[eddie5659]

Hiya

The file command is vulnerable to a buffer overflow when given
a maliciously crafted binary to examine.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to file-3.28-8.i386.rpm

OpenLinux 3.1.1 Workstation prior to file-3.28-8.i386.rpm

OpenLinux 3.1 Server prior to file-3.28-8.i386.rpm

OpenLinux 3.1 Workstation prior to file-3.28-8.i386.rpm


http://www.linuxsecurity.com/advisor...sory-3241.html

Allowing TCP packets with both the SYN and FIN bits set
significantly improve an attacker's chances of circumventing
a firewall.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to tcp_sec-1.0-1.i386.rpm
OpenLinux 3.1.1 Workstation prior to tcp_sec-1.0-1.i386.rpm


http://www.linuxsecurity.com/advisor...sory-3242.html

Snort is an Open Source Network Intrusion Detection System (NIDS).

Core Security has discovered[1] a remotely exploitable integer
overflow vulnerability in Snort. It resides in the stream4
preprocessor, which is responsible for normalizing TCP traffic before
its analysis by the rules processor.

A remote attacker able to insert specially crafted TCP traffic in the
network being monitored by snort may crash the sensor or execute
arbitrary code in its context, which is run by the root user.

The Common Vulnerabilities and Exposures (CVE) project has assigned
the name CAN-2003-0209 to this issue[2].

Since the stream4 preprocessor is present only in snort versions >=
1.8, users of Conectiva Linux versions 6.0 and 7.0 are not vulnerable
to this attack.

Additionally, a preventive fix for a possible problem with the use of
the memcpy() function in the frag2 preprocessor code was added[3].

IMPORTANT: Please note that this update includes snort 1.9.1. The
snort version originally distributed with Conectiva Linux 8 was
1.8.4b1 (already updated to 1.9.1 in the last snort security[4]
announcement). Since several components have changed in snort 1.9.1,
the old snort.conf file and the alerts database need some small
changes in order to work with this new version. Instructions about
how to smoothly upgrade from 1.8.4b1 are available in the package
documentation and in our last snort security announcement[4],
released on 04/04/2003.


SOLUTION
All snort users should upgrade.

http://www.linuxsecurity.com/advisor...sory-3243.html

The gtop daemon, used for monitoring remote machines, contains a
buffer overflow which could be used by an attacker to execute
arbitrary code with the privileges of the daemon process. If started
as root, the daemon process drops root privileges, assuming uid and
gid 99 by default.

This bug was previously fixed in DSA-098, but one of the patches was
not carried over to later versions of libgtop.

For the stable distribution (woody), this problem has been fixed in
version 1.0.13-3.1.

For the old stable distribution (potato), this problem was fixed in
DSA-098.

For the unstable distribution (sid), this problem has been fixed in
version 1.0.13-4.

We recommend that you update your libgtop package.

http://www.linuxsecurity.com/advisor...sory-3244.html

Joey Hess discovered that fuzz, a software stress-testing tool,
creates a temporary file without taking appropriate security
precautions. This bug could allow an attacker to gain the privileges
of the user invoking fuzz, excluding root (fuzz does not allow itself
to be invoked as root).

For the stable distribution (woody) this problem has been fixed in
version 0.6-6woody1.

The old stable distribution (potato) does not contain a fuzz package.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you update your fuzz package.

http://www.linuxsecurity.com/advisor...sory-3245.html

"slocate"[1] is a program which catalogues existing files and allows
for a quick lookup later.

It has been reported[2] that slocate contains a buffer overflow
vulnerability which could be used by a local attacker to obtain the
privileges of the slocate user.

With these privileges, the attacker could read and alter the slocate
database, insert false data or find out paths to files which he/she
would otherwise not know due to filesystem restrictions.

The author released version 2.7 which is not vulnerable to this
issue.


SOLUTION
It is recommended that all slocate users upgrade their packages.


http://www.linuxsecurity.com/advisor...sory-3246.html

A vulnerability was discovered in versions of kopete, a KDE instant
messenger client, prior to 0.6.2. This vulnerabiliy is in the GnuPG
plugin that allows for users to send each other GPG-encrypted instant
messages. The plugin passes encrypted messages to gpg, but does no
checking to sanitize the commandline passed to gpg. This can allow
remote users to execute arbitrary code, with the permissions of the
user running kopete, on the local system.



http://www.linuxsecurity.com/advisor...sory-3247.html

Regards

eddie