Debian Linux Distribution - Page 293
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code.
Ntop was still exploitable using bufferoverflows. Using this technique it was possible to run arbitrary codeas the user who ran ntop in web mode.
On versions of Zope prior to 2.2.1 it was possible for a user with theability to edit DTML to gain unauthorized access to extra roles during arequest. A fix was previously announced in the Debian zope package2.1.6-5.1, but that package did not fully address the issue and has beensuperseded by this announcement.
There is a format string bug in all versions of xlockmore/xlockmore-gl.
On versions of Zope prior to 2.2beta1 it was possible for a user with theability to edit DTML can gain unauthorized access to extra roles during arequest.
Using ntop to distribute network traffic through the network, it is possible to access arbitrary files on the local filesystem. Since ntop runs as root uid, guess what that means, even /etc/shadow got unsecured.
Exploit exists that could result in a malicious user obtaining group mailman permission.
It might be possible for local usersto abuse this to carry out unauthorised actions or be able to takecontrol for service user accounts.
The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2 (potato) are vulnerable to a root exploit.
The version of wu-ftpd distributed in Debian GNU/Linux 2.1 (a.k.a. slink), as well as in the frozen (potato) and unstable (woody) distributions, is vulnerable to a remote root compromise.
The version of splitvt distributed in Debian GNU/Linux 2.1, the frozen (potato) and unstable (woody) distributions, is vulnerable to a local buffer overflow.
The version of mailx distributed in Debian GNU/Linux 2.1, the frozen (potato) and unstable (woody) distributions is vulnerable to a local buffer overflow.
Any local user can trick majordomo into executing arbitrary code or to create or write files as the majordomo user anywhere on the filesystem.
The version of mtr as distributed in Debian GNU/Linux 2l1 (aka slink) did not drop root privileges correctly. While there are no known exploits it is conceivable that a weakness in gtk or ncurses could be used to exploit this.
nmh did not check incoming mail messages properly. This could be exploited byusing carefully designed MIME headers to trick mhshow into executing arbitrary shell code. [Found on LWN]
The make package as shipped in Debian GNU/Linux 2.1 is vulnerable to arace condition that can be exploited with a symlink attack. make usedmktemp while creating temporary files in /tmp. and that is a knownpotential security hole, as documented in the man page of mktemp.