Slackware Linux 3.4 netconfig temporary file Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/81/info netconfig creates the file /tmp/tmpmsg insecurely and follows symbolic links. An attacker can create a symbolic link from /tmp/tmpmsg to any file and wait for root to run the program. This will clober the target...

Slackware 7.0/7.1/8.0 - Manual Page Cache File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3054/info Slackware Linux contains a configuration error that enables local users to create files in the directory used by the system manual pager 'man' for cache files. Due to the behaviour of the 'man' program, it may b...

Slackware Linux <= 3.5 /etc/group missing results in root access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/155/info Due to the way /bin/login behaves when a /etc/group file is not present under Slackware's version of the password shadowing suite, users who log in while this file is not present will be given uid and gid 0. This...

S.u.S.E. Linux <= 6.2,Slackware Linux 3.2/3.6 identd Denial of Service

No description provided by source. source: http://www.securityfocus.com/bid/587/info In the inetd.conf under certain distributions of SuSE Linux the in.identd daemon is started with the -w -t120 option. This means that one identd process waits 120 seconds after answering the first request to answ...

Slackware 13.37 / 14.0 / current : mozilla-thunderbird (SSA:2012-326-03)

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2012-326-03. The text itself i...

Slackware 13.37 / 14.0 / current : mozilla-thunderbird (SSA:2012-285-02)

New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2012-285-02. The text itself i...

Slackware: Security Advisory (SSA:2008-045-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ProFTPD Prior To 1.3.3g Use-After-Free 远程代码执行漏洞

CVE-2011-4130 ProFTPD的是一个远程代码执行漏洞， 允许攻击者执行任意代码。失败的攻击尝试将导致拒绝服务， 1.3.3g前的ProFTPD存在此漏洞 Red Hat Fedora 16 Red Hat Fedora 15 Red Hat Fedora 14 ProFTPD Project ProFTPD 1.3.3 rc2 ProFTPD Project ProFTPD 1.3.3 ProFTPD Project ProFTPD 1.3.2 rc3 ProFTPD Project ProFTPD 1.3.2 rc2 ProFTPD Project ProFTPD 1.3...

Mozilla Firefox and SeaMonkey Java LiveConnect Script Security Bypass Vulnerability

CVE:CVE-2010-3775 Bugtraq ID:45355 Mozilla Firefox and SeaMonkey are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and obtain elevated privileges such as the abilities to read local files, launch processes, and create network connection...

Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : acl (SSA:2011-108-01)

New acl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2011-108-01. The text...

rsync客户端增量文件列表远程内存破坏漏洞

Bugtraq ID: 47064 rsync是一款文件同步管理软件。 当增量递归启用，--delete启用，关闭--owner时，generator进程接收端存在一个内存破坏漏洞。在这些条件下，一些Generatordeep删除函数会临时增加fileextracnt，此全局变量用于管理filestructs内存中的格式，并在完成后恢复原始值。增量的目录只影响用于执行删除的临时文件列表，但它也能影响调用这些函数过程中接收到的增量文件列表块，不过可能以错误的格式创建。当恢复原始fileextracnt时，存储在每个可应用OPTEXTRA字段中的值会出现在rsync.h中列出的下一个值中。...

Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : php (SSA:2010-357-01)

New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2010-357-01. The text...

GNU C library dynamic linker expands $ORIGIN in setuid library search path

Overview Certain versions of glibc unsafely handle the $ORIGIN ELF substitution sequence which can be exploited to gain local privilege escalation. Description Tavis Ormandy's advisory states:"$ORIGIN is an ELF substitution sequence representing the location of the executable being loaded in the...

Linux kernel RDS protocol vulnerability

Overview The RDS protocol implementation of Linux kernels 2.6.30 through 2.6.38-rc8 contain a local privilege escalation vulnerability. Description Kernel functions fail to properly check if a user supplied address exists in the user segment of memory. By providing a kernel address to a socket ca...

Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability

Exploit for unknown platform in category remote exploits ===================================================================== Mozilla Firefox Floating Point Conversion Heap Overflow Vulnerability ===================================================================== Vulnerable: VMWare vMA 4.0...

OpenSSL 'EVP_VerifyFinal'函数签名验证漏洞

BUGTRAQ ID: 33150 CVE ID：CVE-2008-5077 CNCVE ID：CNCVE-20085077 OpenSSL是一款开放源码的SSL实现，用来实现网络通信的高强度加密。 部分OpenSSL函数验证DSA和ECDSA密钥时不正确验证"EVPVerifyFinal"函数返回值，发送特殊构建的签名证书链给客户端，可绕过签名检查。 通过恶意服务器或中间人攻击，可使证书链中的畸形SSL/TLS签名绕过客户端软件检查，导致盲目信任并泄漏敏感信息。 成功利用此漏洞需要服务器使用包含DSA或者ECDSA密钥的证书。 Ubuntu Ubuntu Linux 8.10 spar...

PHP 'chdir()' and 'ftok()' 安全模式绕过漏洞

PHP' safemode‘设置的限制绕过漏洞。成功的攻击可能允许攻击者以确定存在的档案在未经批准的地点;其他攻击也是可能的。 开发这些问题可以让攻击者获得敏感的数据，可用于在其他的攻击。 这些弱点将是一个问题的共同主办的配置在多个用户可以创建并执行任意PHP脚本代码;在这种情况下， ' safemode设置'的限制， PHP的5.2.6是受影响的;其他版本也可能受到影响。 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux -current PHP PHP 5.2.6 PHP PHP 5.2.5 PHP PHP 5.2.4...

PHP FastCGI模块文件扩展拒绝服务漏洞

BUGTRAQ ID: 31612 CVE ID：CVE-2008-3660 CNCVE ID：CNCVE-20083660 PHP FastCGI是一款用于提高PHP性能的模块。 PHP FastCGI不正确处理部分文件请求，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 1，ext/gd's imageloadfont函数存在溢出。 2，PHP内部memnstr函数作为explode函数导出到用户空间存在溢出。 这些函数接收部分webapps中用户提供的数据，可远程利用。 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard...

Links 'only proxies'存在未明安全漏洞

BUGTRAQ ID: 30422 CVE ID：CVE-2008-3329 CNCVE ID：CNCVE-20083329 Links是一款基于文本的支持HTML和帧的浏览器。 Links "only proxies"功能存在未明安全问题，远程攻击者可以利用漏洞传递恶意URL给外部程序。 目前没有详细漏洞细节提供。 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current Links Links 2.1pre25 Links Links 2.1 pre26 Links...

Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : samba (SSA:2008-149-01)

New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, and -current to fix a security issue: 'Specifically crafted SMB responses can result in a heap overflow in the Samba client code. Because the server process, smbd, can itself act as a client during operations such ...