Section: .. / 0701-advisories /
| /// File Name: |
MDKSA-2007-009.txt |
Description:
|
Mandriva Linux Security Advisory - KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10596 | | Related CVE(s): | CVE-2006-6811 | | Last Modified: | Jan 13 18:48:52 2007 |
| MD5 Checksum: | d1b3c2f9ac91203b9ba59ea85e04b482 |
|
| /// File Name: |
MDKSA-2007-008.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in the RPC library in Kerberos 1.4.x and 1.5.x as used in the kadmind administration daemon calls an uninitialized function pointer in freed memory, which could allow a remote attacker to cause a Denial of Service and possibly execute arbitrary code via unspecified vectors.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7431 | | Related CVE(s): | CVE-2006-6143 | | Last Modified: | Jan 13 18:48:08 2007 |
| MD5 Checksum: | 20e4008e739a41c961b16595b8ec66fe |
|
| /// File Name: |
MDKSA-2007-007.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in the NVIDIA Xorg driver was discovered by Derek Abdine who found that it did not correctly verify the size of buffers used to render text glyphs, resulting in a crash of the server when displaying very long strings of text. If a user was tricked into viewing a specially crafted series of glyphs, this flaw could be exploited to run arbitrary code with root privileges.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3072 | | Related CVE(s): | CVE-2006-5379 | | Last Modified: | Jan 13 18:45:14 2007 |
| MD5 Checksum: | 7d26cb114323b4398a01d9a778daebef |
|
| /// File Name: |
glsa-200701-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-04 - An anonymous researcher found evidence of memory corruption in the way SeaMonkey handles certain types of SVG comment DOM nodes. Georgi Guninski and David Bienvenu discovered buffer overflows in the processing of long Content-Type: and long non-ASCII MIME email headers. Additionally, Frederik Reiss discovered a heap-based buffer overflow in the conversion of a CSS cursor. Several other issues with memory corruption were also fixed. SeaMonkey also contains less severe vulnerabilities involving JavaScript and Java. Versions less than 1.0.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4122 | | Last Modified: | Jan 13 18:30:45 2007 |
| MD5 Checksum: | 43908e5da5c2e6a39a34fcf3b48a6236 |
|
| /// File Name: |
MDKSA-2007-006.txt |
Description:
|
Mandriva Linux Security Advisory - Several integer overflows were discovered in the OpenOffice.org WMF file processor. An attacker could create a carefully crafted WMF file that would cause OpenOffice.org to execute arbitrary code when opened.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 21330 | | Related CVE(s): | CVE-2006-5870 | | Last Modified: | Jan 13 18:30:38 2007 |
| MD5 Checksum: | d149d9cdcedfeecc30106ca461c1d2a4 |
|
| /// File Name: |
cisco-sa-20070110-dlsw.txt |
Description:
|
Cisco Security Advisory - A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.
| | Homepage: | http://www.cisco.com/ | | File Size: | 47426 | | Last Modified: | Jan 13 18:29:44 2007 |
| MD5 Checksum: | c7b16fd9119b6894b8b981c09db494b0 |
|
| /// File Name: |
cisco-sa-20070110-jtapi.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Hosted, Cisco IP Contact Center Enterprise, and Cisco IP Contact Center Hosted editions are affected by a vulnerability that may result in the restart of JTapi Gateway process. Until this process restarts, no new connections can be processed. Existing connections will continue to work.
| | Homepage: | http://www.cisco.com/ | | File Size: | 14002 | | Last Modified: | Jan 13 18:29:05 2007 |
| MD5 Checksum: | 7e1ee10e8abb4c318cb3cfa23893781b |
|
| /// File Name: |
OpenPKG-SA-2007.006.txt |
Description:
|
OpenPKG Security Advisory - According to vendor security advisories, two security issues exist in the Kerberos network authentication system implementation MIT Kerberos. First, the RPC library could call an uninitialized function pointer, which created a security vulnerability for kadmind(8). Second, the GSS-API "mechglue" layer could fail to initialize some output pointers, causing callers to attempt to free uninitialized pointers. This caused another security vulnerability in kadmind(8).
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 3214 | | Related CVE(s): | CVE-2006-6143, CVE-2006-6144 | | Last Modified: | Jan 13 18:28:16 2007 |
| MD5 Checksum: | 3a75c439922141b24caa9ca32a52438c |
|
| /// File Name: |
01.09.07-7.txt |
Description:
|
iDefense Security Advisory - Remote exploitation of an input validation vulnerability in Adobe Systems Inc.'s Macromedia ColdFusion MX 7 may allow an attacker to view file contents on the server. The vulnerability specifically exists in that URL encoded filenames will be decoded by the IIS process and then again by the ColdFusion process. By supplying a URL containing a double encoded null byte and an extension handled by ColdFusion, such as '.cfm', it is possible to view the contents of any file which is not interpreted by ColdFusion. iDefense has confirmed this vulnerability exists in Adobe Macromedia ColdFusion MX 7.0.2, with all available fixes, running on Microsoft IIS vulnerable.
| | Author: | Inge Henriksen | | Homepage: | http://www.idefense.com/ | | File Size: | 3388 | | Related CVE(s): | CVE-2006-5858 | | Last Modified: | Jan 13 18:25:20 2007 |
| MD5 Checksum: | fc089d0555031a2014f12186d0d2c577 |
|
| /// File Name: |
TA07-009B.txt |
Description:
|
Technical Cyber Security Alert - The MIT Kerberos administration daemon contains two vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4050 | | Last Modified: | Jan 13 18:21:07 2007 |
| MD5 Checksum: | fa3a69c24bdb412856f954e599c156ce |
|
| /// File Name: |
TA07-009A.txt |
Description:
|
Technical Cyber Security Alert - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Outlook, and Excel. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4157 | | Last Modified: | Jan 13 18:17:33 2007 |
| MD5 Checksum: | 80a44df90c7f0dae8971e98d4d49358c |
|
| /// File Name: |
USN-404-1.txt |
Description:
|
Ubuntu Security Notice 404-1 - Laurent Butti, Jerome Razniewski, and Julien Tinnes discovered that the MadWifi wireless driver did not correctly check packet contents when receiving scan replies. A remote attacker could send a specially crafted packet and execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 10637 | | Related CVE(s): | CVE-2006-6332 | | Last Modified: | Jan 13 18:16:48 2007 |
| MD5 Checksum: | a683bf299b92824f24c8165e6899dd2a |
|
| /// File Name: |
01.09.07-6.txt |
Description:
|
iDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcDbeSwapBuffers" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the DBE extension. Insufficient input validation exists when allocating memory for data structures. By sending a specially crafted X protocol request to the DBE extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3801 | | Related CVE(s): | CVE-2006-6103 | | Last Modified: | Jan 13 18:16:02 2007 |
| MD5 Checksum: | f15f19e7ca3481033d4ad4f50c3ef6ce |
|
| /// File Name: |
01.09.07-5.txt |
Description:
|
iDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcDbeGetVisualInfo" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the DBE extension. Insufficient input validation exists when allocating memory for data structures. By sending a specially crafted X protocol request to the DBE extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3805 | | Related CVE(s): | CVE-2006-6102 | | Last Modified: | Jan 13 18:15:13 2007 |
| MD5 Checksum: | 70e776227a788fae7556c58ef15b513c |
|
| /// File Name: |
01.09.07-4.txt |
Description:
|
iDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcRenderAddGlyphs" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the Render extension. Insufficient input validation exists when allocating memory for glyph management data structures. By sending a specially crafted X protocol request to the Render extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3838 | | Related CVE(s): | CVE-2006-6101 | | Last Modified: | Jan 13 18:14:26 2007 |
| MD5 Checksum: | 58f1b377154c664ff20c4e5ac63ae3f5 |
|
| /// File Name: |
01.09.07-3.txt |
Description:
|
iDefense Security Advisory - Remote exploitation of an heap-based buffer overflow vulnerability in Microsoft Corp.'s Excel spreadsheet application format could allow an attacker to execute arbitrary code in the context of the user who started Excel. The vulnerability specifically exists in the handling of the PALETTE record in BIFF8 format spreadsheet files. By supplying a record with too many entries, an exploitable buffer overflow condition can occur. iDefense Labs have confirmed the existence of this vulnerability in Microsoft Excel 2003 with all service packs and security updates. Previous versions of Excel are also likely to be affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 3556 | | Related CVE(s): | CVE-2007-0031 | | Last Modified: | Jan 13 18:13:22 2007 |
| MD5 Checksum: | b697242b10efb9f07727d46a7dc0e0ae |
|
| /// File Name: |
01.09.07-2.txt |
Description:
|
iDefense Security Advisory - Remote exploitation of an input validation error in Microsoft Corp.'s Excel spreadsheet application may allow the execution of arbitrary code. The vulnerability specifically exists in the handling of out of range values in the column field in several BIFF8 record types. By supplying an invalid Column field to one of these records, it is possible to cause the system to reference arbitrary memory. This can be exploited to gain control of the application. iDefense has confirmed the existence of this vulnerability in Microsoft Excel 2003 with all available service packs and security patches. Previous versions of Excel are also likely to be affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 3592 | | Related CVE(s): | CVE-2007-0030 | | Last Modified: | Jan 13 18:12:43 2007 |
| MD5 Checksum: | c945d2c67565f2f00021d2ba7a2fb23b |
|
| /// File Name: |
01.09.07-1.txt |
Description:
|
iDefense Security Advisory - Remote exploitation of an integer overflow vulnerability in the Vector Markup Language (VML) support in multiple Microsoft products allows attackers to execute arbitrary code within the context of the user running the vulnerable application. This vulnerability exists due to insufficient input validation within vgx.dll. Two integer properties are multiplied together and no overflow check is performed. This could allow an attacker to force a memory allocation of a smaller amount of memory than is required. When copying user supplied data into the newly allocated memory, it is possible to overwrite a function pointer stored on the heap, which leads to the execution of arbitrary code. iDefense testing shows that Internet Explorer 6.0 bundled with Windows XP SP2 with all available security patches is vulnerable. Other versions of Internet Explorer, including those with all security updates applied, are also vulnerable. Older versions of Internet Explorer may also vulnerable.
| | Author: | Joseph Moti | | Homepage: | http://www.idefense.com/ | | File Size: | 6051 | | Related CVE(s): | CVE-2007-0024 | | Last Modified: | Jan 13 18:11:44 2007 |
| MD5 Checksum: | f543d3cdd73135d2005868db2ff261af |
|
| /// File Name: |
MITKRB5-SA-2006-003.txt |
Description:
|
MIT krb5 Security Advisory 2006-003 - The Kerberos administration daemon, "kadmind", can free uninitialized pointers, possibly leading to arbitrary code execution. This vulnerability results from memory management bugs in the "mechglue" abstraction interface of the GSS-API implementation. Third-party applications written using the GSS-API may also be vulnerable.
| | Homepage: | http://web.mit.edu/ | | File Size: | 4518 | | Related CVE(s): | CVE-2006-6144 | | Last Modified: | Jan 13 18:09:55 2007 |
| MD5 Checksum: | a9a6339525bc0ebd575b5d8162b8a693 |
|
| /// File Name: |
MITKRB5-SA-2006-002.txt |
Description:
|
MIT krb5 Security Advisory 2006-002 - The Kerberos administration daemon, "kadmind", can execute arbitrary code by calling through a function pointer located in freed memory. This vulnerability results from bugs in the server-side portion of the RPC library. Third-party server applications written using the RPC library provided with MIT krb5 may also be vulnerable.
| | Homepage: | http://web.mit.edu/ | | File Size: | 6594 | | Related CVE(s): | CVE-2006-6143 | | Last Modified: | Jan 13 18:09:08 2007 |
| MD5 Checksum: | 1867d707069ae4cb9ef850803d38994e |
|
| /// File Name: |
USN-403-1.txt |
Description:
|
Ubuntu Security Notice 403-1 - The DBE and Render extensions in X.org were vulnerable to integer overflows, which could lead to memory overwrites. An authenticated user could make a specially crafted request and execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 50575 | | Related CVE(s): | CVE-2006-6101, CVE-2006-6102, CVE-2006-6103 | | Last Modified: | Jan 13 17:59:42 2007 |
| MD5 Checksum: | 75a16c7c2e6cc43b4a0a0dc695bfb2e2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
