Mandrake Linux Security Update Advisory - A number of vulnerabilities were fixed in mozilla 1.7.3, the following of which have been backported to mozilla packages for Mandrake Linux 10.0: "Send page" heap overrun, javascript clipboard access, buffer overflow when displaying VCard, BMP integer overflow, javascript: link dragging, Malicious POP3 server III.
9f5db01dbfd4b9ff3f74a73729cb6a0c9bf1c408d1dc95dad30d2132b2454615Mandriva Linux Security Update Advisory - When starting xntpd with the -u option and specifying the group by using a string not a numeric gid the daemon uses the gid of the user not the group.
d7150bc8beea7498450152bf9d24ad55ba00067fa4e0945ceb1f6bd303c308a2Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The python packages use a private copy of pcre code.
6c60b8a722eb0465abc8ed758b114123cd720246b7f3268c562345f23dcbf1f9Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
2913020ff56d435018e11b27ae5ec6f01a906d4696dc0e8e5102cb460d783f2bInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
e296dc932558876aa03691cc4ba4a8ff742813c8186cbe20bf4bf2e7e1e662baInteger overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
67dac94f58834ac95814d61aff301273abab4bf7af28c2c919f89dbece0aae80A vulnerability in bluez-utils was discovered by Henryk Plotz. Due to missing input sanitizing, it was possible for an attacker to execute arbitrary commands supplied as a device name from the remote bluetooth device.
c78df857068d0651a0e2e8ea70b1df85952d226a1d91be949a7a2474ffc93450Javier Fernandez-Sanguino Pena discovered that the pwmconfig script in the lm_sensors package created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with full root privileges because pwmconfig is typically executed by root.
1eb757480487e5bde151ffe0b5c8a09b452e11ae2137fe90de1c1c1398988c76Mandrake Linux Security Update Advisory - Javier Fernandez-Sanguino Pena discovered two vulnerabilities in scripts included with the vim editor. The two scripts, tcltags and vimspell.sh created temporary files in an insecure manner which could allow a malicious user to execute a symbolic link attack or to create, or overwrite, arbitrary files with the privileges of the user invoking the scripts.
7d9c2bfe6a4ee99a747572aa6fb968bad0aa4e7638fd1885eac13fa60c81fe34Mandrake Linux Security Update Advisory - Herbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack.
0b77cae8ee0ff13e4f0c71207f40df5bb8a76c2bedd1527178bb64fdc86e1708Mandrake Linux Security Update Advisory - SGI developers discovered a remote DoS (Denial of Service) condition in the NFS statd server. rpc.statd did not ignore the SIGPIPE signal which would cause it to shutdown if a misconfigured or malicious peer terminated the TCP connection prematurely.
d6ee8ca8fd5762c70e690ea33f4421867002ac1714835bcf445645c863e83597Mandrake Linux Security Update Advisory - The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitrary commands with the privileges of the user running the vulnerable application.
afffec118e3c478b43f8bd4c296edd84d155a798b59d0a49364f43ef44813126Mandrake Linux Security Update Advisory - Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution.
38339c35eb37ea1704d38fa5c8d7a983c7db524a7de177b38224327194a45663Mandrake Linux Security Update Advisory - affected versions of MDK: 10.0, 92, Corporate Server 2.1, Multi Network Firewall 8.2. Several vulnerabilities have been discovered in the libtiff package that could lead to arbitrary code execution.
00b02fca7dc066d552fa40fbd64474173459db97df3ec38a658849d0dfbfb489Mandrake Linux Security Update Advisory - cvs 10.0, 92, Corporate Server 2.1. A flaw in CVS versions prior to 1.1.17 in an undocumented switch to the CVS history command allows for determining directory structure and the existance of files on a target machine.
e1cdaf1293a24e2672547e99ab63263760f1dbe553b2c16f4764702091f0a9a9Mandrake Linux Security Update Advisory - The cdrecord program, which is suid root, fails to drop euid=0 when it exec()s a program specified by the user through the RSH environment variable. This can be abused by a local attacker to obtain root privileges.
6f38c8ce8d76f1228e8d3ca2e1b81434d0f2613330175e2b3a098eeec3ceb160Mandrake Linux Security Update Advisory - Problems lie in the utempter program versions 10.0, 9.2, 9.1, Corporate Server 2.1, and Multi Network Firewall 8.2 that allow for arbitrary file overwrites and denial of service attacks.
d955011e39cbff52026f4c77016b564f2c9d8f72b1a57bf1a841fbbace58a5a8Mandrake Linux Security Advisory MDKSA-2003:015 - A buffer overflow vulnerability was discovered in slocate by team USG. The overflow appears when slocate is used with the -c and -r parameters, using a 1024 (or 10240) byte string. This has been corrected in slocate version 2.7. Affected Mandrake versions: 8.0, 8.1, 8.2 and 9.0
aadb5388056e5519e20c8bceae53605626d6a2a12bf45477b585fd83693fef06Mandrake Linux Security Advisory MDKSA-2003:014 - An updated kernel for Mandrake 9.0 is available with a number of bug fixes. This new package also fixes a security problem that allows non-root users to freeze the kernel, and a fix for a vulnerability in O_DIRECT handling that can create a limited information leak. This last bug also allows users to create minor file system corruption (this can easily be repaired by fsck).
c116e3fc3745453b25f2c7dce5ded5e55c55e7bc93d37b907f46a59d8a81e5a1iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package. Three vulnerabilities exist, the worst of which allows local root compromise. Overflows in the mtink and escputil binaries, which are set group id sys, allow an attacker to gain sys group privileges. A race condition in the ml85p binary, which is set user id root, allows an attacker to create a file with super user privileges.
7176f37ea45e1920e9e214222d1b7446b1bb27eb36daf186f9b7edeb3b38a417Another Proof of Concept exploit for the local buffer overflow vulnerability existing in linuxconf v1.28r3 and below which allows users to spawn a root shell. Tested on Mandrake Linux 8.2.
92e6ec24f409a9f1006245445fec7ad60fc8f719a98109578dd3758317bd6a9cMandrake Linux security advisory MDKSA-2002:037-1 - ISC DHCPD in its version 3 introduced new dns-update features. ISC DHCPD v3.0 to 3.0.1rc8 is vulnerable to a remote root format string bug attack, while reporting the result of a dns-update request.
42232836f0d3fb1ef90a2677417ea2433081cd0f3beee7cf19875a6a8511d9c2Mandrake Linux security advisory MDKSA-2002:034 - A remote overflow found in the WU-IMAP daemon v2001a and below affects Mandrake 7.1, 7.2, 8.1, 8.2 and Corporate Server 1.0.1.
ccb9e4f0cf15f78cf499d5204b26c83fea31cfd471f6bf7d99bdaded7df24b9eMandrake Security Advisory MDKSA-2002:033 - A vulnerability found in all versions of Webmin prior to v0.970 allows remote users to login to Webmin as any user. The affected Mandrake versions are 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1 and Single Network Firewall 7.2.
7b53ede13b33631621686fe27cf7981287d076bdaa27520dcebdca3a089ccfacMandrake Linux security advisory MDKSA-2002:030 - A vulnerability found in the netfilter package can result in a serious information leak that can expose filter rules and network topology information. This vulnerability affects Mandrake Linux 8.0, 8.1 and 8.2 .
59e7afed923c050dc1ea8b370801e26faa6d4802d4f005f42c0071dfb5236c14Weekly Newsletter from Help Net Security - Covers weekly roundups of security events that were in the news the past week. In this issue: The FrontPage Server Extensions are vulnerable to a remote denial of service, a buffer overflow memory problem in the rpc module of the Pragma TelnetServer 2000, webserver Pro 2.3.7 vulnerability, Mandrake Linux Xchat update, ld.so problem that allows local users to obtain super user privilege, IIS Cross-Site Scripting patched, Microsoft Money password vulnerability patched, MGetty local compromise, and Kerberos password authentication issues.
41a3d0d05b3290fcc821f93f043a30e580de167d85445843559dbda0f11021ee
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed