vulnerability

Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.

{ Comments on this FAQ are closed. If you'd like to continue the discussion on this topic, you can do so at our forum. }

An unpatched security hole in Ubuntu Linux 8.04 LTS operating system could be used by attackers to send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL to take control of vulnerable servers.

{ Comments on this FAQ are closed. If you'd like to continue the discussion on this topic, you can do so at our forum. }

The PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service.

{ Comments on this FAQ are closed. If you'd like to continue the discussion on this topic, you can do so at our forum. }

It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible.

{ Comments on this FAQ are closed. If you'd like to continue the discussion on this topic, you can do so at our forum. }

An updated Apache package that fixes a bug is now available under FreeBSD operating systems.

{ Comments on this FAQ are closed. If you'd like to continue the discussion on this topic, you can do so at our forum. }

Havoc Pennington discovered that DBus, a simple interprocess messaging system, performs insufficient validation of security policies, which might allow local privilege escalation.

{ Comments on this FAQ are closed. If you'd like to continue the discussion on this topic, you can do so at our forum. }

Luciano Bello discovered that the random number generator in Debian’s openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable.

{ Comments on this FAQ are closed. If you'd like to continue the discussion on this topic, you can do so at our forum. }