Section: .. / 0607-advisories /
| /// File Name: |
sa20966.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for shadow. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/20966/ | | File Size: | 7344 | | Last Modified: | Jul 8 05:35:52 2006 |
| MD5 Checksum: | 8d9e586cf636aee9ca46b10c1b574d73 |
|
| /// File Name: |
UFO2000.txt |
Description:
|
The UFO2000 multiplayer turn based game based on the X-COM series suffers from multiple vulnerabilities including possible remote code execution.
| | Author: | aluigi | | Homepage: | http://aluigi.org | | File Size: | 6989 | | Last Modified: | Jul 18 17:26:21 2006 |
| MD5 Checksum: | f1f946de9fac5af5a4672322e4e9835b |
|
| /// File Name: |
USN-308-1.txt |
Description:
|
Ubuntu Security Notice 308-1: Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid() call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6900 | | Last Modified: | Jul 9 07:37:49 2006 |
| MD5 Checksum: | 4af99ea7491c4cacf0261dc435622ab4 |
|
| /// File Name: |
dsa-1124-1.txt |
Description:
|
Debian Security Advisory 1124-1 - Toth Andras discovered that the fbgs framebuffer postscript/PDF viewer contains a typo, which prevents the intended filter against malicious postscript commands from working correctly. This might lead to the deletion of user data when displaying a postscript file.
| | Homepage: | http://www.debian.org/security | | File Size: | 6676 | | Related CVE(s): | CVE-2006-3119 | | Last Modified: | Jul 26 03:58:51 2006 |
| MD5 Checksum: | 66ff21c247496d1a4f467fee67480976 |
|
| /// File Name: |
SSRT061154.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with the HP Tru64 UNIX operating system running NIS ypserv. The vulnerability could be remotely exploited to cause a Denial of Service (DoS).
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 6593 | | Last Modified: | Jul 20 05:50:50 2006 |
| MD5 Checksum: | 55b89fd2b216884a7257514ce216de6f |
|
| /// File Name: |
TA06-200A.txt |
Description:
|
Technical Cyber Security Alert TA06-200A - Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
| | Homepage: | http://www.cert.org | | File Size: | 6489 | | Last Modified: | Jul 23 23:32:01 2006 |
| MD5 Checksum: | dd25053db609c1812b9a640189bf9171 |
|
| /// File Name: |
MDKSA-2006-121.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-121 - A stack-based buffer overflow in MiMMS version 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. Xine-lib contains an embedded copy of the same vulnerable code.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6437 | | Related CVE(s): | CVE-2006-2200 | | Last Modified: | Jul 13 18:50:55 2006 |
| MD5 Checksum: | fa5fe31d296a7106e167cd091deef18d |
|
| /// File Name: |
EEYE-ePolicy.txt |
Description:
|
eEye Digital Security has discovered a serious flaw within the Framework Service component of the McAfee EPO management console. The Framework service is enabled and running by default on all servers and agents. The framework service listens by default on port 8081 and accepts requests over the HTTP protocol. The framework service allows for remotely submitting configuration and update changes. Each request is encrypted, SHA-1 hashed and DSA signed, and written to a file on disk. Due to a directory traversal attack, it is possible to write any file with any contents to anywhere on the remote system. This flaw allows a remote attacker to anonymously compromise an affected system and execute code within the SYSTEM context. Systems affected are McAfee Common Management (EPO) Agent versions below version 3.5.5.438.
| | Author: | Barnaby Jack, Derek Soeder | | Homepage: | http://www.eeye.com | | File Size: | 6312 | | Last Modified: | Jul 15 04:48:00 2006 |
| MD5 Checksum: | d601cca62a4d30e9a464a4829ca235f6 |
|
| /// File Name: |
sa19873.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.
| | Homepage: | http://secunia.com/advisories/19873/ | | File Size: | 6274 | | Last Modified: | Jul 27 21:04:26 2006 |
| MD5 Checksum: | 6d5b79cf995296d71f29bf6267d5a18f |
|
| /// File Name: |
MDKSA-2006-124.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-124 - A race condition in the Linux kernel 2.6.17.4 and earlier allows local users to obtain root privileges due to a race condition in the /proc filesystem.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6079 | | Related CVE(s): | CVE-2006-3626 | | Last Modified: | Jul 20 05:31:18 2006 |
| MD5 Checksum: | b2a39de611a317bf2b9e6a64320ea63d |
|
| /// File Name: |
sa20967.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for ppp. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/20967/ | | File Size: | 5831 | | Last Modified: | Jul 8 05:35:52 2006 |
| MD5 Checksum: | d66b873daf002e4c39bfdcb8cc49db3d |
|
| /// File Name: |
SSRT051057-2.txt |
Description:
|
HPSBUX02120 SSRT051057 rev.2 - HP-UX Local Denial of Service (DoS): A potential security vulnerability has been identified in the HP-UX kernel. The potential vulnerability could be exploited by a local authorized user to create a Denial of Service (DoS).
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 5809 | | Last Modified: | Jul 14 20:08:54 2006 |
| MD5 Checksum: | c7d8087372c25ad959ba5d23a4292106 |
|
| /// File Name: |
sa20983.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/20983/ | | File Size: | 5775 | | Last Modified: | Jul 12 03:20:23 2006 |
| MD5 Checksum: | 1345ee870834c60e51a2abedc7a3b3e9 |
|
| /// File Name: |
sa21012.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21012/ | | File Size: | 5586 | | Last Modified: | Jul 12 03:20:23 2006 |
| MD5 Checksum: | 89096cf97d3d3ceb46651a9132411860 |
|
| /// File Name: |
USN-310-1.txt |
Description:
|
Ubuntu Security Notice 310-1: Marcus Meissner discovered that the winbind plugin of pppd does not check the result of the setuid() call. On systems that configure PAM limits for the maximum number of user processes and enable the winbind plugin, a local attacker could exploit this to execute the winbind NTLM authentication helper as root. Depending on the local winbind configuration, this could potentially lead to privilege escalation.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5538 | | Related CVE(s): | CVE-2006-2194 | | Last Modified: | Jul 9 07:39:16 2006 |
| MD5 Checksum: | ff48acb46e59a8b15cef35ff23e150f3 |
|
| /// File Name: |
hc-bugs.txt |
Description:
|
Hosting Controller version 6.1 Hotfix (versions 3.2 and below) suffer from flaws that allow an attacker the ability to gain reseller privileges and administrative privileges.
| | Author: | Soroush Dalili | | File Size: | 5452 | | Last Modified: | Jul 9 08:42:14 2006 |
| MD5 Checksum: | 211368bf13f6d3ee51d523e2203c598c |
|
| /// File Name: |
freecivDoS.txt |
Description:
|
Freeciv versions 2.1.0-beta1 and below and versions SVN 15 and below suffer from memcpy crash and invalid memory access flaws.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org | | File Size: | 5428 | | Last Modified: | Jul 26 03:12:15 2006 |
| MD5 Checksum: | 94548b3be00fabd55a14c9b339ce3e08 |
|
| /// File Name: |
dsa-1106-1.txt |
Description:
|
Debian Security Advisory 1106-1 - Marcus Meissner discovered that the winbind plugin in pppd does not check whether a setuid() call has been successful when trying to drop privileges, which may fail with some PAM configurations.
| | Homepage: | http://www.debian.org/security | | File Size: | 5182 | | Related CVE(s): | CVE-2006-2194 | | Last Modified: | Jul 12 04:25:51 2006 |
| MD5 Checksum: | 46ef060ac2e80a4229250e36a49bd56b |
|
| /// File Name: |
SYMSA-2006-008.txt |
Description:
|
Symantec Vulnerability Research Security Advisory SYMSA-2006-008 - Password Safe versions 2.11, 2.16, and 3.0BETA1 are susceptible to a flaw where the Lock Password Database Configuration functionality may not be enforced.
| | Author: | J.R. Wikes | | Homepage: | http://www.symantec.com/research | | File Size: | 5163 | | Related CVE(s): | CVE-2006-3675 | | Last Modified: | Jul 26 02:57:24 2006 |
| MD5 Checksum: | c688e197a51c55a796ba912362293926 |
|
| /// File Name: |
sa21111.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in various Oracle products. Some have an unknown impact and others can be exploited to conduct SQL injection attacks or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21111/ | | File Size: | 5124 | | Last Modified: | Jul 20 03:49:23 2006 |
| MD5 Checksum: | 9fc566c1fa276a5fa5de22df53bd0de4 |
|
| /// File Name: |
secunia-Visnetic2.txt |
Description:
|
Secunia Research has discovered two vulnerabilities in Visnetic Mail Server, which can be exploited by malicious users and by malicious people to disclose potentially sensitive information and to compromise a vulnerable system. Visnetic Mail Server version 8.3.5 is affected.
| | Author: | Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 5107 | | Related CVE(s): | CVE-2006-0817, CVE-2006-0818 | | Last Modified: | Jul 20 04:20:46 2006 |
| MD5 Checksum: | a137661fb0be3c66a330d6b15bff1c40 |
|
| /// File Name: |
secunia-IceWarp2.txt |
Description:
|
Secunia Research has discovered two vulnerabilities in IceWarp Web Mail, which can be exploited by malicious users and by malicious people to disclose potentially sensitive information and compromise a vulnerable system. Merak Mail Server version 8.3.8.r with IceWarp Web Mail 5.6.0 is affected.
| | Author: | Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 5055 | | Related CVE(s): | CVE-2006-0817, CVE-2006-0818 | | Last Modified: | Jul 20 04:22:24 2006 |
| MD5 Checksum: | 39bc9f41181dc657e3ae19ead7fc1ff6 |
|
| /// File Name: |
dsa-1108-1.txt |
Description:
|
Debian Security Advisory 1108-1 - It was discovered that the mutt mail reader performs insufficient validation of values returned from an IMAP server, which might overflow a buffer and potentially lead to the injection of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 5027 | | Related CVE(s): | CVE-2006-3242 | | Last Modified: | Jul 12 05:04:10 2006 |
| MD5 Checksum: | 432b6aeb548ac361aff1f6329c176081 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
