Section: .. / advisories / debian /
| /// File Name: |
debian.slocate.txt |
Description:
|
Debian Security Advisory - A bug in the database reading code of slocate makes possible to overwrite a internal structure with some input. This can be used to trick slocate into executing arbitrary code by pointing it to a carefully crafted database. This is fixed in slocate v2.4.
| | Homepage: | http://www.debian.org/security | | File Size: | 3688 | | Last Modified: | Dec 19 03:23:00 2000 |
| MD5 Checksum: | b4bc96da22f389610426192e7c705cf9 |
|
| /// File Name: |
debian.slrn.txt |
Description:
|
Debian Security Advisory DSA-040-1 - The slrn newsreader has remotely exploitable buffer overflows if the wrapping/unwrapping functions are enabled.
| | Homepage: | http://www.debian.org/security | | File Size: | 4592 | | Last Modified: | Mar 15 21:19:48 2001 |
| MD5 Checksum: | 585880baaeff9496b6bc666274f2034b |
|
| /// File Name: |
debian.splitvt.txt |
Description:
|
Debian Security Advisory DSA-014-1 - Splitvt prior to v1.6.5 contains format string vulnerabilities in the -rcfile command line flag, allowing local users to gain access to the tty group.
| | Homepage: | http://www.debian.org/security | | File Size: | 3878 | | Last Modified: | Feb 2 23:59:10 2001 |
| MD5 Checksum: | 8a5505d8046f63e9a451c85b40b4fe6e |
|
| /// File Name: |
debian.squid.txt |
Description:
|
Debian Security Advisory DSA-019-1 - A tempfile bug has been found in Squid v2.3stable4 when it sends out email messages about updates.
| | Homepage: | http://www.debian.org/security | | File Size: | 5723 | | Last Modified: | Jan 26 08:57:10 2001 |
| MD5 Checksum: | b2149c26559a825338d5a3791123baae |
|
| /// File Name: |
debian.stunnel.txt |
Description:
|
Debian Security Advisory - Stunnel has a format string vulnerability, random number problems, symlink vulnerabilities, and insecure syslog() calls. These are fixed in v3.10.
| | Homepage: | http://www.debian.org/security | | File Size: | 3913 | | Last Modified: | Dec 25 18:35:59 2000 |
| MD5 Checksum: | 81cafcf92517700a3f1e7200b0ee8869 |
|
| /// File Name: |
debian.sudo.txt |
Description:
|
Debian Security Advisory DSA-031-1 - Sudo contains a buffer overflow which allows local users to gain root access. This is fixed in v1.6.3p6.
| | Homepage: | http://www.debian.org/security | | File Size: | 3724 | | Last Modified: | Mar 1 01:49:14 2001 |
| MD5 Checksum: | 8214d7cc4754d7baecfc8c65fe7abc71 |
|
| /// File Name: |
debian.sysklogd.txt |
Description:
|
Debian Security Advisory - Multiple vulnerabilities have been reported in syslogd and klogd. A local root exploit is possible, and remote exploits may be possible in some cases.
| | Homepage: | http://security.debian.org | | File Size: | 3981 | | Last Modified: | Sep 20 01:37:13 2000 |
| MD5 Checksum: | 45d148c0500d78c681519967b7b66442 |
|
| /// File Name: |
debian.tcpdump.txt |
Description:
|
Debian Security Advisory - During internal source code auditing by FreeBSD several buffer overflows were found which allow an attacker to make tcpdump crash by sending carefully crafted packets to a network that is being monitored with tcpdump. This has been fixed in version 3.4a6-4.2.
| | Homepage: | http://www.debian.org/security | | File Size: | 3382 | | Last Modified: | Nov 26 03:43:05 2000 |
| MD5 Checksum: | d59476cbf07be68c6268c46feb9a82da |
|
| /// File Name: |
debian.tcsh.txt |
Description:
|
Debian Security Advisory - A temp file vulnerability has been found in tcsh prior v6.09.00-10 when using the double less than (<<) input redirection. Arbitrary files can be overwritten as the user running tcsh.
| | Homepage: | http://www.debian.org/security | | File Size: | 4740 | | Last Modified: | Nov 11 23:47:33 2000 |
| MD5 Checksum: | e01eb29edf05bae94d5b42df9ec6f6e4 |
|
| /// File Name: |
debian.tinyproxy.txt |
Description:
|
Debian Security Advisory DSA-018-1 - A heap overflow has been found in tinyproxy which allows remote attackers to execute commands as user nobody.
| | Homepage: | http://www.debian.org/security | | File Size: | 3521 | | Last Modified: | Jan 24 22:52:15 2001 |
| MD5 Checksum: | fcda788f74c9e44e1b7d8d32d20ae840 |
|
| /// File Name: |
debian.traceroute.txt |
Description:
|
Debian Security Advisory - In versions of the traceroute package before 1.4a5-3, it is possible for a local user to gain root access by exploiting an argument parsing error.
| | Homepage: | http://www.debian.org/security | | File Size: | 3833 | | Last Modified: | Oct 15 20:23:23 2000 |
| MD5 Checksum: | c6af07ea08e04bf1d2b059a9520087f5 |
|
| /// File Name: |
debian.userv.txt |
Description:
|
Debian Security Advisory - The version of userv that was distributed with Debian GNU/Linux 2.1 had a problem in the fd swapping algorithm: it could sometimes make an out-of-bounds array reference. It is possible for local users to abuse this to carry out unauthorised actions or be able to take control for service user accounts.
| | Homepage: | http://www.debian.org/security | | File Size: | 5501 | | Last Modified: | Jul 27 19:25:56 2000 |
| MD5 Checksum: | f2398952ee060c05db0aa106c80f3afd |
|
| /// File Name: |
debian.wu-ftpd.txt |
Description:
|
Debian Security Advisory - The version of wu-ftpd distributed in Debian GNU/Linux 2.1 is vulnerable to a remote root compromise. The default configuration in all current Debian packages prevents the currently available exploits in the case of anonymous access, although local users can still compromise the server.
| | Homepage: | http://security.debian.org | | File Size: | 4949 | | Last Modified: | Jun 24 00:49:05 2000 |
| MD5 Checksum: | 5cb66f1b0abc872c0c14e8f0258cfdb7 |
|
| /// File Name: |
debian.wuftpd.txt |
Description:
|
Debian Security Advisory DSA-016-3 - Security people at WireX have noticed a temp file creation bug and the WU-FTPD development team has found a possible format string bug in wu-ftpd. Both could be remotely exploited.
| | Homepage: | http://www.debian.org/security | | File Size: | 2335 | | Last Modified: | Feb 2 23:58:42 2001 |
| MD5 Checksum: | a09f99a92fe112538a8f7b5d194167ad |
|
| /// File Name: |
debian.X.txt |
Description:
|
Debian Security Advisory DSA-030-1 - XFree86 3.3.6 contains local vulnerabilities - Upgrade to a patched version of 3.3.6.
| | Homepage: | http://www.debian.org/security | | File Size: | 26933 | | Last Modified: | Feb 14 08:15:31 2001 |
| MD5 Checksum: | bad13e6d42c27cfa14c8a38990de5a28 |
|
| /// File Name: |
debian.xaw3d.txt |
Description:
|
Debian Security Advisory DSA-037-1 - It has been reported that the AsciiSrc and MultiSrc widget in the Athena widget library handle temporary files insecurely. We recommend you upgrade your nextaw, xaw3d and xaw95 packages.
| | Homepage: | http://www.debian.org/security | | File Size: | 5669 | | Last Modified: | Mar 14 00:34:59 2001 |
| MD5 Checksum: | b64cde613ed491c26e181b4c12f893fa |
|
| /// File Name: |
debian.xchat.txt |
Description:
|
Debian Linux Security Advisories - The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shell metacharacters, and this could be abused to trick xchat into executing arbitraty commands. This has been fixed in version 1.4.3-0.1, and we recommend you upgrade your xchat package(s) immediately.
| | Homepage: | http://www.debian.org/security/ | | File Size: | 5779 | | Last Modified: | Aug 30 23:51:36 2000 |
| MD5 Checksum: | b218e3f1f14c5305850f41f6073e130b |
|
| /// File Name: |
debian.xcmd.txt |
Description:
|
Debian Security Advisory - The Debian GNU/Linux xmcd package has historically installed two setuid helpers for accessing cddb databases and SCSI cdrom drives. More recently, the package offered the administrator the chance to remove these setuid flags, but did so incorrectly. A buffer overflow in ncurses, linked to the "cda" binary, allowed a root exploit. Fixed ncurses packages have been released, as well as fixed xmcd packages which do not install this binary with a setuid flag. The problem is fixed in xmcd 2.5pl1-7.1, and we recommend all users with xmcd installed upgrade to this release. You may need to add users of xmcd to the "audio" and "cdrom" groups in order for them to continue using xmcd.
| | Homepage: | http://www.debian.org/security | | File Size: | 5047 | | Last Modified: | Nov 26 02:41:56 2000 |
| MD5 Checksum: | f6cdf21fb5180ab2b35a7e07ebbff947 |
|
| /// File Name: |
debian.xemacs.txt |
Description:
|
Debian Security Advisory DSA-042-1 - Gnuserv, a remote control facility for Emacsen which is available as standalone program as well as included in XEmacs21, has a buffer overflow which can be exploited to make the cookie comparison always succeed.
| | Homepage: | http://www.debian.org/security | | File Size: | 8652 | | Last Modified: | Mar 15 23:57:39 2001 |
| MD5 Checksum: | a895bc2064bcdf6c3fabf251ccf82017 |
|
| /// File Name: |
debian.xlockmore.txt |
Description:
|
Debian Security Advisory - There is a format string bug in all versions of xlockmore/xlockmore-gl. Debian 2.1 installs xlock setuid by default, allowing local users to read /etc/shadow file.
| | Homepage: | http://www.debian.org/security | | File Size: | 5345 | | Last Modified: | Aug 17 18:21:29 2000 |
| MD5 Checksum: | 27ffc10b20141522e85658c916ea153d |
|
| /// File Name: |
debian.xpdf.txt |
Description:
|
Debian Security Advisory - Xpdf has two security problems - Tempfiles were created insecurely, and when handling URLs in documents no checking was done for shell metacharacters before starting the browser. This makes it possible to construct a document which cause xpdf to run arbitrary commands when the user views an URL. Both problems have been fixed in version 0.90-7, and we recommend you upgrade your xpdf package immediately.
| | Homepage: | http://www.debian.org/security | | File Size: | 3763 | | Last Modified: | Sep 12 01:18:05 2000 |
| MD5 Checksum: | ee1ad5c7bd7f20a89dd2638af0631f7e |
|
| /// File Name: |
debian.zope.abridged |
Description:
|
Debian Security Advisory - On versions of Zope prior to 2.2.1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request. Previous announcement and fix did not fully address the issues.
| | Homepage: | http://www.debian.org/security | | File Size: | 3118 | | Last Modified: | Aug 21 23:27:42 2000 |
| MD5 Checksum: | 96e78e4c3ed81b86d288b06e4a2f5c7f |
|
| /// File Name: |
debian.zope.txt |
Description:
|
Debian Security Advisory - On versions of Zope prior to 2.2beta1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request.
| | Homepage: | http://www.debian.org/security | | File Size: | 5259 | | Last Modified: | Mar 15 23:58:25 2001 |
| MD5 Checksum: | c48c94aca5f08103caa9e3d767bf0739 |
|
| /// File Name: |
debian.zope2.txt |
Description:
|
Debian Security Advisory DSA-055-1 - A new Zope hotfix has been released which fixes a problem in ZClasses. The problem is "any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance." This hotfix has been added in version 2.1.6-10.
| | Homepage: | http://www.debian.org/security | | File Size: | 3534 | | Last Modified: | May 9 00:51:30 2001 |
| MD5 Checksum: | e57f433fb0a00cdfcccd3e9d10af18ea |
|
| /// File Name: |
dsa-1015-1.txt |
Description:
|
Debian Security Advisory DSA 1015-1 - Mark Dowd discovered a flaw in the handling of asynchronous signals in sendmail, a powerful, efficient, and scalable mail transport agent. This allows a remote attacker may to exploit a race condition to execute arbitrary code as root.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 18217 | | Last Modified: | Mar 31 12:13:30 2006 |
| MD5 Checksum: | 445b8a7a92fe45f0b360bc2d124c701c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
