[SECURITY] [DSA 782-1] New bluez-utils packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 782-1 [email protected] http://www.debian.org/security/ Martin Schulze August 23rd, 2005 http://www.debian.org/security/faq -...

DSA-782-1 bluez-utils - missing input sanitising

Bulletin has no description...

Debian DSA-782-1 : bluez-utils - missing input sanitising

Henryk Plotz discovered a vulnerability in bluez-utils, tools and daemons for Bluetooth. Due to missing input sanitising it is possible for an attacker to execute arbitrary commands supplied as device name from the remote device. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptiv...

GLSA-200508-09 : bluez-utils: Bluetooth device name validation vulnerability

The remote host is affected by the vulnerability described in GLSA-200508-09 bluez-utils: Bluetooth device name validation vulnerability The name of a Bluetooth device is improperly validated by the hcid utility when a remote device attempts to pair itself with a computer. Impact : An attacker...

Slackware 8.1 / 9.0 / current : nfs-utils packages replaced (SSA:2003-195-01b)

New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to replace the ones that were issued yesterday. A bug in has been fixed in utils/mountd/auth.c that could cause mountd to crash. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

Slackware 8.1 / 9.0 / current : nfs-utils off-by-one overflow fixed (SSA:2003-195-01)

New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to fix an off-by-one buffer overflow in xlog.c. Thanks to Janusz Niewiadomski for discovering and reporting this problem. The CVE Common Vulnerabilities and Exposures Project has assigned the identification number...

Ruby XML-RPC Remote Arbitrary Command Execution

The XMLRPC server in utils.rb for the ruby library libruby 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands...

Debian DSA-717-1 : lsh-utils - buffer overflow, typo

Several security relevant problems have been discovered in lsh, the alternative secure shell v2 SSH2 protocol server. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2003-0826 Bennett Todd discovered a heap buffer overflow in lshd which could lead...

DSA-717-1 lsh-utils - buffer overflow, typo

Bulletin has no description...

CVE-2004-1387

The checkforensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files...

MDKSA-2005:005 - Updated nfs-utils packages fix 64bit vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrakelinux Security Update Advisory Package name: nfs-utils Advisory ID: MDKSA-2005:005 Date: January 11th, 2005 Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1 Problem Description: Arjan van de Ven discovered a buffer overflow in rquotad ...

RHEL 2.1 : nfs-utils (RHSA-2005:014)

An updated nfs-utils package that fixes various security issues is now available. The nfs-utils package provides a daemon for the kernel NFS server and related tools. SGI reported that the statd daemon did not properly handle the SIGPIPE signal. A misconfigured or malicious peer could cause statd...

Important: Red Hat Security Advisory: nfs-utils security update

An updated nfs-utils package that fixes various security issues is now available. The nfs-utils package provides a daemon for the kernel NFS server and related tools. SGI reported that the statd daemon did not properly handle the SIGPIPE signal. A misconfigured or malicious peer could cause statd...

Mandrake Linux Security Advisory : nfs-utils (MDKSA-2005:005)

Arjan van de Ven discovered a buffer overflow in rquotad on 64bit architectures; an improper integer conversion could lead to a buffer overflow. An attacker with access to an NFS share could send a specially crafted request which could then lead to the execution of arbitrary code. The updated...

CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service server process crash via a TCP connection that is prematurely terminated...

CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service server process crash via a TCP connection that is prematurely terminated...

CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service server process crash via a TCP connection that is prematurely terminated...

CVE-2004-1387

The checkforensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files...

CVE-2004-0946

CVE-2004-0946 affects nfs-utils: the rquotad component (rquota_server.c) on 64-bit architectures performs an unsafe 32-bit assumption during memcpy, causing a stack-based buffer overflow. This could allow remote code execution via crafted NFS requests. Public advisories confirm a fix in updated n...

RHEL 3 : nfs-utils (RHSA-2004:583)

An updated nfs-utils package that fixes various security issues is now available. The nfs-utils package provides a daemon for the kernel NFS server and related tools, providing a much higher level of performance than the traditional Linux NFS server used by most users. This package also contains...