Bugs

Niki Guldbrand niki at lunar-linux.org
Mon Sep 15 17:52:12 GMT 2003 

Hi all.

I have some parts from this weeks list

Someone should have a look at number 19, and update our forum software,
because  it's is buggy. Here is a link to some info on how to fix our
version. http://www.phpbb.com/phpBB/viewtopic.php?t=135116

9. Man

    Vendor: Brouwer, Andries et al

    A buffer overflow was reported in 'man'.  A local user may be
    able to obtain elevated privileges in certain cases.

    Impact: Execution of arbitrary code via local system

    Alert: http://securitytracker.com/alerts/2003/Sep/1007685.html


12. GtkHTML

    Vendor: GtkHTML Team

    A vulnerability was reported in GtkHTML.  A remote user can
    create an HTML message that, when processed by the GtkHTML library,
    may cause the application to crash.

    Impact: Denial of service via network

    Alert: http://securitytracker.com/alerts/2003/Sep/1007680.html


14. MySQL

    Vendor: MySQL.com

    A buffer overflow vulnerability was reported in MySQL in the
    processing of user passwords.  An authenticated administrator can
    execute arbitrary code on the system.

    Impact: Execution of arbitrary code via network

    Alert: http://securitytracker.com/alerts/2003/Sep/1007673.html


15. Pine

    Vendor: University of Washington

    Two vulnerabilities were reported in the Pine e-mail client.  A
    remote user can send e-mail that, when opened by the target user,
    will cause arbitrary code to be executed on the target user's
system.

    Impact: Execution of arbitrary code via network

    Alert: http://securitytracker.com/alerts/2003/Sep/1007672.html


19. phpBB

    Vendor: phpBB Group

    An input filtering vulnerability was reported in phpBB in the
    '[url]' BBCode tag.  A remote user can conduct cross-site scripting
    attacks.

    Impact: Disclosure of authentication information

    Alert: http://securitytracker.com/alerts/2003/Sep/1007665.html


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dbguin.lunar-linux.org/mailman/private/lunar-dev/attachments/20030915/d7369b0d/attachment.bin

More information about the lunar-dev mailing list