639 matches found
Debian DSA-1271-1 : openafs - design error
A design error has been identified in the OpenAFS, a cross-platform distributed filesystem included with Debian. OpenAFS historically has enabled setuid filesystem support for the local cell. However, with its existing protocol, OpenAFS can only use encryption, and therefore integrity protection,...
[SECURITY] [DSA 1271-1] New openafs packages fix remote privilege escalation bug
------------------------------------------------------------------------ Debian Security Advisory DSA-1271-1 [email protected] http://www.debian.org/security/ Noah Meyerhans March 20, 2007 - ------------------------------------------------------------------------ Package : openafs Vulnerability...
[SECURITY] [DSA 1271-1] New openafs packages fix remote privilege escalation bug
------------------------------------------------------------------------ Debian Security Advisory DSA-1271-1 [email protected] http://www.debian.org/security/ Noah Meyerhans March 20, 2007 - ------------------------------------------------------------------------ Package : openafs Vulnerability...
Default configuration
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...
CVE-2007-1507
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...
DEBIAN-CVE-2007-1507
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...
CVE-2007-1507
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...
CVE-2007-1507
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...
CVE-2007-1507
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...
CVE-2007-1507
OpenAFS before versions 1.4.4 and 1.5.17 allowed setuid programs in the local cell, enabling an attacker to spoof a FetchStatus reply and set setuid/root ownership on an executed file, leading to privilege escalation. Multiple advisories (GLSA 200704-03, Debian DSA-1271-1, Mandrake/MDKSA-2007:066...
CVE-2007-1507
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the...
DSA-1271-1 openafs - design error
Bulletin has no description...
OpenAFS filesystem privilege esccalation
Attacke can make fake suid binary on network disk by using protocol weakness...
[SECURITY] [DSA 1271-1] New openafs packages fix remote privilege escalation bug
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1271-1 [email protected] http://www.debian.org/security/ Noah Meyerhans March 20, 2007 -...
Debian DSA-142-1 : openafs - integer overflow
An integer overflow bug has been discovered in the RPC library used by the OpenAFS database server, which is derived from the SunRPC library. This bug could be exploited to crash certain OpenAFS servers volserver, vlserver, ptserver, buserver or to obtain unauthorized root access to a host runnin...
[SECURITY] [DSA 142-1] New OpenAFS packages fix integer overflow bug
-------------------------------------------------------------------------- Debian Security Advisory DSA 142-1 [email protected] http://www.debian.org/security/ Martin Schulze August 5th, 2002 - -------------------------------------------------------------------------- Package : openafs...
[SECURITY] [DSA 142-1] New OpenAFS packages fix integer overflow bug
-------------------------------------------------------------------------- Debian Security Advisory DSA 142-1 [email protected] http://www.debian.org/security/ Martin Schulze August 5th, 2002 - -------------------------------------------------------------------------- Package : openafs...
DSA-142 openafs - integer overflow
Bulletin has no description...
PT-2006-7573 · Suse +2 · Ndiswrapper-Kmp-Smp +69
Name of the Vulnerable Software and Affected Versions: drbd-kmp-iseries64 versions affected versions not specified cloop-kmp-debug versions affected versions not specified k smp versions affected versions not specified usbvision-kmp-xen versions affected versions not specified pcfclock-kmp-smp...