Find the information you need for your favorite open source distribution .
Anyone who could modify the CVSROOT/passwd could gain access to all local users on the CVS server, including root.
In this Apache module, expiration status of the user's account and password were not enforced.
Allows an attacker to execute arbitary commands on server hosting bug database.
Since DSA 417-1 lacked fixed kernel image files for the alphaarchitecture these are added now.
Improper remote execution and SQL code injection issues.
Root privileges were not properly relinquished before executing a user-supplied tcl script.
A flaw in bounds checking in mremap() in the Linux kernel may allow a local attacker to gain root privileges.
A remote user could both escape from the FSP root directory, and also overflow a fixed-length buffer to execute arbitrary code.
Two vulnerabilities were discovered in zebra, both resulting in DoS.
A bug in the handling of SSL connections could cause the server process to crash, resulting in a denial of service.
Paul Starzetz discovered a flaw in bounds checking in mremap() in theLinux kernel (present in version 2.2.x, 2.4.x and 2.6.x) which may allowa local attacker to gain root privileges.
Multiple vulnerabilities were discovered in nd, a command-line WebDAVinterface, whereby long strings received from the remote server couldoverflow fixed-length buffers. This vulnerability could be exploitedby a remote attacker in control of a malicious WebDAV server toexecute arbitrary code if the server was accessed by a vulnerableversion of nd.
A vulnerability was discovered in mpg321, a command-line mp3 player,whereby user-supplied strings were passed to printf(3) unsafely. Thisvulnerability could be exploited by a remote attacker to overwritememory, and possibly execute arbitrary code.
A vulnerability was discovered in libnids, a library used to analyzeIP network traffic, whereby a carefully crafted TCP datagram couldcause memory corruption and potentially execute arbitrary code withthe privileges of the user executing a program which uses libnids(such as dsniff).
A vulnerability was discovered in BIND, a domain name server, wherebya malicious name server could return authoritative negative responseswith a large TTL (time-to-live) value, thereby rendering a domain nameunreachable. A successful attack would require that a vulnerable BINDinstance submit a query to a malicious nameserver.
Timo Sirainen reported a vulnerability in screen, a terminal multiplexor with VT100/ANSI terminal emulation, that can lead an attacker to gain group utmp privledges.
An attacker could create a carefully crafted directory on a website so that theexecution of an 'ls' or 'rels' command would lead to the execution of arbitrary code on the client machine.
A heap-based buffer overflow allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector.
Steve Kemp discovered a problem in xsok, a single player strategy gamefor X11, related to the Sokoban game, which leads a user to executearbitrary commands under the GID of games.
While this heap overflow vulnerability could not be used by itself toobtain root access on an rsync server, it could be used in combinationwith the recently announced do_brk() vulnerability in the Linux kernelto produce a full remote compromise.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
