511 matches found
CVE-2008-4984
scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/dpkg..tmp, b /tmp/missingdeps., and c /tmp/sb2-pkg-chk.$tstamp. temporary files, related to the 1 dpkg-checkbuilddeps and 2 sb2-check-pkg-mappings scripts...
Code injection
scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/dpkg..tmp, b /tmp/missingdeps., and c /tmp/sb2-pkg-chk.$tstamp. temporary files, related to the 1 dpkg-checkbuilddeps and 2 sb2-check-pkg-mappings scripts...
CVE-2008-4984
scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/dpkg..tmp, b /tmp/missingdeps., and c /tmp/sb2-pkg-chk.$tstamp. temporary files, related to the 1 dpkg-checkbuilddeps and 2 sb2-check-pkg-mappings scripts...
CVE-2008-4984
The CVE-2008-4984 issue affects scratchbox2 version 1.99.0.24, where local users can overwrite arbitrary files via a symlink attack on temporary files (e.g., /tmp/dpkg.#####.tmp, /tmp/missing_deps.#####, /tmp/sb2-pkg-chk.$tstamp.#####) related to the dpkg-checkbuilddeps and sb2-check-pkg-mappings...
CVE-2008-4950
gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments...
CVE-2008-4950
gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments...
DEBIAN-CVE-2008-4950
gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments...
CVE-2008-4950
gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments...
Cross site scripting
gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments...
CVE-2008-4950
gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments...
CVE-2008-4950
CVE-2008-4950 affects dpkg-cross 2.3.0 and its gccross component, enabling local users to overwrite arbitrary files via a symlink attack on the temporary file tmp/gccross2.log. The vulnerability is consistently described across sources (NVD, Debian/GNU, Ubuntu trackers, OSV, and Nessus mention un...
CVE-2008-4950
gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments...
PT-2008-6124 · Debian · Dpkg-Cross +1
Name of the Vulnerable Software and Affected Versions: dpkg-cross version 2.3.0 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. The vendor disputes this issue, stating that it only occurs under specific...
[SECURITY] [DSA 1643-1] New feta packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1643-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 05, 2008 http://www.debian.org/security/faq -...
DSA-1643-1 feta - denial of service
Bulletin has no description...
Ubuntu 7.04 / 7.10 / 8.04 LTS : kdelibs vulnerability (USN-608-1)
It was discovered that startkdeinit in KDE 3 did not properly sanitize its input. A local attacker could exploit this to send signals to other processes and cause a denial of service or possibly execute arbitrary code. CVE-2008-1671. Note that Tenable Network Security has extracted the preceding...
[SECURITY] [DSA 1557-1] New phpmyadmin packages fix several vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1557-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst April 24, 2008 http://www.debian.org/security/faq -...
Debian DSA-1552-1 : mplayer - missing input sanitising
It was discovered that the MPlayer movie player performs insufficient input sanitising on SDP session data, leading to potential execution of arbitrary code through a malformed multimedia stream. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Debian DSA-1545-1 : rsync - integer overflow
Sebastian Krahmer discovered that an integer overflow in rsync's code for handling extended attributes may lead to arbitrary code execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
Debian DSA-1527-1 : debian-goodies - insufficient input sanitising
Thomas de Grenier de Latour discovered that the checkrestart tool in the debian-goodies suite of utilities, allowed local users to gain privileges via shell metacharacters in the name of the executable file for a running process. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...