Mandrake Linux Security Advisory : file (MDKSA-2007:067)

Jean-Sebastien Guay-Leroux discovered an integer underflow in the fileprintf function in file prior to 4.20 that allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow. Updated packages have been patched to address this issue. %NASLMINLEVEL...

Linux Security Auditing Tool不安全临时文件建立漏洞

Linux Security Auditing Tool是一款安全审核工具。 Linux Security Auditing Tool不安全建立临时文件，本地攻击者可以利用漏洞覆盖敏感文件，造成拒绝服务攻击。 攻击者可以利用符号链接进行攻击。目前没有详细漏洞细节提供。 Linux Security Auditing Tool 0.9.2 Gentoo Linux 目前没有解决方案提供： http://usat.sourceforge.net/...

CVE-2007-1500

The Linux Security Auditing Tool LSAT allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat...

LSAT: Insecure temporary file creation

Background The Linux Security Auditing Tool LSAT is a post install security auditor which checks many system configurations and local network settings on the system for common security or configuration errors and for packages that are not needed. Description LSAT insecurely writes in /tmp with a...

Mandrake Linux Security Advisory : kdegraphics (MDKSA-2007:024)

The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, via a PDF file with a 1 craft...

Mandrake Linux Security Advisory : libpng (MDKSA-2006:209)

Buffer overflow in the pngdecompresschunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to 'chunk error processing,' possibly involving the 'chunkname'. CVE-2006-33...

Mandrake Linux Security Advisory : gstreamer-ffmpeg (MDKSA-2006:174)

Gstreamer-ffmpeg uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified...

Mandrake Linux Security Advisory : postgresql (MDKSA-2006:194)

A vulnerability in PostgreSQL 8.1.x allowed remote authenticated users to cause a Denial of Service daemon crash via certain aggregate functions in an UPDATE statement which were not handled correctly CVE-2006-5540. Another DoS issue in PostgreSQL 7.4.x, 8.0.x, and 8.1.x allowed remote...

Trend Micro VirusWall 3.81 (vscan/VSAPI) Local Buffer Overflow Exploit

Exploit for linux platform in category local exploits ====================================================================== Trend Micro VirusWall 3.81 vscan/VSAPI Local Buffer Overflow Exploit ====================================================================== / Title: Local root exploit for...

Trend Micro VirusWall 3.81 - vscanVSAPI Local Buffer Overflow

Trend Micro VirusWall 3.81 - vscanVSAPI Local Buffer Overflow / Title: Local root exploit for vscan/VSAPI =Trend Micro VirusWall 3.81 on Linux Author: Sebastian Wolfgarten / [email protected] / http://www.devtarget.org Date: January 3rd, 2007 Severity: Medium Description: The product...

OpenLDAP: Insecure usage of /tmp during installation

Background OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. Description Tavis Ormandy of the Gentoo Linux Security Team has discovered that the file gencert.sh distributed with the Gentoo ebuild for OpenLDAP does not exit upon the existence of a...

[ MDKSA-2007:019 ] - Updated pdftohtml packages fix crafted pdf file vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:019 http://www.mandriva.com/security/ Package : pdftohtml Date : January 18, 2007 Affected: 2006.0, 2007.0 Problem Description: The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in...

Mandrake Linux Security Advisory : xorg-x11 (MDKSA-2006:164-1)

Local exploitation of an integer overflow vulnerability in the 'CIDAFM' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root CVE-2006-3739. Local exploitation of an integer overflow vulnerability in the...

GLSA-200611-17 : fvwm: fvwm-menu-directory fvwm command injection

The remote host is affected by the vulnerability described in GLSA-200611-17 fvwm: fvwm-menu-directory fvwm command injection Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that fvwm-menu-directory does not sufficiently sanitise directory names prior to generating menus. Impact ...

Dr.Web AntiVirus 4.33 - LHA long Directory name Local Overflow

/ stetoscope.c: Dr.Web 4.33 antivirus LHA directory name heap overflow for linux - Howto: Find a valid GOT entry to hijack with objdump -R /opt/drweb/drweb . I guess that you can use the address of free, but my exploit uses the address of realpath. There was a NULL byte in the GOT entry of free s...

[Full-disclosure] [ MDKSA-2006:113 ] - Updated tetex packages fix embedded GD vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2006:113 http://www.mandriva.com/security/ Package : tetex Date : June 27, 2006 Affected: 10.2, 2006.0 Problem Description: Integer overflows were reported in the GD Graphics Library libgd 2.0.28, and possibly...

Mandrake Linux Security Advisory : MySQL (MDKSA-2006:111)

Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service crash via a NULL second argument to the strtodate function. MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue. Packages have been...

CVE-2006-2916

The CVE-2006-2916 issue affects artswrapper in aRts running with setuid root on Linux 2.6.0+ where setuid’s return value is not checked, allowing a local user to escalate to root by preventing artsd from dropping privileges. The vulnerability arises from failing to verify setuid’s success, potent...

FreeBSD : libxine -- format string vulnerability (3bc5691e-38dd-11da-92f5-020039488e34)

Gentoo Linux Security Advisory reports : Ulf Harnhammar discovered a format string bug in the routines handling CDDB server response contents. An attacker could submit malicious information about an audio CD to a public CDDB server or impersonate a public CDDB server. When the victim plays this C...

Directory traversal

Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\" sequences, a similar vulnerability to CVE-2006-1864...