SuSE Essential and Critical Security Patch Updates - Page 788
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
When sendmail receives an invalid DNS response it tries to call free on random data which results in a process crash.
Michal Zalewski has reported problems in postfix which can lead to a remote DoS attack or allow attackers to bounce-scan private networks.
There is a single byte buffer overflow in the WU ftp daemon (wuftpd), a widely used ftp server for Linux-like systems.
There is an off-by-one bug in the xlog() function used by the rpc.mountd. It is possible for remote attackers to use this off-by-one overflow to execute arbitrary code as root.
radiusd-cistron contains a bug allowing a buffer overflow when a long NAS-Port attribute is received.
The PPTP daemon contains a remotely exploitable buffer overflow which was introduced due to a integer overflow in the third argument passed to the read() library call. This bug has been fixed.
The CUPS daemon will stop serving clients if the second carriage return in a request is not sent to complete the header.
The KDE team discoverd a vulnerability in the way KDE uses Ghostscript software for processing of PostScript (PS) and PDF files.
There is a buffer overflow in the samba file server, the widely spread implementation of the SMB protocol.
Researchers have discovered certain weaknesses in OpenSSL's RSA decryption algorithm.
The nature of the flaw is a stack overflow in a function that is called frequently throughout the sendmail source code.
The controlling and management daemon apcupsd for APC's Unbreakable Power Supplies is vulnerable to several buffer overflows and format bugs.
The local attacker can use ptrace and attach to a modprobe process that is spawned if the user triggers the loading of a kernel module using the kmod kernel module subsystem. The vulnerability allows the attacker to execute arbitrary commands as root.
The IMAP-code of mutt is vulnerable to a buffer overflow that can be exploited by a malicious IMAP-server to crash mutt or even execute arbitrary code with the privileges of the user running mutt.
A buffer overflow vulnerability in the ELF format parsing of the "file" command, one which can be used to execute arbitrary code with the privileges of the user running the command has been fixed.
Ethereal is vulnerable to a format string bug in it's SOCKS code and to a heap buffer overflow in it's NTLMSSP code.
The sample exploit requires a valid user account and password, and overflows a string in the pop_msg() function to give the user "mail" group privileges and a shell on the system. Since the Qvsnprintf function is used elsewhere in qpopper, additional exploits may be possible.
A buffer overflow and race condition vulnerabilities have been fixed. These vulnerabilities may lead to remote root compromise.