Mandrake Linux Security Advisory : nfs-utils (MDKSA-2004:146)

SGI developers discovered a remote DoS Denial of Service condition in the NFS statd server. rpc.statd did not ignore the 'SIGPIPE' signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely. The updated packages have been patched to...

Mandrake Linux Security Advisory : a2ps (MDKSA-2004:140)

The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitrary commands with the privileges of the user running the vulnerable application. The updated packages have been patched to prevent this problem. %NASLMINLEVEL 70300 C Tenable Networ...

Mandrake Linux Security Advisory : mod_ssl (MDKSA-2004:075)

Ralf S. Engelschall found a remaining risky call to ssllog while reviewing code for another issue reported by Virulent. The updated packages are patched to correct the problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

Mandrake Linux Security Advisory : mod_ssl (MDKSA-2004:054)

A stack-based buffer overflow exists in the sslutiluuencodebinary function in sslenginekernel.c in modssl for Apache 1.3.x. When modssl is configured to trust the issuing CA, a remote attacker may be able to execute arbitrary code via a client certificate with a long subject DN. The provided...

Mandrake Linux Security Advisory : openssl (MDKSA-2003:020)

In an upcoming paper, Brice Canvel EPFL, Alain Hiltgen UBS, Serge Vaudenay EPFL, and Martin Vuagnoux EPFL, Ilion describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability 0.9.6i and 0.9.7a. The...