[Full-disclosure] [SECURITY] [DSA 1298-1] New otrs2 packages fix cross-site scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1298-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 28th, 2007 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1297-1] New gforge-plugin-scmcvs packages fix arbitrary shell command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1297-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 24th, 2007 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1293-1] New quagga packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 1293-1 [email protected] http://www.debian.org/security/ Martin Schulze May 17th, 2007 http://www.debian.org/security/faq -...

Debian DSA-1291-1 : samba - several vulnerabilities

Several issues have been identified in Samba, the SMB/CIFS file- and print-server implementation for GNU/Linux. - CVE-2007-2444 When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal security stack may result in a...

libpng denial of service vulnerability

Overview The libpng library contains a denial-of-service vulnerability. Description The libpng library can be used to allow other applications to render PNG images.The libpng library contains a denial-of-service vulnerability. From the Libpng-1.2.16-ADVISORY: This vulnerability could be used to...

Samba NDR MS-RPC heap buffer overflow

Overview Samba fails to properly handle malformed MS-RPC packets. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code. Description Samba is a widely used open-source implementation of Server Message Block SMB/Common Internet File System CIFS. Network Data...

CVE-2006-7098

The Debian GNU/Linux 033-FNOSETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl...

CVE-2006-7098

The CVE-2006-7098 entry concerns the Debian patch for Apache HTTP Server 1.3.34-4 (033_-F_NO_SETSID) that fails to fully disassociate httpd from a controlling tty when started interactively. This allows a local attacker to elevate privileges to the tty via a CGI program invoking the TIOCSTI ioctl...

[SECURITY] [DSA 1261-1] New PostgreSQL packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1261-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 15th, 2007 http://www.debian.org/security/faq -...

GLSA-200701-17 : libgtop: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200701-17 libgtop: Privilege escalation Liu Qishuai discovered that glibtopgetprocmaps in sysdeps/linux/procmap.c does not properly allocate memory for storing a filename, allowing certain filenames to cause the buffer to overflow...

GNU/Linux mbse-bbs <= 0.70.0 Local Buffer Overflow Exploit

No description provided by source. / GNU/Linux mbse-bbs 0.70.0 & below stack overflow exploit ======================================================== Multiple overflow conditions occur within mbse-bbs versions 0.70.0 & below...

GNU/Linux mbse-bbs <= 0.70.0 Local Buffer Overflow Exploit

Exploit for linux platform in category local exploits ========================================================== GNU/Linux mbse-bbs = 0.70.0 Local Buffer Overflow Exploit ========================================================== / GNU/Linux mbse-bbs 0.70.0 & below stack overflow exploit...

GNULinux mbse-bbs 0.70.0 - Local Buffer Overflow

GNULinux mbse-bbs 0.70.0 - Local Buffer Overflow / GNU/Linux mbse-bbs 0.70.0 & below stack overflow exploit ======================================================== Multiple overflow conditions occur within mbse-bbs versions 0.70.0 & below. The current version of mbse-bbs does not contain these...

GNU/Linux mbse-bbs 0.70.0 - Local Buffer Overflow

/ GNU/Linux mbse-bbs 0.70.0 & below stack overflow exploit ======================================================== Multiple overflow conditions occur within mbse-bbs versions 0.70.0 & below. The current version of mbse-bbs does not contain these weaknesses. Exploitation of these vulnerabilities...

[SECURITY] [DSA 1248-1] New libsoup packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1248-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 12nd, 2007 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1246-1] New OpenOffice.org packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1246-1 [email protected] http://www.debian.org/security/ Martin Schulze January 8th, 2007 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1214-2] Updated gv packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1214-2 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 27th, 2006 http://www.debian.org/security/faq -...

Fully Automated Installation管理HASH密码信息泄露漏洞

Fully Automated Installation是一种基于Debian GNU/Linux平台的全自动安装集群结点机的软件包。 Fully Automated Installation存在设计错误，本地攻击者可以利用漏洞获得敏感信息。 如果安装在verbose模式，ROOT密码的HASH信息会存储在'/var/log/fai/current/fai.log'，当fai-savelog调用时，它拷贝日志文件到新安装的主机，而仍旧保留HASH信息到文件中，导致敏感信息泄露。 Thomas Lange Fully Automated Installation 3.1.2 Thomas...

GnuPG vulnerable to remote data control

Overview A vulnerability in GnuPG could allow a remote attacker to execute arbitrary code on an affected system. Description GNU Privacy Guard GnuPG is the GNU project's implementation of the OpenPGP standard as defined by RFC2440.OpenPGP messages are processed by GnuPG using data structures call...

[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1239-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 17th, 2006 http://www.debian.org/security/faq -...