442 matches found
Debian DSA-784-1 : courier - programming error
A problem has been discovered in the Courier Mail Server. DNS failures were not handled properly when looking up Sender Policy Framework SPF records, which could allow attackers to cause memory corruption. The default configuration on Debian has SPF checking disabled, so most machines are not...
DSA-790-1 phpldapadmin - programming error
Bulletin has no description...
[SECURITY] [DSA 784-1] New courier packages fix denial of service
-------------------------------------------------------------------------- Debian Security Advisory DSA 784-1 [email protected] http://www.debian.org/security/ Martin Schulze August 25th, 2005 http://www.debian.org/security/faq -...
FreeBSD : Apache 1.3 IP address access control failure on some 64-bit platforms (09d418db-70fd-11d8-873f-0020ed76ef5a)
Henning Brauer discovered a programming error in Apache 1.3's modaccess that results in the netmasks in IP address access control rules being interpreted incorrectly on 64-bit, big-endian platforms. In some cases, this could cause a deny from' IP address access control rule including a netmask to...
Debian DSA-744-1 : fuse - programming error
Sven Tantau discovered a security problem in fuse, a filesystem in userspace, that can be exploited by malicious, local users to disclose potentially sensitive information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...
[SECURITY] [DSA 585-1] New shadow packages fix unintended behaviour
-------------------------------------------------------------------------- Debian Security Advisory DSA 585-1 [email protected] http://www.debian.org/security/ Martin Schulze November 5th, 2004 http://www.debian.org/security/faq -...
DSA-585-1 shadow - programming error
Bulletin has no description...
apache -- apr_uri_parse IPv6 address handling vulnerability
The Apache Software Foundation Security Team discovered a programming error in the apr-util library function apruriparse. When parsing IPv6 literal addresses, it is possible that a length is incorrectly calculated to be negative, and this value is passed to memcpy. This may result in an exploitab...
FreeBSD : SA-04:11.msync
The remote host is running a version of FreeBSD which contains a programming error in the msync2 system call which may let a local user with read access to a given file to forbid any change to this file to be written to disk. C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...
FreeBSD : SA-04:13.linux
The remote host is running a version of the FreeBSD kernel which contains a programming error in the way it handles some Linux system calls, which may be exploited by an attacker to gain super-user privileges on the remote host, or to crash it. C Tenable Network Security, Inc. if !...
cvs pserver remote heap buffer overflow
Due to a programming error in code used to parse data received from the client, malformed data can cause a heap buffer to overflow, allowing the client to overwrite arbitrary portions of the server's memory. A malicious CVS client can exploit this to run arbitrary code on the server at the...
Apache 1.3 IP address access control failure on some 64-bit platforms
Henning Brauer discovered a programming error in Apache 1.3's modaccess that results in the netmasks in IP address access control rules being interpreted incorrectly on 64-bit, big-endian platforms. In some cases, this could cause a deny from' IP address access control rule including a netmask to...
FreeBSD Security Advisory FreeBSD-SA-04:03.jail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:03.jail Security Advisory The FreeBSD Project Topic: Jailed processes can attach to other jails Category: core Module: kernel Announced: 2004-02-25 Credits: JA...
jailed processes can manipulate host routing tables
A programming error resulting in a failure to verify that an attempt to manipulate routing tables originated from a non-jailed process. Jailed processes running with superuser privileges could modify host routing tables. This could result in a variety of consequences including packets being sent...
bind8 negative cache poison attack
A programming error in BIND 8 named can result in a DNS message being incorrectly cached as a negative response. As a result, an attacker may arrange for malicious DNS messages to be delivered to a target name server, and cause that name server to cache a negative response for some target domain...
FreeBSD Security Advisory FreeBSD-SA-03:16.filedesc
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:16.filedesc Security Advisory The FreeBSD Project Topic: file descriptor leak in readv Category: core Module: kernel Announced: 2003-10-02 Credits: Joost Pol...
Important: Red Hat Security Advisory: xinetd security update
Updated xinetd packages fix a security vulnerability and other bugs. Xinetd is a master server that is used to to accept service connection requests and start the appropriate servers. Because of a programming error, memory was allocated and never freed if a connection was refused for any reason. ...
OneOrZero Helpdesk 1.4 - install.php Administrative Access
OneOrZero Helpdesk 1.4 - install.php Administrative Access source: https://www.securityfocus.com/bid/7611/info OneOrZero Helpdesk has been reported prone to an issue that may result in an attacker obtaining unauthorized administrative access. The issue presents itself due to a programming error i...
OneOrZero Helpdesk 1.4 - 'install.php' Administrative Access
source: https://www.securityfocus.com/bid/7611/info OneOrZero Helpdesk has been reported prone to an issue that may result in an attacker obtaining unauthorized administrative access. The issue presents itself due to a programming error in a Helpdesk script. Reportedly a script does not...
CDRTools CDRecord 1.11/2.0 - Devname Format String
// source: https://www.securityfocus.com/bid/7565/info CDRecord has been reported prone to a format string vulnerability. The issue presents itself due to a programming error that occurs when calling a printf-like function. It has been reported that by harnessing an unsupported feature of the...