[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 3623 Download | Alert*

USN-959-1 fixed vulnerabilities in PAM. This update provides the corresponding updates for Ubuntu 10.10. Original advisory details: Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privilieges.

It was discovered that several wiki actions and preference settings in MoinMoin were not protected from cross-site request forgery . If an authenticated user were tricked into visiting a malicious website while logged into MoinMoin, a remote attacker could change the user"s configuration or wiki content. It was discovered that MoinMoin did not properly sanitize its input when processing user pref ...

It was discovered that the Ubuntu image shipped on some Dell Latitude 2110 systems was accidentally configured to allow unauthenticated package installations. A remote attacker intercepting network communications or a malicious archive mirror server could exploit this to trick the user into installing unsigned packages, resulting in arbitrary code execution with root privileges.

Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to.

libpng: PNG file library libpng could be made to crash or run programs as your login if it opened a specially crafted file.

It was discovered that MoinMoin incorrectly handled hierarchical access control lists. Users could bypass intended access controls under certain circumstances.

It was discovered that GRUB 2 did not properly validate passwords. An attacker with physical access could conduct a brute force attack and bypass authentication by submitting a 1 character password.

It was discovered that lintian did not correctly validate certain filenames when processing input. If a user or an automated system were tricked into running lintian on a specially crafted set of files, a remote attacker could execute arbitrary code with user privileges.

Russell Senior discovered that the system authentication module selection mechanism for PAM did not safely handle an empty selection. If an administrator had specifically removed the default list of modules or failed to chose a module when operating debconf in a very unlikely non-default configuration, PAM would allow any authentication attempt, which could lead to remote attackers gaining access ...

Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program.

Pages:      Start    312    313    314    315    316    317    318    319    320    321    322    323    324    325    ..   362

© SecPod Technologies