Free PC-UNIX security hole memo - 2000

Last modified: Thu Mar 29 22:54:40 2001 +0900 (JST)

 Free PC-UNIX に発見された弱点のまとめです。 全てが網羅されているわけではもちろんありません。

 () 内の日付がオリジナルの日付です。

2000.12

弱点 official fix *BSD Linux
Free Net Open RedHat Kondara Vine Turbo Debian Slack
University of Washington Pico File Overwrite Vulnerability
(2000.12.11)		 ? ? ? ? ? ? ? ? ? ?
Multiple Oops Proxy Server Buffer Overflow Vulnerability
(2000.12.11)		 1.5.2 ? ? ? ? ? ? ? ?
Roaring Penguin PPPoE Denial of Service Vulnerability
(2000.12.11)		 2.5 ? ? ? ? ? ? ? ?
Nano Local File Overwrite Vulnerability
(2000.12.17)		 ? ? ? ? ? ? ? ? ?
stunnel Local Arbitrary Command Execution vul. (format bug)
(2000.12.18) 		3.9 ? ×? ? ? ? ?
Ethereal AFS Buffer Overflow Vulnerability
(2000.11.18)		 0.8.14 ? ? ? ? ? ?
*BSD procfs vuln. (BUGTRAQ bugid 2130, 2131, 2132)
(2000.12.19)		 ? ? ? ? ? ? ? ?
KTH Kerberos IV libkrb buffer overflow and more (BUGTRAQ bugid 2090, 2091, 2092, 2093)
(2000.12.08) 		KTH 1.0.4 △ ([1], [2]) ? ? ? ? ? ?
GnuPG Detached Signature Verification False-Positive Vuln.
(2000.12.20)		 1.0.4 patch1 ? ? ? ? ?
Midnight Commander cons.saver Arbitrary File Write Vuln.
(2000.11.13)		 ? ? ? ? ? ? ? ?
Vixie Cron /var/spool/cron Temporary Crontab File Vuln
(2000.11.17)		 ? ○? ? ? ? ? ? ? ?
Linux modprobe Arbitrary Command Execution Vuln, Buffer Overflow Vuln.
(2000.11.23)		 2.3.11-13 ? ? ? ? ?
syslog-ng Incomplete Priority String Remote DoS Vuln.
(2000.11.23)		 1.4.9 ? ? ? ? ? ? ? ?
BitchX DNS Buffer Overflow Vuln.
(2000.12.06)		 1.0c17_1 ? ? ? ? ? ? ?
RedHat Linux diskcheck Race Condition Vuln.
(2000.12.05)		 ? ? ? ? ? ? ? ? ?
Pine 4.30 temporary file hijacking vulnerability
(2000.12.11)		 ? ? ? ? ? ? ? ? ? ?
Debian elvis-tiny /tmp-file vulnerability
(2000.11.22)		 ? ? ? ? ? ? ? ? ?
fsh symlink attack
(2000.11.30)		 ? ? ? ? ? ? ? ? ?
joe Text Editor Symbolic Link Vuln.
(2000.11.16)		 ? ? ? ? ? ? ?
Ghostscript Symlink Vuln., Shared Library Usage Vuln.
(2000.11.22)		 5.10.16/5.50.8 ? ? ? ? ? ?
Gnu Ed Symlink Vuln.
(2000.11.29)		 2.15.1/2.18.1 ? ? ? ? ?
Midnight Commander Directory Viewing Command Execution Vuln
(2000.11.28)		 ? ? ? ? ? ? ? ? ?
Bourne Again Shell (bash) 1.x /tmp file Vuln.
(2000.11.23)		 ? ? ? ? ? ?
Secure Locate (slocate) Heap Corruption Vuln.
(2000.11.26)		 2.3 ? ? ? ?
tcsh Here-document /tmp Symbolic Link Vuln.
(2000.10.29)		 ? ? ? ? ?
Multiple Vendor Mail Reply-To Field Vulnerability
(2000.11.01)		 ? ? ? ? ? ? ? ? ? ?

2000.11

弱点 official fix *BSD Linux
Free Net Open RedHat Kondara Vine Turbo Debian Slack
ppp "deny_incoming" does not correctly deny incoming packets
(2000.11.15)		 4.2 ? ? ? ? ? ? ? ?
telnetd allows remote system resource consumption.
(2000.11.15)		 4.2 ? ? ? ? ? ? ? ?
ncurses allows local privilege escalation
(2000.11.14)		 4.2 ? ? ? ? ?
Mail Reply-To Field Vuln.
(2000.11.01)		 ? ? ? ? ×? ×? ×? ×? ×? ?
dump/restore RSH env. bug
(2000.10.31)		 0.4b19? ? ? ? ? ? ? ?
xfce allows local X session compromise
(2000.11.07)		 3.52? ? ? ? ? ? ? ? ?
Netscape Communicator type=password Browser Buffer Overflow Vuln.
(2000.09.28)		 Netscape 6? × ×? ×? ×? ×? ×?
Hostile servers can force OpenSSH clients to do agent or X11 forwarding
(2000.11.13)		 2.3.0 ? ? ? ? ?
usermode /usr/bin/shutdown and userhelper bug
(2000.11.08)		 ? ? ? ? ? ? ? ? ?
tcsh: unsafe tempfile in << redirects
(2000.10.29)		 ? ? ? ? ? ? ? ? ?
bind 8.x ZXFR DoS
(2000.11.08)		 8.2.2-P7 4.1 以降は○ ? ?
pine 4.21 buffer overflow 4.30? ? ? ? ? ? ?
getnameinfo() DoS Vuln. 4.2 ? ? ? ? ? ? ? ?
tcpdump AFS ACL Packet Buffer Overflow Vuln. ? ? ? ? ? ? ?
dump Insecure Environment Variables Vuln.
(2000.10.31)		 ? ? ? ? ? ? ? ? ?
nss_ldap race condition
(2000.10.27)		 ? ? ? ? ? ? ? ? ?
Cyrus-SASL Authorization Vuln.
(2000.10.26)		 ? ? ? ? ? ? ? ? ?
TIS Firewall Toolkit Format String Vuln.
(2000.10.26)		 ? ×? ? ? ? ? ? ? ? ?

2000.10

 Plamo ではなく Slackware を追いかけることにしました。 Plamo 2.0 は Slackware 7.0 base、Plamo 2.1 は Slackware 7.1 base だと思います。

Apache mod_rewrite file dislosure bug
(2000.09.29)
弱点 official fix *BSD Linux
Free Net Open RedHat Kondara Vine Turbo Debian Slack
FreeBSD crontab /tmp File Vulnerability
(2000.10.20)		 ? ? ? ? ? ? ? ? ? ?
ntop -i Local Format String Vulnerability
(2000.10.18)		 ? ? ? ? ? ? ? ? ? ?
MySQL Authentication Algorithm Vulnerability
(2000.10.23)		 ? ? ? ? ? ? ? ? ? ?
NetBSD NIS hostname lookup buffer overflow
(2000.10.26)		 NetBSD 1.4.3/1.5 ? ? ? ? ? ? ? ?
global-3.55 cgi bug
(2000.10.24)		 4.01 ? ? ? ? ? ? ?
xlib DISPLAY Buffer Overflow Vuln.
(2000.10.12)		 XFree86 4.0x ×? ×? ×? ×? ×? ×? ×? ×?
gnupg signature verification bug
(2000.10.12)		 1.04 ? ? ? ? ?
KDE kvt Format String Vuln. ? ? ? ? ? ? ? ? ? ?
OpenBSD "empty" AH/ESP Packet Remote Denial of Service Vuln.
(2000.09.17)		 ? ? ? ? ? ? ? ? ?
OpenBSD Pending ARP Request Remote DoS Vuln.
(2000.10.06)		 ? ? ? ? ? ? ? ? ? ?
Cfengine Format String Vulnerability
(2000.10.01)		 ? ? ? ? ? ? ? ? ?
scp File Create/Overwrite Vulnerability
(2000.09.30)		 remote 側に ssh 2.0 以上, OpenSSH 2.1 以上を設置 ? ? ? ? ? ? ? ? ?
ping (iputils) holes
(2000.10.19)		 ? ? ? ? ? ?
PHP3/PHP4 format bug
(2000.10.12)		 3.0.17/4.0.3 ? ? http://www.kondara.org/errata/k12-security.html.ja#mod_php3 ? ? △ (3, 4) ?
muh format bug
(2000.10.13)		 ? ? ? ? ? ? ? ? ?
ypbind format bug
(2000.10.14)		 ? ? ? ? ? ?
cURL buffer overflow
(2000.10.13)		 7.4 ? ? ? ? ? ? ?
pdnsd DoS bug
(2000.10.14)		 apache_1.3.14-fix.diff ×? ×? ×?
GnoRPM Arbitrary File Overwrite Vulnerability
(2000.10.02)		 0.95.1 ? ? ? ? ? ? ?
tmpwatch local root exploit
(2000.10.07)		 ? ? ? ? ? ?
listmanager buffer overflow
(2000.09.13)		 2.105.1 ? ? ? ? ? ? ? ?
eject buffer overflow
(2000.09.13)		 ? ? ? ? ? ? ? ? ?
pine4 DoS
(2000.09.13)		 ? ? ? ? ? ? ? ? ?
usermode format bug
(2000.10.10)		 RedHat fix ? ? ? ? ? ? ?
boa exposes contents of local files
 ? ? ? ? ? ? ? ?
esound unix domain socket race condition
(2000.08.31) 		? ? ? ? ?
format string bug in talkd
(2000.10.07)		 OpenBSD fix ○? ? ? ? ? ? ?
libcurses honored terminal descriptions in the $HOME/.terminfo directory
(2000.10.07)		 OpenBSD fix ×? ? ? ? ? ? ? ?
format string bugs in fstat, passwd, top, su, ssh, eeprom
(2000.10.07)		 OpenBSD fix ? ? ? ? ? ? ?
telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH and TERMCAP environment variables
(2000.10.11)		 OpenBSD patch ×? ×? ? ? ? ? ? ?
HERT advisory: FreeBSD IP Spoofing (TCP-ISS bug)
(2000.10.06)		 -current および -stable で対応 (tcp_seq.h, tcp_subr.c) ? ? ? ? ? ? ? ?
GNU Groff utilities read untrusted commands from current working directory
(2000.10.05)		 ? ×? ×? ×? ×? ×? ×? ×? ×? ×?
chpass format bug
(2000.10.04)		 ? ? ? ? ? ? ?
FreeBSD 4.1.1 fingerd
(2000.10.03)		 1.15.2.4
traceroute -g 1 -g 1 core dump (savestr() bug)
(2000.09.29)		 1.4a7 ?
wu-ftpd 2.6.0 site-exec BUG
(2000.09.28)		 2.6.1 ? ? ? ? ? ? ? ?

2000.09

弱点 official fix *BSD Linux
Free Net Open RedHat Kondara Vine Turbo Debian Plamo
pam-smb/pam_ntdom Buffer Overflow
(2000.09.11)		 ? ? ? ? ? ? ? , ?
Horde IMP file dislosure, Remote Command Execution via Sendmail IMP 2.2.2 ? ? ? ? ? ? ? ?
PHP Upload Arbitrary File Disclosure Vulnerability
(2000.09.03)		 4.0.3, 3.0.17 ? ? ? ? ? ? ? ?
Screen User Supplied Format String Vulnerability
(2000.09.05)		 3.9.8 ? ? ? ? ? ?
Xpdf Embedded URL Vulnerability
(2000.08.29)		 ? ? ? ? ? ?
mgetty Symbolic Link Traversal Vulnerability
(2000.08.25)		 1.1.22.8.17 ×? ×? ×? ×? ×? ?
glint symlink vuln. ? ? ? ? ? ? ? ? ?
[Errata] IPSec Security patch available ? ○? ○? ○? ○? ○? ○? ○? ○?
Format strings: bugs #4: ucb-snmp 4.1.2 ? ? ? ? ? ? ? ? ? ?
Format strings: bugs #3: ISC-dhcpd 2.0 ? ? ? ? ? ? ? ? ? ?
Format strings: bug #2: LPRng (bid 1712)
(2000.09.25) 		3.6.25 not yet 3.6.12 in 2.8 package... ○? ○? lprng (3.6.12-7) 以降で fix? ○?
Format strings: bug #1: BSD-lpr (bid 1711)
(2000.09.25)		 N/A ? ? ?
klogd format bug (bid 1694)
(2000.09.18)		 ? ○? ○? ○? ?
libc (glibc ld.so (unsetenv), locale, gettext) ? △ (setlocale.c, catopen.c) × △ (2.2, 2.1) ?

2000.08

弱点 official fix *BSD Linux
Free Net Open RedHat Kondara Vine Turbo Debian Plamo
samba-2.0.7-ja CGI bug
(2000.08.31)		 1.2a ○? ○? ×
Wnn6 buffer overflow update1: Wnn6 は free 版 OS には含まれない ? ? ?
brouted
(2000.08.22)		 ? ? ? ? ? ? ? ? ?
FreeBSD-SA-00:42 Linux binary compatability mode can cause system compromise 2000-07-23 (5.0-CURRENT), 2000-07-29 (4.1-STABLE), 2000-08-24 (3.5-STABLE)
FreeBSD-SA-00:41 Malformed ELF images can cause a system hang
(2000.08.29)		 2000-07-25 (5.0-CURRENT), 2000-07-23 (4.0-STABLE)
xchat Command Execution Via URLs
(2000.08.17) 		1.4.3 ? ? ? ? ?
Minicom Capture-file Group Ownership ? ? ? ? ? ? ? ? ? ?
UMN Gopherd 2.x Remote Root Buffer Overflow, Halidate Function Buffer Overflow
(2000.08.10, 08.20) 		not yet ? ? ? ? ? ? ? ? ?
GNU userv
(2000.07.27)		 1.0.1
mopd (bugtraq bid 1558, 1559)
(2000.08.08)		 ? (SA-00:40) ? ? ? ? ?
gpm
(2000.07.26)		 ? ? ? ? ? ?
sperl + mailx
(2000.08.06)		 ? ○? ○? ○? ?
usermode
(2000.08.11)		 ? ×?
umb-scheme
(2000.08.07)		 ? ×? ×?
mailman
(2000.08.03)		 1.1/2.0beta5 ? ? ? ? ? ?
Zope Unauthorized Role Modification Vulnerability
(2000.08.11)		 2.2.0 ? ? ? ? ? ?
ntop -w: Unauthorized File Retrieval, Buffer Overflow
(2000.08.02, 08.14)		 ? ? ? ? ? ? ?
Linux PAM
(2000.07.21)		 0.72patched ○? ○? ○? ? ?
cvsweb ? ? ? ? ? ? ?
Netscape Java Vuln. (Brown Orifice)
(2000.08.06)		 4.75 で fix (SA-00:39) × × × ×
JPEG COM Marker Processing Vulnerability in Netscape Browsers
(2000.07.25)		 4.74 で fix ? ×? ×? ×?
xlock vulnerability
(2000.08.16)		 xlockmore 4.17.1 (SA-00:44) ×? ×? ×? ×?

2000.07

弱点 official fix *BSD Linux
Free Net Open RedHat Kondara Vine Turbo Debian Plamo
Lots and lots of fun with rpc.statd (nfs-utils / knfsd / knfsd-clients)
(2000.07.17)		 ? ×?
Multiple local imwheel vulnerabilities
(2000.04.20)		 N/A ? ? ? 削除 ? ? ? ?
CVSWeb insecure perl "open" Vulnerability cvsweb 1.86 ×? ○? ○? ○? ○? ○? ×? ? ○?
XFree86 4.0.1 /tmp Vulnerabilities
(2000.07.02)		 ? ×? ×? ×? ×? ×? ×? ×? ×?
proftpd Remote User Supplied Data Passed as Format String Vulnerability
(2000.07.05)		 ProFTPD 1.2.0rc1 ×? × × × ×
XFree86: Various nasty libX11 holes
(2000.06.19)		 XFree86 4.0.1? ×? ×? ×? ×? ×? ×? ×? ×?
ISSalert: Insecure temporary file handling in Linux makewhatis
(2000.07.12)		 ? ○?
CERT Advisory CA-2000-13: Two Input Validation Problems In FTPD
(2000.07.07) 		N/A (wu-ftpd については wu-ftpd 2.6.0 remote root exploit を参照) ? ? ? 標準 ftpd は wu-ftpd ? ?
bitchx contains client-side vulnerability
(2000.07.05 at VULN-DEV)		 patch 1.0c16 用, 75p3 用 ? ? ? ? ? ? ?
Secure Locate (slocate) LOCATE_PATH Validation Vulnerability
(2000.06.21)		 2.2 で fix? ? △ (1.1, 1.2) ×? ×? ?
gkermit setgid uucp Vulnerability
(2000.06.21)		 ? ? ? ? ? ? ? ? ? ?
CUPS (Common UNIX Printing System) Denial of Service Vulnerability
(2000.06.21)		 not yet? ○? ×? ○? ○? ○? ○? ? ×? ○?
X11 xdm/kdm/wdm Buffer Overflow Vulnerability
(2000.06.19)		 XFree86 4.0.1? ? ? ? ? ? ? ? ? ?
X11 libICE Denial of Service Vulnerability
(2000.06.19)		 XFree86 4.0.1 で fix ×? ×? ×? ×? ×? ×? ×? ×?
GSSFTP Daemon Input Validation Vulnerability
(2000.06.14)		 not yet ? ? ? ? ? ? ? ? ?
xinetd Connection Filtering Via Hostname Vulnerability
(2000.06.04)		 2.1.8.8p3 / 2.1.8.9pre6 で fix ○? ○? ○? ○? ○? ? ?
restore Buffer Overflow
(2000.06.02)		 dump-0.4b18 で fix ? ? ? ? ? ? ?
Linux rpc.lockd Remote Denial Of Service Vulnerability
(2000.06.08)		 not yet ? ? ? ? ? ? ? ? ?

2000.06

弱点 official fix *BSD Linux
Free Net Open RedHat Kondara Vine Turbo Debian Plamo
libedit would check for a .editrc file in the current directory
(2000.06.28)		 ? ? ? ? ? ? ?
Canna-cannaserver remote buffer overflow
(2000.06.29)		 not yet × × ×
ISC DHCP client 2.0/3.0b1pl13 root exploit
(2000.06.24)		 2.0pl3, 3.0b1pl17 で fix ? N/A? N/A? ?
NetBSD bad key generation
(2000.06.22)		 -current 20000622 で fix
FreeBSD remote DoS in IP stack
(2000.06.19)		 2000-06-08 以降の 3.4-STABLE / 4.0-STABLE, 2000-06-02 以降の 5.0-CURRENT で fix ?
kon2 0.3.9 buffer overflow
(2000.06.19)		 not yet ? ? ? ? ? ? ?
Zope 2.1.6 DTMLTemplates and DTMLMethods Remote Modification 2.1.7 で fix ? ? ? ? ? ? ? ?
wu-ftpd 2.6.0 remote root exploit patch: 2.6.1 で fix ○?
Linux kernel 2.2.15 local root exploit 2.2.16 で fix ? ? ?
apsfilter 5.4.1 local root 5.4.2 で fix ? ? ? ? ? ? ×? ?
splitvt 1.6.3 Buffer Overflow Vulnerability none? × × × ? ? ? ? ?
OpenSSH UseLogin Vulnerability 2.1.1 で fix ? ? ? ? ? ?
ISC innd 2.x Buffer Overflow Vulnerability 2.2.3 で fix ? ? ? ? ? ? ? ?

2000.05

弱点 official fix *BSD Linux
Free Net Open RedHat Kondara Vine Turbo Debian Plamo
Security Vulnerability in IPFilter 3.3.15 and 3.4.3
(2000.05.26)		 3.3.15 / 3.4.3 で fix ? ?
Security Vulnerability in Qpopper 2.53
(2000.05.24)		 3.0.2 で fix ? ? ? ? ? ? ? ?
Nasty XFree Xserver DoS
(2000.05.19)		 XFree86 4.0.1? ×? ×? ×? ×? ×? ×? ×? ×?
more majordomo brokeness patch なし: FAQ を参照 × ? ? ? ? ? ? × ?

2000.04

弱点 official fix *BSD Linux
Free Net Open RedHat Kondara Vine Turbo Debian Plamo
xlockmore 4.16.1 buffer overflow fix
(2000.04.28)		 4.16.1 で fix ? ? ? ? ? ?
XFree86 server overflow
(2000.04.17) 		4.0.1 で fix ×? ×? ×? ×? ×? ×? ×?
GNU Emacs 20.6 20.7 で fix ? ? ? ? ? ?

2000.03

弱点 official fix *BSD Linux
Free Net Open RedHat Kondara Vine Turbo Debian Plamo
security problem of jserver
(2000.03.08)		 FreeWnn 1.1.1-a017 で fix ? ? ? ? ? ?

2000.02

弱点 official fix *BSD Linux
Free Net Open RedHat Kondara Vine Turbo Debian Plamo
Linux dump buffer overflow dump-0.4b15 で fix ? ? ? ?

 その他の OS の情報入手先:

私について