Summary
Detail | |||
---|---|---|---|
Vendor | Slackware | First view | 1995-03-01 |
Product | Slackware Linux | Last view | 2019-11-21 |
Version | Type | Os | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.8 | 2019-11-21 | CVE-2013-7172 | Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges. |
9.8 | 2019-11-21 | CVE-2013-7171 | Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges. |
7.8 | 2018-05-01 | CVE-2018-9336 | openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation. |
7.5 | 2018-03-06 | CVE-2018-7184 | ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704. |
7.8 | 2013-07-29 | CVE-2013-4854 | The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. |
1.9 | 2007-02-07 | CVE-2007-0823 | xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability. |
10 | 2006-12-07 | CVE-2006-6235 | A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. |
5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
6.9 | 2005-02-09 | CVE-2004-0940 | Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. |
10 | 2005-01-27 | CVE-2004-0891 | Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer. |
2.1 | 2005-01-27 | CVE-2004-0881 | getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir. |
1.2 | 2005-01-27 | CVE-2004-0880 | getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file. |
2.1 | 2004-08-18 | CVE-2004-0233 | Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files. |
5 | 2004-08-18 | CVE-2004-0232 | Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. |
2.1 | 2004-08-18 | CVE-2004-0231 | Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations." |
10 | 2004-08-18 | CVE-2004-0226 | Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. |
7.2 | 2004-07-07 | CVE-2004-0424 | Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option. |
7.5 | 2004-01-05 | CVE-2003-0977 | CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests. |
7.5 | 2003-12-15 | CVE-2003-0962 | Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail. |
5 | 2003-06-16 | CVE-2003-0195 | CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out. |
7.5 | 2003-05-22 | CVE-2003-0335 | rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant mount flags such as nosuid, nodev, and noexec. |
4.6 | 2002-12-31 | CVE-2002-1814 | Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments. |
7.2 | 2002-02-27 | CVE-2002-0004 | Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
25% (2) | CWE-399 | Resource Management Errors |
25% (2) | CWE-20 | Improper Input Validation |
12% (1) | CWE-415 | Double Free |
12% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
12% (1) | CWE-189 | Numeric Errors |
12% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-58 | Restful Privilege Elevation |
CAPEC-100 | Overflow Buffers |
CAPEC-123 | Buffer Attacks |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:6 | Common Unix Printing System Partial Print DOS |
oval:org.mitre.oval:def:9415 | Heap-based buffer overflow in rsync before 2.5.7, when running in server mode... |
oval:org.mitre.oval:def:866 | Red Hat Enterprise 3 CVS Server root Directory Access Vulnerability |
oval:org.mitre.oval:def:855 | Red Hat CVS Server root Directory Access Vulnerability |
oval:org.mitre.oval:def:11528 | CVS server before 1.11.10 may allow attackers to cause the CVS server to crea... |
oval:org.mitre.oval:def:979 | Utempter Directory Traversal Vulnerability |
oval:org.mitre.oval:def:10115 | Utempter allows device names that contain .. (dot dot) directory traversal se... |
oval:org.mitre.oval:def:939 | Linux Kernel ip_setsockopt Integer Overflow |
oval:org.mitre.oval:def:11214 | Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through... |
oval:org.mitre.oval:def:11790 | Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows rem... |
oval:org.mitre.oval:def:9437 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf... |
oval:org.mitre.oval:def:9575 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS... |
oval:org.mitre.oval:def:9992 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS... |
oval:org.mitre.oval:def:11245 | A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before... |
oval:org.mitre.oval:def:21228 | RHSA-2013:1114: bind security update (Important) |
oval:org.mitre.oval:def:20276 | RHSA-2013:1115: bind97 security update (Important) |
oval:org.mitre.oval:def:19561 | HP-UX Running BIND, Remote Denial of Service (DoS) |
oval:org.mitre.oval:def:18633 | DSA-2728-1 bind9 - denial of service |
oval:org.mitre.oval:def:18438 | USN-1910-1 -- bind9 vulnerability |
oval:org.mitre.oval:def:23869 | ELSA-2013:1114: bind security update (Important) |
oval:org.mitre.oval:def:22902 | ELSA-2013:1115: bind97 security update (Important) |
oval:org.mitre.oval:def:25076 | SUSE-SU-2013:1310-1 -- Security update for bind |
oval:org.mitre.oval:def:27514 | DEPRECATED: ELSA-2013-1114 -- bind security update (important) |
oval:org.mitre.oval:def:27039 | DEPRECATED: ELSA-2013-1115 -- bind97 security update (important) |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
59768 | Bonobo efstools Command Line Argument Handling Local Overflow |
33651 | Linux xterm Process Memory Information Disclosure |
31832 | GnuPG OpenPGP Packet Decryption Overflow |
22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
14794 | Multiple Unix Vendor locale subsystem Multiple Function Format String |
13541 | Slackware Linux pkgtool reply File Symlink Arbitrary File Manipulation |
13538 | XFree86 SuperProbe TestChip Function Local Overflow |
13525 | Slackware Linux login Missing /etc/group Local Privilege Escalation |
13513 | Slackware Linux Default PATH Subversion Privilege Escalation |
13025 | Multiple Vendor Linux rcp nobody User Arbitrary File Overwrite |
12964 | Linux rxvt -print-pipe Local Privilege Escalation |
12881 | OpenBSD httpd mod_include Local Overflow |
12315 | Slackware rc.M quotacheck -M Filesystem Security Subversion |
12033 | Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS |
11773 | Pine Lockfile Symlink Local Privilege Escalation |
11498 | Dillon Cron (dcron) Local Overflow |
11263 | Slackware login User Name Determination |
11003 | Apache HTTP Server mod_include get_tag() Function Local Overflow |
10988 | Gaim MSN File Transfer Overflow DoS |
10987 | Gaim Malformed MSN SLP Message DoS |
10986 | Gaim MSN SLP Message Handling Remote Overflow |
10072 | getmail /tmp Symlink Local Privilege Escalation |
9894 | sort /tmp Symlink Arbitrary File Modification |
OpenVAS Exploits
id | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for gpg File : nvt/sles9p5017544.nasl |
2009-10-10 | Name : SLES9: Security update for apache File : nvt/sles9p5014050.nasl |
2009-02-27 | Name : Fedora Update for gnupg FEDORA-2007-316 File : nvt/gb_fedora_2007_316_gnupg_fc5.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200312-04 (CVS) File : nvt/glsa_200312_04.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200312-03 (rsync) File : nvt/glsa_200312_03.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200405-05 (utempter) File : nvt/glsa_200405_05.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200405-21 (MC) File : nvt/glsa_200405_21.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-32 (getmail) File : nvt/glsa_200409_32.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200410-23 (gaim) File : nvt/glsa_200410_23.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-03 (apache) File : nvt/glsa_200411_03.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-02 (kdegraphics, kpdf, koffice, kword) File : nvt/glsa_200601_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdfto... File : nvt/glsa_200601_17.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200612-03 (gnupg) File : nvt/glsa_200612_03.nasl |
2008-09-04 | Name : FreeBSD Ports: rsync File : nvt/freebsd_rsync1.nasl |
2008-09-04 | Name : FreeBSD Ports: mc File : nvt/freebsd_mc0.nasl |
2008-09-04 | Name : FreeBSD Ports: gnupg File : nvt/freebsd_gnupg6.nasl |
2008-09-04 | Name : FreeBSD Ports: getmail File : nvt/freebsd_getmail.nasl |
2008-09-04 | Name : FreeBSD Ports: gaim, ja-gaim, ru-gaim File : nvt/freebsd_gaim7.nasl |
2008-09-04 | Name : FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim File : nvt/freebsd_gaim2.nasl |
2008-09-04 | Name : FreeBSD Ports: apache File : nvt/freebsd_apache0.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 937-1 (tetex-bin) File : nvt/deb_937_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 102-1 (at) File : nvt/deb_102_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 102-2 (at) File : nvt/deb_102_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1231-1 (gnupg) File : nvt/deb_1231_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 317-1 (cupsys) File : nvt/deb_317_1.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2013-A-0151 | ISC BIND 9 Remote Denial of Service Vulnerability Severity: Category I - VMSKEY: V0039823 |
Snort® IPS/IDS
Date | Description |
---|---|
2018-05-22 | Multiple Vendors NTP zero-origin timestamp denial of service attempt RuleID : 46387 - Type : SERVER-OTHER - Revision : 3 |
2017-12-19 | ISC BIND 9 DNS rdata length handling remote denial of service attempt RuleID : 44879 - Type : SERVER-OTHER - Revision : 1 |
2014-01-10 | EXPLOIT x86 linux overflow RuleID : 352 - Type : FTP - Revision : 8 |
2014-01-10 | EXPLOIT x86 linux overflow RuleID : 351 - Type : FTP - Revision : 9 |
2014-01-10 | EXPLOIT x86 linux overflow RuleID : 350 - Type : FTP - Revision : 9 |
2015-07-28 | Apache mod_include buffer overflow attempt RuleID : 34973 - Type : SERVER-OTHER - Revision : 2 |
2014-01-10 | EXPLOIT MKD overflow RuleID : 349 - Type : FTP - Revision : 9 |
2014-01-10 | ISC BIND 9 DNS rdata length handling remote denial of service attempt RuleID : 27666 - Type : SERVER-OTHER - Revision : 3 |
2014-01-10 | CVS non-relative path access attempt RuleID : 2318-community - Type : SERVER-OTHER - Revision : 8 |
2014-01-10 | CVS non-relative path access attempt RuleID : 2318 - Type : SERVER-OTHER - Revision : 8 |
2014-01-10 | CVS non-relative path error response RuleID : 2317-community - Type : INDICATOR-COMPROMISE - Revision : 10 |
2014-01-10 | CVS non-relative path error response RuleID : 2317 - Type : INDICATOR-COMPROMISE - Revision : 10 |
2014-01-10 | rsyncd overflow attempt RuleID : 2048 - Type : MISC - Revision : 10 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0167.nasl - Type: ACT_GATHER_INFO |
2018-05-29 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201805-12.nasl - Type: ACT_GATHER_INFO |
2018-05-11 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1009.nasl - Type: ACT_GATHER_INFO |
2018-05-11 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-1009.nasl - Type: ACT_GATHER_INFO |
2018-04-27 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2018-116-01.nasl - Type: ACT_GATHER_INFO |
2018-03-09 | Name: The remote NTP server is affected by multiple vulnerabilities. File: ntp_4_2_8p11.nasl - Type: ACT_GATHER_INFO |
2018-03-02 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2018-060-02.nasl - Type: ACT_GATHER_INFO |
2018-02-28 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_af485ef41c5811e88477d05099c0ae8c.nasl - Type: ACT_GATHER_INFO |
2017-04-21 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2017-0066.nasl - Type: ACT_GATHER_INFO |
2014-12-26 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2014-0084.nasl - Type: ACT_GATHER_INFO |
2014-11-08 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2013-1181.nasl - Type: ACT_GATHER_INFO |
2014-10-21 | Name: The remote host is missing a security update for OS X Server. File: macosx_server_4_0.nasl - Type: ACT_GATHER_INFO |
2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL14613.nasl - Type: ACT_GATHER_INFO |
2014-06-18 | Name: The remote host is affected by a denial of service vulnerability. File: mcafee_firewall_enterprise_SB10052.nasl - Type: ACT_GATHER_INFO |
2014-06-18 | Name: The remote host is affected by a denial of service vulnerability. File: mcafee_web_gateway_SB10052.nasl - Type: ACT_GATHER_INFO |
2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2013-654.nasl - Type: ACT_GATHER_INFO |
2014-01-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201401-34.nasl - Type: ACT_GATHER_INFO |
2013-10-01 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2013-214.nasl - Type: ACT_GATHER_INFO |
2013-08-08 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_bind-130805.nasl - Type: ACT_GATHER_INFO |
2013-08-07 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2013-218-01.nasl - Type: ACT_GATHER_INFO |
2013-08-05 | Name: The remote Fedora host is missing a security update. File: fedora_2013-13831.nasl - Type: ACT_GATHER_INFO |
2013-08-05 | Name: The remote Fedora host is missing a security update. File: fedora_2013-13863.nasl - Type: ACT_GATHER_INFO |
2013-07-31 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2013-1114.nasl - Type: ACT_GATHER_INFO |
2013-07-31 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2013-1115.nasl - Type: ACT_GATHER_INFO |
2013-07-31 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2013-1114.nasl - Type: ACT_GATHER_INFO |