Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 04:09:51 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1900481464&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Fadvisories%2Fdebian%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1900481464.1338178191.1338178191.1338178191.1%3B%2B__utmz%3D32867617.1338178191.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/45185/dsa-1020-1.txt http://packetstormsecurity.org/files/45185/dsa-1020-1.txt http://packetstormsecurity.org/files/45185/Debian-Linux-Security-Advisory-1020-1.html Tue, 04 Apr 2006 22:18:33 GMT Debian Security Advisory DSA 1020-1 - Chris Moore discovered that flex, a scanner generator, generates code, which allocates insufficient memory, if the grammar contains REJECT statements or trailing context rules. This may lead to a buffer overflow and the execution of arbitrary code. http://packetstormsecurity.org/files/45184/dsa-1018-1.txt http://packetstormsecurity.org/files/45184/dsa-1018-1.txt http://packetstormsecurity.org/files/45184/Debian-Linux-Security-Advisory-1018-1.html Tue, 04 Apr 2006 22:17:51 GMT Debian Security Advisory DSA 1018-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. http://packetstormsecurity.org/files/45183/dsa-1019-1.txt http://packetstormsecurity.org/files/45183/dsa-1019-1.txt http://packetstormsecurity.org/files/45183/Debian-Linux-Security-Advisory-1019-1.html Tue, 04 Apr 2006 22:16:12 GMT Debian Security Advisory DSA 1019-1 - Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite. http://packetstormsecurity.org/files/45182/dsa-1017-1.txt http://packetstormsecurity.org/files/45182/dsa-1017-1.txt http://packetstormsecurity.org/files/45182/Debian-Linux-Security-Advisory-1017-1.html Tue, 04 Apr 2006 22:15:43 GMT Debian Security Advisory DSA 1017-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. http://packetstormsecurity.org/files/45181/dsa-1016-1.txt http://packetstormsecurity.org/files/45181/dsa-1016-1.txt http://packetstormsecurity.org/files/45181/Debian-Linux-Security-Advisory-1016-1.html Tue, 04 Apr 2006 22:15:13 GMT Debian Security Advisory DSA 1016-1 - Ulf H http://packetstormsecurity.org/files/45021/dsa-1015-1.txt http://packetstormsecurity.org/files/45021/dsa-1015-1.txt http://packetstormsecurity.org/files/45021/Debian-Linux-Security-Advisory-1015-1.html Fri, 31 Mar 2006 10:13:30 GMT Debian Security Advisory DSA 1015-1 - Mark Dowd discovered a flaw in the handling of asynchronous signals in sendmail, a powerful, efficient, and scalable mail transport agent. This allows a remote attacker may to exploit a race condition to execute arbitrary code as root. http://packetstormsecurity.org/files/29698/DSA-168-1 http://packetstormsecurity.org/files/29698/DSA-168-1 http://packetstormsecurity.org/files/29698/DSA-168-1.html Fri, 20 Sep 2002 09:37:25 GMT Debian security advisory DSA 168-1 - Debian released new PHP packages that fix newline character injection in several PHP functions. Additionally, these packages correct a bug in PHP that allow a safe_mode restriction to be bypassed. http://packetstormsecurity.org/files/28332/debian.gaim.txt http://packetstormsecurity.org/files/28332/debian.gaim.txt http://packetstormsecurity.org/files/28332/debian.gaim.txt.html Wed, 28 Aug 2002 04:10:44 GMT Debian Security Advisory 158-1 - Gaim uses URL's retrieved from message in command-line execution of the web browser without filtering these URL's first. This issue has been fixed by the Gaim developers in version 0.59.1. http://packetstormsecurity.org/files/26199/DSA-130-1 http://packetstormsecurity.org/files/26199/DSA-130-1 http://packetstormsecurity.org/files/26199/DSA-130-1.html Tue, 04 Jun 2002 04:47:41 GMT Debian Security Advisory DSA-130-1 - Ethereal versions prior to v0.9.3 are vulnerable to an allocation error in the ASN.1 parser allowing remote root exploits. This affected GNU/Linux 2.2 and fixed packages have been released for the alpha, arm, i386, m68k, powerpc and sparc architectures. http://packetstormsecurity.org/files/24815/debian.gftp.txt http://packetstormsecurity.org/files/24815/debian.gftp.txt http://packetstormsecurity.org/files/24815/debian.gftp.txt.html Tue, 08 May 2001 23:05:40 GMT Debian Security Advisory DSA-055-1 - The gftp package has a problem in its logging code which allows malicious ftp servers to execute commands on the client machine. This has been fixed in version 2.0.6a-3.1. http://packetstormsecurity.org/files/24287/debian.man-db.txt http://packetstormsecurity.org/files/24287/debian.man-db.txt http://packetstormsecurity.org/files/24287/debian.man-db.txt.html Tue, 08 May 2001 23:04:27 GMT Debian Security Advisory DSA-028-1 - Man has a format string vulnerability which leads to a local exploit for the man user. http://packetstormsecurity.org/files/24811/debian.zope2.txt http://packetstormsecurity.org/files/24811/debian.zope2.txt http://packetstormsecurity.org/files/24811/debian.zope2.txt.html Tue, 08 May 2001 22:51:30 GMT Debian Security Advisory DSA-055-1 - A new Zope hotfix has been released which fixes a problem in ZClasses. The problem is "any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance." This hotfix has been added in version 2.1.6-10. http://packetstormsecurity.org/files/24808/debian.cron3.txt http://packetstormsecurity.org/files/24808/debian.cron3.txt http://packetstormsecurity.org/files/24808/debian.cron3.txt.html Tue, 08 May 2001 22:26:56 GMT Debian Security Advisory DSA-054-1 - A recent (fall 2000) security fix to cron introduced an error in giving up privileges before invoking the editor. A malicious user can easily gain root access. This has been fixed in version 3.0pl1-57.3. http://packetstormsecurity.org/files/24719/debian.sendfile.txt http://packetstormsecurity.org/files/24719/debian.sendfile.txt http://packetstormsecurity.org/files/24719/debian.sendfile.txt.html Wed, 25 Apr 2001 00:45:02 GMT Debian Security Advisory DSA-050-1 - The saft daemon 'sendfiled' dropped privileges incorrectly allowing local users to execute arbitrary code under root privileges. http://packetstormsecurity.org/files/23089/debian.netscape.txt http://packetstormsecurity.org/files/23089/debian.netscape.txt http://packetstormsecurity.org/files/23089/debian.netscape.txt.html Wed, 25 Apr 2001 00:42:35 GMT Debian Security Advisory DSA 051-1 - The Netscape browser does not escape the GIF file comment in the image information page. This allows javascript execution in the "about:" protocol and can for example be used to upload the History (about:global) to a webserver, thus leaking private information. This problem has been fixed upstream in Netscape 4.77. http://packetstormsecurity.org/files/24711/debian.cfingerd.txt http://packetstormsecurity.org/files/24711/debian.cfingerd.txt http://packetstormsecurity.org/files/24711/debian.cfingerd.txt.html Sun, 22 Apr 2001 20:25:42 GMT Debian Security Advisory DSA-048-1 - Cfingerd v1.4.1 and below contains a remote root vulnerability in the logging code. When combining this with an off-by-one error in the code that copied the username from an ident response cfingerd could exploited by a remote user. http://packetstormsecurity.org/files/24681/debian.samba.txt http://packetstormsecurity.org/files/24681/debian.samba.txt http://packetstormsecurity.org/files/24681/debian.samba.txt.html Thu, 19 Apr 2001 21:45:08 GMT Debian Security Advisory DSA-048-1 - Samba does not use temp files correctly, allowing local attackers to trick samba into overwriting arbitrary files. Both problems have been fixed in version 2.0.7-3.2. http://packetstormsecurity.org/files/24658/debian.kernel.txt http://packetstormsecurity.org/files/24658/debian.kernel.txt http://packetstormsecurity.org/files/24658/debian.kernel.txt.html Tue, 17 Apr 2001 01:03:17 GMT Debian Security Advisory DSA-047-1 - The kernels used in Debian GNU/Linux 2.2 have been found to have a dozen security problems. Upgrade to 2.2.19! http://packetstormsecurity.org/files/24639/debian.exuberant-ctags.txt http://packetstormsecurity.org/files/24639/debian.exuberant-ctags.txt http://packetstormsecurity.org/files/24639/debian.exuberant-ctags.txt.html Sun, 15 Apr 2001 18:11:04 GMT Debian Security Advisory DSA-046-1 - The exuberant-ctags packages as distributed with Debian GNU/Linux 2.2 creates temporary files insecurely. This has been fixed in version 1:3.2.4-0.1 of the Debian package, and upstream version 3.5. http://packetstormsecurity.org/files/24596/debian.ntp.txt http://packetstormsecurity.org/files/24596/debian.ntp.txt http://packetstormsecurity.org/files/24596/debian.ntp.txt.html Tue, 10 Apr 2001 02:17:15 GMT Debian Security Advisory DSA-045-1 - A buffer overflow has been found in ntp which can lead to remote root compromise. Versions ntp-4.0.99k and prior are vulnerable. http://packetstormsecurity.org/files/22045/debian.mailx.txt http://packetstormsecurity.org/files/22045/debian.mailx.txt http://packetstormsecurity.org/files/22045/debian.mailx.txt.html Fri, 16 Mar 2001 02:05:13 GMT Debian Security Advisory DSA-044-1 - The mail program (a simple tool to read and send email) as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code. Since mail is installed setgid mail by default this allowed local users to use it to gain access to mail group. Since the mail code was never written to be secure fixing it properly would mean a large rewrite. Instead of doing this we decided to no longer install it setgid. This means that it can no longer lock your mailbox properly on systems for which you need group mail to write to the mailspool, but it will still work for sending email. Debian security homepage: http://www.debian.org http://packetstormsecurity.org/files/22800/debian.zope.txt http://packetstormsecurity.org/files/22800/debian.zope.txt http://packetstormsecurity.org/files/22800/debian.zope.txt.html Thu, 15 Mar 2001 22:58:25 GMT Debian Security Advisory - On versions of Zope prior to 2.2beta1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request. http://packetstormsecurity.org/files/24464/debian.xemacs.txt http://packetstormsecurity.org/files/24464/debian.xemacs.txt http://packetstormsecurity.org/files/24464/debian.xemacs.txt.html Thu, 15 Mar 2001 22:57:39 GMT Debian Security Advisory DSA-042-1 - Gnuserv, a remote control facility for Emacsen which is available as standalone program as well as included in XEmacs21, has a buffer overflow which can be exploited to make the cookie comparison always succeed. http://packetstormsecurity.org/files/24459/debian.joerc.txt http://packetstormsecurity.org/files/24459/debian.joerc.txt http://packetstormsecurity.org/files/24459/debian.joerc.txt.html Thu, 15 Mar 2001 20:35:28 GMT Debian Security Advisory DSA-041-1 - The text editor joe attempts to read .joerc from the current directory, allowing malicious local users to execute commands as other users if they use joe in writable directories. http://packetstormsecurity.org/files/24457/debian.slrn.txt http://packetstormsecurity.org/files/24457/debian.slrn.txt http://packetstormsecurity.org/files/24457/debian.slrn.txt.html Thu, 15 Mar 2001 20:19:48 GMT Debian Security Advisory DSA-040-1 - The slrn newsreader has remotely exploitable buffer overflows if the wrapping/unwrapping functions are enabled.