Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories

Security Advisories

Here you'll find the latest security advisories from various Vendors.
Page: 12... 896 897 898 899 900 901 902 903 out of 903

Security compromise via open() | SA-97:05 | October 29, 1997
A problem exists in the open() syscall that allows processes to obtain a valid file descriptor without having read or write permissions on the file being opened. This is normally not a problem. The Fr

Security compromise via procfs | SA-97:04 | August 19, 1997
A problem exists in the procfs kernel code that allows processes to write memory of other processes where it should have been prohibited.

Sysinstall bug | SA-97:03 | April 07, 1997
One of the port installation options in sysinstall is to install an anonymous ftp setup on the system. In such a setup, an extra user needs to be created on the system, with username 'ftp'. This us

Buffer overflow in lpd | SA-97:02 | March 26, 1997
The lpd program runs as root. A remote attacker can exploit a buffer overflow to obtain root privs.

setlocale() bug in all released versions of FreeBSD | SA-97:01 | February 05, 1997
FreeBSD 2.1.6 and earlier systems suffer from this vulnerability for all binaries due to setlocale() being called from crt0.o.

Unauthorized access via buffer overruns | SA-96:20 | December 16, 1996
The programs in question store user-supplied information in internal buffers. There is no range checking on length of the data copied into these buffers. A malicious user may be able to overflow these

Buffer overflow in modstat | SA-96:19 | December 10, 1996
The modstat program has always been installed setuid kmem. Within the program, a buffer overflow can occur.

Buffer overflow in lpr | SA-96:18 | November 25, 1996
Due to its nature, the lpr program is setuid root. Unfortunately, the program does not do sufficient bounds checking on arguments which are supplied by users. As a result it is possible to overwrite

| SA-96:17 | July 16, 1996
The Z-Modem protocol specifies a mechanism which allows the transmitter of a file to execute an arbitrary command string as part of the file transfer. This is typically used to rename files or elimin

Security vulnerability in rdist | SA-96:16 | July 12, 1996
rdist creates an error message based on a user provided string, without checking bounds on the buffer used. This buffer is on the stack, and can therefore be used to execute arbitrary instruction

Security compromise from ppp | SA-96:15 | July 04, 1996
The ppp program does not properly manage user privileges, allowing users to run any program with root privileges.

Security compromise from perl (suidperl) utility | SA-96:12 | June 28, 1996
The authors of perl provide a "suidperl" program for proper processing of setuid perl scripts on systems where race conditions where setuid scripts could be exploited to gain unauthorized acce

Firewall filter leak with user level ipfw | SA-96:14 | June 24, 1996
A potential problem exists when users specify mask addresses to ipfw(8) using the address:mask syntax. Specifically, whenever the ':' syntax is used, the resulting mask is always 0xffffffff.

Unauthorized mail reading via comsat | SA-96:13 | June 05, 1996
The comsat daemon does not properly set privileges before attempting to read mail files for display on a user terminal.

Security compromise from man page utility | SA-96:11 | May 22, 1996
The man program is setuid to the "man" user. By executing a particular sequence of commands, an unprivileged local user may gain the access privileges of the "man" user. However, root ac

System stability compromise via mount_union program | FreeBSD-SA-96:10 | May 22, 1996
A bug was found in the union file system code which can allow an unprivileged local user to compromise system stability. This problem is present in all source code and binary distributions of Free

Unauthorized access via mount_union | FreeBSD-SA-96:09 | May 17, 1996
A bug was found in the vfsload(3) library call that affects all versions of FreeBSD from 2.0 through 2.2-CURRENT that caused a system vulnerability.

Apache httpd meta-character escaping | FreeBSD-SA-96:02 | April 22, 1996
A bug was found in the apache daemon that may allow remote users to obtain unauthorized access to a machine running apache httpd.

Syslog vulnerability | FreeBSD-SA-96:08 | April 21, 1996
A problem was found in the syslog(3) library call that affects FreeBSD 2.0 and FreeBSD 2.0.5 releases. This problem was fixed prior to the release of FreeBSD 2.1.

Sliplogin unauthorized access vulnerability | FreeBSD-SA-96:01 | April 21, 1996
A bug was found in the sliplogin program. The program did not properly restrict the environment used when invoking child processes. This problem is present in all source code and binary distributions

Sendmail pipe vuln | FreeBSD-SA-96:03 | April 20, 1996
Sendmail has the ability to deliver mail to a program on the local system via a pipe. This feature is often used to support automatic mail filtering and vacation programs. This provides a very fl

Unauthorized access via buffer overrun in talkd | SA-96:21 | January 18, 1996
This attack requires an intruder to be able to make a network connection to a vulnerable talkd program and provide corrupt DNS information to that host.

Page: 12... 896 897 898 899 900 901 902 903 out of 903

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »