Дырка в perfmon под SunOS

Некорректная работа с лог-файлом позволяет переписать любой системный файл...

CVE-2000-1096

crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating...

APC UPS 3.7.2 - 'apcupsd' Local Denial of Service

/ Local Denial of Service for any linux box running APCUPSD v3.7.2 APCUPSD has his pid file world writeable, therefore it is possible to let it kill another pid and create a denial of service against any running daemon. when the apcupsd is stopped, for example Bug discovered by: Mattias Dartsch...

Trustix security advisory - apache-ssl

Hi Due to a typo in the rpm spec file for apache-ssl, /usr/sbin/httpsd on a Trustix system will be installed with mode 756 instead of 755, making a binary file that will be run by root world writable. It should not be necessary to explain why this is an extremely bad thing. How this bug slipped...

Security Advisory: FreeBSD-SA-00:24.libedit

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:24 Security Advisory FreeBSD, Inc. Topic: libedit reads config file from current directory Category: core Module: libedit Announced: 2000-07-05 Affects: All versions of...

FreeBSD-SA-00:24.libedit

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:24 Security Advisory FreeBSD, Inc. Topic: libedit reads config file from current directory Category: core Module: libedit Announced: 2000-07-05 Affects: All versions of...

Дырка в apsfilter

Некорректная работа с файлами конфигурации позволяет пользователю выполнять команды как root...

[SECURITY] New versions of trn fixes /tmp race

All former versions of trn used a hardcoded filename in /tmp as temporary storage. If the file already exists as symbolic link to users files they will be overwritten. We recommend you upgrade your man2html package as soon as possible. wget url will fetch the file for you dpkg -i file.deb will...

[SECURITY] New versions of trn fixes /tmp race

All former versions of trn used a hardcoded filename in /tmp as temporary storage. If the file already exists as symbolic link to users files they will be overwritten. We recommend you upgrade your man2html package as soon as possible. wget url will fetch the file for you dpkg -i file.deb will...

Re: [SECURITY] New version of premail fixes /tmp file problem

On Sat, May 30, 1998 at 06:53:48PM +0200, Martin Schulze wrote: We have received a report that premail uses temporary files in /tmp using unsecure methods for opening them. This is fixed in the new 0.45-4 release. We recommend you upgrade your samba package immediately. ^^^^^ This should read...