rPath Linux symbolic links vulnerability

rapa-console init script symbolic links vulnerability...

Fedora 8 : tomcat5-5.5.27-0jpp.2.fc8 (2008-8130)

Mon Sep 15 2008 David Walluck 0:5.5.27-0jpp.2 - add commons-io symlink - Mon Sep 15 2008 David Walluck 0:5.5.27-0jpp.1 - 5.5.27 Resolves: rhbz456120 Resolves: rhbz457934 Resolves: rhbz446393 Resolves: rhbz457597 - Tue Feb 12 2008 Devrim GUNDUZ 0:5.5.26-1jpp.2 - Rebuilt - Fri Feb 8 2008 Devrim...

Hardcoded credentials

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...

CVE-2008-2936

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...

CVE-2008-2936

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...

postfix privilege escalation flaw

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...

vsftpd security and bug fix update

2.0.1-6 - add option maxloginfails that kicks the session after few login fails - Resolves: 197141 - fix bad handling of unique files - Resolves: 250727 - increase maximum length of allowed username - Resolves: 236326 - fix create/lock race condition when more clients are uploading to a file -...

RHEL 4 : vsftpd (RHSA-2008:0680)

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2008:0680 advisory. vsftpd Very Secure File Transfer Protocol FTP daemon is a secure FTP server for Linux and Unix-like systems. The version of vsftpd as shipped in Red...

Moderate: Red Hat Security Advisory: vsftpd security and bug fix update

An updated vsftpd package that fixes a security issue and various bugs is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. vsftpd Very Secure File Transfer Protocol FTP daemon is a secure FTP server for Linux and Unix-like systems...

Firebird: Data disclosure

Background Firebird is a multi-platform, open source relational database. Description Viesturs reported that the default configuration for Gentoo's init script "/etc/conf.d/firebird" sets the "ISCPASSWORD" environment variable when starting Firebird. It will be used when no password is supplied b...

SuSE 10 Security Update : Geronimo (ZYPP Patch Number 4967)

A chown in the geronimo init script could change ownership of directories it did not own, due to following symlinks. The default setup would corrupt /var/tmp on start. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

mailman security and bug fix update

2.1.5.1-34.rhel4.6 - fix 200036 - canceling subscription confirmation crashes mailman - fix 205651 - CVE-2006-4624 logfile CRLF injection - fix 230939 - missing migrate-fhs script - fix 223191 - spam filters gets deleted when sender filter is edited - fix 242677 - wrong init script...

tcpdump security and bug fix update

14:3.9.4-11.el5.0.1 - Modified libpcap-0.9.4/fad-getad.c to include linux/types.h if it includes linux/ifpacket.h 14:3.9.4-11.el5 - fix buffer overflow in BGP dissector 250294, CVE-2007-3798 14:3.9.4-10.el5 - with -C option, drop root privileges before opening first savefile 241677 14:3.9.4-9.el5...

X Font Server: Multiple Vulnerabilities

Background The X.Org X11 X Font Server provides a standard mechanism for an X server to communicate with a font renderer. Description iDefense reported that the xfs init script does not correctly handle a race condition when setting permissions of a temporary file CVE-2007-3103. Sean Larsson...

CVE-2007-3852

The init script sysstat.in in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code...

Code injection

The init script sysstat.in in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code...

CVE-2007-3852

The CVE details show: sysstat up to version 7.1.6 creates /tmp/sysstat.run insecurely in the init script (sysstat.in), allowing local users to execute arbitrary code. Affected: sysstat package (components for sar/iostat), on affected Linux distros; root cause is insecure temporary file usage. mit...

CVE-2007-3852

The init script sysstat.in in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code...

CVE-2007-3852

The init script sysstat.in in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code...

Fedora Core 5 : postgresql-8.1.7-1.fc5 (2007-198)

Sun Feb 4 2007 Tom Lane 8.1.7-1 - Update to PostgreSQL 8.1.7 to fix CVE-2007-0555, CVE-2007-0556 Related: 225496 - Wed Jan 10 2007 Tom Lane 8.1.6-1 - Update to PostgreSQL 8.1.6 - Mon Dec 11 2006 Tom Lane 8.1.5-1 - Update to PostgreSQL 8.1.5 - Update to PyGreSQL 3.8.1 - Adjust init script to not...