Design/Logic Flaw

qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories...

CVE-2008-4553

CVE-2008-4553 affects qemu, specifically the qemu-make-debian-root script, where temporary files are created insecurely. This local vulnerability in qemu 0.9.1-5 on Debian GNU/Linux allows a symlink attack to overwrite arbitrary files, potentially enabling local denial of service. Debian DSAs and...

Telecom Italia Alice Pirelli routers - Backdoor from internal LAN/WAN

saxdax & drpepperONE Discovered embedded backdoor to activate telnet/ftp/tftp/web extended admin interface with Admin privileges, from internal network lan on Alice ADSL CPE Modem/Router, manufactered by Pirelli based on Broadcom platform. saxdax & drpepperONE Router Vendor: Alice Telecom Italia...

[SECURITY] [DSA 1651-1] New ruby1.8 packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-1651-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 12, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1646-2] New squid packages fix array bounds check

------------------------------------------------------------------------ Debian Security Advisory DSA-1646-2 [email protected] http://www.debian.org/security/ Devin Carraway October 11, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1648-1] New mon packages fix insecure temporary files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1648-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 08, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA-1646-1] New squid packages fix array bounds check

------------------------------------------------------------------------ Debian Security Advisory DSA-1646-1 [email protected] http://www.debian.org/security/ Devin Carraway October 07, 2008 http://www.debian.org/security/faq -...

CVE-2008-4126

PyDNS aka python-dns before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this...

CVE-2008-4099

PyDNS aka python-dns before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447...

CVE-2008-4099

PyDNS aka python-dns before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447...

CVE-2008-4099

PyDNS aka python-dns before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447...

CVE-2008-4126

PyDNS aka python-dns before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this...

Design/Logic Flaw

PyDNS aka python-dns before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this...

CVE-2008-4099

The CVE-2008-4099 entry concerns PyDNS (python-dns) in Debian GNU/Linux prior to 2.3.1-4, where DNS requests did not randomize source ports or transaction IDs. This omission facilitates spoofed DNS responses by remote attackers, representing a DNS cache-poisoning risk. Debian has updated the pack...

CVE-2008-4099

PyDNS aka python-dns before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447...

CVE-2008-4126

Technical details for CVE-2008-4126 are not provided in the connected documents; the initial description summarizes the issue but no vendor/version/context is given here. Monitor for updates.

[SECURITY] [DSA 1637-1] New git-core packages fix buffer overflow

------------------------------------------------------------------------ Debian Security Advisory DSA-1637-1 [email protected] http://www.debian.org/security/ Devin Carraway September 15, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1634-1] New wordnet packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1634-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 01, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1624-1] New libxslt packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1624-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 31, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1619-1] New python-dns packages fix DNS response spoofing

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1619-1 [email protected] http://www.debian.org/security/ Devin Carraway July 27, 2008 http://www.debian.org/security/faq -...