Ubuntu - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 20th, 2013

Linux Advisory Watch: May 17th, 2013

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Ubuntu

Find the information you need for your favorite open source distribution

To browse through our weekly Linux Advisory Watch newsletters, click here.

Ubuntu: dhcp vulnerability

22 October 2007

Posted by Benjamin D. Thomas
Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code.

Ubuntu: hplip vulnerability

12 October 2007

Posted by Benjamin D. Thomas
It was discovered that the hpssd tool of hplip did not correctly handle shell meta-characters. A local attacker could exploit this to execute arbitrary commands as the hplip user.

Ubuntu: Tk vulnerability

11 October 2007

Posted by Benjamin D. Thomas
It was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges.

Ubuntu: MySQL vulnerabilities

11 October 2007

Posted by Benjamin D. Thomas

Neil Kettle discovered that MySQL could be made to dereference a NULL pointer and divide by zero. An authenticated user could exploit this with a crafted IF clause, leading to a denial of service. (CVE-2007-2583) Victoria Reznichenko discovered that MySQL did not always require the DROP privilege. An authenticated user could exploit this via RENAME TABLE statements to rename arbitrary tables, possibly gaining additional database access.

Ubuntu: xen-3.0 vulnerability

09 October 2007

Posted by Benjamin D. Thomas
Joris van Rantwijk discovered that the Xen host did not correctly validate the contents of a Xen guests's grug.conf file. Xen guest root users could exploit this to run arbitrary commands on the host when the guest system was rebooted.

Ubuntu: debian-goodies vulnerability

04 October 2007

Posted by Benjamin D. Thomas
Thomas de Grenier de Latour discovered that the checkrestart program included in debian-goodies did not correctly handle shell meta-characters. A local attacker could exploit this to gain the privileges of the user running checkrestart.

Ubuntu: libsndfile vulnerability

04 October 2007

Posted by Benjamin D. Thomas
Robert Buchholz discovered that libsndfile did not correctly validate the size of its memory buffers. If a user were tricked into playing a specially crafted FLAC file, a remote attacker could execute arbitrary code with user privileges.

<< Start < Prev 163 164 165 Next > End >>

Results 1142 - 1148 of 1359

Partner

Latest Features

Securing a Linux Web Server

Password guessing with Medusa 2.0

Password guessing as an attack vector

Squid and Digest Authentication

Squid and Basic Authentication

Demystifying the Chinese Hacking Industry: Earning 6 Million a Night

Free Online security course (LearnSIA) - A Call for Help

What You Need to Know About Linux Rootkits

Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition

Using the sec-wall Security Proxy

Yesterday's Edition

Samsung Galaxy S4 already hacked

WikiLeaks Donations Down to a Trickle

Partner Sponsor