openssh security update

4.3p2-36.2 - minimize chroot patch to be compatible with upstream 522141...

openssh security update

CentOS Errata and Security Advisory CESA-2009:1287 Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's...

openssh security, bug fix, and enhancement update

4.3p2-36 - tiny change in chroot sftp capability into openssh-server solve ls speed problem 440240 4.3p2-35 - workaround to plaintext recovery attack against CBC ciphers CVE-2008-5161 502230 4.3p2-34 - disable protocol 1 in the FIPS mode 4.3p2-33 - fix scp hangup on exit 454812 - call integrity...

Low: Red Hat Security Advisory: openssh security, bug fix, and enhancement update

Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure Shell protocol implementation. These...

RHEL 5 : openssh (RHSA-2009:1287)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2009:1287 advisory. OpenSSH is OpenBSD's SSH Secure Shell protocol implementation. These packages include the core files necessary for both the OpenSSH client and server...

FreeBSD ftpd 'setusercontext()'远程特权提升漏洞

Bugraq ID: 36119 FreeBSD是一款开放源代码基于BSD的操作系统。 FreeBSD 'ftpd'存在远程特权提升问题，远程攻击者可以利用漏洞突破chroot封锁获得系统敏感信息或进行拒绝服务攻击。 BSD传承的操作系统一般都包含用于设置用户上下文的函数，如 FreeBSD 5.0和7.0包含的setusercontext函数： setusercontextlc, pw, uidt0, LOGINSETLOGIN|LOGINSETGROUP|LOGINSETPRIORITY| LOGINSETRESOURCES|LOGINSETUMASK;...

FreeBSD ftpd setusercontext()远程权限提升漏洞

BUGTRAQ ID: 36119 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD及其他一些BSD系统有一个用于设置用户上下文的功能，如FreeBSD中的setusercontext函数： setusercontextlc, pw, uidt0, LOGINSETLOGIN|LOGINSETGROUP|LOGINSETPRIORITY| LOGINSETRESOURCES|LOGINSETUMASK; 其中的LOGINSETRESOURCES设置允许用户设置资源。根据用户手册所述： LOGINSETRESOURCES...

Multiple BSD Operating Systems setusercontext() Vulnerabilities

No description provided by source. BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeBSD 5.0 and 7.0. An example from...

[email protected]

BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeBSD 5.0 and 7.0. An example from ftpd.c : setusercontextlc, pw, uidt0,...

Multiple BSD Operating Systems setusercontext() Vulnerabilities

Exploit for multiple platform in category local exploits =============================================================== Multiple BSD Operating Systems setusercontext Vulnerabilities =============================================================== BSD setusercontext vulnerabilites discovered by...

BSD (Multiple Distributions) - 'setusercontext()' Multiple Vulnerabilities

BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeBSD 5.0 and 7.0. An example from ftpd.c : setusercontextlc, pw, uidt0,...

BSD (Multiple Distributions) - setusercontext() Multiple Vulnerabilities

BSD Multiple Distributions - setusercontext Multiple Vulnerabilities BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeB...

BSD setusercontext Vulnerabilities

BSD setusercontext vulnerabilites discovered by Kingcope, July 2009 lewls XD Let's go.. BSD derived operating systems have a special function to set a "user context". The function setusercontext is available on for example FreeBSD 5.0 and 7.0. An example from ftpd.c : setusercontextlc, pw, uidt0,...

CentOS Security Advisory CESA-2009:1180 (bind)

The remote host is missing updates to bind announced in advisory CESA-2009:1180. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Gentoo Security Advisory GLSA 200907-10 (syslog-ng)

The remote host is missing updates announced in advisory GLSA 200907-10. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

GLSA-200907-10 : Syslog-ng: Chroot escape

The remote host is affected by the vulnerability described in GLSA-200907-10 Syslog-ng: Chroot escape Florian Grandel reported that Syslog-ng does not call chdir before chroot which leads to an inherited file descriptor to the current working directory. Impact : A local attacker might exploit a...

Syslog-ng: Chroot escape

Background Syslog-ng is a flexible and scalable system logger. Description Florian Grandel reported that Syslog-ng does not call chdir before chroot which leads to an inherited file descriptor to the current working directory. Impact A local attacker might exploit a separate vulnerability in...

MDVA-2009:019 : glibc

The glibc packages released with Mandriva Linux 2008 and Mandriva Linux 2008 Spring had the /etc/ld.so.conf file using relative paths to include other config files at /etc/ld.so.conf.d, breaking usage of ldconfig -r, for example when you have chroot environments. This update fixes ld.so.conf to u...

FreeBSD : rssh -- file name disclosure bug (a4815970-c5cc-11d8-8898-000d6111a684)

rssh expands command line parameters before invoking chroot. This could result in the disclosure to the client of file names outside of the chroot directory. A posting by the rssh author explains : The cause of the problem identified by Mr. McCaw is that rssh expanded command-line arguments prior...

Mandriva Update for postfix MDKA-2007:079 (postfix)

Check for the Version of postfix OpenVAS Vulnerability Test Mandriva Update for postfix MDKA-2007:079 postfix Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...