Amazon Linux AMI : php (ALAS-2012-95)

Integer overflow in the pharparsetarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow...

GLSA-201309-01 : Cyrus-SASL: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201309-01 Cyrus-SASL: Denial of Service In the GNU C Library glibc from version 2.17 onwards, the crypt function call can return NULL when the salt violates specifications or the system is in FIPS-140 mode and a DES or MD5 hashed...

Cyrus-SASL: Denial of service

Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description In the GNU C Library glibc from version 2.17 onwards, the crypt function call can return NULL when the salt violates specifications or the system is in FIPS-140 mode and a DES or MD5 hashed...

Updated xlockmore package fixes security vulnerability

xlockmore before 5.43 contains a security flaw related to potential NULL pointer dereferences when authenticating via glibc 2.17+'s crypt function. Under certain conditions the NULL pointers can trigger a crash in xlockmore effectively bypassing the screen lock CVE-2013-4143...

CVE-2013-4122

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt or, when FIPS-140...

UBUNTU-CVE-2013-4122

Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt or, when FIPS-140...

xdm -- remote denial of service

nvd.nist.gov reports X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service NULL pointer dereference and crash by attempting to log int...

SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6697)

This update provides PostgreSQL 8.3.20. As part of this update, the packaging scheme has been changed to accomodate an optional parallel installation of newer PostgreSQL versions. The changes in 8.3.20 are : - Prevent access to external files/URLs via XML entity references. xmlparse would attempt...

SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6440)

PHP5 was updated with incremental fixes to the previous update. - Additional unsafe cgi wrapper scripts are also fixed now. CVE-2012-2335 - Even more commandline option handling is filtered, which could lead to crashes of the php interpreter. CVE-2012-2336 - heap-based buffer overflow in php's ph...

John the Ripper Linux Password Cracker

This module uses John the Ripper to identify weak passwords that have been acquired from unshadowed passwd files from Unix systems. The module will only crack MD5, BSDi and DES implementations by default. Set Crypt to true to also try to crack Blowfish and SHA256/512. Warning: This is much slower...

PostgreSQL 8.3 < 8.3.19 / 8.4 < 8.4.12 / 9.0 < 9.0.8 / 9.1 < 9.1.4 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 8.3.x prior to 8.3.19, 8.4.x prior to 8.4.12, 9.0.x prior to 9.0.8, or 9.1.x prior to 9.1.4. As such, it is potentially affected by multiple vulnerabilities : - Passwords containing the byte 0x80 passed to the crypt function in pgcrypto ar...

Authentication flaw

The Debian phpcryptrevamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty...

CVE-2012-2317

CVE-2012-2317 concerns a vulnerability in the Debian/Ubuntu patch for PHP 5.3.x where an empty salt string is not handled properly by the crypt() password hashing path. This could let remote attackers bypass authentication if an application relies on PHP’s crypt() salt selection. Affected package...

Mandriva Update for postgresql MDVSA-2012:092 (postgresql)

Check for the Version of postgresql OpenVAS Vulnerability Test Mandriva Update for postgresql MDVSA-2012:092 postgresql Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

Mandriva Update for postgresql MDVSA-2012:092 (postgresql)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for php MDVSA-2012:093 (php)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Scientific Linux Security Update : postgresql on SL4.x, SL5.x, SL6.x i386/x86_64

PostgreSQL is an advanced object-relational database management system DBMS. A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII...

Scientific Linux Security Update : postgresql84 on SL5.x i386/x86_64

PostgreSQL is an advanced object-relational database management system DBMS. A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII...

Scientific Linux Security Update : postgresql on SL5.x i386/x86_64 (20120625)

PostgreSQL is an advanced object-relational database management system DBMS. A flaw was found in the way the crypt password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed...

CentOS Update for php53 CESA-2011:1423 centos5 x86_64

Check for the Version of php53 OpenVAS Vulnerability Test CentOS Update for php53 CESA-2011:1423 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...