CVE-2007-6199
https://notcve.org/view.php?id=CVE-2007-6199
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. rsync, en versiones anteriores a la 3.0.0pre6. Cuando se ejecuta un demonio rsync en modo lectura-escritura que no use chroot, se permite así que atacantes remotos accedan a ficheros de acceso restringido, usando vectores desconocidos que provocan que rsync cree un enlace simbólico que apunta fuera de la jerarquía de ficheros del módulo. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://rsync.samba.org/security.html#s3_0_0 http://secunia.com/advisories/27853 http://secunia.com/advisories/27863 http://secunia.com/advisories/28412 http://secunia.com/advisories/28457 http://secunia.com/advisories/31326 http://secunia.com/advisories/61005 http://securitytracker.com/id?1019012 http://support.f5.com/kb/en • CWE-16: Configuration •
CVE-2007-6200 – rsync excluded content access restrictions bypass via symlinks
https://notcve.org/view.php?id=CVE-2007-6200
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. Vulnerabilidad no especificada en rsync, en versiones anteriores a la 3.0.0pre6, cuando se ejecuta un demonio rsync en modo lectura-escritura. Permite que atacantes remotos vulneren exclude, exclude_from, y filter, además de poder leer y escribir archivos ocultos usando: (1) symlink, (2) partial-dir, (3) backup-dir, y (4) opciones dest sin especificar. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://rsync.samba.org/security.html#s3_0_0 http://secunia.com/advisories/27853 http://secunia.com/advisories/27863 http://secunia.com/advisories/28412 http://secunia.com/advisories/28457 http://secunia.com/advisories/31326 http://securitytracker.com/id?1019012 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 http://www. • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-3798 – tcpdump - Print-bgp.C Remote Integer Underflow
https://notcve.org/view.php?id=CVE-2007-3798
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. Un desbordamiento de enteros en el archivo print-bgp.c en el disector BGP en tcpdump versión 3.9.6 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de TLVs especialmente diseñados en un paquete BGP, relacionado a un valor de retorno no comprobado. • https://www.exploit-db.com/exploits/30319 http://bugs.gentoo.org/show_bug.cgi?id=184815 http://cvs.tcpdump.org/cgi-bin/cvsweb/tcpdump/print-bgp.c?r1=1.91.2.11&r2=1.91.2.12 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/26135 http://secunia.com/advisories/26168 http://secunia.com/advisories/26223 http://secunia.com/advisories/26231 http://secunia.com • CWE-190: Integer Overflow or Wraparound CWE-252: Unchecked Return Value •
CVE-2007-0823
https://notcve.org/view.php?id=CVE-2007-0823
xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability. xterm en Slackware Linux 10.2 almacena información que ha sido visualizada por una cuenta de usuario diferente usando el mismo proceso xterm, lo que permite a usuarios locales evitar los permisos del fichero y leer los ficheros de otros usuarios u obtener información sensible mediante la lectura de la memoria del proceso xterm. NOTA: puede ser expuesto que esta es una consecuencia esperada de que múltiples usuarios compartan el mismo proceso interactivo, en cuyo caso esto no sería una vulnerabilidad. • http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0012.html http://gotfault.wordpress.com/2007/02/01/a-funny-case http://osvdb.org/33651 •
CVE-2005-3626
https://notcve.org/view.php?id=CVE-2005-3626
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •