search for: vulnerability

...ystems running various versions of BIND I. Description Six vulnerabilities have been found in BIND, the popular domain name server from the Internet Software Consortium (ISC). One of these vulnerabilities may allow remote intruders to gain privileged access to name servers. Vulnerability #1: the "nxt bug" Some versions of BIND fail to properly validate NXT records. This improper validation could allow an intruder to overflow a buffer and execute arbitrary code with the privileges of the name server. NXT record support was introduced in BIND version 8.2. P...

...munity responds to security problems more quickly than other OS vendors, and thus might be considered "more secure". A number of fairly high profile corporations are starting to look for such information as they consider Linux as an alternative solution to other UNIXes. Something like: Vulnerability : foo has buffer overrun Affects : Linux, Solaris, etc Linux Fix Date : Oct 1, 1996 Other Fix Dates: Solaris: not yet fixed ... References : http://....... CERT Advisory XYZ Does anyone have any pointers, or information I can use to assemble data like...

...## ### ## ###### . ## ## . ######. Secure Networks Inc. Security Advisory October 21, 1997 in.telnetd tgetent buffer overflow This advisory addresses a vulnerability in the tgetent(3) library routine which allows an attacker to obtain root privileges by connecting to a vulnerable system''s telnet daemon. Problem Description ~~~~~~~~~~~~~~~~~~~ A vulnerability in the tgetent(3) library routine can result in a buffer overflow in the telnet daemon on so...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3515 / XSA-17 version 2 Qemu VT100 emulation vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The device model used by fully virtualised (HVM) domains, qemu, does not properly handle escape VT100 sequences when emulating certain devices with a virtual console backend. IMPACT ====== An attacke...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-3515 / XSA-17 version 2 Qemu VT100 emulation vulnerability UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The device model used by fully virtualised (HVM) domains, qemu, does not properly handle escape VT100 sequences when emulating certain devices with a virtual console backend. IMPACT ====== An attacke...

The following is pasted from SecurityFocus Newsletter #254: ------------------------- Asterisk PBX Multiple Logging Format String Vulnerabilities BugTraq ID: 10569 Remote: Yes Date Published: Jun 18 2004 Relevant URL: http://www.securityfocus.com/bid/10569 Summary: It is reported that Asterisk is susceptible to format string vulnerabilities in its logging functions. An attacker may use these

Do we know if dovecot is vulnerable to the heartbleed SSL problem? I'm running dovecot-2.0.9 and openssl-1.01, the latter being intrinsically vulnerable. An on-line tool says that my machine is not affected on port 993 but it would be nice to know for sure if we were vulnerable for a while. (Naturally I've blocked it anyway!). Thanks John

Hi! cc'd to freebsd-security@ as somebody there may correct me, cc'd to secteam@ as maintaner of security/portaudit. On Sun, 28 Aug 2005 10:14:21 +0930 Ian Moore wrote: > I've just updated my acroread port to 7.0.1 & was surprised when portaudit > still listed it as a vulnerability. I think it is portaudit problem. > According to http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/85093, the > upgrade to 7.0.1 is suppoed to fix the problem, but according to > http://www.freebsd.org/ports/portaudit/02bc9b7c-e019-11d9-a8bd-000cf18bbe54.html > and Adobe's web...

We have discovered a security vulnerability (“AltNames Vulnerability”) whereby a malicious attacker can impersonate the Puppet master using credentials from a Puppet agent node. This vulnerability cannot cross Puppet deployments, but it can allow an attacker with elevated privileges on one Puppet-managed node to gain control of any other Pup...

For even more information about "Heartbleed". -Connie Sieh ---------- Forwarded message ---------- Date: Wed, 9 Apr 2014 12:27:54 -0500 From: The SANS Institute <NewsBites at sans.org> Subject: FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites - Heartbleed Open SSL Vulnerability FLASH NewsBites are issued only when a security event demands global and immediate action. The HeartBleed Open SSL vulnerability fits that description. Proof: More than 200 students at SANS 2014 in Orlando this week spent 2 hours in a briefing...

-----BEGIN PGP SIGNED MESSAGE----- $Id: lpr-vulnerability-0.6-linux,v 1.2 1996/11/25 22:39:20 alex Exp $ Linux Security FAQ Update lpr Vulnerability Mon Nov 25 16:56:59 EST 1996 Copyright (C) 1995,1996 Alexander O. Yuriev (alex@bach.cis.temple.edu)...

Hi, FYI, Red Hat released an advisory today about a vulnerability in Ruby. So far it doesn't appear in the VuXML, but am I correct in presuming it will soon? https://rhn.redhat.com/errata/RHSA-2006-0604.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694 cheers, -- Joel Hatton -- Infrastructure Manager | Hotline: +61 7 3365 4417 Au...

just for my curiosity, How can we make sure that its not affected? Is there any script to check whether its vulnerable or not (as in bash shell shock vulnerability test)? On Tue, Mar 31, 2015 at 12:25 PM, Eero Volotinen <eero.volotinen at iki.fi> wrote: > Centos 5 is not affected by this bug, so fix is not available. > > Eero > 31.3.2015 9.48 ap. kirjoitti "Venkateswara Rao Dokku" <dvrao.584 at gmail.com > >: > > &...

...warding it to the appropriate FreeBSD mailing lists. We would like to thanks CERT for cooperation with the FreeBSD security officer on this subject. -----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-98-13-tcp-denial-of-service Original Issue Date: December 21, 1998 Last Revised Topic: Vulnerability in Certain TCP/IP Implementations Affected Systems Some systems with BSD-derived TCP/IP stacks. See Appendix A for a complete list of affected systems. Overview Intruders can disrupt service or crash systems with vulnerable TCP/IP stacks. No special access is required, and intruders...

According to the vulnerability test script from shellshocker.net, the latest bash versions on CentOS5 and CentOS6, 3.2-33.el5_11.4 and 4.1.2-15.el6_5.2, resp., are still vulnerable to CVE-2014-6277. In fact, on CentOS6, abrtd will send you a nice report about it. Does anyone know if upstream is working on a fix? [root at ho...

CORE SDI http://www.core-sdi.com SSH1 CRC-32 compensation attack detector vulnerability Date Published: 2001-02-08 Advisory ID: CORE-20010207 Bugtraq ID: 2347 CVE CAN: CAN-2001-0144 Title: SSH1 CRC-32 compensation attack detector vulnerability Class: Boundary Error Condition Remotely Exploitable: Yes Locally Exploitable: Yes Release Mode: FORCED RELEASE Vulnerability Descri...

...are sending notifications for three vulnerabilities, - CVE-2020-10957 - CVE-2020-10958 - CVE-2020-10967 Please find them below --- Aki Tuomi Open-Xchange Oy ------------------ Open-Xchange Security Advisory 2020-05-18 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3784 Vulnerability type: NULL pointer dereference (CWE-476) Vulnerable version: 2.3.0 - 2.3.10 Vulnerable component: submission, lmtp Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.10.1 Researcher credits: Philippe Antoine (Catena Cyber) Vendor notification: 2020-03-24 Solution date:...

...are sending notifications for three vulnerabilities, - CVE-2020-10957 - CVE-2020-10958 - CVE-2020-10967 Please find them below --- Aki Tuomi Open-Xchange Oy ------------------ Open-Xchange Security Advisory 2020-05-18 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3784 Vulnerability type: NULL pointer dereference (CWE-476) Vulnerable version: 2.3.0 - 2.3.10 Vulnerable component: submission, lmtp Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.10.1 Researcher credits: Philippe Antoine (Catena Cyber) Vendor notification: 2020-03-24 Solution date:...

Hi All, Actually I am working with the OpenSSH version 6.2p which is vulnerable to above mentioned vulnerabilities. So am looking for some help how I can fix these vulnerabilities in my version. I need to fix it in the OpenSSH code. Regards Abhishek

Hello! Port security/portaudit reports the following problem: Affected package: FreeBSD-491000 Type of problem: multiple vulnerabilities in the cvs server code. Reference: <http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa7d.htm l> Note: To disable this check add the uuid to `portaudit_fixed' in /usr/local/etc/portaudit.conf I have 2 related questions: 1)