[SECURITY] [DSA-092-1] local root in wmtv

-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory DSA-092-1 [email protected] http://www.debian.org/security/ Wichert Akkerman December 6, 2001 -...

[SECURITY] [DSA-090-1] xtel symlink vulnerabilities

Package : xtel Problem type : symlink attack Debian-specific: no The xtel a X emulator for minitel package as distributed with Debian GNU/Linux 2.2 has two possible symlink attacks: xteld creates a temporary file /tmp/.xtel-user without checking for symlinks. when printing a hardcope xtel would...

[SECURITY] [DSA-088-1] improper character escaping in fml

Package : fml Problem type : improper character escaping Debian-specific: no The fml a mailing list package as distributed in Debian GNU/Linux 2.2 suffers from a cross-site scripting problem. When generating index pages for list archives the and characters were not properly escaped for subjects...

[SECURITY] [DSA 086-1] New versions of ssh-nonfree & ssh-socks fix buffer overflow

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------------- Debian Security Advisory DSA 086-1 [email protected] http://www.debian.org/security/ Michael Stone November 13, 2001 -...

[SECURITY] [DSA 085-1] New nvi packages fix format string vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 085-1 [email protected] http://www.debian.org/security/ Martin Schulze October 20th, 2001 -...

[SECURITY] [DSA 085-1] New nvi packages fix format string vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 085-1 [email protected] http://www.debian.org/security/ Martin Schulze October 20th, 2001 - -------------------------------------------------------------------------- Package : nvi, nvi-m17n...

[SECURITY] [DSA 083-1] New procmail packages fix insecure signal handling

-------------------------------------------------------------------------- Debian Security Advisory DSA 083-1 [email protected] http://www.debian.org/security/ Martin Schulze October 18th, 2001 - -------------------------------------------------------------------------- Package : procmail...

[SECURITY] [DSA 082-1] News Xvt packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 082-1 [email protected] http://www.debian.org/security/ Martin Schulze October 18th, 2001 - -------------------------------------------------------------------------- Package : xvt...

[SECURITY] [DSA 081-1] New w3m packages fix buffer overflow

-------------------------------------------------------------------------- Debian Security Advisory DSA 081-1 [email protected] http://www.debian.org/security/ Martin Schulze October 18th, 2001 - -------------------------------------------------------------------------- Packages : w3m, w3m-ssl...

CVE-2001-0755

Buffer overflow in ftp daemon ftpd 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command...

[SECURITY] [DSA-077-1] squid FTP PUT problem

Package : squid Problem type : remote DoS Debian-specific: no Vladimir Ivaschenko found a problem in squid a popular proxy cache. He discovered that there was a flaw in the code to handle FTP PUT commands: when a mkdir-only request was done squid would detect an internal error and exit. Since squ...

[SECURITY] [DSA 076-1] New most packages available

---------------------------------------------------------------------------- Debian Security Advisory DSA 076-1 [email protected] http://www.debian.org/security/ Martin Schulze September 18, 2001 - ---------------------------------------------------------------------------- Package : most...

[SECURITY] [DSA-075-1] telnetd-ssl AYT buffer overflow

------------------------------------------------------------------------ Debian Security Advisory DSA-075-1 [email protected] http://www.debian.org/security/ Robert van der Meulen August 14, 2001 - ------------------------------------------------------------------------ Package :...

[SECURITY] [DSA-069-1] xloadimage buffer overflow

Package : xloadimage Problem type : buffer overflow Debian-specific: no The version of xloadimage a graphics files viewer for X that was shipped in Debian GNU/Linux 2.2 has a buffer overflow in the code that handles FACES format images. This could be exploited by an attacker by tricking someone...

[SECURITY] [DSA-068-1] OpenLDAP DoS

Package : openldap Problem type : remote DoS Debian-specific: no CERT released their advisory CA-2001-18 which lists a number of vulnerabilities in various LDAP implementations. based on the results of the PROTOS LDAPv3 test suite. These tests found one problem in OpenLDAP, a free LDAP...

[SECURITY] [DSA-058-1] exim printf format attack

Package : exim Problem type : remote printf format attack Debian-specific: no Megyer Laszlo found a printf format bug in the exim mail transfer agent. The code that checks the header syntax of an email logs an error without protecting itself against printf format attacks. This problem has been...

[SECURITY] [DSA-055-1] gftp remote exploit

Package : gftp Problem type : printf format attack Debian-specific: no The gftp package as distributed with Debian GNU/Linux 2.2 has a problem in its logging code: it logged data received from the network but it did not protect itself from printf format attacks. An attacker can use this by making...

[SECURITY] [DSA-054-1] cron local root exploit

Package : cron Problem type : local root exploit Debian-specific: no A recent fall 2000 security fix to cron introduced an error in giving up privileges before invoking the editor. A malicious user could easily gain root access. This has been fixed in version 3.0pl1-57.3 or 3.0pl1-67 for unstable...

CVE-2001-0195

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking...

CVE-2001-0069

CVE-2001-0069 affects the Debian GNU/Linux package dialog prior to version 0.9a-20000118-3bis. The vulnerability is a symlink attack that allows a local user to overwrite arbitrary files. The issue arises from a race condition involving symlinks, enabling manipulation of file targets by a non-pri...