845 matches found
Mandrake Linux Security Advisory : teetx (MDKSA-2002:070)
A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
Mandrake Linux Security Advisory : jabber (MDKSA-2004:005)
A vulnerability was found in the jabber program where a bug in the handling of SSL connections could cause the server process to crash, resulting in a DoS Denial of Service. The updated packages are patched to correct the problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...
Mandrake Linux Security Advisory : mm (MDKSA-2002:045)
Marcus Meissner and Sebastian Krahmer discovered a temporary file vulnerability in the mm library which is used by the Apache webserver. This vulnerability can be exploited to obtain root privilege if shell access to the apache user typically apache or nobody is already obtained. %NASLMINLEVEL...
Mandrake Linux Security Advisory : kdelibs (MDKSA-2003:079)
A vulnerability in Konqueror was discovered where it could inadvertently send authentication credentials to websites other than the intended site in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form http://user:password@host/. The...
Mandrake Linux Security Advisory : fetchmail (MDKSA-2001:072)
A vulnerability was found by Salvatore Sanfilippo in both the IMAP and POP3 code of fetchmail where the input is not verified and no bounds checking is done. This can be exploited by a remote attacker to write arbitrary data into memory. The attacker must have control of the mail server the clien...
Mandrake Linux Security Advisory : sendmail (MDKSA-2003:086)
A vulnerability was discovered in all 8.12.x versions of sendmail up to and including 8.12.8. Due to wrong initialization of RESOURCERECORDT structures, if sendmail receives a bad DNS reply it will call free on random addresses which usually causes sendmail to crash. These updated packages are...
SuSE-SA:2004:015: cvs
The remote host is missing the patch for the advisory SuSE-SA:2004:015 cvs. The Concurrent Versions System CVS offers tools which allow developers to share and maintain large software projects. Various remotely exploitable conditions have been found during a source code review of CVS done by Stef...
Fedora Core 1 : kernel-2.4.22-1.2140.nptl (2003-047)
Various RTC drivers had the potential to leak small amounts of kernel memory to userspace through IOCTL's. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2003-0984 to this issue. Note that Tenable Network Security has extracted the preceding description...
Fedora Core 1 : mutt-1.4.1-5 (2004-061)
This package fixes CVE-2004-0078, where a specifc message could cause mutt to crash. This is the vulnerability fixed in the recently released mutt-1.4.2. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...
RHEL 2.1 : pine (RHSA-2002:271)
A vulnerability in Pine version 4.44 and earlier releases can cause Pine to crash when sent a carefully crafted email. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 Pine, developed at the University of Washington, is a tool for reading, sending, and managing electronic...
RHEL 2.1 / 3 : ethereal (RHSA-2003:324)
Updated Ethereal packages that fix a number of exploitable security issues are now available. Ethereal is a program for monitoring network traffic. A number of security issues affect Ethereal. By exploiting these issues, it may be possible to make Ethereal crash or run arbitrary code by injecting...
RHEL 2.1 : sendmail (RHSA-2003:284)
Updated Sendmail packages that fix a potentially-exploitable vulnerability are now available. Sendmail is a widely used Mail Transport Agent MTA and is included in all Red Hat Enterprise Linux distributions. There is a bug in the prescan function of Sendmail versions prior to and including 8.12.9...
RHEL 2.1 : LPRng (RHSA-2002:120)
The LPRng print spooler, as shipped in Red Hat Linux Advanced Server 2.1, accepts all remote print jobs by default. Updated LPRng packages are available to fix this issue. With its default configuration, LPRng will accept job submissions from any host, which is not appropriate in a workstation...
[SECURITY] [DSA-367-1] New xtokkaetama packages fix buffer overflow
-------------------------------------------------------------------------- Debian Security Advisory DSA 367-1 [email protected] http://www.debian.org/security/ Matt Zimmerman August 8th, 2003 http://www.debian.org/security/faq -...
Important: Red Hat Security Advisory: : : : updated ghostscript packages fix vulnerabilities
Updated packages are available for GNU Ghostscript under the iSeries and pSeries architectures which fix various security vulnerabilities. Ghostscript is a program for displaying PostScript files or printing them to non-PostScript printers. An untrusted PostScript file can cause ghostscript to...
Low: Red Hat Security Advisory: LPRng security update
Updated LPRng packages resolving a temporary file vulnerability are now available. LPRng is a print spooler. LPRng includes a program, psbanner, that can be used to produce Postscript banner pages to separate print jobs. A vulnerability has been found in psbanner, which creates in an insecure...
[RHSA-2003:118-01] Updated mICQ packages fix vulnerability
--------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated mICQ packages fix vulnerability Advisory ID: RHSA-2003:118-01 Issue date: 2003-04-24 Updated on: 2003-04-24 Product: Red Hat Linux Keywords: mICQ malformed ICQ message DoS 0xFE Cross...
Moderate: Red Hat Security Advisory: : Updated tcpdump packages fix various vulnerabilities
Updated tcpdump, libpcap, and arpwatch packages are available, fixing a number of vulnerabilities that could be used to cause a denial of service attack, or possibly execute arbitrary code. tcpdump is a command-line tool for monitoring network traffic. The BGP decoding routines in tcpdump before...
Critical: Red Hat Security Advisory: : New samba packages fix security vulnerabilities
Updated Samba packages are now available to fix security vulnerabilities found during a code audit. Updated 24 March 2003 Updated Samba packages for Red Hat Linux 6.2, 7, and 7.1 are now included. These packages contain Samba version 2.0.10 with a backported security fix. Updated 1 April 2003...
Critical: Red Hat Security Advisory: : Updated Fetchmail packages fix security vulnerability
Updated Fetchmail packages are available for Red Hat Linux versions 6.2, 7, 7.1, 7.2, 7.3, and 8.0 which close a remotely-exploitable vulnerability in unpatched versions of Fetchmail prior to 6.2.0. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP...