Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories

Security Advisories

Here you'll find the latest security advisories from various Vendors.
Page: 12...894 895 896 897 898 out of 903

Fts(3) routines contain race condition | SA-01:40 | June 04, 2001
The fts routines are vulnerable to a race condition when ascending a file hierarchy, which allows an attacker who has control over part of the hierarchy into which fts is descending to cause the appli

Format string vulnerability | #2001-0009 | June 01, 2001
Hidden deep within its code is a format string vulnerability which can be triggered simply by attempting to decrypt a file with a specially crafted filename. This vulnerability can allow a malicious

SMP and NFS dead lock | #2001-0008 | May 25, 2001
There was a potential dead lock in 2.2.19 related to SMP and NFS. In addition, there was a problem with certain IDE chipsets.

Security upgrade | #2001-0007 | May 25, 2001
If you are running a version prior to 8.2.3, you will want to upgrade for security reasons. If you are already running 8.2.3, this is from the announce:

Alternation of local files and devices | #2001-0006 | May 25, 2001
Samba up to version 2.0.7 uses mktemp(3) for creation of temporary files. This allows malicious local users to alter contents of other files on the system, and potentially gain superuser privileges.

Immunix OS Security Advisory - samba | | May 11, 2001
A temp file race has been found in the all release of samba prior to 2.0.9. This could allow any local malicious user to get administrator privileges on a machine running samba. The Samba team has

TCP initial sequence number generation vulnerability | SA-01:39 | May 02, 2001
An attacker who can guess the initial sequence number which a system will use for the next incoming TCP connection can spoof a TCP connection handshake coming from a machine to which he does not have

Bugzilla arbitrary commands execution vulnerability | 20010430-1 | April 30, 2001
The attack is to register as a user named "|somecommand;@yourdomain.com" (root access at yourdomain.com _may_ be required.) Then submit a bug.

Sudo command-line buffer overflow | SA-01:38 | April 23, 2001
The sudo port, versions prior to sudo-1.6.3.7, contains a local command-line buffer overflow allowing a local user to potentially gain increased privileges on the local system.

Samba locally exploitable /tmp races | SA-01:36 | April 23, 2001
The samba ports, versions prior to samba-2.0.8 and samba-devel-2.2.0, contain /tmp races that may allow local users to cause arbitrary files and devices to be overwritten.

Licq multiple remote vulnerabilities | SA-01:35 | April 23, 2001
The licq port, versions prior to 1.0.3, contains a vulnerability in URL parsing.

Slrn header buffer overflow | SA-01:37 | April 23, 2001
The slrn port, versions prior to slrn-0.9.7.0, contains a buffer overflow in the wrapping/unwrapping functions of message header parsing.

Hylafax local compromise | SA-01:34 | April 23, 2001
The hylafax port, versions prior to hylafax-4.1.b2_2, contains a format string bug in the hfaxd program.

Samba | TSLSA-2001-0005 | April 19, 2001
Samba up to version 2.0.7 uses mktemp(3) for creation of temporary files. This allows malicious local users to alter contents of other files on the system, and potentially gain superuser privileges.

Ftpd globbing vulnerability | SA-01:33 | April 17, 2001
The glob() function contains potential buffer overflows that may be exploitable through the FTP daemon. If a directory with a name of a certain length is present, a remote user specifying a pathname

IPFilter incorrect packets pass | SA-01:32 | April 16, 2001
When matching a packet fragment, insufficient checks were performed to ensure the fragment is valid. In addition, the fragment cache is checked before any rules are checked.

Xntp NTP daemon buffer overflow | #2001-0004 | April 06, 2001
A buffer overflow in the Xntp NTP daemon has been found. This bug can lead to a remote root exploit.

Ntpd insufficient bounds checking vulnerability | SA-01:31 | April 06, 2001
An overflowable buffer exists in the ntpd daemon related to the building of a response for a query with a large readvar argument. Due to insufficient bounds checking, a remote attacker may be able t

Local root exploit | #2001-0003 | April 05, 2001
Some time ago, a vulnerability was discovered that allowed for root access through ptrace call in the linux kernel. This was originally considered fixed in a previous patch, but as it turns out, it w

Passive Analysis of SSH Traffic | #2001-0002 | March 29, 2001
Security related changes: Improved countermeasure against "Passive Analysis of SSH (Secure Shell) Traffic" http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt The countermeasures intro

Red Hat Security Advisory - sudo | | March 22, 2001
An overrunnable buffer exists in sudo versions prior to 1.6.3p6. The code splitting a log entry into smaller chunks contained an overrunnable buffer. Carefully constructed long commands could lead t

Red Hat Security Advisory - licq | | March 22, 2001
licq as shipped with Red Hat Powertools 6.2 is vulnerable to two security problems: An overrunnable buffer in its logging code, and an unguarded system() call to execute an external browser when

UFS/EXT2FS allows disclosure of deleted data | SA-01:30 | March 22, 2001
Data consistency race condition allows users to obtain access to areas of the filesystem containing data from deleted files. The filesystem code is supposed to ensure that all filesystem blocks are ze

IMAP grave error | #2001-0001 | March 16, 2001
This release fixes at least one grave IMAP error which may lead to confusing display and other strangeness, and our instances of the "wuftpd format bug", which had (mostly) the effect that your IMAP

Use of 2.4 kernel with TSL | TSLA-modutils | March 16, 2001
This package makes it possible to use a 2.4 kernel with TSL.

Page: 12...894 895 896 897 898 out of 903

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »