Section: .. / 0802-advisories /
| /// File Name: |
SSRT080013.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified with HP Select Identity software. The vulnerabilities could be exploited remotely to gain unauthorized access. The vulnerabilities can only be exploited by authenticated users.
| | Homepage: | http://www.hp.com/ | | File Size: | 6806 | | Related CVE(s): | CVE-2008-0214 | | Last Modified: | Feb 7 15:10:59 2008 |
| MD5 Checksum: | 6c3fbefb6a97627e3b0f4a31388b6e4e |
|
| /// File Name: |
SSRT080015.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Apache. The vulnerability could be exploited remotely to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 7526 | | Related CVE(s): | CVE-2007-6388 | | Last Modified: | Feb 13 17:27:37 2008 |
| MD5 Checksum: | 888ad8e79f814fca9cf8608b22e8ea27 |
|
| /// File Name: |
SSRT080016.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com/ | | File Size: | 11676 | | Last Modified: | Feb 21 20:10:50 2008 |
| MD5 Checksum: | b2f82d0e726c28d36d026749a5df01f8 |
|
| /// File Name: |
surgemailz.txt |
Description:
|
SurgeMail Mail Server version 38k4 and below and beta 39a along with Netwin's Webmail versions 3.1s and below are all susceptible to format string and buffer overflow vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | surgemailz.zip | | File Size: | 3180 | | Last Modified: | Feb 25 16:14:57 2008 |
| MD5 Checksum: | 9ea0da1e064b31e03535439af47761af |
|
| /// File Name: |
TA08-043A.txt |
Description:
|
Technical Cyber Security Alert TA08-043A - Adobe has released Security advisory APSA08-01 to address multiple vulnerabilities affecting Adobe Reader and Acrobat. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code. Systems affected include Adobe Reader version 8.1.1 and earlier and Adobe Acrobat Professional, 3D, and Standard versions 8.1.1 and earlier.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 5557 | | Last Modified: | Feb 12 17:19:52 2008 |
| MD5 Checksum: | 0407c861a14046c7b118780c3cc2a651 |
|
| /// File Name: |
TA08-043B.txt |
Description:
|
Technical Cyber Security Alert TA08-043B - Apple has released Security Update 2008-001 and OS X version 10.5.2 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service. Systems affected include Apple Mac OS X versions prior to and including 10.4.11 and 10.5.1 and Apple Mac OS X Server versions prior to and including 10.4.11 and 10.5.1.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3904 | | Last Modified: | Feb 12 17:23:40 2008 |
| MD5 Checksum: | 6b4004f683feedb3b039a315f37c464b |
|
| /// File Name: |
TA08-043C.txt |
Description:
|
Technical Cyber Security Alert TA08-043C - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Office, Visual Basic and Internet Information Services (IIS). Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, gain elevated privileges, or crash a vulnerable system. Systems affected include Microsoft Windows, Microsoft Internet Explorer, Microsoft Office, Microsoft Visual Basic, and Microsoft Internet Information Services (IIS).
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3817 | | Last Modified: | Feb 12 18:07:55 2008 |
| MD5 Checksum: | d902c4945e5dceea89f4faef71bf1477 |
|
| /// File Name: |
tomcat-disclose.txt |
Description:
|
Apache Tomcat versions 6.0.5 through 6.0.15 suffer from an interesting flaw. If an exception occurs during the processing of parameters then it is possible that the parameters submitted for that request will be incorrectly processed as part of a following request.
| | Homepage: | http://tomcat.apache.org/security.html | | File Size: | 978 | | Related CVE(s): | CVE-2008-0002 | | Last Modified: | Feb 8 18:01:34 2008 |
| MD5 Checksum: | 60b98ac1f2ff69dbe2e3779706818f68 |
|
| /// File Name: |
trend-bypass.txt |
Description:
|
It appears possible to bypass OfficeScan AV from Trend Micro by increasing an executable's virtual and raw size.
| | Author: | Danux | | File Size: | 667 | | Last Modified: | Feb 26 18:13:20 2008 |
| MD5 Checksum: | 9aaf38bcf49f7f28ec60ebf249995798 |
|
| /// File Name: |
udpsz.txt |
Description:
|
FTP Log Server versions 7.9.14.0 and below suffer from a denial of service vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 2126 | | Last Modified: | Feb 4 19:33:10 2008 |
| MD5 Checksum: | f37337d095daf8731fc7fa660f6480ae |
|
| /// File Name: |
USN-574-1.txt |
Description:
|
Ubuntu Security Notice 574-1 - A massive slew of vulnerabilities relating to the linux-source-2.6.17/20/22 packages have been addressed.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 156053 | | Related CVE(s): | CVE-2006-6058, CVE-2007-3107, CVE-2007-4567, CVE-2007-4849, CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2007-5501, CVE-2007-5966, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6417, CVE-2008-0001 | | Last Modified: | Feb 4 14:42:55 2008 |
| MD5 Checksum: | e768f5816148d5f5d28111789684935c |
|
| /// File Name: |
USN-576-1.txt |
Description:
|
Ubuntu Security Notice 576-1 - Code execution, cross site scripting, arbitrary upload, and a large amount of other vulnerabilities have been patched in Firefox.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 31729 | | Related CVE(s): | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0420, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594 | | Last Modified: | Feb 7 23:34:59 2008 |
| MD5 Checksum: | d874184c41ea454f78e3de284d23c156 |
|
| /// File Name: |
USN-577-1.txt |
Description:
|
Ubuntu Security Notice 577-1 - Wojciech Purczynski discovered that the vmsplice system call did not properly perform verification of user-memory pointers. A local attacker could exploit this to overwrite arbitrary kernel memory and gain root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 152828 | | Related CVE(s): | CVE-2008-0600 | | Last Modified: | Feb 12 17:28:37 2008 |
| MD5 Checksum: | bee560cfacf135bc2241a2028f3c38d5 |
|
| /// File Name: |
USN-578-1.txt |
Description:
|
Ubuntu Security Notice 578-1 - A large amount of denial of service, buffer overflow, and privilege escalation vulnerabilities have been addressed in the linux-source-2.6.15 package.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 45850 | | Related CVE(s): | CVE-2006-6058, CVE-2006-7229, CVE-2007-4133, CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6417, CVE-2008-0001 | | Last Modified: | Feb 14 13:16:32 2008 |
| MD5 Checksum: | f2daf3cf5596729d6924917165b47f86 |
|
| /// File Name: |
USN-579-1.txt |
Description:
|
Ubuntu Security Notice 579-1 - It was discovered that QSslSocket did not properly verify SSL certificates. A remote attacker may be able to trick applications using QSslSocket into accepting invalid SSL certificates.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7398 | | Related CVE(s): | CVE-2007-5965 | | Last Modified: | Feb 21 20:09:27 2008 |
| MD5 Checksum: | e64fb040c47d966f10531ee6d2326b61 |
|
| /// File Name: |
USN-580-1.txt |
Description:
|
Ubuntu Security Notice 580-1 - Devon Miller discovered that the iso-info and cd-info tools did not properly perform bounds checking. If a user were tricked into using these tools with a crafted iso image, an attacker could cause a denial of service via a core dump, and possibly execute arbitrary code.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 25549 | | Related CVE(s): | CVE-2007-6613 | | Last Modified: | Feb 21 20:10:06 2008 |
| MD5 Checksum: | 218adfc98f0d062bd360a6c24c3ceeb8 |
|
| /// File Name: |
USN-581-1.txt |
Description:
|
Ubuntu Security Notice 581-1 - It was discovered that PCRE did not correctly handle very long strings containing UTF8 sequences. In certain situations, an attacker could exploit applications linked against PCRE by tricking a user or automated system in processing a malicious regular expression leading to a denial of service or possibly arbitrary code execution.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 14176 | | Related CVE(s): | CVE-2008-0674 | | Last Modified: | Feb 22 02:52:23 2008 |
| MD5 Checksum: | 4dbd038f45013cc12873a363da6b0838 |
|
| /// File Name: |
USN-582-1.txt |
Description:
|
Ubuntu Security Notice 582-1 - It was discovered that Thunderbird did not properly set the size of a buffer when parsing an external-body MIME-type. If a user were to open a specially crafted email, an attacker could cause a denial of service via application crash or possibly execute arbitrary code as the user. Various flaws were discovered in Thunderbird and its JavaScript engine. By tricking a user into opening a malicious message, an attacker could execute arbitrary code with the user's privileges. Various flaws were discovered in the JavaScript engine. By tricking a user into opening a malicious message, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. Gerry Eisenhaur discovered that the chrome URI scheme did not properly guard against directory traversal. Under certain circumstances, an attacker may be able to load files or steal session data. Ubuntu is not vulnerable in the default installation. Flaws were discovered in the BMP decoder. By tricking a user into opening a specially crafted BMP file, an attacker could obtain sensitive information.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 18598 | | Related CVE(s): | CVE-2008-0420, CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0304, CVE-2008-0418 | | Last Modified: | Mar 3 14:33:19 2008 |
| MD5 Checksum: | 34890bd0a0e9cf83e242f860168920b9 |
|
| /// File Name: |
VMSA-2008-0003.txt |
Description:
|
VMware Security Advisory - This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the service console to cause a denial of service or gain privileges. Alin Rad Pop of Secunia Research found a stack buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server. Chris Evans of the Google security research team discovered an integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter.
| | Homepage: | http://www.vmware.com/ | | File Size: | 9595 | | Related CVE(s): | CVE-2007-6015, CVE-2006-7228, CVE-2007-2052, CVE-2007-4965, CVE-2007-4308 | | Last Modified: | Feb 22 02:12:38 2008 |
| MD5 Checksum: | 8d6ba6de591011e681d822a518441843 |
|
| /// File Name: |
vmsplice-vuln.txt |
Description:
|
Multiple vulnerabilities have been discovered in the vmsplice() system call introduced in the Linux 2.6.23 kernel.
| | Author: | Wojciech Purczynski | | File Size: | 3159 | | Last Modified: | Feb 12 14:33:44 2008 |
| MD5 Checksum: | d28e6b0c84519bcbd0969e82b692bd13 |
|
| /// File Name: |
vocera-flaw.txt |
Description:
|
It appears that the Vocera wireless LAN VoIP communicators do not bother to cryptographically confirm the validity of a digital certificate.
| | Author: | George Ou | | File Size: | 1152 | | Last Modified: | Feb 21 20:03:40 2008 |
| MD5 Checksum: | 07818869afcef6ad4f8cf98aa65639cb |
|
| /// File Name: |
wachof.txt |
Description:
|
Foxit Remote Access Server (WAC Server) versions 2.0 Build 3503 and below suffer from telnet option heap overflow and SSH packet heap overflow vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | wachof.zip | | File Size: | 1838 | | Last Modified: | Feb 20 01:18:28 2008 |
| MD5 Checksum: | 2b2d992dc5ce85b671f7e9185f38df74 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
