what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Linux Security Checklist Tool 2.0.3
Posted Feb 3, 2011
Authored by situ

Linux Security Checklist is a perl script that audits a given Linux host and provides recommendations for security enhancements.

tags | tool, perl, checklist, hardening
systems | linux, unix
MD5 | de61268c0257d238151dfd0a513a6d4c

Related Files

Mandriva Linux Security Advisory 2012-138
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-138 - Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with a permissive file mode creation mask. A local attacker could read files and modify directories created by ACPI scripts that did not set a strict umask. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2011-4578
MD5 | 777c252149381fb8d0325b5933f33cc0
Mandriva Linux Security Advisory 2012-137
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-137 - Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power button events. A local attacker could use this to execute arbitrary code, and possibly escalate privileges. Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with a permissive file mode creation mask. A local attacker could read files and modify directories created by ACPI scripts that did not set a strict umask. The updated packages have been patched to correct these issues.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2011-2777, CVE-2011-4578
MD5 | 8bc011636a8c83436319e265b2287d5f
Mandriva Linux Security Advisory 2012-136
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-136 - Multiple cross-site scripting vulnerabilities was discovered by using the Database structure page with a crafted table name. This upgrade provides the latest phpmyadmin version to address this vulnerability.

tags | advisory, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2012-4345
MD5 | 4839c06b99241b09e6a7c6deb114fc98
Mandriva Linux Security Advisory 2012-135
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-135 - The DCP ETSI dissector could trigger a zero division. The MongoDB dissector could go into a large loop. The XTP dissector could go into an infinite loop. The AFP dissector could go into a large loop. The RTPS2 dissector could overflow a buffer. The CIP dissector could exhaust system memory. The STUN dissector could crash. The EtherCAT Mailbox dissector could abort. The CTDB dissector could go into a large loop. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4296, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4290
MD5 | 822678871d09a1b4078a078a693953dd
Mandriva Linux Security Advisory 2012-134
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-134 - The DCP ETSI dissector could trigger a zero division. The MongoDB dissector could go into a large loop. The XTP dissector could go into an infinite loop. The AFP dissector could go into a large loop. The RTPS2 dissector could overflow a buffer. The GSM RLC MAC dissector could overflow a buffer. The CIP dissector could exhaust system memory. The STUN dissector could crash. The EtherCAT Mailbox dissector could abort. The CTDB dissector could go into a large loop. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4296, CVE-2012-4297, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4290
MD5 | 6388d822972ce7cda4c05f83a081efee
Mandriva Linux Security Advisory 2012-133
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-133 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the usbmux user. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0065
MD5 | c032d5f8c5c4e9b7deb21e28210513f8
Mandriva Linux Security Advisory 2012-132
Posted Aug 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-132 - Multiple cross-site request forgery and cross-site scripting flaws has been found and corrected in GLPI. This advisory provides the latest version of GLPI which are not vulnerable to these issues. Additionally the latest versions of the corresponding plugins are also being provided.

tags | advisory, xss, csrf
systems | linux, mandriva
advisories | CVE-2012-4002, CVE-2012-4003
MD5 | d18e42a2cd6e2637f5ed1819e471dbd3
Debian Security Advisory 2530-1
Posted Aug 15, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2530-1 - Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access.

tags | advisory, shell
systems | linux, debian
advisories | CVE-2012-3478
MD5 | c1009e26e8fe5261ade18b3611632454
Debian Security Advisory 2529-1
Posted Aug 15, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2529-1 - Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework.

tags | advisory, web, vulnerability, python
systems | linux, debian
advisories | CVE-2012-3442, CVE-2012-3443, CVE-2012-3444
MD5 | aa54004a5bc8a82e1f64044c06bdd517
Gentoo Linux Security Advisory 201208-06
Posted Aug 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-6 - A vulnerability in libgdata could allow remote attackers to perform man-in-the-middle attacks. Versions less than 0.8.1-r2 are affected.

tags | advisory, remote
systems | linux, gentoo
advisories | CVE-2012-1177
MD5 | ac6d8830da9ce1dd4fa6e0d9e344cc5b
Gentoo Linux Security Advisory 201208-05
Posted Aug 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-5 - An insecure temporary file usage has been reported in the Perl Config-IniFiles module, possibly allowing symlink attacks. Versions below 2.710.0 are affected.

tags | advisory, perl
systems | linux, gentoo
advisories | CVE-2012-2451
MD5 | 839c4b0674c414683b044d56b5f91739
Gentoo Linux Security Advisory 201208-04
Posted Aug 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-4 - Multiple vulnerabilities have been found in Gajim, the worst of which may allow execution of arbitrary code. Versions less than 0.15-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2085, CVE-2012-2086, CVE-2012-2093
MD5 | 03e05f1028baca87bd39163d95bbf1aa
Gentoo Linux Security Advisory 201208-03
Posted Aug 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-3 - Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Versions less than 21.0.1180.57 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2815, CVE-2012-2817, CVE-2012-2818, CVE-2012-2819, CVE-2012-2820, CVE-2012-2821, CVE-2012-2823, CVE-2012-2824, CVE-2012-2825, CVE-2012-2826, CVE-2012-2829, CVE-2012-2830, CVE-2012-2831, CVE-2012-2834, CVE-2012-2842, CVE-2012-2843, CVE-2012-2846, CVE-2012-2847, CVE-2012-2848, CVE-2012-2849, CVE-2012-2853, CVE-2012-2854, CVE-2012-2857, CVE-2012-2858, CVE-2012-2859, CVE-2012-2860
MD5 | c93f131a3c9d50bdc36f39c74cd08976
Gentoo Linux Security Advisory 201208-02
Posted Aug 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-2 - Multiple vulnerabilities have been found in Puppet, the worst of which could lead to execution of arbitrary code. Versions less than 2.7.13 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-1906, CVE-2012-1986, CVE-2012-1987, CVE-2012-1988, CVE-2012-1989
MD5 | fe3df529360a039d9bd339462a94dbad
Gentoo Linux Security Advisory 201208-01
Posted Aug 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-1 - A buffer overflow in socat might allow remote attackers to execute arbitrary code. Versions less than 1.7.2.1 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2012-0219
MD5 | 2ecdc97078d88a56f5e2a68c4e824d38
Debian Security Advisory 2528-1
Posted Aug 15, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2528-1 - Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-1948, CVE-2012-1950, CVE-2012-1954, CVE-2012-1967
MD5 | 31a3e0efb329cec09b717d8863928340
Mandriva Linux Security Advisory 2012-131
Posted Aug 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-131 - Just Ferguson discovered that libotr, an off-the-record messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2012-3461
MD5 | b8b70f930c48d345d591fb1691e722a0
Mandriva Linux Security Advisory 2012-130
Posted Aug 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-130 - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-1164
MD5 | ba86740f6b87e91bfa27d872582bc9b5
Debian Security Advisory 2527-1
Posted Aug 14, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2527-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2012-2688, CVE-2012-3450
MD5 | a80818cca6a2d9c6f86f619a3eebb81e
Debian Security Advisory 2526-1
Posted Aug 13, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2526-1 - Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2012-3461
MD5 | 44b562511685ea6c899304c4ec4d04f2
Mandriva Linux Security Advisory 2012-129-1
Posted Aug 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-129 - The decompress function in ncompress allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues. The wrong set of packages was sent out with the MDVSA-2012:129 advisory that lacked the fix for CVE-2006-1168. This advisory provides the correct packages.

tags | advisory, remote, denial of service, arbitrary, shell, code execution
systems | linux, mandriva
advisories | CVE-2006-1168, CVE-2011-2716
MD5 | 629bfadebef039bc82d2de1b31d27b05
Mandriva Linux Security Advisory 2012-129
Posted Aug 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-129 - The decompress function in ncompress allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, arbitrary, shell, code execution
systems | linux, mandriva
advisories | CVE-2006-1168, CVE-2011-2716
MD5 | ddf296f9e839a96a96f6ed269121b40c
Mandriva Linux Security Advisory 2012-128
Posted Aug 9, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-128 - A stack-based buffer overflow flaw was found in the way bash, the GNU Bourne Again shell, expanded certain /dev/fd file names when checking file names and evaluating /dev/fd file names in conditional command expressions. A remote attacker could provide a specially-crafted Bash script that, when executed, would cause the bash executable to crash. Additionally the official patches 011 to 037 for bash-4.2 has been applied which resolves other issues found, including the CVE-2012-3410 vulnerability.

tags | advisory, remote, overflow, shell, bash
systems | linux, mandriva
advisories | CVE-2012-3410
MD5 | b61ff3d76f0f5d221973e1b49e1ba500
Mandriva Linux Security Advisory 2012-127
Posted Aug 8, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-127 - A heap-based buffer overflow flaw was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF image format files, performed write of TIFF image content into particular PDF document file, when not properly initialized T2P context struct pointer has been provided by tiff2pdf as one of parameters for the routine performing the write. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary. The updated packages have been patched to correct this issue.

tags | advisory, remote, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2012-3401
MD5 | db8d0b363dfcfc4309ef12c2ff94adb3
Mandriva Linux Security Advisory 2012-126
Posted Aug 8, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-126 - Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2012-2807
MD5 | e9cd2acc91c30a5965909ce6d2d552ce
Page 1 of 4
Back1234Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    23 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    18 Files
  • 31
    Mar 31st
    6 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close