Hardcoded credentials

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...

CVE-2008-2936

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...

CVE-2008-2936

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...

postfix privilege escalation flaw

Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending ...

vsftpd security and bug fix update

2.0.1-6 - add option maxloginfails that kicks the session after few login fails - Resolves: 197141 - fix bad handling of unique files - Resolves: 250727 - increase maximum length of allowed username - Resolves: 236326 - fix create/lock race condition when more clients are uploading to a file -...

RHEL 4 : vsftpd (RHSA-2008:0680)

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2008:0680 advisory. vsftpd Very Secure File Transfer Protocol FTP daemon is a secure FTP server for Linux and Unix-like systems. The version of vsftpd as shipped in Red...

Moderate: Red Hat Security Advisory: vsftpd security and bug fix update

An updated vsftpd package that fixes a security issue and various bugs is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. vsftpd Very Secure File Transfer Protocol FTP daemon is a secure FTP server for Linux and Unix-like systems...

Firebird: Data disclosure

Background Firebird is a multi-platform, open source relational database. Description Viesturs reported that the default configuration for Gentoo's init script "/etc/conf.d/firebird" sets the "ISCPASSWORD" environment variable when starting Firebird. It will be used when no password is supplied b...

SuSE 10 Security Update : Geronimo (ZYPP Patch Number 4967)

A chown in the geronimo init script could change ownership of directories it did not own, due to following symlinks. The default setup would corrupt /var/tmp on start. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

mailman security and bug fix update

2.1.5.1-34.rhel4.6 - fix 200036 - canceling subscription confirmation crashes mailman - fix 205651 - CVE-2006-4624 logfile CRLF injection - fix 230939 - missing migrate-fhs script - fix 223191 - spam filters gets deleted when sender filter is edited - fix 242677 - wrong init script...

tcpdump security and bug fix update

14:3.9.4-11.el5.0.1 - Modified libpcap-0.9.4/fad-getad.c to include linux/types.h if it includes linux/ifpacket.h 14:3.9.4-11.el5 - fix buffer overflow in BGP dissector 250294, CVE-2007-3798 14:3.9.4-10.el5 - with -C option, drop root privileges before opening first savefile 241677 14:3.9.4-9.el5...

X Font Server: Multiple Vulnerabilities

Background The X.Org X11 X Font Server provides a standard mechanism for an X server to communicate with a font renderer. Description iDefense reported that the xfs init script does not correctly handle a race condition when setting permissions of a temporary file CVE-2007-3103. Sean Larsson...

CVE-2007-3852

The init script sysstat.in in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code...

Code injection

The init script sysstat.in in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code...

CVE-2007-3852

The CVE details show: sysstat up to version 7.1.6 creates /tmp/sysstat.run insecurely in the init script (sysstat.in), allowing local users to execute arbitrary code. Affected: sysstat package (components for sar/iostat), on affected Linux distros; root cause is insecure temporary file usage. mit...

CVE-2007-3852

The init script sysstat.in in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code...

CVE-2007-3852

The init script sysstat.in in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code...

Fedora Core 5 : postgresql-8.1.7-1.fc5 (2007-198)

Sun Feb 4 2007 Tom Lane 8.1.7-1 - Update to PostgreSQL 8.1.7 to fix CVE-2007-0555, CVE-2007-0556 Related: 225496 - Wed Jan 10 2007 Tom Lane 8.1.6-1 - Update to PostgreSQL 8.1.6 - Mon Dec 11 2006 Tom Lane 8.1.5-1 - Update to PostgreSQL 8.1.5 - Update to PyGreSQL 3.8.1 - Adjust init script to not...

GLSA-200612-17 : GNU Radius: Format string vulnerability

The remote host is affected by the vulnerability described in GLSA-200612-17 GNU Radius: Format string vulnerability A format string vulnerability was found in the sqllog function from the SQL accounting code for radiusd. That function is only used if one or more of the 'postgresql', 'mysql' or...

Mandrake Linux Security Advisory : MySQL (MDKSA-2006:158)

MySQL before 4.1.13 allows local users to cause a denial of service persistent replication slave crash via a query with multiupdate and subselects. CVE-2006-4380 There is a bug in the MySQL-Max and MySQL init script where the script was not waiting for the mysqld daemon to fully stop. This impact...