Debian Security Advisory DSA 401-1 (hylafax)

The remote host is missing an update to hylafax announced via advisory DSA 401-1. OpenVAS Vulnerability Test $Id: deb4011.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 401-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

CVE-2006-1656

vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root...

Debian DSA-310-1 : xaos - improper setuid-root execution

XaoS, a program for displaying fractal images, is installed setuid root on certain architectures in order to use svgalib, which requires access to the video hardware. However, it is not designed for secure setuid execution, and can be exploited to gain root privileges. In these updated packages,...

Symlink vulnerabilities in mailmgr

--------------------------------------------------------- Title : Symlink vulnerabilities in mailmgr Bug finder : Marco van Berkum [email protected] Website : http://ws.obit.nl URL to mailmgr : http://web.onda.com.br/orso/mailmgr.html Tested version : Mailmgr-1.2.3 Date : 12 Feb 2004...

[SECURITY] [DSA-310-1] New xaos packages fix improper setuid-root execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 310-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 8th, 2003 http://www.debian.org/security/faq -...

DSA-299 leksbot - improper setuid-root execution

Bulletin has no description...

script.command.txt

------------------------------------------------------------- Title: Silly hardlink vulnerability in UNIX 'script' command Linux version maintainer: Andries Brouwer [email protected] Bug found by: Marco van Berkum [email protected] Date: 17-12-2001 Priority: low...

CVE-1999-1467

The CVE-1999-1467 issue affects the rcp service on SunOS 4.0.x. The underlying problem is tied to the configuration of the nobody user, enabling remote attackers from trusted hosts to execute arbitrary commands as root. The connected PT-1989-1001 entry confirms SunOS 4.0.x as the affected platfor...

FreeBSD-SA-01:57.sendmail

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:57 Security Advisory FreeBSD, Inc. Topic: sendmail contains local root vulnerability REVISED Category: core Module: sendmail Announced: 2001-08-27 Revised: 2001-08-30...

glibc unsetenv fails to properly handle environment variables passed more than once to a program

Overview The glibc implementation of unsetenv fails to properly remove one of two successive occurrences of the same environment variable if the variable is redundently passed to a program. Description The glibc implementation of unsetenv, if called to remove an environment variable that occurs t...

[SECURITY] [DSA-032-2] proftp runs as root, /var symlink removal

Package: proftpd Vulnerability: proftpd running as root, /var symlink removal Debian-specific: yes This is an update to the DSA-032-1 advisory. The powerpc package that was listed in that advisory was unfortunately compiled on the wrong system which caused it to not work on a Debian GNU/Linux 2.2...

/usr/sbin/audlinks has the following behavior: $ id uid=100optyx gid=1other $ mkdir -p /tmp/b/dev $ ln -s /.rhosts /tmp/b/dev/.devfsadmdev.lock $ su root Password: /usr/sbin/audlinks -r /tmp/b ls -l /.rhosts -rw-r--r-- 1 root other 4 Dec 28 14:28 /.rhosts truss output snippet:...

Sun Solaris 7.0 - '/usr/dt/bin/dtprintinfo' Local Buffer Overflow

/ source: https://www.securityfocus.com/bid/249/info The dtprintinfo is a setuid commands open the CDE Print Manager window. A stack based buffer overflow in the handling of the "-p" option allow the execution of arbitrary code as root. This vulnerablity has been assigned Sun Bug 4139394. The...

Slackware Linux 3.4 - netconfig Temporary File

Slackware Linux 3.4 - netconfig Temporary File source: https://www.securityfocus.com/bid/81/info netconfig creates the file /tmp/tmpmsg insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/tmpmsg to any file and wait for root to run the program. This will clober...