Low: Red Hat Security Advisory: squirrelmail security update

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecur...

RHEL 3 : squirrelmail (RHSA-2005:135)

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecur...

Debian DSA-580-1 : iptables - missing initialisation

Faheem Mitha noticed that the iptables command, an administration tool for IPv4 packet filtering and NAT, did not always load the required modules on its own as it was supposed to. This could lead to firewall rules not being loaded on system startup. This caused a failure in connection with rules...

Linux kernel USB drivers do not initialize kernel memory properly

Overview Various Linux USB drivers contain an information disclosure vulnerability that may expose sensitive segments of kernel memory to users. Description USB drivers for several versions the Linux kernel do not properly initialize kernel memory before using it. When an affected USB driver copi...

Debian DSA-117-1 : cvs - improper variable initialization

Kim Nielsen recently found an internal problem with the CVS server and reported it to the vuln-dev mailing list. The problem is triggered by an improperly initialized global variable. A user exploiting this can crash the CVS server, which may be accessed through the pserver service and running...

CVE-2004-0535

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources...

CVE-2004-0535

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources...

php -- memory_limit related vulnerability

Stefan Esser of e-matters discovered a condition within PHP that may lead to remote execution of arbitrary code. The memorylimit facility is used to notify functions when memory contraints have been met. Under certain conditions, the entry into this facility is able to interrupt functions such as...

Mac OS X Multiple Vulnerabilities (Security Update 2003-12-19)

The remote host is missing Security Update 2003-12-19. This security update includes the following components : - AFP Server - cd9600.util - Directory Services - fetchmail - fsusage - rsync - System Initialization For MacOS X 10.3, it also includes : - ASN.1 Decoding for PKI This update contains...

CVE-2004-0535

CVE-2004-0535 relates to the Linux kernel's e1000 NIC driver (2.4.x and earlier) where memory used by the driver was not properly initialized before access. This could permit a local attacker to read portions of kernel memory. The issue is documented and linked to several vendor advisories (e.g.,...

CVE-2004-0535

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources...

security flaw

Real time clock RTC routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space...

Samba 3.0.x password initialization bug

From the Samba 3.0.2 release notes: Security Announcement: It has been confirmed that previous versions of Samba 3.0 are susceptible to a password initialization bug that could grant an attacker unauthorized access to a user account created by the mksmbpasswd.sh shell script...

CVE-2003-0984

Real time clock RTC routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space...

SudBox Boutique 1.2 - 'login.php' Authentication Bypass

source: https://www.securityfocus.com/bid/7651/info A vulnerability has been reported for SudBox Boutique. The problem occurs due to insufficient initialization of variables and may allow an unauthorized user to gain authenticate. Specifically, by making a malicious request to the login.php scrip...

CVE-2002-0082

The dbm and shm session cache code in modssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2dSSLSESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed...

[SECURITY] [DSA 117-1] New CVS packages fix potential security problems

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 117-1 [email protected] http://www.debian.org/security/ Martin Schulze March 5th, 2002 -...

[SECURITY] [DSA 117-1] New CVS packages fix potential security problems

-------------------------------------------------------------------------- Debian Security Advisory DSA 117-1 [email protected] http://www.debian.org/security/ Martin Schulze March 5th, 2002 - -------------------------------------------------------------------------- Package : cvs Vulnerability...

[SECURITY] [DSA 117-1] New CVS packages fix potential security problems

-------------------------------------------------------------------------- Debian Security Advisory DSA 117-1 [email protected] http://www.debian.org/security/ Martin Schulze March 5th, 2002 - -------------------------------------------------------------------------- Package : cvs Vulnerability...

OpenSSH does not initialize PAM session thereby allowing PAM restrictions to be bypassed

Overview OpenSSH is an implementation of the Secure Shell SSH protocol. It can be configured to use Linux Pluggable Authentication Modules PAM for added authentication. A vulnerability exists in OpenSSH, and perhaps other implementations of SSH, which can allow to potentially bypass PAM...