Section: .. / 0706-advisories /
| /// File Name: |
advisory-2007-06-29.txt |
Description:
|
Google suffers from re-authentication a bypass vulnerability with the SID and LSID cookies.
| | Author: | Susam Pal | | Homepage: | http://susam.in/ | | File Size: | 4099 | | Last Modified: | Jun 29 01:41:06 2007 |
| MD5 Checksum: | 459a086c430c1baab2876351e11bca5f |
|
| /// File Name: |
dsa-1324-1.txt |
Description:
|
Debian Security Advisory 1324-1 - Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written in Ruby, which could allow a remote attacker to delete arbitrary files which are writable to the Hiki user, via a specially crafted session parameter.
| | Homepage: | http://www.debian.org/security | | File Size: | 2861 | | Related CVE(s): | CVE-2007-2836 | | Last Modified: | Jun 29 01:37:55 2007 |
| MD5 Checksum: | 26452761f9201daaca406d4d078f4dc5 |
|
| /// File Name: |
dsa-1323-1.txt |
Description:
|
Debian Security Advisory 1323-1 - Several remote vulnerabilities have been discovered in the MIT reference implementation of the Kerberos network authentication protocol suite, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 34760 | | Related CVE(s): | CVE-2007-2442, CVE-2007-2443, CVE-2007-2798 | | Last Modified: | Jun 29 01:37:00 2007 |
| MD5 Checksum: | 9675f44fcc9ff2e27cb29ebe574700e6 |
|
| /// File Name: |
SSRT071429.txt |
Description:
|
HP Security Bulletin - Potential vulnerabilities have been reported on the PHP Hypertext Processing Engine provided with the Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) and HP Internet Express for Tru64 UNIX (IX). The vulnerabilities could be exploited by remote users to execute arbitrary code, read arbitrary files, or cause a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 6815 | | Related CVE(s): | CVE-2006-4625, CVE-2007-0988, CVE-2007-1286, CVE-2007-1380, CVE-2007-1700, CVE-2007-1701, CVE-2007-1710, CVE-2007-1835, CVE-2007-1884, CVE-2007-1885, CVE-2007-1886 | | Last Modified: | Jun 29 01:36:18 2007 |
| MD5 Checksum: | d579f8c240229015508d34de93d4860b |
|
| /// File Name: |
secunia-kvirc.txt |
Description:
|
Secunia Research has discovered a vulnerability in KVIrc, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the "parseIrcUrl()" function in src/kvirc/kernel/kvi_ircurl.cpp not properly sanitizing parts of the URI when building the command for KVIrc's internal script system. KVIrc version 3.2.0 is affected.
| | Author: | Stefan Cornelius | | Homepage: | http://secunia.com/ | | File Size: | 4798 | | Related CVE(s): | CVE-2007-2951 | | Last Modified: | Jun 29 01:34:09 2007 |
| MD5 Checksum: | eca95b670072284214a381b3ab8bddcc |
|
| /// File Name: |
secunia-symantecsmtp.txt |
Description:
|
Secunia Research has discovered boundary errors in the detection of executable packers in libdayzero.dll as loaded by the Filter Hub (filter-hub.exe) of Symantec Mail Security for SMTP. The errors can be exploited to cause unhandled memory access violations causing the filter hub service to crash. Symantec Mail Security for SMTP 5.0 patch 176 is affected. Other versions may also be affected.
| | Author: | Dyon Balding | | Homepage: | http://secunia.com/ | | File Size: | 4823 | | Related CVE(s): | CVE-2007-1792 | | Last Modified: | Jun 29 01:32:34 2007 |
| MD5 Checksum: | 02195070799671305de88ef8d97b76ac |
|
| /// File Name: |
pcsoft-overflow.txt |
Description:
|
The .wdp project file handling in PCSoft WinDEV suffers from a buffer overflow vulnerability.
| | Author: | Jerome Athias | | Homepage: | http://www.JA-PSI.fr/ | | File Size: | 1462 | | Last Modified: | Jun 29 01:20:20 2007 |
| MD5 Checksum: | 03e2b0381750550784d286d7af738550 |
|
| /// File Name: |
icf-xss.txt |
Description:
|
The Internet Communication Framework from SAP suffers from a cross site scripting vulnerability. SAP Basis component versions 640 SP19 and below and SAP Basis component versions 700 SP11 and below are vulnerable.
| | Author: | Cyrill Brunschwiler | | Homepage: | http://www.csnc.ch/ | | File Size: | 2276 | | Last Modified: | Jun 29 01:05:04 2007 |
| MD5 Checksum: | b99a70ec87a15421b7c3258a9006d935 |
|
| /// File Name: |
USN-478-1.txt |
Description:
|
Ubuntu Security Notice 478-1 - Sean Larsson discovered that libexif did not correctly verify the size of EXIF components. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7044 | | Related CVE(s): | CVE-2006-4168 | | Last Modified: | Jun 29 00:42:44 2007 |
| MD5 Checksum: | b56772df3eb4fa4f7ae9133ddcf880f3 |
|
| /// File Name: |
USN-477-1.txt |
Description:
|
Ubuntu Security Notice 477-1 - Wei Wang discovered that the krb5 RPC library did not correctly handle certain error conditions. A remote attacker could cause kadmind to free an uninitialized pointer, leading to a denial of service or possibly execution of arbitrary code with root privileges. Wei Wang discovered that the krb5 RPC library did not correctly check the size of certain communications. A remote attacker could send a specially crafted request to kadmind and execute arbitrary code with root privileges. It was discovered that the kadmind service could be made to overflow its stack. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 23997 | | Related CVE(s): | CVE-2007-2442, CVE-2007-2443, CVE-2007-2798 | | Last Modified: | Jun 29 00:41:40 2007 |
| MD5 Checksum: | 688105ec1e7c951d3c3189647680931f |
|
| /// File Name: |
MDKSA-2007-136.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in Evolution/evolution-data-server was found in how Evolution would process certain IMAP server messages. If a user were tricked into connecting to a malicious IMAP server, it was possible that arbitrary code could be executed with the privileges of the user using Evolution.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7916 | | Related CVE(s): | CVE-2007-3257 | | Last Modified: | Jun 29 00:32:08 2007 |
| MD5 Checksum: | 1e60143c69565aa376ab66084cf21edb |
|
| /// File Name: |
glsa-200706-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-09 - iDefense Labs have discovered that the exif_data_load_data_entry() function in libexif/exif-data.c improperly handles integer data while working with an image with many EXIF components, allowing an integer overflow possibly leading to a heap-based buffer overflow. Versions less than 0.6.16 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2768 | | Related CVE(s): | CVE-2006-4168 | | Last Modified: | Jun 29 00:31:23 2007 |
| MD5 Checksum: | 25f011fc6cb7b0c4fa78bdcef1a05486 |
|
| /// File Name: |
TA07-177A.txt |
Description:
|
Technical Cyber Security Alert TA07-177A - The MIT Kerberos 5 implementation contains several vulnerabilities. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4551 | | Last Modified: | Jun 29 00:30:07 2007 |
| MD5 Checksum: | ca9fd5b0f8f4670723d93824b634d7f2 |
|
| /// File Name: |
06.26.07-1.txt |
Description:
|
iDefense Security Advisory 06.26.07 - Remote exploitation of a buffer overflow vulnerability within MIT Kerberos kadmind allows attackers to execute arbitrary code with the privileges of the running service, usually root. The vulnerability specifically exists within the code responsible for handling requests to rename principals. The rename_principal_2_svc function fails to properly bounds-check user-supplied data before copying it to a fixed-size stack buffer. The vulnerable code is shown below. iDefense confirmed the existence of this vulnerability within MIT Kerberos 1.5-21 as distributed with the Fedora CORE 6 Linux distribution. It has also been confirmed via source code review to exist in version 1.5.3 and version 1.6.1. All other distributions, as well as those for other computing platforms are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4825 | | Related CVE(s): | CVE-2007-2798 | | Last Modified: | Jun 29 00:09:55 2007 |
| MD5 Checksum: | 0a3aed3cee081a68d9792187e97223c2 |
|
| /// File Name: |
CX-2007-04.txt |
Description:
|
Calyptix Security Advisory CX-2007-04 - Multiple versions of Check Point's Safe@Office UTM device are vulnerable to cross-site request forgery. The test firmware was version 7.0.39x, the latest available for the Safe@Office model. Cursory testing shows that prior version 5.0.82x was also vulnerable. Other Check Point products were not tested.
| | Author: | Daniel Weber | | File Size: | 6685 | | Last Modified: | Jun 29 00:06:48 2007 |
| MD5 Checksum: | 38fb53f8516d93dfe55af0364f02691e |
|
| /// File Name: |
MITKRB5-SA-2007-005.txt |
Description:
|
MIT krb5 Security Advisory 2007-005 - The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a stack buffer overflow.
| | Homepage: | http://web.mit.edu/ | | File Size: | 6437 | | Related CVE(s): | CVE-2007-2798 | | Last Modified: | Jun 29 00:04:13 2007 |
| MD5 Checksum: | 3b63b81d16f0b2afba7c8a2f903d53f7 |
|
| /// File Name: |
MDKSA-2007-135.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple cross site scripting vulnerabilities were discovered in pam_login.cgi in webmin prior to version 1.350, which could allow a remote attacker to inject arbitrary web scripts or HTML.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3379 | | Related CVE(s): | CVE-2007-3156 | | Last Modified: | Jun 26 17:46:05 2007 |
| MD5 Checksum: | ca5a4ca83594aaf21023b540f65d8435 |
|
| /// File Name: |
dsa-1320-1.txt |
Description:
|
Debian Security Advisory 1320-1 - Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. It was discovered that the OLE2 parser can be tricked into an infinite loop and memory exhaustion. It was discovered that the NsPack decompression code performed insufficient sanitizing on an internal length variable, resulting in a potential buffer overflow. It was discovered that temporary files were created with insecure permissions, resulting in information disclosure. It was discovered that the decompression code for RAR archives allows bypassing a scan of a RAR archive due to insufficient validity checks. It was discovered that the decompression code for RAR archives performs insufficient validation of header values, resulting in a buffer overflow.
| | Homepage: | http://www.debian.org/security | | File Size: | 29332 | | Related CVE(s): | CVE-2007-2650, CVE-2007-3023, CVE-2007-3024, CVE-2007-3122, CVE-2007-3123 | | Last Modified: | Jun 26 17:45:06 2007 |
| MD5 Checksum: | 27fe60fe32214a09a227280b1444c8ae |
|
| /// File Name: |
dsa-1317.txt |
Description:
|
Debian Security Advisory 1317-1 - duskwave discovered that tinymux, a text-based multi-user virtual world server, performs insufficient boundary checks when working with user-supplied data, which might lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4841 | | Related CVE(s): | CVE-2007-1655 | | Last Modified: | Jun 26 17:41:30 2007 |
| MD5 Checksum: | e2639f7c9260ea07902f3721e4b1483d |
|
| /// File Name: |
USN-476-1.txt |
Description:
|
Ubuntu Security Notice 476-1 - Fabio Massimo Di Nitto discovered that cman did not correctly validate the size of client messages. A local user could send a specially crafted message and execute arbitrary code with cluster manager privileges or crash the manager, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9499 | | Last Modified: | Jun 26 17:37:30 2007 |
| MD5 Checksum: | b53d6f8705555fcf73e5395913d15c4b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
