Section: .. / advisories / debian /
| /// File Name: |
DSA-130-1 |
Description:
|
Debian Security Advisory DSA-130-1 - Ethereal versions prior to v0.9.3 are vulnerable to an allocation error in the ASN.1 parser allowing remote root exploits. This affected GNU/Linux 2.2 and fixed packages have been released for the alpha, arm, i386, m68k, powerpc and sparc architectures.
| | Homepage: | http://www.debian.org/security/ | | File Size: | 3999 | | Last Modified: | Jun 4 06:47:41 2002 |
| MD5 Checksum: | ddd83b5b90f864cfc1ecf0c07c2e759a |
|
| /// File Name: |
debian.sysklogd.txt |
Description:
|
Debian Security Advisory - Multiple vulnerabilities have been reported in syslogd and klogd. A local root exploit is possible, and remote exploits may be possible in some cases.
| | Homepage: | http://security.debian.org | | File Size: | 3981 | | Last Modified: | Sep 20 01:37:13 2000 |
| MD5 Checksum: | 45d148c0500d78c681519967b7b66442 |
|
| /// File Name: |
debian.eperl.txt |
Description:
|
Debian Security Advisory DSA-034-1 - When eperl is installed setuid root, it can switch to the UID/GID of the scripts owner. Although Debian doesn't ship the program setuid root, this is a useful feature which people may have activated locally. When the program is used as /usr/lib/cgi-bin/nph-eperl the bugs could lead into a remote vulnerability as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 3977 | | Last Modified: | Mar 10 02:33:20 2001 |
| MD5 Checksum: | 5c9a8312917867c4723fd4cff47f3f34 |
|
| /// File Name: |
debian.man-db.txt |
Description:
|
Debian Security Advisory DSA-056-1 - A bug in man-db has been discovered. It fails to drop privileges with the -c or the -u option, allowing local users to overwrite any file owned by user man, including the man and mandb binaries. This has been fixed in version 2.3.16-3.
| | Homepage: | http://www.debian.org/security | | File Size: | 3973 | | Last Modified: | May 9 01:04:27 2001 |
| MD5 Checksum: | c04746bbc6de42a4ee83de73daf30797 |
|
| /// File Name: |
debian.analog.txt |
Description:
|
Debian Security Advisory - A buffer overflow in all versions of Analog except 4.16 has been discovered in the ALIAS command. This bug is particularly dangerous if the form interface (which allows unknown users to run the program via a CGI script) has been installed.
| | Homepage: | http://www.debian.org/security | | File Size: | 3964 | | Last Modified: | Mar 10 02:02:19 2001 |
| MD5 Checksum: | 0fe3e9e21a308bbfb82a017aaed58a2d |
|
| /// File Name: |
debian.stunnel.txt |
Description:
|
Debian Security Advisory - Stunnel has a format string vulnerability, random number problems, symlink vulnerabilities, and insecure syslog() calls. These are fixed in v3.10.
| | Homepage: | http://www.debian.org/security | | File Size: | 3913 | | Last Modified: | Dec 25 18:35:59 2000 |
| MD5 Checksum: | 81cafcf92517700a3f1e7200b0ee8869 |
|
| /// File Name: |
debian.mailx.txt |
Description:
|
Debian Security Advisory DSA-044-1 - The mail program (a simple tool to read and send email) as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code. Since mail is installed setgid mail by default this allowed local users to use it to gain access to mail group. Since the mail code was never written to be secure fixing it properly would mean a large rewrite. Instead of doing this we decided to no longer install it setgid. This means that it can no longer lock your mailbox properly on systems for which you need group mail to write to the mailspool, but it will still work for sending email. Debian security homepage: http://www.debian.org
| | File Size: | 3904 | | Last Modified: | Mar 16 03:05:13 2001 |
| MD5 Checksum: | ea2e4113857feb74daccd04a13cfeaea |
|
| /// File Name: |
debian.splitvt.txt |
Description:
|
Debian Security Advisory DSA-014-1 - Splitvt prior to v1.6.5 contains format string vulnerabilities in the -rcfile command line flag, allowing local users to gain access to the tty group.
| | Homepage: | http://www.debian.org/security | | File Size: | 3878 | | Last Modified: | Feb 2 23:59:10 2001 |
| MD5 Checksum: | 8a5505d8046f63e9a451c85b40b4fe6e |
|
| /// File Name: |
debian.sendfile.txt |
Description:
|
Debian Security Advisory DSA-052-1 - A problem in sendfiled which caused the daemon not to drop privileges as expected when sending notification mails has been fixed. Exploiting this a local user can easily make it execute arbitrary code under root privileges.
| | Homepage: | http://www.debian.org/security | | File Size: | 3866 | | Last Modified: | Apr 25 02:45:02 2001 |
| MD5 Checksum: | 9e9bb2e39fe1af7fdc9076e1d579fd62 |
|
| /// File Name: |
debian.gnupg.txt |
Description:
|
Debian Security Advisory - The version of gnupg that was distributed in Debian GNU/Linux 2.2 had a logic error in the code that checks for valid signatures which could cause false positive results: Jim Small discovered that if the input contained multiple signed sections the exit-code gnupg returned was only valid for the last section, so improperly signed other sections were not noticed.
| | Homepage: | http://www.debian.org/security | | File Size: | 3839 | | Last Modified: | Nov 11 23:30:14 2000 |
| MD5 Checksum: | f26bc18da1a6dff9992588337f78c06b |
|
| /// File Name: |
debian.traceroute.txt |
Description:
|
Debian Security Advisory - In versions of the traceroute package before 1.4a5-3, it is possible for a local user to gain root access by exploiting an argument parsing error.
| | Homepage: | http://www.debian.org/security | | File Size: | 3833 | | Last Modified: | Oct 15 20:23:23 2000 |
| MD5 Checksum: | c6af07ea08e04bf1d2b059a9520087f5 |
|
| /// File Name: |
debian.ntop.txt |
Description:
|
Debian Linux Security Advisories - The updated version of ntop (1.2a7-10) that was released on August 5 was found to still be insecure: it was still exploitable using buffer overflows. Using this technique it was possible to run arbitrary code as the user who ran ntop in web mode
| | Homepage: | http://www.debian.org/security/ | | File Size: | 3801 | | Last Modified: | Aug 30 10:50:14 2000 |
| MD5 Checksum: | 6ef19ccf964939d2ffcf1ea0c48ab0f5 |
|
| /// File Name: |
debian.cvsweb.txt |
Description:
|
Debian Security Advisory - The versions of cvsweb distributed in Debian GNU/Linux 2.1, are vulnerable to a remote shell exploit. An attacker with write access to the cvs repository can execute arbitrary code on the server, as the www-data user.
| | Homepage: | http://www.debian.org/security | | File Size: | 3793 | | Last Modified: | Jul 18 00:17:51 2000 |
| MD5 Checksum: | f3b0b63f1761afdf3d8e967b3ea384c5 |
|
| /// File Name: |
debian.cron2.txt |
Description:
|
Debian Security Advisory DSA-024-1 - The FreeBSD team has found a bug in the way new crontabs were handled which allowed malicious users to display arbitrary crontab files on the local system. This only affects valid crontab files so can't be used to get access to /etc/shadow or anything.
| | Homepage: | http://www.debian.org/security | | File Size: | 3767 | | Last Modified: | Jan 31 21:37:21 2001 |
| MD5 Checksum: | 9bdae6143004633ee4987fa07754723c |
|
| /// File Name: |
debian.xpdf.txt |
Description:
|
Debian Security Advisory - Xpdf has two security problems - Tempfiles were created insecurely, and when handling URLs in documents no checking was done for shell metacharacters before starting the browser. This makes it possible to construct a document which cause xpdf to run arbitrary commands when the user views an URL. Both problems have been fixed in version 0.90-7, and we recommend you upgrade your xpdf package immediately.
| | Homepage: | http://www.debian.org/security | | File Size: | 3763 | | Last Modified: | Sep 12 01:18:05 2000 |
| MD5 Checksum: | ee1ad5c7bd7f20a89dd2638af0631f7e |
|
| /// File Name: |
debian.fsh.txt |
Description:
|
Debian Security Advisory - Fsh, a tool to run remote commands over ssh, has a tempfile vulnerability which has been fixed in version 1.0.post.1-3potato.
| | Homepage: | http://www.debian.org/security | | File Size: | 3730 | | Last Modified: | Dec 3 00:20:05 2000 |
| MD5 Checksum: | eefb70a215428e9f9275bf5e878e931a |
|
| /// File Name: |
debian.sudo.txt |
Description:
|
Debian Security Advisory DSA-031-1 - Sudo contains a buffer overflow which allows local users to gain root access. This is fixed in v1.6.3p6.
| | Homepage: | http://www.debian.org/security | | File Size: | 3724 | | Last Modified: | Mar 1 01:49:14 2001 |
| MD5 Checksum: | 8214d7cc4754d7baecfc8c65fe7abc71 |
|
| /// File Name: |
debian.slocate.txt |
Description:
|
Debian Security Advisory - A bug in the database reading code of slocate makes possible to overwrite a internal structure with some input. This can be used to trick slocate into executing arbitrary code by pointing it to a carefully crafted database. This is fixed in slocate v2.4.
| | Homepage: | http://www.debian.org/security | | File Size: | 3688 | | Last Modified: | Dec 19 03:23:00 2000 |
| MD5 Checksum: | b4bc96da22f389610426192e7c705cf9 |
|
| /// File Name: |
debian.libpam-smb.txt |
Description:
|
Debian Security Advisory - Libpam-smb contains a buffer overflow that can be used to execute arbitrary commands with root privilege.
| | Homepage: | http://www.debian.org/security | | File Size: | 3680 | | Last Modified: | Sep 12 20:04:11 2000 |
| MD5 Checksum: | 935898e4682baaeed799248c780bbae0 |
|
| /// File Name: |
debian.bind.txt |
Description:
|
The version bind that was distributed in Debian GNU/Linux 2.1 has a vulnerability in the processing of NXT records that can be used by an attacked in a Debian of Service attack or exploited to gain root access to the server. This has been fixed in version 8.2.5p5-0slink1, and we recommend that you upgrade your bind package immediately. Debian security homepage here.
| | File Size: | 3677 | | Last Modified: | Nov 17 21:21:08 1999 |
| MD5 Checksum: | c54927e4c04dc6d6857c80bbf06fbc95 |
|
| /// File Name: |
debian.mgetty.txt |
Description:
|
Debian Security Advisory DSA-011-1 - Mgetty does not create temporary files in a secure manner, which could lead to a symlink attack. This has been corrected in mgetty 1.1.21-3potato1.
| | Homepage: | http://www.debian.org/security | | File Size: | 3666 | | Last Modified: | Mar 9 20:43:07 2001 |
| MD5 Checksum: | 23162df44bbd7cc19b7428f00d7924ff |
|
| /// File Name: |
debian.sgml-tools.txt |
Description:
|
Debian Security Advisory DSA-038-1 - Former versions of sgml-tools created temporary files directly in /tmp in an insecure fashion. Version 1.0.9-15 and higher create a subdirectory first and open temporary files within that directory. We recommend you upgrade your sgml-tools package.
| | Homepage: | http://www.debian.org/security | | File Size: | 3661 | | Last Modified: | Mar 14 00:53:29 2001 |
| MD5 Checksum: | 1237a93cab2783c04cd06a069e48ab5d |
|
| /// File Name: |
debian.joerc.txt |
Description:
|
Debian Security Advisory DSA-041-1 - The text editor joe attempts to read .joerc from the current directory, allowing malicious local users to execute commands as other users if they use joe in writable directories.
| | Homepage: | http://www.debian.org/security | | File Size: | 3661 | | Last Modified: | Mar 15 21:35:28 2001 |
| MD5 Checksum: | e591023e7a4bedf8a6900673f94e6a0e |
|
| /// File Name: |
debian.sash.txt |
Description:
|
Debian Security Advisory DSA-015-1 - Versions of sash prior to 3.4-4 did not clone /etc/shadow properly which lead into readable files for anybody.
| | Homepage: | http://www.debian.org/security | | File Size: | 3652 | | Last Modified: | Jan 25 23:09:01 2001 |
| MD5 Checksum: | 55a09e98a3b57eea192a269d4c7ce7e9 |
|
| /// File Name: |
debian.cfingerd.txt |
Description:
|
Debian Security Advisory DSA-048-1 - Cfingerd v1.4.1 and below contains a remote root vulnerability in the logging code. When combining this with an off-by-one error in the code that copied the username from an ident response cfingerd could exploited by a remote user.
| | Homepage: | http://www.debian.org/security | | File Size: | 3652 | | Last Modified: | Apr 22 22:25:42 2001 |
| MD5 Checksum: | d0594c2c0c58fed4871dfee1cb2ae0b2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
