Gentoo Essential and Critical Security Patch Updates - Page 178
Find the information you need for your favorite open source distribution .
Gentoo: gnupg Unauthorized acess
gpg needs to be setuid to make use of protected memory space, however thesetgid bit allowed gpg user to overwrite goup root writable files and istherefore unnecessary.
Gentoo: nfs-utils Denial of service
Local or remote attacker which is capable to send RPC request tovulnerable mountd daemon could execute artitrary code or causedenial of service.
Gentoo: gtksee Buffer overflow vulnerability
Attackers can use carefully crafted png pictures to execute arbitrarycommands using a buffer overflow in when viewed in gtksee.
Gentoo: cistronradius Buffer overflow vulnerability
Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remoteattackers to cause a denial of service and possibly execute arbitrarycode via a large value in an NAS-Port attribute, which is interpretedas a negative number and causes a buffer overflow.
Gentoo: ypserv Remote denial of service
ypserv NIS server before 2.7 allows remote attackers to cause a denialof service via a TCP client request that does not respond to the server,which causes ypserv to block.
Gentoo: unzip Directory traversal vulnerability
By inserting invalid characters between ".." attackers can overwritearbitrary files.
Gentoo: mikmod arbitrary code execution vulnerability
Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.
Gentoo: gnocatan multiple vulnerabilities
Bas Wijnen discovered that the gnocatan server is vulnerable to several buffer overflows which could be exploited to execute arbitrary code on the server system.
Gentoo: phpbb SQL injection vulnerability
QL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.
Gentoo: noweb insecure tmp file vulnerability
Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script.
Gentoo: tcptraceroute privilege escalation vulnerability
tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute.
Gentoo: ethereal arbitrary code execution vulnerability
It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file.
Gentoo: xpdf arbitrary code execution vulnerability
Valid PDF files can contain malicious external-type hyperlinks that can execute arbitrary shell commands underneath Unix with various PDF viewers/readers.
Gentoo: acroread arbitrary code execution vulnerability
Valid PDF files can contain malicious external-type hyperlinks that can execute arbitrary shell commands underneath Unix with various PDF viewers/readers.
Gentoo: proftpd sql inject vulnerability
A SQL Inject exists in ProFTPD server using the mod_sql module to authenticate against PostgreSQL database server. This vulnerability may allow a remote user to login whithout user and password.
Gentoo: cups denial of service vulnerability
CUPS allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
Gentoo: kon2 Buffer overflow vulnerability
Buffer overflow in kon2 allows local users to execute arbitrary codevia a long -Coding command line argument.
Gentoo: ghostscript Insecure temp file
ps2epsi uses an insecurely created file to execute ghostscript. Thiscould result in overwritten files for the user who is invoking ps2epsi.
Gentoo: gzip Insecure temp files
znew and gzexe in the gzip package allows local users to overwritearbitrary files via a symlink attack on temporary files.
