17 matches found
[SECURITY] New versions of sysklogd released
Package: sysklogd Vulnerability: root exploit Debian-specific: no Multiple vulnerabilities have been reported in syslogd and klogd. A local root exploit is possible, and remote exploits may be possible in some cases though we are not currently aware of a remote exploit. Fixed packages are availab...
[SECURITY] glibc update for Debian GNU/Linux 2.1 (update)
Package: glibc Vulnerability: local exploit Debian-specific: no Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code. An earlier advisory listed the updates for Debian 2.2/potato. This advisory contains updates for Debian...
[SECURITY] new version of screen released
Package: screen Vulnerability: local exploit Debian-specific: no A format string bug was recently discovered in screen which can be used to gain elevated privilages if screen is setuid. Debian 2.1 slink did ship screen setuid and the exploit can be used to gain root privilages. In Debian 2.2 pota...
[SECURITY] New version of xlockmore/xlockmore-gl released
Package: xlockmore, xlockmore-gl Vulnerability type: local exploit Debian-specific: no There is a format string bug in all versions of xlockmore/xlockmore-gl. Debian 2.1 slink installs xlock setgid by default, and this exploit can be used to gain read access to the shadow file. We recommend...
[SECURITY] New version of mailx released
Package : mailx Problem type : local exploit Debian-specific: no mailx is a often used by other programs to send email. Unfortunately mailx as distributed in Debian GNU/Linux 2.1 has some features that made it possible to execute system commands if a user can trick a privileged program to send...
[SECURITY] New version of userv released
Package : userv Problem type : local exploit Debian-specific: no The version of userv that was distributed with Debian GNU/Linux 2.1 / slink had a problem in the fd swapping algorithm: it could sometimes make an out-of-bounds array reference. It might be possible for local users to abuse this to...
[SECURITY] New verion of dhcp released
Package: dhcp-client-beta dhcp-client Vulnerability type: remote root exploit Debian-specific: no The versions of the ISC DHCP client in debian 2.1 slink and debian 2.2 potato are vulnerable to a root exploit. The OpenBSD team reports that the client inappropriately executes commands embedded in...
[SECURITY] New Debian wu-ftpd packages released
Package: wu-ftpd wu-ftpd-academ Vulnerability: remote root exploit Debian-specific: no The version of wu-ftpd distributed in Debian GNU/Linux 2.1 a.k.a. slink, as well as in the frozen potato and unstable woody distributions, is vulnerable to a remote root compromise. The default configuration in...
[SECURITY] New version of mailx released
Package: mailx Vulnerability: local exploit Debian-specific: no The version of mailx distributed in Debian GNU/Linux 2.1 a.k.a. slink, as well as in the frozen potato and unstable woody distributions is vulnerable to a local buffer overflow while sending messages. This could be exploited to give ...
[SECURITY] New version of mtr released
Package: mtr Vulnerability type: possible local exploit Debian-specific: no The version of mtr as distributed in Debian GNU/Linux 2l1 aka slink did not drop root privileges correctly. While there are no known exploits it is conceivable that a weakness in gtk or ncurses could be used to exploit...
[SECURITY] New version of nmh released
Package: nmh Vulnerability type: remote exploit Debian-specific: no The version of nmh that was distributed in Debian GNU/Linux 2.1 aka slink did not check incoming mail messages properly. This could be exploited by using carefully designed MIME headers to trick mhshow into executing arbitrary...
[SECURITY] New version of make released
Package: make Vulnerability type: symlink attack Debian-specific: no The make package as shipped in Debian GNU/Linux 2.1 is vulnerable to a race condition that can be exploited with a symlink attack. make used mktemp while creating temporary files in /tmp. and that is a known potential security...
[SECURITY] New version of bind released
The version bind that was distributed in Debian GNU/Linux 2.1 has a vulnerability in the processing of NXT records that can be used by an attacked in a Debian of Service attack or theoretically be exploited to gain access to the server. This has been fixed in version 8.2.5p5-0slink1, and we...
[SECURITY] New version of amd fixes remote exploit, take 2
The version of amd that was distributed with Debian GNU/Linux 2.1 is vulnerable to a remote exploit. This was fixed in version 23.0slink1. However that fix contained an error which has been fixed in version upl102-23.slink2. Here is the problem description from the previous fix: Passing a big...
[SECURITY] New version of mirror fixes remote exploit
We have received reports that the version of mirror as distributed in Debian GNU/Linux 2.1 could be remotely exploited. When mirroring a remote site the remote site could use filename-constructions like " .." that would case mirror to work one level above the target directory for the mirrored...
[SECURITY] new version isdnutils fixes exploitable xmonisdn
We have received reports that the version of xmonisdn as distributed in the isndutils package from Debian GNU/Linux 2.1 has a security problem. Xmonisdn is an X applet that shows the status of the ISDN links. You can configure it to run two scripts when the left or right mouse button are clicked ...
[SECURITY] New version if ipopd prevents exploit
We have received reports that the version of the imap suite in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon, which can be found in the ipopd package. Using this vulnerability it is possible for remote users to get a shell as user "nobody" on the server. We recommend you upgrade yo...