Ubuntu 12.04 LTS / 12.10 / 13.04 : txt2man vulnerability (USN-1979-1)

Patrick J Cherry discovered that txt2man contained leftover debugging code that incorrectly created a temporary file. A local attacker could possibly use this issue to overwrite arbitrary files. In the default Ubuntu installation, this should be prevented by the Yama link restrictions. Note that...

USN-1979-1: txt2man vulnerability

Patrick J Cherry discovered that txt2man contained leftover debugging code that incorrectly created a temporary file. A local attacker could possibly use this issue to overwrite arbitrary files. In the default Ubuntu installation, this should be prevented by the Yama link restrictions...

Fedora 15 : NetworkManager-0.8.9997-2.git20110531.fc15 (2011-7919)

This update includes no changes to NetworkManager but ensures that the latest update is installed to fix a security issue in NetworkManager-0.8.999-3.git20110526. This issue was previously fixed in NetworkManager-0.8.9997-1.git20110531.fc15 but was not marked as a security update...

Code injection

The AES encryption module 7.x-1.4 for Drupal leaves certain debugging code enabled in release, which records the plaintext password of the last logged-in user and allows remote attackers to gain privileges as that user...

Buffer overflow

Buffer overflow in the wpaprintf function in the debugging code in wpasupplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary code via malformed frames on a WPA2 network. NOTE: some of these details are obtained from third part...

DSA-1184-2 kernel-source-2.6.8 - several vulnerabilities

Bulletin has no description...

CVE-2006-4146

Buffer overflow in the 1 DWARF dwarfread.c and 2 DWARF2 dwarf2read.c debugging code in GNU Debugger GDB 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block DWFORMblock that contains a large number of operations...

CVE-2006-4146

CVE-2006-4146 describes a buffer overflow in GDB 6.5 affecting the DWARF and DWARF2 debugging code (dwarfread.c and dwarf2read.c). A crafted file with a DW_FORM_block containing a large number of operations can allow user‑assisted or restricted users to execute arbitrary code. The issue arises fr...

Code injection

choosenewparent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service panic by causing certain circumstances involving termination of a parent process...

CVE-2006-1855

choosenewparent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service panic by causing certain circumstances involving termination of a parent process...

CVE-2003-0885

Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the 1 apple2, 2 xanalogtv, and 3 pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack...

CVE-2004-2024

The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via passwordforgotten.php...

CVE-2004-2024

Zen Cart 1.1.4 prior to patch 2 contains debugging code in the Admin password retrieval path (password_forgotten.php) that can enable attackers to gain administrative privileges. The connected records confirm the product/version and the root cause as debugging code in the admin password recovery ...

CVE-2004-2024

The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via passwordforgotten.php...

multi-gnome-terminal: Information leak

Background multi-gnome-terminal is an enhanced terminal emulator that is derived from gnome-terminal. Description multi-gnome-terminal contains debugging code that has been known to output active keystrokes to a potentially unsafe location. Output has been seen to show up in the '.xsession-errors...

GLSA-200409-10 : multi-gnome-terminal: Information leak

The remote host is affected by the vulnerability described in GLSA-200409-10 multi-gnome-terminal: Information leak multi-gnome-terminal contains debugging code that has been known to output active keystrokes to a potentially unsafe location. Output has been seen to show up in the...