03.12.12-03.12.17 bugs

包子

Distribution: Fedora
   12/15/2003 lftp
    Buffer overflow vulnerability

An attacker could create a carefully crafted directory on a website such that, if a user connects to that directory using the lftp client and subsequently issues a 'ls' or 'rels' command, the attacker could execute arbitrary code on the users machine.
http://www.linuxsecurity.com/advisories/fedora_advisory-3880.html  
  
  
Distribution: Gentoo
   12/12/2003 app-crypt/gnupg Multiple vulnerabilities
    Buffer overflow vulnerability

Two flaws have been found in GnuPG 1.2.3 including a format string vulnerability and the compromise of ElGamal signing keys.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3871.html  
  
   12/15/2003 xchat
    Denial of service vulnerability

There is a remotely exploitable bug in xchat 2.0.6 that could lead to a denial of service attack. This is caused by sending a malformed DCC packet to xchat 2.0.6, causing it to crash.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3878.html  
  
   12/18/2003 lftp
    Multiple buffer overflow vulnerabilities

Two buffer overflow problems have been found in lftp, a multithreaded command-line based FTP client.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3894.html  
  
   12/18/2003 lftp
    Multiple buffer overflow vulnerabilities

Two buffer overflow problems have been found in lftp, a multithreaded command-line based FTP client.
http://www.linuxsecurity.com/advisories/gentoo_advisory-3895.html  
  
  
Distribution: Immunix
   12/15/2003 lftp
    Buffer overflow vulnerability

Ulf Hrnhammar has discovered remotely triggerable buffer overflows in lftp; this update fixes both of these problems.
http://www.linuxsecurity.com/adv ... _advisory-3875.html  
  
   12/16/2003 lftp
    Multiple vulnerabilities

Advisory updated Tue Dec 16 2003; an employee at Red Hat found another bug in lftp that causes a crash when a response from a server is a blank line. Currently, we don't expect this to be exploitable beyond a crash.
http://www.linuxsecurity.com/adv ... _advisory-3884.html  
  
  
Distribution: Mandrake
   12/12/2003 net-snmp Improper access vulnerability
    Multiple vulnerabilities

A vulnerability in Net-SNMP versions prior to 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view.
http://www.linuxsecurity.com/adv ... _advisory-3872.html  
  
   12/15/2003 lftp
    Buffer overflow vulnerability

A buffer overflow vulnerability was discovered by Ulf Harnhammar in the lftp FTP client when connecting to a web server using HTTP or HTTPS and using the "ls" or "rels" command on specially prepared directory.
http://www.linuxsecurity.com/adv ... _advisory-3882.html  
  
   12/18/2003 irssi
    Remote crash vulnerability

A vulnerability in versions of irssi prior to 0.8.9 would allow a remote user to crash another user's irssi client.
http://www.linuxsecurity.com/adv ... _advisory-3896.html  
  
  
Distribution: NetBSD
   12/17/2003 BIND
    Negative cache poisoning

Several versions of the BIND 8 name server are vulnerable to cache poisoning via negative responses. To exploit this vulnerability, an attacker must configure a name server to return authoritative negative responses for a given target domain.
http://www.linuxsecurity.com/advisories/netbsd_advisory-3887.html  
  
  
Distribution: Red Hat
   12/16/2003 lftp
    Buffer overflow vulnerability

An attacker could create a carefully crafted directory on a website such that, if a user connects to that directory using the lftp client and subsequently issues a 'ls' or 'rels' command, the attacker could execute arbitrary code on the users machine.
http://www.linuxsecurity.com/advisories/redhat_advisory-3883.html  
  
   12/16/2003 apache
    Multiple (minor) vulnerabilities

Updated httpd packages that fix two minor security issues in the Apache Web server are now available for Red Hat Linux 8.0 and 9.
http://www.linuxsecurity.com/advisories/redhat_advisory-3885.html  
  
  
Distribution: Slackware
   12/12/2003 lftp
    Code parsing vunlerability

According to the NEWS file, this includes "security fixes in html parsing code" which could cause a compromise when using lftp to access an untrusted site.
http://www.linuxsecurity.com/adv ... _advisory-3874.html  
  
  
Distribution: Suse
   12/15/2003 lftp
    Buffer overflow vulnerability

When using lftp via HTTP or HTTPS to execute commands like 'ls' or 'rels' specially prepared directories on the server can trigger a buffer overflow in the HTTP handling functions of lftp to possibly execute arbitrary code on the client-side.
http://www.linuxsecurity.com/advisories/suse_advisory-3876.html  
  
  
Distribution: Turbolinux
   12/17/2003 GnuPG
    Key compromise vulnerability

Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds.
http://www.linuxsecurity.com/adv ... _advisory-3886.html