Debian Linux Distribution - Page 254.75
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Ulf Härnhammar discovered that due to missing input sanitising in diatheke, a CGI script for making and browsing a bible website, it is possible to execute arbitrary commands via a specially crafted URL.
A buffer overflow has been discovered in xtrlock, a minimal X display lock program which can be exploited by a malicious local attacker to crash the lock program and take over the desktop session.
iDEFENSE has reported a buffer overflow in xpdf, the portable document format (PDF) suite. A maliciously crafted PDF file could exploit this problem, resulting in the execution of arbitrary code.
Javier Fernandez-Sanguino Pena from the Debian Security Audit Project discoverd a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also could unveil the contents of a temporary file which might contain sensitive information.
Andrei Nigmatulin discovered a buffer overflow in the PSD image-decoding module of ImageMagick, a commonly used image manipulation library. Remote exploition with a carefully crafted image could lead to the execution of arbitrary code.
iDEFENSE has reported a buffer overflow in xpdf, the portable document format (PDF) suite. Similar code is present in the PDF processing part of CUPS. A maliciously crafted PDF file could exploit this problem, resulting in the execution of arbitrary code.
Danny Lungstrom discoverd a vulnerability in chbg, a tool to change background pictures. A maliciously crafted configuration/scenario file could overflow a buffer and lead to the execution of arbitrary code on the victim's machine.
"jaguar" of the Debian Security Audit Project has discovered several buffer overflows in queue, a transparent load balancing system.
Erik Sjölund discovered a buffer overflow in xatitv, one of the programs in the gatos package, that is used to display video with certain ATI video cards. xatitv is installed setuid root in order to gain direct access to the video hardware.
Erik Sjölund discovered that playmidi, a MIDI player, contains a setuid root program with a buffer overflow that can be exploited by a local attacker.
Several vulnerabilities have been discovered in gallery, a web-based photo album written in PHP4.
ndrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the current version of mc that Debian ships in their stable release.
Philip Hazel announced a buffer overflow in the host_aton function in exim-tls, the SSL-enabled version of the default mail-tranport-agent in Debian, which can lead to the execution of arbitrary code via an illegal IPv6 address.
"jaguar" has discovered two security relevant problems in gopherd, the Gopher server in Debian which is part of the gopher package.
Philip Hazel announced a buffer overflow in the host_aton function in exim, the default mail-tranport-agent in Debian, which can lead to the execution of arbitrary code via an illegal IPv6 address.
Several insecure uses of temporary files have been discovered in support scripts in the libc6 package which provices the c library for a GNU/Linux system. Trustix developers found that the catchsegv script uses temporary files insecurely. Openwall developers discovered insecure temporary files in the glibcbug script. These scripts are vulnerable to a symlink attack.
Peter Samuelson, upstream maintainer of bmv, a PostScript viewer for SVGAlib, discovered that temporary files are created in an insecure fashion. A malicious local user could cause arbitrary files to be overwritten by a symlink attack.
Patrice Fournier discovered a vulnerability in the authorisation subsystem of hylafax, a flexible client/server fax system. A local or remote user guessing the contents of the hosts.hfaxd database could gain unauthorised access to the fax system.
Jeroen van Wolffelaar discovered a problem in lintian, the Debian package checker. The program removes the working directory even if it wasn't created at program start, removing an unrelated file or directory a malicious user inserted via a symlink attack.
Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline before the FTP command.
Sign up to get the latest security news affecting Linux and
open source delivered straight to your inbox
Powered By
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.