Debian DSA-2236-1 : exim4 - command injection

It was discovered that Exim, Debian's default mail transfer agent, is vulnerable to command injection attacks in its DKIM processing code, leading to arbitrary code execution. CVE-2011-1407 The default configuration supplied by Debian does not expose this vulnerability. The oldstable distribution...

MIT Kerberos kadmind版本字符串处理远程拒绝服务漏洞

Bugtraq ID: 47310 Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。MIT Kerberos 5是开源Kerberos实现。 处理部分报文时kadmind存在一个错误，向TCP 749端口发送查询版本的特制报文可使进程释放非法内存指针，使守护程序崩溃。 MIT Kerberos 5 1.8.3 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian...

ikiwiki 'htmlscrubber'插件跨站脚本漏洞

Bugtraq ID: 47285 CVE ID：CVE-2011-1401 ikiwiki是一款维基百科程序。 当向页面增加可替换样式表时，ikiwiki没有验证htmlscrubber是否在页面上启用。这可导致能上传定制样式表的攻击者增加恶意样式表作为可替换样式表或替换默认的样式表，从而进行跨站脚本攻击。 ikiwiki ikiwiki 2.53.5 ikiwiki ikiwiki 2.53.4 ikiwiki ikiwiki 2.31.1 ikiwiki ikiwiki 2.31 ikiwiki ikiwiki 3.20100312 ikiwiki ikiwiki 3.141592...

rsync客户端增量文件列表远程内存破坏漏洞

Bugtraq ID: 47064 rsync是一款文件同步管理软件。 当增量递归启用，--delete启用，关闭--owner时，generator进程接收端存在一个内存破坏漏洞。在这些条件下，一些Generatordeep删除函数会临时增加fileextracnt，此全局变量用于管理filestructs内存中的格式，并在完成后恢复原始值。增量的目录只影响用于执行删除的临时文件列表，但它也能影响调用这些函数过程中接收到的增量文件列表块，不过可能以错误的格式创建。当恢复原始fileextracnt时，存储在每个可应用OPTEXTRA字段中的值会出现在rsync.h中列出的下一个值中。...

CVE-2011-1548

The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated...

Debian DSA-2203-1 : nss - ssl certificate blacklist update

This update for the Network Security Service libraries marks several fraudulent HTTPS certificates as unstrusted. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2203. The text itself is...

Debian DSA-2196-1 : maradns - buffer overflow

Witold Baryluk discovered that MaraDNS, a simple security-focused Domain Name System server, may overflow an internal buffer when handling requests with a large number of labels, causing a server crash and the consequent denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-2155-1 : freetype - several vulnerabilities

Two buffer overflows were found in the Freetype font library, which could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2155. The text itself is...

Debian DSA-2144-1 : wireshark - buffer overflow

It was discovered that a buffer overflow in the ENTTEC dissector may lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2144. The text itself is...

Rootkit Being Used in Attacks on Exim Bug

Attackers have begun using the bug in the Exim mailer that was disclosed earlier this week to install a rootkit on machines running vulnerable versions of the software. The vulnerability in Exim, which is a mail transfer agent used on Unix-based machines, came to light on Monday and can result in...

Debian DSA-2132-1 : xulrunner - several vulnerabilities

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems : %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Linux Kernel IGB Panic VLAN报文远程拒绝服务漏洞

Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel在实现上存在漏洞，攻击者可利用此漏洞造成内核崩溃，拒绝服务合法用户。 此漏洞源于VLAN无过滤，无法处理位于0000000000000028的Kernel NULL指针引用。 Debian Linux 4.0 x Linux kernel 2.6.11.11 - 2.6.37 Ubuntu Linux 6.06 LTS amd64 - 8.04 LTS spar 厂商补丁： Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Debian DSA-2070-1 : freetype - several vulnerabilities

Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed. Also, several buffer overflows were found in the included demo programs. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Debian DSA-2069-1 : znc - denial of service

It was discovered that ZNC, an IRC bouncer, is vulnerable to denial of service attacks via a NULL pointer dereference when traffic statistics are requested while there is an unauthenticated connection. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Debian DSA-2050-1 : kdegraphics - several vulnerabilities

Several local vulnerabilities have been discovered in KPDF, a PDF viewer for KDE, which allow the execution of arbitrary code or denial of service if a user is tricked into opening a crafted PDF document. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...

Debian DSA-2042-1 : iscsitarget - format string

Florent Daigniere discovered multiple format string vulnerabilities in Linux SCSI target framework which is known as iscsitarget under Debian allow remote attackers to cause a denial of service in the ietd daemon. The flaw could be trigger by sending a carefully-crafted Internet Storage Name...

Rad User Manager Cross Site Scripting

Exploit Title: Rad User Manager XSS Vulnerabilities Date: 01.05.2010 Author: Valentin Category: webapps/0day Version: 2.90 Tested on: Debian Linux, Apache2, PHP5, MySQL5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information...

Debian DSA-2013-1 : egroupware - several vulnerabilities

Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based groupware suite: Missing input sanitising in the spellchecker integration may lead to the execution of arbitrary commands and a cross-site scripting vulnerability was discovered in the login page. %NASLMINLEVEL 70300 C...

PHP 'session_save_path()' 'safe_mode' Restriction-Bypass Vulnerability

Exploit for unknown platform in category remote exploits ====================================================================== PHP 'sessionsavepath' 'safemode' Restriction-Bypass Vulnerability ====================================================================== Vulnerable: PHP PHP 5.3.1 PHP PH...

Debian DSA-2011-1 : dpkg - path traversal

William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the...