CVE-2008-0983 (Medium) :
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a
file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large
number of connections, which triggers an out-of-bounds access.
CVE-2008-1111 (Medium) :
mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a
fork failure occurs, which might allow remote attackers to obtain sensitive information.
CVE-2008-1270 (Medium) :
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME,
which might allow remote attackers to read arbitrary files, as demonstrated by accessing the
~nobody directory.
CVE-2008-1199 (Medium) :
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create
dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify
files or directories that are writable by group, via a symlink attack.
CVE-2008-1218 (Medium) :
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using
blocking passdbs, allows remote attackers to bypass the password check via a password
containing TAB characters, which are treated as argument delimiters that enable the
skip_password_check field to be specified.
Instead of simply copying the 'ip_vs.h' header file we apply a patch that
assures the installation of a 'sanitized' version while building the
linux-header package.
CVE-2007-4091 (Medium) :
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute
arbitrary code via directory names that are not properly handled when calling the f_name function.
CVE-2007-6199 (High) :
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows
remote attackers to access restricted files via unknown vectors that cause rsync to create a
symlink that points outside of the module's hierarchy.
CVE-2007-6200 (High) :
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows
remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1)
symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.