PT-2005-3947 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.10 through 2.6.13 Description: The issue is related to a memory leak in the request key auth destroy function within the request key auth component of the Linux kernel. This leak allows local users to cause a denial ...

[SECURITY] [DSA 844-1] New mod-auth-shadow packages fix authentication bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 844-1 [email protected] http://www.debian.org/security/ Martin Schulze October 5th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 844-1] New mod-auth-shadow packages fix authentication bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 844-1 [email protected] http://www.debian.org/security/ Martin Schulze October 5th, 2005 http://www.debian.org/security/faq -...

DSA-844-1 mod-auth-shadow - programming error

Bulletin has no description...

[Full-disclosure] [SECURITY] [DSA 844-1] New mod-auth-shadow packages fix authentication bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 844-1 [email protected] http://www.debian.org/security/ Martin Schulze October 5th, 2005 http://www.debian.org/security/faq -...

Debian DSA-844-1 : mod-auth-shadow - programming error

A vulnerability in modauthshadow, an Apache module that lets users perform HTTP authentication against /etc/shadow, has been discovered. The module runs for all locations that use the 'require group' directive which would bypass access restrictions controlled by another authorisation mechanism,...

CVE-2005-2605

CVE-2005-2605 pertains to an unknown vulnerability in Lasso Professional Server 8.0.4 and 8.0.5 that could allow an attacker to bypass authentication. The connected documents do not provide concrete technical details such as the root cause, affected components beyond the server versions, exploit ...

CVE-2005-2605

Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to Auth tags...

Episodex Guestbook Multiple Vulnerabilities (Auth Bypass, XSS)

The remote host is running the Episodex Guestbook, a guestbook written in ASP. The version of Episodex installed on the remote host does not validate input to various fields in the 'default.asp' script before using it to generate dynamic HTML. Additionally, an unauthenticated, remote attacker can...

Fedora Core 2 : mozilla-1.7.6-1.2.2 (2005-248)

A buffer overflow bug was found in the way Mozilla processes GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the...

CVE-2003-1177

CVE-2003-1177 describes a buffer overflow in the base64 decoder of MERCUR Mailserver 4.2 before SP3a. An attacker could trigger it via long AUTH (POP3) or AUTHENTICATE (IMAP) commands, potentially causing a denial of service and possibly arbitrary code execution.

CVE-2005-1121

Format string vulnerability in the myxlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwdmysql and passwdpgsql modules, may allow attackers to execute arbitrary code via a URL...

Low: Red Hat Security Advisory: postfix security update

Updated postfix packages that include a security fix and two other bug fixes are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, and...

security flaw

squidldapauth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists ACLs via a username with a space at the beginning or end, which is ignored by the LDAP server...

CVE-2004-1340

Summary: CVE-2004-1340 affects the libpam-radius-auth package on Debian GNU/Linux 3.0, where the accompanying pam_radius_auth.conf was installed world-readable, potentially exposing secrets to all local users. The issue is Debian-specific (CAN-2004-1340) and was addressed in Debian security advis...

CVE-2004-1340

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pamradiusauth.conf set to be world-readable, which allows local users to obtain sensitive information...

[SECURITY] [DSA 659-1] New libpam-radius-auth packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 659-1 [email protected] http://www.debian.org/security/ Martin Schulze January 26th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 659-1] New libpam-radius-auth packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 659-1 [email protected] http://www.debian.org/security/ Martin Schulze January 26th, 2005 http://www.debian.org/security/faq -...

DEBIAN-CVE-2004-1340

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pamradiusauth.conf set to be world-readable, which allows local users to obtain sensitive information...

CVE-2004-1340

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pamradiusauth.conf set to be world-readable, which allows local users to obtain sensitive information...