Debian DSA-1361-1 : postfix-policyd - buffer overflow

It was discovered that postfix-policyd, an anti-spam plugin for postfix, didn't correctly test lengths of incoming SMTP commands potentially allowing the remote execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

Debian DSA-1357-1 : koffice - integer overflow

It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. koffice includes a copy of the xpdf code and required an update as well. The oldstable distribution sarge will be fixed later. %NASLMINLEVEL 70300 C...

Debian DSA-1356-1 : linux-2.6 - several vulnerabilities

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1353 Ilja van Sprundel discovered that kernel...

Debian DSA-1310-1 : libexif - integer overflow

A vulnerability has been discovered in libexif, a library to parse EXIF files, which allows denial of service and possible execution of arbitrary code via malformed EXIF data. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

PHP EXT/Session HTTP应答头注入漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP的ext/session在置于会话COOKIE前没有URL编码会话ID，远程攻击者可以利用漏洞可以对会话COOKIE进行注入攻击。 当PHP' ext/session调用sessionstart，会在部分情况下发送新会话COOKIE，这些情况如下： - session id嵌入到PATHINFO - session id重生成 - session id通过sessionid设置 - sessionstart多次调用...

Debian DSA-1290-1 : squirrelmail - missing input sanitising

It was discovered that the webmail package Squirrelmail performs insufficient sanitising inside the HTML filter, which allows the injection of arbitrary web script code during the display of HTML email messages. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Debian DSA-1288-1 : pptpd - programming error

It was discovered that the PoPToP Point to Point Tunneling Server contains a programming error, which allows the tear-down of a PPTP connection through a malformed GRE packet, resulting in denial of service. The oldstable distribution sarge is not affected by this problem. %NASLMINLEVEL 70300 C...

Debian DSA-1274-1 : file - buffer overflow

An integer underflow bug has been found in the fileprintf function in file, a tool to determine file types based analysis of file content. The bug could allow an attacker to execute arbitrary code by inducing a local user to examine a specially crafted file that triggers a buffer overflow...

PHP Imap_Mail_Compose()函数缓冲区溢出漏洞

BUGTRAQ ID: 23234 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的imapmailcompose函数实现上存在缓冲区溢出漏洞，本地攻击者可能利用此漏洞提升权限。 imapmailcompose函数在名为tmp的栈缓冲区中创建固定大小的多部邮件： PHPFUNCTIONimapmailcompose ... char tmp8 MAILTMPLEN, mystring=NULL, t=NULL, tempstring=NULL;...

PHP会话数据反序列化代码执行漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP会话数据反序列化存在问题，远程攻击者可利用此漏洞以应用程序权限执行任意指令。 当registerglobals激活时，会话数据反序列化可以覆盖任意全局变量，包括SESSION数组。特殊的实现可导致任意代码执行。 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP PHP 5.1.2 PHP PHP 5.1.1 PHP PHP 5.1 PHP PHP 5.0.5 PHP PHP 5.0.4 PHP PHP 5.0.3 + Trustix Secu...

OpenOffice StarCalc解析器未明缓冲区溢出漏洞

OpenOffice是一款开放源代码的文字处理程序。 OpenOffice StarCalc解析器存在缓冲区溢出问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 S.u.S.E. SUSE Linux Enterprise Desktop 10 S.u.S.E. SLE SDK 10 S.u.S.E. openSUSE 10.2 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux 9.3 x86 S.u.S.E. Linux 10.1 x86-64...

I386 SMP race condition privilege escalation vulnerability program--a vulnerability warning-the black bar safety net

The program is very unreliable. You have to run many times before it is possible to obtain a ROOT shell, the premise is you have to give a regular user permission. For have linux the broiler without root permission friends can try, I did not test. Program in Debian Linux 2.4.29-rc1 on get through...

Debian DSA-1269-1 : lookup-el - insecure temporary file

Tatsuya Kinoshita discovered that Lookup, a search interface to electronic dictionaries on emacsen, creates a temporary file in an insecure fashion when the ndeb-binary feature is used, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. %NASLMINLEVEL 70300 C...

CVE-2006-7094

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors...

Debian Linux apache privilege escalation

User can inject shell command into shell from where apache was started by using TIOCSTI ioctl on the ctty socket in CGI script...

GD图形库JIS编码字体缓冲区溢出漏洞

GD Graphics Library是一款流行的图形库，用于动态图象建立。 GD图形库处理JIS编码字体存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 当处理特殊畸形的字符串时如果使用了JIS编码字体，由于NULL终止符的增加，会导致不可预料的结果，可能导致以应用程序进程权限任意指令执行。 RedHat Enterprise Linux WS 5 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 5 RedHat Enterprise Linux ES 4 RedHat Enterprise Linu...

Texinfo File Handling Buffer Overflow Vulnerability

Texinfo is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Exploiting this issue allows attackers to cause the affected applications using Texinfo to crash, denying...

Fetchmail多个密码信息泄露漏洞

Fetchmail是一款多功能的IMAP和POP客户程序。 Fetchmail存在设计问题，远程攻击者可以利用漏洞可能获得用户密码敏感信息。 具体问题如下： -sslcertck/sslfingerprint选项本来必须应用到"sslproto tls1"来迫使使用TLS协商，但程序没有。 -在配置文件中即使使用"sslproto tls1"，但如果STLS/STARTTLS没有使用，获取邮件也是明文过程。 -无论TLS选项是否采用，POP3的抓取完全忽略TLS，因为在检查STLS支持前没有可靠的发送CAPA，而CAPA是STLS所必须的。无论CAPA是否检测到，依靠的是"auth"选项...

TDiary未明远程代码执行漏洞

TDiary是一款类似WEBBLOG的日记软件。 TDiary存在一个未明安全问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 tDiary tDiary 2.0.3 tDiary tDiary 2.0.2 tDiary tDiary 2.0.1 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debi...

ImageMagick Sun Bitmap图象文件远程缓冲区溢出漏洞

ImageMagick是一套可以用来读、写和处理超过89种基本格式的图片文件。 ImageMagick处理SUN Bitmap图象文件存在问题，远程攻击者可以利用漏洞进行缓冲区溢出攻击，可能以进程权限执行任意指令。 攻击者可以构建恶意SUN Bitmap图象，诱使用户使用ImageMagick打开来触发，目前没有详细漏洞细节提供。 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHa...