A vulnerability was discovered and corrected in krb5: The merge_authdata function in kdc_authdata.c in the Key Distribution Center in MIT Kerberos 5 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service , or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS re ...
A vulnerability has been found and corrected in krb5: Multiple integer underflows in the AES and RC4 decryption functionality in the crypto library in MIT Kerberos 5 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid . Packages for 2008.0 are provided ...
A vulnerability has been found and corrected in lftp: The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a ...
A vulnerability was discovered and corrected in ISC dhcp: ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field . The updated packages have been upgraded to 4.1.2 which is not vulnerable to this issue.
Multiple vulnerabilities has been found and corrected in evince: Array index error in the PK and VF font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer . Heap-based buffer overflow in the AFM font parser in t ...
A vulnerability has been found and corrected in dhcp: ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520 . The updated packages have been patched to correct this issue.
Multiple vulnerabilities were discovered and corrected in krb5: The MIT krb5 KDC database propagation daemon is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause the termination of the listening process that spawned it, preventing the slave KDC it was running o ...
A vulnerability has been found and corrected in dhcp: The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service by sending a message over IPv6 for a declined and abandoned address . The updated packages have been patched to correct this issue.
Multiple vulnerabilities were discovered and corrected in krb5: The MIT krb5 Key Distribution Center daemon is vulnerable to denial of service attacks from unauthenticated remote attackers . Packages for 2009.0 are provided as of the Extended Maintenance Program
Some vulnerabilities were discovered and corrected in perl-MDK-Common: The functions used to write strings into shell like configuration files by Mandriva tools were not taking care of some special characters. This could lead to some bugs , and privilege escalation. This update fixes that issue by ensuring proper protection of strings. The updated packages have been patched to correct these issues ...