[Lunar-dev] Bugs

Mon Aug 4 14:17:28 GMT 2003

Here is a little list on buggy software again.
I have not had any time to look at any of these yet.

19. lockdev

    Vendor: Polacco, Fabrizio

    A vulnerability was reported in lockdev.  A local user may be
    able to obtain elevated privileges on the system.

    Impact: Execution of arbitrary code via local system

    Alert: http://securitytracker.com/alerts/2003/Jul/1007332.html

20. Linux Kernel

    Vendor: kernel.org

    An unsigned integer overflow was reported in the Linux kernel
    in an NFSv3 function call.  A remote user may be able to cause the
    system to crash.  The specific impact depends on the application or
    service that uses the vulnerable call.

    Impact: Denial of service via local system

    Alert: http://securitytracker.com/alerts/2003/Jul/1007331.html

24. KDE Konqueror

    Vendor: KDE.org

    An information disclosure vulnerability was reported in the KDE
    Konqueror web browser.   The browser may leak URL-based
    authentication information via the HTTP Referer field.

    Impact: Disclosure of authentication information

    Alert: http://securitytracker.com/alerts/2003/Jul/1007326.html

42. cdrtools

    Vendor: Schilling, J.

    A vulnerability was reported in cdrtools in the 'rscsi' binary.
    A local user can obtain root privileges.

    Impact: Modification of system information

    Alert: http://securitytracker.com/alerts/2003/Aug/1007368.html