LQ Security Report - May 22nd 2004
May 17th 2004
11 issues handled (SF) 1. Sun Java Runtime Environment Unspecified Remote Denial Of Se... 2. Linux Kernel Local IO Access Inheritance Vulnerability 3. Icecast Server Base64 Authorization Request Remote Buffer Ov... 4. National Science Foundation Squid Proxy Internet Access Cont... 5. EMule Web Control Panel Denial Of Service Vulnerability 6. Linux Kernel SCTP_SetSockOpt Integer Overflow Vulnerability 7. Linux Kernel Serial Driver Proc File Information Disclosure ... 8. Linux Kernel STRNCPY Information Leak Vulnerability 9. Opera Web Browser Address Bar Spoofing Weakness 10. Triornis ZoneMinder Multiple Remote Buffer Overflow Vulnerab.. 11. Opera Web Browser Telnet URI handler Arbitrary File Creation... May 17th 2004 21 out of 51 issues handled (ISS) 1. NukeJokes multiple path disclosure 2. NukeJokes modules.php cross-site scripting 3. NukeJokes SQL injection 4. FreeBSD kernel denial of service 5. Icecast authorization request buffer overflow 6. Linux kernel exit_thread allows elevated privileges 7. phpShop $base_dir file include 8. Systrace allows elevated privileges 9. Linux Kernel sctp_setsockopt integer buffer overflow 10. BEA WebLogic Server and Express bypass server policy 11. BEA WebLogic Server and Express unauthorized access to Web applications 12. Surfboard long argument buffer overflow 13. Opera onUnload URL spoofing 14. ZoneMinder zms buffer overflow 15. Opera Telnet file overwrite 16. mah-jong NULL pointer denial of service 17. Ethereal SIP packet denial of service 18. Ethereal AIM dissector denial of service 19. Ethereal SPNEGO dissector denial of service 20. Ethereal MMSE dissector buffer overflow 21. Squid Web Proxy Cache send URL to bypass security May 21st 2004 25 issues across 8 distros (LAW) heimdal cvs neon cadaver libpng iproute lha mailman kdelibs tcpdump utempter subversion ipsec-tools exim Pound ProFTPD Icecast KDE libuser passwd apache libneon mc rsync kernel |
May 17th 2004 (SF)
Security Focus
1. Sun Java Runtime Environment Unspecified Remote Denial Of Se... BugTraq ID: 10301 Remote: Yes Date Published: May 07 2004 Relevant URL: http://www.securityfocus.com/bid/10301 Summary: It has been reported that Sun's Java Runtime Environment, as well as the Java Software Development Kit are affected by an unspecified, remote denial of service vulnerability. This issue would allow an attacker to cause the affected JRE to become unresponsive, denying service to legitimate users. 2. Linux Kernel Local IO Access Inheritance Vulnerability BugTraq ID: 10302 Remote: No Date Published: May 07 2004 Relevant URL: http://www.securityfocus.com/bid/10302 Summary: It has been reported that the Linux Kernel is affected by an IO access inheritance vulnerability. This issue is due to an access validation error that fails to invalidate all io_bitmap pointers before a process exits. This issue could allow local users to lock up the affected system, denying service to legitimate users. This issue might also allow an attacker to gain escalated privileges. 3. Icecast Server Base64 Authorization Request Remote Buffer Ov... BugTraq ID: 10311 Remote: Yes Date Published: May 10 2004 Relevant URL: http://www.securityfocus.com/bid/10311 Summary: It has been reported that Icecast server may be prone to a remote buffer overflow vulnerability when processing an excessively long base64 authentication request. A remote attacker could execute arbitrary code in the context of the server leading to unauthorized access. This issue is reported to exist in Icecast 2.0.0, however, it is possible that previous versions are affected as well. 4. National Science Foundation Squid Proxy Internet Access Cont... BugTraq ID: 10315 Remote: Yes Date Published: May 10 2004 Relevant URL: http://www.securityfocus.com/bid/10315 Summary: Squid proxy has been reported to be affected by an Internet access control bypass vulnerability. This issue is caused by a failure of the application to properly handle access controls when evaluating malformed URI requests. This issue is reported to affect version 2.3.STABLE5 of the software, it is likely however that other versions are also affected. This issue would allow users that are restricted from accessing Internet-based resources to access arbitrary web sites. 5. EMule Web Control Panel Denial Of Service Vulnerability BugTraq ID: 10317 Remote: Yes Date Published: May 10 2004 Relevant URL: http://www.securityfocus.com/bid/10317 Summary: It has been reported that eMule's Web Control Panel is susceptible to a remote denial of service vulnerability. This issue is reportedly triggered by sending malformed requests to the web interface. Upon processing malformed requests, the affected application will crash, denying service to legitimate users. 6. Linux Kernel SCTP_SetSockOpt Integer Overflow Vulnerability BugTraq ID: 10326 Remote: No Date Published: May 11 2004 Relevant URL: http://www.securityfocus.com/bid/10326 Summary: An integer overflow vulnerability has been reported in the sctp_setsockopt() system call of the Linux kernel. This issue is related to the code for handling the SCTP_SOCKOPT_DEBUG_NAME socket option. The issue presents itself in the sctp_setsockopt() function of the net/sctp/socket.c source file, due to a lack of sufficient validation performed on user supplied integer values. This vulnerbaility may result in the allocation of a zero byte chunk in kernel memory space. Likely resulting in a kernel panic. The issue may also potentially be exploited however to compromise the system. This vulnerability is reported to affect Linux kernel versions up to and including version 2.4.25. 7. Linux Kernel Serial Driver Proc File Information Disclosure ... BugTraq ID: 10330 Remote: No Date Published: May 12 2004 Relevant URL: http://www.securityfocus.com/bid/10330 Summary: It has been reported that the Linux kernel is prone to a serial driver proc file information disclosure vulnerability. This issue is due to a design error that allows unprivileged access to potentially sensitive information. This issue might allow an attacker to gain access to sensitive information such as user password lengths. 8. Linux Kernel STRNCPY Information Leak Vulnerability BugTraq ID: 10331 Remote: No Date Published: May 12 2004 Relevant URL: http://www.securityfocus.com/bid/10331 Summary: This issue is reported to affect the vulnerable kernel only on platforms other than x86. It has been reported that the Linux kernel is prone to a 'strncpy()' information leak vulnerability. This issue is due to a failure of the libc code to properly implement the offending function on platforms other than x86. This issue might lead to information leakage, potentially facilitating further attacks against an affected system or process. 9. Opera Web Browser Address Bar Spoofing Weakness BugTraq ID: 10337 Remote: Yes Date Published: May 13 2004 Relevant URL: http://www.securityfocus.com/bid/10337 Summary: Opera Web Browser is prone to a security weakness that may permit malicious web pages to spoof address bar information. This is reportedly possible through malicious use of the JavaScript "unOnload" event handler when the browser is redirected to another page. This issue could be exploited to spoof the domain of a malicious web page, potentially causing the victim user to trust the spoofed domain. The vulnerability reportedly affects Opera 7.23 releases on Windows and Linux platforms. Earlier versions may also be affected. 10. Triornis ZoneMinder Multiple Remote Buffer Overflow Vulnerab... BugTraq ID: 10340 Remote: Yes Date Published: May 13 2004 Relevant URL: http://www.securityfocus.com/bid/10340 Summary: Reportedly ZoneMinder is affected by multiple remote buffer overflow vulnerabilities, potentially leading to unauthorized access. These issues are due to a failure of the application to properly validate buffer boundaries when processing user input. These issues could allow a remote attacker to execute arbitrary code in the context of the affected software, which could lead to unauthorized access. 11. Opera Web Browser Telnet URI handler Arbitrary File Creation... BugTraq ID: 10341 Remote: Yes Date Published: May 13 2004 Relevant URL: http://www.securityfocus.com/bid/10341 Summary: It has been reported that Opera web browser is prone to a vulnerability that may allow a remote attacker to create and modify arbitrary files on a system. The vulnerability presents itself because the telnet URI handler in Opera fails to sanitize user-supplied input. Specifically, if a '-' character is present at the beginning of a host name, options may be passed to the telnet program to carry out an attack remotely.Opera version 7.23 is reported to be affected by this issue. Earlier versions may also be affected. **It has been reported that various web browsers are affected by this issue. The affected products include Apple Safari, Microsoft Internet Explorer, Mozilla Firefox, OmniWeb, iCab, TrailBlazer, and possibly others. These applications are currently undergoing further review and individual BIDs will be created when more information becomes available. |
May 17th 2004 (ISS)
Internet Security Systems
1. Date Reported: 05/08/2004 Brief Description: NukeJokes multiple path disclosure Risk Factor: Low Attack Type: Network Based Platforms: Any operating system Any version, NukeJokes 1.7, NukeJokes 2 Beta Vulnerability: nukejokes-multiple-path-disclosure X-Force URL: http://xforce.iss.net/xforce/xfdb/16094 2. Date Reported: 05/08/2004 Brief Description: NukeJokes modules.php cross-site scripting Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, NukeJokes 1.7, NukeJokes 2 Beta Vulnerability: nukejokes-modules-xss X-Force URL: http://xforce.iss.net/xforce/xfdb/16096 3. Date Reported: 05/08/2004 Brief Description: NukeJokes SQL injection Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, NukeJokes 1.7, NukeJokes 2 Beta Vulnerability: nukejokes-sql-injection X-Force URL: http://xforce.iss.net/xforce/xfdb/16099 4. Date Reported: 05/07/2004 Brief Description: FreeBSD kernel denial of service Risk Factor: Low Attack Type: Host Based Platforms: FreeBSD 4.x, FreeBSD 5.x Vulnerability: freebsd-kernel-dos X-Force URL: http://xforce.iss.net/xforce/xfdb/16100 5. Date Reported: 05/09/2004 Brief Description: Icecast authorization request buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Icecast 2.0.0, Linux Any version, Windows Any version Vulnerability: icecast-auth-request-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16103 6. Date Reported: 05/07/2004 Brief Description: Linux kernel exit_thread allows elevated privileges Risk Factor: High Attack Type: Host Based Platforms: Linux kernel 2.6.5 Vulnerability: linux-exitthread-gain-privileges X-Force URL: http://xforce.iss.net/xforce/xfdb/16106 7. Date Reported: 05/09/2004 Brief Description: phpShop $base_dir file include Risk Factor: High Attack Type: Network Based Platforms: Linux Any version, phpShop 0.7.1 and prior, Windows 2000 Any version, Windows NT Any version Vulnerability: phpshop-basedir-file-include X-Force URL: http://xforce.iss.net/xforce/xfdb/16107 8. Date Reported: 05/10/2004 Brief Description: Systrace allows elevated privileges Risk Factor: High Attack Type: Host Based Platforms: FreeBSD Ports Collection Any version, NetBSD Any version Vulnerability: systrace-gain-privileges X-Force URL: http://xforce.iss.net/xforce/xfdb/16110 9. Date Reported: 05/11/2004 Brief Description: Linux Kernel sctp_setsockopt integer buffer overflow Risk Factor: High Attack Type: Host Based Platforms: Linux Any version, Linux kernel 2.4.23-pre5 - 2.4.25, Trustix Secure Enterprise Linux 2, Trustix Secure Linux 2.0, Trustix Secure Linux 2.1 Vulnerability: linux-sctpsetsockopt-integer-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16117 10. Date Reported: 05/11/2004 Brief Description: BEA WebLogic Server and Express bypass server policy Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, WebLogic Server and Express 7.0 through SP5, WebLogic Server and Express 8.1 through 8.1 SP2 Vulnerability: weblogic-server-policy-bypass X-Force URL: http://xforce.iss.net/xforce/xfdb/16121 11. Date Reported: 05/11/2004 Brief Description: BEA WebLogic Server and Express unauthorized access to Web applications Risk Factor: Medium Attack Type: Network Based Platforms: Any operating system Any version, WebLogic Server and Express 7.0 through SP5, WebLogic Server and Express 8.1 through 8.1 SP2 Vulnerability: weblogic-application-unauth-access X-Force URL: http://xforce.iss.net/xforce/xfdb/16123 12. Date Reported: 05/11/2004 Brief Description: Surfboard long argument buffer overflow Risk Factor: High Attack Type: Host Based Platforms: Linux Any version, Surfboard 1.1.6, Unix Any version Vulnerability: surfboard-long-argument-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16124 13. Date Reported: 05/13/2004 Brief Description: Opera onUnload URL spoofing Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, Opera 7.23, Windows Any version Vulnerability: opera-onunload-url-spoofing X-Force URL: http://xforce.iss.net/xforce/xfdb/16131 14. Date Reported: 05/12/2004 Brief Description: ZoneMinder zms buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Linux Any version, ZoneMinder prior to 1.19.2 Vulnerability: zoneminder-zms-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16136 15. Date Reported: 05/12/2004 Brief Description: Opera Telnet file overwrite Risk Factor: Medium Attack Type: Network Based Platforms: Linux Any version, Opera 7.23, Windows Any version Vulnerability: opera-telnet-file-overwrite X-Force URL: http://xforce.iss.net/xforce/xfdb/16139 16. Date Reported: 05/13/2004 Brief Description: mah-jong NULL pointer denial of service Risk Factor: Low Attack Type: Network Based Platforms: Debian Linux 3.0, Mah-Jong Any version Vulnerability: mah-jong-null-dos X-Force URL: http://xforce.iss.net/xforce/xfdb/16143 17. Date Reported: 05/13/2004 Brief Description: Ethereal SIP packet denial of service Risk Factor: Low Attack Type: Network Based Platforms: Any operating system Any version, Ethereal 0.10.3 Vulnerability: ethereal-sip-packet-dos X-Force URL: http://xforce.iss.net/xforce/xfdb/16148 18. Date Reported: 05/13/2004 Brief Description: Ethereal AIM dissector denial of service Risk Factor: Low Attack Type: Network Based Platforms: Any operating system Any version, Ethereal 0.10.3 Vulnerability: ethereal-aim-dissector-dos X-Force URL: http://xforce.iss.net/xforce/xfdb/16150 19. Date Reported: 05/13/2004 Brief Description: Ethereal SPNEGO dissector denial of service Risk Factor: Low Attack Type: Network Based Platforms: Any operating system Any version, Ethereal 0.9.8 through 0.10.3 Vulnerability: ethereal-spnego-dos X-Force URL: http://xforce.iss.net/xforce/xfdb/16151 20. Date Reported: 05/13/2004 Brief Description: Ethereal MMSE dissector buffer overflow Risk Factor: High Attack Type: Network Based Platforms: Any operating system Any version, Ethereal 0.10.1 -0.10.3 Vulnerability: ethereal-mmse-bo X-Force URL: http://xforce.iss.net/xforce/xfdb/16152 21. Date Reported: 05/10/2004 Brief Description: Squid Web Proxy Cache send URL to bypass security Risk Factor: Medium Attack Type: Network Based Platforms: Squid Web Proxy Cache 2.3STABLE5, Unix Any version Vulnerability: squid-url-bypass-security X-Force URL: http://xforce.iss.net/xforce/xfdb/16153 |
May 21st 2004 (LAW)
Linux Advisory Watch
Distribution: Debian 5/18/2004 - heimdal Buffer overflow vulnerability This problem could perhaps be exploited to cause the daemon to read a negative amount of data which could lead to unexpected behaviour. http://www.linuxsecurity.com/advisor...sory-4347.html 5/19/2004 - cvs Heap overflow vulnerability Stefan Esser discovered a heap overflow in the CVS server, which serves the popular Concurrent Versions System. http://www.linuxsecurity.com/advisor...sory-4375.html 5/19/2004 - neon Heap overflow vulnerability User input is copied into variables not large enough for all cases. This can lead to an overflow of a static heap variable. http://www.linuxsecurity.com/advisor...sory-4376.html 5/19/2004 - cadaver Heap overflow vulnerability User input is copied into variables not large enough for all cases. This can lead to an overflow of a static heap variable. http://www.linuxsecurity.com/advisor...sory-4377.html Distribution: Fedora 5/14/2004 - libpng 1.2.2 Information leak vulnerability Fixes a possible out-of-bounds read in the error message handler. http://www.linuxsecurity.com/advisor...sory-4340.html 5/14/2004 - libpng 1.0.13 Information leak Fixes a possible out-of-bounds read in the error message handler. http://www.linuxsecurity.com/advisor...sory-4341.html 5/14/2004 - iproute Denial of service vulnerability iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface. http://www.linuxsecurity.com/advisor...sory-4342.html 5/14/2004 - lha Multiple vulnerabilities Ulf Hrnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA. http://www.linuxsecurity.com/advisor...sory-4343.html 5/18/2004 - mailman Cross-site scripting vulnerability A cross-site scripting (XSS) vulnerability exists in the admin CGI script for Mailman before 2.1.4. http://www.linuxsecurity.com/advisor...sory-4353.html 5/18/2004 - neon Format string vulnerabilities Exploiting these bugs may allow remote malicious WebDAV servers to execute arbitrary code. http://www.linuxsecurity.com/advisor...sory-4354.html 5/18/2004 - cvs Chroot escape vulnerability The client for CVS before 1.11.15 allows a remote malicious CVS server to create arbitrary files by using absolute pathnames during checkouts or updates. http://www.linuxsecurity.com/advisor...sory-4355.html 5/18/2004 - kdelibs Multiple vulnerabilities An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory. http://www.linuxsecurity.com/advisor...sory-4356.html 5/19/2004 - tcpdump Denial of service vulnerability Upon receiving specially crafted ISAKMP packets, TCPDUMP would try to read beyond the end of the packet capture buffer and subsequently crash. http://www.linuxsecurity.com/advisor...sory-4368.html 5/19/2004 - utempter Insecure temporary file vulnerability An updated utempter package that fixes a potential symlink vulnerability is now available. http://www.linuxsecurity.com/advisor...sory-4369.html 5/19/2004 - kdelibs Insufficient input sanitation An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory. http://www.linuxsecurity.com/advisor...sory-4370.html 5/19/2004 - cvs Heap overflow vulnerability Stefan Esser discovered a flaw in cvs where malformed "Entry" lines could cause a heap overflow. http://www.linuxsecurity.com/advisor...sory-4371.html 5/19/2004 - neon Heap overflow vulnerability An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client, such as cadaver. http://www.linuxsecurity.com/advisor...sory-4372.html 5/19/2004 - subversion Buffer overflow vulnerability An attacker could send malicious requests to a Subversion server and perform arbitrary execution of code. http://www.linuxsecurity.com/advisor...sory-4373.html 5/19/2004 - ipsec-tools Denial of service vulnerability Buffer overflow vulnerability A crafted ISAKMP header can cause racoon to crash. http://www.linuxsecurity.com/advisor...sory-4374.html Distribution: FreeBSD 5/19/2004 - cvs Heap overflow vulnerability Malformed data can cause a heap buffer to overflow, allowing the client to overwrite arbitrary portions of the server's memory. http://www.linuxsecurity.com/advisor...sory-4367.html Distribution: Gentoo 5/14/2004 - exim Buffer overflow vulnerabiity When the verify=header_syntax option is set, there is a buffer overflow in Exim that allows remote execution of arbitrary code. http://www.linuxsecurity.com/advisor...sory-4344.html 5/14/2004 - libpng Denial of service vulnerability A bug in the libpng library can be abused using a crafted .png to crash programs making use of that library. http://www.linuxsecurity.com/advisor...sory-4345.html 5/19/2004 - Pound Format string vulnerability There is a format string flaw in Pound, allowing remote execution of arbitrary code with the rights of the Pound process. http://www.linuxsecurity.com/advisor...sory-4363.html 5/19/2004 - ProFTPD ACL bypass vulnerability Version 1.2.9 of ProFTPD introduced a vulnerability that causes CIDR-based Access Control Lists automatically allow remote users full access to available files. http://www.linuxsecurity.com/advisor...sory-4364.html 5/19/2004 - Icecast Denial of service vulnerability Icecast is vulnerable to a denial of service attack allowing remote users to crash the application. http://www.linuxsecurity.com/advisor...sory-4365.html 5/19/2004 - KDE Insufficient input sanitation Vulnerabilities in KDE URI handlers makes your system vulnerable to various attacks. http://www.linuxsecurity.com/advisor...sory-4366.html Distribution: Mandrake 5/18/2004 - libuser Denial of service vulnerability Steve Grubb discovered a number of problems in the libuser library that can lead to a crash in applications linked to it, or possibly write 4GB of garbage to the disk. http://www.linuxsecurity.com/advisor...sory-4350.html 5/18/2004 - passwd Multiple vulnerabilities Passwords given to passwd via stdin are one character shorter than they are supposed to be. He also discovered that pam may not have been sufficiently initialized to ensure safe and proper operation. http://www.linuxsecurity.com/advisor...sory-4351.html 5/18/2004 - apache Multiple vulnerabilities Patch fixes four seperate apache vulnerabilities. http://www.linuxsecurity.com/advisor...sory-4352.html 5/19/2004 - kdelibs Insufficient input sanitation This vulnerability can allow remote attackers to create or truncate arbitrary files. http://www.linuxsecurity.com/advisor...sory-4360.html 5/19/2004 - cvs Buffer overflow vulnerability Stefan Esser discovered that malformed "Entry" lines can be used to overflow malloc()ed memory in a way that can be remotely exploited. http://www.linuxsecurity.com/advisor...sory-4361.html 5/19/2004 - libneon Heap overflow vulnerability It was discovered that in portions of neon can be used to overflow a static heap variable. http://www.linuxsecurity.com/advisor...sory-4362.html Distribution: Red Hat 5/18/2004 - kdelibs Multiple vulnerabilities Updated kdelibs packages that fix telnet URI handler and mailto URI handler file vulnerabilities are now available. http://www.linuxsecurity.com/advisor...sory-4348.html 5/19/2004 - cvs Buffer overflow vulnerability An updated cvs package that fixes a server vulnerability that could be exploited by a malicious client is now available. http://www.linuxsecurity.com/advisor...sory-4358.html 5/19/2004 - cadaver Heap overflow vulnerability An updated cadaver package is now available that fixes a vulnerability in neon which could be exploitable by a malicious DAV server. http://www.linuxsecurity.com/advisor...sory-4359.html 5/19/2004 - mc Multiple vulnerabilities Updated mc packages that resolve several buffer overflow vulnerabilities, one format string vulnerability and several temporary file creation vulnerabilities are now available. http://www.linuxsecurity.com/advisor...sory-4378.html 5/19/2004 - rsync Chroot escape vulnerability An updated rsync package that fixes a directory traversal security flaw is now available. http://www.linuxsecurity.com/advisor...sory-4379.html 5/19/2004 - libpng Denial of service vulnerability An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash when opened by a victim. http://www.linuxsecurity.com/advisor...sory-4380.html Distribution: Slackware 5/17/2004 - mc Multiple vulnerabilities These could lead to a denial of service or the execution of arbitrary code as the user running mc. http://www.linuxsecurity.com/advisor...sory-4346.html 5/18/2004 - kdelibs Multiple vulnerabilities The telnet, rlogin, ssh and mailto URI handlers in KDE do not do sufficient argument checking, allowing improper passing of arguments. http://www.linuxsecurity.com/advisor...sory-4349.html Distribution: SuSE 5/14/2004 - mc Multiple vulnerabilities This patch fixes buffer overflows, temporary file problems and format string bugs associated with Midnight Commander. http://www.linuxsecurity.com/advisor...sory-4339.html 5/19/2004 - cvs Buffer overflow vulnerability Stefan Esser reported buffer overflow conditions within the cvs program. http://www.linuxsecurity.com/advisor...sory-4357.html Distribution: Trustix 5/14/2004 - apache Multiple vulnerabilities This patch addresses a wide variety of known apache vulnerabilities. http://www.linuxsecurity.com/advisor...sory-4337.html 5/14/2004 - kernel Privilege escalation vulnerability Patch corrects a local root exploit. http://www.linuxsecurity.com/advisor...sory-4338.html |
All times are GMT -5. The time now is 09:48 PM. |