Beveiligingsinformatie / Beveiligingsberichten voor 1997

Beveiligingsberichten voor 1997

[ 2 jul 1997] elm-me+

Vulnerability in elm

[ 7 jul 1997] XFree86

Vulnerability in XFree86

[17 apr 1997] sperl

Buffer overflow in sperl 5.003

[16 apr 1997] php

There is a vulnerability in PHP/FI, a NCSA httpd cgi enhancement

[ 9 apr 1997] metamail

It may be possible to make metamail execute arbitrary commands

[ 7 apr 1997] amd

amd ignores nodev option

[25 mrt 1997] inetd

inetd passes privileged groups on to subprocesses

[25 mrt 1997] sendmail

sendmail 8.8.5 follows hardlinks when writing /var/tmp/dead.letter

[23 mrt 1997] tftp

tftpd allows retrieval of files with ".." in their path

[ 4 mrt 1997] superprobe

SuperProbe (of XFree86) contains a number of buffer overflows

[ 2 mrt 1997] imap4

The imapd, pop2d and pop3d servers allow remote, unauthenticated root access.

[20 feb 1997] screen

The "screen" program overflows when copying the gecos field.

[13 feb 1997] nlspath

libc NLSPATH buffer overflow

[10 feb 1997] minicom

standard buffer overrun(s) in minicom

[ 6 feb 1997] rlogin

rlogin doesn't check $TERM's length.

[ 6 feb 1997] tar

GNU tar sometimes unintentionally creates setuid-root executables.

[27 jan 1997] talkd

talkd does not check hostname length

Terug naar de startpagina van het Debian Project.