GNU libtool simbolic links problem

Symbolic links problem during compilation...

Windows XP/2003 server service memory leak

Memory leak on directory cration/deletion...

Symbolic links problem in NetPBM

Symlink problem during temporary files creation...

[securitylab.ru & security.nnov] Kerio Winroute Firewall Xroxy problem

Application: Kerio Winroute Firewall 5.10 Vendor: Kerio Technologies Inc. Vendor Site: http://www.kerio.com Remote: Yes Exploitable: Yes Risk level: Critical if proxy requires authentication Authors: Alexander Antipov & 3APA3A aka Pig Killer Authors Sites: http://www.securitylab.ru...

SOL2773 - Multiple Open SSH vulnerabilities CA-2003-24, CA-2003-26, and CA-2003-26

CERT Vulnerability Note VU333628 details a buffer management problem in all versions of OpenSSH, prior to version 3.7.1, that may potentially be used by an attacker to gain unauthorized remote access. For information about this vulnerability, refer to...

Apache HTTPD contains denial of service vulnerability in basic authentication module

Overview The Apache HTTP server contains a denial-of-service vulnerability that allows remote attackers to to conduct denial-of-service attacks on the HTTP basic authentication module of an affected server. Description The Apache HTTP server contains a denial-of-service vulnerability in the...

gzip znew symbolic links problem

Unsafe temporary files creation...

CVE-2003-0255

The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path...

Updated KDE packages available

New KDE 3.1.1a packages are available for Slackware 9.0 which fix a security problem with the handling of PS and PDF documents. Here are the details from the Slackware 9.0 ChangeLog: Thu Apr 17 15:32:15 PDT 2003 patches/packages/kde/: Upgraded to KDE 3.1.1a. Also included in this directory are a...

[SECURITY] [DSA 275-1] New lpr-ppd packages fix local root exploit

-------------------------------------------------------------------------- Debian Security Advisory DSA 275-1 [email protected] http://www.debian.org/security/ Martin Schulze April 2nd, 2003 http://www.debian.org/security/faq -...

Vulnerability in man < 1.5l

man 1.5l was released today, fixing a bug which results in arbitrary code execution upon reading a specially formatted man file. The basic problem is, upon finding a string with a quoting problem, the function myxsprintf in util.c will return "unsafe" rather than returning a string which could be...

Automatic File Content Type Recognition Tool contains memory allocation problem

Overview A memory allocation problem exists in the "Automatic File Content Type Recognition Tool" versions of the file1 package prior to 3.41. Description According to an OpenPKG advisory, a memory allocation problem exists in the "Automatic File Content Type Recognition Tool" AFCTR tool versions...

Multiple glftpd bugs

Directory traversal in messaging system, archive extraction, effective uid problem...

[SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 253-1 [email protected] http://www.debian.org/security/ Martin Schulze February 24th, 2003 http://www.debian.org/security/faq -...

Apache 2.x leaked descriptors

Hello, I noticed a problem with apache 2.x back in October and contacted the apache security team with the problem. They've had about 4 months to do something with the problem but haven't seen fit to fix it yet. The last time I tried to status their progress no one replied to my query. I was...

myphpPagetool (php)

Informations : °°°°°°°°°°°°°° Version : 0.4.3-1 Website : http://myphppagetool.sourceforge.net/ Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° In /doc/admin/, in the files index.php, help1.php, help2.php, help3.php, help4.php, help5.php, help6.php, help7.php, help8.php and help9.p...

[SECURITY] [DSA 245-1] New dhcp3 packages fix potential network flood

-------------------------------------------------------------------------- Debian Security Advisory DSA 245-1 [email protected] http://www.debian.org/security/ Martin Schulze January 28th, 2003 http://www.debian.org/security/faq -...

Bogofilter symbolic links problem

file /tmp/bogopass.$$ is created without symbolic link check...

Multiple Sybase buffer overflows

Buffer overflows in xpfreedll, DROP DATABASE, DBCC CHECKVERIFY...

Exploitable pine heap overflow (Re: Remote pine Denial of Service)

Dear Linus Sjberg, There is a classic and probably exploitable heap overflow in bldaddr.c addrliststring. else char charset = NULL; list = char fsgetsizetestsizeadrlist; list0 = '0'; rfc822writeaddressdecodelist, adrlist, verbose ? NULL : &charset, doquote; ifcharset fsgivevoid &charset; estsize...