|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters, click here.
|
|
|
The way in.identd is started by inetd from a standard /etc/inetd.conf on
a SuSE Linux distribution may be exploited to mount a Denial-of-Service
attack against the system.
When inetd starts in.identd with the "wait" flag and the "-w -t120"
options, the in.identd will start to listen on the well known port
while inetd deactivates its own listener for the time in.identd
is alive.
|
|
|
The news reader trn uses a hardcoded temporary file, which resides in /tmp.
|
|
|
A buffer overflow has been found in libtermcap's tgetent() function.
If a setuid root program uses this function, the user could execute
arbitrary code. SuSE Linux 6.0, 6.1 and 6.2 are not affected, since
the only program using libtermcap is bc. This program is not setuid
root.
|
|
|
xmonisdn which is part of the i4l package is installed setuid root
by default.
To control and display the status of the ISDN network connections
xmonisdn uses external programs, which are executed by the system()
systemcall, without taking care of a safe environment.
The problem arises by old libc, that don't overwrite the IFS environment
variable.
|
|
|
a) A setuid root installed smbmnt could lead to a security breach due to
a race condition.
b) The NetBIOS name server nmbd is vulnerable to a denial-of-service attack.
c) The message service of the SMB-/CIFS-server has got a buffer overflow.
|
|
|
The KDE screensaver klock includes a bug, which allows to bypass
the password authentication.
While klock waits for kcheckpass to verify the password a timer is
triggered and the dialog box is deleted. After kcheckpass completes
klock crashs.
|
|
|
The zsoelim program, which is part of the man package, creates files
in /tmp without security checkings.
|
|
|
<< Start < Prev 61 62 Next > End >>
|
| Results 421 - 427 of 433 |
