Section: .. / 0605-advisories /
| /// File Name: |
cirt-43-advisory.pdf |
Description:
|
A vulnerability has been found in an ActiveX object distributed as part of TDC' Microsoft CSP suite. The vulnerability allows code execution on any client machine that has the component installed if the user navigates to an attacker-created website.
| | Author: | Dennis Rand | | Homepage: | http://www.cirt.dk | | File Size: | 270168 | | Related CVE(s): | CVE-2006-1172 | | Last Modified: | May 6 17:53:54 2006 |
| MD5 Checksum: | 95e200f8b61a5782e57d22b2dc53c55b |
|
| /// File Name: |
novell_ndps_advisory.pdf |
Description:
|
Hustle Labs Advisory - There is an integer overflow present that affects Novell Windows clients and Novell Netware server and Novell Open Enterprise server. All versions of Novell Netware and Novell Netware Client for Windows are affected. All Netware based versions of Novell Open Enterprise Server are affected. Detailed analysis provided.
| | Author: | Ryan Smith, Alex Wheeler | | Homepage: | http://www.hustlelabs.com/ | | File Size: | 162652 | | Last Modified: | May 22 00:10:55 2006 |
| MD5 Checksum: | 319e4e8c179800f509095b52e4b52d81 |
|
| /// File Name: |
USN-280-1.txt |
Description:
|
Ubuntu Security Notice 280-1 - The Render extension of the X.org server incorrectly calculated the size of a memory buffer, which led to a buffer overflow. A local attacker could exploit this to crash the X server or even execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 95741 | | Related CVE(s): | CVE-2006-1526 | | Last Modified: | May 6 17:08:37 2006 |
| MD5 Checksum: | 8c18a8d0c4ccceff2f41787ca29bc684 |
|
| /// File Name: |
USN-281-1.txt |
Description:
|
Ubuntu Security Notice 281-1 - Multiple vulnerabilities have been discovered in the Linux 2.6 kernel. The sys_mbind() function did not properly verify the validity of the 'maxnod' argument. A local user could exploit this to trigger a buffer overflow, which caused a kernel crash. The SELinux module did not correctly handle the tracer SID when a process was already being traced. A local attacker could exploit this to cause a kernel crash. Al Viro discovered a local Denial of Service in the sysfs write buffer handling. By writing a block wit h a length exactly equal to the processor's page size to any writable file in /sys, a local attacker could cause a kernel crash. John Blackwood discovered a race condition with single-step debugging multiple processes at the same time. A local attacker could exploit this to crash the system. This only affects the amd64 platform. Marco Ivaldi discovered a flaw in the handling of the ID number of IP packets. This number was incremented after receiving unsolicited TCP SYN-ACK packets. A remote attacker could exploit this to conduct port scans with the 'Idle scan' method (nmap -sI), which bypassed intended port scan protections. Pavel Kankovsky discovered that the getsockopt() function, when called with an SO_ORIGINAL_DST argument, does not properly clear the returned structure, so that a random piece of kernel memory is exposed to the user. This could potentially reveal sensitive data like passwords or encryption keys. A buffer overflow was discovered in the USB Gadget RNDIS implementation. While creating a reply message, the driver did not allocate enough memory for the reply structure. A remote attacker could exploit this to cause a kernel crash. Alexandra Kossovsky discovered an invalid memory access in the ip_route_input() function. By using the 'ip' command in a particular way to retrieve multicast routes, a local attacker could exploit this to crash the kernel.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 88963 | | Related CVE(s): | CVE-2006-0557, CVE-2006-1052, CVE-2006-1055, CVE-2006-1066, CVE-2006-1242, CVE-2006-1343, CVE-2006-1368, CVE-2006-1525 | | Last Modified: | May 6 17:07:56 2006 |
| MD5 Checksum: | 86c4e4a8a74cce0a7462b38366038f87 |
|
| /// File Name: |
JiwaFinancials6.4.14.txt |
Description:
|
The reporting function in Jiwa Financials 6.4.14 allows execution of arbitrary reports as SQL user with full SELECT, INSERT, UPDATE, DELETE SQL permissions.
| | Author: | Robert Passlow | | File Size: | 31407 | | Last Modified: | May 29 19:19:59 2006 |
| MD5 Checksum: | 576c424742b29885c5a00b054b2dd984 |
|
| /// File Name: |
USN-288-1.txt |
Description:
|
Ubuntu Security Notice 288-1: postgresql-7.4/-8.0, postgresql, psycopg, python-pgsql vulnerabilities
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 28608 | | Last Modified: | May 29 19:43:59 2006 |
| MD5 Checksum: | 4d81bd37f42f6a0ab18f6b88ff0a521a |
|
| /// File Name: |
dsa-1053-1.txt |
Description:
|
Debian Security Advisory 1053-1: Martijn Wargers and Nick Mott described crashes of Mozilla due to the use of a deleted controller context. In theory this could be abused to execute malicious code.
| | Homepage: | http://www.debian.org/security | | File Size: | 28516 | | Last Modified: | May 17 17:28:05 2006 |
| MD5 Checksum: | b89d621eb35fb1218928e4ab6c4fd50f |
|
| /// File Name: |
sa20015.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for mozilla. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/20015/ | | File Size: | 26182 | | Last Modified: | May 9 15:56:56 2006 |
| MD5 Checksum: | 30b92c4cad1e1d901b8ba8fe9ab5ee46 |
|
| /// File Name: |
sa20314.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for postgresql. This fixes two vulnerabilities, which potentially can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/20314/ | | File Size: | 24560 | | Last Modified: | May 30 22:22:26 2006 |
| MD5 Checksum: | b9e6006d737ca6524b9a100de86aa98c |
|
| /// File Name: |
dsa-1051-1.txt |
Description:
|
Debian Security Advisory 1051-1 - Several security related problems have been discovered in Mozilla Thunderbird. This advisory addresses those issues.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security | | File Size: | 22370 | | Related CVE(s): | CVE-2005-2353, CVE-2005-4134, CVE-2006-0292, CVE-2006-0293, CVE-2006-0296, CVE-2006-0748, CVE-2006-0749, CVE-2006-0884, CVE-2006-1045, CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, CVE-2006-1723, CVE-2006-1724, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729, CVE-2006-1730, CVE-2006-1731, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1736, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1740, CVE-2006-1741, CVE-2006-1742, CVE-2006-1790 | | Last Modified: | May 6 17:02:29 2006 |
| MD5 Checksum: | 4f79a008194185391d4a9f470c3c33c6 |
|
| /// File Name: |
dsa-1063-1.txt |
Description:
|
Debian Security Advisory 1063-1 - It was discovered that the Avatar upload feature of FUD Forum, a component of the web based groupware system phpgroupware, does not sufficiently validate uploaded files, which might lead to the execution of injected web script code.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 20533 | | Related CVE(s): | CVE-2005-2781 | | Last Modified: | May 22 02:23:17 2006 |
| MD5 Checksum: | e2122d52cbe1ea7831ab4eeb8ff4f911 |
|
| /// File Name: |
sa19979.txt |
Description:
|
Secunia Security Advisory - SUSE has issued updates for php4 / php5. These fix some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions, to gain knowledge of potentially sensitive information, and to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/19979/ | | File Size: | 19480 | | Last Modified: | May 5 20:32:43 2006 |
| MD5 Checksum: | 922148818dd53a5f380fab0cd8b154e4 |
|
| /// File Name: |
dsa-1054-1.txt |
Description:
|
Debian Security Advisory 1054-1: Tavis Ormandy discovered several vulnerabilities in the TIFF library that can lead to a denial of service or the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 19150 | | Last Modified: | May 17 17:28:11 2006 |
| MD5 Checksum: | 83edbc442ba1306150ceebfc94545213 |
|
| /// File Name: |
sa20203.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for phpgroupware. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/20203/ | | File Size: | 18634 | | Last Modified: | May 23 01:09:34 2006 |
| MD5 Checksum: | 7cc7ce85ff6aff2ebc14226f574968ea |
|
| /// File Name: |
dsa-1082-1.txt |
Description:
|
Debian Security Advisory 1082-1: Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 17142 | | Last Modified: | May 29 19:40:51 2006 |
| MD5 Checksum: | 5b2ee07e9b859ffd93b5684a6da04174 |
|
| /// File Name: |
sa20021.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for tiff. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/20021/ | | File Size: | 16977 | | Last Modified: | May 9 15:56:56 2006 |
| MD5 Checksum: | 12e9cad478a15ae050c2b5c0abeb228c |
|
| /// File Name: |
dsa-1050-1.txt |
Description:
|
Debian Security Advisory 1050-1 - Ulf Harnhammar and an anonymous researcher from Germany discovered a vulnerability in the protocol code of freshclam, a command line utility responsible for downloading and installing virus signature updates for ClamAV, the antivirus scanner for Unix. This could lead to a denial of service or potentially the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security | | File Size: | 15443 | | Related CVE(s): | CVE-2006-1989 | | Last Modified: | May 6 16:41:44 2006 |
| MD5 Checksum: | 1cb33ea7e8677948aa99d8148ab45a95 |
|
| /// File Name: |
USN-276-1.txt |
Description:
|
Ubuntu Security Notice 276-1 - A large number of mozilla-thunderbird related vulnerabilities have been patched for Ubuntu.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 14974 | | Related CVE(s): | CVE-2006-0292, CVE-2006-0296, CVE-2006-0748, CVE-2006-0749, CVE-2006-0884, CVE-2006-1045, CVE-2006-1727, CVE-2006-1728, CVE-2006-1730, CVE-2006-1731, CVE-2006-1732, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1741, CVE-2006-1742, CVE-2006-1790 | | Last Modified: | May 6 16:36:48 2006 |
| MD5 Checksum: | fa1ab4a3661b03b2d94833facd5d94e8 |
|
| /// File Name: |
dsa-1048-1.txt |
Description:
|
Debian Security Advisory 1048-1 - Several problems have been discovered in Asterisk, an Open Source Private Branch Exchange (telephone control center). Adam Pointon discovered that due to missing input sanitizing it is possible to retrieve recorded phone messages for a different extension. Emmanouel Kellinis discovered an integer signedness error that could trigger a buffer overflow and hence allow the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security | | File Size: | 13287 | | Related CVE(s): | CVE-2005-3559, CVE-2006-1827 | | Last Modified: | May 1 04:35:16 2006 |
| MD5 Checksum: | 76727097288d6e1012caa084e65f4920 |
|
| /// File Name: |
sa20338.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for kernel-source-2.4.17. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain knowledge of sensitive information, cause a DoS (Denial of Service), gain escalated privileges, and by malicious people to cause a DoS, and disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/20338/ | | File Size: | 12832 | | Last Modified: | May 31 17:33:01 2006 |
| MD5 Checksum: | 86e89cce2577a42ced50484d23a142e1 |
|
| /// File Name: |
SUSE-SA-2006-023.txt |
Description:
|
SUSE Security Announcement SUSE-SA-2006-023 - Miscalculation of a buffer size in the X Render extension of the X.Org X11 server could potentially be exploited by users to cause a buffer overflow and run code with elevated privileges.
| | Homepage: | http://www.suse.com | | File Size: | 12752 | | Related CVE(s): | CVE-2006-1526 | | Last Modified: | May 6 16:39:45 2006 |
| MD5 Checksum: | c743b3e72176faf26e5266ed60a8f4c3 |
|
| /// File Name: |
dsa-1079-1.txt |
Description:
|
Debian Security Advisory 1079-1: Several vulnerabilities have been discovered in MySQL, a popular SQL database.
| | Homepage: | http://www.debian.org/security | | File Size: | 12424 | | Last Modified: | May 29 03:39:25 2006 |
| MD5 Checksum: | 2028ffaa54dce17d11ecbe0e99c077fc |
|
| /// File Name: |
dsa-1078-1.txt |
Description:
|
Debian Security Advisory 1078-1: Andrey Kiselev discovered a problem in the TIFF library that may allow an attacker with a specially crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values to crash the library and hence the surrounding application.
| | Homepage: | http://www.debian.org/security | | File Size: | 12327 | | Last Modified: | May 29 03:39:11 2006 |
| MD5 Checksum: | e2d9b4e403405f51b510838c4e72a065 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
