Section: .. / 0711-advisories /
| /// File Name: |
SSRT071484.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in the Aries PA-RISC emulation software running on HP-UX IA-64 platforms only. This vulnerability may allow local unauthorized access.
| | Homepage: | http://www.hp.com/ | | File Size: | 6167 | | Last Modified: | Nov 8 18:36:19 2007 |
| MD5 Checksum: | b37ed6fcf3812f73f0e2bf08547f9d5b |
|
| /// File Name: |
SSRT071485.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP Secure Shell. The vulnerability could be exploited remotely to gain extended privileges.
| | Homepage: | http://www.hp.com/ | | File Size: | 6703 | | Related CVE(s): | CVE-2007-4752 | | Last Modified: | Nov 12 23:29:25 2007 |
| MD5 Checksum: | 2150f26620e2f6c3b7296e1bad71fb2b |
|
| /// File Name: |
SSRT071498.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com/ | | File Size: | 8493 | | Last Modified: | Nov 26 22:29:13 2007 |
| MD5 Checksum: | 6a9e01625b66130071659acf429cd464 |
|
| /// File Name: |
SSRT071499.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX Apache. The vulnerability could be exploited remotely to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 7377 | | Related CVE(s): | CVE-2007-5135 | | Last Modified: | Nov 30 01:04:22 2007 |
| MD5 Checksum: | 01a4cbc604d81903355a69b1541136cc |
|
| /// File Name: |
SUSE-SA-2007-060.txt |
Description:
|
SUSE Security Announcement - Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream:: readProgressiveDataUnit(). Another method in the same class named reset() is vulnerable to an integer overflow which leads to an overflow on the heap. The last bug also causes an overflow on the heap but this time in method lookChar() of class CCITTFaxStream.
| | Homepage: | http://www.suse.com | | File Size: | 59756 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Nov 14 21:05:21 2007 |
| MD5 Checksum: | ff6840ca89a9d121a0be10b428b0703d |
|
| /// File Name: |
swf-overflow.txt |
Description:
|
The ShockwaveVersion() function in Adobe Shockwave appears to suffer from a stack overflow vulnerability.
| | Author: | Elazar Broad | | File Size: | 744 | | Last Modified: | Nov 9 12:48:42 2007 |
| MD5 Checksum: | f351630dc07d015bb403b4b5f9f56e22 |
|
| /// File Name: |
SYM07-029.txt |
Description:
|
Symantec Backup Exec for Windows Servers (BEWS) may be susceptible to multiple denial of service attacks (DoS) if maliciously formatted packets are passed to the BEWS Job Engine. Versions affected are Symantec Backup Exec for Windows Servers 11d and 11.0.6325.
| | Homepage: | http://www.symantec.com/ | | File Size: | 4872 | | Related CVE(s): | CVE-2007-4346, CVE-2007-4347 | | Last Modified: | Nov 28 20:14:21 2007 |
| MD5 Checksum: | 3d13b69bded52fd01eb59c73aae1c1b7 |
|
| /// File Name: |
TA07-310A.txt |
Description:
|
Technical Cyber Security Alert TA07-310A - Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Versions below 7.3 are affected.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3498 | | Last Modified: | Nov 6 23:25:26 2007 |
| MD5 Checksum: | c54873a3a1cac4bb175fa9e38f28498a |
|
| /// File Name: |
TA07-317A.txt |
Description:
|
Technical Cyber Security Alert TA07-317A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Windows DNS Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary commands or to cause a Windows DNS server to provide incorrect DNS responses.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3975 | | Last Modified: | Nov 14 00:26:42 2007 |
| MD5 Checksum: | abf903fcb717f2ac6de1f00ee75983b9 |
|
| /// File Name: |
TA07-319A.txt |
Description:
|
Technical Cyber Security Alert TA07-319A - Apple has released Mac OS X 10.4.11 and Security Update 2007-008 to address multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Attackers may take advantage of the less serious vulnerabilities to bypass security restrictions or cause a denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4043 | | Last Modified: | Nov 16 02:24:07 2007 |
| MD5 Checksum: | 89ab9961b2b4060afaa56c9d1e3ec030 |
|
| /// File Name: |
TA07-334A.txt |
Description:
|
Technical Cyber Security Alert TA07-334A - Apple QuickTime contains a buffer overflow vulnerability in the way QuickTime processes Real Time Streaming Protocol (RTSP) streams. Exploitation of this vulnerability could allow an attacker to execute arbitrary code.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 6189 | | Last Modified: | Dec 2 15:40:22 2007 |
| MD5 Checksum: | af3a90f973dacfd90526128ee0e21b9e |
|
| /// File Name: |
tbsource-sql.txt |
Description:
|
It appears that the bittorrent tracker TBSource is susceptible to SQL injection attacks.
| | Author: | Emiliano Scavuzzo | | File Size: | 499 | | Last Modified: | Nov 12 20:08:14 2007 |
| MD5 Checksum: | b5636d8f3913a6068c774518cfb3a5ea |
|
| /// File Name: |
TKADV2007-001.txt |
Description:
|
The xnu kernel of Mac OS X contains a vulnerability in the code that handles TIOCSETD ioctl requests. Exploitation of this vulnerability can lead to denial of service and code execution.
| | Author: | Tobias Klein | | Homepage: | http://www.trapkit.de/ | | File Size: | 7208 | | Related CVE(s): | CVE-2007-4686 | | Last Modified: | Nov 16 02:37:22 2007 |
| MD5 Checksum: | 88c07513ac15b9342ddde37b417d5f43 |
|
| /// File Name: |
TPTI-07-20.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. QuickTime version 7.2 is affected.
| | Author: | Cody Pierce | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 1092 | | Related CVE(s): | CVE-2007-4674 | | Last Modified: | Nov 14 21:07:49 2007 |
| MD5 Checksum: | 84a8aa55dc1e1a424bd1184790f378bf |
|
| /// File Name: |
uph0701.txt |
Description:
|
Firefly Media Server versions 0.2.4 and below suffer from a remote denial of service condition due to a null pointer dereference when a : is missing.
| | Author: | nnp | | Homepage: | http://silenthack.co.uk/ | | Related Exploit: | uph0701.py.txt | | File Size: | 1110 | | Last Modified: | Nov 2 19:18:59 2007 |
| MD5 Checksum: | cf51e5c1fad2eaa8517c2beda717d3e1 |
|
| /// File Name: |
uph0702.txt |
Description:
|
Firefly Media Server versions 0.2.4 and below suffer from a remote denial of service condition due to a null pointer dereference during an unchecked increment of the header variable.
| | Author: | nnp | | Homepage: | http://silenthack.co.uk/ | | Related Exploit: | uph0702.py.txt | | File Size: | 1172 | | Last Modified: | Nov 2 19:22:00 2007 |
| MD5 Checksum: | f4c6ec52c94325a33bef950db7e30962 |
|
| /// File Name: |
uph0703.txt |
Description:
|
Firefly Media Server versions 0.2.4 and below suffer from a vsnprintf() related format string vulnerability.
| | Author: | nnp | | Homepage: | http://silenthack.co.uk/ | | Related Exploit: | uph0703.py.txt | | File Size: | 1595 | | Last Modified: | Nov 2 19:24:36 2007 |
| MD5 Checksum: | e8fdcd04b9f2b92882866ecdfc54f568 |
|
| /// File Name: |
USN-537-2.txt |
Description:
|
Ubuntu Security Notice 537-2 - USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes related problems in compiz.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6752 | | Related CVE(s): | CVE-2007-3920 | | Last Modified: | Nov 2 12:25:20 2007 |
| MD5 Checksum: | baa7ae66da6dda5f4cd2d2d07cf13721 |
|
| /// File Name: |
USN-539-1.txt |
Description:
|
Ubuntu Security Notice 539-1 - Alin Rad Pop discovered that CUPS did not correctly validate buffer lengths when processing IPP tags. Remote attackers successfully exploiting this vulnerability would gain access to the non-root CUPS user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 22279 | | Related CVE(s): | CVE-2007-4351 | | Last Modified: | Nov 6 02:02:04 2007 |
| MD5 Checksum: | 50b3c37d2081c84fab46045ac6314310 |
|
| /// File Name: |
USN-540-1.txt |
Description:
|
Ubuntu Security Notice 540-1 - Sean de Regge discovered that flac did not properly perform bounds checking in many situations. An attacker could send a specially crafted FLAC audio file and execute arbitrary code as the user or cause a denial of service in flac or applications that link against flac.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 25995 | | Related CVE(s): | CVE-2007-4619 | | Last Modified: | Nov 14 00:27:56 2007 |
| MD5 Checksum: | ea879a662e58a1fdb8ade00919919880 |
|
| /// File Name: |
USN-541-1.txt |
Description:
|
Ubuntu Security Notice 541-1 - Drake Wilson discovered that Emacs did not correctly handle the safe mode of "enable-local-variables". If a user were tricked into opening a specially crafted file while "enable-local-variables" was set to the non-default ":safe", a remote attacker could execute arbitrary commands with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4632 | | Related CVE(s): | CVE-2007-5795 | | Last Modified: | Nov 14 01:12:47 2007 |
| MD5 Checksum: | c10a63bd4549947ef08024c1805fa296 |
|
| /// File Name: |
USN-542-1.txt |
Description:
|
Ubuntu Security Notice 542-1 - Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 25606 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Nov 14 01:14:02 2007 |
| MD5 Checksum: | 6a3cdb4262a56a28bb1e8531133cb0e7 |
|
| /// File Name: |
USN-542-2.txt |
Description:
|
Ubuntu Security Notice 542-2 - USN-542-1 fixed a vulnerability in poppler. This update provides the corresponding updates for KWord, part of KOffice. Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 47468 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Nov 16 02:48:42 2007 |
| MD5 Checksum: | bac4e1bd42fa4b7ac989e879f7e27092 |
|
| /// File Name: |
USN-543-1.txt |
Description:
|
Ubuntu Security Notice 543-1 - Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server did not correctly handle certain packet structures. Remote attackers could send specially crafted packets and gain root privileges. Rafal Wojtczvk discovered multiple memory corruption issues in VMWare Player. Attackers with administrative privileges in a guest operating system could cause a denial of service or possibly execute arbitrary code on the host operating system.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 24651 | | Related CVE(s): | CVE-2007-0061, CVE-2007-0062, CVE-2007-0063, CVE-2007-4496, CVE-2007-4497 | | Last Modified: | Nov 16 02:50:37 2007 |
| MD5 Checksum: | 24a482be135004abb40a5ba0e1911e58 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
