SuSE 10 Security Update : Samba (ZYPP Patch Number 3829)

The previous security fix for CVE-2007-2447 missed one character in the shell escape handling. Also fixed were some regressions introduced by the previous update. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

openSUSE 10 Security Update : samba (samba-3827)

The previous security fix for CVE-2007-2447 missed one character in the shell escape handling. Also fixed were some regressions introduced by the previous update. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSU...

openSUSE 10 Security Update : samba (samba-3828)

The previous security fix for CVE-2007-2447 missed one character in the shell escape handling. Also fixed were some regressions introduced by the previous update. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSU...

CVE-2007-4044

Rejected reason: The MS-RPC functionality in smbd in Samba 3 on SUSE Linux before 20070720 does not include "one character in the shell escape handling." NOTE: this issue was originally characterized as a shell metacharacter issue due to an incomplete fix for CVE-2007-2447, which was interpreted ...

CVE-2007-4044

Rejected reason: The MS-RPC functionality in smbd in Samba 3 on SUSE Linux before 20070720 does not include "one character in the shell escape handling." NOTE: this issue was originally characterized as a shell metacharacter issue due to an incomplete fix for CVE-2007-2447, which was interpreted ...

Design/Logic Flaw

Rejected reason: The MS-RPC functionality in smbd in Samba 3 on SUSE Linux before 20070720 does not include "one character in the shell escape handling." NOTE: this issue was originally characterized as a shell metacharacter issue due to an incomplete fix for CVE-2007-2447, which was interpreted ...

CVE-2007-4044

CVE-2007-4044 entry is rejected/not used and does not represent an active vulnerability.

Fedora Core 5 : openoffice.org-2.0.2-5.21.2 (2007-375)

CVE-2007-0239 rhbz228008 potential shell escape problem in some hyperlinks CVE-2007-0238 rhbz226966 potential buffer overflows in calc legacy file format Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

Fedora Core 6 : openoffice.org-2.0.4-5.5.17 (2007-376)

CVE-2007-0239 rhbz228008 potential shell escape problem in some hyperlinks CVE-2007-0238 rhbz226966 potential buffer overflows in calc legacy file format Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

Important: openoffice.org security update

1.1.5-10 - Resolves: CVE-2007-0239 rhbz228008 shell escape 1.1.5-9 - Resolves: rhbz226966 CVE-2007-0238 buffer overflows 1.1.5-8 - Resolves: rhbz223801 CVE-2007-0002 buffer overflows...

Slackware 8.1 / 9.0 / 9.1 / current : apache (SSA:2004-133-01)

New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog which could create an exploit if the error log is read in a termina...

Open WebMail Shell Escape Arbitrary Command Execution

According to its banner, the version of Open WebMail installed on the remote host may allow execution of arbitrary shell commands due to its failure to ensure shell escape characters are removed from filenames and other strings before trying to read from them. %NASLMINLEVEL 70300 C Tenable Networ...

Open Webmail < 2.51 20050430 Shell Escape Arbitrary Command Execution

Binary data 2875.prm...

Low: Red Hat Security Advisory: mc security update

An updated mc package that resolves several shell escape security issues is now available. Updated 5 January 2005 Packages have been updated to include the gmc and mcserv packages which were left out of the initial errata. Midnight Commander mc is a visual shell much like a file manager. Shell...

RHEL 2.1 : mc (RHSA-2004:464)

An updated mc package that resolves several shell escape security issues is now available. Updated 5 January 2005 Packages have been updated to include the gmc and mcserv packages which were left out of the initial errata. Midnight Commander mc is a visual shell much like a file manager. Shell...

RHEL 3 : gaim (RHSA-2004:400)

An updated gaim package that fixes several security issues is now available. Gaim is an instant messenger client that can handle multiple protocols. Buffer overflow bugs were found in the Gaim MSN protocol handler. In order to exploit these bugs, an attacker would have to perform a man in the...

PHP 4.3.x - Microsoft Windows Shell Escape functions Command Execution

source: https://www.securityfocus.com/bid/10471/info PHP is reportedly prone to a command execution vulnerability in its shell escape functions. This issue is due to a failure of PHP to properly sanitize function arguments. This issue might allow an attacker to execute arbitrary shell commands on...

SUIDPerl 5.00503 - Mail Shell Escape (2)

SUIDPerl 5.00503 - Mail Shell Escape 2 source: https://www.securityfocus.com/bid/1547/info The interaction between some security checks performed by suidperl, the setuid version of perl, and the /bin/mail program creates a scenario that allows local malicious users to execute commands with root...

SUIDPerl 5.00503 - Mail Shell Escape (2)

source: https://www.securityfocus.com/bid/1547/info The interaction between some security checks performed by suidperl, the setuid version of perl, and the /bin/mail program creates a scenario that allows local malicious users to execute commands with root privileges. The suidperl program perform...

[SECURITY] New version of htdig released

------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman December 9, 1999 - ------------------------------------------------------------------------ Package : htdig Vulnerability type:...