exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 61 RSS Feed

Files

suse.traceroute.txt
Posted Oct 17, 2000
Site suse.de

SuSE Security Advisory - SuSE's traceroute (nanog) has a completely different local root vulnerability than the one reported last week. A format string bug was discovered in a routine that can be used to terminate a line in traceroute's output to easily embed the program in cgi scripts.

tags | local, cgi, root
systems | linux, suse
SHA-256 | 96c1b99142636132b324379d6a844d895deaeb497136fb0856e8974c973cb5b2
suse.gnorpm.txt
Posted Oct 17, 2000
Site suse.de

SuSE Security Advisory - Gnorpm, a graphical user interface to the rpm subsystem for the gnome desktop, handles tempfiles insecurely and can overwrite arbitrary files on the system.

tags | arbitrary
systems | linux, suse
SHA-256 | e622695dd71e6bdb9d84ffae1dae2588103bfbaafea9c97d639d626fb1d6841a
suse.cfengine.txt
Posted Oct 11, 2000
Site suse.de

SuSE Security Advisory - GNU cfengine, an abstract programming language for system administrators of large networks, has several local root format string vulnerabilities.

tags | local, root, vulnerability
systems | linux, suse
SHA-256 | f52aec0643cadd4f2fb5e2f95f5fd9d3969b607abef7aebde0e82ce715404736
suse.esound.txt
Posted Oct 11, 2000
Site suse.de

SuSE Security Advisory - esound, a daemon program for the Gnome desktop, has a race condition which allows local attackers to change the permissions on any file on the filesystem.

tags | local
systems | linux, suse
SHA-256 | 6c6d344c26218475b41876a24d93ef04e105e8ff868b589b666644cce3691bc5
suse.syslogd.txt
Posted Sep 20, 2000

A security hole was discovered in syslogd distributed with SuSE 6.2 and 6.3. Local denial of service. Patches available here.

tags | denial of service, local
systems | linux, suse
SHA-256 | f9eda213e0b80c0aada004c3af66d392c1f5e5c90aea89f48c4d4610eab0854d
suse.pam_smb.txt
Posted Sep 13, 2000

SuSE Security Advisory - pam_smb is a package that allows Linux/Unix user authentication using a Windows NT server. Versions 1.1.5 and before contain a buffer overflow that would allow a remote attacker to gain root access on the target host. In addition, Zope needs updating again and the Xchat IRC client can be tricked to execute arbitrary commands if the user clicks on an URL. SuSE security site here.

tags | remote, overflow, arbitrary, root
systems | linux, windows, unix, suse
SHA-256 | 5a5cc35d33db367672c5f0cd1d3602494bd48a405273b950e7dabe93aac239c6
suse.apache.txt
Posted Sep 8, 2000
Site suse.de

SuSE Security Advisory - The default package selection in SuSE distributions includes apache. The configuration file that comes with the package allows remote users to read the cgi script sources of the server, and webDAV is installed by default with no access control or authentification activated.

tags | remote, cgi
systems | linux, suse
SHA-256 | f92847ba2aff6bdbefd20587d7b2ffb12c18a8eeec48d3170b3b886b024544ad
suse.suidperl.txt
Posted Aug 13, 2000

SuSE Security Advisory - Suidperl is the perl interpreter for suid perl scripts, a part of the perl package. A maliciously implemented feature causes the interpreter to spawn the /bin/mail program, thereby passing on untrusted environment that causes /bin/mail to execute arbitrary commands as user root. SuSE security site here.

tags | arbitrary, root, perl
systems | linux, suse
SHA-256 | 014ed0af6fcd3148a794ea9fc8ef4e1118024f8702a2a3d00d41005ed9cc8956
suse.knfsd.txt
Posted Aug 13, 2000

SuSE Security Advisory - Due to incorrect string parsing in the code, a remote attacker could gain root priviledges on the machine running the vulnerable rpc.kstatd, which was distributed in the package linuxnfs or knfsd. SuSE security site here.

tags | remote, root
systems | linux, suse
SHA-256 | 4fc97e2211f496c84ae3546f1ae36d7e425e0a9e13e7d63bd4f8100763e8c53b
suse.misc.txt
Posted Aug 8, 2000

SuSE Security Advisory - Several security issues affecting SuSE machines are noted in this advisory including jpeg buffer overflows in netscape, rpc.kstatd (other vendors named it rpc.statd), user 'nobody's HOME directory set to / and misconfigured webservers, problems around pam_console, gpm DoS, setgid() return value, modes of openldap package files, and the mailman problem. SuSE security site here.

tags | overflow
systems | linux, suse
SHA-256 | 719f4656db59a2596fff860acfda1238b2e51e9f455e962fc306ebf63368ff81
suse.nkitb.txt
Posted Jul 17, 2000
Site suse.de

SuSE Security Announcement - A security hole was discovered in the FTP server in nkitb version less than 2000.7.11-0 contains a remote root vulnerability. The standard ftp server does directly pass untrusted data from a DNS server to the setproctitle() function in a unsecure manner, allowing an attacker to modify his/her DNS record to execute abitrary machine code as root while connecting to the standard ftp daemon.

tags | remote, root
systems | linux, suse
SHA-256 | 736fef8cf6af36ad331b57ed0ef2b54ea785d6ef402650a95644b54305ef2a9c
suse.dhclient.txt
Posted Jul 11, 2000
Site suse.de

SuSE Security Advisory - dhclient below version 2.0 contains a remote root vulnerability because dhclient does not do quoting of server messages before passing them to /sbin/dhclient-script. Dhclient could be tricked by a rogue DHCP server to execute commands as user root.

tags | remote, root
systems | linux, suse
SHA-256 | 5c0ca149e1c91461b1be9085c16c3c08f82278eece473c6d97b23dc05060c7f1
suse.tnef.txt
Posted Jul 11, 2000
Site suse.de

SuSE Security Advisory - Tnef v0-124 and below contains a remote vulnerability. Tnef extracts eMails compressed with MS-Outlook. The compressed file includes the path name to which the decompressed data should be written. When specifing a path name like /etc/passwd and sending a compressed mail to root an adversary could gain remote root access to a system by overwriting the local password database. The same could happen if a mail virus scanner, like AMaVIS, process a malicious mail.

tags | remote, local, root, virus
systems | linux, suse
SHA-256 | c34b8f70cc33bc9bfea5066759f565c2a0f8e35122032b8c67b556e5073b3801
suse.2.2.15.txt
Posted Jun 27, 2000
Site suse.de

SuSE Security Advisory - Linux Kernel 2.2.x allows local root up to linux-2.2.16.

tags | kernel, local, root
systems | linux, suse
SHA-256 | c0076bac48adc2c9e2c3573d080067b19b42213b21a688c388da664bd56f11b2
suse.wuftpd.txt
Posted Jun 27, 2000
Site suse.de

SuSE Security Advisory - The wu-ftp FTP server does not do proper bounds checking while processing the SITE EXEC command, allowing a remote attacker to execute arbitrary machine code as root on a FTP server using wu-ftpd. SuSE recommends using the audited 2.4er version of wu-ftpd.

tags | remote, arbitrary, root
systems | linux, suse
SHA-256 | f75a345da50da0a1aeeb54882a3fe6fce1b92f2b6cf41bf6bbc6704dd7b20178
suse.qpop.txt
Posted Jun 9, 2000
Site suse.de

SuSE Security Advisory - Qpop 2.53 does not check the mail header for invalid input, allowing an attacker could send a mail with a malicously formated mail header to a person, that reveives it's mail via qpop 2.53, to execute code with the privileges of user 'mail' at the qpop server.

systems | linux, suse
SHA-256 | 664c98fc21db37c8fd0c437a504953f31e4c132062a73cbcd08e8ee68479edcc
suse.kmulti.txt
Posted May 30, 2000

SuSE Security Announcement - A local security hole was discovered in the KDE CD player, kmulti here.

tags | local
systems | linux, suse
SHA-256 | 3d6e3eea20f253e2d757f141b870e0c57ded66217a446d1cc10dd0bab9e94906
suse.gdm.txt
Posted May 26, 2000

SuSE Security Advisory - gdm prior to 2.0beta4 allows remote root compromise. Gdm is the GNOME replacment for xdm, handling graphical console and network logins. The gdm code, that process' logins over the network, could be tricked into writing data from the network right into the stack. This condition exists while gdm is running with root privileges and before the user is authenticated. Other distributions are affected as well. SuSE security site here.

tags | remote, root
systems | linux, suse
SHA-256 | b72a3c3c3aa5a34597dc9a0e68ba79f13b25815e8ef3f544fb17b99017973c2e
suse.aaabase.txt
Posted May 2, 2000
Authored by SuSE Security | Site suse.de

SuSE Security Advisory - aaa_base is the basic package which comes with any SuSE Linux installation. Two vulnerabilities have been found: 1) The cron job /etc/cron.daily/aaa_base does a daily checking of files in /tmp and /var/tmp, where old files will be deleted if configured to do so. Please note that this feature is NOT activated by default. 2) Some system accounts have their homedirectories set to /tmp by default. These are the users games, firewall, wwwrun and nobody on a SuSE 6.4.

tags | vulnerability
systems | linux, suse
SHA-256 | 5a3e2e3231a4460b85f1219b5ea705fbcc5e0ff1be6878fc5be1742a41f15b0a
suse.kreatecd.txt
Posted Apr 5, 2000

SuSE Security Announcement - A security hole was discovered in kreatecd version 0.3.8b and below. Kreatecd is a KDE tool used to burn cd-roms, in which an exploitable buffer overflow was found allowing local users to get root. SuSE security website here.

tags | overflow, local, root
systems | linux, suse
SHA-256 | d143541083c4cd2e4218fc0c810424545d121f5db2811df201e4f8074bdabac7
suse.gpm.txt
Posted Apr 5, 2000

SuSE Security Announcement - A security hole was discovered in gpm verison 1.18.1 and before, allowing local users to execute commands as EUID 0. SuSE security page here.

tags | local
systems | linux, suse
SHA-256 | da04ad53049b68946f42d5b38d8d36f0ad7afa0ac85e1424a0e34694d3db7200
suse.ircii.txt
Posted Mar 31, 2000

SuSE Security Advisory - A security hole was discovered in ircii, a buffer overflow in the dcc chat feature was found which is exploitable by remote users, allowing remote users may execute commands as the user running ircii-4.4 and below. SuSE security site here.

tags | remote, overflow
systems | linux, suse
SHA-256 | 0bc3a0cdd5c4ee42eb866ece9fb7c575460a3289015501c4102dc9de690e2c7d
suse.imap.txt
Posted Mar 16, 2000

SuSE Security Advisory - A security hole was discovered in the SuSE IMAP server which allows remote attackers to receive imap administrator privilige which can be used e.g. to create or delete folders. This is unrelated to the SuSE linux distribution, which is unaffected. SuSE security site here.

tags | remote, imap
systems | linux, suse
SHA-256 | 70f7eaca71bd1b6e0f93aeb55fc676996c8bcf24b496476f3b61cbf476fb6f90
suse.htdig.txt
Posted Mar 1, 2000

SuSE Security Advisory - A security hole was discovered in htdig 3.14 and below. SuSE security site here.

systems | linux, suse
SHA-256 | 67510eb1f47d7625e5bfc697884b66426c38c14f9221f6bc197370fee1f64ff6
suse.mysql.txt
Posted Feb 13, 2000

A security hole was discovered in mysql, version 3.22.30 and below, allowing remote database access. SuSE security site here.

tags | remote
systems | linux, suse
SHA-256 | 37c0c417de4b3cc6bc05888e062992dfc4c00d0ad7ac4fa0dc01dcf60a1760b1
Page 2 of 3
Back123Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close