Rpath Linux vulnerabilities

CVE-2008-3139 [MEDIUM] CWE-200 CVE-2008-3139: The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.

CVE-2008-3138 [MEDIUM] CWE-200 CVE-2008-3138: The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow r The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.

CVE-2007-5686 [MEDIUM] CWE-264 CVE-2007-5686: initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows loca initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.

CVE-2007-1351 [HIGH] CWE-189 CVE-2007-1351: Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 2007040 Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.

CVE-2007-0536 [HIGH] CVE-2007-0536: The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes package The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.