Find the information you need for your favorite open source distribution .
Some of these scripts open files in an insecure manner, thus allowing remote attackers to execute arbitrary commands as wwwrun-user on the server running susehelp package.
Effective Monday, December 10th 2001, after a lifespan of two years, SuSEwill discontinue support for the successful SuSE Linux distributionSuSE Linux 6.3.
An exploitable bug was found in webalizer which allows a remote attacker to execute commands on other client machines or revealing sensitive information by placing HTML tags in the right place.
Information about the security problems fixed with the new kernel rpmpackages from SuSE Security Announcement: kernel (SuSE-SA:2001:036)has been withheld in coordination with other Linux distributors/vendors.
An attacker could exploit this hole, by specifying a malicious configuration file to execute and/or access arbitrary data with the privilege of user uucp.
The squid proxy server can be crashed with a malformed request, resulting in a denial of service attack. After the crash, the squid proxy must be restarted.
Two security-related vulnerabilities have been found that affect every Linux kernel since 2.2.
Due to insufficient checking of the running environment it is possible to use commandline options via CGI. An remote attacker could use the -c option to specify /dev/zero as an alternate config file to causes a denial of service for some minutes.
This login implementation may cause wrong group IDs to be set in very rare cases. The harm of this bug is therefore considerably small on SuSE Linux.
Buffer overflow and privilege escalation vulnerabilities have been fixed. This advisory also lists other pending vulnerabilities in other SuSE packages.
The window manager Window Maker was found vulnerable to a buffer overflow due to improper bounds checking when setting the window title.
An adversary could insert MySQL commands along with a password and these commands will be interpreted by MySQL while mod_auth_mysql is doing the password lookup in the database. A positive authentication could be returned.
The telnet server which is shipped with SuSE distributions contains a remotely exploitable buffer-overflow within its telnet option negotiation code.
Cade Cairns of Securityfocus discovered a vulnerability in the sendmail program, the widely spread MTA used in Unix- and Unix-like systems.
Sdbsearch.cgi is Perl script which is part of the sdb package of SuSE Linux was found vulnerable by using untrustworthy client input (HTTP_REFERER)
Fetchmail is a tool for retrieving and forwarding mail. Two vulnerabilities in the code of fetchmail were found in the last weeks.
Cda, a setuid commandline part of xmcd, a X11/Motif audio CD player by Ti Kan , was found vulnerable by a link attack and some bufferoverflows.
Due to missing boundary checks in the xli code a buffer overflow could be triggered by an external attacker to execute commands on the victim's system. An exploit is publically available.
Ntping, a ping/traceroute program, is part of the Scotty package. It's failure is to read a hostname as commandline option without checking the size. This leads to a bufferoverrun, that could be used to gain root privileges
Zen-parse has reported a bug to Bugtraq which allows remote attackers to overflow a buffer in the logging routine of xinetd.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
