what you don't know can hurt you
Showing 1 - 25 of 28 RSS Feed

Files

rPSA-2006-0198-1.txt
Posted Oct 27, 2006
Site rpath.com

rPath Security Advisory: 2006-0198-1: In previous versions of the screen package, the screen program had a bug which is known to make screen vulnerable to a minor denial of service attack in which the screen program would crash if presented with particular output. It is possible that this attack could also allow a user-complicit attacker to assume the privileges of the complicit user. The screen program is not setuid in rPath Linux, so any attack is limited to the complicit user.

tags | advisory, denial of service
systems | linux
MD5 | 7cc53856de74dfcc10be21ba140e153d

Related Files

rPSA-2006-0230-1.txt
Posted Dec 14, 2006
Site rpath.com

rPath Security Advisory: 2006-0230-1 Previous versions of the evince package contain a vulnerability that enables attackers to provide intentionally malformed postscript files which will cause evince to execute arbitrary attacker-provided code. (This vulnerability was originally discovered in the gv program.)

tags | advisory, arbitrary
MD5 | dca61a40323a399718db778de1f7a52c
rPSA-2006-0231-1.txt
Posted Dec 14, 2006
Site rpath.com

rPath Security Advisory: 2006-0231-1 Previous versions of the squirrelmail package are vulnerable to multiple cross-site scripting (XSS) attacks that allow the attacker to subvert web browsers being used with squirrelmail.

tags | advisory, web, xss
MD5 | 91ff1abb24d337258261bc08366ce33c
rPSA-2006-0232-1.txt
Posted Dec 14, 2006
Site rpath.com

rPath Security Advisory: 2006-0232-1 - Previous versions of the libgsf package contain a flaw in parsing OLE documents that could allow an attacker to crash applications that use libgsf, and possibly to cause them to execute arbitrary code, by presenting a user with an intentionally malformed OLE document.

tags | advisory, arbitrary
MD5 | d3120dc2436e3d5725c6447be6268b73
rPSA-2006-0195-2.txt
Posted Oct 27, 2006
Site rpath.com

rPath Security Advisory: 2006-0195-2: Previous versions of the qt-x11-free package include Qt libraries contain an integer overflow flaw that causes them not to properly bound pixmap image data. This may enable a user-complicit denial of service attack (application crash), or possibly unauthorized access via arbitrary code execution, in applications which use vulnerable versions of the Qt libraries.

tags | advisory, denial of service, overflow, arbitrary, code execution
MD5 | 8264ac37d79e79183c227f1d576ad15f
rPSA-2006-0195-1.txt
Posted Oct 21, 2006
Site rpath.com

rPath Security Advisory: 2006-0195-1: Previous versions of the KDE khtml library use Qt in a way that allows unchecked pixmap image input to be provided to Qt, triggering an integer overflow flaw in Qt. This enables a user-complicit denial of service attack (application crash), or possibly unauthorized access via arbitrary code execution.

tags | advisory, denial of service, overflow, arbitrary, code execution
MD5 | 76f9b28555c835f8b611acebaee3a6a2
rPSA-2006-0176-1.txt
Posted Oct 4, 2006
Site rpath.com

rPath Security Advisory: 2006-0176-1: Previous versions of the openldap package contain a slapd daemon which allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN), a privilege escalation vulnerability.

tags | advisory, remote, arbitrary
MD5 | e3ec7508e2709480ce4b7e505c0157f6
rPSA-2006-0175-2.txt
Posted Oct 4, 2006
Site rpath.com

rPath Security Advisory: 2006-0175-2 Previous versions of the openssl package are vulnerable to multiple attacks. Three of the vulnerabilities are denials of service, but the other is a buffer overflow that is expected to create remote unauthorized access vulnerabilities in other applications. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

tags | advisory, remote, overflow, local, vulnerability
MD5 | 902c8d97479182bc95a55e9ba90786b6
rPSA-2006-0175-1.txt
Posted Oct 4, 2006
Site rpath.com

rPath Security Advisory: 2006-0175-1: openssl Remote Deterministic Unauthorized Access

tags | advisory, remote
MD5 | f4a921792724776d163ae2825bb36e26
rPSA-2006-0174-1.txt
Posted Oct 4, 2006
Site rpath.com

rPath Security Advisory: 2006-0174-1 - Remote Deterministic Denial of Service in openssh.

tags | advisory, remote, denial of service
MD5 | 68b5ca061ff382a0bb1208ca9fc6d2e6
rPSA-2006-0173-1.txt
Posted Oct 3, 2006
Authored by rPath Update Announcements | Site rpath.com

rPSA-2006-0173-1: Previous versions of the openoffice.org packages are susceptible to several vulnerabilities, including a denial of service (application crash) and a user-complicit unauthorized access attack that enables an attacker to cause arbitrary code to be run. These versions are not susceptible to CVE-2006-2199 because Java is not enabled in those builds.

tags | advisory, java, denial of service, arbitrary, vulnerability
MD5 | 0460f89363504be3c50bba3ca1118b26
rPSA-2006-0170-1.txt
Posted Sep 27, 2006
Site security.rpath.com

rPath Security Advisory: 2006-0170-1 - Previous versions of the gzip package contain multiple vulnerabilities that enable user-complicit unauthorized access when a user attempts to gunzip intentionally malformed gzip files. Some network services will automatically run the gunzip program in some contexts, which may then enable direct unauthorized access to the user account that provides the network service.

tags | advisory, vulnerability
MD5 | bc9030050a66cde7562425954c30e607
rPSA-2006-0133-1.txt
Posted Jul 24, 2006
Site rpath.com

rPath Security Advisory - Previous versions of the libpng package contain a weakness in processing images that is known to create a denial of service vulnerability and is expected also to allow unauthorized access. This weakness is triggered by malformed png images that may be provided to applications such as web browsers by an attacker.

tags | advisory, web, denial of service
advisories | CVE-2006-3334
MD5 | 1d0c68d75558c7cb23fa60aff9a2c2ba
rPSA-2006-0132-1.txt
Posted Jul 24, 2006
Site rpath.com

rPath Security Advisory - All versions of the ethereal and tethereal packages contain vulnerabilities in packet dissector modules, which may allow various attacks including subverting the user who is running ethereal. Since ethereal is generally run as root to view network traffic directly, this may allow complete access to the vulnerable system.

tags | advisory, root, vulnerability
advisories | CVE-2006-3627, CVE-2006-3628, CVE-2006-3629, CVE-2006-3630, CVE-2006-3631, CVE-2006-3632
MD5 | d8e3bc787a728a7ac2c7e8b25b1a7ea9
rPSA-2006-0122-2.txt
Posted Jul 14, 2006
Authored by Justin M. Forbes | Site issues.rpath.com

rPath Security Advisory: 2006-0122-2 - Previous versions of the kernel package have two specific vulnerabilities that are addressed in this version.

tags | advisory, kernel, vulnerability
MD5 | 4697379fff61abd6cca27cfd433f2738
rPSA-2006-0122-1.txt
Posted Jul 9, 2006
Site rpath.com

rPath Security Advisory: 2006-0122-1 - Multiple kernel vulnerabilities have been address in rPath Linux.

tags | advisory, kernel, vulnerability
systems | linux
advisories | CVE-2006-2451, CVE-2006-2934
MD5 | 7a4b5ddb74df294bf08d5dc2a05b86df
rPSA-2006-0110-1.txt
Posted Jun 27, 2006
Authored by Justin M. Forbes | Site issues.rpath.com

In previous kernel 2.6 versions, systems that use the SCTP protocol are vulnerable to remote denial of service attacks including remotely-triggered kernel crashes, and all systems are vulnerable to local denial of service including locally-triggered kernel hangs.

tags | advisory, remote, denial of service, kernel, local, protocol
advisories | CVE-2006-2445, CVE-2006-2448, CVE-2006-3085
MD5 | eafcab34014851c4bb87eedcd0cec89b
rPSA-2006-0106-1.txt
Posted Jun 26, 2006
Authored by rPath

KDM allows the user to select the session type for login. This setting is stored in the user home directory. Previous versions of KDM will follow a symbolic link and can thus disclose the contents of any file on the system (such as /etc/shadow) to arbitrary users. KDM is not the default window manager on rPath Linux.

tags | advisory, arbitrary
systems | linux
advisories | CVE-2006-2449
MD5 | e3cab958613f46f6b8e39f96497d4d7e
rPSA-2006-0100-1.txt
Posted Jun 14, 2006
Site rpath.com

rPath Security Advisory: 2006-0100-1: Previous versions of the freetype library contain multiple integer overflow weaknesses which allow remote providers of font files (which may include fonts embedded in documents such as PDF files) to cause applications to crash, and may possibly also allow them to execute arbitrary code as the user accessing the files.

tags | advisory, remote, overflow, arbitrary
MD5 | c8a45d67240c5bb1558c72a1ed900c0b
rPSA-2006-0099-1.txt
Posted Jun 11, 2006
Site issues.rpath.com

rPath Security Advisory: 2006-0099-1 - openldap

tags | advisory
MD5 | c4fe5567218d12639f2ee8685cc705ae
rPSA-2006-0098-1.txt
Posted Jun 11, 2006
Site issues.rpath.com

rPath Security Advisory: 2006-0098-1 - gdm

tags | advisory
MD5 | 8bd0987bb5e6ab58b5ce49652f286258
rPSA-2006-0096-1.txt
Posted Jun 11, 2006
Site issues.rpath.com

rPath Security Advisory: 2006-0096-1 - spamassassin

tags | advisory
MD5 | 372ee029ebcf01f0913cb179f475936e
rPSA-2006-0091-1.txt
Posted Jun 3, 2006
Site rpath.com

rPath Security Advisory: 2006-0091-1 Previous versions of the firefox browser and thunderbird mail user agent have multiple vulnerabilities, some of which allow remote servers to compromise user accounts. The firefox browser is the default browser on rPath Linux, and all users are strongly recommended to update firefox and thunderbird as soon as possible.

tags | advisory, remote, vulnerability
systems | linux
MD5 | 857028804106240fae18fd930a8426e0
rPSA-2006-0089-1.txt
Posted Jun 1, 2006
Site rpath.com

rPath Security Advisory: 2006-0089-1 Previous versions of mysql server and client libraries contain weaknesses parsing certain character encodings (such as SJIS, BIG5 and GBK, but not ASCII) which, when using the vulnerable encodings, can enable SQL injection attacks against applications (particularly web applications) which use non-standard escaping of quote characters.

tags | advisory, web, sql injection
MD5 | a74dbe1f9fc5cecf48bacdfb84ae5705
rPSA-2006-0087-1.txt
Posted Jun 1, 2006
Site rpath.com

rPath Security Advisory: 2006-0087-1 - Previous versions of the kernel package have a small information leak that exposes 6 bytes of arbitrary kernel memory when the getsockopt system call is called with the SO_ORIGINAL_DST argument. An attacking program cannot choose which 6 bytes of memory are exposed.

tags | advisory, arbitrary, kernel
MD5 | 7e81b9b189b20b99bcf3baa607ee290d
rPSA-2006-0084-1.txt
Posted May 29, 2006
Site rpath.com

rPath Security Advisory: 2006-0084-1 Previous versions of fetchmail, when talking to a hostile (possibly compromised) mail server, are vulnerable to possible denial of service or user compromise.

tags | advisory, denial of service
MD5 | 7da148d0dd58c3d807e8a6e160239dc6
Page 1 of 2
Back12Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close