Section: .. / 0601-advisories /
| /// File Name: |
cisco-sa-20060118-ccmdos.txt |
Description:
|
Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. All Cisco CallManager versions are vulnerable to these Denial of Service (DoS) attacks, which may result in services being interrupted or servers rebooting.
| | Author: | Cisco | | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml. | | File Size: | 11830 | | Last Modified: | Jan 25 08:47:19 2006 |
| MD5 Checksum: | eb85865e7da449d533766493e57bd4c4 |
|
| /// File Name: |
cisco-sa-20060118-ccmpe.txt |
Description:
|
Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. Cisco CallManager versions with Multi Level Administration (MLA) enabled may be vulnerable to privilege escalation, which may result in read-only users gaining administrative access.
| | Author: | Cisco | | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml. | | File Size: | 12536 | | Last Modified: | Jan 25 08:48:10 2006 |
| MD5 Checksum: | 2f14c43515e9ab84f49c757094d62cf5 |
|
| /// File Name: |
cisco-sa-20060118-sgbp.txt |
Description:
|
The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.
| | Author: | Cisco | | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml | | File Size: | 29733 | | Last Modified: | Jan 25 08:46:07 2006 |
| MD5 Checksum: | 16fd609bec0d74a6b06643fa010a06a9 |
|
| /// File Name: |
Claroline1.7.2-sso.txt |
Description:
|
Unavailable.
| | File Size: | 1212 | | Last Modified: | Jan 26 10:12:38 2006 |
| MD5 Checksum: | 2b6035bd83310fc5882bfa6f8ec52726 |
|
| /// File Name: |
ClipcommCPW-100E.txt |
Description:
|
An undocumented port and debug service on TCP/60023 enables an attacker to access without authentication the phone's configuration/debug shell via telnet.
| | Author: | Shawn Merdinger | | File Size: | 1417 | | Last Modified: | Jan 22 22:47:48 2006 |
| MD5 Checksum: | 625deac3a49e8ba2266f9485914de057 |
|
| /// File Name: |
communiLDAP.txt |
Description:
|
Multiple vulnerabilities in the LDAP component of CommuniGate Pro Server version 5.0.6 have been uncovered.
| | Homepage: | http://www.gleg.net/protover_ldap.shtml | | File Size: | 1187 | | Last Modified: | Jan 30 00:14:06 2006 |
| MD5 Checksum: | 74f6699d822dec4b4cfa6267fa505b4d |
|
| /// File Name: |
dsa-929-1.txt |
Description:
|
Debian Security Advisory DSA 929-1 - Steve Kemp from the Debian Security Audit project discovered a buffer overflow in petris, a clone of the Tetris game, which may be exploited to execute arbitrary code with group games privileges.
| | Author: | Steve Kemp | | Homepage: | http://www.debian.org/security/ | | File Size: | 4183 | | Related CVE(s): | CVE-2005-3540 | | Last Modified: | Jan 10 05:40:56 2006 |
| MD5 Checksum: | 69b6ace45aaec6bd6cfde7e0cd729e2f |
|
| /// File Name: |
dsa-930-1.txt |
Description:
|
Debian Security Advisory DSA 930-1 - Ulf Harnhammar from the Debian Security Audit project discovered a format string attack in the logging code of smstools, which may be exploited to execute arbitrary code with root privileges.
| | Author: | Steve Kemp | | Homepage: | http://www.debian.org/security/ | | File Size: | 4230 | | Related CVE(s): | CVE-2006-0083 | | Last Modified: | Jan 10 05:41:57 2006 |
| MD5 Checksum: | e41cb8151709bcee68295233a15fbef9 |
|
| /// File Name: |
dsa-930-2.txt |
Description:
|
Debian Security Advisory DSA 930-2 - Ulf Harnhammar from the Debian Security Audit project discovered a format string attack in the logging code of smstools, which may be exploited to execute arbitrary code with root privileges.
| | Author: | Steve Kemp | | Homepage: | http://www.debian.org/security/ | | File Size: | 5084 | | Related CVE(s): | CVE-2006-0083 | | Last Modified: | Jan 11 06:56:12 2006 |
| MD5 Checksum: | c5952807a3a8d2b495420fb99eebf494 |
|
| /// File Name: |
dsa-933-1.txt |
Description:
|
Debian Security Advisory DSA 933-1 - Patrice Fournier found that hylafax passes unsanitized user data in the notify script, allowing users with the ability to submit jobs to run arbitrary commands with the privileges of the hylafax server.
| | Author: | Michael Stone | | Homepage: | http://www.debian.org/security/ | | File Size: | 11168 | | Related CVE(s): | CVE-2005-3539 | | Last Modified: | Jan 10 06:14:14 2006 |
| MD5 Checksum: | 712032eac539837fc10550dcf7e10e27 |
|
| /// File Name: |
dsa-935-1.txt |
Description:
|
Debian Security Advisory DSA 935-1 - iDEFENSE reports that a format string vulnerability in mod_auth_pgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the privileges of the httpd user.
| | Author: | Michael Stone | | Homepage: | http://www.debian.org/security/ | | File Size: | 5778 | | Related CVE(s): | CVE-2005-3656 | | Last Modified: | Jan 11 06:57:05 2006 |
| MD5 Checksum: | 08427fda2faed82b3392ee03ea47141f |
|
| /// File Name: |
dsa-936-1.txt |
Description:
|
Debian Security Advisory DSA 936-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 9764 | | Related CVE(s): | CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-2097, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628 | | Last Modified: | Jan 12 02:02:26 2006 |
| MD5 Checksum: | 75dcff2aa689f6c6b81d7b435e28267b |
|
| /// File Name: |
dsa-937-1.txt |
Description:
|
Debian Security Advisory DSA 937-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 15727 | | Related CVE(s): | CVE-2005-3191, CVE-2005-3192, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628 | | Last Modified: | Jan 15 16:44:49 2006 |
| MD5 Checksum: | 635b5e6044bdbb7b8ef3d66674e75834 |
|
| /// File Name: |
dsa-939-1.txt |
Description:
|
Debian Security Advisory DSA 939-1 - Daniel Drake discovered a problem in fetchmail, an SSL enabled POP3, APOP, IMAP mail gatherer/forwarder, that can cause a crash when the program is running in multidrop mode and receives messages without headers.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 5430 | | Related CVE(s): | CVE-2005-4348 | | Last Modified: | Jan 15 18:03:35 2006 |
| MD5 Checksum: | d2595ed978f31445e0dcc771e2bbcc2e |
|
| /// File Name: |
dsa-941-1.txt |
Description:
|
Debian Security Advisory DSA 941-1 - The Debian Security Audit project discovered that a script in tuxpaint, a paint program for young children, creates a temporary file in an insecure fashion.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 5210 | | Related CVE(s): | CVE-2005-3340 | | Last Modified: | Jan 22 00:43:06 2006 |
| MD5 Checksum: | 9c1c60c5af284375ce6042f599a4a2c4 |
|
| /// File Name: |
dsa-942-1.txt |
Description:
|
Debian Security Advisory DSA 942-1 - A design error has been discovered in the Albatross web application toolkit that causes user supplied data to be used as part of template execution and hence arbitrary code execution.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 3550 | | Related CVE(s): | CVE-2006-0044 | | Last Modified: | Jan 22 00:44:01 2006 |
| MD5 Checksum: | 2da3636765a726d3a4827f759173bf57 |
|
| /// File Name: |
dsa-943-1.txt |
Description:
|
Debian Security Advisory DSA 943-1 - Jack Louis discovered an integer overflow in Perl, Larry Wall's Practical Extraction and Report Language, that allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via specially crafted content that is passed to vulnerable format strings of third party software.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 14954 | | Related CVE(s): | CVE-2005-3962 | | Last Modified: | Jan 22 01:03:10 2006 |
| MD5 Checksum: | 115e28fca2fb2ddfd1fb58f264dbbd57 |
|
| /// File Name: |
dsa-945-1.txt |
Description:
|
Debian Security Advisory DSA 945-1 - Javier Fernández-Sanguino Peña from the Debian Security Audit project discovered that two scripts in antiword, utilities to convert Word files to text and Postscript, create a temporary file in an insecure fashion.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 7643 | | Last Modified: | Jan 22 23:34:45 2006 |
| MD5 Checksum: | 8ee15ae054608a7f20028994c125b713 |
|
| /// File Name: |
dsa-946-1.txt |
Description:
|
Debian Security Advisory DSA 946-1 - It has been discovered that sudo, a privileged program, that provides limited super user privileges to specific users, passes several environment variables to the program that runs with elevated privileges. In the case of include paths (e.g. for Perl, Python, Ruby or other scripting languages) this can cause arbitrary code to be executed as privileged user if the attacker points to a manipulated version of a system library.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 7967 | | Last Modified: | Jan 22 23:53:45 2006 |
| MD5 Checksum: | 5d18f255d7b7f76aa9152ea9fce8761c |
|
| /// File Name: |
dsa-947-1.txt |
Description:
|
Debian Security Advisory DSA 947-1 - A heap overflow has been discovered in ClamAV, a virus scanner, which could allow an attacker to execute arbitrary code by sending a carefully crafted UPX-encoded executable to a system runnig ClamAV. In addition, other potential overflows have been corrected.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 13157 | | Last Modified: | Jan 22 23:54:33 2006 |
| MD5 Checksum: | e0f9172e9548d42e3a852aa6165d9864 |
|
| /// File Name: |
dsa-947-2.txt |
Description:
|
Debian Security Advisory DSA 947-2 - A heap overflow has been discovered in ClamAV, a virus scanner, which could allow an attacker to execute arbitrary code by sending a carefully crafted UPX-encoded executable to a system runnig ClamAV. In addition, other potential overflows have been corrected.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 3663 | | Last Modified: | Jan 26 06:10:43 2006 |
| MD5 Checksum: | 33920a0de2e3661f67dba0311d846313 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
