Section: .. / advisories / debian /
| /// File Name: |
debian.traceroute.txt |
Description:
|
Debian Security Advisory - In versions of the traceroute package before 1.4a5-3, it is possible for a local user to gain root access by exploiting an argument parsing error.
| | Homepage: | http://www.debian.org/security | | File Size: | 3833 | | Last Modified: | Oct 15 20:23:23 2000 |
| MD5 Checksum: | c6af07ea08e04bf1d2b059a9520087f5 |
|
| /// File Name: |
debian.sysklogd.txt |
Description:
|
Debian Security Advisory - Multiple vulnerabilities have been reported in syslogd and klogd. A local root exploit is possible, and remote exploits may be possible in some cases.
| | Homepage: | http://security.debian.org | | File Size: | 3981 | | Last Modified: | Sep 20 01:37:13 2000 |
| MD5 Checksum: | 45d148c0500d78c681519967b7b66442 |
|
| /// File Name: |
debian.libpam-smb.txt |
Description:
|
Debian Security Advisory - Libpam-smb contains a buffer overflow that can be used to execute arbitrary commands with root privilege.
| | Homepage: | http://www.debian.org/security | | File Size: | 3680 | | Last Modified: | Sep 12 20:04:11 2000 |
| MD5 Checksum: | 935898e4682baaeed799248c780bbae0 |
|
| /// File Name: |
debian.horde.imp.txt |
Description:
|
Debian Security Advisory - Imp, a webmail interface, did not check the $from variable which contains the sender address for shell metacharacters. This could be used to run arbitrary commands on the server running imp. To fix this horde (the library imp uses) and imp itself has been modified to sanitize user input.
| | Homepage: | http://www.debian.org/security | | File Size: | 3469 | | Last Modified: | Sep 12 01:20:23 2000 |
| MD5 Checksum: | d0a1f5f2466f46c56e8a158b9e03c9cc |
|
| /// File Name: |
debian.xpdf.txt |
Description:
|
Debian Security Advisory - Xpdf has two security problems - Tempfiles were created insecurely, and when handling URLs in documents no checking was done for shell metacharacters before starting the browser. This makes it possible to construct a document which cause xpdf to run arbitrary commands when the user views an URL. Both problems have been fixed in version 0.90-7, and we recommend you upgrade your xpdf package immediately.
| | Homepage: | http://www.debian.org/security | | File Size: | 3763 | | Last Modified: | Sep 12 01:18:05 2000 |
| MD5 Checksum: | ee1ad5c7bd7f20a89dd2638af0631f7e |
|
| /// File Name: |
debian.screen.txt |
Description:
|
Debian Security Advisory - A format string bug was recently discovered in screen which allows local users to obtain root access if screen is setuid. This is fixed in version 3.7.4-9.1 and 3.9.5-9.
| | Homepage: | http://www.debian.org/security | | File Size: | 4500 | | Last Modified: | Sep 6 23:22:39 2000 |
| MD5 Checksum: | 68e60099188baca4cca9424730989d5c |
|
| /// File Name: |
debian.glibc.txt |
Description:
|
Debian Security Advisory - Recently two local vulnerabilities have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 3317 | | Last Modified: | Sep 6 06:37:34 2000 |
| MD5 Checksum: | 937c29c6008182445465a9e00b781bf2 |
|
| /// File Name: |
debian.xchat.txt |
Description:
|
Debian Linux Security Advisories - The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shell metacharacters, and this could be abused to trick xchat into executing arbitraty commands. This has been fixed in version 1.4.3-0.1, and we recommend you upgrade your xchat package(s) immediately.
| | Homepage: | http://www.debian.org/security/ | | File Size: | 5779 | | Last Modified: | Aug 30 23:51:36 2000 |
| MD5 Checksum: | b218e3f1f14c5305850f41f6073e130b |
|
| /// File Name: |
debian.ntop.txt |
Description:
|
Debian Linux Security Advisories - The updated version of ntop (1.2a7-10) that was released on August 5 was found to still be insecure: it was still exploitable using buffer overflows. Using this technique it was possible to run arbitrary code as the user who ran ntop in web mode
| | Homepage: | http://www.debian.org/security/ | | File Size: | 3801 | | Last Modified: | Aug 30 10:50:14 2000 |
| MD5 Checksum: | 6ef19ccf964939d2ffcf1ea0c48ab0f5 |
|
| /// File Name: |
debian.zope.abridged |
Description:
|
Debian Security Advisory - On versions of Zope prior to 2.2.1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request. Previous announcement and fix did not fully address the issues.
| | Homepage: | http://www.debian.org/security | | File Size: | 3118 | | Last Modified: | Aug 21 23:27:42 2000 |
| MD5 Checksum: | 96e78e4c3ed81b86d288b06e4a2f5c7f |
|
| /// File Name: |
debian.xlockmore.txt |
Description:
|
Debian Security Advisory - There is a format string bug in all versions of xlockmore/xlockmore-gl. Debian 2.1 installs xlock setuid by default, allowing local users to read /etc/shadow file.
| | Homepage: | http://www.debian.org/security | | File Size: | 5345 | | Last Modified: | Aug 17 18:21:29 2000 |
| MD5 Checksum: | 27ffc10b20141522e85658c916ea153d |
|
| /// File Name: |
debian.mailx-system.txt |
Description:
|
Debian Security Advisory - mailx is a often used by other programs to send email. Unfortunately mailx as distributed in Debian GNU/Linux 2.1 has some features that made it possible to execute system commands if a user can trick a privileged program to send email using /usr/bin/mail.
| | Homepage: | http://www.debian.org/security | | File Size: | 5095 | | Last Modified: | Aug 9 09:31:57 2000 |
| MD5 Checksum: | 1d83738a4cc2e382561735255aebe3a7 |
|
| /// File Name: |
debian.mailman.txt |
Description:
|
Debian Security Advisory - Mailman v2.0 came with a security problem which was introduced during the 2.0 beta cycle, that could be exploited by clever local users to gain group mailman permission.
| | Homepage: | http://security.debian.org | | File Size: | 2989 | | Last Modified: | Aug 7 01:02:27 2000 |
| MD5 Checksum: | d8b88d26b8a9322c53c5d879f7d44100 |
|
| /// File Name: |
debian.dhcp.txt |
Description:
|
Debian Security Advisory - The versions of the ISC DHCP client in Debian 2.1 are vulnerable to a root exploit. A previous Debian security advisory addressed this issue with package versions 2.0b1pl6-0.3 and 2.0-3potato1, but ISC has released a newer patch since the original advisory. You should install the latest packages even if you upgraded when the last advisory was released.
| | Homepage: | http://www.debian.org/security | | File Size: | 7190 | | Last Modified: | Jul 28 20:32:21 2000 |
| MD5 Checksum: | 95e1ed9433a62ac57ffa2f3eef8a72ff |
|
| /// File Name: |
debian.userv.txt |
Description:
|
Debian Security Advisory - The version of userv that was distributed with Debian GNU/Linux 2.1 had a problem in the fd swapping algorithm: it could sometimes make an out-of-bounds array reference. It is possible for local users to abuse this to carry out unauthorised actions or be able to take control for service user accounts.
| | Homepage: | http://www.debian.org/security | | File Size: | 5501 | | Last Modified: | Jul 27 19:25:56 2000 |
| MD5 Checksum: | f2398952ee060c05db0aa106c80f3afd |
|
| /// File Name: |
debian.nfs-common.txt |
Description:
|
Debian Security Advisory - The version of nfs-common distributed in Debian GNU/Linux 2.2 is vulnerable to a remote root compromise involving rpc.statd.
| | Homepage: | http://www.debian.org/security | | File Size: | 4097 | | Last Modified: | Jul 18 00:51:51 2000 |
| MD5 Checksum: | 5e0513b893db5539e05449413bad8c8f |
|
| /// File Name: |
debian.cvsweb.txt |
Description:
|
Debian Security Advisory - The versions of cvsweb distributed in Debian GNU/Linux 2.1, are vulnerable to a remote shell exploit. An attacker with write access to the cvs repository can execute arbitrary code on the server, as the www-data user.
| | Homepage: | http://www.debian.org/security | | File Size: | 3793 | | Last Modified: | Jul 18 00:17:51 2000 |
| MD5 Checksum: | f3b0b63f1761afdf3d8e967b3ea384c5 |
|
| /// File Name: |
debian.canna.txt |
Description:
|
Debian Security Advisory - The canna package as distributed in Debian GNU/Linux 2.1 can be remotely exploited to gain access. This could be done by overflowing a buffer by sending a SR_INIT command with a very long usernamd or groupname.
| | Homepage: | http://www.debian.org/security | | File Size: | 4491 | | Last Modified: | Jul 4 05:26:30 2000 |
| MD5 Checksum: | 66ad48b77d8bc5997648b1e0b1f5423a |
|
| /// File Name: |
debian.wu-ftpd.txt |
Description:
|
Debian Security Advisory - The version of wu-ftpd distributed in Debian GNU/Linux 2.1 is vulnerable to a remote root compromise. The default configuration in all current Debian packages prevents the currently available exploits in the case of anonymous access, although local users can still compromise the server.
| | Homepage: | http://security.debian.org | | File Size: | 4949 | | Last Modified: | Jun 24 00:49:05 2000 |
| MD5 Checksum: | 5cb66f1b0abc872c0c14e8f0258cfdb7 |
|
| /// File Name: |
debian.majordomo.txt |
Description:
|
Debian Security Advisory - Majordomo will no longer be distributed with Debian linux due to licensing restrictions which do not allow a fixed version of Majordomo to be distributed. If you are using majordomo we recommend that you replace it with one of the many other mailing-list tools available such as fml, mailman or smartlist. Debian security homepage: http://www.debian.org
| | File Size: | 1968 | | Last Modified: | Jun 5 20:44:40 2000 |
| MD5 Checksum: | a226b991d4bb9c1287665a8724ef9df2 |
|
| /// File Name: |
debian.mtr.txt |
Description:
|
Debian Security Advisory - The version of mtr as distributed in Debian GNU/Linux 2l1 did not drop root privileges correctly. While there are no known exploits it is conceivable that a weakness in gtk or ncurses could be used to exploit this. Debian security homepage here.
| | File Size: | 3052 | | Last Modified: | Mar 9 20:25:34 2000 |
| MD5 Checksum: | 6d6789b193a9e0d9198b500b201e21db |
|
| /// File Name: |
debian.nmh.txt |
Description:
|
Debian Security Advuisory - Remote exploit in nmh. The version of nmh that was distributed in Debian GNU/Linux 2.1 (aka slink) did not check incoming mail messages properly. This could be exploited by using carefully designed MIME headers to trick mhshow into executing arbitrary shell code. Debian security homepage here.
| | File Size: | 3144 | | Last Modified: | Feb 28 21:23:31 2000 |
| MD5 Checksum: | 0fee415db8b978d86bccedd0d047caf1 |
|
| /// File Name: |
debian.make.txt |
Description:
|
The make package as shipped in Debian GNU/Linux 2.1 is vulnerable to a race condition that can be exploited with a symlink attack. Debian security homepage here.
| | File Size: | 3359 | | Last Modified: | Feb 23 01:50:17 2000 |
| MD5 Checksum: | c0054e5ddaac62a739386a709e3d106c |
|
| /// File Name: |
debian.apcd.txt |
Description:
|
The apcd package as shipped in Debian GNU/Linux 2.1 is vulnerable to a symlink attack. Debian security homepage here.
| | File Size: | 3159 | | Last Modified: | Feb 2 01:36:53 2000 |
| MD5 Checksum: | f411713febd127d6d8f056281ee883c3 |
|
| /// File Name: |
debian.nvi.txt |
Description:
|
The version of nvi that was distributed with Debian GNU/Linux 2.1 has an error in the default /etc/init.d/nviboot script: it did not handle filenames with embedded spaces correctly. This made it possible to remove files in the root directory by creating entries in /var/tmp/vi.recover. Debian security homepage here.
| | File Size: | 3312 | | Last Modified: | Jan 10 20:26:41 2000 |
| MD5 Checksum: | 0b662942567330520d0aa2f42d879dc5 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
