Debian - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Advisory Watch: May 17th, 2013

Linux Security Week: May 13th, 2013

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Debian

Find the information you need for your favorite open source distribution

To browse through our weekly Linux Advisory Watch newsletters, click here.

New version of mirror fixes remote exploit

13 December 1999

Posted by LinuxSecurity.com Team
We have received reports that the version of mirror as distributed in Debian GNU/Linux 2.1 could be remotely exploited. When mirroring a remote site the remote site could use filename-constructions like " .." that would case mirror to work one level above the target directory for the mirrored files.

New version of amd fixes remove exploit

13 December 1999

Posted by LinuxSecurity.com Team
The version of amd that was distributed with Debian GNU/Linux 2.1 is vulnerable to a remote exploit. Passing a big directory name to amd its logging code would overflow a buffer which could be exploited. This has been fixed in version 23.0slink1.

New versions of cron fixes possible root exploit

13 December 1999

Posted by LinuxSecurity.com Team
Red Hat has recently released a Security Advisory (RHSA-1999:030-01) covering a reverse denial of service bug in the vixie cron package. As user you could restart sendmail even if the host should not receive mail through the SMTP port.

New versions of epic4 fixes possible DoS vulnerability

13 December 1999

Posted by LinuxSecurity.com Team
We have received a report from the author of epic4 covering a denial of service vulnerability. All versions of epic4 between version pre1.034 (including) and version pre2.004-19990718 (excluding) are vulnerable. They contain code which makes epic4 walk off of a string, causing the client to crash and possibly display arbitrary characters on the terminal.

New versions of trn fixes /tmp race

13 December 1999

Posted by LinuxSecurity.com Team
All former versions of trn used a hardcoded filename in /tmp as temporary storage. If the file already exists as symbolic link to users files they will be overwritten.

New versions of man2html fixes postinst glitch

13 December 1999

Posted by LinuxSecurity.com Team
Former versions of man2html uses a static file in /tmp for writing. This can lead into overwriting system files if a malicious user has created a symbolic link to it before upgrading man2html.

Current versions of seyon may contain malicious code

13 December 1999

Posted by LinuxSecurity.com Team
One year ago, we have received a report from SGI that a vulnerability has been discovered in the seyon program which can lead to a root compromise. Any user who can execute the seyon program can exploit this vulnerability.

<< Start < Prev 418 419 420 Next > End >>

Results 2920 - 2926 of 2945

Partner

Latest Features

Securing a Linux Web Server

Password guessing with Medusa 2.0

Password guessing as an attack vector

Squid and Digest Authentication

Squid and Basic Authentication

Demystifying the Chinese Hacking Industry: Earning 6 Million a Night

Free Online security course (LearnSIA) - A Call for Help

What You Need to Know About Linux Rootkits

Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition

Using the sec-wall Security Proxy

Yesterday's Edition

Partner Sponsor