3212 matches found
USN-483-1: libnet-dns-perl vulnerabilities
Peter Johannes Holzer discovered that the Net::DNS Perl module had predictable sequence numbers. This could allow remote attackers to carry out DNS spoofing, leading to possible machine-in-the-middle attacks. CVE-2007-3377 Steffen Ullrich discovered that the Net::DNS Perl module did not correctly...
CVE-2007-3377
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...
CVE-2007-3377
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...
Code injection
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...
CVE-2007-3377
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...
CVE-2007-3377
CVE-2007-3377 affects the Perl module Net::DNS (pre-0.60). The issue: Net::DNS generates predictable DNS query IDs (fixed increment) and can reuse the same starting ID for all child processes of a forking server, enabling remote attackers to spoof DNS responses. Connected advisories show mitigati...
CVE-2007-3377
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...
evolution malicious server arbitrary code execution
Camel camel-imap-folder.c in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index...
evolution malicious server arbitrary code execution
Camel camel-imap-folder.c in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index...
Evolution Data Server integer overflow
Integer overflow in Camel mailer component on negative value of IMAP server SEQUENCE command reply...
USN-475-1: evolution-data-server vulnerability
Philip Van Hoof discovered that the IMAP client in Evolution did not correctly verify the SEQUENCE value. A malicious or spoofed server could exploit this to execute arbitrary code with user privileges...
CVE-2007-3257
Camel camel-imap-folder.c in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index...
CVE-2007-3257
Camel camel-imap-folder.c in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index...
Code injection
Camel camel-imap-folder.c in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index...
CVE-2007-3257
Camel camel-imap-folder.c in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index...
CVE-2007-3069
xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence...
CVE-2007-3069
xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session with Assistive Technology support is running, allows attackers with physical access to take control of the session after entering an Alt-Tab sequence...
CVE-2007-3048
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue...
CVE-2007-3048
Summary: CVE-2007-3048 affects GNU Screen 4.0.3, where local users may unlock the screen by issuing a CTRL-C at the password prompt. The issue has been reported with inconsistent reproducibility across reports. Impact: Local privilege-related concern affecting screen sessions; exploitation appear...
CVE-2007-3048
GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue...