openssl security update

CentOS Errata and Security Advisory CESA-2013:0587 Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CV...

Moderate: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity rating...

php: PG(magic_quote_gpc) was not restored on shutdown

PHP before 5.3.10 does not properly perform a temporary change to the magicquotesgpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/phpvariables.c, sapi/cgi/cgimain.c, and...

Scientific Linux Security Update : abrt and libreport on SL6.x i386/x86_64 (20130131)

It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories such as /tmp/. A local attacker could use this flaw to escalate their...

Re: rssh security announcement

All, Today I released rssh-2.3.4, which fixes an old issue, and a new issue: On Tue, May 08, 2012 at 01:14:26PM -0500, Derek Martin wrote: rssh is a shell for restricting SSH access to a machine to only scp, sftp, or a small set of similar applications. http://www.pizzashack.org/rssh/ Henrik...

CVE-2012-4463

Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...

DEBIAN-CVE-2012-4463

Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...

Design/Logic Flaw

Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...

CVE-2012-4463

Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...

UBUNTU-CVE-2012-4463

Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...

CVE-2012-4463

Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...

CVE-2012-4463

Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...

Ubuntu Update for dbus USN-1576-2

Ubuntu Update for Linux kernel vulnerabilities USN-1576-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN15762.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for dbus USN-1576-2 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

dbus privilege escalation

Privilege escalation via environment variables...

[USN-1576-1] DBus vulnerability

========================================================================== Ubuntu Security Notice USN-1576-1 September 20, 2012 dbus vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Ubuntu Update for isc-dhcp USN-1571-1

Ubuntu Update for Linux kernel vulnerabilities USN-1571-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15711.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for isc-dhcp USN-1571-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net Thi...

Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : dbus vulnerability (USN-1576-1)

Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges. Note that Tenable Network Security has extracted the preceding description block...

USN-1576-1: DBus vulnerability

Sebastian Krahmer discovered that DBus incorrectly handled environment variables when running with elevated privileges. A local attacker could possibly exploit this flaw with a setuid binary and gain root privileges...

CVE-2012-4425

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...

Code injection

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...