[SECURITY] New versions of trn fixes /tmp race

All former versions of trn used a hardcoded filename in /tmp as temporary storage. If the file already exists as symbolic link to users files they will be overwritten. We recommend you upgrade your man2html package as soon as possible. wget url will fetch the file for you dpkg -i file.deb will...

[SECURITY] New versions of man2html fixes postinst glitch

Former versions of man2html uses a static file in /tmp for writing. This can lead into overwriting system files if a malicious user has created a symbolic link to it before upgrading man2html. We recommend you upgrade your man2html package as soon as possible. wget url will fetch the file for you...

[SECURITY] New versions of smtp-refuser fixes security hole

This bug was experienced in May 1999 but wasnt reported on this channel yet. Former versions of the smtp-refuser package came with unchecked logging facility to /tmp/log. This allowed deleting arbitrary, root-owned files by any user who has write access to /tmp. We recommend you upgrade your...

[SECURITY] New versions of man2html fixes postinst glitch

Former versions of man2html uses a static file in /tmp for writing. This can lead into overwriting system files if a malicious user has created a symbolic link to it before upgrading man2html. We recommend you upgrade your man2html package as soon as possible. wget url will fetch the file for you...

[SECURITY] New versions of trn fixes /tmp race

All former versions of trn used a hardcoded filename in /tmp as temporary storage. If the file already exists as symbolic link to users files they will be overwritten. We recommend you upgrade your man2html package as soon as possible. wget url will fetch the file for you dpkg -i file.deb will...

[SECURITY] New versions of termcap-compat fixes buffer overflow

We have received a report that former versions of libtermcap contained an exploitable buffer overflow. Debian itself is not exploitable by this bug since termcap was abandoned in favour of terminfo long ago. However, if you have compiled your own programs using termcap or have installed third par...

[SECURITY] New versions of termcap-compat fixes buffer overflow

We have received a report that former versions of libtermcap contained an exploitable buffer overflow. Debian itself is not exploitable by this bug since termcap was abandoned in favour of terminfo long ago. However, if you have compiled your own programs using termcap or have installed third par...

[SECURITY] New versions of rsync fixes security hole

This is an old report from May 1999 but it wasnt reported on this channel yet. The author of rsync, Andrew Tridgell, has reported that former versions of rsync contained a security-related bug. I you were transferring an empty directory into a non-existent directory on a remote host, permissions ...

ftpwatch.txt

Date: Sun, 17 Jan 1999 11:48:22 -0400 From: Jamie Fifield Reply-To: [email protected] To: [email protected] Subject: SECURITY ftpwatch package has major security problems -----BEGIN PGP SIGNED MESSAGE----- We have found that the ftpwatch package as distributed in Debian GNU/Linux 1.3 and lat...

cfingerd.txt

Date: Thu, 23 Jul 1998 23:48:21 -0500 From: John Goerzen Subject: CFINGERD root security hole SUMMARY ------- I have found out that cfingerd 1.3.2 contains a security hole that could lead to easy root compromise for any user that has an account on the local machine, but only if ALLOWEXECUTION is...

man-db.zsoelim.symlink.txt

Date: Sat, 12 Jun 1999 14:57:37 -0700 From: [email protected] Reply-To: [email protected] Subject: New version of man-db fixes symlink attack in zsoelim -----BEGIN PGP SIGNED MESSAGE----- We have received reports that the man-db package as supplied in Debian GNU/Linux 2....

[SECURITY] new version isdnutils fixes exploitable xmonisdn

We have received reports that the version of xmonisdn as distributed in the isndutils package from Debian GNU/Linux 2.1 has a security problem. Xmonisdn is an X applet that shows the status of the ISDN links. You can configure it to run two scripts when the left or right mouse button are clicked ...

Debian 2.1 - Print Queue Control

Debian 2.1 - Print Queue Control // source: https://www.securityfocus.com/bid/508/info The LPRng software is an enhanced, extended, and portable version of the Berkeley LPR software the standard UNIX printer spooler that ships with Debian GNU/Linux. When root controls the print queue, the...

Debian 2.1 - Print Queue Control

// source: https://www.securityfocus.com/bid/508/info The LPRng software is an enhanced, extended, and portable version of the Berkeley LPR software the standard UNIX printer spooler that ships with Debian GNU/Linux. When root controls the print queue, the authentication that is used is based on...

[SECURITY] New versions of mailman fixes cookie attack

We have become aware that the version mailman as supplied in Debian GNU/Linux 2.1 has a problem with verifying list administrators. The problem is that the cookie value generation used was predictable, so using forged authentication cookies it was possible to access the list administration webpag...

IMAP pop-2d POP Daemon FOLD Command Remote Overflow

There is a buffer overflow in the imap suite provided with Debian GNU/Linux 2.1, which has a vulnerability in its POP-2 daemon, found in the ipopd package. This vulnerability allows an attacker to gain a shell as user 'nobody', but requires the attacker to have a valid pop2 account. C Tenable...

Debian 2.1 - HTTPd

source: https://www.securityfocus.com/bid/318/info The Debian GNU/Linux 2.1 apache package by default allows anyone to view /usr/doc via the web, remotely. This is because srm.conf is preconfigured with the line: Alias /doc/ /usr/doc/ Boa is also preconfigured this way. lynx http://some.host/doc...

Debian 2.1 - HTTPd

Debian 2.1 - HTTPd source: https://www.securityfocus.com/bid/318/info The Debian GNU/Linux 2.1 apache package by default allows anyone to view /usr/doc via the web, remotely. This is because srm.conf is preconfigured with the line: Alias /doc/ /usr/doc/ Boa is also preconfigured this way. lynx...

Subject: [SECURITY] New version of kernel-image for sparc fixes DoS attack

As is widely known by now the Linux 2.2.x kernels had a problem with parsing IP options, which made them susceptible to a DoS attack. The Debian GNU/Linux 2.1 release for the Sun sparc architecture uses such a kernel. If you are using such a system and havent upgraded the kernel yourself, we...

[SECURITY] New version if ipopd prevents exploit

We have received reports that the version of the imap suite in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon, which can be found in the ipopd package. Using this vulnerability it is possible for remote users to get a shell as user "nobody" on the server. We recommend you upgrade yo...