Comme d'habitude, les jeux ou les installations incorrectes (suids accessibles g�n�ralement sans raison, services inutiles comme finger, telnet, etc) ne seront pas trait�es, ni les programmes commerciaux tournant sous Linux � quelques exceptions pr�s. J'essaie aussi d'�tre g�n�ral et d'annoncer des vuln�rabilit�s ind�pendantes des distributions (sauf quand il s'agit d'une vuln�rabilit� sp�cifique � une distribution, et alors je le dis). (source: toujours le r�sum� securityfocus.com) Linux ypbind Local Format String Vulnerability BugTraq ID: 1824 Remote: No Date Published: 2000-10-14 Relevant URL: http://www.securityfocus.com/bid/1824 Summary: ypbind is the client-end NIS software package. The ypbind implementation written for Linux systems is vulnerable to a locally exploitable format string vulnerability. The vulnerability exists in ypbind's logging functionality and can result in root access for a malicious local user if exploited. User supplied data, part of the request, is passed to a *printf function as part of the format string. If a special string is constructed using format specifiers, memory on the stack can be overwritten and arbitrary code executed. It has also been reported that there are other attacks against ypbind which may be remotely exploitable, though these are uncomfirmed. MySQL Authentication Algorithm Vulnerability BugTraq ID: 1826 Remote: Yes Date Published: 2000-10-23 Relevant URL: http://www.securityfocus.com/bid/1826 Summary: MySQL is a popular open-source relational database package used primarily on unix systems (often to power websites). The MySQL engine runs as a server to which clients connect via TCP or unix domain sockets. [ ... ] Unfortunately the MySQL implementation is flawed. There are arithmetic properties in the check-strings which are consistent throughout multiple authentications. Thus if multiple client authentications are observed by an attacker over a network connection, the password hash can be deduced. [ ... ] RedHat lpr Arbitrary Command Execution Vulnerability BugTraq ID: 1834 Remote: No Date Published: 2000-10-20 Relevant URL: http://www.securityfocus.com/bid/1834 Summary: lpr is a set of printing tools for unix systems. The lpr package that ships with RedHat Linux 6.2 (and possibly earlier versions) contains a vulnerability that will allow an attacker to execute arbitrary commands with the privileges of group 'lp'. The vulnerability is not in one of the binary executables, rather in one of the print filters supplied with the lpr package. It is in the processing of troff files, their conversion into postscript files for printing on a postscript printer. [ ... ] Compromise of group lp access may lead to further compromise as the lpr configuration files are writeable to members of group lp. If lpr configuration files are modified, arbitrary commands can be run as any user other than root. This will most certainly eventually lead to root [ ... ] ntop -i Local Format String Vulnerability BugTraq ID: 1840 Remote: No Date Published: 2000-10-18 Relevant URL: http://www.securityfocus.com/bid/1840 Summary: ntop (network top) is a unix program used for displaying network usage statistics. It is often installed setuid root because it uses privileged ports. ntop is vulnerable to a format string vulnerability that can compromise root access locally. If present, the argument to the "-i" command-line option is passed directly to a *printf function without being checked. It is thus possible for an attacker insert format specifiers that will be interpreted by the *printf function. Malicious format specifiers can cause the function to overwrite memory locations on the program's stack with user supplied data. This can lead to execution of arbitrary code with the effective privileges of the process (if setuid root, superuser privs). pam_mysql Authentication Input Validation Vulnerability BugTraq ID: 1850 Remote: Yes Date Published: 2000-10-26 Relevant URL: http://www.securityfocus.com/bid/1850 Summary: pam_mysql is a PAM (pluggable authentication module) module that allows system administrators to setup authentication schemes using MySQL databases as a back-end. Because user input is not checked for SQL query metacharacters, pam_mysql has two vulnerabilities that can lead to local and remote compromise. [ ... ] TIS Firewall Toolkit Format String Vulnerability BugTraq ID: 1857 Remote: No Date Published: 2000-10-26 Relevant URL: http://www.securityfocus.com/bid/1857 Summary: A vulnerability exists in a component of TIS Firewall Toolkit, a set of utilities which assists in the implementation of network firewalls. The x-gw (X-Windows Gateway) component of FWTK contains a format string bug which, depending on the method used to invoke x-gw, can permit an attacker to execute arbitrary code. [ ... ] bftpd Buffer Overflow Vulnerability BugTraq ID: 1858 Remote: Yes Date Published: 2000-10-27 Relevant URL: http://www.securityfocus.com/bid/1858 Summary: bftpd is a free implementation of an ftp daemon designed to run on multiple architectures and versions of UNIX. A buffer overflow exists in the daemon that could create potential problems. [ ... ] -- Pour poster une annonce: [EMAIL PROTECTED]
