Mandrake Linux Security Advisory : krb5 (MDKSA-2003:021)

A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system call. This could allow a malicious remote FTP server to write to files outside o...

Mandrake Linux Security Advisory : kernel (MDKSA-2004:062)

A vulnerability in the e1000 driver for the Linux kernel 2.4.26 and earlier was discovered by Chris Wright. The e1000 driver does not properly reset memory or restrict the maximum length of a data structure, which can allow a local user to read portions of kernel memory CVE-2004-0535. A...

Mandrake Linux Security Advisory : apache2 (MDKSA-2003:096-1)

A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write call in...

Mandrake Linux Security Advisory : gzip (MDKSA-2002:011)

There are two problems with the gzip archiving program; the first is a crash when an input file name is over 1020 characters, and the second is a buffer overflow that could be exploited if gzip is run on a server such as an FTP server. The patch applied is from the gzip developers and the problem...

RHEL 2.1 : kernel (RHSA-2003:239)

Updated kernel packages that address various security vulnerabilities are now available for Red Hat Enterprise Linux. The Linux kernel handles the basic functions of the operating system. Security issues have been found that affect the versions of the Linux kernel shipped with Red Hat Enterprise...

[Full-Disclosure] [ GLSA 200406-22 ] Pavuk: Remote buffer overflow

Gentoo Linux Security Advisory GLSA 200406-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

CVE-2004-0587

Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service...

MDKSA-2004:050 - Updated kernel packages fix multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrakelinux Security Update Advisory Package name: kernel Advisory ID: MDKSA-2004:050 Date: May 21st, 2004 Affected versions: 10.0, 9.2 Problem Description: Brad Spender discovered an exploitable bug in the cpufreq code in the Linux 2.6 kernel...

F-Secure Anti-Virus for Linux fails to properly detect Sober.D virus

Overview F-Secure Anti-Virus for Linux contains a flaw that may prevent it from properly detecting the Sober.D virus. A hotfix for this vulnerability has been released. Description F-Secure Anti-Virus version 4.52 for Linux contains a flaw that may prevent it from properly detecting the Sober.D...

DSA-440 linux-kernel-2.4.17-powerpc-apus - several vulnerabilities

Bulletin has no description...

CVE-2004-2092

eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information...

Moderate: Red Hat Security Advisory: util-linux security update

Updated util-linux packages that fix an information leak in the login program are now available. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. In some situations, the login program could use a pointer that had been...

----------========== OPEN3S-2003-08-08-eng-informix-ontape ==========----------

----------========== OPEN3S-2003-08-08-eng-informix-ontape ==========---------- Title: Local Vulnerability at Informix IDSv9.40 via ontape binary Date: 08-08-2003 Platform: Only tested in Linux but can be exported to others. Impact: Any user with DSA privileges over Informix could achieve root...

CVE-2004-0029

Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges...

Abyss webserver FAT partition protection bypass

Under linux, it's possible to access protected located on FAT partition by appending dot to filename...

CVE-2003-0658

Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules...

CVE-2003-0699

The C-Media PCI sound driver in Linux before 2.4.21 does not use the getuser function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700...

Ifenslave 0.0.7 - Argument Local Buffer Overflow (1)

source: https://www.securityfocus.com/bid/7682/info ifenslave for Linux has been reported prone to a buffer overflow vulnerability. The issue is reportedly due to a lack of sufficient bounds checking performed on user-supplied data before it is copied into an internal memory space. It is possible...

OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)

Exploit for linux platform in category remote exploits ==================================================== OpenSSH/PAM " exit 1 Verify the arguments. $ != 2 && usage Variables. USER="$1" HOST="$2" =-=-=-=-=-=-=-=-=-=-=-=-= Expect script functions =-=-=-=-=-=-=-...

PoPToP PPTP &lt;= 1.1.4-b3 Remote Root Exploit (poptop-sane.c)

No description provided by source. / Fixed Exploit against PoPToP in Linux poptop-sane.c ./r4nc0rwh0r3 of blightninjas [email protected] blightninjas: bringing pain, suffering, and humiliation to the security world Expect more great release like helloworld-annotated.c and cd explained...