|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Two possible vulnerabilities?
From: Mohacsi Janos (mohacsi
niif.hu)
Date: Thu Jul 01 2004 - 08:28:41 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear all,
Browsing through the securityfocus vulnerability database I found
two items, that might interesting for the FreeBSD community:
1. GNU GNATS Syslog() Format String Vulnerability
http://www.securityfocus.com/bid/10609
GNATS is vital part of the PR handling of FreeBSD. I think security
officers should contact developers of GNU GNATS about this issue to resolve
the potential problem.
2. gzip: Insecure creation of temporary files
http://www.securityfocus.com/bid/10603
In reality this affects only znew and gzexe only gzip version prior
1.3.3-r4
I am not quite sure about the whether this vulnerability exist in the
current gzip 1.2.4, that is used in FreeBSD. According to the gzip page:
http://www.gzip.org - new official version will be posted soon....
Are there any plan to go forward gzip 1.3 ?
Best Regards,
Janos Mohacsi
Network Engineer, Research Associate
NIIF/HUNGARNET, HUNGARY
Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]