RSS   Podatności dla 'Enterprise linux'   RSS

2009-06-26
 
CVE-2009-1887

CWE-189
 
 
agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.

 
2008-03-06
 
CVE-2008-1198

CWE-16
 
 
The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.

 
2008-04-03
 
CVE-2008-0884

 
 
The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable permissions for the /etc/pam.d/system-auth-ac file, which allows local users to gain privileges by modifying this file.

 
2008-02-29
 
CVE-2008-0595

CWE-264
 
 
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.

 

 >>> Vendor: Red hat 10 Produkty
Directory server
Linux kernel
Enterprise linux
Enterprise linux desktop
Fedora core
Network satellite server
Enterprise linux desktop workstation
Fedora directory server
Enterprise linux kernel
Network satellite

Copyright 2024, cxsecurity.com

 

Back to Top