7 matches found
python-updater: Untrusted search path
Background python-updater is a script used to remerge python packages when changing Python version. Description Robert Buchholz of the Gentoo Security Team reported that python-updater includes the current working directory and subdirectories in the Python module search path sys.path before calli...
GLSA-200710-23 : Star: Directory traversal vulnerability
The remote host is affected by the vulnerability described in GLSA-200710-23 Star: Directory traversal vulnerability Robert Buchholz of the Gentoo Security team discovered a directory traversal vulnerability in the hasdotdot function which does not identify //.. slash slash dot dot sequences in...
libsndfile: Buffer overflow
Background libsndfile is a library for reading and writing various formats of audio files including WAV and FLAC. Description Robert Buchholz of the Gentoo Security team discovered that the flacbuffercopy function does not correctly handle FLAC streams with variable block sizes which leads to a...
arc insecure temporary file creation
arc insecure temporary file creation Vendor: http://arc.sourceforge.net/ Advisory: http://www.zataz.net/adviso/arc-09052005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low The vulnerability is caused due to temporary file being created insecurely. The temporary fil...
[VulnWatch] ncompress insecure temporary file creation
ncompress insecure temporary file creation Vendor: ftp://ftp.leo.org/pub/comp/os/unix/linux/sunsite/utils/compress/ Advisory: http://www.zataz.net/adviso/ncompress-09052005.txt Vendor informed: yes Exploit available: yes Impact : low Exploitation : low The vulnerability is caused due to temporary...
[Full-disclosure] MySQL < 4.0.12 && MySQL <= 5.0.4 : Insecure tmp file handling
MySQL mysqlinstalldb data manipulation vendor: http://www.mysql.com advisory: http://www.zataz.net/adviso/mysql-05172005.txt vendor informed: yes exploit available:no MySQL contain a security flaw how could allow a malicious local attacker to inject arbitrary SQL commands during database creation...
junkbuster -- heap corruption vulnerability and configuration modification vulnerability
A Debian advisory reports: James Ranson discovered that an attacker can modify the referrer setting with a carefully crafted URL by accidently overwriting a global variable. Tavis Ormandy from the Gentoo Security Team discovered several heap corruptions due to inconsistent use of an internal...