Ubuntu 6.06 LTS / 6.10 / 7.04 : libapache2-mod-perl2 vulnerability (USN-488-1)

Alex Solovey discovered that modperl did not correctly validate certain regular expression matches. A remote attacker could send a specially crafted request to a web application using modperl, causing the web server to monopolize CPU resources. This could lead to a remote denial of service. Note...

Ubuntu 5.10 / 6.06 LTS : libapache2-mod-python vulnerability (USN-430-1)

Miles Egan discovered that modpython, when used in output filter mode, did not handle output larger than 16384 bytes, and would display freed memory, possibly disclosing private data. Thanks to Jim Garrison of the Software Freedom Law Center for identifying the original bug as a security...

[USN-430-1] mod_python vulnerability

=========================================================== Ubuntu Security Notice USN-430-1 March 06, 2007 libapache2-mod-python vulnerability CVE-2004-2680 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06...

CVE-2004-2680

CVE-2004-2680 affects mod_python (libapache2-mod-python) 3.1.4 and earlier. The root cause is improper handling of output filters when processing more than 16,384 bytes, causing filter.read to return portions of previously freed memory. Practical impact is a potential data exposure and instabilit...

Debian DSA-935-1 : libapache2-mod-auth-pgsql - format string vulnerability

iDEFENSE reports that a format string vulnerability in modauthpgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the privileges of the httpd user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Design/Logic Flaw

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the 1 modauthzsvn.so and 2 moddavsvn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the 1 modauthzsvn.so and 2 moddavsvn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the 1 modauthzsvn.so and 2 moddavsvn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the 1 modauthzsvn.so and 2 moddavsvn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the 1 modauthzsvn.so and 2 moddavsvn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

CVE-2006-1564

The CVE-2006-1564 entry concerns libapache2-svn 1.3.0-4 for Subversion on Debian GNU/Linux. The vulnerability stems from untrusted search paths due to RPATH values under /tmp/svn for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, potentially allowing local users to gain privileges by pl...

[SECURITY] [DSA 1000-1] New Apache2::Request packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1000-1 [email protected] http://www.debian.org/security/ Martin Schulze March 14th, 2006 http://www.debian.org/security/faq -...

DSA-1000-2 libapreq2-perl - design error

Bulletin has no description...

Ubuntu 4.10 / 5.04 / 5.10 : libapache2-mod-auth-pgsql vulnerability (USN-239-1)

Several format string vulnerabilities were discovered in the error logging handling. By sending specially crafted user names, an unauthenticated remote attacker could exploit this to crash the Apache server or possibly even execute arbitrary code with the privileges of Apache user 'www-data'. Not...

Ubuntu 4.10 : libapache2-mod-python vulnerabilities (USN-80-1)

Graham Dumpleton discovered an information disclosure in the 'publisher' handle of modpython. By requesting a carefully crafted URL for a published module page, anybody can obtain extra information about internal variables, objects, and other information which is not intended to be visible. Note...

[SECURITY] [DSA 935-1] New libapache2-mod-auth-pgsql packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 935-1 [email protected] http://www.debian.org/security/ Michael Stone January 10, 2006 http://www.debian.org/security/faq -...

DSA-935-1 libapache2-mod-auth-pgsql - format string vulnerability

Bulletin has no description...