1661 matches found
[SECURITY] [DSA-055-1] gftp remote exploit
Package : gftp Problem type : printf format attack Debian-specific: no The gftp package as distributed with Debian GNU/Linux 2.2 has a problem in its logging code: it logged data received from the network but it did not protect itself from printf format attacks. An attacker can use this by making...
[SECURITY] [DSA-054-1] cron local root exploit
Package : cron Problem type : local root exploit Debian-specific: no A recent fall 2000 security fix to cron introduced an error in giving up privileges before invoking the editor. A malicious user could easily gain root access. This has been fixed in version 3.0pl1-57.3 or 3.0pl1-67 for unstable...
CVE-2001-0069
CVE-2001-0069 affects the Debian GNU/Linux package dialog prior to version 0.9a-20000118-3bis. The vulnerability is a symlink attack that allows a local user to overwrite arbitrary files. The issue arises from a race condition involving symlinks, enabling manipulation of file targets by a non-pri...
CVE-2001-0069
dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack...
CVE-2001-0195
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking...
[SECURITY] [DSA-053-1] nedit symlink attack
Package : nedit Problem type : insecure temporary file Debian-specific: no The nedit Nirvana editor package as shipped in the non-free section accompanying Debian GNU/Linux 2.2/potato had a bug in its printing code: when printing text it would create a temporary file with the to be printed text a...
[SECURITY] [DSA-047-1] multiple kernel problems
Package : various kernel packages Problem type : multiple Debian-specific: no The kernels used in Debian GNU/Linux 2.2 have been found to have multiple security problems. This is a list of problems based on the 2.2.19 release notes as found on http://www.linux.org.uk/ : binfmtmisc used user pages...
[SECURITY] [DSA-047-1] multiple kernel problems
-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory DSA-047-1 [email protected] http://www.debian.org/security/ Wichert Akkerman April 16, 2001 -...
[SECURITY] [DSA-046-1] exuberant-ctags uses insecure temporary files
Package : exuberant-ctags Problem type : insecure temporary files Debian-specific: no Colin Phipps discovered that the exuberant-ctags packages as distributed with Debian GNU/Linux 2.2 creates temporary files insecurely. This has been fixed in version 1:3.2.4-0.1 of the Debian package, and upstre...
[DSA-045-2] New version of ntp released
---------------------------------------------------------------------------- Debian Security Advisory DSA-045-2 [email protected] http://www.debian.org/security/ Michael Stone April 9, 2001 - ---------------------------------------------------------------------------- Package: ntp...
[SECURITY] [DSA-044-1] mailx local exploit
Package : mailx Problem type : buffer overflow Debian-specific: no The mail program a simple tool to read and send email as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code. Since mail is installed setgid mail by default this allowed local users to use it to...
[SECURITY] [DSA 038-1] New version of sgml-tools available
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------------- Debian Security Advisory DSA-038-1 [email protected] http://www.debian.org/security/ Martin Schulze March 8, 2001 -...
[SECURITY] [DSA 035-1] New version of man2html available
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------------- Debian Security Advisory DSA-035-1 [email protected] http://www.debian.org/security/ Martin Schulze March 7, 2001 -...
[SECURITY] [DSA-040-1] slrn buffer overflow
Package : slrn Problem type : buffer overflow Debian-specific: no Bill Nottingham reported a problem in the wrapping/unwrapping functions of the slrn newsreader. A long header in a message might overflow a buffer and which could result into executing arbitraty code encoded in the message. The...
[SECURITY] [DSA-039-1] glibc local file overwrite problems
Package : glibc Problem type : local file overwrite Debian-specific: no The version of GNU libc that was distributed with Debian GNU/Linux 2.2 suffered from 2 security problems: It was possible to use LDPRELOAD to load libraries that are listed in /etc/ld.so.cache, even for suid programs. This...
[SECURITY] [DSA 037-1] New versions of Athena Widget replacement libraries available
---------------------------------------------------------------------------- Debian Security Advisory DSA-037-1 [email protected] http://www.debian.org/security/ Martin Schulze March 7, 2001 - ---------------------------------------------------------------------------- Package : nextaw, xaw3d,...
[SECURITY] [DSA 035-1] New version of man2html available
---------------------------------------------------------------------------- Debian Security Advisory DSA-035-1 [email protected] http://www.debian.org/security/ Martin Schulze March 7, 2001 - ---------------------------------------------------------------------------- Package : man2html...
[SECURITY] [DSA 034-1] New version of ePerl packages available
---------------------------------------------------------------------------- Debian Security Advisory DSA-034-1 [email protected] http://www.debian.org/security/ Martin Schulze March 7, 2001 - ---------------------------------------------------------------------------- Package : ePerl...
[SECURITY] [DSA 031-2] New sudo packages for powerpc available
---------------------------------------------------------------------------- Debian Security Advisory DSA-031-2 [email protected] http://www.debian.org/security/ Martin Schulze March 6, 2001 - ---------------------------------------------------------------------------- Package : sudo...
[SECURITY] [DSA 011-2] New mgetty packages for m68k and powerpc available
---------------------------------------------------------------------------- Debian Security Advisory DSA-011-2 [email protected] http://www.debian.org/security/ Martin Schulze March 6, 2001 - ---------------------------------------------------------------------------- Package : mgetty...