iDefense Security Advisory 03.10.08: SAP MaxDB sdbstarter Privilege Escalation Vulnerability

iDefense Security Advisory 03.10.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 10, 2008 I. BACKGROUND SAP's MaxDB is a database software product. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for...

CVE-2008-1054

Stack-based buffer overflow in the libspawnusergetpid function in 1 swatch.exe and 2 surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via an HTTP request with multiple long heade...

Debian: Security Advisory (DSA-432)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-445)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 026-1 (bind)

The remote host is missing an update to bind announced via advisory DSA 026-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1045-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 091-1 (ssh)

The remote host is missing an update to ssh announced via advisory DSA 091-1. OpenVAS Vulnerability Test $Id: deb0911.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 091-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 1045-1 (openvpn)

The remote host is missing an update to openvpn announced via advisory DSA 1045-1. Hendrik Weimer discovered that OpenVPN, the Virtual Private Network daemon, allows to push environment variables to a client allowing a malicious VPN server to take over connected clients. the old stable distributi...

Debian Security Advisory DSA 946-2 (sudo)

The remote host is missing an update to sudo announced via advisory DSA 946-2. The former correction to vulnerabilities in the sudo package worked fine but were too strict for some environments. Therefore we have reviewed the changes again and allowed some environment variables to go back into th...

Debian Security Advisory DSA 946-1 (sudo)

The remote host is missing an update to sudo announced via advisory DSA 946-1. It has been discovered that sudo, a privileged program, that provides limited super user privileges to specific users, passes several environment variables to the program that runs with elevated privileges. In the case...

Debian Security Advisory DSA 946-1 (sudo)

The remote host is missing an update to sudo announced via advisory DSA 946-1. It has been discovered that sudo, a privileged program, that provides limited super user privileges to specific users, passes several environment variables to the program that runs with elevated privileges. In the case...

Talk about environment variables in the Hacking of use-vulnerability warning-the black bar safety net

This message has been sent to the Black hand of the tenth First, we first understand under what environment variables! Environment variable generally refers to in theoperating systemis used to specify theoperating systemthe operating environment of some parameters, such as the temporary folder...

openSUSE 10 Security Update : apparmor (apparmor-1842)

This update fixes security problems in the AppArmor confinment technology. Since it adds new flags to the profile syntax, you likely should review and adapt your profiles. - If a profile allowed unconfined execution 'ux' of a child binary it was possible to inject code via LDPRELOAD or similar...

IBM DB2 < 8 Fix Pack 15 / 9.x < 9 Fix Pack 3 Multiple Vulnerabilities

Binary data 4239.prm...

[SECURITY] Fedora 7 Update: pam_ssh-1.92-2.fc7

This PAM module provides single sign-on behavior for UNIX using SSH keys. Users are authenticated by decrypting their SSH private keys with the password provided. In the first PAM login session phase, an ssh-agent process is started and keys are added. The same agent is used for the following PAM...

CVE-2007-4432

Untrusted search path vulnerability in the wrapper scripts for the 1 rug, 2 zen-updater, 3 zen-installer, and 4 zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified a LDLIBRARYPATH and b MONOGACPREFIX environment variables...

Design/Logic Flaw

Untrusted search path vulnerability in the wrapper scripts for the 1 rug, 2 zen-updater, 3 zen-installer, and 4 zen-remover programs on SUSE Linux 10.1 and Enterprise 10 allows local users to gain privileges via modified a LDLIBRARYPATH and b MONOGACPREFIX environment variables...

CVE-2007-4432

CVE-2007-4432 affects the wrapper scripts for rug, zen-updater, zen-installer, and zen-remover on SUSE Linux 10.1 and SUSE Linux Enterprise 10. The issue is an untrusted search path vulnerability caused by environment variables LD_LIBRARY_PATH and MONO_GAC_PREFIX, allowing local privilege escalat...

Stack overflow

Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long DASPROF and possibly other environment variables, which are copied into the buildDasPaths buffer...

iDefense Security Advisory 08.16.07: IBM DB2 Universal Database buildDasPaths Buffer Overflow Vulnerability

IBM DB2 Universal Database buildDasPaths Buffer Overflow Vulnerability iDefense Security Advisory 08.16.07 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 16, 2007 I. BACKGROUND IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for high end...