|Paid content will be excluded from the download.
| Matches : 2936
|Mike Ashton discovered that splitvt, a utility to run two programs in a split screen, did not drop group privileges prior to executing xprop. This could allow any local user to gain the privileges of group utmp.
Michael Krieger and Sam Trenholme discovered a programming error in MaraDNS, a simple security-aware Domain Name Service server, which might lead to denial of service through malformed DNS packets. For the old stable distribution (sarge), this problem has been fixed in version 1.0.27-2. For the stable distribution (etch), this problem has been fixed in version 1.2.12.04-1etch2. For the unstable di ...
A race condition in the OpenAFS fileserver allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock. For the old stable distribution (sarge), this problem has been fixed in version 1.3.81-3sarge3. For the stable ...
Tobias Gruuml tzmacher discovered that a Debian-provided CRON script in dspam, a statistical spam filter, included a database password on the command line. This allowed a local attacker to read the contents of the dspam database, such as emails. The old stable distribution (sarge) does not contain the dspam package.
Joachim Breitner discovered that Subversion support in scponly is inherently insecure, allowing execution of arbitrary commands. Further investigation showed that rsync and Unison support suffer from similar issues. This set of issues has been assigned CVE-2007-6350. In addition, it was discovered that it was possible to invoke scp with certain options that may lead to the execution of arbitrary c ...
Christian Schmid and Meder Kydyraliev (Google Security) discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images. The Common Vulnerabilities and Exposures project identified the following three problems: Inadequate EXIF property validation could lead to invalid memory accesses if executed on a maliciously crafted image, potentially including heap ...
Several local/remote vulnerabilities have been discovered in two of the plugins for the Nagios network monitoring and management system. The Common Vulnerabilities and Exposures project identifies the following problems: A buffer overflow has been discovered in the parser for HTTP Location headers (present in the check_http module). A buffer overflow has been discovered in the check_snmp module.
Micha Lenk discovered that backup-manager, a command-line backup tool, sends the password as a command line argument when calling a FTP client, which may allow a local attacker to read this password (which provides access to all backed-up files) from the process listing.
Chris Schmidt and Daniel Morissette discovered two vulnerabilities in mapserver, a development environment for spatial and mapping applications. The Common Vulnerabilities and Exposures project identifies the following two problems: Lack of input sanitizing and output escaping in the CGI mapserver's template handling and error reporting routines leads to cross-site scripting vulnerabilities. Missi ...
Multiple buffer overflows involving HTTP header and playlist parsing have been discovered in streamripper (CVE-2007-4337, CVE-2008-4829). For the stable distribution (etch), these problems have been fixed in version 1.61.27-1+etch1. For the unstable distribution (sid) and the testing distribution (lenny), these problems have been fixed in version 1.63.5-2. We recommend that you upgrade your stream ...
Pages:      Start    280    281    282    283    284    285    286    287    288    289    290    291    292    293    ..   293
© 2013 SecPod Technologies