R�sumons. Je rappelle que je ne parle que des vuln�rabilit�s du syst�me Linux ou d'applications open-source, � l'exclusion des jeux. Aussi, les erreurs de configuration �videntes ne sont pas mentionn�es. 20. Balabit syslog-ng Incomplete Priority String Remote DoS Vulnerability BugTraq ID: 1981 Remote: Yes Date Published: 2000-11-23 Relevant URL: http://www.securityfocus.com/bid/1981 Summary: syslog-ng is a replacement for syslogd on Unix systems. Due to a fault in the log message parsing function, it can be remotely terminated via a SIGSEGV by causing a certain string to be included in a log message. [ ... ] elvis-tiny File Overwrite Vulnerability BugTraq ID: 1984 Remote: No Date Published: 2000-09-13 Relevant URL: http://www.securityfocus.com/bid/1984 Summary: Elvis-tiny is a compact vi-compatible text editor. Due to a flaw in the program's creation and naming of temporary files, a race condition exists which could allow a properly-timed attack to read or overwrite data from files created using the vulnerable application. The affected files would be limited to those which are writable by the target user. Depending on the privileges of the target user using Elvis, this could yield an elevation of privileges to the attacker, a denial of service, or further compromise of the host's security. Linux modprobe Buffer Overflow Vulnerability BugTraq ID: 1989 Remote: No Date Published: 2000-11-23 Relevant URL: http://www.securityfocus.com/bid/1989 Summary: Modutils is a component of many linux systems that includes tools for using loadable kernel modules. One of these tools, modprobe, loads a set of modules that correspond to a provided "name" (passed at the command line) automatically. Though fixes for a recent (as of 11/23/2000, see Bugtraq ID 1936) high-profile vulnerability in modprobe have been made available by most vulnerable Linux vendors, it has been reported that there exists another method for an attacker to gain root privileges exploiting modprobe. Debian and RedHat have both released advisories regarding a vulnerability that exists in modprobe related to the handling of input from the kernel. A buffer overflow can occur because data passed from the user through the kernel to modprobe isn't checked for length/validity before being used in memory copies. Since modprobe is still spawned as root via kmod through setuid utilities such as ping, successful exploitation of this vulnerability can lead to root privileges for the attacker. Alladin Ghostscript Symlink Vulnerability BugTraq ID: 1990 Remote: No Date Published: 2000-11-22 Relevant URL: http://www.securityfocus.com/bid/1990 Summary: A vulnerability exists in certain versions of Alladin Ghostscript, a multiplatform PostScript interpreter. The method used by the program to create temporary files can allow a local user to carry out a symbolic link attack on files elsewhere in the affected host's filesystem. As a result, an attacker could potentially be permitted to read or overwrite sensitive information, (ie /etc/passwd). This could lead to an elevation of privileges, denial of service or further compromise of the target host. Alladin Ghostscript Arbitrary Shared Library Usage Vulnerability. BugTraq ID: 1991 Remote: No Date Published: 2000-11-22 Relevant URL: http://www.securityfocus.com/bid/1991 Summary: A vulnerability exists in certain versions of Alladin Ghostscript, a multiplatform PostScript interpreter. Improper use of the LD_RUN_PATH environment variable can cause the program to load shared libraries found in the current directory. An attacker with a malicious shared library could exploit this to execute hostile code on the affected host, potentially granting an elevation of privileges. Linux rcp Possible Local Arbitrary Command Execution Vulnerability BugTraq ID: 1992 Remote: No Date Published: 2000-11-22 Relevant URL: http://www.securityfocus.com/bid/1992 Summary: rcp, or "remote copy" is a component of the Berkeley "r-services" remote access utilities. It is installed setuid root because it uses privileged source ports to perform rhosts and hosts.equiv authentication. The linux version of rcp (and possibly others) contains a vulnerability which may lead to a local root compromise if exploited on older linux systems or systems with special configurations. User input, via a system()-like call within the rcp source, is passed to /bin/sh (which is actually bash on most linux systems) without being checked for shell metacharacters. As a result, it is possible to execute arbitrary commands with effective root privileges provided that the shell allows it. Versions of bash shipped with almost all recent versions of linux drop effective privileges if they do not match the users real access levels. As a result, this vulnerability is not a threat on these systems. This vulnerability may be a threat on older linux systems using versions of bash or bourne shell as /bin/sh that do not drop effective privileges. This vulnerability may also be a threat on systems where the default /bin/sh has been replaced with another shell that does not drop effective privileges. [ -rwsr-x--- 1 root rok 13136 Apr 30 1997 /usr/bin/rcp* ] [ ou carr�ment d�installer ] - Pour poster une annonce: [EMAIL PROTECTED]
