Displaying 20 results from an estimated 3070 matches for "vulnerable".
1999 Nov 11
0
CERT Advisory CA-99.14 - Multiple Vulnerabilities in BIND (fwd)
...BIND fail to properly validate NXT records. This
improper validation could allow an intruder to overflow a buffer and
execute arbitrary code with the privileges of the name server.
NXT record support was introduced in BIND version 8.2. Prior versions
of BIND, including 4.x, are not vulnerable to this problem. The
ISC-supplied version of BIND corrected this problem in version 8.2.2.
Vulnerability #2: the "sig bug"
This vulnerability involves a failure to properly validate SIG
records, allowing a remote intruder to crash named; see the impact
section for additio...
1997 Jan 29
5
evidence/timelines that show linux is "more secure"
I''m looking for some evidence, backup up with dates and references,
that shows that the Linux community responds to security problems
more quickly than other OS vendors, and thus might be considered
"more secure". A number of fairly high profile corporations are
starting to look for such information as they consider Linux as an
alternative solution to other UNIXes.
Something
1997 Oct 22
1
SNI-20: Telnetd tgetent vulnerability
[mod: Executive summary: SNI found recent linux-distributions
not-vulnerable -- REW]
-----BEGIN PGP SIGNED MESSAGE-----
###### ## ## ######
## ### ## ##
###### ## # ## ##
## ## ### ##
###### . ## ## . ######...
2012 Sep 05
7
Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability
...Public release.
ISSUE DESCRIPTION
=================
The device model used by fully virtualised (HVM) domains, qemu, does
not properly handle escape VT100 sequences when emulating certain
devices with a virtual console backend.
IMPACT
======
An attacker who has sufficient privilege to access a vulnerable device
within a guest can overwrite portions of the device model''s address
space. This can allow them to escalate their privileges to that of the
device model process.
VULNERABLE SYSTEMS
==================
All Xen systems running HVM guests are potentially vulnerable to this
depending on...
2012 Sep 05
7
Xen Security Advisory 17 (CVE-2012-3515) - Qemu VT100 emulation vulnerability
...Public release.
ISSUE DESCRIPTION
=================
The device model used by fully virtualised (HVM) domains, qemu, does
not properly handle escape VT100 sequences when emulating certain
devices with a virtual console backend.
IMPACT
======
An attacker who has sufficient privilege to access a vulnerable device
within a guest can overwrite portions of the device model''s address
space. This can allow them to escalate their privileges to that of the
device model process.
VULNERABLE SYSTEMS
==================
All Xen systems running HVM guests are potentially vulnerable to this
depending on...
2004 Jun 28
2
Security Vulnerability in Asterisk
...e these vulnerabilities to corrupt memory, and read or
write arbitrary memory. Remote code execution is likely possible.
Due to the nature of these vulnerabilities, there may exist many different
avenues of attack. Anything that can potentially call the logging functions
with user-supplied data is vulnerable.
Versions 0.7.0 through to 0.7.2 are reported vulnerable.
-------------------------
What is the status of CVS-current with respect to this?
I don't remember seeing any discussion of this issue here; apologies if I
missed it.
2014 Apr 08
3
Heartbleed openssl vulnerability?
Do we know if dovecot is vulnerable to the heartbleed SSL problem?
I'm running dovecot-2.0.9 and openssl-1.01, the latter being
intrinsically vulnerable. An on-line tool says that my machine is not
affected on port 993 but it would be nice to know for sure if we were
vulnerable for a while. (Naturally I've blocked it anyway!...
2005 Aug 28
1
Arcoread7 secutiry vulnerability
Hi!
cc'd to freebsd-security@ as somebody there may correct me,
cc'd to secteam@ as maintaner of security/portaudit.
On Sun, 28 Aug 2005 10:14:21 +0930 Ian Moore wrote:
> I've just updated my acroread port to 7.0.1 & was surprised when portaudit
> still listed it as a vulnerability.
I think it is portaudit problem.
> According to
2011 Oct 24
3
Important Security Announcement: AltNames Vulnerability [new version of puppet]
...er using
credentials from a Puppet agent node. This vulnerability cannot cross
Puppet deployments, but it can allow an attacker with elevated
privileges on one Puppet-managed node to gain control of any other
Puppet-managed node within the same infrastructure.
All Puppet Enterprise deployments are vulnerable, and Puppet open
source deployments may be, depending upon their site configuration.
We believe this to be a serious risk, and we have confirmed this with
security experts outside of Puppet Labs.
For more information we have the following resources:
* Blog Post with all the details:
http://puppe...
2014 Apr 09
1
FLASH NewsBites - Heartbleed Open SSL Vulnerability (fwd)
...ight after full days of classes.
This one matters.
Tonight at 8:15 SANS faculty member Jake Williams will present a
briefing explaining the HeartBleed vulnerability and what it means to
you. Jake says: "Another 24 hours have passed since the initial
presentation and we know more about what is vulnerable and what isn't.
Even if you attended the short presentation last night at #SANS2014,
this is a don't miss event."
Jake will cover the actual structure of the vulnerability, methods for
detection, and what you need to do (both as a systems admin and an end
user). Jake will also perform...
1996 Nov 25
0
LSF Update#14 v1.2 "lpr vulnerability"
...UT LPR VERSION NUMBERING SCHEMES
Unfortunately, different distributions use different version
numbering schemes for the same utilities. At this moment, a lpr
utility exists in at least the following packages:
Berkeley-derived lpr 5.9
lpr.c identifies itself between 1.1 and 1.4
This lpr is vulnerable.
Berkeley-derived lpr 5.9, a part of a NetKit 0.6B (separate package)
Utilities/System%package lpr
name: NetKit-B version: 0.06
Description: Printing support (lpr, lpd, etc)
Depending on the release, this version of lpr can be
vulnerable.
Berkeley-derived lpr 5.9, based on a part o...
2006 Jul 28
2
Ruby vulnerability?
Hi,
FYI, Red Hat released an advisory today about a vulnerability in Ruby. So
far it doesn't appear in the VuXML, but am I correct in presuming it will
soon?
https://rhn.redhat.com/errata/RHSA-2006-0604.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694
cheers,
-- Joel Hatton --
Infrastructure Manager | Hotline: +61 7 3365 4417
AusCERT - Australia's national
2015 Mar 31
2
OpenSSL vulnerability fix
just for my curiosity, How can we make sure that its not affected?
Is there any script to check whether its vulnerable or not (as in bash
shell shock vulnerability test)?
On Tue, Mar 31, 2015 at 12:25 PM, Eero Volotinen <eero.volotinen at iki.fi>
wrote:
> Centos 5 is not affected by this bug, so fix is not available.
>
> Eero
> 31.3.2015 9.48 ap. kirjoitti "Venkateswara Rao Dokku" <...
1998 Dec 22
0
CERT Advisory CA-98.13 - TCP/IP Denial of Service (fwd)
...inal Issue Date: December 21, 1998
Last Revised
Topic: Vulnerability in Certain TCP/IP Implementations
Affected Systems
Some systems with BSD-derived TCP/IP stacks. See Appendix A for a
complete list of affected systems.
Overview
Intruders can disrupt service or crash systems with vulnerable TCP/IP
stacks. No special access is required, and intruders can use
source-address spoofing to conceal their true location.
I. Description
By carefully constructing a sequence of packets with certain
characteristics, an intruder can cause vulnerable systems to crash,
hang, or behav...
2014 Oct 09
2
Bash still vulnerable
According to the vulnerability test script from shellshocker.net, the latest
bash versions on CentOS5 and CentOS6, 3.2-33.el5_11.4 and 4.1.2-15.el6_5.2,
resp., are still vulnerable to CVE-2014-6277. In fact, on CentOS6, abrtd will
send you a nice report about it. Does anyone know if upstream is working on a
fix?
[root at host ~]# bash ~/shellshock_test.sh
CVE-2014-6271 (original shellshock): not vulnerable
/root/shellshock_test.sh: line 16: 17229 Segmentation fault (c...
2001 Feb 08
0
[CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector vulnerability
...tack that exploited the vulnerability found. The attack detection
is done in the file deattack.c from the SSH1 source distribution.
A vulnerability was found in the attack detection code that could
lead to the execution of arbitrary code in SSH servers and clients
that incorporated the patch.
Vulnerable Packages/Systems:
This problem affects both SSH servers and clients.
All versions of SSH supporting the protocol 1 (1.5) that use the
CRC compensation attack detector are vulnerable
See below for vendor specific information.
OpenSSH
OpenSSH versions prior to 2.3.0 are vulnerable.
Ope...
2020 May 18
0
Multiple vulnerabilities in Dovecot
...- CVE-2020-10957
- CVE-2020-10958
- CVE-2020-10967
Please find them below
---
Aki Tuomi
Open-Xchange Oy
------------------
Open-Xchange Security Advisory 2020-05-18
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3784
Vulnerability type: NULL pointer dereference (CWE-476)
Vulnerable version: 2.3.0 - 2.3.10
Vulnerable component: submission, lmtp
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.10.1
Researcher credits: Philippe Antoine (Catena Cyber)
Vendor notification: 2020-03-24
Solution date: 2020-04-02
Public disclosure: 2020-05-18
CVE refere...
2020 May 18
0
Multiple vulnerabilities in Dovecot
...- CVE-2020-10957
- CVE-2020-10958
- CVE-2020-10967
Please find them below
---
Aki Tuomi
Open-Xchange Oy
------------------
Open-Xchange Security Advisory 2020-05-18
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3784
Vulnerability type: NULL pointer dereference (CWE-476)
Vulnerable version: 2.3.0 - 2.3.10
Vulnerable component: submission, lmtp
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.10.1
Researcher credits: Philippe Antoine (Catena Cyber)
Vendor notification: 2020-03-24
Solution date: 2020-04-02
Public disclosure: 2020-05-18
CVE refere...
2016 Mar 08
4
Need Help to Fix CVE-2008-1483, CVE-2008-5161, CVE-2015-5600 and CVE-2015-6565
Hi All,
Actually I am working with the OpenSSH version 6.2p which is vulnerable to
above mentioned vulnerabilities.
So am looking for some help how I can fix these vulnerabilities in my
version. I need to fix it in the OpenSSH code.
Regards
Abhishek
2004 Sep 14
1
multiple vulnerabilities in the cvs server code
Hello!
Port security/portaudit reports the following problem:
Affected package: FreeBSD-491000
Type of problem: multiple vulnerabilities in the cvs server code.
Reference:
<http://www.FreeBSD.org/ports/portaudit/d2102505-f03d-11d8-81b0-000347a4fa7d.htm
l>
Note: To disable this check add the uuid to `portaudit_fixed' in
/usr/local/etc/portaudit.conf
I have 2 related questions:
1)