Security: sudo
A (potentially malicious) program run by a user with sudo access may be able to bypass the “tty_ticket” constraints. In order for this to succeed there must exist on the machine a terminal device that...
View ArticleFreeBSD: nfs remote DoS
A security hole is present on FreeBSD NFS implementation. Insufficient input validation in the NFS server allows an attacker to cause the underlying file system to treat a regular file as a directory....
View ArticleSecurity: mod_security
When ModSecurity receives a request body with a size bigger than the value set by the “SecRequestBodyInMemoryLimit” and with a “Content-Type” that has no request body processor mapped to it,...
View ArticleSécurité: puppet
When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the...
View ArticleSecurity: PHPMyAdmin
The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. This vulnerability can be triggered only by someone who logged...
View ArticleSecurity: puppet
By using the `resource_type` service, an attacker could cause puppet to load arbitrary Ruby files from the puppet master node’s file system. While this behavior is not enabled by default, `auth.conf`...
View Article
