CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

[SECURITY] [DSA 601-1] New libgd1 packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 601-1 [email protected] http://www.debian.org/security/ Martin Schulze November 29th, 2004 http://www.debian.org/security/faq -...

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

CVE-2004-0833

CVE-2004-0833 affects Debian GNU/Linux Sendmail prior to 8.12.3 when sasl/sasl-bin is used. The Debian security advisory indicates that the Sendmail configuration script initializes the sasl database with a fixed username and password, enabling a remote attacker to use Sendmail as an open mail re...

CVE-2004-0833

Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages...

[SECURITY] [DSA 587-1] New freeam packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 587-1 [email protected] http://www.debian.org/security/ Martin Schulze November 8th, 2004 http://www.debian.org/security/faq -...

CVE-2004-0911

telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service free of an invalid pointer, a different vulnerability than CVE-2001-0554...

CVE-2004-0911

telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service free of an invalid pointer, a different vulnerability than CVE-2001-0554...

[SECURITY] [DSA 568-1] New cyrus-sasl-mit packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 568-1 [email protected] http://www.debian.org/security/ Martin Schulze October 16th, 2004 http://www.debian.org/security/faq -...

Debian DSA-066-1 : cfingerd - remote exploit

Steven van Acker reported on bugtraq that the version of cfingerd a configurable finger daemon as distributed in Debian GNU/Linux 2.2 suffers from two problems : - The code that reads configuration files files in which $ commands are expanded copied its input to a buffer without checking for a...

Debian DSA-081-1 : w3m - Buffer Overflow

In SNS Advisory No. 32 a buffer overflow vulnerability has been reported in the routine which parses MIME headers that are returned from web servers. A malicious web server administrator could exploit this and let the client web browser execute arbitrary code. w3m handles MIME headers included in...

Debian DSA-057-1 : gftp - printf format attack

The gftp package as distributed with Debian GNU/Linux 2.2 has a problem in its logging code: it logged data received from the network but it did not protect itself from printf format attacks. An attacker can use this by making an FTP server return special responses that exploit this. %NASLMINLEVE...

Debian DSA-044-1 : mailx

The mail program a simple tool to read and send email as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code. Since mail is installed setgid mail by default this allowed local users to use it to gain access to mail group. Since the mail code was never written to ...

Debian DSA-262-1 : samba - remote exploit

Sebastian Krahmer of the SuSE security audit team found two problems in samba, a popular SMB/CIFS implementation. The problems are : - a buffer overflow in the SMB/CIFS packet fragment re-assembly code used by smbd. Since smbd runs as root an attacker can use this to gain root access to a machine...

CVE-2004-0911

telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service free of an invalid pointer, a different vulnerability than CVE-2001-0554...

CVE-2004-0911

telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service free of an invalid pointer, a different vulnerability than CVE-2001-0554...

CVE-2004-0911

CVE-2004-0911 pertains to the netkit-telnet/ telnetd remote denial of service via an invalid free (CAN-2004-0911). Multiple feeds document a bug in the telnetd server used with netkit-telnet (notably in Debian/woody and related releases) where remote attackers could crash the telnetd process or p...

Debian bsdmainutils 6.0.14 - Calendar Information Disclosure

Debian bsdmainutils 6.0.14 - Calendar Information Disclosure // source: https://www.securityfocus.com/bid/11077/info The calendar utility contained in the bsdmainutils package on Debian GNU/Linux systems is reported susceptible to an information disclosure vulnerability. This is due to a lack of...