dialog /tmp File Race Condition Vulnerability BugTraq ID: 2151 Remote: No Date Published: 2000-12-25 Relevant URL: http://www.securityfocus.com/bid/2151 Summary: dialog is a program available with the Debian distribution of the Linux Operating System. A problem exists which could allow a user to append to or overwrite files owned by another user. Various programs such as debconf are dependent upon dialog. However, dialog creates lock files in the /tmp directory insecurely. A brute force attack involving creating numerous symbolic links in the /tmp filesystem makes it possible to truncate any linked file that is writable by the user executing dialog (be it directly, or through another program). It is possible for a user with malicious intent to exploit this vulnerability and truncate, corrupt, or overwrite sensitive files that privileged only to the user executing dialog. GnuPG Silent Import of Secret Keys Vulnerability BugTraq ID: 2153 Remote: Yes Date Published: 2000-12-25 Relevant URL: http://www.securityfocus.com/bid/2153 Summary: GnuPG is the GNU Privacy Guard, a public key program designed to facilitate secure email between parties. A problem exists which could allow a breaking of the ring of trust. The problem occurs in the trust of secret keys by GnuPG. GnuPG considers the public keys that correspond to known secret keys to be trusted in entirety. However, GnuPG imports secret keys from key servers silently, and can therefore break the trust model by accepting a secret key that corresponds to a key held in the public ring. This makes it possible for a user with malicious intent to infiltrate and break the trust of a group by uploading a public and private key to a certificate authority or key server, and creating a situation that would allow a user to import the public key and private key to their keyring. 4. Security-Enhanced Linux Buffer Overflow Vulnerability BugTraq ID: 2154 Remote: No Date Published: 2000-12-26 Relevant URL: http://www.securityfocus.com/bid/2154 Summary: Security-Enhanced Linux is an add-on access control infrastructure developed and distributed by the U.S. National Security Agency. A problem exists which could allow the altering of sensitive information on a running system. The problem occurs in the libsecure/get_default_type.c file. get_default_type attempts to allocate buffer space by extracting the default type from /etc/security/default_type and copying the result to a buffer. The buffer that is created, however, is generally one byte too small and creates an ideal situation for a buffer overflow attack. This vulnerability can be exploited by a malicious user to potentially overwrite malloc()'d fields that may contain other application data, or overhead data that another application was relying upon. - Pour poster une annonce: [EMAIL PROTECTED]
