The sane (Scanner Access Now Easy) package provides access to scanners The sane (Scanner Access Now Easy) package provides access to scanners either locally or remotely over the network. either locally or remotely over the network. Several bugs in sane were fixed to avoid remote denial-of-service attacks. These attacks can even be executed if the remote attacker is not allowed to access th [More...]
Hylafax is an Open Source fax server which allows sharing of fax Hylafax is an Open Source fax server which allows sharing of fax equipment among computers by offering its service to clients by equipment among computers by offering its service to clients by a protocol similar to FTP. The SuSE Security Team found a format bug condition during a code review of the hfaxd server. It allows remo [More...]
Two vulnerabilities were found in the "tiny" web-server thttpd. Two vulnerabilities were found in the "tiny" web-server thttpd. The first bug is a buffer overflow that can be exploited remotely The first bug is a buffer overflow that can be exploited remotely to overwrite the EBP register of the stack. Due to memory-alignment of the stack done by gcc 3.x this bug can not be exploited. All th [More...]
While checking the openssl implementation with a tool-kit from NISCC several errors were revealed most are ASN.1 encoding issues that causes a remote denial-of-service attack on the server side and possibly lead to remote command execution.
A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SuSE products. These versions include sendmail-8.11 and sendmail-8.12 releases.
A programming error has been found in code responsible for buffer management. If exploited by a (remote) attacker, the error may lead to unauthorized access to the system, allowing the execution of arbitrary commands.
The well known and widely used mail client pine is vulnerable to a buffer overflow. The vulnerability exists in the code processing 'message/external-body' type messages.
Dave Airlie informed us about a bug in the authentication code of pam_smb that allows a remote attacker to gain access to a system using pam_smb by issuing a too long password string.
There is an off-by-one bug in the xlog() function used by the rpc.mountd. It is possible for remote attackers to use this off-by-one overflow to execute arbitrary code as root.
The PPTP daemon contains a remotely exploitable buffer overflow which was introduced due to a integer overflow in the third argument passed to the read() library call. This bug has been fixed.
