J-Pilot Permissions Vulnerability

J-Pilot automatically creates a ".jpilot" directory in the user's home directory to store preferences and backed up PalmOS device data. The permissions for this directory are mode 755, and files in the directory are mode 644; this allows anyone with only minimal access to the user's home director...

[SECURITY] New Debian cron packages released

Package: cron Vulnerability: local priviledge escalation Debian-specific: no Vulnerable: yes The version of Vixie Cron shipped with Debian GNU/Linux 2.2 is vulnerable to a local attack, discovered by Michal Zalewski. Several problems, including insecure permissions on temporary files and race...

Trustix security advisory - apache-ssl

Hi Due to a typo in the rpm spec file for apache-ssl, /usr/sbin/httpsd on a Trustix system will be installed with mode 756 instead of 755, making a binary file that will be run by root world writable. It should not be necessary to explain why this is an extremely bad thing. How this bug slipped...

WU-FTPD 2.4.2/2.5 .0/2.6.0/2.6.1/2.6.2 - FTP Conversion

source: https://www.securityfocus.com/bid/2240/info Some FTP servers provide a "conversion" service that pipes a requested file through a program, for example a decompression utility such as "tar", before it is passed to the remote user. Under some configurations where this is enabled a remote us...