SuSE Essential and Critical Security Patch Updates - Page 778

SuSE: 2003-047: bind8 Security Update

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

To resolve IP addresses to host and domain names and vice versa the To resolve IP addresses to host and domain names and vice versa the DNS service needs to be consulted. The most popular DNS software is DNS service needs to be consulted. The most popular DNS software is the BIND8 and BIND9 suite. The BIND8 code is vulnerable to a remote denial-of-service attack by poisoning the cache with a [More...]

LinuxSecurity.com Team
Nov 28, 2003

SuSE: 2003-046: sane Security Update

The sane (Scanner Access Now Easy) package provides access to scanners The sane (Scanner Access Now Easy) package provides access to scanners either locally or remotely over the network. either locally or remotely over the network. Several bugs in sane were fixed to avoid remote denial-of-service attacks. These attacks can even be executed if the remote attacker is not allowed to access th [More...]

LinuxSecurity.com Team
Nov 18, 2003

SuSE: 2003-045: hylafax Security Update

Hylafax is an Open Source fax server which allows sharing of fax Hylafax is an Open Source fax server which allows sharing of fax equipment among computers by offering its service to clients by equipment among computers by offering its service to clients by a protocol similar to FTP. The SuSE Security Team found a format bug condition during a code review of the hfaxd server. It allows remo [More...]

LinuxSecurity.com Team
Nov 10, 2003

SuSE: 2003-044: thttpd Security Update

Two vulnerabilities were found in the "tiny" web-server thttpd. Two vulnerabilities were found in the "tiny" web-server thttpd. The first bug is a buffer overflow that can be exploited remotely The first bug is a buffer overflow that can be exploited remotely to overwrite the EBP register of the stack. Due to memory-alignment of the stack done by gcc 3.x this bug can not be exploited. All th [More...]

LinuxSecurity.com Team
Oct 31, 2003

SuSE: openssl denial of service vulnerability

While checking the openssl implementation with a tool-kit from NISCC several errors were revealed most are ASN.1 encoding issues that causes a remote denial-of-service attack on the server side and possibly lead to remote command execution.

LinuxSecurity.com Team
Oct 01, 2003

SuSe: mysql buffer overflow vulnerability

A remotely exploitable buffer overflow within the authentication code of MySQL has been reported.

LinuxSecurity.com Team
Oct 01, 2003

SuSe: lsh buffer overflow vulnerabilities

There are buffer overflow vulnerabilities that allow attackers to execute arbitrary code as root on un-patched systems.

LinuxSecurity.com Team
Oct 01, 2003

SuSE: sendmail, sendmail-tls

A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SuSE products. These versions include sendmail-8.11 and sendmail-8.12 releases.

LinuxSecurity.com Team
Sep 20, 2003

SuSE: openssh management errors

A programming error has been found in code responsible for buffer management.

LinuxSecurity.com Team
Sep 18, 2003

SuSE: openssh Buffer management vulnerability

A programming error has been found in code responsible for buffer management. If exploited by a (remote) attacker, the error may lead to unauthorized access to the system, allowing the execution of arbitrary commands.

LinuxSecurity.com Team
Sep 16, 2003

SuSe: pine arbitrary code execution vulnerability

The well known and widely used mail client pine is vulnerable to a buffer overflow. The vulnerability exists in the code processing 'message/external-body' type messages.

LinuxSecurity.com Team
Sep 11, 2003

SuSE: 'pam_smb' privilege escalation

Dave Airlie informed us about a bug in the authentication code of pam_smb that allows a remote attacker to gain access to a system using pam_smb by issuing a too long password string.

LinuxSecurity.com Team
Sep 05, 2003

SuSe: sendmail dns map vulnerability

When sendmail receives an invalid DNS response it tries to call free on random data which results in a process crash.

LinuxSecurity.com Team
Aug 26, 2003

SuSe: kernel multiple vulnerabilities

There are multiple vulnerabilities in the kernel.

LinuxSecurity.com Team
Aug 12, 2003

SuSe: postfix multiple vulnerabilities

Michal Zalewski has reported problems in postfix which can lead to a remote DoS attack or allow attackers to bounce-scan private networks.

LinuxSecurity.com Team
Aug 04, 2003

SuSe: wuftpd off-by-one vulnerability

There is a single byte buffer overflow in the WU ftp daemon (wuftpd), a widely used ftp server for Linux-like systems.

LinuxSecurity.com Team
Aug 01, 2003

SuSe: nfs-utils denial of service vulnerability

There is an off-by-one bug in the xlog() function used by the rpc.mountd. It is possible for remote attackers to use this off-by-one overflow to execute arbitrary code as root.

LinuxSecurity.com Team
Jul 15, 2003

SuSe: radiusd-cistron denial of service vulnerability

radiusd-cistron contains a bug allowing a buffer overflow when a long NAS-Port attribute is received.

LinuxSecurity.com Team
Jun 16, 2003

SuSE: pptpd Remote buffer overflow vulnerability

The PPTP daemon contains a remotely exploitable buffer overflow which was introduced due to a integer overflow in the third argument passed to the read() library call. This bug has been fixed.

LinuxSecurity.com Team
Jun 06, 2003

SuSE: cups Remote DoS vulnerability

The CUPS daemon will stop serving clients if the second carriage return in a request is not sent to complete the header.

LinuxSecurity.com Team
Jun 06, 2003