|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters, click here.
|
|
|
The mars_nwe tools are vulnerable to several buffer overflows. |
|
|
Several buffer overflows have been found in proftpd which have been
verified to be exploitable from an remote attacker.
The fixing and finding of new holes is going on for over 2 weeks now,
and there is no end in sight.
Even with all known fixes, proftpd is still vulnerable to remote
exploitation.
|
|
|
When lynx calls external programs for protocols (e.g. telnet), the
location is passed unchecked. This can be used to activate commandline
parameters.
For example, this reference [A HREF="telnet://-n.rhosts"]click me[/A]
would activate the tracefile options on the telnet client, with the
result, that a .rhosts in the current directory would created or
overwritten.
|
|
|
On June the 28th SuSE released a new pine package, which fixes a security
bug. Unfortunately the patch brokes IMAP support for pine.
Now there is a new package available which works correctly.
|
|
|
inews, which is used to send Usenet articles to the local news server,
doesn't perform sufficient bounce checking on static buffers.
|
|
|
Three security threats were found in the vixie crond, which is shipped
with SuSE Linux.
1) no boundchecking on a local buffer, while copying data from MAILTO
2) passing invalid options to sendmail
3) it doesn't drop root privileges while sending acknowledge mail
to a user
|
|
|
The security breach occurs when you try to transfer an empty
directory into a non-existent directory.
In that case rsync sets the permissions of the working directory
to those of the empty directory; this means, that the permissions
of your home directory are changed to the file access mode of the
empty directory if you do a remote rsync by using ssh/rsh.
|
|
|
<< Start < Prev 58 59 60 Next > End >>
|
| Results 414 - 420 of 433 |
