Wazi » debian_linux

Debian Linux 9.04 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 9.04 and prior [High]

Description

pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an “empty selection” for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-3232
Severity: High

NIST National Vulnerabilities Database

Debian Linux 10 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 10 and prior [Medium]

Description

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-1573
Severity: Medium

NIST National Vulnerabilities Database

Debian Linux 4 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 4 and prior [Medium]

Description

sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-3234
Severity: Medium

NIST National Vulnerabilities Database

Debian Linux 4.0 and prior [Unknown Severity]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 4.0 and prior [Unknown Severity]

Description

The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-1673
Severity: Unknown Severity

NIST National Vulnerabilities Database

Debian Linux 4.0 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 4.0 and prior [Medium]

Description

The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-2137
Severity: Medium

NIST National Vulnerabilities Database

Debian Linux 4.5.14 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 4.5.14 and prior [Medium]

Description

The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-0167
Severity: Medium

NIST National Vulnerabilities Database

Debian Linux 4.0 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 4.0 and prior [Medium]

Description

policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-1569
Severity: Medium

NIST National Vulnerabilities Database

Debian Linux 1.0.1 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 1.0.1 and prior [High]

Description

w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-0930
Severity: High

NIST National Vulnerabilities Database

Debian Linux 1.0.1 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 1.0.1 and prior [Medium]

Description

w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure permissions (0666) for /etc/wine/config, which might allow local users to execute arbitrary commands or cause a denial of service by modifying the file.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-0931
Severity: Medium

NIST National Vulnerabilities Database

Debian Linux 2008.0 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 2008.0 and prior [Medium]

Description

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-0411
Severity: Medium

NIST National Vulnerabilities Database

Debian Linux 8 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 8 and prior [High]

Description

diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-0932
Severity: High

NIST National Vulnerabilities Database

Debian Linux 4.0 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 4.0 and prior [High]

Description

misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-0162
Severity: High

NIST National Vulnerabilities Database

Debian Linux 4.0 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 4.0 and prior [Medium]

Description

lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2008-0807
Severity: Medium

NIST National Vulnerabilities Database

Debian Linux 4.0 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 4.0 and prior [High]

Description

scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2007-6415
Severity: High

NIST National Vulnerabilities Database

Debian Linux 2008.0 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 2008.0 and prior [Medium]

Description

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2007-6284
Severity: Medium

NIST National Vulnerabilities Database

Debian Linux [Low]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux [Low]

Description

The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2007-6418
Severity: Low

NIST National Vulnerabilities Database

Debian Linux 1.1 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 1.1 and prior [High]

Description

Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to override a non-setuid default during installation.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2007-6211
Severity: High

NIST National Vulnerabilities Database

Debian Linux 2008.0 and prior [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 2008.0 and prior [High]

Description

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2007-5116
Severity: High

NIST National Vulnerabilities Database

Debian Linux 4.0 and prior [Low]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 4.0 and prior [Low]

Description

iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2007-5827
Severity: Low

NIST National Vulnerabilities Database

Debian Linux 22.1 and prior [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Debian Linux 22.1 and prior [Medium]

Description

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2007-5795
Severity: Medium

NIST National Vulnerabilities Database