[security] Debian Security Advisories
Lorenzo Iannuzzi
nakis a libero.it
Mar 6 Gen 2004 11:22:09 CET
http://www.debian.org/security/
Multiple vulnerabilities were discovered in nd, a command-line WebDAV
interface, whereby long strings received from the remote server could
overflow fixed-length buffers.
A vulnerability was discovered in mpg321, a command-line mp3 player,
whereby user-supplied strings were passed to printf(3) unsafely.
A vulnerability was discovered in libnids, a library used to analyze
IP network traffic, whereby a carefully crafted TCP datagram could
cause memory corruption and potentially execute arbitrary code with
the privileges of the user executing a program which uses libnids
(such as dsniff).
A vulnerability was discovered in BIND, a domain name server, whereby
a malicious name server could return authoritative negative responses
with a large TTL (time-to-live) value, thereby rendering a domain name
unreachable.
--
Ciao e alla prossima!
Lorenzo nakis a libero.it
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome: non disponibile
Tipo: application/pgp-signature
Dimensione: 244 bytes
Descrizione: non disponibile
Url: http://itlists.org/pipermail/security/attachments/20040106/09fbcfdf/attachment.pgp
Maggiori informazioni sulla lista
security