[SECURITY] [DSA 2063-1] New pmount packages fix denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-2063-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano June 17, 2010 http://www.debian.org/security/faq -...

Design/Logic Flaw

The releaseonetty function in drivers/char/ttyio.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the putpid function, which has unspecified impact and local attack vectors...

CVE-2010-1162

The releaseonetty function in drivers/char/ttyio.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the putpid function, which has unspecified impact and local attack vectors...

CVE-2010-1162

CVE-2010-1162 affects the Linux kernel before 2.6.34-rc4, in which release_one_tty() in drivers/char/tty_io.c omits certain required put_pid() calls. The impact is described as unspecified, with local attack vectors. The available connected documents confirm the vulnerability and reference the af...

CVE-2010-1162

The releaseonetty function in drivers/char/ttyio.c in the Linux kernel before 2.6.34-rc4 omits certain required calls to the putpid function, which has unspecified impact and local attack vectors...

Dualis 20.4 - '.bin' Local Denial of Service

Site: http://www.nullbyte.org.il Dualis 20.4 is vulnerable to local denial of service attack. When we try to open a file by 'Load and ExecuteCTRL+R' that contains 9999 chars 'A', so dualis should crash. PoC / Code: $buffer = strrepeat'A', 9999; Create 9999 chars'A'.. iffileputcontents'crash.bin',...

CmsFaethon 2.2.0 (ultimate.7z) - Multiple Vulnerabilities

CmsFaethon 2.2.0 ultimate.7z - Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability +Vendor: CMS Faethon +Version: 2.2.0-ultimate.7z +License: GNU GENERAL PUBLIC LICENSE +Download: http://sourceforge.net/projects/cmsfaethon/files/ +Risk: High +Remote: Yes +Local: Yes...

Debian Lintian多个本地安全漏洞

Bugraq ID: 37975 CVE ID：CVE-2009-4013 CVE-2009-4014 CVE-2009-4015 Debian Lintian是一款软件包检查程序。 Debian Lintian存在多个安全漏洞，本地攻击者可以利用这些漏洞执行任意代码或者提升特权或获得敏感信息。 CVE-2009-4013：控制文件过滤缺失 CNCVE ID：CNCVE-20094013 CNCVE-20094014 CNCVE-20094015 CNCVE-20094013 控制字段名称和值在使用前没有充分过滤，在部分操作下可导致目录遍历。 Patch...

TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001

TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security Advisory - SOS-10-001 Release Date. 21-Jan-2010 Vendor Notification Date. 11-Dec-2009 Product. TheGreenBow VPN Client Platform. Microsoft Windows Affected versions. 4.65.003, 4.51.001 verified and possibly others. Severity Ratin...

Linux Kernel 'drivers/firewire/ohci.c'空指针引用拒绝服务漏洞

Bugraq ID: 37339 CVE ID：CVE-2009-4138 Linux是一款开放源代码的操作系统。 ohci接口在处理数据长度为零的报文时存在问题，本地攻击者可以利用漏洞对系统进行拒绝服务攻击。 可以打开新1394栈新版本中的任意/dev/fw文件的用户，发送部分ioctls可导致使用ohci 1.0控制器或由于硬件缺陷ohci 1.0模式中使用ohci 1.1控制器的机器崩溃。这可导致fw-,ohci.c中引用空指针。 在那些使用不被列入黑名单的ohci1.1控制器的机器，调用不会发生任何事情，虽然是个缺陷，但不会导致崩溃。 在Red Hat Enterprise...

Design/Logic Flaw

Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors...

Authorization

The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability HA scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors...

CVE-2009-4331

The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability HA scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors...

CVE-2009-4330

Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors...

CVE-2009-4330

Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors...

CVE-2009-4331

The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability HA scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors...

CVE-2009-4330

IBM DB2 9.5 before FP5 is vulnerable in the Engine Utilities component (db2licm) with an unspecified impact and local attack vectors. Affected product/version: IBM DB2 UDB 9.5 prior to Fix Pack 5. Underlying issue: unspecified vulnerability in db2licm; CVSSv2 base 7.2 (LOCAL, HIGH). Remediation: ...

SAP RFC SDK — Format String

Application: RFC SDK SAP AG Versions Affected: RFC SDK 6.40 7.11 Vendor URL: Bugs: Format String Vulnerability Exploits: YES Reported: 15.12.2009 Vendor response: 18.12.2009 Date of SAP Security Note Published: 14.09.2010 Date of Public Advisory: 14.12.2010 Author: Alexey Sintsov Description SAP...

Code injection

dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors...

SafeNet SoftRemote Local Buffer Overflow - Security Advisory - SOS-09-008

SafeNet SoftRemote Local Buffer Overflow - Security Advisory - SOS-09-008 Release Date. 30-Oct-2009 Vendor Notification Date. 20-Jul-2009 Product. SafeNet SoftRemote Platform. Microsoft Windows Affected versions. 10.8.5 Build 2, 10.3.5 Build 6 verified and possibly others. Other vendors which hav...