.:[ packet storm ]:.
                             
the internet security encyclopedia
the internet security encyclopedia

 Section:  .. / advisories / debian  /

Page 2 of 5
<< 1 2 3 4 5 >> Files 25 - 50 of 107
Currently sorted by: File NameSort By: Last Modified, File Size

 ///  File Name: debian.gftp.txt
Description:
 Debian Security Advisory DSA-055-1 - The gftp package has a problem in its logging code which allows malicious ftp servers to execute commands on the client machine. This has been fixed in version 2.0.6a-3.1.
Homepage:http://www.debian.org/security
File Size:3463
Last Modified:May 9 01:05:40 2001
MD5 Checksum:ef6596b65ce3851a35fba5753e535351

 ///  File Name: debian.ghostscript.txt
Description:
 Debian Security Advisory - ghostscript uses temporary files to do some of its work. Unfortunately the method used to create those files wasn't secure: mktemp was used to create a name for a temporary file, but the file was not opened safely. A second problem is that during build the LD_RUN_PATH environment variable was set to the empty string, which causes the dynamic linker to look in the current directory for shared libraries.
Homepage:http://www.debian.org/security
File Size:3531
Last Modified:Nov 29 10:32:49 2000
MD5 Checksum:1af88d155bd6d5fb83c959c03555f6e0

 ///  File Name: debian.glibc-overwrite.txt
Description:
 Debian Security Advisory DSA-039-1 - The version of GNU libc that was distributed with Debian GNU/Linux 2.2 suffered from 2 security problems - It was possible to use LD_PRELOAD to load libraries that are listed in /etc/ld.so.cache, even for suid programs, allowing users to create and overwrite files which they should not be able to. In addition, by using LD_PROFILE suid programs would write data to a file in /var/tmp, which was not done safely. Both problems have been fixed in version 2.1.3-17 and we recommend that you upgrade your glibc packages immediately.
Homepage:http://www.debian.org/security
File Size:10082
Last Modified:Mar 14 03:45:13 2001
MD5 Checksum:d0fdc8d182392ec39f7cea8e028c33c8

 ///  File Name: debian.glibc.txt
Description:
 Debian Security Advisory - Recently two local vulnerabilities have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code.
Homepage:http://www.debian.org/security
File Size:3317
Last Modified:Sep 6 06:37:34 2000
MD5 Checksum:937c29c6008182445465a9e00b781bf2

 ///  File Name: debian.gnupg.txt
Description:
 Debian Security Advisory - The version of gnupg that was distributed in Debian GNU/Linux 2.2 had a logic error in the code that checks for valid signatures which could cause false positive results: Jim Small discovered that if the input contained multiple signed sections the exit-code gnupg returned was only valid for the last section, so improperly signed other sections were not noticed.
Homepage:http://www.debian.org/security
File Size:3839
Last Modified:Nov 11 23:30:14 2000
MD5 Checksum:f26bc18da1a6dff9992588337f78c06b

 ///  File Name: debian.gpg.txt
Description:
 Debian Security Advisory - There is a problem in the way gpg checks detached signatures which can lead to false positives. Also it was discovered that gpg would import secret keys from key-servers, circumventing the web of trust. GnuPG homepage here.
Homepage:http://www.debian.org/security
File Size:4475
Last Modified:Dec 27 06:36:22 2000
MD5 Checksum:c310fad9afc780a8461621c247cb6e24

 ///  File Name: debian.horde.imp.txt
Description:
 Debian Security Advisory - Imp, a webmail interface, did not check the $from variable which contains the sender address for shell metacharacters. This could be used to run arbitrary commands on the server running imp. To fix this horde (the library imp uses) and imp itself has been modified to sanitize user input.
Homepage:http://www.debian.org/security
File Size:3469
Last Modified:Sep 12 01:20:23 2000
MD5 Checksum:d0a1f5f2466f46c56e8a158b9e03c9cc

 ///  File Name: debian.htdig.txt
Description:
 The version of htdig that was shipped in Debian GNU/Linux 2.1 has a problem with calling external programs to handle non-HTML documents: it calls the external program with the document as a parameter, but does not check for shell escapes. This can be exploited by creating files with filenames that include shell escapes to run arbitraty commands on the machine that runs htdig. Debian security homepage here.
File Size:3126
Last Modified:Dec 9 22:54:53 1999
MD5 Checksum:a8fd02d13b305694bfbadced3f58307d

 ///  File Name: debian.inn2.txt
Description:
 Debian Security Advisory DSA-023-1 - Inn2 uses insecure tempfiles in several places.
Homepage:http://www.debian.org/security
File Size:6443
Last Modified:Jan 31 21:33:23 2001
MD5 Checksum:fdb23f19eb7bd020b0fb21bccc662b4e

 ///  File Name: debian.jazip.txt
Description:
 Debian Security Advisory DSA-017-1 - With older versions of jazip a user could gain root access for members of the floppy group to the local machine. The interface doesn't run as root anymore and this very exploit was prevented. The program now also truncates DISPLAY to 256 characters if it is bigger, which closes the buffer overflow (within xforms).
Homepage:http://www.debian.org/security
File Size:3640
Last Modified:Feb 3 00:02:14 2001
MD5 Checksum:d7a4881c2dace6abb598e9961af3bd25

 ///  File Name: debian.joe.txt
Description:
 Debian Security Advisory - When joe (Joe's Own Editor) dies due to a signal instead of a normal exit it saves a list of the files it is editing to a file called DEADJOE in its current directory. Unfortunately this wasn't done safely which made joe vulnerable to a symlink attack.
Homepage:http://www.debian.org/security
File Size:3549
Last Modified:Dec 3 02:11:33 2000
MD5 Checksum:15a158d7be5635dabfadf63b0b29330d

 ///  File Name: debian.joerc.txt
Description:
 Debian Security Advisory DSA-041-1 - The text editor joe attempts to read .joerc from the current directory, allowing malicious local users to execute commands as other users if they use joe in writable directories.
Homepage:http://www.debian.org/security
File Size:3661
Last Modified:Mar 15 21:35:28 2001
MD5 Checksum:e591023e7a4bedf8a6900673f94e6a0e

 ///  File Name: debian.kernel.txt
Description:
 Debian Security Advisory DSA-047-1 - The kernels used in Debian GNU/Linux 2.2 have been found to have a dozen security problems. Upgrade to 2.2.19!
Homepage:http://www.debian.org/security
File Size:12068
Last Modified:Apr 17 03:03:17 2001
MD5 Checksum:def0b294fedf656925d71fa76f3aab2c

 ///  File Name: debian.libpam-smb.txt
Description:
 Debian Security Advisory - Libpam-smb contains a buffer overflow that can be used to execute arbitrary commands with root privilege.
Homepage:http://www.debian.org/security
File Size:3680
Last Modified:Sep 12 20:04:11 2000
MD5 Checksum:935898e4682baaeed799248c780bbae0

 ///  File Name: debian.lpr-old.txt
Description:
 The version of lpr that was distributed with Debian GNU/Linux 2.1 suffers from a couple of problems. There was a race in lpr that could be exploited by users to print files they can not normally read, and lpd did not check permissions of queue-files. As a result by using the -s flag it could be tricked into printing files a user can otherwise not read. This has been fixed in version 0.46-1-0slink1. We recommend you upgrade your lpr package immediately. Debian security homepage here.
File Size:3001
Last Modified:Nov 3 23:06:56 1999
MD5 Checksum:09c3264dfd9b00e60efe0be857e15228

 ///  File Name: debian.lpr.txt
Description:
 The version of lpr that was distributed with Debian GNU/Linux 2.1 and the updated version released in 2.1r4 have a two security problems - Local users can obtain root access and remote users can access the print server. Debian security homepage here.
File Size:3321
Last Modified:Jan 10 20:16:33 2000
MD5 Checksum:4598f33acb97daed298ecb9e2d609df5

 ///  File Name: debian.mailman.txt
Description:
 Debian Security Advisory - Mailman v2.0 came with a security problem which was introduced during the 2.0 beta cycle, that could be exploited by clever local users to gain group mailman permission.
Homepage:http://security.debian.org
File Size:2989
Last Modified:Aug 7 01:02:27 2000
MD5 Checksum:d8b88d26b8a9322c53c5d879f7d44100

 ///  File Name: debian.mailx-system.txt
Description:
 Debian Security Advisory - mailx is a often used by other programs to send email. Unfortunately mailx as distributed in Debian GNU/Linux 2.1 has some features that made it possible to execute system commands if a user can trick a privileged program to send email using /usr/bin/mail.
Homepage:http://www.debian.org/security
File Size:5095
Last Modified:Aug 9 09:31:57 2000
MD5 Checksum:1d83738a4cc2e382561735255aebe3a7

 ///  File Name: debian.mailx.txt
Description:
 Debian Security Advisory DSA-044-1 - The mail program (a simple tool to read and send email) as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code. Since mail is installed setgid mail by default this allowed local users to use it to gain access to mail group. Since the mail code was never written to be secure fixing it properly would mean a large rewrite. Instead of doing this we decided to no longer install it setgid. This means that it can no longer lock your mailbox properly on systems for which you need group mail to write to the mailspool, but it will still work for sending email. Debian security homepage: http://www.debian.org
File Size:3904
Last Modified:Mar 16 03:05:13 2001
MD5 Checksum:ea2e4113857feb74daccd04a13cfeaea

 ///  File Name: debian.majordomo.txt
Description:
 Debian Security Advisory - Majordomo will no longer be distributed with Debian linux due to licensing restrictions which do not allow a fixed version of Majordomo to be distributed. If you are using majordomo we recommend that you replace it with one of the many other mailing-list tools available such as fml, mailman or smartlist. Debian security homepage: http://www.debian.org
File Size:1968
Last Modified:Jun 5 20:44:40 2000
MD5 Checksum:a226b991d4bb9c1287665a8724ef9df2

 ///  File Name: debian.make.txt
Description:
 The make package as shipped in Debian GNU/Linux 2.1 is vulnerable to a race condition that can be exploited with a symlink attack. Debian security homepage here.
File Size:3359
Last Modified:Feb 23 01:50:17 2000
MD5 Checksum:c0054e5ddaac62a739386a709e3d106c

 ///  File Name: debian.man-db.txt
Description:
 Debian Security Advisory DSA-056-1 - A bug in man-db has been discovered. It fails to drop privileges with the -c or the -u option, allowing local users to overwrite any file owned by user man, including the man and mandb binaries. This has been fixed in version 2.3.16-3.
Homepage:http://www.debian.org/security
File Size:3973
Last Modified:May 9 01:04:27 2001
MD5 Checksum:c04746bbc6de42a4ee83de73daf30797

 ///  File Name: debian.man2html.txt
Description:
 Debian Security Advisory DSA-035-1 - Man2html contains a remote denial of service attack which can use up all available memory. Upgrade to the newest version.
Homepage:http://www.debian.org/security
File Size:3588
Last Modified:Mar 10 02:34:27 2001
MD5 Checksum:cf8443cc67a9862590186702a6667ff7

 ///  File Name: debian.mc.txt
Description:
 Debian Security Advisory DSA-036-1 - It has been reported that a local user could tweak Midnight Commander of another user into executing a random program under the user id of the person running Midnight Commander. This behavior has been fixed in the newest version.
Homepage:http://www.debian.org/security
File Size:5578
Last Modified:Mar 14 00:33:37 2001
MD5 Checksum:24b550edd0b2153f46b9bce7f65c53f8

 ///  File Name: debian.mgetty.txt
Description:
 Debian Security Advisory DSA-011-1 - Mgetty does not create temporary files in a secure manner, which could lead to a symlink attack. This has been corrected in mgetty 1.1.21-3potato1.
Homepage:http://www.debian.org/security
File Size:3666
Last Modified:Mar 9 20:43:07 2001
MD5 Checksum:23162df44bbd7cc19b7428f00d7924ff
 

 ///  Last 10 Files
  1. :· scapy-2.0.0.10.tar.gz
  2. :· caarcserve-dos.txt
  3. :· glsa-200810-02.txt
  4. :· scriptsezid-download.txt
  5. :· scriptsezmhp-lfi.txt
  6. :· metasploitSMB.pdf
  7. :· stash103exp.txt
  8. :· mswingdi-poc.txt
  9. :· cameralife-sqlxss.txt
  10. :· SSRT080099.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· caarcserve-dos.txt
  2. :· glsa-200810-02.txt
  3. :· SSRT080099.txt
  4. :· SSRT080046.txt
  5. :· ZDI-08-066.txt
  6. :· ZDI-08-065.txt
  7. :· ZDI-08-064.txt
  8. :· ZDI-08-063.txt
  9. :· dsa-1649-1.txt
  10. :· dsa-1648-1.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· scriptsezid-download.txt
  2. :· scriptsezmhp-lfi.txt
  3. :· stash103exp.txt
  4. :· mswingdi-poc.txt
  5. :· cameralife-sqlxss.txt
  6. :· aradcenter-sql.txt
  7. :· persiantools-sql.txt
  8. :· PR07-31.txt
  9. :· fc2blog-xss.txt
  10. :· joomlajoomtracker-sql.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· scapy-2.0.0.10.tar.gz
  2. :· bf10BETA.tar.gz
  3. :· RFIDIOt-Windows-0.1t.zip
  4. :· RFIDIOt-0.1t.tgz
  5. :· opennhrp-0.8.tar.bz2
  6. :· zfz20BETA.tar.gz
  7. :· fwknop-1.9.8.tar.gz
  8. :· msnshadow-0.3_beta.tar.bz2
  9. :· geoipgen0.2b.tgz
  10. :· thc-rfidiot.zip
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· metasploitSMB.pdf
  2. :· webapps-attack.txt
  3. :· dirTraversal.txt
  4. :· targeting-voip.pdf
  5. :· oracle-assault.pdf
  6. :· ShellCodeForBeginners.pdf
  7. :· linux-setresuid.txt
  8. :· nufw-2.2.17.tar.gz
  9. :· slackfire-0.65.d-noarch-1.tgz
  10. :· strongswan-4.2.7.tar.gz
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice