Monthly Archive: May 2014

The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands. Date published : 2014-05-08 http://theforeman.org/security.html

Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request. Date published : 2014-05-08 http://theforeman.org/security.html

The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. Date published : 2014-05-08 http://projects.theforeman.org/issues/2069 http://theforeman.org/security.html

Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack. Date published : 2014-05-08 http://projects.theforeman.org/issues/2069 http://theforeman.org/security.html

Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API. Date published : 2014-05-08 http://projects.theforeman.org/issues/2069 http://theforeman.org/security.html

NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/Mosaic.pid file for every possible PID. Date published : 2014-05-08 http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html http://openwall.com/lists/oss-security/2014/05/07/7

NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/xmosaic.pid file for every possible PID. Date published : 2014-05-08 http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html http://openwall.com/lists/oss-security/2014/05/07/7

lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file. Date published : 2014-05-08 http://advisories.mageia.org/MGASA-2014-0250.html http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. Date published : 2014-05-08 http://advisories.mageia.org/MGASA-2014-0250.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:117

lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/. Date published : 2014-05-08 http://advisories.mageia.org/MGASA-2014-0250.html http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8

lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file. Date published : 2014-05-08 http://advisories.mageia.org/MGASA-2014-0250.html http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8

seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes...

The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query...

Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1. Date published : 2014-05-08 http://www.securityfocus.com/bid/67198 https://bitbucket.org/skskeyserver/sks-keyserver/commits/88d453cdc858d1352c61a4d4a6cd5b1ac17f2724