Showing headlines posted by dave
« Previous ( 1 ... 528 529 530 531 532 533 534 535 536 537 538 ... 595 ) Next »Debian alert: New radiusd-cistron packages fix buffer overflow
radiusd-cistron contains a bug allowing a buffer overflow when a long
NAS-Port attribute is received. This could allow a remote attacker to
execute arbitrary code on the with the privileges of the RADIUS daemon
(usually root).
Debian alert: New mikmod packages fix buffer overflow
Ingo Saitz discovered a bug in mikmod whereby a long filename inside
an archive file can overflow a buffer when the archive is being read
by mikmod.
SuSE alert: radiusd-cistron
The package radiusd-cistron is an implementation of the RADIUS protocol. Unfortunately the RADIUS server handles too large NAS numbers not correctly. This leads to overwriting internal memory of the server process and may be abused to gain remote access to the system the RADIUS server is running on.
Debian alert: New webmin packages fix remote session ID spoofing
miniserv.pl in the webmin package does not properly handle
metacharacters, such as line feeds and carriage returns, in
Base64-encoded strings used in Basic authentication. This
vulnerability allows remote attackers to spoof a session ID, and
thereby gain root privileges.
Debian alert: New lyskom-server packages fix denial of service
Calle Dybedahl discovered a bug in lyskom-server which could result in
a denial of service where an unauthenticated user could cause the
server to become unresponsive as it processes a large query.
Debian alert: New cupsys packages fix denial of service
The CUPS print server in Debian is vulnerable to a denial of service
when an HTTP request is received without being properly terminated.
Debian alert: New slashem packages fix buffer overflow
The slashem package is vulnerable to a buffer overflow exploited via a
long '-s' command line option. This vulnerability could be used by an
attacker to gain gid 'games' on a system where slashem is installed.
Debian alert: New nethack packages fix buffer overflow, incorrect permissions
The nethack package is vulnerable to a buffer overflow exploited via a
long '-s' command line option. This vulnerability could be used by an
attacker to gain gid 'games' on a system where nethack is installed.
Debian alert: New gnocatan packages fix buffer overflows, denial of service
Bas Wijnen discovered that the gnocatan server is vulnerable to
several buffer overflows which could be exploited to execute arbitrary
code on the server system
Debian alert: New atftp packages fix buffer overflow
Rick Patel discovered that atftpd is vulnerable to a buffer overflow
when a long filename is sent to the server. An attacker could exploit
this bug remotely to execute arbitrary code on the server.
Debian alert: New ethereal packages fix buffer overflows, integer overflows
Timo Sirainen discovered several vulnerabilities in ethereal, a
network traffic analyzer. These include one-byte buffer overflows in
the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB,
SMPP, and TSP dissectors, and integer overflows in the Mount and PPP
dissectors.
Debian alert: New eterm packages fix error introduced in DSA-309-1
A buffer overflow was fixed in DSA-309-1, but a different error was
introduced in the handling of the ETERMPATH environment variable.
This bug was not security-related, but would cause this environment
variable not to be recognized correctly. This is now corrected by an
updated version of the package.
Mandrake alert: Updated kernel packages fix multiple vulnerabilities
Multiple vulnerabilities were discovered and fixed in the Linux kernel.
Mandrake alert: Updated ghostscript packages fix vulnerability
A vulnerability was discovered in Ghostscript versions prior to 7.07 that allowed malicious postscript files to execute arbitrary commands even when -dSAFER is enabled.
Debian alert: New powerpc kernel fixes several vulnerabilities
A number of vulnerabilities have been discovered in the Linux kernel.
Debian alert: New xaos packages fix improper setuid-root execution
XaoS, a program for displaying fractal images, is installed setuid
root on certain architectures in order to use svgalib, which requires
access to the video hardware. However, it is not designed for secure
setuid execution, and can be exploited to gain root privileges.
Debian alert: New kernel packages fix several vulnerabilities
A number of vulnerabilities have been discovered in the Linux kernel.
Debian alert: New eterm packages fix buffer overflow
"bazarr" discovered that eterm is vulnerable to a buffer overflow of
the ETERMPATH environment variable. This bug can be exploited to gain
the privileges of the group "utmp" on a system where eterm is
installed.
Debian alert: New gzip packages fix insecure temporary file creation
Paul Szabo discovered that znew, a script included in the gzip
package, creates its temporary files without taking precautions to
avoid a symlink attack (CAN-2003-0367).
SuSE alert: pptpd
The PPTP daemon contains a remotely exploitable buffer overflow which was introduced due to a integer overflow in the third argument passed to the read() library call. This bug has been fixed. Since there is no workaround other than shutting down the PPTP daemon an update is strongly recommended if you need a PPTP server running.
« Previous ( 1 ... 528 529 530 531 532 533 534 535 536 537 538 ... 595 ) Next »