This is a simple local exploit for FreeBSD/OpenBSD with bmon < 1.2.1_2 installed. It depends on the fact that bmon doesn't use an absolute path to commands that it calls. This particular exploit uses 'netstat'.
9dc0b346d9fd4262adc9c83e19f1ef804883bb558ed5e2ce720089f496d91be6Fedora Legacy Update Advisory - FLSA:1237. Updated gaim package resolves security issues. Corrects multiple buffer overflows in Gaim 0.75 and earlier, including Yahoo cookie buffer overflows, YMSG protocol overflows, and flaws in URL and proxy handling.
ca255088e62203b2056c9b6e0c12bf80d6c3d07e7f6a7f94fbf462e401e315deFedora Legacy Update Advisory - FLSA:2072. Updated CUPS packages fix security vulnerability. Updated cups packages that fix a denial of service vulnerability are now available. In versions of CUPS prior to 1.1.21, an attacker can craft packets to the IPP port which will result in a Denial of Service on the CUPS service.
1404d77b7ac79de9e4d35a002670c95dd25db7bbd4aebc48cc40859dedbc6358Side-channel username verification against ProFTPd. Sends the USER command, and sees how long the server takes to respond, indicating whether the user exists or not. Obviously, this may produce false positives on slow network connections.
4c187c9a5ac561e7d40e6812cf15bf9b2bcd4aaf7a0db96b65136cfb08a387f5Debian Security Advisory DSA 568-1 - A vulnerability has been discovered in the Cyrus implementation of the SASL library, the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. The library honors the environment variable SASL_PATH blindly, which allows a local user to link against a malicious library to run arbitrary code with the privileges of a setuid or setgid application.
94dfb416a2d838aac6036c6e0afd7a491195e67628c775de9243c1d4b0f6e946
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed