A security hole was discovered in the GNU make package version 3.77-44 distributed with SuSE 6.1 and 6.3. If Makefile contents are fed in via stdin, files will be created in /tmp without checking if there is a symbolic link with the same name. Implications are command execution as the user running make. Other distributions are also affected. SuSE security site here.
ea08e1d1f74ae57dec28f0224d6ad7a4b1254790603ed556b334ded009d41465
A security hole was discovered in the util package (mount and umount commands) installed by default on SuSE and other flavors of linux. Local root compromise possible. SuSE security site here.
d5441c0cfdf9c9b309b67e8539ad4feae7ae7d635226df5cbeedc83b7c860831
Patch for linux kernel 2.2.14 to discard packets that many OS detection tools use to query the TCP/IP stack.
c84594838465fe09706a766e9b8530454728fe6dcbf3ef3079659c0e2e691eb2
Kppp 1.6.14 has a vulnerability that allows a local user to display the saved PPP password.
8d19332151732e5697e7f7163003d6acf0c93e1dbfc58fe97ed5779abc51b4cb
InetServ 3.0 remote DoS exploit.
745955650f792ca0b47cdd962de7a7acf7142588a0956916494311e2965dafa0
Windows 2000 Magazene Security Digest - New vulnerabilities include RDISK Race Condition: Update, Bypass surfControl URL Blocking, WWWThreads Elevates Privileges, Web Server Scripting Issues, Microsoft Java Exposes Files, and Windows NT Recycle Bin Goes Unchecked. Also contains articles on serious DoS attacks, IIS Administrator, FBI and CERT Warn Users Against Web-Based Scripting, and ZoneAlarm 2.0.
aefd83c89746659843b6c1be6a5a6cdf9f3be4950de270b7fb995fce23408f15
ISS Security Alert - Denial of Service Attack using the TFN2K and Stacheldraht programs. These attacks are more powerful than any previous denial of service attack observed on the Internet.
b62da56635635d524817aaca0d701afa8f1d51b1075b2f5942b15e54cba18a0e
Bypassing authentication on Axis 700 Network Scanner - By modifying an URL, outsiders can access administrator URLs without entering username and password. Tested on Axis 700 Network Scanner Server version 1.12.
62be7cce360cae03aa7cf171c9411f06a344a3d1ae4af8abcb8218e26c1b8673
The default configuration of SCO OpenServer 5.0.5 allows local users read/write access to SNMPD via a default writable community string. This configuration has been verified on SCO OpenServer 5.0.5 and may be present in earlier versions.
3c82f312504d022a8c22babfcbc6580fa23cc95dd9cd9e92a5e994687ae533a7
There exists a vulnerability in the password checking routines in the latest versions of the MySQL server, that allows any user on a host that is allowed to connect to the server, to skip password authentication, and access databases. All versions of MySQL up to 3.22.26a are vulnerable.
5f5a4fb2100d5e175dc80ad904c3a600382a5f0b6c8153e8084244e2328cedac