Monthly Archive: April 2003

xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable. Date published : 2003-04-02 http://www.securityfocus.com/bid/362 http://marc.info/?l=bugtraq&m=90221101926021&w=2

rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable. Date published : 2003-04-02 http://www.securityfocus.com/bid/31 http://www.cert.org/advisories/CA-91.20.rdist.vulnerability

FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges. Date published : 2003-04-02...

Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects. Date published...

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities. Date published : 2003-04-02 http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert

Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. Date published : 2003-04-02 http://marc.info/?l=bugtraq&m=95371672300045&w=2 http://www.iss.net/security_center/static/4205.php

Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter. Date published : 2003-04-02 http://www.securityfocus.com/bid/1431 http://archives.neohapsis.com/archives/bugtraq/2000-07/0076.html

Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion. Date...

Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug...

process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group’s restrictions, which might not be...

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the ‘engine = off’ option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve...

initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files. Date published : 2003-04-02 http://www.securityfocus.com/bid/3367 http://rhn.redhat.com/errata/RHSA-2001-110.html

The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is...

OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login...