[SA13771] Debian lintian Insecure Temporary File Deletion Security Issue

TITLE: Debian lintian Insecure Temporary File Deletion Security Issue SECUNIA ADVISORY ID: SA13771 VERIFY ADVISORY: http://secunia.com/advisories/13771/ CRITICAL: Not critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: Debian GNU/Linux 3.0 http://secunia.com/product/143/...

[SECURITY] [DSA 626-1] New tiff packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 626-1 [email protected] http://www.debian.org/security/ Martin Schulze January 6th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 622-1] New htmlheadline package fixes insecure temporary files

-------------------------------------------------------------------------- Debian Security Advisory DSA 622-1 [email protected] http://www.debian.org/security/ Martin Schulze January 3rd, 2005 http://www.debian.org/security/faq -...

CVE-2004-1343

CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service server crash...

CVE-2004-0984

Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges...

CVE-2004-2569

ipmenu 0.0.3 before Debian GNU/Linux ipmenu0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file...

CVE-2004-0984

Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges...

CVE-2004-1343

CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service server crash...

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

[SECURITY] [DSA 601-1] New libgd1 packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 601-1 [email protected] http://www.debian.org/security/ Martin Schulze November 29th, 2004 http://www.debian.org/security/faq -...

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

[SECURITY] [DSA 587-1] New freeam packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 587-1 [email protected] http://www.debian.org/security/ Martin Schulze November 8th, 2004 http://www.debian.org/security/faq -...

CVE-2004-0911

telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service free of an invalid pointer, a different vulnerability than CVE-2001-0554...

CVE-2004-0911

telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service free of an invalid pointer, a different vulnerability than CVE-2001-0554...

[SECURITY] [DSA 568-1] New cyrus-sasl-mit packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 568-1 [email protected] http://www.debian.org/security/ Martin Schulze October 16th, 2004 http://www.debian.org/security/faq -...

Debian DSA-057-1 : gftp - printf format attack

The gftp package as distributed with Debian GNU/Linux 2.2 has a problem in its logging code: it logged data received from the network but it did not protect itself from printf format attacks. An attacker can use this by making an FTP server return special responses that exploit this. %NASLMINLEVE...

Debian DSA-262-1 : samba - remote exploit

Sebastian Krahmer of the SuSE security audit team found two problems in samba, a popular SMB/CIFS implementation. The problems are : - a buffer overflow in the SMB/CIFS packet fragment re-assembly code used by smbd. Since smbd runs as root an attacker can use this to gain root access to a machine...