Here is a root exploit and adenial-of-service attack in the Linux kernel; buffer overflows inSnes9x and Oracle 9i Web Cache; and problems in PAM's
login
, Squid,Apache, Mac OS X, W3Mail, sdiff
, and looking-glasses
.Take a look Here i wan't to describe that this tutorial is not mine, my friend "Code Mobile <codemobile@yahoo.com>" is the original author of that tutorial.
So, i wan't to give all the credits to "Code Mobile"
Linux Kernel Root Exploit
Some Linux kernels have vulnerabilities that can be exploited to gainroot access and be used in a denial-of-service attack. It is reportedthat Linux kernels 2.2.19 and earlier in the 2.2.x series, and 2.4.9and earlier in the 2.4.x series, are vulnerable.The vulnerability that can be used to gain root permissions isexploited by
ptrace
and a set user id program. When it is exploited, arbitrary code will be executed with root permissions. A script to automate the exploit using the newgrp
command has been released.The denial-of-service attack is caused by making the kernelde-reference multiple symbolic links. The Linux Kernel version 2.4.10has a partial fix for this vulnerability. A script has also beenreleased that can be used to automate the denial-of-service attack.
It is recommended that affected users upgrade their Linux kernel toversion 2.4.12 or a patched version of the 2.2.x kernel as soon aspossible. At the time of this writing, it had been reported thatupdated packages had been released by Caldera, Red Hat, EnGarde SecureLinux, Trustix Secure Linux, and Immunix OS.
PAM Login
There is a problem in the way that PAM'slogin
implementation handlesusers' credentials that, under some circumstances, can be exploited to gainaccess to other users' accounts. The login
program stores the user'scredentials in a static buffer that, when used with other non-defaultPAM modules (such as pam_limits
), may result in the credentialsoverwriting another user's and allowing them access to the account.Affected users should watch their vendor for an updated
util-linux
package. Red Hat and Trustix Secure Linux have released updatedutil-linux
packages that repair this problem.Squid
There is a bug in the way that Squid handlesmkdir
PUT requests in aFTP session that can be used by an attacker in a denial-of-serviceattack.It has been reported that this bug was fixed on September 18, 2001 and that users should upgrade to a version released after this date. Updatedpackages have been released for Red Hat Linux 6.2, 7.0, and 7.1.
Apache
Two remotely-exploitable problems have been reported in the Apache Webserver: a specially crafted host header can be used by an attacker tooverwrite arbitrary files on the server that have a name that ends in.log, and when multiviews are being used for a directory index, adirectory listing may be returned instead of the proper content.Users should upgrade to Apache 1.3.22 or newer as soon as possible.Updated packages have been announced for Conectiva Linux and EnGardeSecure Linux.
Mac OS X
It has been reported that local users on Mac OS X can executeapplications and shells as the root user. The menu bar on OS X runsas root and executes applications that it starts as the root user.For example, it will start a text editor with root permissions orexecute applications from the "Recent Items" list as root.It has been reported that Apple has a "Security Update 10-19-01" thatwill fix this problem.
W3Mail
The W3Mail Web mail package's CGI scripts fail to check formeta-characters and can be exploited to execute arbitrarycommands as the user running the Web server.Users should watch for an updated version of W3Mail and shouldconsider removing or disabling the package until it has beenrepaired.
sdiff
There is a temporary file race condition vulnerability in thesdiff
utility that may be exploitable by an attacker to overwrite arbitraryfiles.It is recommended that users watch their vendor for an updated
sdiff
package. Red Hat has released an updated diffutils
package for RedHat Linux 5.2, 6.2, 7.0, and 7.1.looking-glasses
looking-glasses
is a set of scripts that are used to allow viewing of specific information about a Cisco router on a Web page. There aremultiple versions, but most are reported to have been written in Perl.Some versions of looking-glasses
that are based on the original looking-glasses
have vulnerabilities that can be exploited by a remoteattacker to execute Cisco IOS commands or to view unauthorizedinformation on the router that looking-glasses
is reporting on.The vulnerable
looking-glasses
version that can be obtained fromnitrous.digex.net
is unsupported and no patches have been released forit.Snes9x
Affected users should upgrade Snex9x as soon as possible and shouldconsider removing the set user id bit.
Oracle 9i Web Cache
The Oracle 9i Web Cache has a buffer overflow that can be used by anattacker to deny access to the server. The buffer overflow isexploited by sending a very long URL to the Web Cache and is reportedto affect version 2.0.0.1.0 of the Web Cache on all platforms.It is reported that Oracle has released patches for this problem.Affected users should contact Oracle for the patch for their system.
Thanks...
0 comments:
Post a Comment