CVS: possible root compromise when using CVS pserver

Background CVS, which stands for Concurrent Versions System, is a client/server application which tracks changes to sets of files. It allows multiple users to work concurrently on files, and then merge their changes back into the main tree which can be on a remote system. It also allows branching...

XChat: malformed dcc send request denial of service

Background XChat is a multiplatform IRC client. Description There is a remotely exploitable bug in XChat 2.0.6 that could lead to a denial of service attack. Gentoo wishes to thank lloydbates for discovering this bug, as well as jcdutton and rac for submitting patches to fix the bug. Impact A...

Two buffer overflows in lftp

Background lftp is a multithreaded command-line based FTP client. It allows you to execute multiple commands simultaneously or in the background. If features mirroring capabilities, resuming downloads, etc. Description Two buffer overflows exist in lftp. Both can occur when the user connects to a...

GnuPG: ElGamal signing keys compromised and format string vulnerability

Background GnuPG is a popular open source signing and encryption tool. Description Two flaws have been found in GnuPG 1.2.3. First, ElGamal signing keys can be compromised. These keys are not commonly used, but this is "a significant security failure which can lead to a compromise of almost all...

CVS: malformed module request vulnerability

Background CVS, which stands for Concurrent Versions System, is a client/server application which tracks changes to sets of files. It allows multiple users to work concurrently on files, and then merge their changes back into the main tree which can be on a remote system. It also allows branching...

rsync: exploitable heap overflow

Background rsync is a popular file transfer package used to synchronize the Portage tree. Description Rsync version 2.5.6 contains a vulnerability that can be used to run arbitrary code. The Gentoo infrastructure team has some reasonably good forensic evidence that this exploit may have been used...

FreeRADIUS: heap exploit and NULL pointer dereference vulnerability

Background FreeRADIUS is a popular open source RADIUS server. Description FreeRADIUS versions below 0.9.3 are vulnerable to a heap exploit, however, the attack code must be in the form of a valid RADIUS packet which limits the possible exploits. Also corrected in the 0.9.3 release is another...

Ethereal: security problems in ethereal 0.9.15

Background Ethereal is a popular network protocol analyzer. Description Ethereal contains buffer overflow vulnerabilities in the GTP, ISAKMP, and MEGACO protocol dissectors, and a heap overflow vulnerability in the SOCKS protocol dissector, which could cause Ethereal to crash or to execute...

phpSysInfo: arbitrary code execution and directory traversal

Background phpSysInfo is a PHP system information tool. Description phpSysInfo contains two vulnerabilities which could allow local files to be read or arbitrary PHP code to be executed, under the privileges of the web server process. Impact An attacker could read local files or execute arbitrary...

Libnids: remote code execution vulnerability

Background Libnids is a component of a network intrusion detection system. Description There is a bug in the part of libnids code responsible for TCP reassembly. The flaw probably allows remote code execution. Impact A remote attacker could possibly execute arbitrary code. Workaround There is no...

glibc: getgrouplist buffer overflow vulnerability

Background glibc is the GNU C library. Description A bug in the getgrouplist function can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segmentation faults in user applications. This vulnerability exists only when an...

Opera: buffer overflows in 7.11 and 7.20

Background Opera is a multi-platform web browser. Description The Opera browser can cause a buffer allocated on the heap to overflow under certain HREFs when rendering HTML. The mail system is also deemed vulnerable and an attacker can send an email containing a malformed HREF, or plant the...

kdebase: KDM vulnerabilities

Background KDM is the desktop manager included with the K Desktop Environment. Description Firstly, versions of KDM =kde-base/kde-3.1.4' emerge '=kde-base/kde-3.1.4' emerge clean...

HylaFAX: Remote code exploit in hylafax

Background HylaFAX is a popular client-server fax package. Description During a code review of the hfaxd server, the SuSE Security Team discovered a format bug condition that allows a remote attacker to execute arbitrary code as the root user. However, the bug cannot be triggered in the default...

Apache: buffer overflows and a possible information disclosure

Background The Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple stack-based buffer overflows in modalias and modrewrite allow attackers who can create or edit configuration files including .htaccess files, to cause a denial of service and execute...

Apache: multiple buffer overflows

Background The Apache HTTP Server is one of the most popular web servers on the Internet. Description Multiple stack-based buffer overflows in modalias and modrewrite allow attackers who can create or edit configuration files including .htaccess files, to cause a denial of service and execute...