206 matches found
[SECURITY] [DSA 701-1] New samba packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 701-1 [email protected] http://www.debian.org/security/ Martin Schulze March 31st, 2005 http://www.debian.org/security/faq -...
HP-UX PHCO_32280 : s700_800 11.04 (VVOS) libpam, libpam_unix cumulative patch
s700800 11.04 VVOS libpam, libpamunix cumulative patch : The remote HP-UX host is affected by multiple vulnerabilities : - A potential security vulnerability has been identified with HP-UX systems where the vulnerability may be exploited to allow a local user to increase privilege. HPSBUX02091...
CVE-2004-1340
Summary: CVE-2004-1340 affects the libpam-radius-auth package on Debian GNU/Linux 3.0, where the accompanying pam_radius_auth.conf was installed world-readable, potentially exposing secrets to all local users. The issue is Debian-specific (CAN-2004-1340) and was addressed in Debian security advis...
CVE-2004-1340
Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pamradiusauth.conf set to be world-readable, which allows local users to obtain sensitive information...
[SECURITY] [DSA 659-1] New libpam-radius-auth packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 659-1 [email protected] http://www.debian.org/security/ Martin Schulze January 26th, 2005 http://www.debian.org/security/faq -...
[SECURITY] [DSA 659-1] New libpam-radius-auth packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 659-1 [email protected] http://www.debian.org/security/ Martin Schulze January 26th, 2005 http://www.debian.org/security/faq -...
CVE-2004-1340
Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pamradiusauth.conf set to be world-readable, which allows local users to obtain sensitive information...
CVE-2004-1340
Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pamradiusauth.conf set to be world-readable, which allows local users to obtain sensitive information...
Debian DSA-659-1 : libpam-radius-auth - information leak, integer underflow
Two problems have been discovered in the libpam-radius-auth package, the PAM RADIUS authentication module. The Common Vulnerabilities and Exposures Project identifies the following problems : - CAN-2004-1340 The Debian package accidentally installed its configuration file /etc/pamradiusauth.conf...
CVE-2005-0108
Apache modauthradius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service crash via a RADIUSREPLYMESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument...
CVE-2005-0108
CVE-2005-0108 is a vulnerability in Apache mod_auth_radius and the libpam-radius-auth PAM module. The Debian and related advisories describe an integer underflow in the mod_auth_radius component that can be triggered by a crafted RADIUS_REPLY_MESSAGE, potentially allowing remote attackers to caus...
CVE-2005-0108
Apache modauthradius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service crash via a RADIUSREPLYMESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument...
Debian DSA-469-1 : pam-pgsql - missing input sanitising
Primoz Bratanic discovered a bug in libpam-pgsql, a PAM module to authenticate using a PostgreSQL database. The library does not escape all user-supplied data that are sent to the database. An attacker could exploit this bug to insert SQL statements. %NASLMINLEVEL 70300 C Tenable Network Security...
Debian DSA-374-1 : libpam-smb - buffer overflow
libpam-smb is a PAM authentication module which makes it possible to authenticate users against a password database managed by Samba or a Microsoft Windows server. If a long password is supplied, this can cause a buffer overflow which could be exploited to execute arbitrary code with the privileg...
CVE-2004-0366
SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements...
CVE-2004-0366
SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements...
CVE-2004-0366
CVE-2004-0366 affects libpam-pgsql (pam-pgsql) with a SQL injection vulnerability present in versions prior to 0.5.2. The underlying issue is missing input sanitising that allows an attacker to insert arbitrary SQL statements when data is sent to PostgreSQL. Debian and OpenVAS entries document th...
CVE-2004-0366
Removed by vendor...
PT-2004-1520 · Unknown · Libpam-Pgsql
Name of the Vulnerable Software and Affected Versions: libpam-pgsql versions prior to 0.5.2 Description: The issue allows attackers to execute arbitrary SQL statements due to a SQL injection vulnerability in the libpam-pgsql library. Recommendations: For versions prior to 0.5.2, update to version...
[SECURITY] [DSA 469-1] New libpam-pgsql packages fix SQL injection
-------------------------------------------------------------------------- Debian Security Advisory DSA 469-1 [email protected] http://www.debian.org/security/ Martin Schulze March 29th, 2004 http://www.debian.org/security/faq -...