fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel
before 2.6.28.1 allows local users to cause a denial of service (fault
or memory corruption), or possibly have unspecified other impact,
via a readlink call that results in an error, leading to use of a -1
return value as an array index. (CVE-2009-0269)
The audit_syscall_entry function in the Linux kernel 2.6.28.7
and earlier on the x86_64 platform does not properly handle (1)
a 32-bit process making a 64-bit syscall or (2) a 64-bit process
making a 32-bit syscall, which allows local users to bypass certain
setegid() and related legacy interfaces. If no setegid() equivalent
appears to exist on the system, k5-util.h defines krb5_setegid() to
always fail with errno EPERM. Since the relevant autoconf tests never
execute, k5-util.h will always define krb5_setegid() to fail.
The FTP daemon does not check the return value of krb5_setegid(), so
it silently fails to set its effective GID, allowing users to gain
unauthorized access using the effective GID that the daemon process
started with.
REVISION HISTORY
Problem Description:
Multiple vulnerabilities was discovered and corrected in ruby:
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check
the return value from the OCSP_basic_verify function, which might allow
remote attackers to successfully present an invalid X.509 certificate,
possibly involving a revoked certificate (CVE-2009-0642).
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before
p173 allows context-dependent attackers to cause a denial of service
II. Problem Description
The DSA_do_verify() function from OpenSSL is used to determine if a
DSA digital signature is valid. When DNSSEC is used within BIND it
uses DSA_do_verify() to verify DSA signatures, but checks the function
return value incorrectly.
III. Impact
It is in theory possible to spoof a DNS reply even though DNSSEC
is set up to validate answers. This could be used by an attacker for
Problem Description:
A vulnerability has been found and corrected in libnasl:
nasl/nasl_crypto2.c in the Nessus Attack Scripting Language library
(aka libnasl) 2.2.11 does not properly check the return value from
the OpenSSL DSA_do_verify function, which allows remote attackers to
bypass validation of the certificate chain via a malformed SSL/TLS
signature, a similar vulnerability to CVE-2008-5077 (CVE-2009-0125).
This update fixes this vulnerability.
