Section: .. / 0706-advisories /
| /// File Name: |
firefox-traverse.txt |
Description:
|
The directory traversal fix in Firefox version 2.0.0.4 only partially fixed the flaw and accidentally circumvents an existing input validation check.
| | Author: | Thor Larholm | | File Size: | 606 | | Last Modified: | Jun 7 01:02:29 2007 |
| MD5 Checksum: | 1cc2a8fe6f6588e18153f536b0ab8b06 |
|
| /// File Name: |
flac123-overflow.txt |
Description:
|
flac123 version 0.0.9, also known as flac-tools, is vulnerable to a buffer overflow in vorbis comment parsing. This allows for the execution of arbitrary code.
| | Author: | David Thiel | | Homepage: | http://www.isecpartners.com/ | | File Size: | 1480 | | Last Modified: | Jun 29 22:44:05 2007 |
| MD5 Checksum: | 3f267591db23c699112102a030ecc7b4 |
|
| /// File Name: |
fusetalk-sql.txt |
Description:
|
FuseTalk version 2.0 suffers from a SQL injection vulnerability.
| | Author: | Charles H. Kim | | File Size: | 3715 | | Last Modified: | Jun 20 00:27:18 2007 |
| MD5 Checksum: | 4e99df24fc4578088e34bba914c63324 |
|
| /// File Name: |
gdbupx-overflow.txt |
Description:
|
GDB versions 6.6 and above suffer from a buffer overflow vulnerability.
| | Author: | Lau KaiJern | | File Size: | 7051 | | Last Modified: | Jun 6 19:40:10 2007 |
| MD5 Checksum: | b0b22857d7bc8add8eadabcae4ce770c |
|
| /// File Name: |
GdiPlus.pdf |
Description:
|
The CSIS Security Group has discovered an "Integer division by zero" flaw in the GDI+ component of Windows XP. Exploitation of this flaw can result in a denial of service condition.
| | Author: | Dennis Rand | | Homepage: | http://www.csis.dk/ | | File Size: | 130523 | | Last Modified: | Jun 7 02:54:59 2007 |
| MD5 Checksum: | 1e1a69cf8e1d200e9b8cae5681f23af8 |
|
| /// File Name: |
glsa-200706-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-01 - Victor Stinner reported an integer overflow in the exif_data_load_data_entry() function from file exif-data.c while handling Exif data. Versions less than 0.6.15 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2774 | | Related CVE(s): | CVE-2007-2645 | | Last Modified: | Jun 7 01:24:03 2007 |
| MD5 Checksum: | b90109964f6ae8aa646dc77291ea2fd2 |
|
| /// File Name: |
glsa-200706-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-02 - Ulf Harnhammar from Secunia Research has discovered a format string error in the write_html() function in the file calendar/gui/e-cal-component-memo-preview.c. Versions less than 2.8.3-r2 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2575 | | Related CVE(s): | CVE-2007-1002 | | Last Modified: | Jun 7 03:11:27 2007 |
| MD5 Checksum: | df86243b07fc06482e28abe7acfdf474 |
|
| /// File Name: |
glsa-200706-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-03 - Arnaud Giersch discovered that the add_filename_to_string() function in file intl/gettext/loadmsgcat.c uses an untrusted relative path, allowing for a format string attack with a malicious .po file. Versions less than 0.11.2-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2639 | | Related CVE(s): | CVE-2007-2027 | | Last Modified: | Jun 7 03:11:38 2007 |
| MD5 Checksum: | 982cbc5aee208bcdc1b4c154b09bfa41 |
|
| /// File Name: |
glsa-200706-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-04 - Md Sohail Ahmad from AirTight Networks has discovered a division by zero in the ath_beacon_config() function (CVE-2007-2830). The vendor has corrected an input validation error in the ieee80211_ioctl_getwmmparams() and ieee80211_ioctl_getwmmparams() functions(CVE-207-2831), and an input sanitization error when parsing nested 802.3 Ethernet frame lengths (CVE-2007-2829). Versions less than 0.9.3.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3036 | | Related CVE(s): | CVE-2007-2829, CVE-2007-2830, CVE-2007-2831 | | Last Modified: | Jun 12 20:31:03 2007 |
| MD5 Checksum: | 3af3b5a0a95eb9ccb94dcdf88753de7c |
|
| /// File Name: |
glsa-200706-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-06 - Mozilla developers fixed several bugs involving memory corruption through various vectors (CVE-2007-2867, CVE-2007-2868). Additionally, several errors leading to crash, memory exhaustion or CPU consumption were fixed (CVE-2007-1362, CVE-2007-2869). Finally, errors related to the APOP protocol (CVE-2007-1558), XSS prevention (CVE-2007-2870) and spoofing prevention (CVE-2007-2871) were fixed. Versions less than 2.0.0.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 5791 | | Related CVE(s): | CVE-2007-1362, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871 | | Last Modified: | Jun 21 14:33:48 2007 |
| MD5 Checksum: | 5a300a1b7e16245de39560d40541fd2f |
|
| /// File Name: |
glsa-200706-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-07 - Alexios Fakos from n.runs AG has discovered multiple vulnerabilities in PHProjekt, including the execution of arbitrary SQL commands using unknown vectors (CVE-2007-1575), the execution of arbitrary PHP code using an unrestricted file upload (CVE-2007-1639), cross-site request forgeries using different modules (CVE-2007-1638), and a cross-site scripting attack using unknown vectors (CVE-2007-1576). Versions less than 5.2.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3159 | | Related CVE(s): | CVE-2007-1575, CVE-2007-1576, CVE-2007-1638, CVE-2007-1639 | | Last Modified: | Jun 21 14:37:43 2007 |
| MD5 Checksum: | 968e9959aa4eb7d59e528a545d790d4b |
|
| /// File Name: |
glsa-200706-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-09 - iDefense Labs have discovered that the exif_data_load_data_entry() function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an integer overflow possibly leading to a heap-based buffer overflow. Versions less than 0.6.16 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2768 | | Related CVE(s): | CVE-2006-4168 | | Last Modified: | Jun 29 00:31:23 2007 |
| MD5 Checksum: | 25f011fc6cb7b0c4fa78bdcef1a05486 |
|
| /// File Name: |
ibm-ds400.txt |
Description:
|
The IBM Totalstorage ds400 comes with unpassworded root access.
| | Author: | kokanin | | Homepage: | http://www.lort.dk | | File Size: | 2673 | | Last Modified: | Jun 12 21:01:45 2007 |
| MD5 Checksum: | cde2ff111e2bfc41e6e205d930cc416d |
|
| /// File Name: |
icf-xss.txt |
Description:
|
The Internet Communication Framework from SAP suffers from a cross site scripting vulnerability. SAP Basis component versions 640 SP19 and below and SAP Basis component versions 700 SP11 and below are vulnerable.
| | Author: | Cyrill Brunschwiler | | Homepage: | http://www.csnc.ch/ | | File Size: | 2276 | | Last Modified: | Jun 29 01:05:04 2007 |
| MD5 Checksum: | b99a70ec87a15421b7c3258a9006d935 |
|
| /// File Name: |
kaspersky-is6.txt |
Description:
|
Kaspersky Internet Security 6 hooks many functions in SSDT and in at least nine cases it fails to validate arguments that come from the user mode.
| | Homepage: | http://www.matousec.com/ | | Related Exploit: | BTP00000P006KA.zip | | File Size: | 1433 | | Last Modified: | Jun 15 14:45:25 2007 |
| MD5 Checksum: | 7c65a8678ae988278cfbb4e964b3c93d |
|
| /// File Name: |
maradns-dos.txt |
Description:
|
MaraDNS versions 1.2.12.05-stable and below and 1.3.04-testing and below suffer from a denial of service condition.
| | Author: | Joao Antunes | | File Size: | 1309 | | Last Modified: | Jun 20 00:58:34 2007 |
| MD5 Checksum: | 43b9ef6d73586725777de4d3463a7a3a |
|
| /// File Name: |
MDKSA-2007-110.txt |
Description:
|
Mandriva Linux Security Advisory - A security hole was discovered in all versions of the PEAR Installer (http://pear.php.net/PEAR). The security hole is the most serious hole found to date in the PEAR Installer, and would allow a malicious package to install files anywhere in the filesystem. The vulnerability only affects users who are installing an intentionally created package with a malicious intent. Because the package is easily traced to its source, this is most likely to happen if a hacker were to compromise a PEAR channel server and alter a package to install a backdoor. In other words, it must be combined with other exploits to be a problem.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4061 | | Related CVE(s): | CVE-2007-2519 | | Last Modified: | Jun 7 01:04:11 2007 |
| MD5 Checksum: | f6ecbce3634caf15e62dd8912f2a1b76 |
|
| /// File Name: |
MDKSA-2007-111.txt |
Description:
|
Mandriva Linux Security Advisory - login in util-linux-2.12a (and later versions) skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5545 | | Related CVE(s): | CVE-2006-7108 | | Last Modified: | Jun 7 01:05:10 2007 |
| MD5 Checksum: | 1525838457cd13c0565a4cdee3d87c97 |
|
| /// File Name: |
MDKSA-2007-112.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5193 | | Related CVE(s): | CVE-2006-6172 | | Last Modified: | Jun 7 01:06:18 2007 |
| MD5 Checksum: | 031625c37cb4542b1e4d1782a2c52e11 |
|
| /// File Name: |
MDKSA-2007-113.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in the way mutt processed certain APOP authentication requests was discovered. By sending certain responses when mutt attempted to authenticate again an APOP server, a remote attacker could possibly obtain certain portions of the user's authentication credentials. A flaw in how mutt handled certain characters in gecos fields could lead to a buffer overflow. A local user able to give themselves a carefully crafted Real Name could potentially execute arbitrary code if a victim used mutt to expand the attacker's alias.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4130 | | Related CVE(s): | CVE-2007-1558, CVE-2007-2683 | | Last Modified: | Jun 7 01:08:58 2007 |
| MD5 Checksum: | 44522efdf33254500a24afe3d7a65841 |
|
| /// File Name: |
MDKSA-2007-114.txt |
Description:
|
Mandriva Linux Security Advisory - The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an attacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file. As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6926 | | Related CVE(s): | CVE-2007-2026, CVE-2007-2799 | | Last Modified: | Jun 7 02:17:51 2007 |
| MD5 Checksum: | 263caaec3eab0679a08a0df193a1ffc7 |
|
| /// File Name: |
MDKSA-2007-115.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in the OLE2 parser in ClamAV was found that could allow a remote attacker to cause a denial of service via resource consumption with a carefully crafted OLE2 file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8097 | | Related CVE(s): | CVE-2007-2650 | | Last Modified: | Jun 7 01:16:25 2007 |
| MD5 Checksum: | b77ed71d32d55b8e04eafb3ba7be4d8b |
|
| /// File Name: |
MDKSA-2007-116.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw how libpng handled malformed images was discovered. An attacker able to create a carefully crafted PNG image could cause an application linked with libpng to crash when the file was manipulated.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5491 | | Related CVE(s): | CVE-2007-2445 | | Last Modified: | Jun 7 02:18:46 2007 |
| MD5 Checksum: | 6ce6e06e41a0642ff41b2db091ad2d4a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
