Debian DSA-256-1 : mhc - insecure temporary file

A problem has been discovered in adb2mhc from the mhc-utils package. The default temporary directory uses a predictable name. This adds a vulnerability that allows a local attacker to overwrite arbitrary files the users has write permissions for. %NASLMINLEVEL 70300 C Tenable Network Security, In...

Debian DSA-349-1 : nfs-utils - buffer overflow

The logging code in nfs-utils contains an off-by-one buffer overrun when adding a newline to the string being logged. This vulnerability may allow an attacker to execute arbitrary code or cause a denial of service condition by sending certain RPC requests. %NASLMINLEVEL 70300 C Tenable Network...

CVE-2003-0120

adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name...

CVE-2003-0019

The CVE-2003-0019 issue affects the uml_net utility in Red Hat Linux 8.0’s kernel-utils package, shipped with incorrect setuid root permissions. This allows local users to modify network interfaces, including ARP entry manipulation and placing interfaces into promiscuous mode. Root cause: the uml...

CVE-2002-1509

CVE-2002-1509 concerns a bug in the shadow-utils useradd flow introduced by a patch in shadow-utils-20000902. The bug causes a new user’s mail spool to be created with group write/read permissions (mode 660) instead of being owned per the intended policy, enabling other users sharing the same pri...

CVE-2003-0120

The CVE-2003-0120 issue affects adb2mhc in the mhc-utils package prior to version 0.25+20010625-7.1. The root cause is a symlink attack in a default temporary directory with a predictable name, allowing local users to overwrite arbitrary files they can write to. This is a local-privilege affectin...

CVE-2002-1509

A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group mode 660, which allows other users in the same group to read or modify the new user's incoming email...

Mandrake Linux Security Advisory : kernel (MDKSA-2004:001)

A flaw in bounds checking in mremap in the Linux kernel versions 2.4.23 and previous was discovered by Paul Starzetz. This flaw may be used to allow a local attacker to obtain root privilege. Another minor information leak in the RTC real time clock routines was fixed as well. All Mandrake Linux...

Mandrake Linux Security Advisory : nfs-utils (MDKSA-2003:076)

An off-by-one buffer overflow was found in the logging code in nfs-utils when adding a newline to the string being logged. This could allow an attacker to execute arbitrary code or cause a DoS Denial of Service on the server by sending certain RPC requests. %NASLMINLEVEL 70300 C Tenable Network...

Mandrake Linux Security Advisory : shadow-utils (MDKSA-2003:026)

The shadow-utils package contains the tool useradd, which is used to create or update new user information. When useradd creates an account, it would create it with improper permissions; instead of having it owned by the group mail, it would be owned by the user's primary group. If this is a shar...

SUSE-SA:2003:031: nfs-utils

The remote host is missing the patch for the advisory SUSE-SA:2003:031 nfs-utils. The nfs-utils package contains various programs to offer and manage certain RPC services such as the rpc.mountd. iSEC Security Research has reported an off-by-one bug in the xlog function used by the rpc.mountd. It ...

RHEL 2.1 : nfs-utils (RHSA-2003:207)

Updated nfs-utils packages are available that fix a remotely exploitable Denial of Service vulnerability. The nfs-utils package provides a daemon for the kernel NFS server and related tools. Janusz Niewiadomski found a buffer overflow bug in nfs-utils version 1.0.3 and earlier. This bug could be...

RHEL 3 : nfs-utils (RHSA-2004:072)

Updated nfs-utils packages that fix a flaw leading to possible rpc.mountd crashes are now available. The nfs-utils package contains the rpc.mountd program, which implements the NFS mount protocol. A flaw was discovered in versions of rpc.mountd in nfs-utils versions after 1.0.3 and prior to 1.0.6...

RHEL 2.1 : shadow-utils (RHSA-2003:058)

Updated shadow-utils packages are now available. These updated packages correct a bug that caused the useradd tool to create mail spools with incorrect permissions. The shadow-utils package includes programs for converting UNIX password files to the shadow password format, plus programs for...

CVE-2004-0154

CVE-2004-0154 affects nfs-utils rpc.mountd versions after 1.0.3 and before 1.0.6. The issue allows a denial of service (crash) when performing an NFS mount from a client whose reverse DNS lookup name does not match the forward lookup. Documented in multiple sources (Red Hat RHSA-2004:072, SUSE CV...

[OpenCA Advisory] Vulnerabilities in signature verification

OpenCA Security Advisory 28 November 2003 Vulnerabilities in signature validation ======================================= Multiple flaws in OpenCA before version 0.9.1.4 could cause OpenCA to use an incorrect certificate in the chain to determine the serial being checked which could lead to...

CVE-2003-0252

Off-by-one error in the xlog function of mountd in the Linux NFS utils package nfs-utils before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines...

Linux NFS utils package (nfs-utils) mountd xlog Function Off-by-one Remote Overflow

The remote rpc.mountd daemon is vulnerable to an off-by-one overflow which could be exploited by an attacker to gain a root shell on this host. C Tenable Network Security, Inc. This check is destructive by its very nature, as we need to check for a off-by-one overflow. Very few distributions are...

nfs-utils packages replaced

New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to replace the ones that were issued yesterday. A bug in has been fixed in utils/mountd/auth.c that could cause mountd to crash. Here are the details from the Slackware 9.0 ChangeLog: Tue Jul 15 10:42:58 PDT 2003...

CVE-2003-0252

CVE-2003-0252 describes an off-by-one overflow in the xlog() function used by mountd in the Linux nfs-utils package (pre-1.0.4). Exploitation could allow remote attackers to cause a denial of service and potentially execute arbitrary code via certain RPC requests to mountd that do not contain new...