diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2005-08-28 17:41:34 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2005-08-28 17:41:34 +0000 |
commit | 144c0fa90f91e8fde1a11186dbc44841f305ba7c (patch) | |
tree | 7d7d895724044bba8c2157508721f80b678612e6 /data/DTSA/advs | |
parent | 876587aef42d0738d151110ba72a2a4fe2291c2e (diff) |
dtsa adapted to new DTSA templates
Ported over data from kismet DTSA to the new format
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@1698 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
-rw-r--r-- | data/DTSA/advs/0-hotzenplotz.adv | 15 | ||||
-rw-r--r-- | data/DTSA/advs/1-kismet.adv | 23 |
2 files changed, 38 insertions, 0 deletions
diff --git a/data/DTSA/advs/0-hotzenplotz.adv b/data/DTSA/advs/0-hotzenplotz.adv new file mode 100644 index 0000000000..a821992d91 --- /dev/null +++ b/data/DTSA/advs/0-hotzenplotz.adv @@ -0,0 +1,15 @@ +dtsa: DTSA-0-1 +source: hotzenplotz +date: 2005-11-12 +author: Wachtmeister Dimpfelmoser +vuln-type: buffer overflows +problem-scope: remote +debian-specifc: +cve: CAN-1978-0019 +vendor-advisory: http://www.hotzenplotz.org/sec/buffer-overflow.html +testing-fix: 3.14-1ts1 +sid-fix: 3.14-2 + +User authentication in hotzenplotz does not verify the user name properly. +A buffer overflow can be exploited to execute arbitrary code with elevated +privileges. diff --git a/data/DTSA/advs/1-kismet.adv b/data/DTSA/advs/1-kismet.adv new file mode 100644 index 0000000000..24691ef93d --- /dev/null +++ b/data/DTSA/advs/1-kismet.adv @@ -0,0 +1,23 @@ +dtsa: DTSA-1-1 +source: kismet +date: August 26th, 2005 +author: Joey Hess +vuln-type: various +problem-scope: remote +debian-specific: no +cve: CAN-2005-2626 CAN-2005-2627 +testing-fix: 2005.08.R1-0.1etch1 +sid-fix: 2005.08.R1-1 + +Multiple security holes have been discovered in kismet: + + CAN-2005-2627 + + Multiple integer underflows in Kismet allow remote attackers to execute + arbitrary code via (1) kernel headers in a pcap file or (2) data frame + dissection, which leads to heap-based buffer overflows. + + CAN-2005-2626 + + Unspecified vulnerability in Kismet allows remote attackers to have an + unknown impact via unprintable characters in the SSID. |