Debian Essential And Critical Security Patch Updates - Page 300
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
A new version of procmail has been released which fixes a couple of buffer overflows and has extra security checks.
We have received reports that the lsof package is distributed in Debian GNU/Linux 2.0 contains a buffer overflow. Using this overflow it is possible for local users to gain root-access. We have fixed this problem in version 4.37-3.
The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files when it runs the tidy action on homedirectories, which makes it suspectible to a symlink attack. The author has been notified of the problem but has not released a fix yet.
We have received reports that the wu-ftpd-academ package as distributed in Debian GNU/Linux 2.0 is vulnerable to a buffer overflow. Using this vulnerability, known as palmetto, it is possible to gain shell access or otherwise circumvent normal login access and logging mechanisms.
We have received reports that the proftpd package as distributed in Debian GNU/Linux 2.0 is vulnerable to a buffer overflow. Using this vulnerability, known as palmetto, it is possible to gain shell access or otherwise circumvent normal login access and logging mechanisms.
We have found that the ftpwatch package as distributed in Debian GNU/Linux 1.3 and later distributions has a security problem which makes it trivial for users to gain root access.
We have received reports that the netstd suffered from two buffer overflows. The first problem is an exploitable buffer overflow in the bootp server. The second problem is an overflow in the FTP client. Both problems are fixed in a new netstd package, version 3.07-2hamm.4 .
The version bind that was distributed in Debian GNU/Linux 2.1 has avulnerability in the processing of NXT records that can be used by an attackedin a Debian of Service attack or theoretically be exploited to gain access tothe server.
We have received reports about two buffer overflows in the superpackage which was distributed as part of Debian GNU/Linux. Firstly,for per-user .supertab files super didn't check for a buffer overflowwhen creating the path to the user's .supertab file. Secondly anotherbuffer overflow did allow ordinary users to overflow super by creatinga nasty personal .supertab file.