Section: .. / 0704-advisories /
| /// File Name: |
MDKSA-2007-076.txt |
Description:
|
Mandriva Linux Security Advisory - A bug was discovered in KJS where UTF8 decoding did not reject overlong sequences. This vulnerability is similar to that discovered by Andreas Nolden in QT3 and QT4, but at this current time there is no known exploit for this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5056 | | Related CVE(s): | CVE-2007-0242 | | Last Modified: | Apr 5 04:06:52 2007 |
| MD5 Checksum: | efa29c977c0aaffa8d5ed0ec28984068 |
|
| /// File Name: |
MDKSA-2007-077-1.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4627 | | Related CVE(s): | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216 | | Last Modified: | Apr 11 06:51:27 2007 |
| MD5 Checksum: | c14f21429b7ee650b576ef36751fb480 |
|
| /// File Name: |
MDKSA-2007-077.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10113 | | Related CVE(s): | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216 | | Last Modified: | Apr 5 08:43:17 2007 |
| MD5 Checksum: | 1a9263cf88baf98da32dc273dc1ec498 |
|
| /// File Name: |
MDKSA-2007-079.txt |
Description:
|
Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. Multiple integer overflows in the XGetPixel function in ImUtil.c in x.org libx11 before 1.0.3, and XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or information leak via crafted images with large or negative values that trigger a buffer overflow.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 16074 | | Related CVE(s): | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667 | | Last Modified: | Apr 5 08:46:54 2007 |
| MD5 Checksum: | c0ef81e3cf770b6f9cac79ac2e3d346d |
|
| /// File Name: |
MDKSA-2007-080-1.txt |
Description:
|
Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4174 | | Related CVE(s): | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352 | | Last Modified: | Apr 11 06:58:06 2007 |
| MD5 Checksum: | 3857c812f92656bf7d1e2fc62b46d023 |
|
| /// File Name: |
MDKSA-2007-080.txt |
Description:
|
Mandriva Linux Security Advisory - Local exploitation of a memory corruption vulnerability in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability exists in the ProcXCMiscGetXIDList() function in the XC-MISC extension. This request is used to determine what resource IDs are available for use. This function contains two vulnerabilities, both result in memory corruption of either the stack or heap. The ALLOCATE_LOCAL() macro used by this function allocates memory on the stack using alloca() on systems where alloca() is present, or using the heap otherwise. The handler function takes a user provided value, multiplies it, and then passes it to the above macro. This results in both an integer overflow vulnerability, and an alloca() stack pointer shifting vulnerability. Both can be exploited to execute arbitrary code. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. TightVNC uses some of the same code base as Xorg, and has the same vulnerable code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5747 | | Related CVE(s): | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352 | | Last Modified: | Apr 5 08:50:16 2007 |
| MD5 Checksum: | 2775d1c7d38b12d00a747a06eff5bac1 |
|
| /// File Name: |
MDKSA-2007-081-1.txt |
Description:
|
Mandriva Linux Security Advisory - iDefense integer overflows in the way freetype handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2808 | | Related CVE(s): | CVE-2007-1351 | | Last Modified: | Apr 11 06:53:11 2007 |
| MD5 Checksum: | 4a4a4eb94fddd4e351b22983a9bf3adf |
|
| /// File Name: |
MDKSA-2007-081.txt |
Description:
|
Mandriva Linux Security Advisory - iDefense integer overflows in the way freetype handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5534 | | Related CVE(s): | CVE-2007-1351 | | Last Modified: | Apr 5 08:50:57 2007 |
| MD5 Checksum: | 5620120632d5fa54b877ee1ab05c378f |
|
| /// File Name: |
MDKSA-2007-082.txt |
Description:
|
Mandriva Linux Security Advisory - The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission. MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to packets coming from a malicious WinXP system. MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame. ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change. ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5529 | | Related CVE(s): | CVE-2006-7180, CVE-2006-7179, CVE-2006-7178, CVE-2006-7177, CVE-2005-4835 | | Last Modified: | Apr 13 00:01:09 2007 |
| MD5 Checksum: | d5e7bd2739729620e8387df565fe1697 |
|
| /// File Name: |
MDKSA-2007-083.txt |
Description:
|
Mandriva Linux Security Advisory - PerlRun.pm in Apache mod_perl 1.30 and earlier, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6386 | | Related CVE(s): | CVE-2007-1349 | | Last Modified: | Apr 13 00:01:51 2007 |
| MD5 Checksum: | 398aa9b0fd25844eb81ae810895b7b13 |
|
| /// File Name: |
MDKSA-2007-084.txt |
Description:
|
Mandriva Linux Security Advisory - The ipsec-tools package prior to version 0.6.7 allows remote attackers to cause a Denial of Service (tunnel crash) via crafted DELTE and NOTIFY messages.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4732 | | Related CVE(s): | CVE-2007-1841 | | Last Modified: | Apr 17 19:08:22 2007 |
| MD5 Checksum: | 50244c14b7e61065a25cf150c68bee6c |
|
| /// File Name: |
MDKSA-2007-085.txt |
Description:
|
Mandriva Linux Security Advisory - A memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of EAP-TTLS tunnel connections using malformed Diameter format attributes, which causes the authentication request to be rejected but does not reclaim VALUE_PAIR data structures.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7632 | | Related CVE(s): | CVE-2007-2028 | | Last Modified: | Apr 17 19:08:57 2007 |
| MD5 Checksum: | ca5b8b1d8286850c8478cdfa66b19dda |
|
| /// File Name: |
MDKSA-2007-086.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw was discovered in how CUPS handled SSL negotiation that could allow a remote attacker capable of connecting to the CUPS daemon to cause a DoS to other CUPS users.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5779 | | Related CVE(s): | CVE-2007-0720 | | Last Modified: | Apr 17 19:09:50 2007 |
| MD5 Checksum: | eacc9aaf506e8f243a6cf84adeb1cbe7 |
|
| /// File Name: |
MDKSA-2007-091.txt |
Description:
|
Mandriva Linux Security Advisory - A buffer overflow in sqlite could allow context-dependent attackers to execute arbitrary code via an empty value of the 'in' parameter.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5973 | | Related CVE(s): | CVE-2007-1888 | | Last Modified: | Apr 21 00:03:27 2007 |
| MD5 Checksum: | aee3556192c8419e0b8a7501dda1510b |
|
| /// File Name: |
MDKSA-2007-092.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple buffer overflows were found in the FreeRADIUS package version 1.0.4 and prior that could allow a remote attacker to cause a crash via the rlm_sqlcounter module. As well, an SQL injection vulnerability was also found in the rlm_sqlcounter that could allow a remote attacker to execute arbitrary SQL commands via unknown attack vectors.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4154 | | Related CVE(s): | CVE-2005-4746, CVE-2005-4745 | | Last Modified: | Apr 24 09:43:02 2007 |
| MD5 Checksum: | 18fb07741dd139aef29a89fcdc0788d9 |
|
| /// File Name: |
MDKSA-2007-093.txt |
Description:
|
Mandriva Linux Security Advisory - A stack-based buffer overflow in the ZZIPlib library could allow user-assisted remote attackers to cause an application crash (DoS) or execute arbitrary code via a long filename.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2580 | | Related CVE(s): | CVE-2007-1614 | | Last Modified: | Apr 24 09:44:04 2007 |
| MD5 Checksum: | deab07197054db0abcdcc24310a3bb22 |
|
| /// File Name: |
MDKSA-2007-094.txt |
Description:
|
Mandriva Linux Security Advisory - A weakness in previous versions of PostgreSQL was found in the security definer functions in which an authenticated but otherwise unprivileged SQL user could use temporary objects to execute arbitrary code with the privileges of the security-definer function.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15509 | | Related CVE(s): | CVE-2007-2138 | | Last Modified: | May 3 01:50:33 2007 |
| MD5 Checksum: | 9440c19744ef56d999ba572a309cc4ae |
|
| /// File Name: |
MITKRB5-SA-2007-001.txt |
Description:
|
MIT krb5 Security Advisory 2007-001 - The MIT krb5 telnet daemon (telnetd) allows unauthorized login as an arbitrary user, when presented with a specially crafted username. Exploitation of this vulnerability is trivial.
| | Homepage: | http://web.mit.edu/ | | File Size: | 5340 | | Related CVE(s): | CVE-2007-0956 | | Last Modified: | Apr 5 02:07:02 2007 |
| MD5 Checksum: | 97b9ab99466f4830aeeaac2bae9ad4f9 |
|
| /// File Name: |
MITKRB5-SA-2007-002.txt |
Description:
|
MIT krb5 Security Advisory 2007-002 - The library function krb5_klog_syslog() can write past the end of a stack buffer. The Kerberos administration daemon (kadmind) as well as the KDC, are vulnerable. Exploitation of this vulnerability is probably simple. This is a vulnerability in the the kadm5 library, which is used by the KDC and kadmind, and possibly by some third-party applications. It is not a bug in the MIT krb5 protocol libraries or in the Kerberos protocol.
| | Homepage: | http://web.mit.edu/ | | File Size: | 4497 | | Related CVE(s): | CVE-2007-0957 | | Last Modified: | Apr 5 02:08:28 2007 |
| MD5 Checksum: | f37c1abafcf67029c4f7e78b4fee8494 |
|
| /// File Name: |
MITKRB5-SA-2007-003.txt |
Description:
|
MIT krb5 Security Advisory 2007-003 - The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a double-free attack in the RPCSEC_GSS authentication flavor of the RPC library, which itself results from a bug in the GSS-API library. Under some error conditions, the krb5 GSS-API mechanism can free a buffer which an application may then free again. This may result in arbitrary code execution. Third-party applications using the GSS-API library provided with MIT krb5 may also be vulnerable. Exploitation of double-free bugs is believed to be difficult. This is a bug in the GSS-API library included with MIT krb5, which is used by kadmind and by some third-party applications. It is not a bug in the Kerberos protocol.
| | Homepage: | http://web.mit.edu/ | | File Size: | 5528 | | Related CVE(s): | CVE-2007-1216 | | Last Modified: | Apr 5 02:09:38 2007 |
| MD5 Checksum: | e13181a17d363e4d308695a65e436cfe |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
