Mandrake Linux Security Advisory : ksymoops (MDKSA-2004:060)

Geoffrey Lee discovered a problem with the ksymoops-gznm script distributed with Mandrakelinux. The script fails to do proper checking when copying a file to the /tmp directory. Because of this, a local attacker can setup a symlink to point to a file that they do not have permission to remove. Th...

RHEL 2.1 : mod_ssl (RHSA-2002:136)

Updated modssl packages are now available for Red Hat Advanced Server. These updates incorporate a fix for an incorrect bounds check in versions of modssl up to and including version 2.8.9. The modssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer SSL a...

FreeBSD : SA-04:06.ipv6 : setsockopt()

The remote host is running a version of FreeBSD 5.2 older than FreeBSD 5.2.1-p4 There is a programming error in the version of this kernel which may allow a local attacker to read portions of the kernel memory or to cause a system panic by misusing the setsockopt system call on IPv6 sockets. C...

cPanel 5 < 9 - Local Privilege Escalation

source: https://www.securityfocus.com/bid/10407/info cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the modphpsuexec option are insecure. These settings will reportedly permit a local attacker...

Important: Red Hat Security Advisory: XFree86 security update

Updated XFree86 packages that fix a minor denial of service vulnerability are now available. XFree86 is an implementation of the X Window System, providing the core graphical user interface and video drivers. Flaws in XFree86 4.1.0 allows local or remote attackers who are able to connect to the X...

[SECURITY] [DSA 477-1] New xine-ui packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 477-1 [email protected] http://www.debian.org/security/ Martin Schulze April 6th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 477-1] New xine-ui packages fix insecure temporary file creation

-------------------------------------------------------------------------- Debian Security Advisory DSA 477-1 [email protected] http://www.debian.org/security/ Martin Schulze April 6th, 2004 http://www.debian.org/security/faq -...

CVE-2004-0115

VirtualPCServices in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServicesLog temporary file...

[SECURITY] [DSA 445-1] New lbreakout2 packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 445-1 [email protected] http://www.debian.org/security/ Matt Zimmerman February 21st, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 428-1] New slocate packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 428-1 [email protected] http://www.debian.org/security/ Matt Zimmerman January 20th, 2004 http://www.debian.org/security/faq -...

Multiple tools within the Netpbm package create temporary files in an insecure manner

Overview Multiple tools within the Netpbm package create temporary files in an insecure manner. Description Netpbm is a toolkit that contains over 220 separate tools for manipulating graphic images. Multiple tools within the Netpbm package create temporary files insecurely. --- Impact A local...

[SECURITY] [DSA 400-1] New omega-rpg packages fix local games exploit

-------------------------------------------------------------------------- Debian Security Advisory DSA 400-1 [email protected] http://www.debian.org/security/ Martin Schulze November 11th, 2003 http://www.debian.org/security/faq -...

Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (2)

Wireless Tools 26 IWConfig - ARGV Local Command Line Buffer Overflow 2 // source: https://www.securityfocus.com/bid/8901/info A problem has been identified in the iwconfig program when handling strings on the commandline. Because of this, a local attacker may be able to gain elevated privileges. ...

IBM DB2 - db2stop Command Line Argument Local Overflow

IBM DB2 - db2stop Command Line Argument Local Overflow source: https://www.securityfocus.com/bid/8990/info IBM DB2 has been reported to be prone to multiple buffer overflow vulnerabilities that present themselves in binaries that are shipped with DB2. The vulnerabilities are likely caused due to ...

IBM DB2 - 'db2govd' Command Line Argument Local Overflow

source: https://www.securityfocus.com/bid/8990/info IBM DB2 has been reported to be prone to multiple buffer overflow vulnerabilities that present themselves in binaries that are shipped with DB2. The vulnerabilities are likely caused due to a lack of sufficient boundary checks performed on user...

Wireless Tools 26 (IWConfig) - ARGV Local Command Line Buffer Overflow (3)

Wireless Tools 26 IWConfig - ARGV Local Command Line Buffer Overflow 3 // source: https://www.securityfocus.com/bid/8901/info A problem has been identified in the iwconfig program when handling strings on the commandline. Because of this, a local attacker may be able to gain elevated privileges. ...

MS03-045: Buffer Overrun in the ListBox and in the ComboBox (824141)

A vulnerability exists because the ListBox control and the ComboBox control both call a function, located in the User32.dll file, that contains a buffer overrun. A local, interactive attacker could run a program that sends a specially crafted Windows message to any application that has implemente...

SLocate 2.6 - User-Supplied Database Heap Overflow

SLocate 2.6 - User-Supplied Database Heap Overflow // source: https://www.securityfocus.com/bid/8780/info It has been reported that a local off-by-one heap overflow exists in the handling of user-supplied databases by slocate. Because of this, an attacker may be able to gain elevated privileges...

marbles 1.0.1 - Local Home Environment Variable Buffer Overflow

marbles 1.0.1 - Local Home Environment Variable Buffer Overflow // source: https://www.securityfocus.com/bid/8710/info A problem in the handling of data in the Home environment variable has been reported in the marbles program. This may make it possible for a local attacker to gain elevated...

marbles 1.0.1 - Local Home Environment Variable Buffer Overflow

// source: https://www.securityfocus.com/bid/8710/info A problem in the handling of data in the Home environment variable has been reported in the marbles program. This may make it possible for a local attacker to gain elevated privileges. / c-marbles.c PoC exploit made for advisory based uppon a...