CVE-2004-1340

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pamradiusauth.conf set to be world-readable, which allows local users to obtain sensitive information...

CVE-2004-1340

Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pamradiusauth.conf set to be world-readable, which allows local users to obtain sensitive information...

exim.pl.txt

This proof-of-concept demonstrates the existence of the vulnerability reported by iDEFENSE iDEFENSE Security Advisory 01.14.05. In this report it was explained that a sequence like the one below did overflowed some internal buffer: /usr/bin/exim -bh ::%Aperl -e 'print pack'L',0xdeadbeef x 256' It...

Exim 4.41 - 'dns_build_reverse' Local Buffer Overflow

/ This proof-of-concept demonstrates the existence of the vulnerability reported by iDEFENSE iDEFENSE Security Advisory 01.14.05. It has been tested against exim-4.41 under Debian GNU/Linux. Note that setuid is not included in the shellcode to avoid script-kidding. My RET is 0xbffffae4, but fb.pl...

[SECURITY] [DSA 638-1] New gopher packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 638-1 [email protected] http://www.debian.org/security/ Martin Schulze January 13th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 637-1] New exim-tls packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 637-1 [email protected] http://www.debian.org/security/ Martin Schulze January 13th, 2005 http://www.debian.org/security/faq -...

[SA13771] Debian lintian Insecure Temporary File Deletion Security Issue

TITLE: Debian lintian Insecure Temporary File Deletion Security Issue SECUNIA ADVISORY ID: SA13771 VERIFY ADVISORY: http://secunia.com/advisories/13771/ CRITICAL: Not critical IMPACT: Privilege escalation WHERE: Local system OPERATING SYSTEM: Debian GNU/Linux 3.0 http://secunia.com/product/143/...

[SECURITY] [DSA 626-1] New tiff packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 626-1 [email protected] http://www.debian.org/security/ Martin Schulze January 6th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 622-1] New htmlheadline package fixes insecure temporary files

-------------------------------------------------------------------------- Debian Security Advisory DSA 622-1 [email protected] http://www.debian.org/security/ Martin Schulze January 3rd, 2005 http://www.debian.org/security/faq -...

CVE-2004-1343

CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service server crash...

CVE-2004-2569

ipmenu 0.0.3 before Debian GNU/Linux ipmenu0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file...

CVE-2004-1343

CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service server crash...

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

[SECURITY] [DSA 601-1] New libgd1 packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 601-1 [email protected] http://www.debian.org/security/ Martin Schulze November 29th, 2004 http://www.debian.org/security/faq -...

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

CVE-2004-0911

telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service free of an invalid pointer, a different vulnerability than CVE-2001-0554...

[SECURITY] [DSA 568-1] New cyrus-sasl-mit packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 568-1 [email protected] http://www.debian.org/security/ Martin Schulze October 16th, 2004 http://www.debian.org/security/faq -...