<< Previous Next >>
Red Hat
"ChangeLog" and we shall, for the 4.73 release, explicitly detail
what changes in behaviour may cause issues.
We'd like to thank Eugene Bujak for noticing and patching the
problem originally and Sergey Kononenko for reporting the active
exploit. Thanks are due to Intel, UC Berkeley, Red Hat and Astaro
AG for their work to identify the problem exploited and their work
on fixes for 4.73.
This is an update to the earlier notification [3] sent to the
exim-dev list.
*
* In the interest of public safety, this exploit was specifically designed to
* be limited:
*
* * The particular symbols I resolve are not exported on Slackware or Debian
* * Red Hat does not support Econet by default
* * CVE-2010-3849 and CVE-2010-3850 have both been patched by Ubuntu and
* Debian
*
* However, the important issue, CVE-2010-4258, affects everyone, and it would
* be trivial to find an unpatched DoS under KERNEL_DS and write a slightly
A patch has been released that resolves these issues (attached to this
advisory). ncpfs-2.2.6.partial.patch is intended for ncpfs releases that have
already been patched against the first vulnerability in this report
(CVE-2010-0788, formerly CVE-2009-3297). It has been tested against the latest
ncpfs packages distributed by Fedora, Red Hat, and Mandriva.
ncpfs-2.2.6.full.patch is intended for ncpfs releases that have not been
patched against any of these vulnerabilities. It has been tested against the
latest ncpfs packages distributed by Debian, Ubuntu, and the upstream release
(ftp://platan.vc.cvut.cz/pub/linux/ncpfs/).
crash or possibly execute arbitrary code (CVE-2008-3529).
The updated packages have been patched to prevent this issue.
As well, the patch to fix CVE-2008-3281 has been updated to remove
the hard-coded entity limit that was set to 5M, instead using XML
entity density heuristics. Many thanks to Daniel Veillard of Red Hat
for his hard work in tracking down and dealing with the edge cases
discovered with the initial fix to this issue.
_______________________________________________________________________
References:
> *
> * In the interest of public safety, this exploit was specifically designed to
> * be limited:
> *
> * * The particular symbols I resolve are not exported on Slackware or Debian
> * * Red Hat does not support Econet by default
> * * CVE-2010-3849 and CVE-2010-3850 have both been patched by Ubuntu and
> * Debian
> *
> * However, the important issue, CVE-2010-4258, affects everyone, and it would
> * be trivial to find an unpatched DoS under KERNEL_DS and write a slightly
ACKNOWLEDGMENTS
===============
Thanks to Nalin Dahyabhai, Jan iankko Lieskovsky, and Zbysek Mraz (all
from Red Hat) for discovering and reporting this vulnerability.
CONTACT
=======
The MIT Kerberos Team security contact address is
* Juan Galiana Lara of ISecAuditors discovered a NULL pointer
dereference when processing multipart requests without a part header
name (CVE-2009-1902).
* Steve Grubb of Red Hat reported that the "PDF XSS protection"
feature does not properly handle HTTP requests to a PDF file that do
not use the GET method (CVE-2009-1903).
Impact
======
OpenOffice.org package that allows malformed documents to trick the
system into crashes or even the execution of arbitrary code.
CVE-2010-3450
During an internal security audit within Red Hat, a directory
traversal vulnerability has been discovered in the way
OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If
a local user is tricked into opening a specially-crafted OOo XML
filters package file, this problem could allow remote attackers to
create or overwrite arbitrary files belonging to local user or,
done
Vulnerability successfully tested on (banners extracted from server headers):
Server: Apache/2.0.46 (Red Hat)
Server: Apache/2.0.51 (Fedora)
Server: Apache/2.0.55 (Ubuntu) PHP/5.1.6
Server: Apache/2.0.59 (Unix) mod_ssl/2.0.59 OpenSSL/0.9.7g
Server: Apache/2.2.3 (FreeBSD) mod_ssl/2.2.3 OpenSSL/0.9.7e-p1 DAV/2
Server: Apache/2.2.4 (Linux/SUSE)
The exploit however will work on systems where php scripts are handled via the following setting in the php.conf:
AddHandler php5-script .php
which I think is quite common. For example Apache distributed in Red Hat based systems seem to have php configured in such a way.
Hope this clears the matter a bit.
Regards,
Dawid
Problem Description:
Multiple vulnerabilities has been found and corrected in acpid:
A certain Red Hat patch for acpid 1.0.4 effectively triggers a call
to the open function with insufficient arguments, which might allow
local users to leverage weak permissions on /var/log/acpid, and obtain
sensitive information by reading this file, cause a denial of service
by overwriting this file, or gain privileges by executing this file
(CVE-2009-4033).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0284
ACKNOWLEDGMENTS
===============
This issue was discovered by Cameron Meadors of Red Hat.
CONTACT
=======
The MIT Kerberos Team security contact address is
Introduction:
=============
DirectAdmin is a graphical web-based web hosting control panel designed to make administration
of websites easier. DirectAdmin is compatible with several versions of Red Hat, Fedora Core, Red
Hat Enterprise Linux, CentOS, FreeBSD, Ubuntu and Debian.DirectAdmin is often called DA for short
(Copy of the Vendor Homepage: http://en.wikipedia.org/wiki/DirectAdmin )
* hosted products are VMware Workstation, Player, ACE, Server, Fusion.
g. vMA and Service Console package openssh update to 4.3p2-36.el5_4.2
A Red Hat specific patch used in the openssh packages as shipped in
Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain
ownership requirements for directories used as arguments for the
ChrootDirectory configuration options. A malicious user that also
has or previously had non-chroot shell access to a system could
possibly use this flaw to escalate their privileges and run
A validation error in the Hp-GL/2 filter was also discovered
(CVE-2008-0053).
Finally, a vulnerability in how CUPS handled GIF files was found by
Tomas Hoger of Red Hat, similar to previous issues corrected in PHP,
gd, tk, netpbm, and SDL_image (CVE-2008-1373).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
could cause a denial of service (NULL pointer dereference) by sending a
specially crafted netlink message.
CVE-2011-2700
Mauro Carvalho Chehab of Red Hat reported a buffer overflow issue in the
driver for the Si4713 FM Radio Transmitter driver used by N900 devices.
Local users could exploit this issue to cause a denial of service or
potentially gain elevated privileges.
CVE-2011-2723
Firewall Administrators, Teachers, Academic Researchers and Software
Developers.
The last conference has been attended by: Ericsson, Commerzbank, Philips,
RBT, GRZ IT, IERN Sierra Leone, SAP, Improware, Telekom Austria, Microsoft,
BAWAG, T-Systems, Iphos, Sektion Eins, T-Mobile, Red Hat, SWITCH, Austrian
National Bank, Daimler, Sentrigo, University of Vienna, SEC Consult, Tech
Data, S21Sec, DHL, Bearing Point, Cygnos, wecon, YCO, Rolex SA, Austrian
National Bank, US Army, Fraunhofer Institut, Kapsch CarrierCom AG, IronPort,
Cisco, SonyDADC, TÜV Austria, Telecom Italia, Vodafone, Siemens, BAWAG,
CheckPoint, DHL, and many others.
* Helge Blischke reported a double free() vulnerability in the
process_browse_data() function when adding or removing remote shared
printers (CVE-2008-0882).
* Tomas Hoger (Red Hat) reported that the gif_read_lzw() function
uses the code_size value from GIF images without properly checking
it, leading to a buffer overflow (CVE-2008-1373).
* An unspecified input validation error was discovered in the HP-GL/2
filter (CVE-2008-0053).
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4022
ACKNOWLEDGMENTS
===============
This issue was discovered by Keiichi Mori of Red Hat.
CONTACT
=======
The MIT Kerberos Team security contact address is
> *
> * In the interest of public safety, this exploit was specifically designed to
> * be limited:
> *
> * * The particular symbols I resolve are not exported on Slackware or Debian
> * * Red Hat does not support Econet by default
> * * CVE-2010-3849 and CVE-2010-3850 have both been patched by Ubuntu and
> * Debian
> *
> * However, the important issue, CVE-2010-4258, affects everyone, and it would
> * be trivial to find an unpatched DoS under KERNEL_DS and write a slightly
Introduction:
=============
DirectAdmin is a graphical web-based web hosting control panel designed to make administration
of websites easier. DirectAdmin is compatible with several versions of Red Hat, Fedora Core, Red
Hat Enterprise Linux, CentOS, FreeBSD, Ubuntu and Debian.DirectAdmin is often called DA for short
(Copy of the Vendor Homepage: http://en.wikipedia.org/wiki/DirectAdmin )
several security issues:
An uninitialized variable in the CSN.1 dissector could cause a crash
(CVE-2011-4100).
Huzaifa Sidhpurwala of Red Hat Security Response Team discovered
that the Infiniband dissector could dereference a NULL pointer
(CVE-2011-4101).
Huzaifa Sidhpurwala of Red Hat Security Response Team discovered a
buffer overflow in the ERF file reader (CVE-2011-4102).
DPSOL_00300
OV DP5.50 (Core)
DPSOL_00321
RedHat 4AS-x86_64, RedHat 4ES-x86_64
OV DP6.0 (Cell Server)
DPLNX_00025
OV DP6.0 (Core)
DPLNX_00029
@@ -27,22 +27,10 @@
# --define "cachedir <dir>" Configure with --with-cachedir=<dir>.
#
-%if 0%{!?distro:1}
-%if "%{_vendor}" == "redhat"
-%define distro RedHat
-%else
-%if "%{_vendor}" == "suse"
-%define distro SuSE
-%else
Who is affected?
Users of all Webwasher appliances version 6.x (CGLinux 4 or 5):
•If not running current version of Webwasher software but build numbers prior to 3150
Users of Webwasher software versions
•If running on RedHat Enterprise Linux 4, Debian Linux 4 or Linux Suse Linue 10
•And if not running current version of Webwasher software but build numbers prior to 3150
Who is not affected?
•All Webwasher installations on current versions – build numbers 3150 or newer
•Webwasher Software customers on Windows, Solaris, Linux RedHat Enterprise 3, Linux Suse 8 and 9, Debian 3.1 and Webwasher appliances running with CGLinux 3.x are not affected.
Vulnerable SUID script in (nomachine) NX Server for Linux 3.5.0-4 (Advanced and Enterprise across redhat and debian hosts)
21 September 2011
NGS Secure has discovered a High risk vulnerability in (nomachine) NX Server for Linux 3.5.0-4 (Advanced and Enterprise across redhat and debian hosts).
Impact: Arbitrary files can be read with root privileges
The fix was rated critical by the vendor and short term patch was to remove the offending script.
Research@NGSSecure <research@ngssecure.com> wrote:
> Vulnerable SUID script in (nomachine) NX Server for Linux 3.5.0-4
> (Advanced and Enterprise across redhat and debian hosts)
>
> 21 September 2011
>
> NGS Secure has discovered a High risk vulnerability in (nomachine) NX
> Server for Linux 3.5.0-4 (Advanced and Enterprise across redhat and debian
> hosts).
Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
Marc Schoenefeld of the Red Hat Security Response Team discovered a
vulnerability in the hplip alert-mailing functionality that could allow
a local attacker to elevate their privileges by using specially-crafted
packets to trigger alert mails that are sent by the root account
(CVE-2008-2940).
Multiple vulnerabilities was discovered and fixed in glibc:
Multiple untrusted search path vulnerabilities in elf/dl-object.c in
certain modified versions of the GNU C Library (aka glibc or libc6),
including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat
Enterprise Linux, allow local users to gain privileges via a crafted
dynamic shared object (DSO) in a subdirectory of the current working
directory during execution of a (1) setuid or (2) setgid program that
has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because
of an incorrect fix for CVE-2010-3847 (CVE-2011-0536).
===============
Thanks to Jeff Altman of Secure Endpoints for discovering and
reporting this problem in 1.6.3.
Thanks to the Red Hat Security Response Team for noting that 1.2.2 was
also affected by the same problem, for different reasons.
CONTACT
=======
<<Previous Next>>
|
