PostgreSQL 临时文件创建漏洞(CVE-2013-1902)

BUGTRAQ ID: 58877 CVECAN ID: CVE-2013-1902 PostgreSQL是一款高级对象－关系型数据库管理系统，支持扩展的SQL标准子集。 PostgreSQL 9.2.4, 9.1.9, 9.0.13之前版本存用可预测的文件名生成了不安全的临时文件，本地攻击者可以进行符号链接攻击。 0 Debian Linux 6.0 x PostgreSQL 9.x 厂商补丁： PostgreSQL ---------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.postgresql.org...

Debian Security Advisory DSA 2657-1 (postgresql-8.4 - guessable random numbers)

A vulnerability was discovered in PostgreSQL database server. Random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess. OpenVAS Vulnerability Test $Id: deb2657.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2657-1 using nvtg...

Debian Security Advisory DSA 2654-1 (libxslt - denial of service)

Nicolas Gregoire discovered that libxslt, an XSLT processing runtime library, is prone to denial of service vulnerabilities via crafted XSL stylesheets. OpenVAS Vulnerability Test $Id: deb2654.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2654-1 using nvtgen 1.0 Scrip...

Debian Security Advisory DSA 2656-1 (bind9 - denial of service)

Matthew Horsfall of Dyn, Inc. discovered that BIND, a DNS server, is prone to a denial of service vulnerability. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash...

Debian Security Advisory DSA 2655-1 (rails - several vulnerabilities)

Several cross-site-scripting and denial of service vulnerabilities were discovered in Ruby on Rails, a Ruby framework for web application development. OpenVAS Vulnerability Test $Id: deb2655.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2655-1 using nvtgen 1.0 Script...

Debian Security Advisory DSA 2653-1 (icinga - buffer overflow)

It was discovered that Icinga, a host and network monitoring system, contains several buffer overflows in the history.cgi CGI program. OpenVAS Vulnerability Test $Id: deb2653.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2653-1 using nvtgen 1.0 Script version: 1.0...

Debian Security Advisory DSA 2652-1 (libxml2 - external entity expansion)

Brad Hill of iSEC Partners discovered that many XML implementations are vulnerable to external entity expansion issues, which can be used for various purposes such as firewall circumvention, disguising an IP address, and denial-of-service. libxml2 was susceptible to these problems when performing...

Debian Security Advisory DSA 2651-1 (smokeping - cross-site scripting vulnerability)

A cross-site scripting vulnerability was discovered in smokeping, a latency logging and graphing system. Input passed to the displaymode parameter was not properly sanitized. An attacker could use this flaw to execute arbitrary HTML and script code in a user's browser session in the context of an...

Debian Security Advisory DSA 2641-2 (perl - rehashing flaw)

Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically an attacker could create a set of keys of a hash causing a denial of service via memory exhaustio...

Debian Security Advisory DSA 2650-2 (libvirt - files and device nodes ownership change to kvm group)

Bastian Blank discovered that libvirtd, a daemon for management of virtual machines, network and storage, would change ownership of devices files so they would be owned by user libvirt-qemu and group kvm , which is a general purpose group not specific to libvirt, allowing unintended write access ...

Debian Security Advisory DSA 2648-1 (firebird2.5 - several vulnerabilities)

A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. In addition, a denial of service vulnerability was discovered in the TraceManager. OpenVAS Vulnerability Test $Id: deb2648.nasl 6611 2017-07-07 12:07:20Z cfischer $...

Debian Security Advisory DSA 2647-1 (firebird2.1 - buffer overflow)

A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2647.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2647-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone...

Debian Security Advisory DSA 2645-1 (inetutils - denial of service)

Ovidiu Mara reported in 2010 a vulnerability in the ping util, commonly used by system and network administrators. By carefully crafting ICMP responses, an attacker could make the ping command hangs. OpenVAS Vulnerability Test $Id: deb2645.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated...

Debian Security Advisory DSA 2644-1 (wireshark - several vulnerabilities)

Multiple vulnerabilities were discovered in the dissectors for the MS-MMS, RTPS, RTPS2, Mount, ACN, CIMD and DTLS protocols, which could result in denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2644.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated...

DEBIAN-CVE-2013-1048

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an...

Debian Security Advisory DSA 2638-1 (openafs - buffer overflow)

Multiple buffer overflows were discovered in OpenAFS, the implementation of the distributed filesystem AFS, which might result in denial of service or the execution of arbitrary code. Further information is available at http://www.openafs.org/security . OpenVAS Vulnerability Test $Id: deb2638.nas...

Debian Security Advisory DSA 2635-1 (cfingerd - buffer overflow)

Malcolm Scott discovered a remote-exploitable buffer overflow in the RFC1413 ident client of cfingerd, a configurable finger daemon. This vulnerability was introduced in a previously applied patch to the cfingerd package in 1.4.3-3. OpenVAS Vulnerability Test $Id: deb2635.nasl 6611 2017-07-07...

Debian Security Advisory DSA 2633-1 (fusionforge - privilege escalation)

Helmut Grohne discovered multiple privilege escalation flaws in FusionForge, a web-based project-management and collaboration software. Most of the vulnerabilities are related to the bad handling of privileged operations on user-controlled files or directories. OpenVAS Vulnerability Test $Id:...

Debian Security Advisory DSA 2629-1 (openjpeg - several issues)

CVE-2009-5030 Heap memory corruption leading to invalid free when processing certain Gray16 TIFF images. CVE-2012-3358 Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow in JPEG2000 image parsing. CVE-2012-3535 Huzaifa Sidhpurwala of the Red Hat Security...

Debian DSA-2630-1 : postgresql-8.4 - programming error

Sumit Soni discovered that PostgreSQL, an object-relational SQL database, could be forced to crash when an internal function was called with invalid arguments, resulting in denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plug...