Important: Red Hat Security Advisory: mysql security update

Updated packages are available that fix both a double-free security vulnerability and a remote root exploit security vulnerability found in the MySQL server. Updated 11 Aug 2003 Updated mysqlclient9 packages are now included. These were previously missing from this erratum. MySQL is a multi-user,...

Important: Red Hat Security Advisory: mod_auth_any security update

Updated modauthany packages are available for Red Hat Enterprise Linux. These updated packages fix vulnerabilities associated with the manner in which modauthany escapes shell arguments when calling external programs. The Web server module modauthany allows the Apache httpd server to call arbitra...

Important: Red Hat Security Advisory: tomcat security update for Stronghold

Updated tomcat packages are now available for Stronghold 4.0 to close a second JSP source code exposure vulnerability. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. A source code exposure vulnerability...

Sendmail 8.12.x - Header Processing Buffer Overflow (1)

Sendmail 8.12.x - Header Processing Buffer Overflow 1 // source: https://www.securityfocus.com/bid/6991/info Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers...

Sendmail 8.12.x - Header Processing Buffer Overflow (2)

Sendmail 8.12.x - Header Processing Buffer Overflow 2 // source: https://www.securityfocus.com/bid/6991/info Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers...

Sendmail 8.12.x - Header Processing Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/6991/info Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers. Reportedly, this vulnerability may be locally...

Sendmail 8.12.x - Header Processing Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/6991/info Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers. Reportedly, this vulnerability may be locally...

Important: Red Hat Security Advisory: xpdf security update

Updated Xpdf packages are available to fix a vulnerability where a malicious PDF document could run arbitrary code. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 Xpdf is an X Window System based viewer for Portable Document Format PDF files. During an audit of CUPS, a...

Important: Red Hat Security Advisory: mysql security update

Updated packages are available for Red Hat Linux Advanced Server 2.1 that fix security vulnerabilities found in the MySQL server. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 MySQL is a multi-user, multi-threaded SQL database server. While auditing MySQL, Stefan Esser fou...

[BUGZILLA] Security Advisory - remote database password disclosure

Bugzilla Security Advisory January 2nd, 2002 Severity: major remote database password disclosure, bug 186383 minor local file permissions, bug 183188 Summary ======= All Bugzilla installations are advised to upgrade to the latest versions of Bugzilla, 2.14.5 and 2.16.2, both released today...

CUPS 1.1.x - Negative Length HTTP Header

CUPS 1.1.x - Negative Length HTTP Header source: https://www.securityfocus.com/bid/6437/info A vulnerability has been reported for CUPS that if exploited may result in a DoS or the execute of code on affected systems. An attacker can exploit this vulnerability by connecting to a vulnerable system...

Critical: Red Hat Security Advisory: fetchmail security update

Updated Fetchmail packages are available for Red Hat Linux Advanced Server which close a remotely-exploitable vulnerability in unpatched versions of Fetchmail prior to 6.2.0. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation Fetchmail is a remote mail retrieval and forwarding...

Web Server HTTP Header Handling Remote Overflow

It was possible to kill the web server by sending an invalid request with a long header name or value. A remote attacker may exploit this vulnerability to make the web server crash continually or even execute arbitrary code. C Tenable Network Security, Inc. include"compat.inc"; if description...

OpenSSH 3.x - Challenge-Response Buffer Overflow (2)

OpenSSH 3.x - Challenge-Response Buffer Overflow 2 source: https://www.securityfocus.com/bid/5093/info The OpenSSH team has reported two vulnerabilities in OpenSSH that are remotely exploitable and may allow for unauthenticated attackers to obtain root privileges. The conditions are related to th...

SpoonFTP Buffer Overflow Vulnerabilities

Strumpf Noir Society Advisories ! Public release ! -- -= SpoonFTP Buffer Overflow Vulnerabilities =- Release date: Thursday, May 31, 2001 Introduction: SpoonFTP is an ftp server from the hand of the makers of SpoonProxy for the various MS Windows incarnations. SpoonFTP is available from vendor...

(SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1

================================================= Secure Reality Pty Ltd. Security Pre-Advisory 1 SRPRE00001 http://www.securereality.com.au ================================================= Title Remote command execution vulnerabilities in phpMyAdmin and phpPgAdmin Released 23/4/2001 This is a...

Security advisory for analog

SECURITY ADVISORY 13th February 2001 ---------------------------------------------------------------------- Program: analog logfile analysis program Versions: all versions except 4.16 and 4.90beta3 Operating systems: all ---------------------------------------------------------------------- There...

[SECURITY] New version of curl fixes buffer overflow

Package : curl and curl-ssl Problem type : remote exploit Debian-specific: no The version of curl as distributed with Debian GNU/Linux 2.2 had a bug in the error logging code: when it created an error message it failed to check the size of the buffer allocated for storing the message. This could ...

trivial DoS in webTV

There exists a trivial DoS in webTV coming from plain 98 installation. By sending a udp packet to the 22701-22705 opened up by annclist.exe you can cause the program to crash or cause various blue screens etc. The larger the size, the more dramitic the effects lockups, reboots and that. Microsoft...

[SECURITY] New version of xchat released (update)

Package : xchat Problem type : remote exploit Debian-specific: no The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shel...