Ah, pendant que vous y �tes, faites aussi un apt-get remove gv
gv est avantageusement remplac� par kghostview, et gv a apparemment un grave probl�me de s�curit� permettant � un attaquant d'envoyer un fichier sp�cialement cr�� PostScript ou PDF qui causera de l'ex�cution de code sous l'utilisateur concern�. Apparemment cette vuln�rabilit� est sp�cifique � gv, pas aux biblioth�ques et programmes Ghostscript. L'auteur semble ne pas r�pondre. Debian fera peut-�tre un patch, on verra. ASMon Kernel Memory File Descriptor Leakage Vulnerability BugTraq ID: 5720 Remote: No Date Published: Sep 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5720 Summary: asmon is a freely available, open source system monitoring application for the AfterStep desktop. It is available for Unix and Linux operating systems. On FreeBSD it is installed setgid mem/kmem by default. It has been reported that asmon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through asmon. The program that is executed can be specified by the attacker at the command line. Upon exploiting this vulnerability, an attacker would have read-access to kernel memory. The attacker could use this access to gain sensitive information such as passwords, or other information. It should be assumed that total compromise is imminent if an attacker has read access to kernel memory. ASCPU Kernel Memory File Descriptor Leakage Vulnerability BugTraq ID: 5716 Remote: No Date Published: Sep 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5716 Summary: ascpu is a freely available, open source system monitoring application for the AfterStep desktop. It is available for Unix and Linux operating systems. On FreeBSD it is installed setgid mem/kmem by default. It has been reported that ascpu is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through ascpu. The program that is executed can be specified by the attacker at the command line. Upon exploiting this vulnerability, an attacker would have read-access to kernel memory. The attacker could use this access to gain sensitive information such as passwords, or other information. It should be assumed that total compromise is imminent if an attacker has read access to kernel memory. BubbleMon Kernel Memory File Descriptor Leakage Vulnerability BugTraq ID: 5714 Remote: No Date Published: Sep 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5714 Summary: BubbleMon is a freely available, open source system monitoring application for the Gnome desktop. It is available for Unix and Linux operating systems. On FreeBSD it is installed setgid mem/kmem by default. It has been reported that BubbleMon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through BubbleMon. The program that is executed can be specified by the attacker at the command line. Upon exploiting this vulnerability, an attacker would have read-access to kernel memory. The attacker could use this access to gain sensitive information such as passwords, or other information. It should be assumed that total compromise is imminent if an attacker has read access to kernel memory. WMMon Memory Character File Open File Descriptor Read Vulnerability BugTraq ID: 5718 Remote: No Date Published: Sep 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5718 Summary: wmmon is a freely available, open source system monitoring application for the WindowMaker desktop. It is available for Unix and Linux operating systems. On FreeBSD it is installed setgid mem/kmem by default. It has been reported that wmmon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through wmmon. The program that is executed can be specified by the attacker at the command line. Upon exploiting this vulnerability, an attacker would have read-access to kernel memory. The attacker could use this access to gain sensitive information such as passwords, or other information. It should be assumed that total compromise is imminent if an attacker has read access to kernel memory. WMNet2 Kernel Memory File Descriptor Leakage Vulnerability BugTraq ID: 5719 Remote: No Date Published: Sep 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5719 Summary: wmnet2 is a freely available, open source system monitoring application for the WindowMaker desktop. It is available for Unix and Linux operating systems. On FreeBSD it is installed setgid mem/kmem by default. It has been reported that wmnet2 is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through wmnet2. The program that is executed can be specified by the attacker at the command line. Upon exploiting this vulnerability, an attacker would have read-access to kernel memory. The attacker could use this access to gain sensitive information such as passwords, or other information. It should be assumed that total compromise is imminent if an attacker has read access to kernel memory. NetBSD Repeated TIOSCTTY IOCTL Buffer Overflow Vulnerability BugTraq ID: 5722 Remote: No Date Published: Sep 17 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5722 Summary: A vulnerability has been reported in NetBSD. Reportedly, flaws exist in the TIOSCTTY (set controlling TTY) ioctl kernel calls. TIOSCTTY is used to set the session controlling TTY. A call to TIOSCTTY will increment the hold count of a kernel structure shared between processes in the same session. Thus, repeated calls to TIOSCTTY will cause an internal buffer to be incremented indefinitely and overflow. The flaw will allow a local attacker to cause the memory structure to be freed prematurely. This may cause a kernel panic or cause faulty teminal sessions. A local attacker can exploit this vulnerability to cause the system to panic and experience a denial of service condition. KDE Konqueror Oversized Image Width Denial of Service Vulnerability BugTraq ID: 5721 Remote: Yes Date Published: Sep 16 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5721 Summary: Konqueror is an Open Source web browser, shipped with the KDE desktop. It is available on Linux platforms. It has been reported that Konqueror is prone to a denial of service vulnerability when processing overly wide images. When Konqueror attempts to process a valid image containing a reported width of 32759 pixels, the condition is triggered, causing Konqueror to temporarily consume system resources and then crash. This vulnerability may result in memory corruption. If memory can be corrupted with attacker-supplied data, then it may be possible to execute arbitrary code within the context of the client. The problem reportedly exists on Mandrake 8.2 running KDE 3.0.2 Although unconfirmed, it likely exists on all systems running KDE 3.0.2 NetBSD LibC SetLocale Buffer Overflow Vulnerability BugTraq ID: 5724 Remote: No Date Published: Sep 17 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5724 Summary: A buffer overflow vulnerability has been discovered in NetBSD versions 1.5.3 and earlier. The buffer overflow is reported to occur in the setlocale() function in libc. The setlocale() function is used to query or set a program's current locale. This vulnerability is reportedly exploitable when certain specific conditions are met. The vulnerability when successfully exploited, will give a local user root access to the system. The buffer overflow condition occurs due to insufficient boundary checking on the arguments to the setlocale() function. When an attacker calls the setlocale() function using 'LC_ALL' category and an overly long second argument, the buffer overflow condition is met. A successful exploit requires that the second argument is derived from externally supplied data, such as environment variables or command line arguments, from a setuid/setgid application. NetBSD has stated that most applications using Xt, including the setuid program, xterm, may satisfy this condition. As well, the zsh package is another program that may satisfy these conditions. A local attacker may be able to exploit this vulnerability by invoking the setlocale() function with malformed arguments and obtain elevated privileges. NetBSD IPv4 Multicast Tools Buffer Overflow Vulnerability BugTraq ID: 5727 Remote: No Date Published: Sep 17 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5727 Summary: NetBSD has reported buffer overflow vulnerabilities in several of its IPv4 multicast tools as well as the pppd service. The mrinfo(1), mtrace(1) and the pppd(8) daemon are affected by this vulnerability. The buffer overflow vulnerability is a result of improper boundary checking when performing FD_SET() operations. An attacker is able to exploit this vulnerability by filling the file descriptor table and then invoking the tools. The tools make use of select() which supports only FD_SETSIZE (256) file descriptors. Thus, when executed and select is allocated a file descriptor equal to or larger than FD_SETSIZE (256), the buffer overflow condition is met. The multicast tools and the pppd service are setuid root applications. An attacker can exploit this vulnerability to obtain root privileges on vulnerable systems. Heimdal Kerberos Forwarding Daemon File Overwriting Vulnerability BugTraq ID: 5729 Remote: Yes Date Published: Sep 17 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5729 Summary: Heimdal Kerberos is an implementation of the Kerberos protocol distributed and maintained by the Center for Parallel Computers, KTH. It is open source, and available for Unix and Linux operating systems. A problem with the implementation could make it possible for remote users to overwrite files on a vulnerable system. The Heimdal Kerberos Forwarding Daemon does not properly protect some information sent from a client to a server. Because of this, it may be possible to overwrite files accessible via the authenticated user's id. This could result in a denial of service, or potential loss of data. It should be noted that this vulnerability may be exploited to overwrite files that are write-accessible by the victim. No further details are known at this time. Heimdal Kerberos Forwarding Daemon Zero Terminated String Passing Buffer Overflow Vulnerability BugTraq ID: 5731 Remote: Yes Date Published: Sep 17 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5731 Summary: Heimdal Kerberos is an implementation of the Kerberos protocol distributed and maintained by the Center for Parallel Computers, KTH. It is open source, and available for Unix and Linux operating systems. A problem with the implementation could make it possible for remote users to launch remote buffer overflow attacks. The Heimdal Kerberos Forwarding Daemon does not properly check information sent from a client to a server for the termination of strings. As this information is often passed to additional programs that may be executed with elevated privileges, it could be possible to exploit a buffer overflow in one of these programs. This could lead to the execution of arbitrary code with elevated privileges, and potential compromise of administrative access. Joe Text Editor Backup SetUID Executable Editing Permission Elevation Vulnerability BugTraq ID: 5732 Remote: No Date Published: Sep 17 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5732 Summary: Joe is a freely available, open source text editor. It is available for Unix and Linux operating systems. A problem with Joe could make it possible for local users to gain elevated privileges. When joe is used to edit a file, joe automatically creates a backup of the file with the name filename~ where filename represents the name of the file being edited. When joe is used to edit a setuid file, joe automatically creates a copy of the setuid file. The permissions on the file are preserved with the exception of ownership. This could result in an arbitrary copy of a setuid file being created with the permissions of the joe user. It should be noted that this vulnerability is limited in it's application, as it would require social engineering, and the editing of a setuid file by either a privileged user, or a user in a world-writeable directory. Purity Local Buffer Overflow Vulnerabilities BugTraq ID: 5702 Remote: No Date Published: Sep 13 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5702 Summary: Purity is an automated version of the purity test. It will run on most Unix and Linux variants and ships with Debian. Purity is reported to be prone to a number of buffer overflows, making it possible for local attackers to corrupt memory with attacker-supplied data. As a result, it is possible for an attacker to execute arbitrary code. This issue is due to insufficient bounds checking of input supplied via the command line when the program is invoked. The game is installed setgid, and successful exploitation of these issues may allow for elevation of privileges. In most installations the program is owned by the games group. Enterasys SSR8000 SmartSwitch Port Scan Denial Of Service Vulnerability BugTraq ID: 5703 Remote: Yes Date Published: Sep 13 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5703 Summary: The SSR8000 is a SmartSwitch distributed and maintained by Enterasys. A problem with the switch may make it possible for remote users to crash the system. The problem is in the handling of some types of traffic. SSR8000 SmartSwitches listen on ports 15077 and 15078 to provide Multiprotocol Over ATM (MPOA). MPOA is designed to carry IP traffic at layers two and three over ATM links. It has been discovered that SSR8000 switches react unpredictably when portscanned. When these switches are scanned using specific types of TCP traffic, and scanned on certain ports, the switch becomes unstable. It has been reported that this can be reproduced consistently to cause the switch to crash. This problem could be exploited to cause a denial of service attack. [ hardware/firmware ] Avaya IP Office Malformed Packets Denial Of Service Vulnerability BugTraq ID: 5704 Remote: Yes Date Published: Sep 13 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/5704 Summary: Avaya IP Office is an IP telephony solution. A vulnerability has been reported in IP office that may be exploited to cause a denial of service condition. Avaya IP Office devices crash when handling malformed packets on the ports for the user and administrative applications. It has been reported that this may be exploited by attackers in the local network. No further details are known. [ hardware/firmware ] - Pour poster une annonce: [EMAIL PROTECTED]
