- Joined
- Mar 19, 2001
- Messages
- 37,298
Hiya
Florian Lohoff discovered a bug in the dhcrelay causing it to send a
continuing packet storm towards the configured DHCP server(s) in case
of a malicious BOOTP packet, such as sent from buggy Cisco switches.
When the dhcp-relay receives a BOOTP request it forwards the request
to the DHCP server using the broadcast MAC address ff:ff:ff:ff:ff:ff
which causes the network interface to reflect the packet back into the
socket. To prevent loops the dhcrelay checks whether the
relay-address is its own, in which case the packet would be dropped.
In combination with a missing upper boundary for the hop counter an
attacker can force the dhcp-relay to send a continuing packet storm
towards the configured dhcp server(s).
This patch introduces a new commandline switch ``-c maxcount'' and
people are advised to start the dhcp-relay with ``dhcrelay -c 10''
or a smaller number, which will only create that many packets.
The dhcrelay program from the ``dhcp'' package does not seem to be
affected since DHCP packets are dropped if they were apparently
relayed already.
For the stable distribution (woody) this problem has been fixed in
version 3.0+3.0.1rc9-2.2.
The old stable distribution (potato) does not contain dhcp3 packages.
For the unstable distribution (sid) this problem has been fixed in
version 1.1.2-1.
We recommend that you upgrade your dhcp3 package when you are using
the dhcrelay server.
http://www.linuxsecurity.com/advisories/debian_advisory-2820.html
Multiple vulnerabilities have been found in MIT Kerberos 5 releases
prior to release 1.2.5. MIT recommends updating to 1.2.7 if possible.
http://www.linuxsecurity.com/advisories/other_advisory-2821.html
Vincent Danen of Mandrake Linux noticed that according to the change
log [0] for MySQL release 3.23.55 [1] a vulnerbility has been fixed
where a double-free pointer bug in mysql_change_user() handling
enabled a specially hacked version of MySQL client to crash mysqld.
The vendor states that one needs to successfully login to the server
by using a valid user account to be able to exploit this bug.
Please check whether you are affected by running "/bin/rpm -q
mysql". If you have the "mysql" package installed and its version is
affected (see above), we recommend that you immediately upgrade it
http://www.linuxsecurity.com/advisories/other_advisory-2822.html
The developers of tomcat discovered several problems in tomcat version
3.x. The Common Vulnerabilities and Exposures project identifies the
following problems:
. CAN-2003-0042: A maliciously crafted request could return a
directory listing even when an index.html, index.jsp, or other
welcome file is present. File contents can be returned as well.
. CAN-2003-0043: A malicious web application could read the contents
of some files outside the web application via its web.xml file in
spite of the presence of a security manager. The content of files
that can be read as part of an XML document would be accessible.
. CAN-2003-0044: A cross-site scripting vulnerability was discovered
in the included sample web application that allows remote attackers
to execute arbitrary script code.
For the stable distribution (woody) this problem has been fixed in
version 3.3a-4.1.
The old stable distribution (potato) does not contain tomcat packages.
For the unstable distribution (sid) this problem has been fixed in
version 3.3.1a-1.
We recommend that you upgrade your tomcat package.
http://www.linuxsecurity.com/advisories/debian_advisory-2823.html
The developers of courier, an integrated user side mail server,
discovered a problem in the PostgreSQL auth module. Not all
potentially malicious characters were sanitized before the username
was passed to the PostgreSQL engine. An attacker could inject
arbitrary SQL commands and queries exploiting this vulnerability. The
MySQL auth module is not affected.
For the stable distribution (woody) this problem has been fixed in
version 0.37.3-3.3.
The old stable distribution (potato) does not contain courier packages.
For the unstable distribution (sid) this problem has been fixed in
version 0.40.2-3.
We recommend that you upgrade your courier-authpostgresql package.
http://www.linuxsecurity.com/advisories/debian_advisory-2824.html
Kerberos is a network authentication system.
A problem has been found in the Kerberos ftp client. When retrieving a
file with a filename beginning with a pipe character, the ftp client will
pass the filename to the command shell in a system() call. This could
allow a malicious ftp server to write to files outside of the current
directory or execute commands as the user running the ftp client.
The Kerberos ftp client runs as the default ftp client when the Kerberos
package krb5-workstation is installed on a Red Hat Linux distribution.
All users of Kerberos are advised to upgrade to these errata packages which
contain a backported patch and are not vulnerable to this issue.
http://www.linuxsecurity.com/advisories/redhat_advisory-2825.html
Double-free vulnerabiity in CVS allows remote attackers to cause
a denial of service and possibly execute arbitrary code via a
malformed Directory request.
http://www.linuxsecurity.com/advisories/caldera_advisory-2826.html
Regards
eddie
Florian Lohoff discovered a bug in the dhcrelay causing it to send a
continuing packet storm towards the configured DHCP server(s) in case
of a malicious BOOTP packet, such as sent from buggy Cisco switches.
When the dhcp-relay receives a BOOTP request it forwards the request
to the DHCP server using the broadcast MAC address ff:ff:ff:ff:ff:ff
which causes the network interface to reflect the packet back into the
socket. To prevent loops the dhcrelay checks whether the
relay-address is its own, in which case the packet would be dropped.
In combination with a missing upper boundary for the hop counter an
attacker can force the dhcp-relay to send a continuing packet storm
towards the configured dhcp server(s).
This patch introduces a new commandline switch ``-c maxcount'' and
people are advised to start the dhcp-relay with ``dhcrelay -c 10''
or a smaller number, which will only create that many packets.
The dhcrelay program from the ``dhcp'' package does not seem to be
affected since DHCP packets are dropped if they were apparently
relayed already.
For the stable distribution (woody) this problem has been fixed in
version 3.0+3.0.1rc9-2.2.
The old stable distribution (potato) does not contain dhcp3 packages.
For the unstable distribution (sid) this problem has been fixed in
version 1.1.2-1.
We recommend that you upgrade your dhcp3 package when you are using
the dhcrelay server.
http://www.linuxsecurity.com/advisories/debian_advisory-2820.html
Multiple vulnerabilities have been found in MIT Kerberos 5 releases
prior to release 1.2.5. MIT recommends updating to 1.2.7 if possible.
http://www.linuxsecurity.com/advisories/other_advisory-2821.html
Vincent Danen of Mandrake Linux noticed that according to the change
log [0] for MySQL release 3.23.55 [1] a vulnerbility has been fixed
where a double-free pointer bug in mysql_change_user() handling
enabled a specially hacked version of MySQL client to crash mysqld.
The vendor states that one needs to successfully login to the server
by using a valid user account to be able to exploit this bug.
Please check whether you are affected by running "/bin/rpm -q
mysql". If you have the "mysql" package installed and its version is
affected (see above), we recommend that you immediately upgrade it
http://www.linuxsecurity.com/advisories/other_advisory-2822.html
The developers of tomcat discovered several problems in tomcat version
3.x. The Common Vulnerabilities and Exposures project identifies the
following problems:
. CAN-2003-0042: A maliciously crafted request could return a
directory listing even when an index.html, index.jsp, or other
welcome file is present. File contents can be returned as well.
. CAN-2003-0043: A malicious web application could read the contents
of some files outside the web application via its web.xml file in
spite of the presence of a security manager. The content of files
that can be read as part of an XML document would be accessible.
. CAN-2003-0044: A cross-site scripting vulnerability was discovered
in the included sample web application that allows remote attackers
to execute arbitrary script code.
For the stable distribution (woody) this problem has been fixed in
version 3.3a-4.1.
The old stable distribution (potato) does not contain tomcat packages.
For the unstable distribution (sid) this problem has been fixed in
version 3.3.1a-1.
We recommend that you upgrade your tomcat package.
http://www.linuxsecurity.com/advisories/debian_advisory-2823.html
The developers of courier, an integrated user side mail server,
discovered a problem in the PostgreSQL auth module. Not all
potentially malicious characters were sanitized before the username
was passed to the PostgreSQL engine. An attacker could inject
arbitrary SQL commands and queries exploiting this vulnerability. The
MySQL auth module is not affected.
For the stable distribution (woody) this problem has been fixed in
version 0.37.3-3.3.
The old stable distribution (potato) does not contain courier packages.
For the unstable distribution (sid) this problem has been fixed in
version 0.40.2-3.
We recommend that you upgrade your courier-authpostgresql package.
http://www.linuxsecurity.com/advisories/debian_advisory-2824.html
Kerberos is a network authentication system.
A problem has been found in the Kerberos ftp client. When retrieving a
file with a filename beginning with a pipe character, the ftp client will
pass the filename to the command shell in a system() call. This could
allow a malicious ftp server to write to files outside of the current
directory or execute commands as the user running the ftp client.
The Kerberos ftp client runs as the default ftp client when the Kerberos
package krb5-workstation is installed on a Red Hat Linux distribution.
All users of Kerberos are advised to upgrade to these errata packages which
contain a backported patch and are not vulnerable to this issue.
http://www.linuxsecurity.com/advisories/redhat_advisory-2825.html
Double-free vulnerabiity in CVS allows remote attackers to cause
a denial of service and possibly execute arbitrary code via a
malformed Directory request.
http://www.linuxsecurity.com/advisories/caldera_advisory-2826.html
Regards
eddie