm\" to apply \nthe update. \nOur maintenance customers are being notified individually. The packages \nare being offered to install from the maintenance web.` \n \n \n \n` Intel i386 Platform:` \n \n` SuSE-9.0: \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/rsync-2.5.6-193.i586.rpm> \ne848708286572c8a793819e5a358274a \npatch rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/rsync-2.5.6-193.i586.patch.rpm> \nd70f7726a2c8850a8c085bdbe9afbf27 \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/rsync-2.5.6-193.src.rpm> \n45e14417a64704fcee1dfea390a5b3f6` \n \n` SuSE-8.2: \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/rsync-2.5.6-193.i586.rpm> \n341d1da31000831d994e48d0714b576d \npatch rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/rsync-2.5.6-193.i586.patch.rpm> \nd94f1a84fc07e92dfc87471f909314c9 \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/rsync-2.5.6-193.src.rpm> \n16b19cc2331ff577f2d1f9e116e74625` \n \n` SuSE-8.1: \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/rsync-2.5.5-258.i586.rpm> \n28799a5950666eb7f104e2831575fb3c \npatch rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/rsync-2.5.5-258.i586.patch.rpm> \n02557d2de1dc27ffd97845ebabb336b6 \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/rsync-2.5.5-258.src.rpm> \n6a7cd73509acf3cca12d9a4f4b3aec98` \n \n` SuSE-8.0: \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/rsync-2.4.6-499.i386.rpm> \ncf9fde4bcf1f3af3e3c5ae6bf5ceba85 \npatch rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/rsync-2.4.6-499.i386.patch.rpm> \n0a61425e9bb345fe73e42926408257cb \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/rsync-2.4.6-499.src.rpm> \nd5c29841ff1f387cb003c359eee868df` \n \n` SuSE-7.3: \n<ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/rsync-2.4.6-499.i386.rpm> \n67b2400ee15d739e75a1463db7d003ca \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/rsync-2.4.6-499.src.rpm> \nececccdf316a4d98c66315fc560eb9b1` \n \n \n \n` Sparc Platform:` \n \n` SuSE-7.3: \n<ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/rsync-2.4.6-190.sparc.rpm> \nbd408eb2cfe82206439c78a1fbaecf60 \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/rsync-2.4.6-190.src.rpm> \ne500422c7cf0dc39c6bb3cf2445d9998` \n \n \n \n` SuSE-7.3: \n<ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/rsync-2.4.6-309.ppc.rpm> \n7eebb018bce237a4f351f5e00761ead1 \nsource rpm(s): \n<ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/rsync-2.4.6-309.src.rpm> \n2dd16900d70cbf06454dcd52b822a0ae` \n \n`______________________________________________________________________________` \n \n`2) Pending vulnerabilities in SUSE Distributions and Workarounds:` \n \n` - discontinue of SuSE Linux 7.3 \nTwo years after the release, SUSE will discontinue providing updates \nand security fixes for the SuSE Linux 7.3 consumer product on the \nIntel i386 and the PPC Power PC architectures. Vulnerabilities found \nafter December 15th 2003 will not be fixed any more for SuSE Linux \n7.3. \nDirectory structures referring to the SuSE Linux 7.3 release will be \nmoved to the discontinued/ tree on our main ftp server ftp.suse.com \nthe distribution directories first, followed by the update/ directory \ntree in January 2004. \nPlease note that our SuSE Linux Enterprise Server family products have \na much longer support period. These products are not concerned by this \nannouncement.` \n \n` - KDE \nNew KDE packages are currently being tested. These packages fixes \nseveral vulnerabilities: \n+ remote root compromise (CAN-2003-0690) \n+ weak cookies (CAN-2003-0692) \n+ SSL man-in-the-middle attack \n+ information leak through HTML-referrer (CAN-2003-0459) \n+ wrong file permissions of config files \nThe packages will be release as soon as testing is finished.` \n \n` - mc \nBy using a special combination of links in archive-files it is possible \nto execute arbitrary commands while mc tries to open it in its VFS. \nThe packages are currently tested and will be release as soon as \npossible.` \n \n` - apache1/2 \nThe widely used HTTP server apache has several security vulnerabilities: \n- locally exploitable buffer overflow in the regular expression code. \nThe attacker must be able to modify .htaccess or httpd.conf. \n(affects: mod_alias and mod_rewrite) \n- under some circumstances mod_cgid will output its data to the \nwrong client (affects: apache2) \nUpdate packages are available on our FTP servers.` \n \n` - freeradius \nTwo vulnerabilities were found in the FreeRADIUS package. \nThe remote denial-of-service attack bug was fixed and new packages \nwill be released as soon as testing was successfully finished. \nThe other bug is a remote buffer overflow in the module rlm_smb. \nWe do not ship this module and will fix it for future releases.` \n \n` - screen \nA buffer overflow in screen was reported. Since SuSE Linux 8.0 \nwe do not ship screen with the s-bit anymore. An update package \nwill be released for 7.3 as soon as possible.` \n \n` - mod_gzip \nThe apache module mod_gzip is vulnerable to remote code execution \nwhile running in debug-mode. We do not ship this module in debug-mode \nbut future versions will include the fix. \nAdditionally the mod_gzip code was audited to fix more possible security \nrelated bugs.` \n \n` - unace \nThe tool unace for handling the archive format ACE is vulnerable to \na buffer overflow that can be triggered with long file-names as command \nline argument. This only affects unace version 2.5. Unfortunately this \ntool is provided closed source only from the author. Therefore we are \nunable to check for other bugs or look at the patch. \nUpdate packages are available from our FTP servers. \n \n______________________________________________________________________________` \n \n`3) standard appendix: authenticity verification, additional information` \n \n` - Package authenticity verification:` \n \n` SUSE update packages are available on many mirror ftp servers all over \nthe world. While this service is being considered valuable and important \nto the free and open source software community, many users wish to be \nsure about the origin of the package and its content before installing \nthe package. There are two verification methods that can be used \nindependently from each other to prove the authenticity of a downloaded \nfile or rpm package: \n1) md5sums as provided in the (cryptographically signed) announcement. \n2) using the internal gpg signatures of the rpm package.` \n \n` 1) execute the command \nmd5sum <name-of-the-file.rpm> \nafter you downloaded the file from a SUSE ftp server or its mirrors. \nThen, compare the resulting md5sum with the one that is listed in the \nannouncement. Since the announcement containing the checksums is \ncryptographically signed (usually using the key security@suse.de), \nthe checksums show proof of the authenticity of the package. \nWe disrecommend to subscribe to security lists which cause the \nemail message containing the announcement to be modified so that \nthe signature does not match after transport through the mailing \nlist software. \nDownsides: You must be able to verify the authenticity of the \nannouncement in the first place. If RPM packages are being rebuilt \nand a new version of a package is published on the ftp server, all \nmd5 sums for the files are useless.` \n \n` 2) rpm package signatures provide an easy way to verify the authenticity \nof an rpm package. Use the command \nrpm -v --checksig <file.rpm> \nto verify the signature of the package, where <file.rpm> is the \nfilename of the rpm package that you have downloaded. Of course, \npackage authenticity verification can only target an un-installed rpm \npackage file. \nPrerequisites: \na) gpg is installed \nb) The package is signed using a certain key. The public part of this \nkey must be installed by the gpg program in the directory \n~/.gnupg/ under the user's home directory who performs the \nsignature verification (usually root). You can import the key \nthat is used by SUSE in rpm packages for SUSE Linux by saving \nthis announcement to a file (\"announcement.txt\") and \nrunning the command (do \"su -\" to be root): \ngpg --batch; gpg < announcement.txt | gpg --import \nSUSE Linux distributions version 7.1 and thereafter install the` \n` key \"build@suse.de\" upon installation or upgrade, provided that \nthe package gpg is installed. The file containing the public key \nis placed at the top-level directory of the first CD (pubring.gpg) \nand at <ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de> .` \n \n \n` - SUSE runs two security mailing lists to which any interested party may \nsubscribe:` \n \n` suse-security@suse.com \n- general/linux/SUSE security discussion. \nAll SUSE security announcements are sent to this list. \nTo subscribe, send an email to \n<suse-security-subscribe@suse.com>.` \n \n` suse-security-announce@suse.com \n- SUSE's announce-only mailing list. \nOnly SUSE's security announcements are sent to this list. \nTo subscribe, send an email to \n<suse-security-announce-subscribe@suse.com>.` \n \n` For general information or the frequently asked questions (faq) \nsend mail to: \n<suse-security-info@suse.com> or \n<suse-security-faq@suse.com> respectively.` \n \n` ===================================================================== \nSUSE's security contact is <security@suse.com> or <security@suse.de>. \nThe <security@suse.de> public key is listed below. \n===================================================================== \n______________________________________________________________________________` \n \n` The information in this advisory may be distributed or reproduced, \nprovided that the advisory is not modified in any way. In particular, \nit is desired that the clear-text signature shows proof of the \nauthenticity of the text. \nSUSE Linux AG makes no warranties of any kind whatsoever with respect \nto the information contained in this security advisory.` \n \n`Type Bits/KeyID Date User ID \npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de> \npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>` \n \n`- -----BEGIN PGP PUBLIC KEY BLOCK----- \nVersion: GnuPG v1.0.6 (GNU/Linux) \nComment: For info see <http://www.gnupg.org>` \n \n`mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff \n4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d \nM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO \nQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK \nXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE \nD3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd \nG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM \nCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE \nmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr \nYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD \nwmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d \nNfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe \nQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe \nLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t \nXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU \nD9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3` \n`0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot \n1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW \ncRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E \nExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f \nAJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E \nOe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/ \nHZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h \nt5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT \ntGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM \n523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q \n2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8 \nQnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw \nJxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ \n1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH \nORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1 \nwwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY` \n`EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol \n0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK \nCRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co \nSPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo \nomuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt \nA46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J \n/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE \nGrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf \nebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT \nZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8 \nRQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ \n8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb \nB6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X \n11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA \n8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj \nqY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p` \n`WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL \nhn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG \nBafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+ \nAvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi \nRZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0 \nzinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM \n/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7 \nwhaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl \nD+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz \ndbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI \nRgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI \nDgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE= \n=LRKC \n- -----END PGP PUBLIC KEY BLOCK-----` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.0.7 (GNU/Linux)` \n \n`iQEVAwUBP89p3ney5gA9JdPZAQEHywf7BVUbgRFR++QVCq2qt8930XR1OH0XbLkf \noUhKnhyC025asQHEe0mF9PYFXIz5s+vFwYWVP68qheAvmQic2HH4qotv29wdSIP7 \nEXb8ilGcdDGnaZLaFk6473O1TV2vT/JMYB3RGYnnsDV+PXCDrzc5vL29IUjlpaFA \nIC+B1Y5nhMCpIRQ5NBnWBx+u00QPS44mXLZmHHtaj+60rSuIjv2n63sNg1jhXczL \nlja5Y3hNOLzuLJyPv62n4LffGCPdXk9deMyxOfkl8RBfu+Q0PEJmKD18PQOyPRjE \n1hdMdBgwEz8BAbgr5YaNllKn1a09KV7TzlB+KbY02M8XTGnGd+MFUw== \n=mvKr \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### Slackware __ Affected\n\nUpdated: December 08, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1`\n\n`[slackware-security] rsync security update (SSA:2003-337-01)` \n \n`Rsync is a file transfer client and server.` \n \n`A security problem which may lead to unauthorized machine access \nor code execution has been fixed by upgrading to rsync-2.5.7. \nThis problem only affects machines running rsync in daemon mode, \nand is easier to exploit if the non-default option \"use chroot = no\" \nis used in the /etc/rsyncd.conf config file.` \n \n`Any sites running an rsync server should upgrade immediately.` \n \n`For complete information, see the rsync home page:` \n \n` <http://rsync.samba.org>` \n \n`Here are the details from the Slackware 9.1 ChangeLog: \n+--------------------------+ \nWed Dec 3 22:18:35 PST 2003 \npatches/packages/rsync-2.5.7-i486-1.tgz: Upgraded to rsync-2.5.7. \nFrom the rsync-2.5.7-NEWS file: \nSECURITY: \n* Fix buffer handling bugs. (Andrew Tridgell, Martin Pool, Paul \nRussell, Andrea Barisani) \nThe vulnerability affects sites running rsync in daemon mode (rsync \nservers). These sites should be upgraded immediately. \n(* Security fix *) \n+--------------------------+` \n \n \n`WHERE TO FIND THE NEW PACKAGE: \n+-----------------------------+` \n \n`Updated package for Slackware 8.1: \n<ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/rsync-2.5.7-i386-1.tgz>` \n \n`Updated package for Slackware 9.0: \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/rsync-2.5.7-i386-1.tgz>` \n \n`Updated package for Slackware 9.1: \n<ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/rsync-2.5.7-i486-1.tgz>` \n \n`Updated package for Slackware -current: \n<ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/rsync-2.5.7-i486-1.tgz>` \n \n \n`MD5 SIGNATURES: \n+-------------+` \n \n`Slackware 8.1 package: \n9adcdfaeca3022204bc1bef1d97802cf rsync-2.5.7-i386-1.tgz` \n \n`Slackware 9.0 package: \n12788c9af15174c683ada4c5e5746372 rsync-2.5.7-i386-1.tgz` \n \n`Slackware 9.1 package: \n38d40a65d526f92c41ff72afae74e546 rsync-2.5.7-i486-1.tgz` \n \n`Slackware -current package: \n3f68fa78c6d095da4269e27806596d48 rsync-2.5.7-i486-1.tgz` \n \n \n`INSTALLATION INSTRUCTIONS: \n+------------------------+` \n \n`If you're running rsync as a daemon, kill it:` \n \n`# killall rsync` \n \n`Then, upgrade the package:` \n \n`# upgradepkg rsync-2.5.7-i486-1.tgz` \n \n`Finally, restart the rsync daemon:` \n \n`# rsync --daemon` \n \n \n`+-----+` \n \n`Slackware Linux Security Team \n<http://slackware.com/gpg-key> \nsecurity@slackware.com` \n \n`+------------------------------------------------------------------------+ \n| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: | \n+------------------------------------------------------------------------+ \n| Send an email to majordomo@slackware.com with this text in the body of | \n| the email message: | \n| | \n| unsubscribe slackware-security | \n| | \n| You will get a confirmation message back. Follow the instructions to | \n| complete the unsubscription. Do not reply to this message to | \n| unsubscribe! | \n+------------------------------------------------------------------------+` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.3 (GNU/Linux)` \n \n`iD8DBQE/zuYUakRjwEAQIjMRAv8BAJ4mBp2BLFrk2Uw6qYbQyzZGWxDAhQCeK717 \nXvGEot5Waqq4pwafZ2dw3Lc= \n=ddu3 \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### Trustix Secure Linux __ Affected\n\nUpdated: December 08, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1`\n\n`- -------------------------------------------------------------------------- \nTrustix Secure Linux Security Advisory #2003-0048` \n \n`Package name: rsync \nSummary: remote code execution \nDate: 2003-12-04 \nAffected versions: TSL 1.2, 1.5, 2.0` \n \n`- -------------------------------------------------------------------------- \nPackage description: \nRsync uses a quick and reliable algorithm to very quickly bring \nremote and host files into sync. Rsync is fast because it just \nsends the differences in the files over the network (instead of \nsending the complete files). Rsync is often used as a very powerful \nmirroring process or just as a more capable replacement for the \nrcp command. A technical report which describes the rsync algorithm \nis included in this package.` \n \n`Problem description: \nAll versions of rsync prior to 2.5.7 contains a heap overflow that can \nbe used to exceute arbitary code from remote. \nThe Common Vulnerabilites and Exposures project (cve.mitre.org) has \nassigned the name CAN-2003-0962 to this issue.` \n \n`Action: \nWe recommend that all systems with this package installed be upgraded. \nPlease note that if you do not need the functionality provided by this \npackage, you may want to remove it from your system.` \n \n \n`Location: \nAll TSL updates are available from \n<URI:<http://http.trustix.org/pub/trustix/updates/>> \n<URI:<ftp://ftp.trustix.org/pub/trustix/updates/>>` \n \n \n`About Trustix Secure Linux: \nTrustix Secure Linux is a small Linux distribution for servers. With focus \non security and stability, the system is painlessly kept safe and up to \ndate from day one using swup, the automated software updater.` \n \n \n`Automatic updates: \nUsers of the SWUP tool can enjoy having updates automatically \ninstalled using 'swup --upgrade'.` \n \n \n`Public testing: \nThese packages have been available for public testing for some time. \nIf you want to contribute by testing the various packages in the \ntesting tree, please feel free to share your findings on the \ntsl-discuss mailinglist. \nThe testing tree is located at \n<URI:<http://tsldev.trustix.org/cloud/>>` \n \n` You may also use swup for public testing of updates: \n \nsite { \nclass = 0 \nlocation = \"<http://tsldev.trustix.org/cloud/rdfs/latest.rdf>\" \nregexp = \".*\" \n} \n` \n \n`Questions? \nCheck out our mailing lists: \n<URI:<http://www.trustix.org/support/>>` \n \n \n`Verification: \nThis advisory along with all TSL packages are signed with the TSL sign key. \nThis key is available from: \n<URI:<http://www.trustix.org/TSL-SIGN-KEY>>` \n \n` The advisory itself is available from the errata pages at \n<URI:<http://www.trustix.org/errata/trustix-1.2/>>, \n<URI:<http://www.trustix.org/errata/trustix-1.5/>> and \n<URI:<http://www.trustix.org/errata/trustix-2.0/>> \nor directly at \n<URI:<http://www.trustix.org/errata/misc/2003/TSL-2003-0048-rsync.asc.txt>>` \n \n \n`MD5sums of the packages: \n- -------------------------------------------------------------------------- \nff92f850103caec5566d3037005be1cc ./1.2/rpms/rsync-2.5.7-1tr.i586.rpm \nc96460c2df73f6f28e86676f0087eed7 ./1.2/srpms/rsync-2.5.7-1tr.src.rpm \n24f991051c4d7dc7287770a999c91cfe ./1.5/rpms/rsync-2.5.7-1tr.i586.rpm \nc96460c2df73f6f28e86676f0087eed7 ./1.5/srpms/rsync-2.5.7-1tr.src.rpm \nd74d3a08933b4d22439bc08cf435cec9 ./2.0/rpms/rsync-2.5.7-1tr.i586.rpm \n1547e73b44c4ee2df24f28b67a229666 ./2.0/rpms/rsync-server-2.5.7-1tr.i586.rpm \n406331367957dd7f9ddfe56dc8177580 ./2.0/srpms/rsync-2.5.7-1tr.src.rpm \n- --------------------------------------------------------------------------` \n \n \n`TSL Security Team` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.2 (GNU/Linux)` \n \n`iD8DBQE/zwVBi8CEzsK9IksRArM6AKCaystKuJ7umB1LFxzcZGHVMu2VWwCgmJ0L \nLWHTlBr0+2jA31dQuVUoOIk= \n=huAV \n-----END PGP SIGNATURE----- \n`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\n### TurboLinux __ Affected\n\nUpdated: December 08, 2003 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1`\n\n`This is an announcement only email list for the x86 architecture. \n============================================================ \nTurbolinux Security Announcement 06/Dec/2003 \n============================================================` \n \n`The following page contains the security information of Turbolinux Inc.` \n \n` - Turbolinux Security Center \n<http://www.turbolinux.com/security/>` \n \n` (1) glibc -> Multiple vulnerabilities in glibc \n(2) rsync -> Heap overflow` \n \n \n`=========================================================== \n* glibc -> Multiple vulnerabilities in glibc \n===========================================================` \n \n` More information : \nThe glibc package contains the standard C libraries used by applications.` \n \n` When a user is a member of a large number of groups,the getgrouplist function in \nglibc allows attackers to cause a denial of service (segmentation fault) \nand execute arbitrary code.` \n \n` Impact : \nThis may allow attackers to cause a denial of service or execute arbitrary code.` \n \n` Affected Products : \n- Turbolinux 8 Server \n- Turbolinux 8 Workstation \n- Turbolinux 7 Server \n- Turbolinux 7 Workstation` \n \n` Solution : \nPlease use turbopkg(zabom) tool to apply the update. \n--------------------------------------------- \n# turbopkg \nor \n# zabom update glibc glibc-devel glibc-profile mtrace nscd \n---------------------------------------------` \n \n \n` <Turbolinux 8 Server>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/glibc-2.2.5-17.src.rpm> \n15681872 c5f6718068cad57d328e9cbb99cfc5c2` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/glibc-2.2.5-17.i586.rpm> \n10948308 e978c66d70ed23c1d37f3cf58fa1d7dd \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/glibc-devel-2.2.5-17.i586.rpm> \n3087284 027379201c146b8652691fa5fb407fb8 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/glibc-profile-2.2.5-17.i586.rpm> \n793319 2b825226d3e4628c4fc5a13d028dc42f \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/mtrace-2.2.5-17.i586.rpm> \n26289 3b7e3b3ee9fdad443214abc22ff011a3 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/nscd-2.2.5-17.i586.rpm> \n33180 2811c092ec2fed1a278f29d6f5393122` \n \n` <Turbolinux 8 Workstation>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/glibc-2.2.5-17.src.rpm> \n15681872 0ae07774f7aed8ddceda091ad1aa59eb` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/glibc-2.2.5-17.i586.rpm> \n10943475 e3ae6e493dae31c06d04de1e5ef24a5b \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/glibc-devel-2.2.5-17.i586.rpm> \n3088889 7bdde2a4805a408ec20b5b6c983c20b7 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/glibc-profile-2.2.5-17.i586.rpm> \n793449 8eb226d87491ab3d2b22e50a978900be \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/mtrace-2.2.5-17.i586.rpm> \n26291 d9d5ee64fff9b612203b7b6629d95022 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/nscd-2.2.5-17.i586.rpm> \n33125 5f91d450345639e2f4629005305d401d` \n \n` <Turbolinux 7 Server>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/glibc-2.2.4-13.src.rpm> \n13582169 668c9eb6ddb16b219cbe155edf9a6ca1` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/glibc-2.2.4-13.i586.rpm> \n11310068 ebd5c4c08b7e50bafbd79b57801cccdd \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/glibc-devel-2.2.4-13.i586.rpm> \n6293426 b0b9308e04c0314f4130617e89f60017 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/glibc-profile-2.2.4-13.i586.rpm> \n4125526 818098cc38a84b39204504e36bc79761 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/mtrace-2.2.4-13.i586.rpm> \n15377 4de531b6fda1b23c28d91477eb8f4124 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/nscd-2.2.4-13.i586.rpm> \n31236 d5fbda6a59e9fc074a3df3ac378907b2` \n \n` <Turbolinux 7 Workstation>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/glibc-2.2.4-13.src.rpm> \n13582169 b0e8e76f424bd3bd2cd2a94dd37d0dcd` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/glibc-2.2.4-13.i586.rpm> \n11308991 b5f5f6887dc9a8aaa4e118c6c8ff22e6 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/glibc-devel-2.2.4-13.i586.rpm> \n6292725 b4e5f9a07c55ff55845a2aa4dbfd5a7f \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/glibc-profile-2.2.4-13.i586.rpm> \n4125536 32c7053ca33d15f10c655b3e1262a769 \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/mtrace-2.2.4-13.i586.rpm> \n15385 5d042786c08b9336fe73fe4c7c69367b \n<ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/nscd-2.2.4-13.i586.rpm> \n31243 fae888249da3141a18336aa8a5f6da60` \n \n \n` References :` \n \n` CVE \n[CAN-2003-0689] \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0689> \n[CAN-2003-0859] \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0859>` \n \n \n`=========================================================== \n* rsync -> Heap overflow \n===========================================================` \n \n`More information : \nrsync uses the \"rsync algorithm\" which provides a very fast method for \nbringing remote files into sync. It does this by sending just the \ndifferences in the files across the link, without requiring that both \nsets of files are present at one of the ends of the link beforehand. \nRsync version 2.5.6 and earlier contains a heap overflow vulnerability \nthat can be used to remotely run arbitrary code.` \n \n` Please note that this vulnerability only affects the use of rsync as a \"rsync server\". ` \n \n` Impact : \nThis vulnerability may allow remote third party to gain the root privileges.` \n \n` Affected Products : \n- Turbolinux 10 Desktop \n- Turbolinux 8 Server \n- Turbolinux 8 Workstation \n- Turbolinux 7 Server \n- Turbolinux 7 Workstation \n- Turbolinux Server 6.5 \n- Turbolinux Advanced Server 6 \n- Turbolinux Server 6.1 \n- Turbolinux Workstation 6.0` \n \n` Solution : \nPlease use turbopkg(zabom) tool to apply the update. \n--------------------------------------------- \n# turbopkg \nor \nzabom-1.x \n# zabom update rsync \nzabom-2.x \n# zabom -u rsync \n---------------------------------------------` \n \n \n` <Turbolinux 10 Desktop>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 499768bcd5851f5dede0a9aaed9f67fd` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/rsync-2.5.7-1.i586.rpm> \n142068 fba3ab5d577b7eab1818c3d41e6ce13d` \n \n` <Turbolinux 8 Server>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 d4c79a6aba4e8a7b17d8940d6b6e1f87` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/rsync-2.5.7-1.i586.rpm> \n140316 10b89f1b0c3db89ee56dc9b735b4effa` \n \n` <Turbolinux 8 Workstation>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 5b521abb17456fadded17f054bd9a5b4` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/rsync-2.5.7-1.i586.rpm> \n140308 6c9f1e54680ea18d6c885fb1bfe8d924` \n \n` <Turbolinux 7 Server>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 da512bcc0862905542870ede94d4518c` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/rsync-2.5.7-1.i586.rpm> \n136728 fe9fd94d15842c3e6344811501329205` \n \n` <Turbolinux 7 Workstation>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 e7e10e4efe32ed6d0308c332b11df197` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/rsync-2.5.7-1.i586.rpm> \n136761 10f48e8a8ffa4fe9318f277767ad03ed` \n \n` <Turbolinux Server 6.5>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 83ded0d90cde0b0a5e1376e468faaa42` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/updates/RPMS/rsync-2.5.7-1.i386.rpm> \n136619 b8186c802c41974daf566bc01fbd9e9b` \n \n` <Turbolinux Advanced Server 6>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 c0bd7ffb38fff1d788ae7056915acb28` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer/6/ja/updates/RPMS/rsync-2.5.7-1.i386.rpm> \n136611 f6fb180f6652671a6f2627065d2c40cd` \n \n` <Turbolinux Server 6.1>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 80d975cc6e84edb7da14d8566e4b7fe0` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/updates/RPMS/rsync-2.5.7-1.i386.rpm> \n136599 70d6d5c3e4a227803ea48a2be5af324b` \n \n` <Turbolinux Workstation 6.0>` \n \n` Source Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/SRPMS/rsync-2.5.7-1.src.rpm> \n454497 081ea78c2a4f089c452fe0a5094b68fa` \n \n` Binary Packages \nSize : MD5` \n \n` <ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6.0/ja/updates/RPMS/rsync-2.5.7-1.i386.rpm> \n136607 519b6825e9f917487a8c884b5b1a9006` \n \n \n` References :` \n \n` rsync \n<http://rsync.samba.org/>` \n \n` CVE \n[CAN-2003-0962] \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0962>` \n \n \n` * You may need to update the turbopkg tool before applying the update. \nPlease refer to the following URL for detailed information.` \n \n` <http://www.turbolinux.com/download/zabom.html> \n<http://www.turbolinux.com/download/zabomupdate.html>` \n \n`Package Update Path \n<http://www.turbolinux.com/update>` \n \n`============================================================ \n* To obtain the public key` \n \n`Here is the public key` \n \n` <http://www.turbolinux.com/security/>` \n \n` * To unsubscribe from the list` \n \n`If you ever want to remove yourself from this mailing list, \nyou can send a message to <server-users-e-ctl@turbolinux.co.jp> with \nthe word `unsubscribe' in the body (don't include the quotes).` \n \n`unsubscribe` \n \n` * To change your email address` \n \n`If you ever want to chage email address in this mailing list, \nyou can send a message to <server-users-e-ctl@turbolinux.co.jp> with \nthe following command in the message body:` \n \n` chaddr 'old address' 'new address'` \n \n`If you have any questions or problems, please contact \n<supp_info@turbolinux.co.jp>` \n \n`Thank you!` \n \n`-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.2.3 (GNU/Linux)` \n \n`iD8DBQE/0M/DK0LzjOqIJMwRAr7wAJ9uc2XNZGeh6lqS+pKIlIjmjCsLaQCePJvs \nuZ4pje67NlW5ogxnIjemsmk= \n=ZogU \n-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe CERT/CC has no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23325603 Feedback>).\n\nView all 15 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- \nTemporal | 0 | E:ND/RL:ND/RC:ND \nEnvironmental | 0 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://www.mail-archive.com/rsync@lists.samba.org/msg08271.html>\n * <http://www.secunia.com/advisories/10353/>\n * <http://www.secunia.com/advisories/10354/>\n * <http://www.secunia.com/advisories/10355/>\n * <http://www.secunia.com/advisories/10356/>\n * <http://www.secunia.com/advisories/10357/>\n * <http://www.secunia.com/advisories/10358/>\n * <http://www.secunia.com/advisories/10359/>\n * <http://www.secunia.com/advisories/10360/>\n * <http://www.secunia.com/advisories/10361/>\n * <http://www.secunia.com/advisories/10362/>\n * <http://www.secunia.com/advisories/10363/>\n * <http://www.secunia.com/advisories/10364/>\n * <http://www.secunia.com/advisories/10378/>\n * <http://www.secunia.com/advisories/10474/>\n\n### Acknowledgements\n\nTimo Sirainen originally discovered and reported this vulnerability. The rsync development team credits Mike Warfield, Paul Russell, and Andrea Barisani with providing additional information that led to the development of a fix and advisory.\n\nThis document was written by Chad R Dougherty.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2003-0962](<http://web.nvd.nist.gov/vuln/detail/CVE-2003-0962>) \n---|--- \n**Severity Metric:** | 29.40 \n**Date Public:** | 2003-10-03 \n**Date First Published:** | 2003-12-09 \n**Date Last Updated: ** | 2006-05-01 19:33 UTC \n**Document Revision: ** | 29 \n", "modified": "2006-05-01T19:33:00", "published": "2003-12-09T00:00:00", "id": "VU:325603", "href": "https://www.kb.cert.org/vuls/id/325603", "type": "cert", "title": "Integer overflow vulnerability in rsync", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:39:55", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0459", "CVE-2003-0914", "CVE-2003-0692", "CVE-2003-0690"], "description": "To resolve IP addresses to host and domain names and vice versa the DNS service needs to be consulted. The most popular DNS software is the BIND8 and BIND9 suite. The BIND8 code is vulnerable to a remote denial-of-service attack by poisoning the cache with authoritative negative responses that should not be accepted otherwise. To execute this attack a name-server needs to be under malicious control and the victim's bind8 has to query this name-server. The attacker can set a high TTL value to keep his negative record as long as possible in the cache of the victim. For this time the clients of the attacked site that rely on the bind8 service will not be able to reach the domain specified in the negative record. These records should disappear after the time-interval (TTL) elapsed.", "edition": 1, "modified": "2003-11-28T14:58:12", "published": "2003-11-28T14:58:12", "id": "SUSE-SA:2003:047", "href": "http://lists.opensuse.org/opensuse-security-announce/2003-11/msg00005.html", "title": "cache poisoning/denial-of-service in bind8", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:20:17", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0459", "CVE-2003-0692", "CVE-2003-0690", "CVE-2003-0962"], "description": "The rsync suite provides client and server tools to easily support an administrator keeping the files of different machines in sync. In most private networks the rsync client tool is used via SSH to fulfill his tasks. In an open environment rsync is run in server mode accepting connections from many untrusted hosts with, but mostly without, authentication. The rsync server drops its root privileges soon after it was started and per default creates a chroot environment. Due to insufficient integer/bounds checking in the server code a heap overflow can be triggered remotely to execute arbitrary code. This code does not get executed as root and access is limited to the chroot environment. The chroot environment maybe broken afterwards by abusing further holes in system software or holes in the chroot setup.", "edition": 1, "modified": "2003-12-04T17:18:15", "published": "2003-12-04T17:18:15", "id": "SUSE-SA:2003:050", "href": "http://lists.opensuse.org/opensuse-security-announce/2003-12/msg00007.html", "type": "suse", "title": "local privilege escalation in rsync", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:23:11", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0459", "CVE-2003-0692", "CVE-2003-0886", "CVE-2003-0690"], "description": "Hylafax is an Open Source fax server which allows sharing of fax equipment among computers by offering its service to clients by a protocol similar to FTP. The SuSE Security Team found a format bug condition during a code review of the hfaxd server. It allows remote attackers to execute arbitrary code as root. However, the bug can not be triggered in hylafax' default configuration.", "edition": 1, "modified": "2003-11-10T14:45:25", "published": "2003-11-10T14:45:25", "id": "SUSE-SA:2003:045", "href": "http://lists.opensuse.org/opensuse-security-announce/2003-11/msg00003.html", "title": "remote code execution in hylafax", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:49:45", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0459", "CVE-2003-0961", "CVE-2003-0984", "CVE-2003-1040", "CVE-2003-0692", "CVE-2003-0690"], "description": "This security update fixes a serious vulnerability in the Linux kernel. A missing bounds check in the brk() system call allowed processes to request memory beyond the maximum size allowed for tasks, causing kernel memory to be mapped into the process' address space. This allowed local attackers to obtain super user privileges.", "edition": 1, "modified": "2003-12-04T15:40:06", "published": "2003-12-04T15:40:06", "id": "SUSE-SA:2003:049", "href": "http://lists.opensuse.org/opensuse-security-announce/2003-12/msg00006.html", "title": "local root exploit in Linux Kernel", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:43:03", "bulletinFamily": "unix", "cvelist": ["CVE-2002-1562", "CVE-2003-0459", "CVE-2003-0899", "CVE-2003-0692", "CVE-2003-0850", "CVE-2003-0690"], "description": "Two vulnerabilities were found in the \"tiny\" web-server thttpd. The first bug is a buffer overflow that can be exploited remotely to overwrite the EBP register of the stack. Due to memory-alignment of the stack done by gcc 3.x this bug can not be exploited. All thttpd versions mentioned in this advisory are compiled with gcc 3.x and are therefore not exploitable. The other bug occurs in the virtual-hosting code of thttpd. A remote attacker can bypass the virtual-hosting mechanism to read arbitrary files.", "edition": 1, "modified": "2003-10-31T12:38:13", "published": "2003-10-31T12:38:13", "id": "SUSE-SA:2003:044", "href": "http://lists.opensuse.org/opensuse-security-announce/2003-10/msg00009.html", "type": "suse", "title": "remote privilege escalation/ in thttpd", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:22:57", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0774", "CVE-2003-0459", "CVE-2003-0778", "CVE-2003-0776", "CVE-2003-0692", "CVE-2003-0773", "CVE-2003-0775", "CVE-2003-0777", "CVE-2003-0690"], "description": "The sane (Scanner Access Now Easy) package provides access to scanners either locally or remotely over the network.", "edition": 1, "modified": "2003-11-18T15:32:43", "published": "2003-11-18T15:32:43", "id": "SUSE-SA:2003:046", "href": "http://lists.opensuse.org/opensuse-security-announce/2003-11/msg00004.html", "type": "suse", "title": "remote denial-of-service in sane", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}