Find the information you need for your favorite open source distribution .
It is possible for remote attackers to feed this script with evil data via spoofed DHCP replies for example. This way ifup-dhcp could be tricked into executing arbitrary commands as root.
An attacker could send a maliciously formated image file to trigger a Denial-of-Service attack or even execute arbitrary code on the victim's machine.
The input used to create the password prompt is user controlled and not properly length-checked before copied to certain heap locations. This allows local attackers to overflow the heap of sudo, thus executing arbitrary commands as root.
Within the cistron package, a buffer overflow in the digest calculation function and miscalculations of attribute lengths have been fixed which could allow remote attackers to execute arbitrary commands on the system running the radius server.
Several bugs could be triggered in the ucd-snmpd code by using this testing suite. These bugs lead to remote denial-of-service attacks and may possibly exploited to break system security remotely.
An error in a decompression routine can corrupt the internal data structures of malloc by a double call to the free() function. If the data processed by the compression library is provided from an untrusted source, it may be possible for an attacker to interfere with the process using the zlib routines.
An error in a decompression routine can corrupt the internal data structures of malloc by a double call to the free() function. If the data processed by the compression library is provided from an untrusted source, it may be possible for an attacker to interfere with the process using the zlib routines.
Joost Pol discovered an off-by-one bug in a routine in the openssh code for checking channel IDs.
The widely used proxy-server squid contains a heap overflow in one of its URL constructing functions. Incorrect length-calculations for the user and passwd fields in ftp-URLs turned out to be the origin of the problem.
Multiple critical remote vulnerabilities exist in several versions of PHP. Several flaws in the way PHP handles multipart/form-data POST requests have been found.
We re-release SuSE Security Announcement SuSE-SA:2002:005 with the new announcement ID SuSE-SA:2002:006 due to minor packaging errors that can result in a malfunction of the printing subsystem.
The buffer overflow could be exploited by a remote attacker as long as their IP address is allowed to connect to the CUPS server. This advisory has been retracted due to errors in the binary packages.
There exist several signedness bugs within the rsync program which allow remote attackers to write 0-bytes to almost arbitrary stack-locations, therefore being able to control the programflow and obtaining a shell remotely.
The at command may crash as a result of a surplus call to free(). The cause of the crash is a heap corruption that is exploitable under certain circumstances since the /usr/bin/at command is installed setuid root.
Attackers may trick "sudo" to log failed sudo invocations executing the sendmail program with root-privileges and not completely cleaned environment.
mutt, a popular mail client for Linux-like systems, is vulnerable to a buffer overflow that is remotely exploitable.
The file globbing (matching filenames against patterns such as "*.bak") routines in the glibc exhibits an error that results in a heap corruption and that may allow a remote attacker to execute arbitrary commands from processes that take globbing strings from user input.
This is a re-release of the SuSE Security Announcement SuSE-SA:2001:044, adding another bugfix for the openssh package as well as more detailed information about the vulnerabilities to prevent misunderstandings.
The OpenSSH daemon shipped with SuSE distributions contains various minor bugs which allows bypassing of IP-access control in some circumstances or the deletion of files named "cookies" if X11 forwarding is enabled. It has also been verified that the recent remotely exploitable crc32 bug as well as the logging-bug has been fixed in our latest ssh packages.
Due to a missing \0 at the end of the buffer a later call to a function that frees allocated memory will feed free(3) with userdefined data. This bug could be exploited depending on the implementation of the dynmaic allocateable memory API (malloc(3), free(3)) in the libc library.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
