Section: .. / 0804-advisories /
| /// File Name: |
04.02.08-1.txt |
Description:
|
iDefense Security Advisory 04.02.08 - Remote exploitation of a buffer overflow vulnerability in Borland Software Corp.'s CaliberRM enterprise software requirements management system could allow attackers to execute arbitrary code with SYSTEM level privileges. iDefense confirmed that the trial version of Borland CaliberRM 2006 (file version 9.0.809.000) is vulnerable. The actual vulnerable component is StarTeam Multicast Service 6.4. Other Borland products containing StarTeam Multicast Service component, such as Borland StarTeam, may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4927 | | Related CVE(s): | CVE-2008-0311 | | Last Modified: | Apr 4 18:53:10 2008 |
| MD5 Checksum: | 4e3ea5589c83878f0b1b738b83c55cd6 |
|
| /// File Name: |
04.02.08-2.txt |
Description:
|
iDefense Security Advisory 04.02.08 - Remote exploitation of a buffer overflow vulnerability in an ActiveX control installed by Symantec Norton Internet Security 2008 could allow for the execution of arbitrary code. iDefense confirmed that this vulnerability exists in version 2.7.0.1 of the control that is installed with the 2008 version of Norton Internet Security. Other versions may also be available.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.idefense.com/ | | File Size: | 3584 | | Related CVE(s): | CVE-2008-0312 | | Last Modified: | Apr 4 18:55:41 2008 |
| MD5 Checksum: | a0998a74f1cfaf08d9aee600fca2915b |
|
| /// File Name: |
04.02.08-3.txt |
Description:
|
iDefense Security Advisory 04.02.08 - Remote exploitation of a design error in an ActiveX control installed with Symantec Norton Internet Security 2008 could allow for the execution of arbitrary code. iDefense confirmed that this vulnerability exists in version 2.7.0.1 of the control that is installed with the 2008 version of Norton Internet Security. Other versions may also be available.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3655 | | Related CVE(s): | CVE-2008-0313 | | Last Modified: | Apr 4 18:56:33 2008 |
| MD5 Checksum: | c63a4b10122d61c0886a3797d862f1e5 |
|
| /// File Name: |
04.03.08-1.txt |
Description:
|
iDefense Security Advisory 04.03.08 - Local exploitation of a directory traversal vulnerability within the pkgadd program distributed with SCO Group Inc's UnixWare operating system allows attackers to gain root privileges. iDefense confirmed the existence of this vulnerability within version 7.1.4 of UnixWare with all patches available as of August 27th, 2007 installed. Previous versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3099 | | Related CVE(s): | CVE-2008-0310 | | Last Modified: | Apr 4 19:54:59 2008 |
| MD5 Checksum: | 54a6b6775305fc5d7841e82a9879ee16 |
|
| /// File Name: |
04.03.08-2.txt |
Description:
|
iDefense Security Advisory 04.03.08 - Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates International Inc.'s Alert Notification Service may allow an authenticated attacker to execute arbitrary code with SYSTEM privileges. iDefense confirmed the existence of these vulnerabilities with Computer Associates' Threat Manager for the Enterprise version 8.1. Other products that contain the Alert Notification Service are suspected to be vulnerable as well.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3319 | | Related CVE(s): | CVE-2007-4620 | | Last Modified: | Apr 4 19:55:55 2008 |
| MD5 Checksum: | cc1671ff27d2d45ed90d7e7995b9b75a |
|
| /// File Name: |
04.08.08-1.txt |
Description:
|
iDefense Security Advisory 04.08.08 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Microsoft Help 2.5 ActiveX control allows an attacker to execute arbitrary code with the privileges of the logged-on user. iDefense has confirmed this vulnerability in version 2.05.50727.42 of hxvz.dll, which is installed with Visual Studio 2005.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3697 | | Related CVE(s): | CVE-2008-1086 | | Last Modified: | Apr 8 23:44:24 2008 |
| MD5 Checksum: | 252bf709b78f3aa9cd4974404430f954 |
|
| /// File Name: |
04.08.08-2.txt |
Description:
|
iDefense Security Advisory 04.08.08 - Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed the existence of this vulnerability in Windows 2000 SP4 and Windows XP SP2.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 4393 | | Related CVE(s): | CVE-2008-1083 | | Last Modified: | Apr 8 23:47:33 2008 |
| MD5 Checksum: | 34d30137464d61e601f066344de4ddb9 |
|
| /// File Name: |
04.08.08-3.txt |
Description:
|
iDefense Security Advisory 04.08.08 - Remote exploitation of a heap based buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed the existence of this vulnerability in Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, and Windows Vista.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 4366 | | Related CVE(s): | CVE-2008-1083 | | Last Modified: | Apr 8 23:49:18 2008 |
| MD5 Checksum: | 60f3fc7a671c6778db875e863f646c5d |
|
| /// File Name: |
04.09.08-1.txt |
Description:
|
iDefense Security Advisory 04.09.08 - Remote exploitation of an authentication bypass vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code. Each of the main components of the DiskXtender suite is vulnerable to an authentication bypass vulnerability. Specifically, the authentication code contains a hard-coded login and password. By connecting to the RPC interface, and logging on with these credentials, it is possible to bypass the normal authentication process. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3447 | | Related CVE(s): | CVE-2008-0961 | | Last Modified: | Apr 11 14:48:00 2008 |
| MD5 Checksum: | dbf348e8b2d22a48dd9a267fca454033 |
|
| /// File Name: |
04.09.08-2.txt |
Description:
|
iDefense Security Advisory 04.09.08 - Remote exploitation of a buffer overflow vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code with the privileges of the affected service. The File System Manager is prone to a stack-based buffer overflow vulnerability. When handling requests on the RPC interface with UUID b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly validate the length of a string in the request. By making a specially crafted request, a stack based buffer overflow occurs. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3295 | | Related CVE(s): | CVE-2008-0962 | | Last Modified: | Apr 11 14:48:42 2008 |
| MD5 Checksum: | 6bf48ca72b6e0a4c486fac37e6e7c96a |
|
| /// File Name: |
04.09.08-3.txt |
Description:
|
iDefense Security Advisory 04.09.08 - Remote exploitation of a format string vulnerability in EMC Corp.'s DiskXtender could allow an attacker to execute arbitrary code with the privileges of the affected service. When handling requests on the RPC interface with UUID b157b800-aef5-11d3-ae49-00600834c15f, the service does not properly validate the content of a string in requests. Since this string is passed directly to a formatting function, a format string vulnerability occurs. iDefense confirmed the existence of this vulnerability in DiskXtender version 6.20.060 for Windows. Previous versions may also be affected.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3254 | | Related CVE(s): | CVE-2008-0963 | | Last Modified: | Apr 11 14:49:31 2008 |
| MD5 Checksum: | ab70e4fbca77cf4217be52d72bd24f1c |
|
| /// File Name: |
04.09.08-4.txt |
Description:
|
iDefense Security Advisory 04.09.08 - Local exploitation of a file creation vulnerability in the Administration Server of IBM Corp.'s DB2 Universal Database allows attackers to elevate privileges to root. This vulnerability exists due to unsafe file access from within the db2dasrrm program. When a user starts the DAS, the "db2dasrrm" process is started with root privileges. As part of the initialization, the "dasRecoveryIndex", "dasRecoveryIndex.tmp", ".dasRecoveryIndex.lock", and "dasRecoveryIndex.cor" files are created with root privileges. By removing and re-creating these files as symbolic links, an attacker can create arbitrary files as root. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s DB2 Universal Database 9.1 release with Fix Pack 3 installed on Linux. Other versions are also suspected to be vulnerable.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 4008 | | Related CVE(s): | CVE-2007-5664 | | Last Modified: | Apr 15 22:15:20 2008 |
| MD5 Checksum: | 12426a5c9832c9d2997923db61030702 |
|
| /// File Name: |
04.09.08-5.txt |
Description:
|
iDefense Security Advisory 04.09.08 - Local exploitation of a buffer overflow vulnerability in the db2dasrrm program, as included with IBM Corp.'s DB2 Universal Database, allows attackers to elevate privileges to root. This vulnerability exists due to insufficient validation of the length of the attacker-supplied "DASPROF" environment variable contents. By setting the variable to a specially crafted string, an attacker can cause a buffer overflow when the string is copied into a static-sized buffer stored on the stack. By overflowing the buffer, the attacker can overwrite execution control structures stored on the stack and execute arbitrary code. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s DB2 Universal Database 9.1 with Fix Pack 4 installed on a Linux system. Versions for other supported UNIX-like systems should also be considered vulnerable. All previously released versions are suspected vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4062 | | Related CVE(s): | CVE-2007-5758 | | Last Modified: | Apr 15 22:16:23 2008 |
| MD5 Checksum: | 707b582fccd117b5532fac441a0b1f86 |
|
| /// File Name: |
04.14.08-1.txt |
Description:
|
iDefense Security Advisory 04.14.08 - Remote exploitation of a heap overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists within the code responsible for decompressing sections within a PE binary packed with the PeSpin executable protector. iDefense has confirmed the existence of this vulnerability in ClamAV 0.92.1. Previous versions may also be affected.
| | Author: | Damian Put | | Homepage: | http://www.idefense.com/ | | File Size: | 4920 | | Related CVE(s): | CVE-2008-0314 | | Last Modified: | Apr 15 22:19:13 2008 |
| MD5 Checksum: | 0cff3792678a8d41bb86d0a0066243e0 |
|
| /// File Name: |
04.14.08-2.txt |
Description:
|
iDefense Security Advisory 04.14.08 - Remote exploitation of a heap overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists within the code responsible for reading in sections within a PE binary packed with the WWPack executable compressor. iDefense has confirmed the existence of this vulnerability in ClamAV 0.92.1. Previous versions may also be affected.
| | Author: | Damian Put, Thomas Pollet | | Homepage: | http://www.idefense.com/ | | File Size: | 4038 | | Last Modified: | Apr 15 22:20:03 2008 |
| MD5 Checksum: | 1c921dba4cf8fb44e3d81f7dfc3c50eb |
|
| /// File Name: |
04.15.08-1.txt |
Description:
|
iDefense Security Advisory 04.15.08 - Local exploitation of a design error vulnerability in Oracle Corp.'s Application Express web application development tool allows attackers to gain elevated privileges. The vulnerability exists in "run_ddl" function within the "wwv_execute_immediate" package. This package is included in the "flows_030000" schema. This function allows attackers to execute SQL commands as any database user, such as SYS. iDefense confirmed the existence of this vulnerability in Oracle Application Express version 3.0.1.00.08, which is installed by default with Oracle Database 11g R1 (version 11.1.0.6.0). Previous versions may also be affected. However, Oracle Database 10g R2 does not install Oracle Application Express by default.
| | Author: | Joxean Koret | | Homepage: | http://www.idefense.com/ | | File Size: | 3626 | | Related CVE(s): | CVE-2008-1811 | | Last Modified: | Apr 16 17:56:48 2008 |
| MD5 Checksum: | 1e409ad2d78ffd4cf194be4d198943f6 |
|
| /// File Name: |
04.17.08-1.txt |
Description:
|
iDefense Security Advisory 04.17.08 - Remote exploitation of a heap based buffer overflow vulnerability in OpenOffice.org's OpenOffice, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the importer for files stored using the OLE format. When parsing the "DocumentSummaryInformation" stream, the vulnerable code does not correctly verify the size of a destination buffer before copying data from the file into it. This results in an exploitable heap overflow. iDefense confirmed the existence of this vulnerability in OpenOffice version 2.3.1. Other versions may also be affected.
| | Author: | Marsu | | Homepage: | http://www.idefense.com/ | | File Size: | 3409 | | Related CVE(s): | CVE-2008-0320 | | Last Modified: | Apr 17 18:31:05 2008 |
| MD5 Checksum: | 624877933491e6bd0d3012daf6ac2b07 |
|
| /// File Name: |
04.17.08-2.txt |
Description:
|
iDefense Security Advisory 04.17.08 - Remote exploitation of an integer overflow vulnerability in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the code responsible for parsing the EMR_STRETCHBLT record in an EMF file. This code reads in two 32-bit integers from the file, and then uses them in an arithmetic operation that calculates the number of bytes to allocate for a dynamic buffer. This calculation can overflow, resulting in an insufficiently sized buffer being allocated. Subsequently, this buffer is overflowed with data from the file. iDefense confirmed the existence of this vulnerability in OpenOffice version 2.3. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3470 | | Related CVE(s): | CVE-2007-5746 | | Last Modified: | Apr 17 18:32:20 2008 |
| MD5 Checksum: | 89042174d6abaa20543881003162702f |
|
| /// File Name: |
04.17.08-3.txt |
Description:
|
iDefense Security Advisory 04.17.08 - Remote exploitation of multiple buffer overflow vulnerabilities in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged in user. The first vulnerability occurs when parsing "Attribute" records from the file. Due to a lack of bounds checking during a loop that reads these records, an attacker can trigger a heap overflow by inserting more than 256 records. The second vulnerability is nearly identical to the first one, but involves the "Font Description" record instead of the "Attribute" record.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3803 | | Related CVE(s): | CVE-2007-5745 | | Last Modified: | Apr 17 18:59:21 2008 |
| MD5 Checksum: | a66e4b3978c2bc5122466afa7333419f |
|
| /// File Name: |
04.17.08-4.txt |
Description:
|
iDefense Security Advisory 04.17.08 - Remote exploitation of an integer underflow vulnerability in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the code responsible for converting the QPRO file into an internal representation used by OpenOffice. A 16-bit integer is read in from the file, and later used as a loop counter that controls how many values are stored into local stack buffers. When verifying the value of this counter, the code decrements the counter without checking to see if this operation will underflow. This results in the loop running for many iterations, which leads to a stack based buffer overflow. This allows for the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in OpenOffice version 2.3. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3946 | | Related CVE(s): | CVE-2007-5747 | | Last Modified: | Apr 17 18:36:05 2008 |
| MD5 Checksum: | bb8c108060a98986dc60dc8fba35eb6a |
|
| /// File Name: |
adc_advisories_oracle-dbms.txt |
Description:
|
Oracle provides database export functionality in various modes. One of the export modes is called Direct Path. This mode uses a special protocol message to extract table data rather than SQL queries. Using this special protocol message an attacker can extract information from tables and views to which she has not been granted access. Oracle 9 and 10 versions prior to April 2008 CPU are affected.
| | Homepage: | http://www.imperva.com/adc/ | | File Size: | 3054 | | Last Modified: | Apr 17 18:26:19 2008 |
| MD5 Checksum: | f9051714595d68f50665356d5693d9f1 |
|
| /// File Name: |
akamai-activex.txt |
Description:
|
A security vulnerability has been discovered in versions prior to 2.2.3.5 of Akamai Download Manager. For successful exploitation, this vulnerability requires a user to be convinced to visit a malicious URL put into place by an attacker. This may then lead to an unauthorized download and automatic execution of arbitrary code run within the context of the victim user.
| | Author: | iDefense | | Homepage: | http://www.akamai.com/ | | File Size: | 4350 | | Related CVE(s): | CVE-2007-6339 | | Last Modified: | Apr 30 20:50:51 2008 |
| MD5 Checksum: | b705edaeedc6bd7e8536506f8e8c9491 |
|
| /// File Name: |
AKLINK-SA-2008-002.txt |
Description:
|
Microsoft Outlook has a design flaw that allows outbound HTTP requests to be made via a simple preview of a mail that is S/MIME-signed.
| | Author: | Alexander Klink | | Homepage: | https://www.cynops.de/ | | File Size: | 8413 | | Last Modified: | Apr 1 22:28:05 2008 |
| MD5 Checksum: | 909333355189bb942f90ebc1afc9cc71 |
|
| /// File Name: |
AKLINK-SA-2008-003.txt |
Description:
|
Windows Live Mail has a design flaw that allows outbound HTTP requests to be made via a simple preview of a mail that is S/MIME-signed.
| | Author: | Alexander Klink | | Homepage: | https://www.cynops.de/ | | File Size: | 8444 | | Last Modified: | Apr 1 22:28:49 2008 |
| MD5 Checksum: | aebe873d62162c203765c3b0fa9e8c94 |
|
| /// File Name: |
AKLINK-SA-2008-004.txt |
Description:
|
Microsoft Office 2007 has a design flaw that allows outbound HTTP requests to be made when a document is opened that has a digital signature.
| | Author: | Alexander Klink | | Homepage: | https://www.cynops.de/ | | File Size: | 6602 | | Last Modified: | Apr 1 22:29:37 2008 |
| MD5 Checksum: | 9b1190af4261a5b7d8ef496435f47b40 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
