Tietoturvasta / Vuoden 2000 tietoturvatiedotteet

Vuoden 2000 tietoturvatiedotteet

[25.12.2000] DSA-008 dialog - insecure temporary files
[25.12.2000] DSA-010 gnupg - cheating with detached signatures, circumvention of web of trust
[25.12.2000] DSA-009 stunnel - insecure file handling, format string bug
[20.12.2000] DSA-007 zope - insufficient protection
[19.12.2000] DSA-006 zope - privilege escalation
[17.12.2000] DSA-004 nano - symlink attack
[17.12.2000] DSA-005 slocate - local exploit
[ 1.12.2000] DSA-003 joe - symlink attack
[30.11.2000] DSA-002 fsh - symlink attack
[29.11.2000] DSA-001 ed - symlink attack
[25.11.2000] mc - local DoS
[23.11.2000] ghostscript - symlink attack
[21.11.2000] joe - symlink attack
[22.11.2000] modutils - local buffer overflow
[22.11.2000] koules - local root exploit
[21.11.2000] ethereal - remote exploit
[21.11.2000] ncurses - local privilege escalation
[21.11.2000] xmcd - untrustworthy privileged binaries
[20.11.2000] modutils - local exploit
[20.11.2000] tcpdump - remote denial of service
[19.11.2000] cupsys - remote misuse of printer
[18.11.2000] openssh - possible remote exploit
[18.11.2000] cron - local privilege escalation
[12.11.2000] bind - remote Denial of Service
[11.11.2000] gnupg - incorrect signature verification
[11.11.2000] tcsh - local exploit
[14.10.2000] nis - local exploit
[14.10.2000] php4 - possible remote exploit
[14.10.2000] php3 - possible remote exploit
[13.10.2000] traceroute - local root exploit
[13.10.2000] curl and curl-ssl - remote exploit
[ 9.10.2000] boa - exposes contents of local files
[ 8.10.2000] esound - race condition
[19. 9.2000] sysklogd - root exploit
[11. 9.2000] libpam-smb - remote root exploit
[10. 9.2000] imp - remote compromise
[10. 9.2000] xpdf - local exploit
[ 2. 9.2000] glibc - local root exploit
[ 2. 9.2000] screen - local exploit
[ 1. 9.2000] netscape navigator/communicator - remote exploit
[30. 8.2000] ntop - Still remotely exploitable using buffer overflows
[30. 8.2000] xchat - Command Execution Via URLs Vulnerability
[21. 8.2000] zope - unauthorized escalation of privilege (update)
[16. 8.2000] xlockmore - possible shadow file compromise
[11. 8.2000] zope - unauthorized escalation of privilege
[ 8. 8.2000] mailx - local exploit
[28. 7.2000] dhcp client - remote root exploit in dhcp client
[27. 7.2000] userv - local exploit
[11. 7.2000] ftpd - buffer overflow in ftpd
[16. 7.2000] cvsweb - unauthorized remote code execution
[15. 7.2000] rpc.statd - remote root exploit
[ 1. 7.2000] canna server - buffer overflow
[28. 6.2000] dhcp client - remote root exploit in dhcp client
[22. 6.2000] wu-ftpd - remote root exploit in wu-ftpd
[19. 6.2000] xinetd - bug in access control mechanism
[12. 6.2000] kernel - bug in capabilities handling allows root exploits
[ 5. 6.2000] mailx - mail group exploit in mailx
[ 5. 6.2000] splitvt - root exploit in splitvt
[28. 3.2000] dump - reported exploit in dump
[ 9. 3.2000] mtr - possible local exploit in mtr
[28. 2.2000] nmh - remote exploit in nmh
[26. 2.2000] htdig - remote users can read files with webserver uid
[14. 2.2000] make - symlink attack in make
[ 1. 2.2000] apcd - symlink attack in apcd
[ 9. 1.2000] lpr - access control problem and root exploit
[ 8. 1.2000] nvi - incorrect file removal in boot script

Voit saada tuoreimmat Debianin tietoturvatiedotteet liittymällä debian-security-announce-postilistalle. Voit myös selata listan arkistoa.

---

Takaisin Debian-projektin kotisivulle.

---

---