Debian dsa-6330 : charon-cmd - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6330 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6330-1 [email protected] https://www.debian.org/security/...

NewStart CGSL MAIN 6.06 (SP) : pam Multiple Vulnerabilities (NS-SA-2026-0005)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has pam packages installed that are affected by multiple vulnerabilities: - pamnamespace.c in the pamnamespace module in Linux-PAM aka pam before 1.1.3 uses the environment of the invoking application or service during execution of the...

EUVD-2005-0163

Malware in sbrugna...

EUVD-2005-1061

Malware in sbrugna...

EUVD-2015-0773

Malware in sbrugna...

EUVD-2017-15664

Malware in sbrugna...

EUVD-2011-0718

Malware in sbrugna...

SUSE CVE-2002-1160

The default configuration of the pamxauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su...

SUSE CVE-2010-3302

Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long 1 ciscodnsinfo or 2 ciscodomaininfo data in a packet...

SUSE CVE-2010-3316

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

SUSE CVE-2010-4707

The checkacl function in pamxauth.c in the pamxauth module in Linux-PAM aka pam 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service resource consumption via a special file...

SUSE CVE-2010-4706

The pamsmclosesession function in pamxauth.c in the pamxauth module in Linux-PAM aka pam 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pamxauth PAM check...

SUSE CVE-2011-0703

In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session...

SUSE CVE-2013-5018

The isasn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1length function, which allows remote attackers to cause a denial of service segmentation fault via a 1 XAuth username, 2 EAP identity, or 3 PEM encoded file that starts with a 0x04, 0x30,...

new packages: xorg-x11-xauth

An update is available for xorg-x11-xauth. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

The vulnerability of the process.c file in the user authentication system xauth, related to insufficient input validation, allows a perpetrator to compromise data integrity and cause service failures.

The vulnerability in the process.c file of the xauth user authentication software is related to insufficient validation of input data when using strncpy in the doadd function. Exploiting this vulnerability allows an attacker to compromise data integrity and cause service failures...

SUSE: Security Advisory (SUSE-SU-2016:2555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-27746

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem...

gksu-polkit input validation error vulnerability

gksu-polkit is a package for authenticating users to enter commands. An input validation error vulnerability exists in the xauth source file in versions prior to gksu-polkit 0.0.3, which can be exploited by an attacker to compromise an administrator X11 session...

CVE-2011-0703

In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session...