Sudo Contains Root Exploit
Pages: 1, 2
exuberant-ctags package insecurely creates symbolic-link files. An attacker may exploit this vulnerability to overwrite files with the permissions of the user running
Users should upgrade to version 3.5 of
exuberant-ctags as soon as possible.
DCForum, a web-based message board system produced by DCScripts, has several bugs that a remote user can exploit to upload files and execute Perl code with the permissions of the user running the web server.
DCScripts has released a patch for this problem and recommends that users apply it as soon as possible.
Alerts this week
The Nirvana Editor, nedit, is a text editor similar to editors used with Microsoft Windows. While printing, nedit creates a temporary file insecurely causing a race condition that can be used by an attacker to overwrite system files with the permissions of the user running nedit. No workaround is known, as nedit ignores the
$TMPDIR environmental variable.
Users of nedit should upgrade to version 5.1.1.
Cyberscheduler is a calendaring and scheduling package produced by Crosswind that is available for Linux, Solaris, and Windows. Cyberscheduler has a buffer overflow in the time zone variable that can be exploited to execute arbitrary code as the user running the web server.
Users of Cyberscheduler should upgrade to the most recent version as soon as possible.
sendfiled, a server daemon that implements the Simple Asynchronous File Transfer (SAFT) protocol, does not drop its privileges correctly. This can be easily exploited by a local user to execute code with the permissions of the root user.
Users should upgrade to version 2.1-20 as soon as possible.
mgetty program distributed with Red Hat Linux 5.2, 6.2, 7.0, and 7.1 does not log error messages correctly.
Users should obtain the appropriate update from Red Hat.
Bubblemon is a Gnome panel applet that displays the system load as bubbles rising through a liquid. Bubblemon does not properly drop its permissions and this allows a user to click the Bubblemon applet and execute a script or application that will run with its
Users should upgrade to a version newer than 1.32.
Read more Security Alerts columns.
Return to the Linux DevCenter.