Debian DSA-2392-1 : openssl - out-of-bounds read

Antonio Martin discovered a denial-of-service vulnerability in OpenSSL, an implementation of TLS and related protocols. A malicious client can cause the DTLS server implementation to crash. Regular, TCP-based TLS is not affected by this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

MIT Kerberos kadmind版本字符串处理远程拒绝服务漏洞

Bugtraq ID: 47310 Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。MIT Kerberos 5是开源Kerberos实现。 处理部分报文时kadmind存在一个错误，向TCP 749端口发送查询版本的特制报文可使进程释放非法内存指针，使守护程序崩溃。 MIT Kerberos 5 1.8.3 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian...

Debian DSA-2155-1 : freetype - several vulnerabilities

Two buffer overflows were found in the Freetype font library, which could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2155. The text itself is...

Debian DSA-2069-1 : znc - denial of service

It was discovered that ZNC, an IRC bouncer, is vulnerable to denial of service attacks via a NULL pointer dereference when traffic statistics are requested while there is an unauthenticated connection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Debian Lintian多个本地安全漏洞

Bugraq ID: 37975 CVE ID：CVE-2009-4013 CVE-2009-4014 CVE-2009-4015 Debian Lintian是一款软件包检查程序。 Debian Lintian存在多个安全漏洞，本地攻击者可以利用这些漏洞执行任意代码或者提升特权或获得敏感信息。 CVE-2009-4013：控制文件过滤缺失 CNCVE ID：CNCVE-20094013 CNCVE-20094014 CNCVE-20094015 CNCVE-20094013 控制字段名称和值在使用前没有充分过滤，在部分操作下可导致目录遍历。 Patch...

PHP 'ini_restore()' Memory Information Disclosure Vulnerability

No description provided by source. Credit/Author: Maksymilian Arciemowicz from SecurityReason Vulnerable: PHP PHP 5.3 PHP PHP 5.2.10 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64...

PHP 5.2.105.3.0 - ini_restore() Memory Information Disclosure

PHP 5.2.105.3.0 - inirestore Memory Information Disclosure Credit/Author: Maksymilian Arciemowicz from SecurityReason Vulnerable: PHP PHP 5.3 PHP PHP 5.2.10 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k...

LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability

No description provided by source. Bugtraq ID: 35451 Class: Boundary Condition Error Published: Jun 21 2009 12:00AM Updated: Nov 12 2009 06:46PM Credit: wololo Vulnerable: Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386...

Debian DSA-1741-1 : psi - integer overflow

Jesus Olmos Gonzalez discovered that an integer overflow in the PSI Jabber client may lead to remote denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-1741. The text itsel...

Debian DSA-1742-1 : libsndfile - integer overflow

Alan Rad Pop discovered that libsndfile, a library to read and write sampled audio data, is prone to an integer overflow. This causes a heap-based buffer overflow when processing crafted CAF description chunks possibly leading to arbitrary code execution. %NASLMINLEVEL 70300 C Tenable Network...