This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 1998-04-28
Product Debian Linux Last view 2018-11-12
Version 2.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:debian:debian_linux

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2018-11-12 CVE-2018-19200

An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

7.8 2017-09-25 CVE-2014-8156

The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service.

8.8 2016-06-16 CVE-2016-3062

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.

7.5 2001-10-18 CVE-2001-0763

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

3.6 2001-07-02 CVE-2001-0430

Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.

7.5 2001-06-27 CVE-2001-0441

Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

10 2000-11-14 CVE-2000-0844

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

7.2 2000-06-21 CVE-2000-0607

Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.

7.2 2000-06-21 CVE-2000-0606

Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.

7.2 2000-03-22 CVE-2000-0229

gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.

7.2 2000-02-02 CVE-2000-0112

The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation.

7.5 1999-03-30 CVE-1999-0434

XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

7.2 1999-02-26 CVE-1999-0381

super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.

7.2 1999-02-18 CVE-1999-0405

A buffer overflow in lsof allows local users to obtain root privilege.

2.1 1999-02-16 CVE-1999-0374

Debian GNU/Linux cfengine package is susceptible to a symlink attack.

10 1999-02-09 CVE-1999-0368

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

7.2 1999-02-01 CVE-1999-0373

Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.

7.2 1999-01-17 CVE-1999-0457

Linux ftpwatch program allows local users to gain root privileges.

7.2 1999-01-03 CVE-1999-0914

Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.

7.2 1999-01-03 CVE-1999-0389

Buffer overflow in the bootp server in the Debian Linux netstd package.

7.5 1998-11-26 CVE-1999-1411

The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.

7.2 1998-04-28 CVE-1999-1390

suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain root privileges by specifying a malicious program on the command line.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-264 Permissions, Privileges, and Access Controls
25% (1) CWE-476 NULL Pointer Dereference
25% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
59277 Debian Linux netstd bootpd report.c Overflow
14794 Multiple Unix Vendor locale subsystem Multiple Function Format String
13877 slrn News Reader Long Message Header Multiple Function Overflow
12029 Kanji on Console (KON) kon -StartupMessage Parameter Local Overflow
11526 Linux Console (KON) kon Overflow
11524 Kanji on Console (KON) fld Input File Overflow
9163 ProFTPD MKDIR Directory Creation / Change Remote Overflow (palmetto)
6332 suidmanager suidexec Command Line Privilege Escalation
5946 XFree86 xfs /tmp/.font-unix Symlink Privilege Escalation
5888 super Syslog Utility Local Overflow
5642 Exuberant Ctags Insecure Temporary File Creation
5542 xinetd Long Ident Response Overflow
3163 lsof Unspecified Local Overflow
1262 gpm gpm-root Privilege Drop Failure
1216 Debian Linux MBR Boot Sequence Floppy Privilege Escalation
982 Debian super Local Overflow
974 Debian Linux netstd FTP Client Overflow
972 ftpwatch Unspecified Local Privilege Escalation
971 Debian Linux FSP Unintended Anonymous Access
969 Cfengine on Debian Linux Tidy Action Insecure Temporary File Handling
248 WU-FTPD MKDIR Directory Creation / Change Remote Overflow

OpenVAS Exploits

id Description
2008-01-17 Name : Debian Security Advisory DSA 040-1 (slrn)
File : nvt/deb_040_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 046-1 (exuberant-ctags)
File : nvt/deb_046_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 063-1 (xinetd)
File : nvt/deb_063_1.nasl

Snort® IPS/IDS

Date Description
2014-01-10 EXPLOIT x86 linux overflow
RuleID : 352 - Type : FTP - Revision : 8
2014-01-10 EXPLOIT x86 linux overflow
RuleID : 351 - Type : FTP - Revision : 9
2014-01-10 EXPLOIT x86 linux overflow
RuleID : 350 - Type : FTP - Revision : 9
2014-01-10 EXPLOIT MKD overflow
RuleID : 349 - Type : FTP - Revision : 9
2014-01-10 bootp x86 linux overflow
RuleID : 319 - Type : EXPLOIT - Revision : 7
2014-01-10 bootp x86 bsd overfow
RuleID : 318 - Type : EXPLOIT - Revision : 8

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-c5c72a45ea.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a3ef0a026f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-96b48b34ae.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4003413459.nasl - Type: ACT_GATHER_INFO
2018-12-03 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3563fae5f60c11e8b5135404a68ad561.nasl - Type: ACT_GATHER_INFO
2018-11-21 Name: The remote Debian host is missing a security update.
File: debian_DLA-1581.nasl - Type: ACT_GATHER_INFO
2017-05-10 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201705-08.nasl - Type: ACT_GATHER_INFO
2016-06-28 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-779.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3603.nasl - Type: ACT_GATHER_INFO
2016-06-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-515.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2001-028.nasl - Type: ACT_GATHER_INFO
2012-09-06 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2000-002.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-040.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-063.nasl - Type: ACT_GATHER_INFO
2004-09-29 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-046.nasl - Type: ACT_GATHER_INFO
2000-07-15 Name: Arbitrary code may be run on the remote server.
File: proftpd_pre10.nasl - Type: ACT_GATHER_INFO
1999-08-31 Name: The remote FTP server has a remote buffer overflow vulnerability.
File: wu_ftpd_overflow.nasl - Type: ACT_MIXED_ATTACK