Foresight - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

Is Mandatory Access Control Too Much Security For Enterprise's Linux?

	Yes, too difficult to configure and manage.
	No. You can never have enough security.
	Yes. Standard Linux security settings work for us.
	No. Industry demands will demand SELinux.
	Don't know.

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

Emily Ratliff: OS Security

DanWalsh LiveJournal

Security Bloggers Network

Latest Newsletters

Linux Advisory Watch: October 10th, 2008

Linux Security Week: October 6th, 2008

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Foresight

Find the information you need for your favorite open source distribution

To browse through our weekly Linux Advisory Watch newsletters, click here.

Foresight: vim

30 April 2007

Previous versions of the vim package allowed two functions, feedkeys() and writefile(), to be used in the sandbox. Functions executed via modelines in files being edited are verified by the sandbox; a user who is coerced into opening a specially-crafted file could cause the system to execute arbitrary shell code supplied by the attacker.

Foresight: gimp

30 April 2007

Previous versions of the gimp package allowed user-complicit arbitrary code execution at the permission level of the user running gimp (usually non-root) via a specially crafted .RAS file.

Foresight: xine-lib

23 April 2007

Previous versions of the xine-lib package were vulnerable to a buffer overflow which could be exploited to execute arbitrary code on the target machine. This can be exploited by a remote user only in a locally-assisted fashion - by enticing the user to open a specially crafted file.

Foresight: madwifi

22 April 2007

Previous versions of the madwifi package were vulnerable to a number of Denial-of-Service issues, at least two of which can be exploited to cause a system crash (kernel oops). In addition, previous versions could be made to send unencrypted information before authentication finishes when using WPA, an information leak.

Foresight: lighttpd

20 April 2007

Previous versions of the lighttpd package are vulnerable to two denial of service attacks. One is a remote denial of service that can cause lighttpd to consume all available CPU time and stop serving requests, and the other is a denial of service attack which generally requires a local user to create a file with an mtime of 0; the lighttpd daemon will crash when attempting to serve that file. This crash does not enable any arbitrary or directed code execution; however, since the rAA service (Foresight System Manager) uses lighttpd by default, and rAA is configured to start by default, all Foresight systems are vulnerable to this DoS by default.

More...

<< Start < Prev 7 8 9 Next > End >>

Results 64 - 72 of 79

Partner:

Latest Features

Never Installed a Firewall on Ubuntu? Try Firestarter

Review: Hacking Exposed Linux, Third Edition

Security Features of Firefox 3.0

Review: The Book of Wireless

April 2008 Open Source Tool of the Month: sudo

Open Source Tool of March: ZoneMinder

Meet the Anti-Nmap: PSAD

Weekend Edition

Billy Hoffman On AJAX Security and Browser Attacks

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
Security Projects , Latest News , Newsletters , SELinux , Privacy , Home,
Hardening , About Us, Advertise, Legal Notice, RSS, Guardian Digital