7197 matches found
Important: Red Hat Security Advisory: rhev-hypervisor security and bug fix update
An updated rhev-hypervisor package that fixes security issues and several bugs is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The rhev-hypervisor package provides a Red Hat Enterprise Virtualization RHEV Hypervisor ISO disk...
SuSE 10 Security Update : the Linux Kernel (i386) (ZYPP Patch Number 6726)
This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel. The following security issues were fixed: CVE-2009-3939: A sysctl variable of the megaraidsas driver was worldwriteable, allowing local users to cause a denial of service or potential code...
Attackers Buying Own Data Centers for Botnets, Spam
The malware writers and criminals who run botnets for years have been using shared hosting platforms and so-called bulletproof hosting providers as bases of operations for their online crimes. But, as law enforcement agencies and security experts have moved to take these providers offline, the...
DSA-1960-1 acpid - weak file permissions
Bulletin has no description...
TFTP Server Buffer Overflow
!/usr/bin/env python This vuln is already owned by Muts , but i want to add the second methode Note: we don't have more space for shellcode or Skape egghunter 23 bytes only after SEH option I used the jumpback because is the best and easiest way for exploiting a SEH overwrite option Reference:...
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
NTP.org SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.100399";...
Untrusted applet causes DoS by filling up disk space
Sun Java Runtime Environment JRE 1.5.06 and earlier, JDK 1.5.06 and earlier, and SDK 1.5.06 and earlier allows remote attackers to cause a denial of service disk consumption by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory...
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 8.1 / 9.0 / 9.1 / current : ntp (SSA:2009-343-01)
New ntp packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, and -current to fix a security issue. If a spoofed mode 7 packet is sent to a vulnerable NTP daemon it may cause CPU and/or disk space exhaustion, resulting in a denial of service...
Fedora Core 12 FEDORA-2009-12395 (php-pear-Mail)
The remote host is missing an update to php-pear-Mail announced via advisory FEDORA-2009-12395. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
Fedora Core 11 FEDORA-2009-11740 (wget)
The remote host is missing an update to wget announced via advisory FEDORA-2009-11740. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
ntp security update
CentOS Errata and Security Advisory CESA-2009:1651 An updated ntp package that fixes two security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Network Time Protocol NTP is used to...
SuSE9 Security Update : IBM Java2 and SDK (YOU Patch Number 12531)
IBM Java 1.4.2 was updated to Service Refresh 13 Fixpack 2 At least following security issues are fixed by this update : - A vulnerability in the Java Runtime Environment JRE with storing temporary font files might allow an untrusted applet or application to consume a disproportionate amount of...
SuSE 11 Security Update : IBM Java 1.4.2 (SAT Patch Number 1525)
IBM Java 1.4.2 was updated to Service Refresh 13 Fixpack 2 At least following security issues are fixed by this update: CVE-2009-1100: A vulnerability in the Java Runtime Environment JRE with storing temporary font files might allow an untrusted applet or application to consume a disproportionate...
CVS Max-dotdot Protocol Command Integer Overflow (CVE-2004-0417)
Concurrent Versions System CVS is an open-source network-transparent version control system. CVS itself does not listen for, or accept network connections. To implement remote repository access, it can be installed as an inetd service, or invoked with the rsh/ssh command. Data between the server...
Microsoft Active Directory LSASS Recursive Stack Overflow (MS09-066; CVE-2009-1928)
Active Directory provides central authentication and authorization services for Windows-based systems. Active Directory Application Mode ADAM is a Lightweight Directory Access Protocol LDAP directory service that runs as a user service. A denial of service vulnerability has been discovered in...
Where Are We A Year After McColo Shutdown?
In the year since the shutdown of notorious Web hosting firm McColo, spammers are growing strong. Part of this is the result of improvements by botnet operators. Like anyone who is successful what they do, the people controlling the most powerful botnets in cyber-space learn from their mistakes...
kernel: personality: fix PER_CLEAR_ON_SETID
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to 1 conduct NULL...
Novell NetWare LSASS CIFS.NLM Driver Stack Overflow
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Novell NetWare...
Mandriva Linux Security Advisory : kernel (MDVSA-2009:289)
Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PERCLEARONSETID setting that does not clear the ADDRCOMPATLAYOUT and MMAPPAGEZERO flags when executing a setuid or setgid program, which makes it easi...
USN-852-1: Linux kernel vulnerabilities
Solar Designer discovered that the z90crypt driver did not correctly check capabilities. A local attacker could exploit this to shut down the device, leading to a denial of service. Only affected Ubuntu 6.06. CVE-2009-1883 Michael Buesch discovered that the SGI GRU driver did not correctly check...