|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters, click here.
|
|
|
rdist creates an error message based on a user provided string, without checking bounds on the buffer used. This buffer is on the stack, and can therefore be used to execute arbitrary instructions. |
|
|
The ppp program does not properly manage user privileges, allowing users to run any program with root privileges. |
|
|
The authors of perl provide a "suidperl" program for proper processing of setuid perl scripts on systems where race conditions where setuid scripts could be exploited to gain unauthorized access. FreeBSD installs this suidperl program (and a link) as part of the standard installation. However, privilege processing done by this program does not take into account recent functionality extensions in the seteuid/setegid system calls. |
|
|
A potential problem exists when users specify mask addresses to ipfw(8) using the address:mask syntax. Specifically, whenever the ':' syntax is used, the resulting mask is always 0xffffffff. |
|
|
The comsat daemon does not properly set privileges before attempting to read mail files for display on a user terminal. |
|
|
The man program is setuid to the "man" user. By executing a particular sequence of commands, an unprivileged local user may gain the access privileges of the "man" user. However, root access could be obtained with further work. |
|
|
The union filesystem code had problems with certain mount ordering problems. By executing a certain sequence of mount_union commands, an unprivileged local user may cause a system reload. NOTE: This is a different problem than the one discussed in FreeBSD SA-96:09. The workaround for this vulnerability is similar to the one discussed in 96:09, but the proper solution for the unauthorized access problem in 96:09 does not address this vulnerability. |
|
|
<< Start < Prev 40 41 42 Next > End >>
|
| Results 288 - 294 of 299 |
