Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
|
|
| |
|
| |
Security
Safe configuration of DNS
A group called The Measurement Factory has put out a press
release to call attention to a recent survey of DNS servers. It seems
that, according to TMF, the majority of publicly-available nameservers are
configured incorrectly, and are vulnerable to denial of service and
pharming attacks. In most cases, fixing the problems is a relatively
straightforward operation.
Pharming refers to the use of cache poisoning attacks to hijack a domain
name. If an attacker can convince your nameserver to return a bogus
address for a known domain, your attempts to access a bank or other online
financial-related site can be redirected to a malicious site. Many users
have learned to enter domains for financial sites themselves, rather than,
say, clicking on a random link which showed up in their mailbox. A
pharming attack, however, can lead to the same result as a successful
phish: account names, passwords, and credit card numbers can be captured.
So what are all of those DNS administrators doing wrong? The biggest
problem, according to TMF, is that publicly-available nameservers are
configured to perform recursive lookups for anybody who asks. If an
attacker can request an arbitrary, recursive lookup, that attacker can get
the target nameserver to contact - and accept data from - a malicious
server. The malicious server can pass back incorrect information, which
the target server may then cache and return to users. The solution in this
case is to limit recursive queries to internal hosts; with bind, the
allow-recursion option can be used to this effect.
The survey also notes that some 40% of sites on the net allow zone
transfers to arbitrary sites. These transfers can disclose more
information than one might like; they also represent a denial of service
opportunity. Finally, the survey notes that a fair number of sites place
their secondary servers on the same subnet as the primary, leading to
obvious single point of failure issues.
Security issues with DNS servers have been relatively rare in recent
times. A nameserver is only as secure as its configuration, however.
Auditing nameservers for these issues in the near future might not be a bad
idea.
Comments (15 posted)
New vulnerabilities
chkstat: information disclosure
| Package(s): | chkstat |
CVE #(s): | |
| Created: | October 24, 2005 |
Updated: | October 25, 2005 |
| Description: |
SUSE LINUX ships with three pre defined sets of permissions, 'easy',
'secure' and 'paranoid'. The chkstat program contained in the permissions
package is used to set those permissions to the chosen level. Level 'easy'
which is the default allows some world writeable
directories. /usr/src/packages/RPMS and subdirectories is among them. To
prevent users from playing tricks in there e.g. linking to /etc/shadow
chkstat doesn't touch symlinks or files with an hardlink count != 1.
Stefan Nordhausen discovered a way to trick this check. To gain access to
e.g. /etc/shadow a malicious user has to place a hardlink to that file at a
place that is modified by chkstat. chkstat will not touch the file because
it has a hardlink count of two. However, if the administrator modifies the
user database the original /etc/shadow gets deleted and replaced by a new
one. That means the hardlink count of the file created by the malicious
user drops to one. At this point chkstat will modify the file's
permissions so anyone can read it. So it's technically impossible for
chkstat to modify permissions of files in world writeable directories in a
secure way. |
| Alerts: |
|
Comments (none posted)
enigmail: information disclosure
| Package(s): | enigmail |
CVE #(s): | CVE-2005-3256
|
| Created: | October 20, 2005 |
Updated: | December 13, 2005 |
| Description: |
The key selection dialog from the Mozilla Thunderbird enigmail plugin
has an information disclosure vulnerability.
A key with an empty user id from a user's keyring will be used by
default, allowing a message to be decrypted. This can lead to an
unauthorized information disclosure. |
| Alerts: |
|
Comments (none posted)
eric: missing input sanitizing
| Package(s): | eric |
CVE #(s): | CAN-2005-3068
|
| Created: | October 21, 2005 |
Updated: | October 25, 2005 |
| Description: |
The developers of eric, a full featured Python IDE, have fixed a bug
in the processing of project files that could lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
ethereal: multiple vulnerabilities
Comments (none posted)
fetchmailconf: insecure file creation
| Package(s): | fetchmail |
CVE #(s): | CVE-2005-3088
|
| Created: | October 26, 2005 |
Updated: | November 22, 2005 |
| Description: |
The fetchmailconf utility can create files which are world-readable for a brief period. These files may contain passwords, and thus should not be created in this manner.
|
| Alerts: |
|
Comments (none posted)
libgda2: format string vulnerabilities
| Package(s): | libgda2 |
CVE #(s): | CAN-2005-2958
|
| Created: | October 25, 2005 |
Updated: | November 18, 2005 |
| Description: |
Steve Kemp discovered two format string vulnerabilities in libgda2,
the GNOME Data Access library for GNOME2, which may lead to the
execution of arbitrary code in programs that use this library. |
| Alerts: |
|
Comments (none posted)
module-assistant: insecure temp file
| Package(s): | module-assistant |
CVE #(s): | CAN-2005-3121
|
| Created: | October 20, 2005 |
Updated: | October 25, 2005 |
| Description: |
The module-assistant package creation tool creates an insecure
temporary file. |
| Alerts: |
|
Comments (none posted)
pam: brute-force vulnerability
| Package(s): | pam |
CVE #(s): | CVE-2005-2977
|
| Created: | October 26, 2005 |
Updated: | October 28, 2005 |
| Description: |
The pam unix_chkpwd utility can, when SELinux is enabled, be used by a local attacker to perform brute-force password guessing. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: local file inclusion and XSS
| Package(s): | phpmyadmin |
CVE #(s): | CVE-2005-2869
CVE-2005-3300
CVE-2005-3301
|
| Created: | October 25, 2005 |
Updated: | November 18, 2005 |
| Description: |
Stefan Esser discovered that by calling certain PHP files directly, it
was possible to workaround the grab_globals.lib.php security model and
overwrite the $cfg configuration array. Systems running PHP in safe
mode are not affected. Futhermore, Tobias Klein reported several
cross-site-scripting issues resulting from insufficient user input
sanitizing. A local attacker may exploit this vulnerability by sending
malicious requests, causing the execution of arbitrary code with the rights
of the user running the web server. Furthermore, the cross-site scripting
issues give a remote attacker the ability to inject and execute malicious
script code or to steal cookie-based authentication credentials,
potentially compromising the victim's browser. |
| Alerts: |
|
Comments (none posted)
squid: denial of service
| Package(s): | squid |
CVE #(s): | CVE-2005-3258
|
| Created: | October 20, 2005 |
Updated: | October 27, 2005 |
| Description: |
Squid, a proxy caching server for Web clients, has a denial of
service vulnerability, it can be caused to crash by sending a
malformed FTP response. |
| Alerts: |
|
Comments (none posted)
sudo: missing input sanitizing
| Package(s): | sudo |
CVE #(s): | CVE-2005-2959
|
| Created: | October 25, 2005 |
Updated: | February 19, 2006 |
| Description: |
Tavis Ormandy noticed that sudo, a program that provides limited super
user privileges to specific users, does not clean the environment
sufficiently. The SHELLOPTS and PS4 variables are dangerous and are
still passed through to the program running as privileged user. This
can result in the execution of arbitrary commands as privileged user
when a bash script is executed. These vulnerabilities can only be
exploited by users who have been granted limited super user
privileges. |
| Alerts: |
|
Comments (none posted)
Zope: file inclusion through RestructuredText
| Package(s): | zope |
CVE #(s): | |
| Created: | October 25, 2005 |
Updated: | October 25, 2005 |
| Description: |
Zope honors file inclusion directives in RestructuredText objects by
default. An attacker could exploit the vulnerability by sending malicious
input that would be interpreted in a RestructuredText Zope object,
potentially resulting in the execution of arbitrary Zope code with the
rights of the Zope server. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
a2ps: input validation error
| Package(s): | a2ps |
CVE #(s): | CAN-2004-1170
CAN-2004-1377
|
| Created: | November 26, 2004 |
Updated: | December 19, 2005 |
| Description: |
The GNU a2ps utility fails to properly sanitize filenames, which can be
abused by a malicious user to execute arbitrary commands with the
privileges of the user running the vulnerable application. More
information at Security
Focus. |
| Alerts: |
|
Comments (none posted)
abiword: buffer overflow
| Package(s): | abiword |
CVE #(s): | CAN-2005-2964
|
| Created: | September 29, 2005 |
Updated: | November 14, 2005 |
| Description: |
The RTF import module of the AbiWord word processor has a
buffer overflow vulnerability. A user can be tricked into
opening a maliciously crafted RTF file, giving the attacker
the ability to execute code with the permissions of the user. |
| Alerts: |
|
Comments (none posted)
apache information disclosure if modssl=yes
| Package(s): | apache |
CVE #(s): | CAN-2005-2700
|
| Created: | September 2, 2005 |
Updated: | November 10, 2005 |
| Description: |
An information disclosure vulnerability was discovered in mod_ssl, the SSL/TLS module of the Apache webserver. When "SSLVerifyClient optional" was configured in the global virtual host configuration, an "SSLVerifyClient require" in per-location context was not enforced.
|
| Alerts: |
|
Comments (none posted)
httpd: off-by-one overflow and cross-site scripting
| Package(s): | apache httpd |
CVE #(s): | CAN-2005-1268
CAN-2005-2088
|
| Created: | July 25, 2005 |
Updated: | November 7, 2005 |
| Description: |
Watchfire reported a flaw that occurred when using the Apache server as an
HTTP proxy. A remote attacker could send an HTTP request with both a
"Transfer-Encoding: chunked" header and a "Content-Length" header. This
caused Apache to incorrectly handle and forward the body of the request in
a way that the receiving server processes it as a separate HTTP request.
This could allow the bypass of Web application firewall protection or lead
to cross-site scripting (XSS) attacks.
Marc Stern reported an off-by-one overflow in the mod_ssl CRL verification
callback. In order to exploit this issue the Apache server would need to
be configured to use a malicious certificate revocation list (CRL). |
| Alerts: |
|
Comments (none posted)
awstats: command injection vulnerability
| Package(s): | awstats |
CVE #(s): | CAN-2005-1527
|
| Created: | August 11, 2005 |
Updated: | November 10, 2005 |
| Description: |
AWStats has a command injection vulnerability that can
be exploited by specially crafting referrer URLs that
contain Perl code. The code can then be executed with the
privileges of the web server. |
| Alerts: |
|
Comments (2 posted)
bzip2: race condition and infinite loop
| Package(s): | bzip2 |
CVE #(s): | CAN-2005-0953
CAN-2005-1260
|
| Created: | May 17, 2005 |
Updated: | January 10, 2007 |
| Description: |
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor. |
| Alerts: |
|
Comments (2 posted)
common-lisp-controller: design error
| Package(s): | common-lisp-controller |
CVE #(s): | CAN-2005-2657
|
| Created: | September 14, 2005 |
Updated: | November 21, 2005 |
| Description: |
François-René Rideau discovered a bug in common-lisp-controller, a
Common Lisp source and compiler manager, that allows a local user to
compile malicious code into a cache directory which is executed by
another user if that user has not used Common Lisp before.
|
| Alerts: |
|
Comments (none posted)
cpio: directory traversal
| Package(s): | cpio |
CVE #(s): | CAN-2005-1111
|
| Created: | June 20, 2005 |
Updated: | December 26, 2005 |
| Description: |
There is a vulnerability in
cpio (2.6 and previous) that allows a malicious cpio file to
extract to an arbitrary directory of the attackers choice. cpio will
extract to the path specified in the cpio file, this path can be absolute. |
| Alerts: |
|
Comments (1 posted)
curl/wget: NTLM username buffer overflow
| Package(s): | curl wget |
CVE #(s): | CAN-2005-3185
|
| Created: | October 14, 2005 |
Updated: | November 7, 2005 |
| Description: |
A vulnerability in libcurl's NTLM function can overflow a stack-based
buffer if given too long a user name or domain name in NTLM authentication
is enabled and either a) pass a user and domain name to libcurl that
together are longer than 192 bytes or b) allow (lib)curl to follow HTTP
redirects and the new URL contains a URL with a user and domain name that
together are longer than 192 bytes. See this iDEFENSE Labs advisory for more details. |
| Alerts: |
|
Comments (none posted)
cyrus-imapd: buffer overflows
| Package(s): | cyrus-imapd |
CVE #(s): | CAN-2005-0546
|
| Created: | February 23, 2005 |
Updated: | April 9, 2006 |
| Description: |
Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system. |
| Alerts: |
|
Comments (none posted)
dia: missing input sanitizing
| Package(s): | dia |
CVE #(s): | CAN-2005-2966
|
| Created: | October 4, 2005 |
Updated: | April 6, 2006 |
| Description: |
Joxean Koret discovered that the SVG import plugin did not properly
sanitize data read from an SVG file. By tricking an user into opening
a specially crafted SVG file, an attacker could exploit this to
execute arbitrary code with the privileges of the user. |
| Alerts: |
|
Comments (none posted)
elm: buffer overflow
| Package(s): | elm |
CVE #(s): | CAN-2005-2665
|
| Created: | August 23, 2005 |
Updated: | November 10, 2005 |
| Description: |
A buffer overflow flaw in Elm was
discovered that was triggered by viewing a mailbox containing a message
with a carefully crafted 'Expires' header. An attacker could create a
malicious message that would execute arbitrary code with the privileges of
the user who received it. |
| Alerts: |
|
Comments (none posted)
emacs21: format string vulnerability in "movemail"
| Package(s): | emacs21 |
CVE #(s): | CAN-2005-0100
|
| Created: | February 7, 2005 |
Updated: | May 15, 2006 |
| Description: |
Max Vozeler discovered a format string vulnerability in the "movemail"
utility of Emacs. By sending specially crafted packets, a malicious
POP3 server could cause a buffer overflow, which could be exploited to
execute arbitrary code with the privileges of the user and the "mail"
group. |
| Alerts: |
|
Comments (none posted)
enscript: arbitrary code execution
| Package(s): | enscript |
CVE #(s): | CAN-2004-1184
CAN-2004-1185
CAN-2004-1186
|
| Created: | January 21, 2005 |
Updated: | May 27, 2006 |
| Description: |
Erik Sjölund has discovered several security relevant problems in enscript,
a program to convert ASCII text into Postscript and other formats.
Unsanitized input can cause the execution of arbitrary commands via EPSF
pipe support. Due to missing sanitizing of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be executed.
Multiple buffer overflows can cause the program to crash. |
| Alerts: |
|
Comments (none posted)
evolution: format string issues
Comments (2 posted)
firefox: multiple vulnerabilities
Comments (none posted)
Foomatic: Arbitrary command execution in foomatic-rip
| Package(s): | foomatic |
CVE #(s): | CAN-2004-0801
|
| Created: | September 20, 2004 |
Updated: | May 31, 2006 |
| Description: |
There is a vulnerability in the foomatic-filters package. This
vulnerability is due to insufficient checking of command-line parameters
and environment variables in the foomatic-rip filter. This vulnerability
may allow both local and remote attackers to execute arbitrary commands on
the print server with the permissions of the spooler. |
| Alerts: |
|
Comments (none posted)
gaim: buffer overflow
| Package(s): | gaim |
CVE #(s): | CAN-2005-2103
|
| Created: | August 10, 2005 |
Updated: | February 27, 2006 |
| Description: |
Gaim suffers from a heap-based buffer overflow which can be exploited via a hostile "away message" to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
gdb: multiple vulnerabilities
| Package(s): | gdb |
CVE #(s): | CAN-2005-1704
CAN-2005-1705
|
| Created: | May 20, 2005 |
Updated: | August 11, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer
overflow in the BFD library, resulting in a heap overflow. A review also
showed that by default, gdb insecurely sources initialization files from
the working directory. Successful exploitation would result in the
execution of arbitrary code on loading a specially crafted object file or
the execution of arbitrary commands. |
| Alerts: |
|
Comments (5 posted)
gtk-pixbuf, gtk2: denial of service
| Package(s): | gdk-pixbuf gtk2 |
CVE #(s): | CAN-2005-0891
|
| Created: | March 30, 2005 |
Updated: | December 19, 2005 |
| Description: |
The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file.
|
| Alerts: |
|
Comments (none posted)
gettext: Insecure temporary file handling
| Package(s): | gettext |
CVE #(s): | CAN-2004-0966
|
| Created: | October 11, 2004 |
Updated: | March 1, 2006 |
| Description: |
gettext insecurely creates temporary files in world-writeable directories
with predictable names. A local attacker could create symbolic links in
the temporary files directory, pointing to a valid file somewhere on the
filesystem. When gettext is called, this would result in file access with
the rights of the user running the utility, which could be the root user. |
| Alerts: |
|
Comments (1 posted)
glibc: tempfile vulnerability in catchsegv script
| Package(s): | glibc |
CVE #(s): | CAN-2004-0968
|
| Created: | October 21, 2004 |
Updated: | November 14, 2005 |
| Description: |
The catchsegv script in the glibc package has a symlink vulnerability
that may allow a local user to overwrite arbitrary
files with the permissions of the user that is running the script. |
| Alerts: |
|
Comments (none posted)
graphviz: insecure temporary file
| Package(s): | graphviz |
CVE #(s): | CAN-2005-2965
|
| Created: | October 10, 2005 |
Updated: | October 21, 2005 |
| Description: |
Javier Fernández-Sanguino Peña discovered insecure temporary file
creation in graphviz, a rich set of graph drawing tools, that can be
exploited to overwrite arbitrary files by a local attacker. |
| Alerts: |
|
Comments (none posted)
groff: insecure temporary directory
| Package(s): | groff |
CVE #(s): | CAN-2004-0969
|
| Created: | November 1, 2004 |
Updated: | February 9, 2006 |
| Description: |
Recently, Trustix Secure Linux discovered a vulnerability in the groff
package. The utility "groffer" created a temporary directory in an
insecure way, which allowed exploitation of a race condition to create
or overwrite files with the privileges of the user invoking the
program. |
| Alerts: |
|
Comments (none posted)
gzip: arbitrary command execution
| Package(s): | gzip |
CVE #(s): | CAN-2005-0758
|
| Created: | August 1, 2005 |
Updated: | January 9, 2007 |
| Description: |
zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|'
and '&' properly when they occurred in input file names. This could be
exploited to execute arbitrary commands with user privileges if zgrep is
run in an untrusted directory with specially crafted file names. |
| Alerts: |
|
Comments (2 posted)
htdig: cross site scripting
| Package(s): | htdig |
CVE #(s): | CAN-2005-0085
|
| Created: | February 14, 2005 |
Updated: | January 10, 2006 |
| Description: |
Michael Krax discovered that ht://Dig fails to validate the 'config'
parameter before displaying an error message containing the parameter.
This flaw could allow an attacker to conduct cross-site scripting
attacks. |
| Alerts: |
|
Comments (none posted)
imap: buffer overflow in c-client
| Package(s): | imap |
CVE #(s): | CAN-2003-0297
|
| Created: | February 18, 2005 |
Updated: | April 9, 2006 |
| Description: |
A buffer overflow flaw was found in the c-client IMAP client. An attacker
could create a malicious IMAP server that if connected to by a victim could
execute arbitrary code on the client machine. |
| Alerts: |
|
Comments (none posted)
imlib2: buffer overflows
| Package(s): | imlib2 |
CVE #(s): | CAN-2004-0802
CAN-2004-0817
|
| Created: | September 8, 2004 |
Updated: | October 26, 2005 |
| Description: |
The imlib2 library contains buffer overflows in the BMP handling code. |
| Alerts: |
|
Comments (none posted)
junkbuster: heap corruption and settings modification
| Package(s): | junkbuster |
CVE #(s): | CVE-2005-1108
CVE-2005-1109
|
| Created: | April 13, 2005 |
Updated: | November 5, 2005 |
| Description: |
JunkBuster through version 2.02-r2 contains two vulnerabilities: a heap corruption bug and a possible privacy violation. |
| Alerts: |
|
Comments (1 posted)
kdebase: local root vulnerability
| Package(s): | kdebase |
CVE #(s): | CAN-2005-2494
|
| Created: | September 7, 2005 |
Updated: | August 11, 2006 |
| Description: |
The kdebase package (and kcheckpass in particular) found in KDE versions 3.2.0 through 3.4.2 suffers from a lock file handling error which can enable a local attacker to obtain root access. See this advisory for details. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | November 27, 2006 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
Comments (none posted)
koffice: KWord RTF import buffer overflow
| Package(s): | koffice |
CVE #(s): | CAN-2005-2971
|
| Created: | October 12, 2005 |
Updated: | November 7, 2005 |
| Description: |
The KOffice RTF import module suffers from a buffer overflow vulnerability
which could be exploited via a malicious RTF file. See the KDE
advisory for details. |
| Alerts: |
|
Comments (none posted)
krb5: double-free flaw
| Package(s): | krb5 |
CVE #(s): | CAN-2004-0175
CAN-2005-0488
CAN-2005-1175
CAN-2005-1689
|
| Created: | July 12, 2005 |
Updated: | December 6, 2005 |
| Description: |
The krb5 authentication has a double-free flaw which may be
initiated by a remote unauthenticated attacker.
Also, a single byte heap overflow in the krb5_unparse_name() function
can lead to a denial of service and an information disclosure may
be caused by a malicious telnet server. See
This report for more
information. |
| Alerts: |
|
Comments (none posted)
libconvert-uulib-perl: arbitrary code execution
| Package(s): | libconvert-uulib-perl |
CVE #(s): | CAN-2005-1349
|
| Created: | May 20, 2005 |
Updated: | January 27, 2006 |
| Description: |
Mark Martinec and Robert Lewis discovered a buffer overflow in
Convert::UUlib (before 1.051), a Perl interface to the uulib library, which
may result in the execution of arbitrary code. |
| Alerts: |
|
Comments (1 posted)
libdbi-perl: insecure temporary file
| Package(s): | libdbi-perl |
CVE #(s): | CAN-2005-0077
|
| Created: | January 25, 2005 |
Updated: | March 2, 2006 |
| Description: |
Javier Fernández-Sanguino Peña from the Debian Security Audit Project
discovered that the DBI library, the Perl5 database interface, creates
a temporary PID file in an insecure manner. This can be exploited by a
malicious user to overwrite arbitrary files owned by the person
executing the parts of the library. |
| Alerts: |
|
Comments (none posted)
libgadu: memory alignment bug
| Package(s): | libgadu |
CVE #(s): | CAN-2005-2370
|
| Created: | July 29, 2005 |
Updated: | June 25, 2007 |
| Description: |
Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment
error in libgadu (from ekg, console Gadu Gadu client, an instant
messaging program) which is included in gaim, a multi-protocol instant
messaging client, as well. This can not be exploited on the x86
architecture but on others, e.g. on Sparc and lead to a bus error,
in other words a denial of service.
|
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflows in PNG handling
| Package(s): | libgd2 |
CVE #(s): | CAN-2004-0990
CAN-2004-0941
|
| Created: | October 29, 2004 |
Updated: | June 28, 2006 |
| Description: |
Several buffer overflows have been discovered in libgd's PNG handling
functions.
If an attacker tricked a user into loading a malicious PNG image, they
could leverage this into executing arbitrary code in the context of
the user opening image. Most importantly, this library is commonly
used in PHP. One possible target would be a PHP driven photo website
that lets users upload images. Therefore this vulnerability might lead
to privilege escalation to a web server's privileges.
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and
earlier may allow remote attackers to execute arbitrary code via malformed
image files that trigger the overflows due to improper calls to the
gdMalloc function. |
| Alerts: |
|
Comments (none posted)
libnet-ssleay-perl: weakened cryptographic operations
| Package(s): | libnet-ssleay-perl |
CVE #(s): | CAN-2005-0106
|
| Created: | May 3, 2005 |
Updated: | January 27, 2006 |
| Description: |
Javier Fernandez-Sanguino Pena discovered that this library used the
file /tmp/entropy as a fallback entropy source if a proper source was
not set in the environment variable EGD_PATH. This can potentially
lead to weakened cryptographic operations if an attacker provides a
/tmp/entropy file with known content. |
| Alerts: |
|
Comments (none posted)
libpam-ldap: authentication bypass
|
|