A security hole was discovered in the GNU make package version 3.77-44 distributed with SuSE 6.1 and 6.3. If Makefile contents are fed in via stdin, files will be created in /tmp without checking if there is a symbolic link with the same name. Implications are command execution as the user running make. Other distributions are also affected. SuSE security site here.
ea08e1d1f74ae57dec28f0224d6ad7a4b1254790603ed556b334ded009d41465A security hole was discovered in the util package (mount and umount commands) installed by default on SuSE and other flavors of linux. Local root compromise possible. SuSE security site here.
d5441c0cfdf9c9b309b67e8539ad4feae7ae7d635226df5cbeedc83b7c860831Patch for linux kernel 2.2.14 to discard packets that many OS detection tools use to query the TCP/IP stack.
c84594838465fe09706a766e9b8530454728fe6dcbf3ef3079659c0e2e691eb2Kppp 1.6.14 has a vulnerability that allows a local user to display the saved PPP password.
8d19332151732e5697e7f7163003d6acf0c93e1dbfc58fe97ed5779abc51b4cbInetServ 3.0 remote DoS exploit.
745955650f792ca0b47cdd962de7a7acf7142588a0956916494311e2965dafa0Windows 2000 Magazene Security Digest - New vulnerabilities include RDISK Race Condition: Update, Bypass surfControl URL Blocking, WWWThreads Elevates Privileges, Web Server Scripting Issues, Microsoft Java Exposes Files, and Windows NT Recycle Bin Goes Unchecked. Also contains articles on serious DoS attacks, IIS Administrator, FBI and CERT Warn Users Against Web-Based Scripting, and ZoneAlarm 2.0.
aefd83c89746659843b6c1be6a5a6cdf9f3be4950de270b7fb995fce23408f15A new form of Distributed Denial of Service (DDoS) attack has been discovered following the release of the trin00 and Tribe Flood Network (TFN) denial of service programs (see December 7, 1999 ISS Security Alert at http://xforce.iss.net/alerts/advise40.php3). These attacks are more powerful than any previous denial of service attack observed on the Internet. A Distributed Denial of Service attack is designed to bring a network down by flooding target machines with large amounts of traffic. This traffic can originate from many compromised machines, and can be managed remotely using a client program. ISS X-Force considers this attack a high risk since it can potentially impact a large number of organizations. DDoS attacks have proven to be successful and are difficult to defend against.
b62da56635635d524817aaca0d701afa8f1d51b1075b2f5942b15e54cba18a0eBypassing authentication on Axis 700 Network Scanner - By modifying an URL, outsiders can access administrator URLs without entering username and password. Tested on Axis 700 Network Scanner Server version 1.12.
62be7cce360cae03aa7cf171c9411f06a344a3d1ae4af8abcb8218e26c1b8673The default configuration of SCO OpenServer 5.0.5 allows local users read/write access to SNMPD via a default writable community string. This configuration has been verified on SCO OpenServer 5.0.5 and may be present in earlier versions.
3c82f312504d022a8c22babfcbc6580fa23cc95dd9cd9e92a5e994687ae533a7There exists a vulnerability in the password checking routines in the latest versions of the MySQL server, that allows any user on a host that is allowed to connect to the server, to skip password authentication, and access databases. All versions of MySQL up to 3.22.26a are vulnerable.
5f5a4fb2100d5e175dc80ad904c3a600382a5f0b6c8153e8084244e2328cedac
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed