Solaris 10 Patch Cluster File Clobber

Solaris 10 patch cluster suffers from a file clobber vulnerability in /tmp. File clobbering vulnerability in Solaris 10 patch cluster 3/27/2013 Larry W. Cashdollar @larry0 Hello, The 147147-26 patch creates a CLEANUP file in /tmp that is vulnerable to symlink attacks: The contents of the file...

Solaris 10 Patch Cluster File Clobber

File clobbering vulnerability in Solaris 10 patch cluster 3/27/2013 Larry W. Cashdollar @larry0 Hello, The 147147-26 patch creates a CLEANUP file in /tmp that is vulnerable to symlink attacks: The contents of the file created in /tmp are: /sbin/sh:root@dev-unix-sec02 cat CLEANUP...

Sendmail buffer overflow fixed

The sendmail packages in Slackware 8.1 and -current have been patched to fix a security problem. All sites running sendmail should upgrade. More information on the problem can be found here: http://www.sendmail.org/8.12.8.html Here are the details from the Slackware 8.1 ChangeLog: Mon Mar 3...

Multiple MTA HELO Command Remote Overflow

The remote SMTP server seems to allow remote users to send mail anonymously by providing arguments that are too long to the HELO command more than 1024 chars. This problem may allow malicious users to send unsolicited mail i.e., SPAM or threatening mail using the server, and keep their anonymity....