Free PC-UNIX security hole memo

Last modified: Thu Apr 5 20:10:48 2001 +0900 (JST)

 Free PC-UNIX に発見された弱点のまとめです。 全てが網羅されているわけではもちろんありません。

 () 内の日付がオリジナルの日付です。

 このページ、維持しきれないのでやめます。 すんません。


弱点 official
*BSD Linux
Free Net Open RH Kndr Vine Turb Deb
Interbase Server Contains Compiled-in Back Door Account (2001.01.10)                
rwhod allows remote denial of service (2001.03.12)                
timed allows remote denial of service (2001.03.12)                
cfengine port contains remote root vulnerability (2001.03.12)                
icecast port contains remote vulnerability (2001.03.12)                


弱点 official
*BSD Linux
Free Net Open RH Kndr Vine Turb Deb
Security advisory: Unsafe temporary file handling in krb4 (MIT info)
Passive Analysis of SSH (Secure Shell) Traffic
OpenSSH 2.5.x         Vine 2.1.5 で○    
The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory.
Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun in the kernel.
  sys/netinet6/ah_core.c">△ syssrc/sys/netinet6/ah_core.c">△          
The readline library creates history files with permissive modes based on the user's umask.
ProFTPD DoS (Multiple vendors FTP denial of service issue)
Multiple vendors FTP denial of service issue
vim priviledge elevation via simple text file
5.7.24, 6.0u              
mutt format bug
Zope hotfix 2001-03-08: Acquisition context checking
Zope Hotfix 2001-02-23 "Class attribute access"
[DSA 042-1] xemacs21/gnuserv buffer overflow and weak security
        △ (7.0, 6.2)      
[DSA-041-1] joe local attack via joerc
[DSA-040-1] slrn buffer overflow
[DSA-039-1] glibc local file overwrite problems
[DSA 038-1] New version of sgml-tools available

Midnight Commander Local Arbitrary Program Execution Vuln
DSA-035-1 man2html: remote denial of service
ePerl: remote root exploit<


弱点 official
*BSD Linux
Free Net Open RH Kndr Vine Turb Deb
vixie-cron (crontab) buffer overflow
sudo command line buffer overflow
inetd fails to close sockets for internal services properly
FreeBSD inetd wheel Group File Read Vulnerability
FreeBSD periodic /tmp File Race Condition Vulnerability
vnc client/server buffer overflow (bugtraq bid 2305, 2306)
Linux man -l Format String Vulnerability
analog buffer overflow
4.16, 4.90beta3            
SSH CRC-32 Compensation Attack Detector Vuln., SSH protocol 1.5 session key recovery vuln.
ssh 2.x, OpenSSH 2.3.0            
Response to ProFTPD issues
FreeBSD ipfw Filtering Evasion Vulnerability
Wu-Ftpd Debug Mode Client Hostname Format String Vulnerability
bing gethostbyaddr Buffer Overflow Vulnerability
Icecast Buffer Overflow Vulnerability


弱点 official
*BSD Linux
Free Net Open RH Kndr Vine Turb Deb
bind 4.9.x/8.2.x bug
4.9.8, 8.2.3
format string vulnerability in mars_nwe 0.99pl19
Tinyproxy 1.3.3 Heap Overflow Vuln.
Iomega JaZip 0.32 (xforms) Buffer Overflow Vuln.
Mysql < 3.23.31 Local Buffer Overflow Vulnerability
sash broken maintainer script<
splitvt 1.6.4 Format String Vuln.
mICQ 0.4.6 Remote Buffer Overflow Vulnerability
pam_localuser buffer overflow vuln.
PHP 4 .htaccess Attribute Transfer Vuln., Engine Disable Source Viewing Vuln.
pdnsd did not drop supplementary group ID when changing user and group id
zope allows escalation of privileges, DHTML editing vuln.
2.2.5     △ (zope, hotfix 1, 2)      
GnuPG Silent Import of Secret Keys Vulnerability
dialog /tmp File Race Condition Vulnerability
shadow-utils /etc/default Temp File Race Condition Vulnerability
rdist /tmp File Race Condition Vulnerability
getty_ps /tmp File Race Condition Vulnerability
sdiff (GNU diffutils) /tmp File Race Condition Vulnerability
inn /tmp File Race Condition Vulnerability
wu-ftpd 2.6.1 /tmp File Race Condition Vulnerability
gpm /tmp File Race Condition Vulnerability
mgetty /tmp File Race Condition Vulnerability
linuxconf /tmp File Race Condition Vulnerability
squid /tmp File Race Condition Vulnerability
2.4. STABLE1              
Immunix arpwatch (tcpdump) /tmp File Race Condition Vulnerability
Immunix 7.0 Apache /tmp File Race Vulnerability
glibc RESOLV_HOST_CONF File Read Access Vulnerability, LD_PRELOAD File Overwriting Vulnerbility
(2001.01.10, 16)

 その他の OS の情報入手先:

過去の記事: 2000