9267 matches found
Debian DSA-726-1 : oops - format string vulnerability
A format string vulnerability has been discovered in the MySQL/PgSQL authentication module of Oops, a caching HTTP proxy server written for performance. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
Debian DSA-731-1 : krb4 - buffer overflows
Several problems have been discovered in telnet clients that could be exploited by malicious daemons the client connects to. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-0468 Gael Delalleau discovered a buffer overflow in the envoptadd function...
Moderate: Red Hat Security Advisory: openssl security update
Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a...
[SECURITY] [DSA 730-1] New bzip2 packages fix file unauthorised permissions modification
-------------------------------------------------------------------------- Debian Security Advisory DSA 730-1 [email protected] http://www.debian.org/security/ Martin Schulze May 27th, 2005 http://www.debian.org/security/faq -...
CVE-2004-2131
Stack-based buffer overflow in ontape for IBM Informix Dynamic Server IDS 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable...
Debian DSA-725-2 : ppxp - missing privilege release
Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user-supplied log files. This can be tricked into opening a root shell. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
Debian DSA-721-1 : squid - design flaw
Michael Bhola discovered a bug in Squid, the popular WWW proxy cache. Squid does not trigger a fatal error when it identifies missing or invalid ACLs in the httpaccess configuration, which could lead to less restrictive ACLs than intended by the administrator. %NASLMINLEVEL 70300 C Tenable Networ...
Debian DSA-722-1 : smail - buffer overflow
A buffer overflow has been discovered in Smail, an electronic mail transport system, which allows remote attackers and local users to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
Debian DSA-720-1 : smartlist - wrong input processing
Jeroen van Wolffelaar noticed that the confirm add-on of SmartList, the listmanager used on lists.debian.org, which is used on that host as well, could be tricked to subscribe arbitrary addresses to the lists. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
Debian DSA-718-2 : ethereal - buffer overflow
This version lists the correct packages in the packages section. A buffer overflow has been detected in the IAPP dissector of Ethereal, a commonly used network traffic analyser. A remote attacker may be able to overflow a buffer using a specially crafted packet. More problems have been discovered...
Debian DSA-719-1 : prozilla - format string problems
Several format string problems have been discovered in prozilla, a multi-threaded download accelerator, that can be exploited by a malicious server to execute arbitrary code with the rights of the user running prozilla. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-717-1 : lsh-utils - buffer overflow, typo
Several security relevant problems have been discovered in lsh, the alternative secure shell v2 SSH2 protocol server. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2003-0826 Bennett Todd discovered a heap buffer overflow in lshd which could lead...
Debian DSA-715-1 : cvs - several vulnerabilities
Several problems have been discovered in the CVS server, which serves the popular Concurrent Versions System. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2004-1342 Maks Polunin and Alberto Garcia discovered independently that using the pserver access...
Debian DSA-713-1 : junkbuster - several vulnerabilities
Several bugs have been found in junkbuster, a HTTP proxy and filter. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2005-1108 James Ranson discovered that an attacker can modify the referrer setting with a carefully crafted URL by accidentally...
[SECURITY] [DSA 712-1] New geneweb packages fix insecure file operations
-------------------------------------------------------------------------- Debian Security Advisory DSA 712-1 [email protected] http://www.debian.org/security/ Martin Schulze April 19th, 2005 http://www.debian.org/security/faq -...
Debian DSA-711-1 : info2www - missing input sanitising
Nicolas Gregoire discovered a cross-site scripting vulnerability in info2www, a converter for info files to HTML. A malicious person could place a harmless looking link on the web that could cause arbitrary commands to be executed in the browser of the victim user. %NASLMINLEVEL 70300 C Tenable...
Debian DSA-712-1 : geneweb - insecure file operations
Tim Dijkstra discovered a problem during the upgrade of geneweb, a genealogy software with web interface. The maintainer scripts automatically converted files without checking their permissions and content, which could lead to the modification of arbitrary files. %NASLMINLEVEL 70300 C Tenable...
Debian DSA-710-1 : gtkhtml - NULL pointer dereference
Alan Cox discovered a problem in gtkhtml, an HTML rendering widget used by the Evolution mail reader. Certain malformed messages could cause a crash due to a NULL pointer dereference. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Debian DSA-709-1 : libexif - buffer overflow
Sylvain Defresne discovered a buffer overflow in libexif, a library that parses EXIF files such as JPEG files with extra tags. This bug could be exploited to crash the application and maybe to execute arbitrary code as well. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...
Debian DSA-708-1 : php3 - missing input sanitising
An iDEFENSE researcher discovered two problems in the image processing functions of PHP, a server-side, HTML-embedded scripting language, of which one is present in PHP3 as well. When reading a JPEG image, PHP can be tricked into an endless loop due to insufficient input validation. %NASLMINLEVEL...