[eddie5659]

Hiya

Thought I'd start these again. Just a few for now, but March will be the real start

mtools mformat utility creates files with insecure permissions

Description:

mtools is a freely available set of utilities that allows users to access MS-DOS files for Unix and Linux-based platforms. The mformat utility in mtools versions prior to 3.9.9 creates any file with Read/Execute permissions, if the utility is installed suid root. A local attacker could use this vulnerability to view files and obtain sensitive information.

Platforms Affected:

David Niemi and Alain Knaff mtools prior to 3.9.9
MandrakeSoft, Inc. Mandrake Linux 9.2
Remedy:

Upgrade to the latest version of mtools (3.9.9 or later), available from the mtools Web site. See References.

For Mandrake Linux 9.2:
Upgrade to the latest mtools package (3.9.9-2.1.92mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2004:016 : mtools. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Obtain Information

http://www.mandrakesecure.net/en/adv...MDKSA-2004:016

Regards

eddie

[eddie5659]

Hiya

Calife long password buffer overflow

Calife is freely available program that allows certain users, usually system administrators, to obtain super user privileges for Linux-based operating systems. Calife versions 2.8.4 and 2.8.5 are vulnerable to a buffer overflow, caused by improper bounds checking. By supplying a long password, a local attacker could overflow a buffer and cause a segmentation fault or possibly execute arbitrary code on the system.

Platforms Affected:

Calife Calife 2.8.4
Calife Calife 2.8.5
kernel.org Linux Any version
Remedy:

Upgrade to the latest version of Calife (2.8.6 or later), when it becomes available from the Calife Web page. See References.

Consequences:

Gain Privileges

http://xforce.iss.net/xforce/xfdb/15335

Regards

eddie