Section: .. / 0802-advisories /
| /// File Name: |
01.31.08-1.txt |
Description:
|
iDefense Security Advisory 01.31.08 - Local exploitation of a file creation vulnerability in IBM Corp.'s Informix Dynamic Server allows attackers to elevate privileges to root. When the SQLIDEBUG environment variable is set, several set-uid binaries will log debugging information to the specified file. iDefense confirmed the existence of this vulnerability in IBM Corp.'s Informix Dynamic Server version 10.00 UC6TL installed on a Linux system. Other versions are also suspected as vulnerable. Versions for other supported Unix systems should also be considered vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3241 | | Related CVE(s): | CVE-2008-0369 | | Last Modified: | Feb 4 14:47:12 2008 |
| MD5 Checksum: | fdfce2c86d8edbe276b7745ff0819a4a |
|
| /// File Name: |
01.31.08-2.txt |
Description:
|
iDefense Security Advisory 01.31.08 - Local exploitation of a file creation vulnerability in IBM Corp.'s Informix Dynamic Server allows attackers to elevate privileges to root. The set-uid root "onedcu" command requires six parameters to be specified when it is executed. The second parameter is a "Trace" file that this program will open and write to with elevated privileges.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3136 | | Related CVE(s): | CVE-2008-0368 | | Last Modified: | Feb 4 14:47:49 2008 |
| MD5 Checksum: | 86e2218851920479b4f3aec7120e1fee |
|
| /// File Name: |
02.04.08-1.txt |
Description:
|
iDefense Security Advisory 02.04.08 - Remote exploitation of a denial of service vulnerability in Hewlett-Packard's Network Node Manager product allows attackers to crash the ovtopmd process. The ovtopmd process contains an implementation error, in which it attempts to access an invalid memory address based on data within the TCP stream. By sending a specially crafted request, an attacker can cause the service to crash. iDefense has confirmed this vulnerability in HP's OpenView Network Node Manager 7.5 with all updates applied as of May 14th, 2007.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3311 | | Related CVE(s): | CVE-2008-0212 | | Last Modified: | Feb 6 14:49:22 2008 |
| MD5 Checksum: | 194a9bd39f153deec3701786f281e4bf |
|
| /// File Name: |
02.07.08-1.txt |
Description:
|
iDefense Security Advisory 02.07.08 - Local exploitation of a library loading vulnerability in IBM Corp.'s DB2 Universal Database could allow attackers to gain root privileges. When the DB2INSTANCE environment variable is set, the libdb2 library will use the corresponding user's directory in place of the DB2 instance directory. This allows an unprivileged local user to control the directory structure on which several set-uid root binaries operate. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s DB2 Universal Database 9.1 with FixPack 2 installed on a Linux system. Other versions, including those for other UNIX systems, are also suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3749 | | Related CVE(s): | CVE-2007-5757 | | Last Modified: | Feb 7 23:26:30 2008 |
| MD5 Checksum: | b0bfa4ee621d60cb4db6c9c3e2745456 |
|
| /// File Name: |
02.07.08-2.txt |
Description:
|
iDefense Security Advisory 02.07.08 - Remote exploitation of a memory corruption vulnerability within version 9.1 of IBM Corp.'s DB2 Universal Database Administration Server (DAS) allows attackers to crash the service or potentially execute arbitrary code in the context of the affected service. iDefense has confirmed the existence of this vulnerability in the DAS (db2dassrm) as included with DB2 9.1 with Fix Pack 2 for both Linux and Windows platforms. Previous versions, as well as builds for other platforms, are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4180 | | Related CVE(s): | CVE-2007-3676 | | Last Modified: | Feb 7 23:27:37 2008 |
| MD5 Checksum: | 77c7a11e062f401ce426e2c6b5e41b14 |
|
| /// File Name: |
02.08.08-1.txt |
Description:
|
iDefense Security Advisory 02.08.08 - Remote exploitation of an insecure method exposed by the JavaScript library in Adobe Reader and Acrobat could allow an attacker to execute arbitrary code as the current user. Adobe Reader and Acrobat implement a version of JavaScript in the EScript.api plug-in which is based on the reference implementation used in Mozilla products. One of the methods exposed allows direct control over low level features of the object, which in turn allows execution of arbitrary code. iDefense has confirmed this vulnerability exists in Adobe Reader 8.1 on Windows XP SP2. It is likely that other Adobe products that handle PDF files, including previous versions of Adobe Reader, are also affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 4107 | | Related CVE(s): | CVE-2007-5663 | | Last Modified: | Feb 11 14:17:21 2008 |
| MD5 Checksum: | 81ae9d30d67bdd25fb243122fe848dbc |
|
| /// File Name: |
02.08.08-2.txt |
Description:
|
iDefense Security Advisory 02.08.08 - Remote exploitation of an unsafe library path vulnerability in Adobe Systems Inc.'s Adobe Reader may allow attackers to execute arbitrary code as the current user. This vulnerability is due to Adobe Reader using a path for "Security Provider" libraries that contains the directory the application was started in. Security Provider libraries provide encryption and signature verification routines to applications. If the current directory contains a file with the same name as a Security Provider library, the file will be loaded into the application, potentially allowing code execution. iDefense has confirmed this vulnerability exists in Adobe Reader 8.1 installed on Windows XP and Windows Vista. Previous versions, as well as those for other platforms, may also be affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 4342 | | Related CVE(s): | CVE-2007-5666 | | Last Modified: | Feb 11 14:17:57 2008 |
| MD5 Checksum: | 38a5bc58a8ae1fc704006f3dbc4c00ed |
|
| /// File Name: |
02.08.08-3.txt |
Description:
|
iDefense Security Advisory 02.08.08 - Remote exploitation of multiple stack-based buffer overflows in JavaScript methods in Adobe Reader and Acrobat could allow an attacker to execute arbitrary code as the current user. These issues exist due to insufficient input validation in several JavaScript methods. Inadequate checking is performed on the string length before it is copied into a fixed sized buffer on the stack. If an attacker supplies a long string, control structures on the stack may be modified, allowing the execution of arbitrary code. iDefense has confirmed these vulnerabilities exist in Adobe Reader 8.1 on Windows XP SP2. It is likely that other Adobe products that handle PDF files, including previous versions of Adobe Reader, are also affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 4052 | | Related CVE(s): | CVE-2007-5659 | | Last Modified: | Feb 11 14:18:35 2008 |
| MD5 Checksum: | a35ddd3374aaad131a1aa65c950f950b |
|
| /// File Name: |
02.12.08-1.txt |
Description:
|
iDefense Security Advisory 02.12.08 - Remote exploitation of an integer overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. iDefense has confirmed the existence of this vulnerability in ClamAV 0.92. Previous versions may also be affected.
| | Author: | Silvio Cesare | | Homepage: | http://www.idefense.com/ | | File Size: | 3814 | | Related CVE(s): | CVE-2008-0318 | | Last Modified: | Feb 12 17:33:32 2008 |
| MD5 Checksum: | a9128520f7d7444bc6ac5e793ff7954f |
|
| /// File Name: |
02.12.08-2.txt |
Description:
|
iDefense Security Advisory 02.12.08 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Works Converter, as included with Microsoft Office, could potentially allow an attacker to execute arbitrary code as the current user. This vulnerability stems from improper input validation of OLE structures within wkcvqd01.dll when converting a Microsoft Works document (WPS extension) to Rich Text Format (RTF). When certain fields are modified, such as the length or count values, heap corruption can occur. This leads to a potentially exploitable condition. iDefense has confirmed that wkcvqd01.dll version 7.03.0616.0, as included with Microsoft Office 2003, is vulnerable to this issue. Older versions are assumed to be vulnerable as well. Additionally, Microsoft Works itself is suspected to be vulnerable.
| | Author: | Damian Put | | Homepage: | http://www.idefense.com/ | | File Size: | 4030 | | Related CVE(s): | CVE-2007-0216 | | Last Modified: | Feb 12 21:47:57 2008 |
| MD5 Checksum: | 08d9b1088229a0b470104e19a8c1a6ba |
|
| /// File Name: |
02.12.08-3.txt |
Description:
|
iDefense Security Advisory 02.12.08 - Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Works Converter allows attackers to execute arbitrary code as the current user. This vulnerability stems from improper input validation of section length headers when converting a Microsoft Works document (WPS extension) to Rich Text Format (RTF). When certain fields are modified, such as the length or count values, a stack-based buffer overflow occurs. This leads to a directly exploitable condition. iDefense confirmed that wkcvqd01.dll version 7.03.0616.0, as included with Microsoft Office 2003, is vulnerable. Older versions of Microsoft Office as well as Microsoft Works are also assumed vulnerable.
| | Author: | sillypea | | Homepage: | http://www.idefense.com/ | | File Size: | 4020 | | Related CVE(s): | CVE-2008-0108 | | Last Modified: | Feb 12 21:50:04 2008 |
| MD5 Checksum: | ee77d750d6c26ba974b04cc311b3d90c |
|
| /// File Name: |
02.12.08-4.txt |
Description:
|
iDefense Security Advisory 02.12.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer web browser allows attackers to execute arbitrary code within the context of the affected user. When certain properties are assigned malformed values, memory can be corrupted in a way that leads to Internet Explorer making a call to a member function of an already released property object. If the memory location of the released property object happens to be filled by attacker controlled content, the attacker can execute arbitrary code. iDefense testing shows that Internet Explorer 6.0 and Internet Explorer 7.0, with all available security patches as of October 22nd, 2007, are vulnerable. Older versions of Internet Explorer may also be vulnerable.
| | Author: | hyy | | Homepage: | http://www.idefense.com/ | | File Size: | 3583 | | Related CVE(s): | CVE-2008-0077 | | Last Modified: | Feb 12 21:51:12 2008 |
| MD5 Checksum: | 4d18eb70c0164aefaeaf8f513ab07c2e |
|
| /// File Name: |
02.12.08-5.txt |
Description:
|
iDefense Security Advisory 02.12.08 - Remote exploitation of multiple integer overflow vulnerabilities in Adobe Systems Inc.'s Flash Media Server 2 could allow an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of these vulnerabilities in Flash Media Server 2 version 2.0.4 on Windows. Previous versions, as well as the Linux version, may also be affected.
| | Author: | Sebastian Apelt | | Homepage: | http://www.idefense.com/ | | File Size: | 3981 | | Related CVE(s): | CVE-2007-6149 | | Last Modified: | Feb 12 21:53:43 2008 |
| MD5 Checksum: | c01b3d0bd61486b81a51c53670a21e62 |
|
| /// File Name: |
02.12.08-6.txt |
Description:
|
iDefense Security Advisory 02.12.08 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Media Server 2 could allow an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in Flash Media Server 2 version 2.0.4 on Windows. Previous versions, as well as the Linux version, may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3875 | | Related CVE(s): | CVE-2007-6148 | | Last Modified: | Feb 12 21:54:44 2008 |
| MD5 Checksum: | 7fa9af0e97539be892bb793f90a0390c |
|
| /// File Name: |
02.19.08-1.txt |
Description:
|
iDefense Security Advisory 02.19.08 - Remote exploitation of multiple heap overflow vulnerabilities in EMC Corp.'s RepliStor could allow an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of these vulnerabilities in EMC RepliStor version 6.2 SP2. Previous versions may also be affected.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3122 | | Related CVE(s): | CVE-2007-6426 | | Last Modified: | Feb 21 00:39:20 2008 |
| MD5 Checksum: | 8fdd689c073572f029a49569de013795 |
|
| /// File Name: |
02.20.08-1.txt |
Description:
|
iDefense Security Advisory 02.20.08 - Remote exploitation of a denial of service vulnerability in Symantec Corp.'s Veritas Storage Foundation scheduler service could allow an unauthenticated attacker to crash the service. iDefense Labs have confirmed Veritas Storage Foundation for Windows version 5.0 (with VxSchedService.exe version 5.0.9.298) is vulnerable. It is suspected that all previous versions are vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3492 | | Related CVE(s): | CVE-2007-4516 | | Last Modified: | Feb 21 00:40:58 2008 |
| MD5 Checksum: | 5224c4874af2a3b22c52e80f16b86220 |
|
| /// File Name: |
02.26.08-1.txt |
Description:
|
iDefense Security Advisory 02.26.08 - Remote exploitation of a Denial of Service vulnerability in Symantec Scan Engine version 5.1.2 could allow an unauthenticated attacker to create a denial of service (DoS) condition. Symantec Scan Engine listens on TCP port 1344 to accept files for scanning using the Internet Content Adaptation Protocol (ICAP). If the service is sent a malformed RAR file, the service will consume massive amounts of memory. This can result in a denial of service condition for the application and operating system. iDefense confirmed the existence of this vulnerability in Symantec Scan Engine 5.1.2. This issue affects both the Windows and Linux builds of the product. Previous versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3570 | | Related CVE(s): | CVE-2008-0308 | | Last Modified: | Feb 26 19:36:40 2008 |
| MD5 Checksum: | 3bdef4d0c069163afa87e6e53aa82965 |
|
| /// File Name: |
02.26.08-2.txt |
Description:
|
iDefense Security Advisory 02.26.08 - Remote exploitation of a stack based buffer overflow vulnerability in Symantec Scan Engine version 5.1.2 could allow an unauthenticated attacker to execute arbitrary code with the privileges of the scan engine process. Symantec Scan Engine listens on TCP port 1344 to accept files for scanning using the Internet Content Adaptation Protocol (ICAP). If the service is sent a specially malformed RAR file, a stack-based buffer overflow will occur. iDefense has confirmed this vulnerability in the Linux build of the Symantec Scan Engine version 5.1.2. This issue does not affect the Windows build of the product. Previous versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3619 | | Related CVE(s): | CVE-2008-0309 | | Last Modified: | Feb 26 19:37:32 2008 |
| MD5 Checksum: | 28d026ef014680041c7b0b128293e0ef |
|
| /// File Name: |
02.26.08-3.txt |
Description:
|
iDefense Security Advisory 02.26.08 - Remote exploitation of a heap based buffer overflow vulnerability in Mozilla Organization's Thunderbird could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists when parsing the external-body MIME type in an electronic mail. When calculating the number of bytes to allocate for a heap buffer, sufficient space is not reserved for all of the data being copied into the buffer. This results in up to 3 bytes of the buffer being overflowed, potentially allowing for the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Thunderbird version 2.0.0.9 on Linux and Windows. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3904 | | Related CVE(s): | CVE-2008-0304 | | Last Modified: | Feb 26 19:38:41 2008 |
| MD5 Checksum: | ddaf07621a1a38f7abc2ec79b61d446a |
|
| /// File Name: |
2008_symarkpb.pdf |
Description:
|
Symark PowerBroker Security Advisory - A vulnerability has been identified in Symark's PowerBroker suite that allows an attacker with local access to gain root access. Versions up to and including 5.0.1 are vulnerable.
| | Author: | Michael Ligh, Greg Sinclair | | Homepage: | http://www.symark.com/ | | File Size: | 107012 | | Last Modified: | Feb 27 13:31:35 2008 |
| MD5 Checksum: | 35be0bd2cbb4b0b7fba154ae9bfa29e8 |
|
| /// File Name: |
adobe-print.txt |
Description:
|
A design error vulnerability exists in Adobe Reader and Adobe Acrobat Professional. A remote attacker who successfully exploit this vulnerability can control the printer without user's permission. Affected software versions include Adobe Reader 8.1.1 and below and Adobe Acrobat Professional 8.1.1 and below.
| | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | File Size: | 1301 | | Last Modified: | Feb 7 23:32:09 2008 |
| MD5 Checksum: | 18d7663c9bdf663b2b385e73e35eb32a |
|
| /// File Name: |
aps-overflow.txt |
Description:
|
Anon Proxy Server version 0.102 and below suffer from a remote buffer overflow vulnerability.
| | Author: | L4teral | | File Size: | 1533 | | Last Modified: | Feb 4 13:50:08 2008 |
| MD5 Checksum: | 8e9f78c5cdd54f2a3eeb489f9ee0570b |
|
| /// File Name: |
asus-samba.txt |
Description:
|
The ASUS Eee PC as shipped with Xandros comes with a vulnerable version of Samba installed that allows for remote compromise.
| | Homepage: | http://www.risesecurity.org/ | | File Size: | 5077 | | Last Modified: | Feb 8 17:26:29 2008 |
| MD5 Checksum: | 0c58ff1acc1480a4349bdc34730d9cf7 |
|
| /// File Name: |
beehive-hardcode.txt |
Description:
|
The Beehive/SendFile.NET Secure File Transfer appliance appears to have credentials hardcoded within the outboxWriteUnsent() function of the FTPThread.class file of SendFile.jar.
| | Author: | Brad Antoniewicz | | File Size: | 1344 | | Last Modified: | Mar 3 14:19:59 2008 |
| MD5 Checksum: | 704d2fd0218615186c6c97c7a8362b90 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
