pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an “empty selection” for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication….
CVE Identifier: CVE-2009-3232
Vulnerability Type(s):
Severity: High
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments….
CVE Identifier: CVE-2009-1573
Vulnerability Type(s):
Severity: Medium
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username….
CVE Identifier: CVE-2008-3234
Vulnerability Type(s):
Severity: Medium
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding….
CVE Identifier: CVE-2008-1673
Vulnerability Type(s):
Severity: Unknown Severity
The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls….
CVE Identifier: CVE-2008-2137
Vulnerability Type(s):
Severity: Medium
The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances….
CVE Identifier: CVE-2008-0167
Vulnerability Type(s):
Severity: Medium
policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket….
CVE Identifier: CVE-2008-1569
Vulnerability Type(s):
Severity: Medium
w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file…
CVE Identifier: CVE-2008-0930
Vulnerability Type(s):
Severity: High
w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file….
CVE Identifier: CVE-2008-0931
Vulnerability Type(s):
Severity: Medium
Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator….
CVE Identifier: CVE-2008-0411
Vulnerability Type(s):
Severity: Medium
