The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Debian Woody

Asterisk: user detection via IAX2
An attacker can use information returned during the IAX2 authentication in order to detect if a user name is valid...
AST-2009-001, BID-33174, CERTA-2009-AVI-010, CVE-2009-0041, DSA-1952-1, FEDORA-2009-0973, FEDORA-2009-0984, VIGILANCE-VUL-8376
BIND: incorrect usage of OpenSSL DSA_verify
The BIND server incorrectly uses the DSA_verify() function of OpenSSL, which can be used by an attacker to bypass the signature check...
250846, 6791029, BID-33151, CERTA-2011-AVI-616, CVE-2009-0025, CVE-2009-0265, DSA-1703-1, FEDORA-2009-0350, FEDORA-2009-0451, FreeBSD-SA-09:04.bind, IV09491, IV09978, IV10049, IV11742, IV11743, IV11744, MDVSA-2009:002, MDVSA-2009:037, ocert-2008-016, RHSA-2009:0020-01, SOL11503, SSA:2009-014-02, SSA:2009-015-01, SUSE-SA:2009:005, TLSA-2009-4, VIGILANCE-VUL-8372, VMSA-2009-0004, VMSA-2009-0004.1, VMSA-2009-0004.2, VMSA-2009-0004.3
NTP: incorrect usage of OpenSSL EVP_VerifyFinal
The NTP server incorrectly uses the EVP_VerifyFinal() function of OpenSSL, which can be used by an attacker to bypass the signature check...
CVE-2009-0021, DSA-1702-1, FEDORA-2009-0544, FEDORA-2009-0547, FreeBSD-SA-09:03.ntpd, KB76646, MDVSA-2009:007, ocert-2008-016, RHSA-2009:0046-01, SSA:2009-014-03, SUSE-SR:2009:005, SUSE-SR:2009:008, VIGILANCE-VUL-8374
OpenSSL: bypassing signature check
The OpenSSL client does not correctly validates signatures presented by the server...
2009009350, 250826, 6786120, BID-33150, c01706219, CERTA-2009-AVI-006, CERTA-2009-AVI-009, CERTA-2010-AVI-268, CVE-2008-5077, DSA-1701-1, FEDORA-2009-0325, FEDORA-2009-0331, FEDORA-2009-0419, FEDORA-2009-0543, FEDORA-2009-0577, FEDORA-2009-0636, FEDORA-2009-1914, FEDORA-2009-2090, FreeBSD-SA-09:02.openssl, HPSBUX02418, MDVSA-2009:001, ocert-2008-016, openSUSE-SU-2011:0845-1, SSA:2009-014-01, SSRT090002, SUSE-SA:2009:006, SUSE-SU-2011:0847-1, TLSA-2009-5, VIGILANCE-VUL-8371, VMSA-2009-0004, VMSA-2009-0004.1, VMSA-2009-0004.2, VMSA-2009-0004.3
QEMU, Linux KVM: truncation of VNC password
When the user changes the VNC password via the QEMU console or Linux Kernel-Based Virtual Machine, it is truncated to 7 characters...
BID-33020, CVE-2008-5714, DSA-1907-1, MDVSA-2009:008, MDVSA-2009:009, MDVSA-2009:010, SUSE-SR:2009:002, SUSE-SR:2009:008, VIGILANCE-VUL-8363
xterm: command injection via DECRQSS
An attacker can invite the victim to display a text file containing a malicious DECRQSS ANSI sequence in order to execute a command on his computer...
254208, 510030, 6790248, BID-33060, CVE-2008-2383, DSA-1694-1, DSA-1694-2, FEDORA-2009-0059, FEDORA-2009-0091, FEDORA-2009-0154, MDVSA-2009:005, RHSA-2009:0018-01, RHSA-2009:0019-01, SSA:2009-069-03, SUSE-SR:2009:002, SUSE-SR:2009:003, VIGILANCE-VUL-8360
Linux kernel: denial of service of SCTP-AUTH
A local attacker can read the kernel memory or stop the system via SCTP-AUTH...
BID-31121, BID-31634, CERTA-2002-AVI-192, CERTA-2002-AVI-206, CVE-2008-3792, CVE-2008-4113, CVE-2008-4445, DSA-1636-1, DSA-1655-1, MDVSA-2008:223, RHSA-2008:0857-02, SUSE-SA:2008:053, TKADV2008-007, VIGILANCE-VUL-8104
Linux kernel: denial of service via SG_IO
A local attacker can generate a temporary denial of service in libATA...
474495, CVE-2008-5700, DSA-1787-1, RHSA-2009:0053-01, RHSA-2009:0326-01, RHSA-2009:0331-01, SUSE-SA:2009:003, SUSE-SA:2009:010, VIGILANCE-VUL-8356, VMSA-2009-0016, VMSA-2009-0016.1, VMSA-2009-0016.2, VMSA-2009-0016.3, VMSA-2009-0016.4, VMSA-2009-0016.5
Linux kernel: denial of service on MIPS
On a MIPS 64 bit processor, a local attacker can stop the system...
CVE-2008-5701, DSA-1787-1, DSA-1794-1, FEDORA-2009-0816, FEDORA-2009-0923, VIGILANCE-VUL-8355
Linux kernel: denial of service of qdisc_run
A local attacker can generate a high network load in order to lock the system in __qdisc_run()...
477744, BID-32985, CVE-2008-5713, DSA-1794-1, RHSA-2009:0264-01, VIGILANCE-VUL-8353
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Woody: