security report

Blues blues w ds6.pg.gda.pl
Pon, 27 Maj 2002, 11:10:04 CEST 

Wybrane rzeczy - hurtem. Sendmail jest u nas do poprawki - reszta rzeczy 
nie wiem.
Prosiłbym o zwrócenie na to uwagi priorytetowo.

5. Sendmail

    Vendor: Sendmail Consortium

    A denial of service vulnerability was reported in sendmail.  A
    local user can use file locking mechanisms on critical sendmail
    files to deny service to all sendmail users.

    Impact: Denial of service via local system

    Alert: http://securitytracker.com/alerts/2002/May/1004368.html


22. Ethereal

    Vendor: Ethereal.com

    Several potential vulnerabilities have been reported in the
    Ethereal network sniffer.  A remote user could cause the sniffer to
    crash or possibly execute arbitrary code.

    Impact: Denial of service via network

    Alert: http://securitytracker.com/alerts/2002/May/1004344.html


23. Fetchmail

    Vendor: Raymond, Eric S.

    A buffer overflow vulnerability was reported in 'fetchmail'.  A
    malicious remote server could cause arbitrary code to be executed
    on the system running 'fetchmail'.

    Impact: Denial of service via network

    Alert: http://securitytracker.com/alerts/2002/May/1004342.html


26. Talkd

    Vendor: [Multiple Authors/Vendors]

    A format string vulnerability was reported in many
    implementations of 'talkd'.  A remote user may be able to cause
    'talkd' to execute arbitrary code with root privileges.

    Impact: Execution of arbitrary code via network

    Alert: http://securitytracker.com/alerts/2002/May/1004339.html


34. Bzip2

    Vendor: [Multiple Authors/Vendors]

    A symbolic link (symlink) hole was reported in the 'bzip2' file
    compression utility.  A local user may be able to read files with
    elevated privileges.

    Impact: Disclosure of system information

    Alert: http://securitytracker.com/alerts/2002/May/1004330.html


35. K5su

    Vendor: [Multiple Authors/Vendors]

    A potential vulnerability was reported in the 'k5su' utility
    when run on FreeBSD and possibly other BSD-based operating systems.
    A local user that is not in the 'wheel' user group may access the
    utility.

    Impact: User access via local system

    Alert: http://securitytracker.com/alerts/2002/May/1004329.html


36. ViewCVS

    Vendor: Viewcvs.sourceforge.net

    A vulnerability was reported in the ViewCVS web-based CVS
    interface software.  A remote user can conduct cross-site scripting
    attacks against ViewCVS users to steal their authentication cookies.

    Impact: Disclosure of authentication information

    Alert: http://securitytracker.com/alerts/2002/May/1004328.html


-- 
---------------------------------
pozdr.  Paweł Gołaszewski        
---------------------------------
CPU not found - software emulation...

Więcej informacji o liście dyskusyjnej pld-devel-pl