Gentoo Essential and Critical Security Patch Updates - Page 178
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
gpg needs to be setuid to make use of protected memory space, however thesetgid bit allowed gpg user to overwrite goup root writable files and istherefore unnecessary.
Local or remote attacker which is capable to send RPC request tovulnerable mountd daemon could execute artitrary code or causedenial of service.
Attackers can use carefully crafted png pictures to execute arbitrarycommands using a buffer overflow in when viewed in gtksee.
Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remoteattackers to cause a denial of service and possibly execute arbitrarycode via a large value in an NAS-Port attribute, which is interpretedas a negative number and causes a buffer overflow.
ypserv NIS server before 2.7 allows remote attackers to cause a denialof service via a TCP client request that does not respond to the server,which causes ypserv to block.
By inserting invalid characters between ".." attackers can overwritearbitrary files.
Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.
Bas Wijnen discovered that the gnocatan server is vulnerable to several buffer overflows which could be exploited to execute arbitrary code on the server system.
QL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.
Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script.
tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute.
It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file.
Valid PDF files can contain malicious external-type hyperlinks that can execute arbitrary shell commands underneath Unix with various PDF viewers/readers.
Valid PDF files can contain malicious external-type hyperlinks that can execute arbitrary shell commands underneath Unix with various PDF viewers/readers.
A SQL Inject exists in ProFTPD server using the mod_sql module to authenticate against PostgreSQL database server. This vulnerability may allow a remote user to login whithout user and password.
CUPS allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
Buffer overflow in kon2 allows local users to execute arbitrary codevia a long -Coding command line argument.
ps2epsi uses an insecurely created file to execute ghostscript. Thiscould result in overwritten files for the user who is invoking ps2epsi.
znew and gzexe in the gzip package allows local users to overwritearbitrary files via a symlink attack on temporary files.