| |||||
Security problem with Samba on Linux The most common digital security technique used to protect both media copyright and Internet communications has a major weakness, University of Michigan computer scientists have discovered. Several Linux distributors have released updated sudo packages to fix two vulnerabilities that allow users with limited access rights to escalate their privileges. The sudo (super user do) command is intended to allow users to execute certain commands at another user’s privilege level – usually root. The contents of the /etc/sudoers file determines whether or [...] An exploit for FreeBSD is in circulation that allows users with restricted access to escalate their privileges to root level. The problem is caused by a flaw in the run-time link editor (rtld) which, in certain circumstances, accepts specially crafted environment variables. According to Kingcope, the developer of the exploit, the flaw is “incredibly easy” [...] The Internet Systems Consortium (ISC), the company behind open source name server BIND, has released security updates to resolve a DNSSEC-related vulnerability. According to a report, under certain circumstances name servers which allow recursive queries extract information from the additional section of responses. This allows attackers to inject fake entries into the name server’s cache, [...] The new version of the GNU GRUB boot loader, 1.97.1, closes a security hole in the previous version, 1.97, which allowed passwords be easily circumvented. The password protection is available in GRUB to prevent unauthorised modification of the boot parameters. A programming error in the feature lead to passwords being accepted as valid even if [...] The Python developers have released Python 2.6.4 which they describe as a “critical bug fix for Python 2.6.3″. Python 2.6.3 was released at the start of October but according to the developers there were a number of regressions in the logging package and in setuptools compatibility, which required fixing in Python 2.6.4. Today the Django project is issuing a set of releases to remedy a security issue. This issue was disclosed publicly by a third party on a high-traffic mailing list, and attempts have been made to exploit it against live Django installations; as such, we are bypassing our normal policy for security disclosure and immediately issuing [...] For pidgin users , there is a security issue regarding storing passwords in pidgin, so this program stores the passwords in archives .xml in clear text without any encryption. So any one can easily boot into recovery mode while you are away and find all your passwords in plain text. Then he can just copy [...] Microsoft has issued a security advisory which warns of a critical bug in the FTP server service in Internet Information Services (IIS). An exploit demonstrating the vulnerability was published two day ago by a hacker going by the pseudonym Kingcope. Microsoft hopes to release an update to fix the bug as soon as possible, but [...] The release of version 2.50 of the lightweight DNS proxy, Dnsmasq, closes two vulnerabilities which could allow an attacker to inject and execute arbitrary code on systems or routers running the service or stage a denial of service. Dnsmasq is used on routers running the router distributions OpenWRT or DD-WRT as it is ideal for [...] A critical vulnerability in the Pidgin instant messenger application can be exploited by attackers to inject and execute malware on a computer. The cause of the problem is a bug in the libpurple library used by Pidgin, which allows code to be written to memory and executed using crafted MSN-SLP packets. No interaction from the [...] All, Internet Systems Consortium, the developers of the BIND DNS server, is reporting a denial of service vulnerability that is being actively exploited. “Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be [...] Brad Spengler, the developer behind the Grsecurity project, has published an exploit for a vulnerability in the Tun interface in Linux kernel 2.6.30 and 2.6.18, used in Red Hat Enterprise Linux 5 (RHEL5), which can be exploited by attackers to obtain root privileges. Of particular interest is the fact that the exploit is even able [...] Specially crafted DHCP servers can take control of a PC if the PC is running the DHCP client supplied by the Internet Systems Consortium (ISC) (dhclient). This is the default set-up in Ubuntu, BSD and many other Linux distributions. According to an ISC advisory, the vulnerability is based on a buffer overflow that allows attackers [...] The exploit portal Milw0rm has published an exploit for Firefox 3.5. The exploit demonstrates a security vulnerability by starting the Windows calculator. In testing by heise Security, the exploit crashed Firefox under Vista, but security service providers Secunia and VUPEN confirmed that attackers using prepared websites can infect PCs. The cause of the problem is [...] According to security service provider Secunia, a vulnerability in the Windows version of the VLC media player can be exploited in order to compromise a system. An attack would require the attacker to get the victim to open a play list file with an overly long smb:// URI. The cause of the problem is a [...] Hi, Zerimar points out that a significant flaw in Apache that can lead to a fairly trivial DoS attack is in the wild. Apache 1.x, 2.x, dhttpd, GoAhead WebServer, and Squid are confirmed vulnerable, while IIS6.0, IIS7.0, and lighttpd are confirmed not vulnerable. As of this writing, Apache Foundation does not have a patch available. [...] | |||||
Copyright © 2010 FreeSoftNews - All Rights Reserved | |||||
