Bugs
Niki Guldbrand
niki at lunar-linux.org
Mon Sep 22 19:31:11 GMT 2003
Hi all.
This was the highlights from last week, about point 13 and 14, we have
addressed at least one of them, but i don't know which atm.
And i'm gonna take a look at phpBB again, and see what needs to be done.
4. Midnight Commander
Vendor: Gnome Development Team
A vulnerability was reported in Midnight Commander. A
malicious compressed archive can cause the application to execute
arbitrary code.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007762.html
13. Sendmail
Vendor: Sendmail Consortium
A buffer overflow vulnerability was reported in Sendmail in
certain non-default configurations. The impact was not reported.
Impact: Not specified
Alert: http://securitytracker.com/alerts/2003/Sep/1007737.html
14. Sendmail
Vendor: Sendmail Consortium
A vulnerability was reported in Sendmail. A local or remote
user may be able to execute arbitrary code on the target system.
Impact: Execution of arbitrary code via local system
Alert: http://securitytracker.com/alerts/2003/Sep/1007734.html
24. phpBB
Vendor: phpBB Group
An input validation vulnerability was reported in phpBB. A
remote authenticated administrator can conduct cross-site scripting
attacks against other administrators.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2003/Sep/1007709.html
27. ChatZilla
Vendor: Mozilla.org
A vulnerability was reported in ChatZilla. A malicious server
can cause the ChatZilla client to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2003/Sep/1007706.html
Niki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dbguin.lunar-linux.org/mailman/private/lunar-dev/attachments/20030922/e91c0354/attachment.bin
More information about the lunar-dev
mailing list