Debian DSA-791-1 : maildrop - missing privilege release

Max Vozeler discovered that the lockmail program from maildrop, a simple mail delivery agent with filtering abilities, does not drop group privileges before executing commands given on the commandline, allowing an attacker to execute arbitrary commands with privileges of the group mail...

[SECURITY] [DSA 791-1] New maildrop packages fix arbitrary group mail command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 791-1 [email protected] http://www.debian.org/security/ Martin Schulze August 30th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 791-1] New maildrop packages fix arbitrary group mail command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 791-1 [email protected] http://www.debian.org/security/ Martin Schulze August 30th, 2005 http://www.debian.org/security/faq -...

DSA-791-1 maildrop - missing privilege release

Bulletin has no description...

[SECURITY] [DSA 725-2] New ppxp packages fix local root exploit

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 725-2 [email protected] http://www.debian.org/security/ Martin Schulze July 4th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 725-2] New ppxp packages fix local root exploit

-------------------------------------------------------------------------- Debian Security Advisory DSA 725-2 [email protected] http://www.debian.org/security/ Martin Schulze July 4th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 728-2] New qpopper packages fix arbitrary file overwriting

-------------------------------------------------------------------------- Debian Security Advisory DSA 728-2 [email protected] http://www.debian.org/security/ Martin Schulze May 26th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 728-1] New qpopper packages fix arbitrary file overwriting

-------------------------------------------------------------------------- Debian Security Advisory DSA 728-1 [email protected] http://www.debian.org/security/ Martin Schulze May 25th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 728-1] New qpopper packages fix arbitrary file overwriting

-------------------------------------------------------------------------- Debian Security Advisory DSA 728-1 [email protected] http://www.debian.org/security/ Martin Schulze May 25th, 2005 http://www.debian.org/security/faq -...

DSA-728-1 qpopper - missing privilege release

Bulletin has no description...

Debian DSA-725-2 : ppxp - missing privilege release

Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user-supplied log files. This can be tricked into opening a root shell. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

DSA-725-2 ppxp - missing privilege release

Bulletin has no description...

Debian DSA-665-1 : ncpfs - missing privilege release

Erik Sjolund discovered several bugs in ncpfs that provides utilities to use resources from NetWare servers of which one also applies to the stable Debian distribution. Due to accessing a configuration file without further checks with root permissions it is possible to read arbitrary files...

[SECURITY] [DSA 655-1] New zhcon packages fix unauthorised file access

-------------------------------------------------------------------------- Debian Security Advisory DSA 655-1 [email protected] http://www.debian.org/security/ Martin Schulze January 25th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 655-1] New zhcon packages fix unauthorised file access

-------------------------------------------------------------------------- Debian Security Advisory DSA 655-1 [email protected] http://www.debian.org/security/ Martin Schulze January 25th, 2005 http://www.debian.org/security/faq -...

Debian DSA-405-1 : xsok - missing privilege release

Steve Kemp discovered a problem in xsok, a single player strategy game for X11, related to the Sokoban game, which leads a user to execute arbitrary commands under the GID of games. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Debian DSA-462-1 : xitalk - missing privilege release

Steve Kemp from the Debian Security Audit Project discovered a problem in xitalk, a talk intercept utility for the X Window System. A local user can exploit this problem and execute arbitrary commands under the GID utmp. This could be used by an attacker to remove traces from the utmp file...

[SECURITY] [DSA 462-1] New xitalk packages fix local group utmp exploit

-------------------------------------------------------------------------- Debian Security Advisory DSA 462-1 [email protected] http://www.debian.org/security/ Martin Schulze March 12th, 2004 http://www.debian.org/security/faq -...

[Full-Disclosure] [SECURITY] [DSA 462-1] New xitalk packages fix local group utmp exploit

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 462-1 [email protected] http://www.debian.org/security/ Martin Schulze March 12th, 2004 http://www.debian.org/security/faq -...

[SECURITY] [DSA 430-1] New trr19 packages fix local games exploit

-------------------------------------------------------------------------- Debian Security Advisory DSA 430-1 [email protected] http://www.debian.org/security/ Martin Schulze January 28th, 2004 http://www.debian.org/security/faq -...