Security Information / Security Advisories from 1997

Security Advisories from 1997

[02 Jul 1997] elm-me+

Vulnerability in elm

[07 Jul 1997] XFree86

Vulnerability in XFree86

[17 Apr 1997] sperl

Buffer overflow in sperl 5.003

[16 Apr 1997] php

There is a vulnerability in PHP/FI, a NCSA httpd cgi enhancement

[09 Apr 1997] metamail

It may be possible to make metamail execute arbitrary commands

[07 Apr 1997] amd

amd ignores nodev option

[25 Mar 1997] inetd

inetd passes privileged groups on to subprocesses

[25 Mar 1997] sendmail

sendmail 8.8.5 follows hardlinks when writing /var/tmp/dead.letter

[23 Mar 1997] tftp

tftpd allows retrieval of files with ".." in their path

[04 Mar 1997] superprobe

SuperProbe (of XFree86) contains a number of buffer overflows

[02 Mar 1997] imap4

The imapd, pop2d and pop3d servers allow remote, unauthenticated root access.

[20 Feb 1997] screen

The "screen" program overflows when copying the gecos field.

[13 Feb 1997] nlspath

libc NLSPATH buffer overflow

[10 Feb 1997] minicom

standard buffer overrun(s) in minicom

[06 Feb 1997] rlogin

rlogin doesn't check $TERM's length.

[06 Feb 1997] tar

GNU tar sometimes unintentionally creates setuid-root executables.

[27 Jan 1997] talkd

talkd does not check hostname length

Back to the Debian Project homepage.