Debian DSA-1883-1 : nagios2 - missing input sanitising

Several vulnerabilities have been found in nagios2, a host/service/network monitoring and management system. The Common Vulnerabilities and Exposures project identifies the following problems : Several cross-site scripting issues via several parameters were discovered in the CGI scripts, allowing...

Debian Lintian多个本地安全漏洞

Bugraq ID: 37975 CVE ID：CVE-2009-4013 CVE-2009-4014 CVE-2009-4015 Debian Lintian是一款软件包检查程序。 Debian Lintian存在多个安全漏洞，本地攻击者可以利用这些漏洞执行任意代码或者提升特权或获得敏感信息。 CVE-2009-4013：控制文件过滤缺失 CNCVE ID：CNCVE-20094013 CNCVE-20094014 CNCVE-20094015 CNCVE-20094013 控制字段名称和值在使用前没有充分过滤，在部分操作下可导致目录遍历。 Patch...

DBD::Pg BYTEA值内存泄漏拒绝服务漏洞

BUGTRAQ ID: 34757 CVE ID：CVE-2009-1341 DBD::Pg是一款用于PostgreSQL数据库访问的DBI驱动模块。 DBD::Pg从数据中返回的未加引号BYTEA值可导致函数内存泄漏，远程攻击者可以利用漏洞使应用程序崩溃。 目前没有详细漏洞细节提供。 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4...

DBD::Pg 'pg_getline()'和'getline()'堆缓冲区溢出漏洞

BUGTRAQ ID: 34755 CVE ID：CVE-2009-0663 DBD::Pg是一款用于PostgreSQL数据库访问的DBI驱动模块。 DBD::Pg存在基于堆的缓冲区溢出，远程攻击者可以利用漏洞执行任意代码。 使用pggetline和getline函数可从数据库中读取行信息的应用程序可通过触发堆溢出而执行任意代码。 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux...

Debian DSA-1742-1 : libsndfile - integer overflow

Alan Rad Pop discovered that libsndfile, a library to read and write sampled audio data, is prone to an integer overflow. This causes a heap-based buffer overflow when processing crafted CAF description chunks possibly leading to arbitrary code execution. %NASLMINLEVEL 70300 C Tenable Network...

Debian DSA-1692-1 : php-xajax - insufficient input sanitising

It was discovered that php-xajax, a library to develop Ajax applications, did not sufficiently sanitise URLs, which allows attackers to perform cross-site scripting attacks by using malicious URLs. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in thi...

Lighttpd URI重写/重定向信息泄露漏洞

BUGTRAQ ID: 31599 CVE ID：CVE-2008-4359 CNCVE ID：CNCVE-20084359 Lighttpd是一款开放源代码的WEB服务器程序。 Lighttpd存在设计问题，远程攻击者可以利用漏洞获得敏感信息。 lighttpd 1.4.19和1.5.0之前的其他版本，在匹配重定向和重写模式之前没有对URL进行解码，可导致攻击者使用编码URL绕过重写规则。如果这些规则用于隐藏部分URL可导致安全问题。 lighttpd lighttpd 1.4.19 lighttpd lighttpd 1.4.18 lighttpd lighttpd 1.4.17...

Lighttpd 'mod_userdir'大小写区分对比安全绕过漏洞

BUGTRAQ ID: 31600 CVE ID：CVE-2008-4360 CNCVE ID：CNCVE-20084360 Lighttpd是一款开放源代码的WEB服务器程序。 Lighttpd 'moduserdir'模块存在安全绕过问题，远程攻击者可以利用漏洞绕过部分安全限制，获得敏感信息。 lighttpd...

LibTIFF 'tif_lzw.c'远程整数下溢漏洞

BUGTRAQ ID:30832 CVE ID：CVE-2008-2327 CNCVE ID：CNCVE-20082327 LibTiff是一款负责对TIFF图象格式进行编码/解码的应用库。 LibTIFF 'tiflzw.c'存在整数下溢问题，远程攻击者可以利用漏洞以链接此库的应用程序权限执行任意指令。 libtiff/tiflzw.c代码中的"LZWDecode"和"LZWDecodeCompat"函数存在错误，通过构建特殊的TIFF文件，诱使用户访问，可触发缓冲区下溢，导致以链接此库的应用程序权限执行任意指令。 LibTIFF LibTIFF 3.8.2 + Debian Linu...

Linux Kernel 'snd_seq_oss_synth_make_info()' Information Disclosure Vulnerabilit

CVE-2008-3272 The Linux kernel is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Versions prior to Linux kernel 2.6.27-rc2 are vulnerable. Linux kernel 2.6.27 -rc1 Debian Linux 4.0 sparc...

Debian DSA-1601-1 : wordpress - several vulnerabilities

Several remote vulnerabilities have been discovered in Wordpress, the weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1599 WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain...

PHP 5 'chdir()'和'ftok()' 'safe_mode'安全绕过漏洞

BUGTRAQ ID: 29796 CVE ID：CVE-2008-2666 CNCVE ID：CNCVE-20082666 PHP 5是一款开放源代码的网络编程语言。 PHP 5 'chdir'和'ftok'函数存在'safemode绕过问题，远程攻击者可以利用漏洞在未授权位置检测文件是否存在等敏感信息。 问题代码如下： - --- PHPFUNCTIONchdir char str; int ret, strlen; if zendparseparametersZENDNUMARGS TSRMLSCC, "s", &str, &strlen == FAILURE RETURNFALS...

Debian DSA-1579-1 : netpbm-free - insufficient input sanitizing

A vulnerability was discovered in the GIF reader implementation in netpbm-free, a suite of image manipulation utilities. Insufficient input data validation could allow a maliciously-crafted GIF file to overrun a stack buffer, potentially permitting the execution of arbitrary code. %NASLMINLEVEL...

Debian DSA-1498-1 : libimager-perl - buffer overflow

It was discovered that libimager-perl, a Perl extension for generating 24-bit images, did not correctly handle 8-bit compressed images, which could allow the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...

Debian DSA-1475-1 : gforge - missing input sanitising

Jose Ramon Palanco discovered that a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...

apt-listchanges不安全路径库导入本地SHELL代码执行漏洞

apt-listchanges是一款使用当前安装来对比新版本的工具。 apt-listchanges当导入部分库的时候使用不安全路径，本地攻击者可以利用漏洞以应用程序进程权限执行任意SHELL代码。 目前没有详细漏洞细节提供。 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32...

Debian DSA-1408-1 : kdegraphics - buffer overflow

Alin Rad Pop discovered a buffer overflow in kpdf, which could allow the execution of arbitrary code if a malformed PDF file is displayed. The old stable distribution sarge will be fixed later. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Debian DSA-1407-1 : cupsys - buffer overflow

Alin Rad Pop discovered that the Common UNIX Printing System is vulnerable to an off-by-one buffer overflow in the code to process IPP packets, which may lead to the execution of arbitrary code. The cupsys version in the old stable distribution sarge is not vulnerable to arbitrary code execution...

Debian DSA-1361-1 : postfix-policyd - buffer overflow

It was discovered that postfix-policyd, an anti-spam plugin for postfix, didn't correctly test lengths of incoming SMTP commands potentially allowing the remote execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

Debian DSA-1288-1 : pptpd - programming error

It was discovered that the PoPToP Point to Point Tunneling Server contains a programming error, which allows the tear-down of a PPTP connection through a malformed GRE packet, resulting in denial of service. The oldstable distribution sarge is not affected by this problem. %NASLMINLEVEL 70300 C...