Bollettini della sicurezza del 1998

[10 dic 1998] sshd
buffer overflow in logging
[07 dic 1998] fte-console
does not drop its root privileges
[26 nov 1998] fsp
creates user "ftp" unauthorized
[22 nov 1998] zgv
buffer overflows
[18 nov 1998] samba
unsafe temp files
[12 nov 1998] junkbuster
buffer overflows
[22 set 1998] tcsh
buffer overflow with very long paths
[09 set 1998] bash
problem with very long pathnames
[05 set 1998] nslookup and dig
possible buffer overflows in nslookup and dig
[04 set 1998] rpc.mountd
buffer overflow in mountd
[01 set 1998] minicom
buffer overflows in minicom if suid
[29 ago 1998] seyon
root compromise
[28 ago 1998] sail
/tmp race in sail
[28 ago 1998] apache
vulnerable to a denial of service
[28 ago 1998] sendsys
remote denial of service if using sendsys report mechanism
[28 ago 1998] lprm
buffer overflows allowing local root access
[27 ago 1998] eperl
misinterprets ISINDEX queries
[27 ago 1998] ncurses
setuid ncurses programs allow opening arbitrary files
[27 ago 1998] mutt
malicious mails can execute arbitrary code
[27 ago 1998] cfingerd
potentially allows local root exploits
[27 ago 1998] faxsurvey
faxsurvey script executes arbitrary commands
[08 lug 1998] filerunner
opens files in /tmp in an insecure manner
[13 giu 1998] cxhextrix
buffer overflow, giving access to group games
[31 mag 1998] mailx
insecurely opens files in /tmp
[30 mag 1998] premail
opens files in /tmp insecurely
[30 mag 1998] kdebase
buffer overflow in klock, kvt saves config as root
[20 mag 1998] samba
buffer overflows
[14 mag 1998] gzip
gzexe allows running arbitrary programs
[13 mag 1998] shadow su
problem with su
[09 mag 1998] procps
file creation and corruption bug in XConsole
[08 mag 1998] super
displaying files despite lack of permissions
[08 mag 1998] irc
allows remote to send arbitrary characters to local terminal
[08 apr 1998] bind
buffer overflow causing potential remote root exploits, denial of service
[17 mar 1998] perl
vulnerable to symlink attack
[17 mar 1998] netstd
routed permits remote user file overwrite
[17 mar 1998] lincity
potential buffer overruns
[17 mar 1998] gzip
potential buffer overflow executable
[17 mar 1998] gcc
vulnerable to symlink attack
[17 feb 1998] textutils
sort and tac vulnerable to symlink attack
[11 feb 1998] dwww
Shell meta-characters permitted
[12 gen 1998] sudo
sudo allowed users to run any root command
[12 gen 1998] smail
UUCP exploit under smail
[10 gen 1998] deliver
buffer overflow