[SECURITY] new version isdnutils fixes exploitable xmonisdn

We have received reports that the version of xmonisdn as distributed in the isndutils package from Debian GNU/Linux 2.1 has a security problem. Xmonisdn is an X applet that shows the status of the ISDN links. You can configure it to run two scripts when the left or right mouse button are clicked ...

Debian 2.1 - Print Queue Control

Debian 2.1 - Print Queue Control // source: https://www.securityfocus.com/bid/508/info The LPRng software is an enhanced, extended, and portable version of the Berkeley LPR software the standard UNIX printer spooler that ships with Debian GNU/Linux. When root controls the print queue, the...

Debian 2.1 - Print Queue Control

// source: https://www.securityfocus.com/bid/508/info The LPRng software is an enhanced, extended, and portable version of the Berkeley LPR software the standard UNIX printer spooler that ships with Debian GNU/Linux. When root controls the print queue, the authentication that is used is based on...

[SECURITY] New versions of mailman fixes cookie attack

We have become aware that the version mailman as supplied in Debian GNU/Linux 2.1 has a problem with verifying list administrators. The problem is that the cookie value generation used was predictable, so using forged authentication cookies it was possible to access the list administration webpag...

IMAP pop-2d POP Daemon FOLD Command Remote Overflow

There is a buffer overflow in the imap suite provided with Debian GNU/Linux 2.1, which has a vulnerability in its POP-2 daemon, found in the ipopd package. This vulnerability allows an attacker to gain a shell as user 'nobody', but requires the attacker to have a valid pop2 account. C Tenable...

Debian 2.1 - HTTPd

source: https://www.securityfocus.com/bid/318/info The Debian GNU/Linux 2.1 apache package by default allows anyone to view /usr/doc via the web, remotely. This is because srm.conf is preconfigured with the line: Alias /doc/ /usr/doc/ Boa is also preconfigured this way. lynx http://some.host/doc...

Debian 2.1 - HTTPd

Debian 2.1 - HTTPd source: https://www.securityfocus.com/bid/318/info The Debian GNU/Linux 2.1 apache package by default allows anyone to view /usr/doc via the web, remotely. This is because srm.conf is preconfigured with the line: Alias /doc/ /usr/doc/ Boa is also preconfigured this way. lynx...

Subject: [SECURITY] New version of kernel-image for sparc fixes DoS attack

As is widely known by now the Linux 2.2.x kernels had a problem with parsing IP options, which made them susceptible to a DoS attack. The Debian GNU/Linux 2.1 release for the Sun sparc architecture uses such a kernel. If you are using such a system and havent upgraded the kernel yourself, we...

[SECURITY] New version if ipopd prevents exploit

We have received reports that the version of the imap suite in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon, which can be found in the ipopd package. Using this vulnerability it is possible for remote users to get a shell as user "nobody" on the server. We recommend you upgrade yo...

[SECURITY] New version of procmail with security fixes

A new version of procmail has been released which fixes some new buffer overflows that were missed in version 3.13 . We recommend you upgrade your procmail package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. Debian GNU/Linux 2.1 alias slink...

[SECURITY] New version of lsof fixes buffer overflow

We have received reports that the lsof package is distributed in Debian GNU/Linux 2.0 contains a buffer overflow. Using this overflow it is possible for local users to gain root-access. We have fixed this problem in version 4.37-3. We recommend you upgrade your lsof package immediately. wget url...

Re: [SECURITY] New versions of super fixes two buffer overflows

Martin Schulze wrote: ==================================================================== Debian GNU/Linux Security February 15th, 1999 We have received reports about two buffer overflows in the super package which was distributed as part of Debian GNU/Linux. Firstly, for per-user .supertab file...

[SECURITY] New versions of super fixes two buffer overflows

==================================================================== Debian GNU/Linux Security February 15th, 1999 We have received reports about two buffer overflows in the super package which was distributed as part of Debian GNU/Linux. Firstly, for per-user .supertab files super didnt check fo...

[SECURITY] New versions of super fixes two buffer overflows

==================================================================== Debian GNU/Linux Security February 15th, 1999 We have received reports about two buffer overflows in the super package which was distributed as part of Debian GNU/Linux. Firstly, for per-user .supertab files super didnt check fo...

CVE-2000-0367

Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges...

[SECURITY] New versions of super fixes two buffer overflows

==================================================================== Debian GNU/Linux Security February 15th, 1999 We have received reports about two buffer overflows in the super package which was distributed as part of Debian GNU/Linux. Firstly, for per-user .supertab files super didnt check fo...

Re: [SECURITY] New versions of super fixes two buffer overflows

Martin Schulze wrote: ==================================================================== Debian GNU/Linux Security February 15th, 1999 We have received reports about two buffer overflows in the super package which was distributed as part of Debian GNU/Linux. Firstly, for per-user .supertab file...

CVE-1999-0374

Debian GNU/Linux cfengine package is susceptible to a symlink attack...

[SECURITY] New versions of cfengine fixes symlink attack

The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files when it runs the tidy action on homedirectories, which makes it suspectible to a symlink attack. The author has been notified of the problem but has not released a fix yet. We recommend y...

[SECURITY] Corrected advisory on wu-ftpd-academ buffer overflow

The previous advisory concerning wu-ftpd-academ contained an error: the md5sum given for wu-ftpd-academ2.4.2.16-12.2i386.deb was incorrect. The correct md5sum is b851adb345917a6f92e8b03f8cc97ff2. I apologize for the confusion this has caused. The complete, updated, text of the advisory follows...