Security Information / Bezpečnostní zprávy z roku 1997

Bezpečnostní zprávy z roku 1997

[02.07.1997] elm-me+

Vulnerability in elm

[07.07.1997] XFree86

Vulnerability in XFree86

[17.04.1997] sperl

Buffer overflow in sperl 5.003

[16.04.1997] php

There is a vulnerability in PHP/FI, a NCSA httpd cgi enhancement

[09.04.1997] metamail

It may be possible to make metamail execute arbitrary commands

[07.04.1997] amd

amd ignores nodev option

[25.03.1997] inetd

inetd passes privileged groups on to subprocesses

[25.03.1997] sendmail

sendmail 8.8.5 follows hardlinks when writing /var/tmp/dead.letter

[23.03.1997] tftp

tftpd allows retrieval of files with ".." in their path

[04.03.1997] superprobe

SuperProbe (of XFree86) contains a number of buffer overflows

[02.03.1997] imap4

The imapd, pop2d and pop3d servers allow remote, unauthenticated root access.

[20.02.1997] screen

The "screen" program overflows when copying the gecos field.

[13.02.1997] nlspath

libc NLSPATH buffer overflow

[10.02.1997] minicom

standard buffer overrun(s) in minicom

[06.02.1997] rlogin

rlogin doesn't check $TERM's length.

[06.02.1997] tar

GNU tar sometimes unintentionally creates setuid-root executables.

[27.01.1997] talkd

talkd does not check hostname length

Zpět na domovskou stránku projektu Debian.