816 matches found
CVE-2008-5142
The affected component is sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux. It is vulnerable to a local, pre-auth race where an attacker can overwrite arbitrary files through a symlink attack on a /tmp/pr.##### temporary file, indicating a local-privilege escalation/vector due to insecure ...
[SECURITY] [DSA 1660-1] New clamav packages fix denial of service
------------------------------------------------------------------------ Debian Security Advisory DSA-1660-1 [email protected] http://www.debian.org/security/ Florian Weimer October 26, 2008 http://www.debian.org/security/faq -...
Memory corruption
The i915 driver in 1 drivers/char/drm/i915dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and 2 sys/dev/pci/drm/i915drv.c in OpenBSD does not restrict the DRMI915HWSADDR ioctl to the Direct Rendering Manager DRM master, which allows local users to cause a denial of service memory corruption...
CVE-2008-3831
The i915 driver in 1 drivers/char/drm/i915dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and 2 sys/dev/pci/drm/i915drv.c in OpenBSD does not restrict the DRMI915HWSADDR ioctl to the Direct Rendering Manager DRM master, which allows local users to cause a denial of service memory corruption...
CVE-2008-4553
qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories...
CVE-2008-4553
qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories...
CVE-2008-4553
qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories...
Design/Logic Flaw
qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories...
CVE-2008-4553
CVE-2008-4553 affects qemu, specifically the qemu-make-debian-root script, where temporary files are created insecurely. This local vulnerability in qemu 0.9.1-5 on Debian GNU/Linux allows a symlink attack to overwrite arbitrary files, potentially enabling local denial of service. Debian DSAs and...
[SECURITY] [DSA-1646-1] New squid packages fix array bounds check
------------------------------------------------------------------------ Debian Security Advisory DSA-1646-1 [email protected] http://www.debian.org/security/ Devin Carraway October 07, 2008 http://www.debian.org/security/faq -...
CVE-2008-4126
PyDNS aka python-dns before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this...
CVE-2008-4099
PyDNS aka python-dns before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447...
CVE-2008-4099
PyDNS aka python-dns before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447...
CVE-2008-4099
PyDNS aka python-dns before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447...
CVE-2008-4126
PyDNS aka python-dns before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this...
Design/Logic Flaw
PyDNS aka python-dns before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this...
CVE-2008-4099
PyDNS aka python-dns before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447...
CVE-2008-4099
The CVE-2008-4099 entry concerns PyDNS (python-dns) in Debian GNU/Linux prior to 2.3.1-4, where DNS requests did not randomize source ports or transaction IDs. This omission facilitates spoofed DNS responses by remote attackers, representing a DNS cache-poisoning risk. Debian has updated the pack...
CVE-2008-4126
Technical details for CVE-2008-4126 are not provided in the connected documents; the initial description summarizes the issue but no vendor/version/context is given here. Monitor for updates.
[SECURITY] [DSA 1634-1] New wordnet packages fix arbitrary code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1634-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 01, 2008 http://www.debian.org/security/faq -...