.:[ packet storm ]:.
                             
the one stop shop
the one stop shop

 Section:  .. / advisories / debian  /

Page 3 of 5
<< 1 2 3 4 5 >> Files 50 - 75 of 107
Currently sorted by: Last ModifiedSort By: File Name, File Size

 ///  File Name: debian.tinyproxy.txt
Description:
 Debian Security Advisory DSA-018-1 - A heap overflow has been found in tinyproxy which allows remote attackers to execute commands as user nobody.
Homepage:http://www.debian.org/security
File Size:3521
Last Modified:Jan 24 22:52:15 2001
MD5 Checksum:fcda788f74c9e44e1b7d8d32d20ae840

 ///  File Name: debian.gpg.txt
Description:
 Debian Security Advisory - There is a problem in the way gpg checks detached signatures which can lead to false positives. Also it was discovered that gpg would import secret keys from key-servers, circumventing the web of trust. GnuPG homepage here.
Homepage:http://www.debian.org/security
File Size:4475
Last Modified:Dec 27 06:36:22 2000
MD5 Checksum:c310fad9afc780a8461621c247cb6e24

 ///  File Name: debian.stunnel.txt
Description:
 Debian Security Advisory - Stunnel has a format string vulnerability, random number problems, symlink vulnerabilities, and insecure syslog() calls. These are fixed in v3.10.
Homepage:http://www.debian.org/security
File Size:3913
Last Modified:Dec 25 18:35:59 2000
MD5 Checksum:81cafcf92517700a3f1e7200b0ee8869

 ///  File Name: debian.dialog.txt
Description:
 Debian Security Advisory - Dialog creates lock files insecurely, making it susceptible to a symlink attack.
Homepage:http://www.debian.org/security
File Size:3406
Last Modified:Dec 25 18:33:59 2000
MD5 Checksum:90cae4bddc6fa6de0e87a248e6e138e2

 ///  File Name: debian.slocate.txt
Description:
 Debian Security Advisory - A bug in the database reading code of slocate makes possible to overwrite a internal structure with some input. This can be used to trick slocate into executing arbitrary code by pointing it to a carefully crafted database. This is fixed in slocate v2.4.
Homepage:http://www.debian.org/security
File Size:3688
Last Modified:Dec 19 03:23:00 2000
MD5 Checksum:b4bc96da22f389610426192e7c705cf9

 ///  File Name: debian.nano.txt
Description:
 Debian Security Advisory - The problem that was previously reported for joe also occurs with other editors. When nano (a free pico clone) unexpectedly dies it tries a warning message to a new file with a predictable name. Unfortunately that file was not created safely which made nano vulnerable to a symlink attack. This has been fixed in version 0.9.23-1 (except for powerpc, which has version 0.9.23-1.1).
Homepage:http://www.debian.org/security
File Size:4431
Last Modified:Dec 19 03:21:15 2000
MD5 Checksum:92f15aef749f9005b0474ca16d4b58f2

 ///  File Name: debian.ethereal.txt
Description:
 Debian Security Advisory - Hacksware reported a buffer overflow in the AFS packet parsing code in ethereal. Gerald Combs then found more overflows in the netbios and ntp decoding logic as well. An attacker can exploit those overflows by sending carefully crafted packets to a network that is being monitored by ethereal. This has been fixed in version 0.8.0-2potato and we recommend you upgrade your ethereal package immediately.
Homepage:http://www.debian.org/security
File Size:3512
Last Modified:Dec 3 17:24:05 2000
MD5 Checksum:54a569e03300753259ad5579a438c6d8

 ///  File Name: debian.joe.txt
Description:
 Debian Security Advisory - When joe (Joe's Own Editor) dies due to a signal instead of a normal exit it saves a list of the files it is editing to a file called DEADJOE in its current directory. Unfortunately this wasn't done safely which made joe vulnerable to a symlink attack.
Homepage:http://www.debian.org/security
File Size:3549
Last Modified:Dec 3 02:11:33 2000
MD5 Checksum:15a158d7be5635dabfadf63b0b29330d

 ///  File Name: debian.fsh.txt
Description:
 Debian Security Advisory - Fsh, a tool to run remote commands over ssh, has a tempfile vulnerability which has been fixed in version 1.0.post.1-3potato.
Homepage:http://www.debian.org/security
File Size:3730
Last Modified:Dec 3 00:20:05 2000
MD5 Checksum:eefb70a215428e9f9275bf5e878e931a

 ///  File Name: debian.ed.txt
Description:
 Debian Security Advisory - GNU ed (the classic line editor tool) does not use temp files safely. This has been fixed in version 0.2-18.1.
Homepage:http://www.debian.org/security
File Size:3191
Last Modified:Dec 2 23:18:28 2000
MD5 Checksum:17b0f0335fe26dbbfcec4f6549e7fedf

 ///  File Name: debian.ghostscript.txt
Description:
 Debian Security Advisory - ghostscript uses temporary files to do some of its work. Unfortunately the method used to create those files wasn't secure: mktemp was used to create a name for a temporary file, but the file was not opened safely. A second problem is that during build the LD_RUN_PATH environment variable was set to the empty string, which causes the dynamic linker to look in the current directory for shared libraries.
Homepage:http://www.debian.org/security
File Size:3531
Last Modified:Nov 29 10:32:49 2000
MD5 Checksum:1af88d155bd6d5fb83c959c03555f6e0

 ///  File Name: debian.tcpdump.txt
Description:
 Debian Security Advisory - During internal source code auditing by FreeBSD several buffer overflows were found which allow an attacker to make tcpdump crash by sending carefully crafted packets to a network that is being monitored with tcpdump. This has been fixed in version 3.4a6-4.2.
Homepage:http://www.debian.org/security
File Size:3382
Last Modified:Nov 26 03:43:05 2000
MD5 Checksum:d59476cbf07be68c6268c46feb9a82da

 ///  File Name: debian.ncurses.txt
Description:
 Debian Security Advisory - The version of the ncurses display library shipped with Debian GNU/Linux 2.2 is vulnerable to several buffer overflows in the parsing of terminfo database files. The problems are only exploitable in the presence of setuid binaries linked to ncurses which use these particular functions, including xmcd versions before 2.5pl1-7.1.
Homepage:http://www.debian.org/security
File Size:7266
Last Modified:Nov 26 02:51:06 2000
MD5 Checksum:ffb4a5ae5913af306bf296cf5dbee114

 ///  File Name: debian.xcmd.txt
Description:
 Debian Security Advisory - The Debian GNU/Linux xmcd package has historically installed two setuid helpers for accessing cddb databases and SCSI cdrom drives. More recently, the package offered the administrator the chance to remove these setuid flags, but did so incorrectly. A buffer overflow in ncurses, linked to the "cda" binary, allowed a root exploit. Fixed ncurses packages have been released, as well as fixed xmcd packages which do not install this binary with a setuid flag. The problem is fixed in xmcd 2.5pl1-7.1, and we recommend all users with xmcd installed upgrade to this release. You may need to add users of xmcd to the "audio" and "cdrom" groups in order for them to continue using xmcd.
Homepage:http://www.debian.org/security
File Size:5047
Last Modified:Nov 26 02:41:56 2000
MD5 Checksum:f6cdf21fb5180ab2b35a7e07ebbff947

 ///  File Name: debian.elvis-tiny.txt
Description:
 Debian Security Advisory - A tempfile bug was discovered in elvis-tiny prior to v1.4-10 which does not exist in the full size elvis.
Homepage:http://www.debian.org/security
File Size:4277
Last Modified:Nov 25 09:46:11 2000
MD5 Checksum:12fe2b7c8ad591e7732f2a5225374d48

 ///  File Name: debian.modutils.txt
Description:
 Debian Security Advisory - A problem in the modprobe utility that can be exploited by local users to run arbitrary commands as root if the machine is running a kernel with kmod enabled has been discovered.
Homepage:http://www.debian.org/security
File Size:4190
Last Modified:Nov 25 07:05:25 2000
MD5 Checksum:dcf44634a6c622fa1aa2981a6037b5d1

 ///  File Name: debian.cupsys.txt
Description:
 Debian Security Advisory - CUPS allows remote users to abuse print services.
Homepage:http://www.debian.org/security
File Size:7917
Last Modified:Nov 21 02:00:50 2000
MD5 Checksum:bd97619b8a79fb7145543b113e82d844

 ///  File Name: debian.cron.txt
Description:
 Debian Security Advisory - The version of Vixie Cron shipped with Debian GNU/Linux 2.2 is vulnerable to a local attack, discovered by Michal Zalewski. Several problems, including insecure permissions on temporary files and race conditions in their deletion, allowed attacks from a denial of service (preventing the editing of crontabs) to an escalation of privilege (when another user edited their crontab). As a temporary fix, "chmod go-rx /var/spool/cron/crontabs" prevents the only available exploit; however, it does not address the problem - upgrade is needed.
Homepage:http://www.debian.org/security
File Size:4153
Last Modified:Nov 19 04:19:35 2000
MD5 Checksum:b56b24c7cc37e3ca08d286fd8b497f37

 ///  File Name: debain.bind-dos.txt
Description:
 Debian Security Advisory - Versions of BIND prior to 8.2.2p7-1 are vulnerable to a denial of service attack which causes the nameserver to crash after accessing an uninitialized pointer.
Homepage:http://www.debian.org/security
File Size:5594
Last Modified:Nov 13 10:09:47 2000
MD5 Checksum:2d4211bd0ed40a41f4f351762920ff5e

 ///  File Name: debian.tcsh.txt
Description:
 Debian Security Advisory - A temp file vulnerability has been found in tcsh prior v6.09.00-10 when using the double less than (<<) input redirection. Arbitrary files can be overwritten as the user running tcsh.
Homepage:http://www.debian.org/security
File Size:4740
Last Modified:Nov 11 23:47:33 2000
MD5 Checksum:e01eb29edf05bae94d5b42df9ec6f6e4

 ///  File Name: debian.gnupg.txt
Description:
 Debian Security Advisory - The version of gnupg that was distributed in Debian GNU/Linux 2.2 had a logic error in the code that checks for valid signatures which could cause false positive results: Jim Small discovered that if the input contained multiple signed sections the exit-code gnupg returned was only valid for the last section, so improperly signed other sections were not noticed.
Homepage:http://www.debian.org/security
File Size:3839
Last Modified:Nov 11 23:30:14 2000
MD5 Checksum:f26bc18da1a6dff9992588337f78c06b

 ///  File Name: debian.php4.txt
Description:
 Debian Security Advisory - In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the web server.
Homepage:http://www.debian.org/security
File Size:17412
Last Modified:Oct 15 21:28:56 2000
MD5 Checksum:2283301130af7e6d0a0b53bf93cb998c

 ///  File Name: debian.php3.txt
Description:
 Debian Security Advisory - In versions of the PHP 3 packages before version 3.0.17, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the web server, particularly if error logging was enabled.
Homepage:http://www.debian.org/security
File Size:23477
Last Modified:Oct 15 21:26:43 2000
MD5 Checksum:18253553df53dfe8b1817fbb1267eb33

 ///  File Name: debian.nis.txt
Description:
 Debian Security Advisory - The version of nis as distributed in Debian GNU/Linux 2.1 and 2.2 contains a ypbind package with a security problem. A format string attack can be used to run arbitrary code as root.
Homepage:http://www.debian.org/security
File Size:4481
Last Modified:Oct 15 21:22:06 2000
MD5 Checksum:c9d538d6e96ae072ee7d1fc8e8771778

 ///  File Name: debian.curl.txt
Description:
 Debian Security Advisory - The version of curl as distributed with Debian GNU/Linux 2.2 had a bug in the error logging code: when it created an error message it failed to check the size of the buffer allocated for storing the message. This could be exploited by the remote machine by returning an invalid response to a request from curl which overflows the error buffer and trick curl into executing arbitrary code.
Homepage:http://www.debian.org/security
File Size:5474
Last Modified:Oct 15 21:11:28 2000
MD5 Checksum:690aa377305ba10a4e37111b66366214
 

 ///  Last 10 Files
  1. :· pacpoll-disclose.txt
  2. :· USN-682-1.txt
  3. :· USN-681-1.txt
  4. :· BMSA-2008-09.txt
  5. :· webhub-bypass.txt
  6. :· infinite-bypass.txt
  7. :· VA_VD_87_08_XRDP.pdf
  8. :· TKADV2008-013.txt
  9. :· sqlinj-insouts.txt
  10. :· bcoos1013-sql.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Advisories
  1. :· USN-682-1.txt
  2. :· USN-681-1.txt
  3. :· VA_VD_87_08_XRDP.pdf
  4. :· TKADV2008-013.txt
  5. :· dsa-1675-1.txt
  6. :· dsa-1674-1.txt
  7. :· dsa-1673-1.txt
  8. :· dsa-1672-1.txt
  9. :· USN-679-1.txt
  10. :· USN-680-1.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Exploits
  1. :· pacpoll-disclose.txt
  2. :· BMSA-2008-09.txt
  3. :· webhub-bypass.txt
  4. :· infinite-bypass.txt
  5. :· bcoos1013-sql.txt
  6. :· preonline-cmsqlxss.txt
  7. :· preclass-sqlxss.txt
  8. :· aspportal-disclose.txt
  9. :· preshoppingmall-cmsqlxss.txt
  10. :· ezpoll-sql.txt
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Tools
  1. :· vncrush.txt
  2. :· rshatter.txt
  3. :· Exomind-v0.2.tar.gz
  4. :· clamav-0.94.2.tar.gz
  5. :· cadfile.zip
  6. :· anehta-v0.6.0fixed2.zip
  7. :· tagfuzz.txt
  8. :· BrowserRider.20081124.tar.bz2
  9. :· mp3nema-v0_2.tar.gz
  10. :· squid-nufw-helper-1.1.3.tar.gz
[ Last 20 | Last 50 | Last 100 ]

 ///  Last 10 Misc
  1. :· sqlinj-insouts.txt
  2. :· format-string-linux.txt
  3. :· frame-pointer-overwrite-linux.txt
  4. :· iptablesf.txt
  5. :· nufw-2.2.19.tar.gz
  6. :· frhack2009-cfp.txt
  7. :· oracle-forensics-scns.pdf
  8. :· cansecwest-2009.txt
  9. :· A5.1.zip
  10. :· a51-php.txt
[ Last 20 | Last 50 | Last 100 ]


 .:. TopPrivacy Statement | Copyright Notice