Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories

Security Advisories

Here you'll find the latest security advisories from various Vendors.
Page: 12... 896 897 898 899 900 901 902 903 out of 903

Dhclient vulnerable to malicious dhcp server | SA-00:34 | August 14, 2000
The dhclient utility (DHCP client), versions 2.0pl2 and before (for the version 2.x series), and versions 3.0b1pl16 and before (for the version 3.x series) does not correctly validate input from the

OpenSSH UseLogin directive permits remote root access | SA-00:30 | July 05, 2000
The sshd server is typically invoked as root so it can manage general user logins. OpenSSH has a configuration option, not enabled by default ("UseLogin") which specifies that user logins should be do

wu-ftpd port remote root compromise | SA-00:29 | July 05, 2000
The wu-ftpd port, versions 2.6.0 and below, contains a vulnerability which allows FTP users, both anonymous FTP users and those with a valid account, to execute arbitrary code as root on the local ma

Bitchx port contains client-side vulnerability | SA-00:32 | July 05, 2000
The bitchx client incorrectly parses string-formatting operators included as part of channel invitation messages sent by remote IRC users. This can cause the local client to crash, and may possibly p

Canna port contains remote vulnerability | SA-00:31 | July 05, 2000
The Canna server contains an overflowable buffer which may be exploited by a remote user to execute arbitrary code on the local system as user 'bin'.

KerberosIV local root vulnerabilities | SA-00:33 | July 05, 2000
The exact extent of the vulnerabilities are not known, but are likely to include local root vulnerabilities on both Kerberos clients and servers, and remote root vulnerabilities on Kerberos servers. F

Majordomo is not safe to run on multi-user machines | SA-00:28 | July 05, 2000
Majordomo contains a number of perl scripts which are executed by a setuid wrapper for providing mailing-list management functionality. However there are numerous weaknesses in these scripts which al

XFree86-4.0 port contains local root overflow | SA-00:27 | July 05, 2000
XFree86 4.0 contains a local root vulnerability in the XFree86 server binary, due to incorrect bounds checking of command-line arguments.

Popper port contains remote vulnerability | SA-00:26 | July 05, 2000
The qpopper port, version 2.53 and earlier, incorrectly parses string formatting operators included in part of the email message header. A remote attacker can send a malicious email message to a local

Libedit reads config file from current directory | SA-00:24 | July 05, 2000
Libedit incorrectly reads an ".editrc" file in the current directory if it exists, in order to specify configurable program behaviour.

Remote denial-of-service in IP stack | SA-00:23 | June 19, 2000
There are several bugs in the processing of IP options in the FreeBSD IP stack, which fail to correctly bounds-check arguments and contain other coding errors leading to the possibility of data corrup

Kernel pseudo-random number generator | SA-00:25 | June 12, 2000
The FreeBSD port to the Alpha platform did not provide the /dev/random or /dev/urandom devices - this was an oversight during the development process which was not corrected before the Alpha port "bec

Apsfilter allows users to execute arbitrary commands | SA-00:22 | June 07, 2000
The apsfilter port, versions 5.4.1 and below, contain a vulnerability which allow local users to execute arbitrary commands as the user running lpd, user root in a default FreeBSD installation. The

Ssh port listens on extra network port | SA-00:21 | June 07, 2000
A patch added to the FreeBSD SSH port on 2000-01-14 incorrectly configured the SSH daemon to listen on an additional network port, 722, in addition to the usual port 22. This change was made as part

Krb5 port contains remote and local root exploits | SA-00:20 | May 26, 2000
The MIT Kerberos 5 port, versions 1.1.1 and earlier, contains several remote and local buffer overflows which can lead to root compromise.

Local users can prevent all processes from exiting | SA-00:19 | May 23, 2000
An undocumented system call is incorrectly exported from the kernel without access-control checks. This operation causes the acquisition in the kernel of a global semaphore which causes all processes

Gnapster/knapster ports allows remote users to view local files | SA-00:18 | May 09, 2000
The gnapster port (version 1.3.8 and earlier), and the knapster port (version 0.9 and earlier) contain a vulnerability which allows remote napster users to view any file on the local system which is a

Buffer overflow in libmytinfo | SA-00:17 | May 09, 2000
libmytinfo allows users to specify an alternate termcap file or entry via the TERMCAP environment variable, however this is not handled securely and contains a overflowable buffer inside the library.

Golddig port allows users to overwrite local files | SA-00:16 | May 09, 2000
The golddig port erroneously installs a level-creation utility setuid root, which allows users to overwrite the contents of arbitrary local files. It is not believed that any elevation of privileges

Imap-uw allows local users to deny service to any mailbox | SA-00:15 | April 24, 2000
The imap-uw port supplies a "libc-client" library which provides various functionality common to mail servers. The algorithm used for locking of mailbox files contains a weakness which allows an unp

Imap-uw contains security vulnerabilities for | SA-00:14 | April 24, 2000
There are numerous buffer overflows available to an imap user after they have successfully logged into their mail account (i.e. authenticated themselves by giving the correct password, etc). Once th

Generic-nqs contains a local root compromise | SA-00:13 | April 19, 2000
Generic-NQS versions 3.50.7 and earlier contain a security vulnerability which allow a local user to easily obtain root privileges. Unfortunately, further details of the location and nature of the vul

Lynx ports contain numerous buffer overflows | SA-00:08 | April 16, 2000
Versions of the lynx software prior to version 2.8.3pre.5 were written in a very insecure style and contain numerous potential and several proven security vulnerabilities (publicized on the BugTraq ma

Healthd allows a local root compromise | SA-00:12 | April 10, 2000
healthd v0.3 installs a utility which is setuid root in order to monitor the system status. This utility contains a trivial buffer overflow which allows an unprivileged local user to obtain root privi

IrcII port contains a remote overflow | SA-00:11 | April 10, 2000
ircII version 4.4 contained a remotely-exploitable buffer overflow in the /DCC CHAT command which allows remote users to execute arbitrary code as the client user.

Page: 12... 896 897 898 899 900 901 902 903 out of 903

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »