164 matches found
Debian DSA-593-1 : imagemagick - buffer overflow
A vulnerability has been reported for ImageMagick, a commonly used image manipulation library. Due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Debian DSA-561-1 : xfree86 - integer and stack overflows
Chris Evans discovered several stack and integer overflows in the libXpm library which is provided by X.Org, XFree86 and LessTif. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-561. The...
Debian DSA-600-1 : samba - arbitrary file access
A vulnerability has been discovered in samba, a commonly used LanManager-like file and printer server for Unix. A remote attacker may be able to gain access to files which exist outside of the share's defined path. Such files must still be readable by the account used for the connection, though...
[SECURITY] [DSA 585-1] New shadow packages fix unintended behaviour
-------------------------------------------------------------------------- Debian Security Advisory DSA 585-1 [email protected] http://www.debian.org/security/ Martin Schulze November 5th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 579-1] New abiword packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 579-1 [email protected] http://www.debian.org/security/ Martin Schulze November 1st, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 574-1] New cabextract packages fix unintended directory traversal
-------------------------------------------------------------------------- Debian Security Advisory DSA 574-1 [email protected] http://www.debian.org/security/ Martin Schulze October 28th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 570-1] New libpng packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 570-1 [email protected] http://www.debian.org/security/ Martin Schulze October 20th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 569-1] New netkit-telnet-ssl packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 569-1 [email protected] http://www.debian.org/security/ Martin Schulze October 18th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 564-1] New mpg123 packages fix arbitrary code exceution
-------------------------------------------------------------------------- Debian Security Advisory DSA 564-1 [email protected] http://www.debian.org/security/ Martin Schulze October 13th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 564-1] New mpg123 packages fix arbitrary code exceution
-------------------------------------------------------------------------- Debian Security Advisory DSA 564-1 [email protected] http://www.debian.org/security/ Martin Schulze October 13th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 458-3] New python2.2 packages really fix buffer overflow and restore functionality
-------------------------------------------------------------------------- Debian Security Advisory DSA 458-3 [email protected] http://www.debian.org/security/ Martin Schulze October 10th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 557-1] New rp-pppoe packages fix potential root compromise
-------------------------------------------------------------------------- Debian Security Advisory DSA 557-1 [email protected] http://www.debian.org/security/ Martin Schulze October 4th, 2004 http://www.debian.org/security/faq -...
Debian DSA-350-1 : falconseye - buffer overflow
The falconseye package is vulnerable to a buffer overflow exploited via a long -s command line option. This vulnerability could be used by an attacker to gain gid 'games' on a system where falconseye is installed. Note that falconseye does not contain the file permission error CAN-2003-0359 which...
Debian DSA-450-1 : linux-kernel-2.4.19-mips - several vulnerabilities
Several local root exploits have been discovered recently in the Linux kernel. This security advisory updates the mips kernel 2.4.19 for Debian GNU/Linux. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update : - CAN-2003-0961 : An...
Debian DSA-367-1 : xtokkaetama - buffer overflow
Another buffer overflow was discovered in xtokkaetama, involving the '-nickname' command line option. This vulnerability could be exploited by a local attacker to gain gid 'games'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Debian DSA-473-1 : oftpd - denial of service
A vulnerability was discovered in oftpd, an anonymous FTP server, whereby a remote attacker could cause the oftpd process to crash by specifying a large value in a PORT command. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Debian DSA-399-1 : epic4 - buffer overflow
Jeremy Nelson discovered a remotely exploitable buffer overflow in EPIC4, a popular client for Internet Relay Chat IRC. A malicious server could craft a reply which triggers the client to allocate a negative amount of memory. This could lead to a denial of service if the client only crashes, but...
Debian DSA-405-1 : xsok - missing privilege release
Steve Kemp discovered a problem in xsok, a single player strategy game for X11, related to the Sokoban game, which leads a user to execute arbitrary commands under the GID of games. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Debian DSA-386-1 : libmailtools-perl - input validation bug
The SuSE security team discovered during an audit a bug in Mail::Mailer, a Perl module used for sending email, whereby potentially untrusted input is passed to a program such as mailx, which may interpret certain escape sequences as commands to be executed. This bug has been fixed by removing...
Debian DSA-193-1 : kdenetwork - buffer overflow
iDEFENSE reports a security vulnerability in the klisa package, that provides a LAN information service similar to 'Network Neighbourhood', which was discovered by Texonet. It is possible for a local attacker to exploit a buffer overflow condition in resLISa, a restricted version of KLISa. The...