Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / current : samba (SSA:2007-344-01)

New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix a security issue. A boundary failure in GETDC mailslot processing can result in a buffer overrun leading to possible code execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...

PHP 5.2.4及之前版本存在多个漏洞

PHP是一款流行的网络编程语言。 PHP存在多个安全问题，远程攻击者可以利用漏洞进行缓冲区溢出，拒绝服务，和安全绕过攻击。 -dl处理文件名存在问题，可导致跨站脚本攻击。 -dl处理MAXPATHLEN参数大小存在问题，可导致拒绝服务攻击。 -tmlentities/htmlspecialchars处理部分多字节序列存在问题。 -fnmatch, setlocale和glob函数的glibc实现存在缓冲区溢出。 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 12.0 Slackware Linux 11.0...

Slackware current : thunderbird (SSA:2007-165-01)

A new thunderbird package is available for Slackware -current to fix two possible security issues. This package may also be used on many older versions of Slackware though we're not certain how far back... %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

PHP EXT/Session HTTP应答头注入漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP的ext/session在置于会话COOKIE前没有URL编码会话ID，远程攻击者可以利用漏洞可以对会话COOKIE进行注入攻击。 当PHP' ext/session调用sessionstart，会在部分情况下发送新会话COOKIE，这些情况如下： - session id嵌入到PATHINFO - session id重生成 - session id通过sessionid设置 - sessionstart多次调用...

GNU Locate旧格式locate数据库本地缓冲区溢出漏洞

GNU locate是可以在文件数据库里搜索那些匹配用户提供的文件名的程序。 GNU locate读取旧格式locate数据库的文件名存在缓冲区溢出，本地攻击者可以利用漏洞以应用程序权限执行任意指令。 当GNU locate读取旧格式locate数据库的文件名时会拷贝到分配在堆上的固定缓冲区中，文件名超过1026字节可导致缓冲区溢出，溢出的数据可以由用户选择来控制建立本地系统上的文件名。 GNU findutils 4.2.30 + Slackware Linux 8.0 + Slackware Linux 7.1 GNU findutils 4.2.29 + Slackware Lin...

PHP Imap_Mail_Compose()函数缓冲区溢出漏洞

BUGTRAQ ID: 23234 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的imapmailcompose函数实现上存在缓冲区溢出漏洞，本地攻击者可能利用此漏洞提升权限。 imapmailcompose函数在名为tmp的栈缓冲区中创建固定大小的多部邮件： PHPFUNCTIONimapmailcompose ... char tmp8 MAILTMPLEN, mystring=NULL, t=NULL, tempstring=NULL;...

Slackware 10.0 / 10.1 / 10.2 / 11.0 / 9.0 / 9.1 : gnupg (SSA:2007-066-01)

New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security ramifications of incorrect gpg usage. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory...

Design/Logic Flaw

xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOT...

CVE-2007-0822

umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensiti...

CVE-2007-0823

xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOT...

CVE-2007-0823

CVE-2007-0823 affects xterm on Slackware Linux 10.2, where information displayed to one user could remain in the same xterm process memory and be readable by subsequent users sharing that interactive process. This could allow local users to bypass file permissions and obtain sensitive information...

CVE-2007-0822

umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensiti...

CVE-2007-0823

xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOT...

CVE-2007-0822

umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensiti...

CVE-2007-0822

CVE-2007-0822 describes a local-denial crash in umount when run on Linux kernel 2.6.15 with Slackware 10.2, triggered by passing a pathname to a USB pen drive that was mounted and then removed; this can lead to a NULL dereference and potential exposure of sensitive data such as core contents. Mul...

FreePBX Shell命令执行漏洞

FreePBX是一款开放源代码的VOIP应用服务程序。 FreePBX不正确处理SHELL元字符，远程攻击者可以利用漏洞以进程权限执行任意命令。 由于对CALLERIDname或者number中的SHELL元字符缺少处理，可导致提交恶意字符串，以WEB权限执行。 OSSP Sheila 1.1.5 + Debian Linux 3.0 + HP Secure OS software for Linux 1.0 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Lin...

PHP 3.0.16/4.0.2 Remote Format Overflow Exploit

No description provided by source. / PHP 3.0.16/4.0.2 remote format overflow exploit. Copyright c 2000 Field Marshal Count August Anton Wilhelm Neithardt von Gneisenau [email protected] my regards to sheib and darkx All rights reserved Pascal Boucheraine's paper was enlightening THERE IS NO...

Apple QuickTime Plug-In Arbitrary Script Execution Weakness

Description Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files .qtl. An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load local content in a user's browser. Althoug...

Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : mutt (SSA:2006-207-01)

New mutt packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a possible security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2006-207-01. Th...

Slackware 10.2 / current : firefox/thunderbird/seamonkey (SSA:2006-155-02)

New Firefox and Thunderbird packages are available for Slackware 10.2 and -current to fix security issues. In addition, a new SeaMonkey package is available for Slackware -current to fix similar issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...