On July 30, we (SuSe) released a security advisory concerning vulnerabilities in OpenSSL, including a buffer overflow in the SSL code. This vulnerability is currently being exploited by a worm called Slapper, propagating through Apache's mod_ssl module.
The libX11 library from this package dynamically loads other libraries where the pathname is controlled by the user invoking the program linked against libX11. Unfortunately, libX11 also behaves the same way when linked against setuid programs. This behavior allows local users to execute arbitrary code under a different UID which can be the root-UID in the worst case.
An integer overflow has been discovered in the xdr_array() function, contained in the Sun Microsystems RPC/XDR library, which is part of the glibc library package on all SuSE products. This overflow allows a remote attacker to overflow a buffer, leading to remote execution of arbitrary code supplied by the attacker.
The ipppd program contained various buffer overflows and format string bugs. Since ipppd is installed setuid to root and executable by users of group 'dialout' this may allow attackers with appropriate group membership to execute arbitrary commands as root.
The parsing code of wwwoffled that processes HTTP PUT and POST requests fails to handle a Content Length value smaller then -1. It is believed that an attacker could exploit this bug to gain remote wwwrun access to the system wwwoffled is running on.
Several buffer overflows have been discovered in the OpenSSL library affecting the SSL implementation, as well as a signedness issue in the ASN.1 decoding routines.
A vulnerability has been discovered in some resolver library functions. The affected code goes back to the resolver library shipped as part of BIND4; code derived from it has been included in later BIND releases as well as the GNU libc.
A vulnerability has been discovered in some resolver library functions. The affected code goes back to the resolver library shipped as part of BIND4; code derived from it has been included in later BIND releases as well as the GNU libc.
In order to provide properly functioning packages for our products, we have decided to return to the commonly known stable version 2.9.9p2 with the necessary patch to fix the vulnerability for the SuSE Linux distributions 6.4 up to 7.3 and for our server products.
Theo de Raadt announced that the OpenBSD team is working with ISSon a remote exploit for OpenSSH. No details on the type of vulnerability are available at this time, but everyone is advised to upgrade to version 3.3.
Theo de Raadt announced that the OpenBSD team is working with ISSon a remote exploit for OpenSSH. No details on the type of vulnerability are available at this time, but everyone is advised to upgrade to version 3.3.
here is a bug in the BIND9 name server that is triggered when processing certain types of DNS replies. When this happens an assertion will fail, and named will log a message to the system log before exiting.
A remote exploitable format string vulnerability was found in the logging routines of the dynamic DNS code of dhcpd. This vulnerability allows an attacker, usually within the LAN served by the DHCP server, to get remote root access to the host running dhcpd.
A buffer overflow could be triggered by an malicious ftp server while the client parses the PASV ftp command. An attacker who control an ftp server to which a client using lukemftp is connected can gain remote access to the clients machine with the privileges of the user running lukeftp.
The SuSE Security Team discovered a vulnerability that allows local attackers to destroy the contents of these files or to extend the group privileges of certain users. This is possible by setting evil filesize limits before invoking one of the programs modifying the system files.
It is possible for remote attackers to feed this script with evil data via spoofed DHCP replies for example. This way ifup-dhcp could be tricked into executing arbitrary commands as root.
