Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
|
|
| |
|
| |
Security
SPF on vger
June 14, 2006
This article was contributed by Jake Edge.
A recent
announcement about adding
Sender Policy Framework (SPF) capabilities
to the machine hosting the linux-kernel mailing list (lkml) has sparked a
lively debate.
The first step, it seems, is to add an SPF record for
vger.kernel.org and later this summer to enable SPF checking on incoming
email. Both steps are controversial and the majority of posters seem to
be against the change, but Matti Aarnio, one of the postmasters
for vger, plans to go ahead with the changes.
SPF is a technique that allows a domain to specify which hosts are allowed
to send email that have an envelope sender (i.e. SMTP MAIL FROM) using that
domain. A domain administrator adds a TXT record to the DNS entry for
the domain that describes all hosts allowed to send mail. This allows
receiving Mail Transfer Agents (MTAs) to look up the SPF record and
determine whether the domain
in the envelope has been forged -- at least in theory.
Unfortunately, there are a number of problems with this scheme, most having
to do with email forwarding. Consider the case where a user has a yahoo.com
email account that they are forwarding to their ISP. When yahoo forwards
email that it receives, it uses the original envelope sender, but that domain
has almost certainly not listed yahoo.com as an authorized sender. The
same issue occurs if a user is trying to use their yahoo.com email as
the sender, but are required to use their ISP's SMTP server. In that case,
Yahoo will rightly not have the ISP listed as a legitimate sender for
their domain.
The SPF folks have suggested
solutions for these
problems, but many of them require fundamental changes in how MTAs operate.
The Sender Rewriting Scheme
(SRS) proposal
in particular breaks longstanding email tradition by having forwarding
MTAs change the envelope sender as they forward email. Opponents of SPF
not only argue that changing this tradition is a bad idea, but also that it
is very unlikely to be widely implemented any time soon. Additionally,
Mail User Agents (MUAs) would need to learn about SRS encoding in order to
parse sender addresses for filtering email at the user end.
SPF does provide a way to definitively determine that an email is
coming from
an authorized host, but failing the SPF check does not in any way imply that
the email is invalid, as the mail could have been forwarded by a non-SRS
compliant MTA.
The main benefit for domains that publish SPF
records may be a reduction in the blowback from a 'joe job' (a spammer
uses a victim domain as the sender on a large amount of spam, some of which
bounces, leaving the victim to deal with all the bounce messages).
Opponents
point out that
because of the forwarding problems, publishing an SPF record for your
domain essentially asks other MTAs to mark perfectly valid mail as suspicious
at best and forged at worst. Worse yet, some mail administrators are
configuring their MTAs to reject mail that fails SPF checking.
For the lkml, the immediate impact will be minimal, but still annoying to
some. People who have subscribed using addresses that are forwarded to
SPF-checking ISPs may no longer receive emails from the list. Some list
archiving software may also be affected. Once SPF checking is enabled, some
users may find their mail getting rejected depending on how strictly
the SPF policy is enforced. Expect another hue and cry on the lkml when
and if that happens.
Comments (20 posted)
New vulnerabilities
courier: denial of service
| Package(s): | courier |
CVE #(s): | CVE-2006-2659
|
| Created: | June 9, 2006 |
Updated: | August 4, 2006 |
| Description: |
A denial of service vulnerability has been found in the function for
encoding email addresses. Addresses containing a '=' before the '@'
character caused the Courier to hang in an endless loop, rendering the
service unusable. |
| Alerts: |
|
Comments (none posted)
dhcdbd: denial of service
| Package(s): | dhcdbd |
CVE #(s): | |
| Created: | June 14, 2006 |
Updated: | June 14, 2006 |
| Description: |
The dhcbcd daemon can be made to crash by invalid DHCP responses, causing NetworkManager to fail to work. |
| Alerts: |
|
Comments (none posted)
freetype: integer overflows
| Package(s): | freetype |
CVE #(s): | CVE-2006-0747
CVE-2006-1861
CVE-2006-2493
CVE-2006-2661
CVE-2006-3467
|
| Created: | June 8, 2006 |
Updated: | October 10, 2007 |
| Description: |
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user. |
| Alerts: |
|
Comments (none posted)
gdm: privilege escalation
| Package(s): | gdm |
CVE #(s): | CVE-2006-2452
|
| Created: | June 8, 2006 |
Updated: | June 14, 2006 |
| Description: |
gdm has a privilege escalation vulnerability that is tied to the
face browser feature. If face browser is enabled, arbitrary users
can access the gdm configuration screen, a feature that is normally
accessible only to root. Other user accounts, and possibly the root
account can then be subverted. |
| Alerts: |
|
Comments (2 posted)
gforge: cross-site scripting
| Package(s): | gforge |
CVE #(s): | CVE-2005-2430
|
| Created: | June 9, 2006 |
Updated: | June 14, 2006 |
| Description: |
Joxean Koret discovered several cross-site scripting vulnerabilities in
Gforge, an online collaboration suite for software development, which
allow injection of web script code. |
| Alerts: |
|
Comments (none posted)
libgd2: denial of service
| Package(s): | libgd2 |
CVE #(s): | CVE-2006-2906
|
| Created: | June 14, 2006 |
Updated: | January 16, 2007 |
| Description: |
Certain GIF images can cause libgd2 to go into an infinite loop, adversely affecting the performance of image processing applications. |
| Alerts: |
|
Comments (none posted)
libjpeg: Denial of Service
| Package(s): | jpeg libjpeg |
CVE #(s): | |
| Created: | June 12, 2006 |
Updated: | June 14, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Auditing Team discovered that the
vulnerable JPEG library ebuilds compile JPEG without the --maxmem feature
which is not recommended. By enticing a user to load a specially crafted
JPEG image file an attacker could cause a denial of service, due to memory
exhaustion. |
| Alerts: |
|
Comments (none posted)
openldap: stack-based buffer overflow
| Package(s): | openldap |
CVE #(s): | CVE-2006-2754
|
| Created: | June 8, 2006 |
Updated: | June 27, 2006 |
| Description: |
OpenLDAP is vulnerable to a stack-based buffer overflow in the
st.c file from slurpd. Attackers may be able to use a long hostname
to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
squirrelmail: file inclusion vulnerability
| Package(s): | squirrelmail |
CVE #(s): | CVE-2006-2842
|
| Created: | June 8, 2006 |
Updated: | July 11, 2006 |
| Description: |
Squirrelmail, a PHP-based webmail package, has a file inclusion
vulnerability. |
| Alerts: |
|
Comments (none posted)
tor: multiple vulnerabilities
| Package(s): | tor |
CVE #(s): | CVE-2006-0414
|
| Created: | June 8, 2006 |
Updated: | June 14, 2006 |
| Description: |
Tor, an anonymizing communication service implementation, has
multiple vulnerabilities including a buffer overflow, a denial of
service vulnerability and an information leak problem. |
| Alerts: |
|
Comments (none posted)
webcalendar: uninitialized variable
| Package(s): | webcalendar |
CVE #(s): | CVE-2006-2762
|
| Created: | June 13, 2006 |
Updated: | June 14, 2006 |
| Description: |
A vulnerability has been discovered in webcalendar, a PHP-based multi-user
calendar, that allows a remote attacker to execute arbitrary PHP code when
register_globals is turned on. |
| Alerts: |
|
Comments (none posted)
wordpress: arbitrary command execution
| Package(s): | wordpress |
CVE #(s): | CVE-2006-2667
CVE-2006-2702
|
| Created: | June 12, 2006 |
Updated: | June 14, 2006 |
| Description: |
WordPress insufficiently checks the format of cached username data. An
attacker could exploit this vulnerability to execute arbitrary commands by
sending a specially crafted username. As of Wordpress 2.0.2 the user data
cache is disabled as the default. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2006-2802
|
| Created: | June 9, 2006 |
Updated: | September 29, 2006 |
| Description: |
Federico L. Bossi Bonin discovered a buffer overflow in the HTTP input
module. By tricking an user into opening a malicious remote media
location, a remote attacker could exploit this to crash Xine library
frontends (like totem-xine, gxine, or xine-ui) and possibly even
execute arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (none posted)
xine-ui: format string vulnerabilities
| Package(s): | xine-ui |
CVE #(s): | CVE-2006-2230
|
| Created: | June 9, 2006 |
Updated: | January 24, 2007 |
| Description: |
Several format string vulnerabilities have been discovered in xine-ui,
the user interface of the xine video player, which may cause a denial
of service. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
awstats: missing input sanitizing
| Package(s): | awstats |
CVE #(s): | CVE-2006-2237
|
| Created: | May 19, 2006 |
Updated: | June 20, 2006 |
| Description: |
Hendrik Weimer discovered that specially crafted web requests can
cause awstats, a powerful and featureful web server log analyzer, to
execute arbitrary commands. |
| Alerts: |
|
Comments (none posted)
binutils: buffer overflow
| Package(s): | binutils |
CVE #(s): | CVE-2006-2362
|
| Created: | May 27, 2006 |
Updated: | August 29, 2006 |
| Description: |
The GNU Binutils has a buffer overflow vulnerability in libbfd.
Maliciously crafted Tektronix Hex Format files with improper length
characters can cause a crash and possibly lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
blender: integer overflow
| Package(s): | blender |
CVE #(s): | CVE-2005-4470
|
| Created: | January 6, 2006 |
Updated: | June 15, 2006 |
| Description: |
Damian Put discovered that Blender did not properly validate a 'length'
value in .blend files. Negative values led to an insufficiently sized
memory allocation. By tricking a user into opening a specially crafted
.blend file, this could be exploited to execute arbitrary code with the
privileges of the Blender user. |
| Alerts: |
|
Comments (none posted)
busybox: insecure password generation
| Package(s): | busybox |
CVE #(s): | CVE-2006-1058
|
| Created: | May 5, 2006 |
Updated: | May 2, 2007 |
| Description: |
The BusyBox 1.1.1 passwd command does not use a proper salt when generating
passwords. This would create an instance where a brute force attack could
take very little time. |
| Alerts: |
|
Comments (2 posted)
bzip2: race condition and infinite loop
| Package(s): | bzip2 |
CVE #(s): | CAN-2005-0953
CAN-2005-1260
|
| Created: | May 17, 2005 |
Updated: | January 10, 2007 |
| Description: |
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor. |
| Alerts: |
|
Comments (2 posted)
ktools: buffer overflow
| Package(s): | centericq |
CVE #(s): | CVE-2005-3863
|
| Created: | December 7, 2005 |
Updated: | August 29, 2006 |
| Description: |
From the Debian-Testing alert: Mehdi Oudad "deepfear" and Kevin Fernandez "Siegfried" from the Zone-H
Research Team discovered a buffer overflow in kkstrtext.h of the ktools
library, which is included in (at least) centericq and motor. |
| Alerts: |
|
Comments (none posted)
cpio: arbitrary code execution
| Package(s): | cpio |
CVE #(s): | CVE-2005-4268
|
| Created: | January 2, 2006 |
Updated: | May 8, 2007 |
| Description: |
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system). |
| Alerts: |
|
Comments (none posted)
vixie-cron: privilege escalation
| Package(s): | cron |
CVE #(s): | CVE-2006-2607
|
| Created: | May 31, 2006 |
Updated: | July 13, 2006 |
| Description: |
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root. |
| Alerts: |
|
Comments (1 posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2004-2541
|
| Created: | May 22, 2006 |
Updated: | June 12, 2006 |
| Description: |
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target. |
| Alerts: |
|
Comments (1 posted)
curl: heap-based buffer overflow
| Package(s): | curl |
CVE #(s): | CVE-2006-1061
|
| Created: | March 21, 2006 |
Updated: | June 28, 2006 |
| Description: |
Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows
remote attackers to execute arbitrary commands via a TFTP URL (tftp://)
with a valid hostname and a long path. |
| Alerts: |
|
Comments (none posted)
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
| Package(s): | cyrus-sasl |
CVE #(s): | CVE-2006-1721
|
| Created: | April 21, 2006 |
Updated: | September 4, 2007 |
| Description: |
Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5
process that could lead to a Denial of Service. An attacker could possibly
exploit this vulnerability by sending specially crafted data stream to the
Cyrus-SASL server, resulting in a Denial of Service even if the attacker is
not able to authenticate. |
| Alerts: |
|
Comments (none posted)
dia: format string vulnerabilities
| Package(s): | dia |
CVE #(s): | CVE-2006-2453
CVE-2006-2480
|
| Created: | May 24, 2006 |
Updated: | June 8, 2006 |
| Description: |
The dia drawing utility suffers from several format string vulnerabilities exploitable via a maliciously crafted dia file - or a file with a well-chosen name. |
| Alerts: |
|
Comments (none posted)
dovecot: information disclosure
| Package(s): | dovecot |
CVE #(s): | CVE-2006-2414
|
| Created: | May 31, 2006 |
Updated: | June 14, 2006 |
| Description: |
The Dovecot imap server contains a directory traversal vulnerability which could be exploited by authenticated users to read files other than their mailboxes. |
| Alerts: |
|
Comments (1 posted)
firefox: multiple vulnerabilities
Comments (1 posted)
gdb: multiple vulnerabilities
| Package(s): | gdb |
CVE #(s): | CAN-2005-1704
CAN-2005-1705
|
| Created: | May 20, 2005 |
Updated: | August 11, 2006 |
| Description: |
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer
overflow in the BFD library, resulting in a heap overflow. A review also
showed that by default, gdb insecurely sources initialization files from
the working directory. Successful exploitation would result in the
execution of arbitrary code on loading a specially crafted object file or
the execution of arbitrary commands. |
| Alerts: |
|
Comments (5 posted)
gdm: improper file permissions
| Package(s): | gdm |
CVE #(s): | CVE-2006-1057
|
| Created: | April 19, 2006 |
Updated: | May 2, 2007 |
| Description: |
The .ICEauthority file may be created with the wrong ownership and permissions; gdm 2.14.2 fixes the problem. |
| Alerts: |
|
Comments (none posted)
gzip: arbitrary command execution
| Package(s): | gzip |
CVE #(s): | CAN-2005-0758
|
| Created: | August 1, 2005 |
Updated: | January 9, 2007 |
| Description: |
zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|'
and '&' properly when they occurred in input file names. This could be
exploited to execute arbitrary commands with user privileges if zgrep is
run in an untrusted directory with specially crafted file names. |
| Alerts: |
|
Comments (2 posted)
ImageMagick: heap overflow vulnerability
| Package(s): | ImageMagick |
CVE #(s): | CVE-2006-2440
|
| Created: | May 25, 2006 |
Updated: | September 5, 2006 |
| Description: |
The ImageMagick DisplayImageCommand has a heap overflow vulnerability.
If an maliciously created unexpanded glob is passed to ImageMagick,
a heap overflow can result. |
| Alerts: |
|
Comments (none posted)
ipsec-tools: denial of service
| Package(s): | ipsec-tools |
CVE #(s): | CVE-2005-3732
|
| Created: | December 1, 2005 |
Updated: | June 8, 2006 |
| Description: |
ipsec-tools has a remote
denial of service vulnerability in the racoon daemon.
If racoon is running in aggressive mode, it fails to check all peer
payloads during
When the daemon the IKE negotiation phase, allowing a malicious peer
to crash the daemon. One should always be careful around aggressive racoons. |
| Alerts: |
|
Comments (none posted)
kdebase: local root vulnerability
| Package(s): | kdebase |
CVE #(s): | CAN-2005-2494
|
| Created: | September 7, 2005 |
Updated: | August 11, 2006 |
| Description: |
The kdebase package (and kcheckpass in particular) found in KDE versions 3.2.0 through 3.4.2 suffers from a lock file handling error which can enable a local attacker to obtain root access. See this advisory for details. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | November 27, 2006 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-2271
CVE-2006-2272
CVE-2006-2274
CVE-2006-2275
CVE-2006-1864
|
| Created: | May 12, 2006 |
Updated: | July 13, 2006 |
| Description: |
Multiple vulnerabilities in the Linux have been found.
- An error in the Stream Control Transmission Protocol (SCTP) code that
uses incorrect state table entries when certain ECNE chunks are received in
CLOSED state, could be exploited by attackers to cause a kernel panic via a
specially crafted packet.
- An error exist when handling incoming IP-fragmented SCTP control
chunks, which could be exploited by attackers to cause a kernel panic via a
specially crafted packet.
- Linux SCTP (lksctp) allows remote attackers to cause a denial of
service (infinite recursion and crash) via a packet that contains two or
more DATA fragments, which causes an skb pointer to refer back to itself
when the full message is reassembled, leading to infinite recursion in the
sctp_skb_pull function
- Linux SCTP (lksctp) allows remote attackers to cause a denial of
service (deadlock) via a large number of small messages to a receiver
application that cannot process the messages quickly enough, which leads to
"spillover of the receive buffer."
- A vulnerability has been identified due to an input validation error
when processing arguments containing backslash ("\\") characters passed to
certain commands (e.g. "cd"), which could be exploited by authenticated
attackers to escape chroot restrictions for a CIFS or SMBFS mounted
filesystem.
|
| Alerts: |
|
Comments (none posted)
kernel: netfilter memory corruption
| Package(s): | kernel |
CVE #(s): | CVE-2006-2444
|
| Created: | May 25, 2006 |
Updated: | July 5, 2006 |
| Description: |
The 2.6.12 kernel has a remote memory corruption vulnerability
that can be remotely triggered by loading the ip_nat_snmp_basic
module and traffic is network-translated on port 161 or 162. |
| Alerts: |
|
Comments (none posted)
kernel: information disclosure
| Package(s): | kernel |
CVE #(s): | CVE-2006-1343
|
| Created: | May 31, 2006 |
Updated: | July 20, 2006 |
| Description: |
The 2.6 kernel netfilter code contains an information leak; this vulnerability has been fixed in the 2.6.16.19 release. |
| Alerts: |
|
Comments (none posted)
libgadu: memory alignment bug
| Package(s): | libgadu |
CVE #(s): | CAN-2005-2370
|
| Created: | July 29, 2005 |
Updated: | June 25, 2007 |
| Description: |
Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment
error in libgadu (from ekg, console Gadu Gadu client, an instant
messaging program) which is included in gaim, a multi-protocol instant
messaging client, as well. This can not be exploited on the x86
architecture but on others, e.g. on Sparc and lead to a bus error,
in other words a denial of service.
|
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflows in PNG handling
| Package(s): | libgd2 |
CVE #(s): | CAN-2004-0990
CAN-2004-0941
|
| Created: | October 29, 2004 |
Updated: | June 28, 2006 |
| Description: |
Several buffer overflows have been discovered in libgd's PNG handling
functions.
If an attacker tricked a user into loading a malicious PNG image, they
could leverage this into executing arbitrary code in the context of
the user opening image. Most importantly, this library is commonly
used in PHP. One possible target would be a PHP driven photo website
that lets users upload images. Therefore this vulnerability might lead
to privilege escalation to a web server's privileges.
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and
earlier may allow remote attackers to execute arbitrary code via malformed
image files that trigger the overflows due to improper calls to the
gdMalloc function. |
| Alerts: |
|
Comments (none posted)
libpam-ldap: authentication bypass
| Package(s): | libpam-ldap |
CVE #(s): | CAN-2005-2641
|
| Created: | August 25, 2005 |
Updated: | October 6, 2006 |
| Description: |
libpam-ldap, the PAM LDAP interface, has a vulnerability in which
it fails to authenticate with an LDAP server which is not configured
properly, allowing an authentication bypass. |
| Alerts: |
|
Comments (none posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CVE-2006-2656
|
| Created: | May 26, 2006 |
Updated: | June 8, 2006 |
| Description: |
The tiffsplit command has a problem in the way that it handles
fixed-size buffers, a stack overflow can result. |
| Alerts: |
|
Comments (none posted)
mailman: denial of service
| Package(s): | mailman |
CVE #(s): | CVE-2006-0052
|
| Created: | March 30, 2006 |
Updated: | June 9, 2006 |
| Description: |
Mailman 2.1.5 and below have a denial of service vulnerability
in the Scrubber.py script. If a maliciously created message
with a mime multi part format is received, mailman delivery
can be stopped. |
| Alerts: |
|
Comments (none posted)
mozilla products have multiple vulnerabilities
Comments (none posted)
mpg123: buffer overflows
| Package(s): | mpg123 |
CVE #(s): | CVE-2006-1655
|
| Created: | May 24, 2006 |
Updated: | July 3, 2006 |
| Description: |
mpg123 does not properly validate MPEG 2.0 layer 3 files, leading to a number of buffer overflow vulnerabilities. |
| Alerts: |
|
Comments (none posted)
mysql: SQL injection vulnerability
| Package(s): | mysql |
CVE #(s): | CVE-2006-2753
|
| Created: | June 2, 2006 |
Updated: | June 16, 2006 |
| Description: |
This MySQL 4.1.20 release
announcement covers an SQL injection vulnerability. |
| Alerts: |
|
Comments (none posted)
MySQL: logging bypass
| Package(s): | mysql |
CVE #(s): | CVE-2006-0903
|
| Created: | April 4, 2006 |
Updated: | May 21, 2008 |
| Description: |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query. |
| Alerts: |
|
Comments (2 posted)
mysql: information leaks
| Package(s): | mysql mysql-dfsg |
CVE #(s): | CVE-2006-1516
CVE-2006-1517
|
| Created: | May 8, 2006 |
Updated: | June 23, 2006 |
| Description: |
Stefano Di Paola discovered an information leak in the login packet
parser. By sending a specially crafted malformed login packet, a
remote attacker could exploit this to read a random piece of memory,
which could potentially reveal sensitive data. (CVE-2006-1516)
Stefano Di Paola also found a similar information leak in the parser
for the COM_TABLE_DUMP request. (CVE-2006-1517) |
| Alerts: |
|
Comments (1 posted)
ntp: uses wrong gid
| Package(s): | ntp |
CVE #(s): | CAN-2005-2496
|
| Created: | August 26, 2005 |
Updated: | August 11, 2006 |
| Description: |
When starting xntpd with the -u option and specifying the
group by using a string not a numeric gid the daemon uses
the gid of the user not the group. This problem is now fixed
by this update. |
| Alerts: |
|
Comments (none posted)
openmotif: buffer overflows
| Package(s): | openmotif |
CVE #(s): | CVE-2005-3964
|
| Created: | December 29, 2005 |
Updated: | July 27, 2006 |
| Description: |
The libUil component of the OpenMotif toolkit has a pair of buffer
overflow vulnerabilities that can possibly be used for the execution
of arbitrary code.
|
| Alerts: |
|
Comments (none posted)
OpenSSH: double shell expansion
| Package(s): | openssh |
CVE #(s): | CVE-2006-0225
|
| Created: | January 23, 2006 |
Updated: | July 20, 2006 |
| Description: |
OpenSSH has a double shell expansion vulnerability in local to local and
remote to remote copy with scp. |
| Alerts: |
|
Comments (none posted)
perl: setuid vulnerabilities
| Package(s): | perl |
CVE #(s): | CAN-2005-0155
CAN-2005-0156
|
| Created: | February 2, 2005 |
Updated: | August 11, 2006 |
| Description: |
There are two vulnerabilities with perl when it is used in a setuid mode. The PERLIO_DEBUG environment variable can be used to overwrite arbitrary files; there is also an associated buffer overflow which can be exploited to gain root access. |
| Alerts: |
|
Comments (none posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2006-1990
CVE-2006-1991
CVE-2006-3017
|
| Created: | May 25, 2006 |
Updated: | August 18, 2006 |
| Description: |
The php wordwrap() function is vulnerable to an integer overflow.
Attackers can submit long arguments to cause a heap-based buffer
overflow, allowing arbitrary code execution.
PHP 5.x and PHP 4.4.2 have a problem with the substr_compare() function.
An attacker can use an out-of-bounds offset argument to cause a
memory access violation, causing a denial of service.
A bug in zend_hash_del() allowed attackers to prevent unsetting of some variables |
| Alerts: |
| |
|