Steve Grubb

**Name of the Vulnerable Software and Affected Versions** Linux versions prior to 2.4.4 **Description** The issue arises from the lack of sanitization of escape characters in filenames during the audit process. **Recommendations** For versions prior to 2.4.4, update to version 2.4.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.3.3 **Description** The issue arises from the improper handling of file system capabilities in the Linux kernel, allowing local users to bypass intended personality restrictions. This can be achieved through a crafted application, as demonstrated by an attack where a parent process is used to disable Address Space Layout Randomization (ASLR). **Recommendations** For Linux kernel versions prior to 3.3.3, update to version 3.3.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of file system capabilities to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libcap versions prior to 2.22 **Description** The issue allows local users to bypass the chroot restrictions. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. The capsh program does not change the current working directory when the --chroot option is specified. **Recommendations** For versions prior to 2.22, update to version 2.22 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: ModSecurity versions prior to 2.5.8 Description: The issue allows remote attackers to cause a denial of service, resulting in an Apache httpd crash. This can be achieved by requesting a PDF file using a method other than GET. Recommendations: For versions prior to 2.5.8, update to version 2.5.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Emacs versions 20.7 through 22.1.50 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files when used with SCCS. **Recommendations** For Emacs versions 20.7 through 22.1.50, consider updating to a version that is not affected by this issue, as a temporary workaround, restrict access to temporary files used by the vcdiff utility to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: passwd version 0.68 Description: The issue is related to the pam start function, where the return code is not checked, potentially preventing safe and proper operation of PAM. The impact and attack vectors of this issue are unknown. Recommendations: For passwd version 0.68, consider implementing a check for the return code of the pam start function as a mitigation measure until a patch is available.

Name of the Vulnerable Software and Affected Versions: passwd versions 0.68 and earlier Description: The issue is caused by an off-by-one error when using the --stdin option, resulting in passwd using the first 78 characters of a password instead of the first 79. This reduction in password length decreases the search space required for brute force attacks. Recommendations: For versions 0.68 and earlier, update to a version later than 0.68 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** utempter version 0.5.5 **Description** The issue allows local users to potentially overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files. This is due to utempter allowing device names that contain .. (dot dot) directory traversal sequences. The exploitation of this issue may lead to a violation of protected information integrity and can be carried out locally. **Recommendations** For utempter version 0.5.5, consider restricting access to the utmp or wtmp files to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using device names that contain .. (dot dot) directory traversal sequences. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Stunnel versions 4.00 and 3.24 and earlier **Description** The issue allows local users to hijack the Stunnel server due to a leaked privileged file descriptor returned by listen(). Multiple vulnerabilities in the stunnel package may lead to disruption of confidentiality, integrity, and availability of protected information, and exploitation can be done locally. **Recommendations** For Stunnel versions 4.00 and 3.24 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xinetd versions 2.3.10 through 2.3.11 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to memory consumption via a large number of rejected connections. Multiple vulnerabilities in the xinetd package may lead to disruption of protected information availability, and exploitation can be carried out remotely. **Recommendations** For xinetd version 2.3.10, update to a version later than 2.3.10 to resolve the issue. For xinetd version 2.3.11, update to a version later than 2.3.11 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.