Sie finden hier eine Listung bereits veröffentlichter Sicherheitsgutachen (engl. Security Advisory) von unserem Mitarbeiter Jens Steube.
Datum: 08.10.2005; Typ: local root; Url: http://www.debian.org/security/2005/dsa-848 Jens Steube discovered two vulnerabilities in masqmail, a mailer for hosts without permanent internet connection. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-2662: When sending failed mail messages, the address is not sanitised, which allows a local attacker to execute arbitrary commands as the mail user. CAN-2005-2663: When opening the log file, masqmail does not relinquish privileges, which allows a local attacker to overwrite arbitrary files via a symlink attack.
Datum: 08.03.2005; Typ: dos + patch; Url: pending
Datum: 28.02.2005; Typ: remote shell; Url: http://www.debian.org/security/2005/dsa-704 Jens Steube discovered several vulnerabilities in remstats, the remote statistics system. The Common Vulnerabilities and Exposures project identifies the following problems: CAN-2005-0387: When processing uptime data on the unix-server a temporary file is opened in an insecure fashion which could be used for a symlink attack to create or overwrite arbitrary files with the permissions of the remstats user. CAN-2005-0388: The remoteping service can be exploited to execute arbitrary commands due to missing input sanitising.
Datum: 24.02.2005; Typ: local root; Url: http://www.debian.org/security/2005/dsa-725 Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell.
Datum: 24.02.2005; Typ: local root; Url: http://packages.debian.org/changelogs/pool/main/j/jfbterm/jfbterm_0.4.7-2/changelog
Datum: 20.02.2005; Typ: local root; Url: http://www.debian.org/security/2005/dsa-728 Two bugs have been discovered in qpopper, an enhanced Post Office Protocol (POP3) server. The Common Vulnerability and Exposures project identifies the following problems: CAN-2005-1151: Jens Steube discovered that while processing local files owned or provided by a normal user privileges weren't dropped, which could lead to the overwriting or creation of arbitrary files as root. CAN-2005-1152: The upstream developers noticed that qpopper could be tricked to creating group- or world-writable files.
Datum: 29.09.2003; Typ: remote shell; Url: http://www.debian.org/security/2003/dsa-392 Jens Steube reported two vulnerabilities in webfs, a lightweight HTTP server for static content. CAN-2003-0832: When virtual hosting is enabled, a remote client could specify ".." as the hostname in a request, allowing retrieval of directory listings or files above the document root. CAN-2003-0833: A long pathname could overflow a buffer allocated on the stack, allowing execution of arbitrary code. In order to exploit this vulnerability, it would be necessary to be able to create directories on the server in a location which could be accessed by the web server. In conjunction with CAN-2003-0832, this could be a world-writable directory such as /var/tmp.
Datum: 18.09.2003; Typ: local root; Url: http://www.debian.org/security/2003/dsa-385 Jens Steube reported a pair of buffer overflow vulnerabilities in hztty, a program to translate Chinese character encodings in a terminal session. These vulnerabilities could be exploited by a local attacker to gain root privileges on a system where hztty is installed.
Datum: 17.09.2003; Typ: local root; Url: released by others
Datum: 08.06.2003; Typ: local root; Url: released by others
Datum: 13.01.2002; Typ: local root; Url: http://www.securityfocus.com/bid/3865/
Datum: 15.09.2000; Typ: remote shell; Url: http://www.securityfocus.com/archive/1/83454
Datum: 08.09.2000; Typ: remote shell; Url: http://www.securityfocus.com/archive/1/81141