SuSE Essential and Critical Security Patch Updates - Page 784
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Security problems have been found in the client code of the NIS (Network Information System, aka yp - yellow pages) subsytem.
Using a specially crafted sequence of characters on the commandline, it is possile to trick the traceroute program into running arbitrary code as root.
Insecure temporary file handling may cause the gnorpm package to overwrite arbitrary files on the system.
Errors in both the klogd and the syslogd can cause both daemons do die when specially designed strings get passed to the kernel by the user.
Versions 1.1.5 and before contain a buffer overflow that would allow a remote attacker to gain root access on the target host.
The configuration file for apache contains two security relevant errors.
screen, a tty multiplexer, is installed suid root by default on SuSE Linux distributions.
The glibc implementations in all SuSE distributions starting with SuSE-6.0 have multiple security problems
Two security problems exist in the netscape package as shipped with SuSE Linux distributions.
suidperl is the perl interpreter for suid perl scripts, a part of the perl package. A maliciously implemented feature causes the interpreter to spawn the /bin/mail program to inform the superuser of its usage, thereby passing on untrusted environment that causes /bin/mail to execute arbitrary commands as user root.
Due to incorrect string parsing in the code, a remote attacker could gain root priviledges on the machine running the vulnerable rpc.kstatd. This advisory contains other general security information as well.
This advisory contains information on the status of several outstanding potential security vulnerabilities present in SuSE Linux.
It may be possible for an attacker to modify his/her DNS record to execute abitrary machine code as root while connecting to the standard ftp daemon.
makewhatis from man package reported to not be vulnerable to /tmp race condition bug.
The implementation of the capability feature of the kernel 2.2.x < 2.2.16 is faulty.
The wu-ftp FTP server does not do proper bounds checking while processing the SITE EXEC command.