Section: .. / 0706-advisories /
| /// File Name: |
NDSA20070524.txt |
Description:
|
Nth Dimension Security Advisory (NDSA20070524) - The JFFNMS application has high risk issues with its authentication mechanism. These can lead to SQL injection allowing authentication bypass and Javascript injection. There is also a potential backdoor although this is unlikely to be exploitable. The JFFNMS application has default PHP scripts which can lead to information disclosure as an unauthenticated user.
| | Author: | Tim Brown | | Homepage: | http://www.nth-dimension.org.uk/ | | File Size: | 3665 | | Last Modified: | Jun 10 20:48:10 2007 |
| MD5 Checksum: | 8ba0bfa90bad93ca9fdbd752844bbe86 |
|
| /// File Name: |
dsa-1302-1.txt |
Description:
|
Debian Security Advisory 1302-1 - A problem was discovered with freetype, a FreeTyp2 font engine, which could allow the execution of arbitrary code via an integer overflow in specially crafted TTF files.
| | Homepage: | http://www.debian.org/security | | File Size: | 10432 | | Related CVE(s): | CVE-2007-2754 | | Last Modified: | Jun 10 20:46:12 2007 |
| MD5 Checksum: | 5907cad571cca0c3ac6d607a3b51841a |
|
| /// File Name: |
dsa-1303-1.txt |
Description:
|
Debian Security Advisory 1303-1 - Two problems were discovered with lighttpd, a fast webserver with minimal memory footprint, which could allow denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 14835 | | Related CVE(s): | CVE-2007-1870, CVE-2007-1869 | | Last Modified: | Jun 10 20:45:19 2007 |
| MD5 Checksum: | 53b93cc320f665f7b4307e46d491a35a |
|
| /// File Name: |
dsa-1301-1.txt |
Description:
|
Debian Security Advisory 1301-1 - A buffer overflow has been identified in Gimp's SUNRAS plugin in versions prior to 2.2.15. This bug could allow an attacker to execute arbitrary code on the victim's computer by inducing the victim to open a specially crafted RAS file.
| | Homepage: | http://www.debian.org/security | | File Size: | 26056 | | Related CVE(s): | CVE-2007-2356 | | Last Modified: | Jun 10 20:41:56 2007 |
| MD5 Checksum: | ebc4ab67fa5872eea14ee1c03518dc1e |
|
| /// File Name: |
USN-470-1.txt |
Description:
|
Ubuntu Security Notice 470-1 - Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. The GEODE-AES driver did not correctly initialize its encryption key. Any data encrypted using this type of device would be easily compromised. The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 49897 | | Related CVE(s): | CVE-2007-1353, CVE-2007-2451, CVE-2007-2453 | | Last Modified: | Jun 10 20:30:28 2007 |
| MD5 Checksum: | aa14eca65f912b2d5e65561a17a896a3 |
|
| /// File Name: |
MDKSA-2007-118.txt |
Description:
|
Mandriva Linux Security Advisory - An integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4460 | | Related CVE(s): | CVE-2007-2645 | | Last Modified: | Jun 10 20:29:11 2007 |
| MD5 Checksum: | 9946e9eb91dac34f27fc702ecae84120 |
|
| /// File Name: |
EEYE-Yahoo.txt |
Description:
|
eEye Digital Security has discovered two critical vulnerabilities in ywcupl.dll (version 2.0.1.4) and ywcvwr.dll (version 2.0.1.4) included by default in all releases of Yahoo! Messenger 8.x.
| | Author: | Greg Linares | | Homepage: | http://www.eeye.com/ | | Related Exploit: | ym1.txt | | File Size: | 5124 | | Last Modified: | Jun 10 20:28:35 2007 |
| MD5 Checksum: | 8e62e5ea987627c89d6cf20460ac4e00 |
|
| /// File Name: |
06.07.07-1.txt |
Description:
|
iDefense Security Advisory 06.07.07 - Local exploitation of an information disclosure vulnerability within the Linux Kernel allows attackers to obtain sensitive information from kernel memory. This vulnerability specifically exists in the "cpuset_tasks_read" function. This function is responsible for supplying user-land processes with data when they read from the /dev/cpuset/tasks file. iDefense has confirmed the existence of this vulnerability in version 2.6.20 of the Linux Kernel as installed with Fedora CORE 6. It is suspected that previous versions, at least until 2.6.12, are also vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4221 | | Related CVE(s): | CVE-2007-2875 | | Last Modified: | Jun 10 20:27:07 2007 |
| MD5 Checksum: | a7fd3925366c58795f3b1f852d06c23d |
|
| /// File Name: |
packeteer-dos.txt |
Description:
|
Packeteer PacketShaper is susceptible to a denial of service vulnerability in the web management interface. The vulnerability has been identified in version 7.3.0g2 and 7.5.0g1. However, other versions may be also affected.
| | Author: | nnposter | | File Size: | 947 | | Last Modified: | Jun 10 20:26:10 2007 |
| MD5 Checksum: | d959912d66f443d12c70425d94c41972 |
|
| /// File Name: |
dsa-1299-1.txt |
Description:
|
Debian Security Advisory 1299-1 - It was discovered that a specially-crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 6602 | | Related CVE(s): | CVE-2007-2524 | | Last Modified: | Jun 10 19:44:48 2007 |
| MD5 Checksum: | 20461be8b154bb0cb8ddd3665b286af1 |
|
| /// File Name: |
rus-cert-2007-0601.txt |
Description:
|
The built-in Mini Switch in Alcatel-Lucent's IP-Touch Telephones under OmniPCX Enterprise 7.0 and later allows unauthenticated access to the voice VLAN in IEEE 802.1x-authenticated environments.
| | Author: | Oliver Goebel | | Homepage: | http://CERT.Uni-Stuttgart.DE/ | | File Size: | 9468 | | Related CVE(s): | CVE-2007-2512 | | Last Modified: | Jun 10 19:39:15 2007 |
| MD5 Checksum: | 0e6296f88ddd0c7fc892c59a7eaf8680 |
|
| /// File Name: |
glsa-200706-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-03 - Arnaud Giersch discovered that the add_filename_to_string() function in file intl/gettext/loadmsgcat.c uses an untrusted relative path, allowing for a format string attack with a malicious .po file. Versions less than 0.11.2-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2639 | | Related CVE(s): | CVE-2007-2027 | | Last Modified: | Jun 7 03:11:38 2007 |
| MD5 Checksum: | 982cbc5aee208bcdc1b4c154b09bfa41 |
|
| /// File Name: |
glsa-200706-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-02 - Ulf Harnhammar from Secunia Research has discovered a format string error in the write_html() function in the file calendar/gui/e-cal-component-memo-preview.c. Versions less than 2.8.3-r2 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2575 | | Related CVE(s): | CVE-2007-1002 | | Last Modified: | Jun 7 03:11:27 2007 |
| MD5 Checksum: | df86243b07fc06482e28abe7acfdf474 |
|
| /// File Name: |
denyfailblock-inject.txt |
Description:
|
DenyHosts, Fail2ban, and BlockHosts are vulnerable to remote log injection attacks that can lead to arbitrary injection of IP addresses in /etc/hosts.deny.
| | Author: | Daniel B. Cid | | Homepage: | http://www.ossec.net/ | | File Size: | 1681 | | Last Modified: | Jun 7 03:10:20 2007 |
| MD5 Checksum: | ec319e1024aecc80b1939fa1373da75f |
|
| /// File Name: |
06.05.07-1.txt |
Description:
|
iDefense Security Advisory 06.05.07 - Remote exploitation of multiple denial of service vulnerabilities in Symantec Corp.'s Ghost could allow remote attackers to crash the Ghost service. These vulnerabilities affect both the client and server daemons due to what looks like a shared communications library. The daemons listen on UDP ports 1346, and 1347 respectively. By sending a malformed UDP-based request to either service, an attacker can cause the service to crash due to an invalid memory reference. This condition can be caused by any of several unique requests. In each case, the particular cause for the access violation varies. iDefense confirmed the existence of these vulnerabilities using Symantec Ghost version 8.0.992 (as supplied with Ghost Solution Suite). Other versions may be vulnerable as well.
| | Author: | Pravus | | Homepage: | http://www.idefense.com/ | | File Size: | 3657 | | Last Modified: | Jun 7 03:01:21 2007 |
| MD5 Checksum: | 53a57d6339bb6433560202f42206587e |
|
| /// File Name: |
GdiPlus.pdf |
Description:
|
The CSIS Security Group has discovered an "Integer division by zero" flaw in the GDI+ component of Windows XP. Exploitation of this flaw can result in a denial of service condition.
| | Author: | Dennis Rand | | Homepage: | http://www.csis.dk/ | | File Size: | 130523 | | Last Modified: | Jun 7 02:54:59 2007 |
| MD5 Checksum: | 1e1a69cf8e1d200e9b8cae5681f23af8 |
|
| /// File Name: |
USN-469-1.txt |
Description:
|
Ubuntu Security Notice 469-1 - A weakness in APOP authentication has been discovered in Mozilla Thunderbird. Additionally, various flaws were discovered in the layout and JavaScript engines.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12807 | | Related CVE(s): | CVE-2007-1558, CVE-2007-2867, CVE-2007-2868 | | Last Modified: | Jun 7 02:51:49 2007 |
| MD5 Checksum: | d97fb26233a62fc426b6e154e5488c4c |
|
| /// File Name: |
cacti-dos.txt |
Description:
|
Cacti suffers from a denial of service vulnerability when an authenticated user manipulates some parameters.
| | Author: | Mathieu Dessus | | File Size: | 1641 | | Last Modified: | Jun 7 02:50:09 2007 |
| MD5 Checksum: | 047b66c615530bd2f0e796931840a072 |
|
| /// File Name: |
MDKSA-2007-117.txt |
Description:
|
Mandriva Linux Security Advisory - lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3503 | | Related CVE(s): | CVE-2007-2030 | | Last Modified: | Jun 7 02:42:12 2007 |
| MD5 Checksum: | 5b301778c715d84384ed44f8ff4f76a7 |
|
| /// File Name: |
MDKSA-2007-116.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw how libpng handled malformed images was discovered. An attacker able to create a carefully crafted PNG image could cause an application linked with libpng to crash when the file was manipulated.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5491 | | Related CVE(s): | CVE-2007-2445 | | Last Modified: | Jun 7 02:18:46 2007 |
| MD5 Checksum: | 6ce6e06e41a0642ff41b2db091ad2d4a |
|
| /// File Name: |
MDKSA-2007-114.txt |
Description:
|
Mandriva Linux Security Advisory - The update to correct CVE-2007-1536 (MDKSA-2007:067), a buffer overflow in the file_printf() function, introduced a new integer overflow as reported by Colin Percival. This flaw, if an attacker could trick a user into running file on a specially crafted file, could possibly lead to the execution of arbitrary code with the privileges of the user running file. As well, in file 4.20, flawed regular expressions to identify OS/2 REXX files could lead to a denial of service via CPU consumption.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6926 | | Related CVE(s): | CVE-2007-2026, CVE-2007-2799 | | Last Modified: | Jun 7 02:17:51 2007 |
| MD5 Checksum: | 263caaec3eab0679a08a0df193a1ffc7 |
|
| /// File Name: |
ZDI-07-035.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Computer Associates products. The specific flaw exists within the processing of an improperly defined "coffFiles" field in .CAB archives. Large values result in an unbounded data copy operation which can result in an exploitable stack-based buffer overflow.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3016 | | Related CVE(s): | CVE-2007-2864 | | Last Modified: | Jun 7 02:15:45 2007 |
| MD5 Checksum: | 566251f43a6cf08208def587e465ad08 |
|
| /// File Name: |
ZDI-07-034.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Computer Associates products. The specific flaw exists in the parsing of .CAB archives. When a long filename contained in the .CAB is processed by vete.dll an exploitable stack overflow may occur.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3302 | | Related CVE(s): | CVE-2007-2863 | | Last Modified: | Jun 7 02:14:35 2007 |
| MD5 Checksum: | cef1d956fd82ec9a47b70161d2cf255c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
