DEBIAN-CVE-2008-5110

syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9...

CVE-2008-5110

syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9...

CVE-2008-5110

syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9...

Security feature bypass

syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9...

CVE-2008-5110

syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9...

CVE-2008-5110

syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9...

CVE-2008-5110

CVE-2008-5110 affects syslog-ng up to version 2.0.x (=2.0.10 or >=2.1.3 (for the 2.0 and 2.1 lines, respectively). Additional references (GLSA 200907-10) describe the local access risk and remediation, and Fedora advisories similarly indicate updates addressing CVE-2008-5110. No explicit in-th...

CVE-2008-4950

gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments...

Gentoo Security Advisory GLSA 200312-03 (rsync)

The remote host is missing updates announced in advisory GLSA 200312-03. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

FreeBSD Ports: rssh

The remote host is missing an update to the system as announced in the referenced advisory. VID e34d0c2e-9efb-11da-b410-000e0c2e438a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Security Advisory (FreeBSD-SA-06:16.smbfs.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:16.smbfs.asc ADV FreeBSD-SA-06:16.smbfs.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft...

FreeBSD Ports: rssh

The remote host is missing an update to the system as announced in the referenced advisory. VID a4815970-c5cc-11d8-8898-000d6111a684 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: rsync

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: rssh

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Security Advisory (FreeBSD-SA-07:01.jail.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-07:01.jail.asc ADV FreeBSD-SA-07:01.jail.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft In...

CVE-2008-3875

The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls...

Sun Solaris内核隐蔽通道建立安全绕过漏洞

BUGTRAQ ID:30880 CNCAN ID：CNCAN-2008082908 Sun Solaris是一款开放源代码的操作系统。 Solaris内核存在安全绕过问题，允许两个处理程序建立一个隐蔽通信通道。 此漏洞允许两个非特权本地用户处理程序建立一个隐蔽通信通道来绕过系统限制，如Solaris可信扩展中的多层安全策略或使用zones5或chroot2实现的冲突策略。 Sun Solaris 9x86 Sun Solaris 9sparc Sun Solaris 9 Sun Solaris 8x86 Sun Solaris 8 Sun Solaris 10x86 Sun Solar...

TIBCO Security Advisory: July 29, 2008 - TIBCOHawk®

TIBCO Hawk® vulnerability Original release date: July 29, 2008 Last revised: -- CVE-2008-3338 Source: TIBCOSoftware Inc. TIBCO Hawk vulnerability Original release date: July 29, 2008 Last revised: -- Source: TIBCO Software Inc. Systems Affected TIBCO Hawk versions below 4.8.1 TIBCO Runtime Agent...

YouTube blog 0.1 - Remote File Inclusion SQL Injection Cross-Site Scripting

YouTube blog 0.1 - Remote File Inclusion SQL Injection Cross-Site Scripting / | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| ||...

modjk1219-overflow.txt

!/usr/bin/python / | || | | | | | | | | /| | | | | || ||| ||||| || C. H. R. O. O. T. SECURITY GROUP - -- ----- --- -- -- ---- --- -- - http://www.chroot.org Hacks In Taiwan | || | | | | | | | Conference 2008 | | | | | | | | | || ||| || |||| http://www.hitcon.org Title =======:: Apache modjk...