Section: .. / 0711-advisories /
| /// File Name: |
11.02.07-1.txt |
Description:
|
iDefense Security Advisory 11.02.07 - Local exploitation of a format string vulnerability in the srsexec binary, optionally included in Sun Microsystems Inc.'s Solaris 10, allows attackers to execute arbitrary code with root privileges. iDefense has confirmed the existence of this vulnerability in Solaris 10 with the SUNWsrspx package installed.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3582 | | Related CVE(s): | CVE-2007-3880 | | Last Modified: | Nov 6 01:44:17 2007 |
| MD5 Checksum: | a0eb88220442081d4c3544fe4dd117f2 |
|
| /// File Name: |
11.05.07-1.txt |
Description:
|
iDefense Security Advisory 11.05.07 - Remote exploitation of a heap overflow vulnerability in Apple Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. iDefense Labs confirmed this vulnerability exists in QuickTime VR extension 7.2.0.240 as included in QuickTime Player 7.2. Previous versions are suspected to be vulnerable.
| | Author: | Mario Ballano | | Homepage: | http://www.idefense.com/ | | File Size: | 3633 | | Related CVE(s): | CVE-2007-4675 | | Last Modified: | Nov 6 01:50:33 2007 |
| MD5 Checksum: | ebd58748685934aa13fc129c4ca68aa6 |
|
| /// File Name: |
11.06.07-1.txt |
Description:
|
iDefense Security Advisory 11.06.07 - Local exploitation of a design error vulnerability in Microsoft's DebugView could allow attackers to execute arbitrary kernel code. As part of its design, DebugView loads a kernel module Dbgv.sys. This module includes functionality that can be abused to copy user supplied data into the kernel, to controlled addresses. This allows malicious users to inject arbitrary code into the running kernel. iDefense confirmed the existence of this vulnerability in Microsoft DebugView version 4.64. The specific file version of Dbgv.sys is 4.60.0.0. This file is deleted automatically after being loaded and will not be found on disk. Previous versions are suspected to be vulnerable as well.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3322 | | Related CVE(s): | CVE-2007-4223 | | Last Modified: | Nov 6 23:19:20 2007 |
| MD5 Checksum: | 87ee8e8b4f4b5d6e9b73f52c5547ba4f |
|
| /// File Name: |
11.07.07-1.txt |
Description:
|
iDefense Security Advisory 11.07.07 - Remote exploitation of a buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle Corp.'s Database 10gR2 could allow a user with an authenticated session to execute arbitrary code in the context of the database account. iDefense has confirmed this vulnerability on Oracle Database 10g Release 2 with all Critical Patch Updates as of February 2007. Previous versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3300 | | Related CVE(s): | CVE-2007-4517 | | Last Modified: | Nov 7 19:16:25 2007 |
| MD5 Checksum: | a291bd96c2b3f9110f82d58663e9caab |
|
| /// File Name: |
11.09.07-1.txt |
Description:
|
iDefense Security Advisory 11.09.07 - Remote exploitation of multiple buffer overflow vulnerabilities in AOL's AmpX ActiveX control could allow attackers to execute arbitrary code with the credentials of the user visiting a malicious website. Several methods within the vulnerable ActiveX control (CLSID B49C4597-8721-4789-9250-315DFBD9F525) were found to be vulnerable to stack-based buffer overflows. In each case, variable length attacker supplied data is copied into a fixed-size stack buffer using the strcpy() function. Since no input validation is performed, it is possible to corrupt stack memory, resulting in an exploitable condition. iDefense has confirmed the existence of this vulnerability in version 2.6.1.11 of America Online's AmpX.dll. Other versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3927 | | Related CVE(s): | CVE-2007-5755 | | Last Modified: | Nov 9 18:07:31 2007 |
| MD5 Checksum: | 8a8729cd693564fd75b4df22dc3d79b3 |
|
| /// File Name: |
11.09.07-2.txt |
Description:
|
iDefense Security Advisory 11.09.07 - Local exploitation of a directory traversal vulnerability in IBM Corp.'s Informix Dynamic Server allows attackers to elevate privileges to root. This vulnerability exists due to insufficient checking for directory traversal sequences when processing the DBLANG environment variable. By using values containing directory traversal specifiers, such as "../", an attacker can cause set-uid binaries to use Native Language Support (NLS) message files under their control. iDefense confirmed the existence of this vulnerability in IBM Corp.'s Informix Dynamic Server version 10.00 UC6TL installed on a Linux system. Other versions are also suspected as vulnerable. Versions for other supported Unix systems should also be considered vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3995 | | Related CVE(s): | CVE-2007-5670 | | Last Modified: | Nov 9 18:09:25 2007 |
| MD5 Checksum: | a34eb657aa0ca282313ff895926cc760 |
|
| /// File Name: |
11.12.07-1.txt |
Description:
|
iDefense Security Advisory 11.12.07 - Local exploitation of an invalid array indexing vulnerability in the NPF.SYS device driver of WinPcap allows attackers to execute arbitrary code in kernel context. The problem specifically exists within the bpf_filter_init function. In several places throughout this function, values supplied from a potential attacker are used as array indexes without proper bounds checking. By making IOCTL requests with specially chosen values, attackers are able to corrupt the stack, or pool memory, within the kernel. iDefense has confirmed the existence of this vulnerability in version 4.0.1 of WinPcap as included in Wireshark 0.99.6a. The version of NPF.SYS tested was 4.0.0.901. iDefense suspects older versions to also be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3806 | | Related CVE(s): | CVE-2007-5756 | | Last Modified: | Nov 12 23:26:43 2007 |
| MD5 Checksum: | ccb4207f94afc8cd90c0b5776dc0c638 |
|
| /// File Name: |
11.12.07-2.txt |
Description:
|
iDefense Security Advisory 11.12.07 - Local exploitation of an input validation error vulnerability within Novell NetWare Client could allow an unprivileged attacker to execute arbitrary code within the kernel. iDefense has confirmed the existence of this vulnerability in nwfilter.sys, file version 4.91.1.1, as included with Novell's NetWare Client 4.91 SP4. Other versions are suspected vulnerable as well.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3709 | | Related CVE(s): | CVE-2007-5667 | | Last Modified: | Nov 14 01:44:58 2007 |
| MD5 Checksum: | 1649d7033630962f4294717eba16002e |
|
| /// File Name: |
11.14.07-1.txt |
Description:
|
iDefense Security Advisory 11.14.07 - Local exploitation of a heap based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within a function responsible for sending an ASP (AppleTalk Session Protocol) message on an AppleTalk socket. When allocating a buffer, the kernel uses a user provided integer to perform an arithmetic operation that calculates the number of bytes to allocate. This calculation can overflow, leading to the allocation of a buffer of insufficient size. This results in an exploitable heap based buffer overflow within the kernel. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4022 | | Related CVE(s): | CVE-2007-4269 | | Last Modified: | Nov 14 21:18:12 2007 |
| MD5 Checksum: | 5bd7873cfc1a981a20a28fff6f9c381f |
|
| /// File Name: |
11.14.07-2.txt |
Description:
|
iDefense Security Advisory 11.14.07 - Local exploitation of a stack based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within the function responsible for adding an AppleTalk zone to an interface's routing table. A zone can be thought of as something similar to a Windows Domain. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3858 | | Related CVE(s): | CVE-2007-4267 | | Last Modified: | Nov 14 21:19:25 2007 |
| MD5 Checksum: | ea8d9166977c7f47a836f402e57a0fd4 |
|
| /// File Name: |
11.14.07-3.txt |
Description:
|
iDefense Security Advisory 11.14.07 - Local exploitation of a heap based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within a function responsible for allocating an mbuf. mbufs are a BSD concept, long used by BSD kernels to allocate buffers for storing network related data. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4105 | | Related CVE(s): | CVE-2007-4268 | | Last Modified: | Nov 14 21:20:14 2007 |
| MD5 Checksum: | 6de650a9d042d02fefa2db42ec8f8855 |
|
| /// File Name: |
11.14.07-4.txt |
Description:
|
iDefense Security Advisory 11.14.07 - Local exploitation of an access validation vulnerability in Apple Inc.'s Mac OS X could allow an attacker to execute arbitrary code with root privileges. When executing a setuid-root binary, the Mach kernel does not reset the current thread Mach port, or the current thread Mach Exception Port. By first creating and obtaining write access to a Mach port, and then executing a set-uid root binary, an attacker can write arbitrary data into the address space of the process running as root. This leads to arbitrary code execution in the privileged process.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3382 | | Related CVE(s): | CVE-2007-3749 | | Last Modified: | Nov 14 21:20:49 2007 |
| MD5 Checksum: | db69f1be2a8ab12fae9c857505ecbf9d |
|
| /// File Name: |
AD20071116.txt |
Description:
|
AhnLab AntiVirus V3 Internet Security 2008 suffers from a denial of service condition that may lead to arbitrary code execution.
| | Author: | Sowhat | | Homepage: | http://www.nevisnetworks.com/ | | File Size: | 2745 | | Last Modified: | Nov 26 15:48:06 2007 |
| MD5 Checksum: | 7725e779e01714f6a14a54ea4885a2f5 |
|
| /// File Name: |
adobe-cdpfr.txt |
Description:
|
Canonicalization issues in Adobe Macromedia Flash Player version 9.0 r31 allow for the manipulation of the cross domain policy file source.
| | Author: | Antonio Parata | | Homepage: | http://www.ictsc.it/ | | File Size: | 4965 | | Last Modified: | Nov 9 20:24:41 2007 |
| MD5 Checksum: | fdd986ac6d562bd8d7748ae7198bd672 |
|
| /// File Name: |
advisory-2007-11-14.txt |
Description:
|
Microsoft Windows 2003 SP2 and Microsoft Windows 2000 SP4 Server suffer from a predictable DNS transaction ID vulnerability.
| | Homepage: | http://www.scanit.be/ | | File Size: | 9628 | | Related CVE(s): | CVE-2007-3898 | | Last Modified: | Nov 14 20:57:23 2007 |
| MD5 Checksum: | 3b83bbcf9f9e2e26908f782de3e8b2c3 |
|
| /// File Name: |
aida-disclose.txt |
Description:
|
Aida-Web may suffer from some information exposure vulnerabilities.
| | Author: | MC Iglo | | File Size: | 770 | | Last Modified: | Nov 16 02:15:13 2007 |
| MD5 Checksum: | ec86e1096fe986eb00737c870438e9cb |
|
| /// File Name: |
AST-2007-024.txt |
Description:
|
Asterisk Project Security Advisory - This advisory is a response to a false security vulnerability published in several places on the Internet. Had Asterisk's developers been notified prior to its publication, there would be no need for this. There is a potential for a buffer overflow in the sethdlc application; however, running this application requires root access to the server, which means that exploiting this vulnerability gains the attacker no more advantage than what he already has. As such, this is a bug, not a security vulnerability.
| | Author: | Michal Bucko,Mark Michelson | | Homepage: | http://www.asterisk.org/security | | File Size: | 8005 | | Related CVE(s): | CVE-2007-5690 | | Last Modified: | Nov 8 18:48:00 2007 |
| MD5 Checksum: | 4e70e810f66fe1da827e00a4ea82b022 |
|
| /// File Name: |
AST-2007-025.txt |
Description:
|
Asterisk Project Security Advisory - A SQL injection vulnerability exists in Asterisk versions prior to 1.4.15. Input buffers were not properly escaped when providing lookup data to the Postgres Realtime Engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things.
| | Author: | P. Chisteas, Tilghman Lesher | | Homepage: | http://www.asterisk.org/security | | File Size: | 7826 | | Last Modified: | Nov 30 01:53:45 2007 |
| MD5 Checksum: | ffa2808110235fd54fffd855e12201bc |
|
| /// File Name: |
AST-2007-026.txt |
Description:
|
Asterisk Project Security Advisory - A SQL injection vulnerability exists in Asterisk versions prior to 1.4.15. Input buffers were not properly escaped when providing the ANI and DNIS strings to the Call Detail Record Postgres logging engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things.
| | Author: | Tilghman Lesher | | Homepage: | http://www.asterisk.org/security | | File Size: | 7982 | | Last Modified: | Nov 30 01:54:47 2007 |
| MD5 Checksum: | c6c1a7986ed7ead3dab0bea6978ffb05 |
|
| /// File Name: |
bt-pwnage.txt |
Description:
|
Pwning the BT Home Hub details have been published. Various cross site scripting and cross site request forgery issues still exist.
| | Author: | pagvac | | Homepage: | http://www.gnucitizen.org/ | | File Size: | 2331 | | Last Modified: | Nov 12 22:39:42 2007 |
| MD5 Checksum: | 33bf36a9c0244909428ecd0367127de6 |
|
| /// File Name: |
certspoof.txt |
Description:
|
Mozilla based browsers (Firefox, Netscape, etc), Konqueror and Safari 2 do not bind a user-approved webserver certificate to the originating domain name. This makes the user vulnerable to certificate spoofing by "subjectAltName:dNSName" extensions.
| | Author: | Nils Toedtmann | | File Size: | 2060 | | Last Modified: | Nov 26 16:41:42 2007 |
| MD5 Checksum: | b875aafb6dd3bf1718f4e57709f83c5e |
|
| /// File Name: |
citrix-weakcookie.txt |
Description:
|
Citrix NetScaler version 8.0 suffers from a weakly encrypted cookie vulnerability in the web management interface.
| | Author: | nnposter | | File Size: | 2427 | | Last Modified: | Nov 26 22:18:33 2007 |
| MD5 Checksum: | 8cd1ed5dff39d61e48a4bd386c1acff0 |
|
| /// File Name: |
CORE-2007-0821.txt |
Description:
|
Core Security Technologies Advisory - Lotus Notes suffers from a buffer overflow vulnerability in the Lotus WorkSheet file processor.
| | Author: | Sebastian Muniz | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 20462 | | Last Modified: | Nov 27 22:58:14 2007 |
| MD5 Checksum: | e0009b217f9e9c384b7525d52f75893f |
|
| /// File Name: |
dsa-1397-1.txt |
Description:
|
Debian Security Advisory 1397-1 - An integer overflow in the BigInteger data type implementation has been discovered in the free .NET runtime Mono.
| | Homepage: | http://www.debian.org/security | | File Size: | 17703 | | Related CVE(s): | CVE-2007-5197 | | Last Modified: | Nov 5 11:06:53 2007 |
| MD5 Checksum: | 9991fafcf62bba66166e119577ac57c8 |
|
| /// File Name: |
dsa-1398-1.txt |
Description:
|
Debian Security Advisory 1398-1 - Bernhard Mueller of SEC Consult has discovered a format string vulnerability in perdition, an IMAP proxy. This vulnerability could allow an unauthenticated remote user to run arbitrary code on the perdition server by providing a specially formatted IMAP tag.
| | Homepage: | http://www.debian.org/security | | File Size: | 23513 | | Related CVE(s): | CVE-2007-5740 | | Last Modified: | Nov 5 11:46:42 2007 |
| MD5 Checksum: | 363e8fa0b444b529bc20aa00f902c094 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
