Советы по безопасности за 1998 год

[10.12.1998] sshd
buffer overflow in logging
[07.12.1998] fte-console
does not drop its root privileges
[26.11.1998] fsp
creates user "ftp" unauthorized
[22.11.1998] zgv
buffer overflows
[18.11.1998] samba
unsafe temp files
[12.11.1998] junkbuster
buffer overflows
[22.09.1998] tcsh
buffer overflow with very long paths
[09.09.1998] bash
problem with very long pathnames
[05.09.1998] nslookup and dig
possible buffer overflows in nslookup and dig
[04.09.1998] rpc.mountd
buffer overflow in mountd
[01.09.1998] minicom
buffer overflows in minicom if suid
[29.08.1998] seyon
root compromise
[28.08.1998] sail
/tmp race in sail
[28.08.1998] apache
vulnerable to a denial of service
[28.08.1998] sendsys
remote denial of service if using sendsys report mechanism
[28.08.1998] lprm
buffer overflows allowing local root access
[27.08.1998] eperl
misinterprets ISINDEX queries
[27.08.1998] ncurses
setuid ncurses programs allow opening arbitrary files
[27.08.1998] mutt
malicious mails can execute arbitrary code
[27.08.1998] cfingerd
potentially allows local root exploits
[27.08.1998] faxsurvey
faxsurvey script executes arbitrary commands
[08.07.1998] filerunner
opens files in /tmp in an insecure manner
[13.06.1998] cxhextrix
buffer overflow, giving access to group games
[31.05.1998] mailx
insecurely opens files in /tmp
[30.05.1998] premail
opens files in /tmp insecurely
[30.05.1998] kdebase
buffer overflow in klock, kvt saves config as root
[20.05.1998] samba
buffer overflows
[14.05.1998] gzip
gzexe allows running arbitrary programs
[13.05.1998] shadow su
problem with su
[09.05.1998] procps
file creation and corruption bug in XConsole
[08.05.1998] super
displaying files despite lack of permissions
[08.05.1998] irc
allows remote to send arbitrary characters to local terminal
[08.04.1998] bind
buffer overflow causing potential remote root exploits, denial of service
[17.03.1998] perl
vulnerable to symlink attack
[17.03.1998] netstd
routed permits remote user file overwrite
[17.03.1998] lincity
potential buffer overruns
[17.03.1998] gzip
potential buffer overflow executable
[17.03.1998] gcc
vulnerable to symlink attack
[17.02.1998] textutils
sort and tac vulnerable to symlink attack
[11.02.1998] dwww
Shell meta-characters permitted
[12.01.1998] sudo
sudo allowed users to run any root command
[12.01.1998] smail
UUCP exploit under smail
[10.01.1998] deliver
buffer overflow