Debian GNU/Linux XTERM DECRQSS Weakness

Package: xterm Version: 222-1etch2 Severity: grave Tags: security patch Justification: user security hole DECRQSS Device Control Request Status String "DCS $ q" simply echoes responds with invalid commands. For example, perl -e 'print "\eP$q\nbad-command\n\e\"' would run bad-command...

CVE-2006-7236

The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences...

CVE-2006-7236

The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences...

CVE-2006-7236

The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences...

CVE-2006-7236

The CVE-2006-7236 issue concerns the xterm program and its default configuration on Debian sid (and possibly Ubuntu), where the allowWindowOps resource is enabled. This permits a user-assisted attacker to execute arbitrary code or otherwise impact the system via crafted escape sequences. Related ...

CVE-2006-7236

The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences...

Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes)

Linux/x86-64 - sethostnameRooted ! + killall Shellcode 33 bytes. Shellcode exploit for Linuxx86-64 platform Linux/x8664 sethostname & killall 33 bytes shellcode Date: 2010-04-26 Author: zbt Tested on: x8664 Debian GNU/Linux / ; sethostname"Rooted !"; ; kill-1, SIGKILL; section .text global start...

CVE-2008-5747

F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-virus protection via a crafted ELF program with a "corrupted" header that still allows the program to be executed. NOTE: due to an error in the initial disclosure, F-secure was incorrectly stated as the vendor...

Authentication flaw

F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass anti-virus protection via a crafted ELF program with a "corrupted" header that still allows the program to be executed. NOTE: due to an error in the initial disclosure, F-secure was incorrectly stated as the vendor...

CVE-2008-5747

CVE-2008-5747 affects F-PROT Antivirus for GNU/Linux. The vulnerability arises from ELF header handling: a crafted ELF binary with a “corrupted” header can be executed, enabling a remote attacker to bypass antivirus protection. Per OpenVAS/GLSA entries, this vulnerability is categorized as a Deni...

CVE-2008-4539

Heap-based buffer overflow in the Cirrus VGA implementation in 1 KVM before kvm-82 and 2 QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorre...

CVE-2008-4539

Heap-based buffer overflow in the Cirrus VGA implementation in 1 KVM before kvm-82 and 2 QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorre...

BitDefender PE文件解析整数溢出漏洞

BUGTRAQ ID: 32751 BitDefender Antivirus是具有功能强大的反病毒引擎以及互联网过滤技术的杀毒软件。 BitDefender在处理畸形结构的PE文件时存在漏洞，如果使用GNU/Linux版本的BitDefender扫描到了NeoLite或ASProtect封装的特制PE文件的话，就可能触发整数溢出，导致扫描引擎崩溃。 Softwin BitDefender v7 for Linux Softwin ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

[SECURITY] [DSA 1685-1] New uw-imap packages fix multiple vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1685-1 [email protected] http://www.debian.org/security/ Steffen Joeris December 12, 2008 http://www.debian.org/security/faq -...

CVE-2008-5394

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...

Design/Logic Flaw

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line aka utline field in a utmp entry...

CVE-2008-5394

CVE-2008-5394 concerns the shadow package’s /bin/login on Debian (and likely other distros) where local users in the utmp group could exploit a symlink vulnerability to overwrite arbitrary files via a temporary file referenced in a utmp entry’s ut_line field. The described condition affects shado...

CVE-2008-5367

ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file...

CVE-2008-5366

The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/probe-finished or 2 /tmp/ppp-errors temporary file...

CVE-2008-5367

ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file...