USN-5966-2 amanda regression

USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update reverts all of the changes in amanda until a better fix is provided. We apologize for the inconvenience. Original advisory details: Maher Azzouzi discovered an information...

USN-5966-2: amanda regression

USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update reverts all of the changes in amanda until a better fix is provided. We apologize for the inconvenience. Original advisory details: Maher Azzouzi discovered an information...

Apple Xcode WebObjects插件权限提升漏洞

Xcode是苹果机器上所使用的开发工具。 Xcode在以高权限调用外部工具时存在漏洞，本地攻击者可能利用此漏洞提升自己的权限。 Xcode需要使用OpenBase技术为WebObjects组件提供额外的功能。OpenBase库在调用/Library/OpenBase/bin/gnutar时没有正确地使用setuid权限，在以euid=0运行OpenBase时调用了gnutar。通过使用TAROPTIONS环境变量就可以强制gnutar没有指定路径便调用gzip，因此攻击者可以通过控制PATH变量获得root权限。 Apple XCode 2.2 OpenBase OpenBase...

CVE-2006-5327

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain...

CVE-2006-5327

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain...

DEBIAN-CVE-2002-0901

Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver AMANDA 2.3.0.4 allow 1 remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs 2 amcheck, 3...