SuSE Linux Distribution - Page 4.25
Find the information you need for your favorite open source distribution .
SuSe: openssl cryptographic weakness
Researchers have discovered certain weaknesses in OpenSSL's RSA decryption algorithm.
SuSe: sendmail buffer overflow vulnerability
The nature of the flaw is a stack overflow in a function that is called frequently throughout the sendmail source code.
SuSe: apcupsd buffer overflow vulnerability
The controlling and management daemon apcupsd for APC's Unbreakable Power Supplies is vulnerable to several buffer overflows and format bugs.
SuSE: kernel Local privilege escalation vulnerability
The local attacker can use ptrace and attach to a modprobe process that is spawned if the user triggers the loading of a kernel module using the kmod kernel module subsystem. The vulnerability allows the attacker to execute arbitrary commands as root.
SuSe: mutt arbitrary command execution vulnerability
The IMAP-code of mutt is vulnerable to a buffer overflow that can be exploited by a malicious IMAP-server to crash mutt or even execute arbitrary code with the privileges of the user running mutt.
SuSe: file buffer overflow vulnerability
A buffer overflow vulnerability in the ELF format parsing of the "file" command, one which can be used to execute arbitrary code with the privileges of the user running the command has been fixed.
SuSe: ethereal buffer overflow vulnerabilities
Ethereal is vulnerable to a format string bug in it's SOCKS code and to a heap buffer overflow in it's NTLMSSP code.
SuSe: qpopper privilege escalation
The sample exploit requires a valid user account and password, and overflows a string in the pop_msg() function to give the user "mail" group privileges and a shell on the system. Since the Qvsnprintf function is used elsewhere in qpopper, additional exploits may be possible.
SuSe: samba multiple vulnerabilities
A buffer overflow and race condition vulnerabilities have been fixed. These vulnerabilities may lead to remote root compromise.
SuSE: tcpdump Denial of service vulnerability
This bug can be exploited remotely by an attacker to stop the use of tcpdump for analyzing network traffic for signs of security breaches or alike. Another bug may lead to system compromise due to the handling of malformed NFS packets send by an attacker.
SuSE: lprold Buffer overflow vulnerability
This buffer overflow can be exploited by a local user, if the printer system is set up correctly, to gain root privileges. lprold is installed as default package and has the setuid bit set.
SuSE: sendmail/sendmail-tls Remote vulnerability
Updated Sendmail packages are available to fix a vulnerability thatmay allow remote attackers to gain root privileges by sending acarefully crafted message.
SuSe: openssl information leak
A security weakness has been found, known as "Vaudenay timing attack on CBC"
SuSe: mod_php4 buffer overflow vulnerability
Under some special circumstances a buffer overflow can be triggered in mod_php4's wordwrap() function.
SuSe: imp SQL injection vulnerability
Some SQL-injection vulnerabilities were found in IMP 2.x that allow an attacker to access the underlying database.
SuSE: cvs Double free vulnerability
An attacker with CVS read access to compromise a CVS server. Additionally two features ('Update-prog' and 'Checkin-prog') were disabled to stop clients with write access to execute arbitrary code on the server.
SuSe: dhcp multiple vulnerabilities
The ISC (Internet Software Consortium) dhcp package is an implementation of the Dynamic Host Configuration Protocol (DHCP).
SuSe: susehelp arbitrary code execution
Remote attackers can insert certain characters in CGI queries to the susehelp system tricking it into executing arbitrary code as the "wwwrun" user.
