816 matches found
[SECURITY] New version of nis released
------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman October 28, 1999 - ------------------------------------------------------------------------ The nis package that was distributed...
CVE-1999-0374
Debian GNU/Linux cfengine package is susceptible to a symlink attack...
Debian GNU/Linux 2.1r3 fixes reported security problems
Attachment: pgpLDjOf8BC9y.pgp Description: PGP message...
Debian GNU/Linux 2.1r3 fixes reported security problems
Attachment: pgpLDjOf8BC9y.pgp Description: PGP message...
Debian GNU/Linux 2.1r3 fixes reported security problems
re.Match object; span=1792, 2833, match=!--X-Head-of-Message--\nul\nliemTo/em:...
[SECURITY] New versions of cron fixes possible root exploit
Debian Security Advisory [email protected] http://www.debian.org/security/ Martin Schulze August 30, 1999 Red Hat has recently released a Security Advisory RHSA-1999:030-01 covering a reverse denial of service bug in the vixie cron package. As user you could restart sendmail even if the host...
[SECURITY] New versions of cron fixes possible root exploit
---------------------------------------------------------------------------- Debian Security Advisory [email protected] http://www.debian.org/security/ Martin Schulze August 30, 1999 ---------------------------------------------------------------------------- Red Hat has recently released a...
[SECURITY] New versions of epic4 fixes possible DoS vulnerability
--------------------------------------------------------------------------- Debian Security Advisory [email protected] http://www.debian.org/security/ Martin Schulze August 26, 1999 --------------------------------------------------------------------------- We have received a report from the...
RedHat Linux 4.25.26.0 S.u.S.E Linux 6.06.1 - Cron Buffer Overflow (2)
RedHat Linux 4.25.26.0 S.u.S.E Linux 6.06.1 - Cron Buffer Overflow 2 // source: https://www.securityfocus.com/bid/602/info The version of Vixie cron that ships with RedHat versions 4.2, 5.2 and 6.0 is vulnerable to a local buffer overflow attack. By utilizing the MAILTO environment variable, a...
[SECURITY] New versions of trn fixes /tmp race
All former versions of trn used a hardcoded filename in /tmp as temporary storage. If the file already exists as symbolic link to users files they will be overwritten. We recommend you upgrade your man2html package as soon as possible. wget url will fetch the file for you dpkg -i file.deb will...
[SECURITY] New versions of man2html fixes postinst glitch
Former versions of man2html uses a static file in /tmp for writing. This can lead into overwriting system files if a malicious user has created a symbolic link to it before upgrading man2html. We recommend you upgrade your man2html package as soon as possible. wget url will fetch the file for you...
[SECURITY] New versions of smtp-refuser fixes security hole
This bug was experienced in May 1999 but wasnt reported on this channel yet. Former versions of the smtp-refuser package came with unchecked logging facility to /tmp/log. This allowed deleting arbitrary, root-owned files by any user who has write access to /tmp. We recommend you upgrade your...
[SECURITY] New versions of trn fixes /tmp race
All former versions of trn used a hardcoded filename in /tmp as temporary storage. If the file already exists as symbolic link to users files they will be overwritten. We recommend you upgrade your man2html package as soon as possible. wget url will fetch the file for you dpkg -i file.deb will...
[SECURITY] New versions of termcap-compat fixes buffer overflow
We have received a report that former versions of libtermcap contained an exploitable buffer overflow. Debian itself is not exploitable by this bug since termcap was abandoned in favour of terminfo long ago. However, if you have compiled your own programs using termcap or have installed third par...
[SECURITY] New versions of rsync fixes security hole
This is an old report from May 1999 but it wasnt reported on this channel yet. The author of rsync, Andrew Tridgell, has reported that former versions of rsync contained a security-related bug. I you were transferring an empty directory into a non-existent directory on a remote host, permissions ...
ftpwatch.txt
Date: Sun, 17 Jan 1999 11:48:22 -0400 From: Jamie Fifield Reply-To: [email protected] To: [email protected] Subject: SECURITY ftpwatch package has major security problems -----BEGIN PGP SIGNED MESSAGE----- We have found that the ftpwatch package as distributed in Debian GNU/Linux 1.3 and lat...
man-db.zsoelim.symlink.txt
Date: Sat, 12 Jun 1999 14:57:37 -0700 From: [email protected] Reply-To: [email protected] Subject: New version of man-db fixes symlink attack in zsoelim -----BEGIN PGP SIGNED MESSAGE----- We have received reports that the man-db package as supplied in Debian GNU/Linux 2....
Debian 2.1 - Print Queue Control
Debian 2.1 - Print Queue Control // source: https://www.securityfocus.com/bid/508/info The LPRng software is an enhanced, extended, and portable version of the Berkeley LPR software the standard UNIX printer spooler that ships with Debian GNU/Linux. When root controls the print queue, the...
IMAP pop-2d POP Daemon FOLD Command Remote Overflow
There is a buffer overflow in the imap suite provided with Debian GNU/Linux 2.1, which has a vulnerability in its POP-2 daemon, found in the ipopd package. This vulnerability allows an attacker to gain a shell as user 'nobody', but requires the attacker to have a valid pop2 account. C Tenable...
Debian 2.1 - HTTPd
Debian 2.1 - HTTPd source: https://www.securityfocus.com/bid/318/info The Debian GNU/Linux 2.1 apache package by default allows anyone to view /usr/doc via the web, remotely. This is because srm.conf is preconfigured with the line: Alias /doc/ /usr/doc/ Boa is also preconfigured this way. lynx...