1915 matches found
CVE-2001-0755
Buffer overflow in ftp daemon ftpd 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command...
[SECURITY] [DSA-077-1] squid FTP PUT problem
Package : squid Problem type : remote DoS Debian-specific: no Vladimir Ivaschenko found a problem in squid a popular proxy cache. He discovered that there was a flaw in the code to handle FTP PUT commands: when a mkdir-only request was done squid would detect an internal error and exit. Since squ...
[SECURITY] [DSA 076-1] New most packages available
---------------------------------------------------------------------------- Debian Security Advisory DSA 076-1 [email protected] http://www.debian.org/security/ Martin Schulze September 18, 2001 - ---------------------------------------------------------------------------- Package : most...
[SECURITY] [DSA-075-1] telnetd-ssl AYT buffer overflow
------------------------------------------------------------------------ Debian Security Advisory DSA-075-1 [email protected] http://www.debian.org/security/ Robert van der Meulen August 14, 2001 - ------------------------------------------------------------------------ Package :...
[SECURITY] [DSA-069-1] xloadimage buffer overflow
Package : xloadimage Problem type : buffer overflow Debian-specific: no The version of xloadimage a graphics files viewer for X that was shipped in Debian GNU/Linux 2.2 has a buffer overflow in the code that handles FACES format images. This could be exploited by an attacker by tricking someone...
[SECURITY] [DSA-068-1] OpenLDAP DoS
Package : openldap Problem type : remote DoS Debian-specific: no CERT released their advisory CA-2001-18 which lists a number of vulnerabilities in various LDAP implementations. based on the results of the PROTOS LDAPv3 test suite. These tests found one problem in OpenLDAP, a free LDAP...
[SECURITY] [DSA-058-1] exim printf format attack
Package : exim Problem type : remote printf format attack Debian-specific: no Megyer Laszlo found a printf format bug in the exim mail transfer agent. The code that checks the header syntax of an email logs an error without protecting itself against printf format attacks. This problem has been...
[SECURITY] [DSA-055-1] gftp remote exploit
Package : gftp Problem type : printf format attack Debian-specific: no The gftp package as distributed with Debian GNU/Linux 2.2 has a problem in its logging code: it logged data received from the network but it did not protect itself from printf format attacks. An attacker can use this by making...
[SECURITY] [DSA-054-1] cron local root exploit
Package : cron Problem type : local root exploit Debian-specific: no A recent fall 2000 security fix to cron introduced an error in giving up privileges before invoking the editor. A malicious user could easily gain root access. This has been fixed in version 3.0pl1-57.3 or 3.0pl1-67 for unstable...
CVE-2001-0195
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking...
CVE-2001-0069
dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack...
CVE-2001-0069
CVE-2001-0069 affects the Debian GNU/Linux package dialog prior to version 0.9a-20000118-3bis. The vulnerability is a symlink attack that allows a local user to overwrite arbitrary files. The issue arises from a race condition involving symlinks, enabling manipulation of file targets by a non-pri...
[SECURITY] [DSA-053-1] nedit symlink attack
Package : nedit Problem type : insecure temporary file Debian-specific: no The nedit Nirvana editor package as shipped in the non-free section accompanying Debian GNU/Linux 2.2/potato had a bug in its printing code: when printing text it would create a temporary file with the to be printed text a...
[SECURITY] [DSA-047-1] multiple kernel problems
Package : various kernel packages Problem type : multiple Debian-specific: no The kernels used in Debian GNU/Linux 2.2 have been found to have multiple security problems. This is a list of problems based on the 2.2.19 release notes as found on http://www.linux.org.uk/ : binfmtmisc used user pages...
[SECURITY] [DSA-047-1] multiple kernel problems
-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory DSA-047-1 [email protected] http://www.debian.org/security/ Wichert Akkerman April 16, 2001 -...
[SECURITY] [DSA-046-1] exuberant-ctags uses insecure temporary files
Package : exuberant-ctags Problem type : insecure temporary files Debian-specific: no Colin Phipps discovered that the exuberant-ctags packages as distributed with Debian GNU/Linux 2.2 creates temporary files insecurely. This has been fixed in version 1:3.2.4-0.1 of the Debian package, and upstre...
[DSA-045-2] New version of ntp released
---------------------------------------------------------------------------- Debian Security Advisory DSA-045-2 [email protected] http://www.debian.org/security/ Michael Stone April 9, 2001 - ---------------------------------------------------------------------------- Package: ntp...
[SECURITY] [DSA-044-1] mailx local exploit
Package : mailx Problem type : buffer overflow Debian-specific: no The mail program a simple tool to read and send email as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code. Since mail is installed setgid mail by default this allowed local users to use it to...
[SECURITY] [DSA 038-1] New version of sgml-tools available
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------------- Debian Security Advisory DSA-038-1 [email protected] http://www.debian.org/security/ Martin Schulze March 8, 2001 -...
[SECURITY] [DSA 035-1] New version of man2html available
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------------- Debian Security Advisory DSA-035-1 [email protected] http://www.debian.org/security/ Martin Schulze March 7, 2001 -...