Find the information you need for your favorite open source distribution .
Former versions of man2html uses a static file in /tmp for writing. This can lead into overwriting system files if a malicious user has created a symbolic link to it before upgrading man2html.
One year ago, we have received a report from SGI that a vulnerability has been discovered in the seyon program which can lead to a root compromise. Any user who can execute the seyon program can exploit this vulnerability.
This bug was experienced in May 1999 but wasn't reported on this channel yet. Former versions of the smtp-refuser package came with unchecked logging facility to /tmp/log. This allowed deleting arbitrary, root-owned files by any user who has write access to /tmp
We have received a report that former versions of libtermcap contained an exploitable buffer overflow. Debian itself is not exploitable by this bug since termcap was abandoned in favour of terminfo long ago. However, if you have compiled your own programs using termcap or have installed third party programs that depend on libtermcap and run as root they are exploitable.
This is an old report from May 1999 but it wasn't reported on this channel yet.
We have received reports that the version of xmonisdn as distributed in the isndutils package from Debian GNU/Linux 2.1 has a security problem.
We have received a report that the all versions of cfingerd prior to 1.4.0 and 1.3.2-18.1 are vulnerable to a root exploit - as posted on bugtraq.
We have become aware that the version mailman as supplied in Debian GNU/Linux 2.1 has a problem with verifying list administrators. The problem is that the cookie value generation used was predictable, so using forged authentication cookies it was possible to access the list administration webpages without knowing the proper password.
We have received reports that the man-db package as supplied in Debian GNU/Linux 2.1 has a vulnerability in the zsoelim program: it was vulnerable to a symlink attack. This has been fixed in version 2.3.10-69FIX.1
As is widely known by now the Linux 2.2.x kernels had a problem with parsing IP options, which made them susceptible to a DoS attack.
We have received reports that the version of the imap suite in Debian GNU/Linux 2.1 has a vulnerability in its POP-2 daemon, which can be found in the ipopd package. Using this vulnerability it is possible for remote users to get a shell as user "nobody" on the server.
A new version of procmail has been released which fixes a couple of buffer overflows and has extra security checks.
We have received reports that the lsof package is distributed in Debian GNU/Linux 2.0 contains a buffer overflow. Using this overflow it is possible for local users to gain root-access. We have fixed this problem in version 4.37-3.
The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files when it runs the tidy action on homedirectories, which makes it suspectible to a symlink attack. The author has been notified of the problem but has not released a fix yet.
We have received reports that the wu-ftpd-academ package as distributed in Debian GNU/Linux 2.0 is vulnerable to a buffer overflow. Using this vulnerability, known as palmetto, it is possible to gain shell access or otherwise circumvent normal login access and logging mechanisms.
We have received reports that the proftpd package as distributed in Debian GNU/Linux 2.0 is vulnerable to a buffer overflow. Using this vulnerability, known as palmetto, it is possible to gain shell access or otherwise circumvent normal login access and logging mechanisms.
We have found that the ftpwatch package as distributed in Debian GNU/Linux 1.3 and later distributions has a security problem which makes it trivial for users to gain root access.
We have received reports that the netstd suffered from two buffer overflows. The first problem is an exploitable buffer overflow in the bootp server. The second problem is an overflow in the FTP client. Both problems are fixed in a new netstd package, version 3.07-2hamm.4 .
The version bind that was distributed in Debian GNU/Linux 2.1 has avulnerability in the processing of NXT records that can be used by an attackedin a Debian of Service attack or theoretically be exploited to gain access tothe server.
We have received reports about two buffer overflows in the superpackage which was distributed as part of Debian GNU/Linux. Firstly,for per-user .supertab files super didn't check for a buffer overflowwhen creating the path to the user's .supertab file. Secondly anotherbuffer overflow did allow ordinary users to overflow super by creatinga nasty personal .supertab file.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
