Slackware Advisory SSA:2004-124-01 rsync update

The remote host is missing an update as announced via advisory SSA:2004-124-01. OpenVAS Vulnerability Test $Id: esoftslkssa200412401.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

FreeBSD : rssh -- configuration restrictions bypass (a4598875-ec91-11e1-8bd8-0022156e8794)

Derek Martin rssh maintainer reports : John Barber reported a problem where, if the system administrator misconfigures rssh by providing too few access bits in the configuration file, the user will be given default permissions scp to the entire system, potentially circumventing any configured...

Scientific Linux Security Update : libcap on SL6.x i386/x86_64

The libcap packages provide a library and tools for getting and setting POSIX capabilities. It was found that capsh did not change into the new root when using the '--chroot' option. An application started via the 'capsh --chroot' command could use this flaw to escape the chroot restrictions...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

These new kernel packages fix the following security issues : A flaw was found in the virtual filesystem VFS. An unprivileged local user could truncate directories to which they had write permission; this could render the contents of the directory inaccessible. CVE-2008-0001, Important A flaw was...

Scientific Linux Security Update : openssh on SL5.x i386/x86_64

CVE-2008-5161 OpenSSH: Plaintext Recovery Attack against CBC ciphers A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciphertext block when a CBC mode cipher was used to encrypt SSH...

Scientific Linux Security Update : rsync on SL5.x i386/x86_64

rsync is a program for synchronizing files over a network. A flaw was found in the way the rsync daemon handled the 'filter', 'exclude', and 'exclude from' options, used for hiding files and preventing access to them from rsync clients. A remote attacker could use this flaw to bypass those...

SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4472)

This kernel update fixes the following security problems : - It was possible for local user to become root by exploiting a bug in the IA32 system call emulation. This affects x8664 platforms with kernel 2.4.x and 2.6.x before 2.6.22.7 only. CVE-2007-4573 - An information disclosure vulnerability ...

FreeBSD Security Advisory (FreeBSD-SA-11:07.chroot.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-11:07.chroot.asc ADV FreeBSD-SA-11:07.chroot.asc OpenVAS Vulnerability Test $ Description: Auto generated from ADV FreeBSD-SA-11:07.chroot.asc Authors: Thomas Reinke Copyright: Copyright c 2012...

FreeBSD Security Advisory (FreeBSD-SA-11:07.chroot.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-11:07.chroot.asc SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

FreeBSD Security Advisory FreeBSD-SA-11:07.chroot

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:07.chroot Security Advisory The FreeBSD Project Topic: Code execution via chrooted ftpd Category: core Module: libc Announced: 2011-12-23 Affects: All supporte...

FreeBSD : proftpd -- arbitrary code execution vulnerability with chroot (022a4c77-2da4-11e1-b356-00215c6a37bb)

The FreeBSD security advisory FreeBSD-SA-11:07.chroot reports : If ftpd is configured to place a user in a chroot environment, then an attacker who can log in as that user may be able to run arbitrary code.... Proftpd shares the same problem of a similar nature. %NASLMINLEVEL 70300 C Tenable...

FreeBSD Chrooted 'ftpd'远程特权提升漏洞

Bugtraq ID: 51185 FreeBSD是一款基于BSD的操作系统。 chroot在系统中发挥了根目录的切换工作，chroot2系统调用广泛用于多个应用，用于限制进程对文件系统的访问 nsdispatch3 API实现提供按需重装载它配置的功能，此功能也可以通过配置文件请求来装载共享库并运行库提供的代码 nsdispatch3 API没有任何机制对操作是否在chroot环境中进行告警，在其中的配置文件和共享库的标准路径不可信，FreeBSD ftpd8守护程序以chroot2配置并使用了nsdispatch3 API...

FreeBSD-SA-11:07.chroot

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-11:07.chroot Security Advisory The FreeBSD Project Topic: Code execution via chrooted ftpd Category: core Module: libc Announced: 2011-12-23 Affects: All supporte...

[ MDVSA-2011:185 ] libcap

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:185 http://www.mandriva.com/security/ Package : libcap Date : December 12, 2011 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in libcap...

Mandriva Update for libcap MDVSA-2011:185 (libcap)

Check for the Version of libcap OpenVAS Vulnerability Test Mandriva Update for libcap MDVSA-2011:185 libcap Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Mandriva Update for libcap MDVSA-2011:185 (libcap)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

libcap security and bug fix update

2.16-5.5 - remove some obsolete parameters from capsh manpage 2.16-5.4 - add capsh manpage 730957 2.16-5.3 - make sure to chdir '/' after calling chroot http://cwe.mitre.org/data/definitions/243.html...

SuSE 11.1 Security Update : libcap (SAT Patch Number 5380)

The following bug has been fixed : - capsh did not chdir'/' after calling chroot. Programs could therefore access the current directory outside of the chroot. CVE-2011-4099 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Low: Red Hat Security Advisory: libcap security and bug fix update

Updated libcap packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

FreeBSD libc code execution

lib/nsscompat.so.1 library in chroot environment is loaded. Vulnerability is used in-the-wild remotely against FTP-servers...