What: tmpwatch
Problem: shell command execution
Remote: no
Notes: SuSE is not vulnerable
What: Boa
Problem: Exposes contents of local files
Remote: yes
What: esound
Problem: UNIX domain socket race
Remote: no
Notes: Debian slink/potato/woody not vulnerable.
What: Master Index
Problem: Traverse filesystem from remote
Remote: yes
Notes: This is commercial Linux software. No fix yet. (search engine)
What: iPlanet's iCal
Problem: Poor permissions, insecure programming practices
Remote: no (remote attackers can monitor keystrokes at install time !?)
Notes: This is commercial UNIX software. No fix yet. (calendar
server)
[ there are a few others vulnerabilities on commercial software I
didn't reprint
]
What: ncurses
Problem: Contains buffer overflows
Remote: no (could be if telnetd sets TERMCAP and other from remote)
Notes: Fix is easy: absolutely no ncurses application should be suid/sgid.
screen seems unaffected at least on RH.
What: sendmail (< 8.11.2)
Problem: User can crash sendmail -bt
Remote: no
Notes: Seems not exploitable.
--
Pour poster une annonce: [EMAIL PROTECTED]
