LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 31st, 2014
Linux Security Week: October 27th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
FreeBSD
Find the information you need for your favorite open source distribution

To browse through our weekly Linux Advisory Watch newsletters, click here.



FreeBSD-SA-97:03:sysinstall bug  07 April 1997 
One of the port installation options in sysinstall is to install an anonymous ftp setup on the system. In such a setup, an extra user needs to be created on the system, with username 'ftp'. This user is created with the shell equal to '/bin/date' and an empty password.
 
FreeBSD-SA-97:02:Buffer overflow in lpd  26 March 1997 
The lpd program runs as root. A remote attacker can exploit a buffer overflow to obtain root privs.
 
FreeBSD-SA-96:21: unauthorized access via buffer overrun in talkd  18 January 1997 
Buffer overrun (aka stack overflow) exploits in system supplied and locally installed utilities are commonly used by individuals wishing to obtain unauthorized access to computer systems. The FreeBSD team has been reviewing and fixing the source code pool to eliminate potential exploits based on this technique. Recently, the Australian CERT organization received information of a buffer-overrun vulnerability in the talkd daemon shipped in most modern BSD based systems.
 
FreeBSD-SA-96:20:unauthorized access via buffer overruns cron, crontab, ppp  16 December 1996 
The programs in question store user-supplied information in internal buffers. There is no range checking on length of the data copied into these buffers. A malicious user may be able to overflow these buffers through the use of command line options or via enviornment variables and insert and execute their own code fragment which could be used to obtain unauthorized access to the system
 
FreeBSD-SA-96:19:Buffer overflow in modstat  10 December 1996 
The modstat program has always been installed setuid kmem. Within the program, a buffer overflow can occur.
 
FreeBSD-SA-96:18:Buffer overflow in lpr (revised)  25 November 1996 
Due to its nature, the lpr program is setuid root. Unfortunately, the program does not do sufficient bounds checking on arguments which are supplied by users. As a result it is possible to overwrite the internal stack space of the program while it's executing. This can allow an intruder to execute arbitrary code by crafting a carefully designed argument to lpr. As lpr runs as root this allows intruders to run arbitrary commands as root.
 
FreeBSD-SA-96:17:  16 July 1996 
The Z-Modem protocol specifies a mechanism which allows the transmitter of a file to execute an arbitrary command string as part of the file transfer. This is typically used to rename files or eliminate temporary files. A malicious "trusted" sender could send down a command that could damage a user's environment.
 
<< Start < Prev 40 41 42 Next > End >>

Results 281 - 287 of 299
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.