SuSE Linux Distribution - Page 369
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
During operation, the underlying SGML perlmodule creates temporary files in an insecure way.
As long as hfaxd(8c) is installed setuid root, it may be possible to gain root access locally.
When printing a whole text or selected parts of a text, nedit(1) creates a temporary file in an insecure manner. This behavior could be exploited to gain access to other users privileges, even root.
sudo(8) previous to version 1.6.3p6 is vulnerable by a buffer overflow in it's logging code, which could lead to local root compromise.
A tmp race condition and other vulnerabilities exist that may be used to gain unauthorized access to more privileges.
A local attacker could trick mc into executing commands with the privileges of the user running mc
An exploit published by Przemyslaw Frasunek demonstrates a buffer overflow in the control request parsing code of the ntpd.
A bug in joe(1), a userfriendly text editor, was found by Christer Öberg of Wkit Security AB a few weeks ago.
Fumitoshi Ukai and Denis Barbier have found several potential buffer overflows, which could lead to local privilege escalation if installed setuid or to remote compromise.
Two parts of the nkitb/nkitserv package are vulnerable to security related bugs.
The eMail access daemons impad(8), ipop2d(8) and ipop3d(8) of SuSE 6.1 are vulnerable to several buffer overflows.
A SuSE-internal security audit of the cups package conducted by Sebastian Krahmer and Thomas Biege revealed several overflows as well as insecure file handling.
Possible remote root compromise and other issues with previous versions of ssh.
Possible remote root compromise exists with previous versions of ssh. Other issues exist.
bind-8.x in all versions of the SuSE distributions contain a bug in the transaction signature handling code that can allow to remotely over-flow a buffer.
kdesu has a flaw which may allow a malicious user to retrieve the root password by listening to a UNIX socket.
The dynamic linker will add user-defined shared libraries to the memory space of a program to be started.
Michal Zalewski has found a buffer overflow in the html parser code of the Netscape Navigator in all versions before and including 4.75.
Many vulnerabilities have been found in the openssh package, along with a compilation problem in the openssh and ssh packages in the SuSE-7.0 distribution.
Several overflowable buffers have been found in SuSE's version of tcpdump that could allow a remote attacker to crash the local tcpdump process.