what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 107 of 107 RSS Feed

Files

debian.lpr.txt
Posted Jan 10, 2000

The version of lpr that was distributed with Debian GNU/Linux 2.1 and the updated version released in 2.1r4 have a two security problems - Local users can obtain root access and remote users can access the print server. Debian security homepage here.

tags | remote, local, root
systems | linux, debian
SHA-256 | 76f28548f53eab0c17b0e5cb003d08d19470656cb9af609506e56f57b0c25ed8
debian.htdig.txt
Posted Dec 9, 1999

The version of htdig that was shipped in Debian GNU/Linux 2.1 has a problem with calling external programs to handle non-HTML documents: it calls the external program with the document as a parameter, but does not check for shell escapes. This can be exploited by creating files with filenames that include shell escapes to run arbitraty commands on the machine that runs htdig. Debian security homepage here.

tags | shell
systems | linux, debian
SHA-256 | e334f26289821d3de2a28c9cfdff8ef04d3a9b28263a6855d2b422c4e2face76
debian.sendmail.txt
Posted Dec 7, 1999

The version of sendmail and sendmail-wide that was distributed with Debian GNU/Linux 2.1 has a slight problem in the code to regenerate the aliases database. Sendmail allowed any user to run sendmail with the -bi option to (re)initialize the aliases database. The user could then interrupt sendmail and leave the system with a broken aliases database. This has been fixed in version 8.9.3-3slink1 by only allowing root and trusted users to regenerate the aliases database. Debian security homepage here.

tags | root
systems | linux, debian
SHA-256 | e5614b272fef90a2bb709c2d54aedf51c441df09e1e044b4f2b0837102d042ac
debian.dump.txt
Posted Dec 2, 1999

The version of dump that was distributed with Debian GNU/Linux 2.1 suffers from a problem with restoring symbolic links. The new version uses lchown instead of chown, fixing a possible security problem when restoring symlinks (a malicious user could use this to deliberately corrupt the ownership of important system files). Debian security website here.

systems | linux, debian
SHA-256 | d6ca5c12e1090ef63a7880ef69eb09531e1db975d5bfe60b3bafad55afdc3887
debian.bind.txt
Posted Nov 17, 1999

The version bind that was distributed in Debian GNU/Linux 2.1 has a vulnerability in the processing of NXT records that can be used by an attacked in a Debian of Service attack or exploited to gain root access to the server. This has been fixed in version 8.2.5p5-0slink1, and we recommend that you upgrade your bind package immediately. Debian security homepage here.

tags | root
systems | linux, debian
SHA-256 | c0348f836c6ccdfcc5aeb64b724e1fe239dc1ecf33461b0f5ec14ecd6023e62d
debian.nfs-server.txt
Posted Nov 11, 1999

Debian Security Advisory: New version of nfs-server fixes remote exploit. Debian security homepage here.

tags | remote
systems | linux, debian
SHA-256 | 0932f12830d03f4492b460fa0e19d1f2731088de4856abcee3ea96447a323199
debian.lpr-old.txt
Posted Nov 3, 1999

The version of lpr that was distributed with Debian GNU/Linux 2.1 suffers from a couple of problems. There was a race in lpr that could be exploited by users to print files they can not normally read, and lpd did not check permissions of queue-files. As a result by using the -s flag it could be tricked into printing files a user can otherwise not read. This has been fixed in version 0.46-1-0slink1. We recommend you upgrade your lpr package immediately. Debian security homepage here.

systems | linux, debian
SHA-256 | 0e87d8210d38143d57f0251abf1b80fc8c61dfcb5ca60645c696d90c09041c9c
Page 5 of 5
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close