Section: .. / 0608-advisories /
| /// File Name: |
sa21436.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in Heimdal, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/21436/ | | File Size: | 2885 | | Last Modified: | Aug 9 20:40:54 2006 |
| MD5 Checksum: | d14a2fdc68b73123537d90ba60eeb68e |
|
| /// File Name: |
sa21472.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Backup Exec, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21472/ | | File Size: | 2881 | | Last Modified: | Aug 17 00:44:27 2006 |
| MD5 Checksum: | e68fa60c9d9a5a074f7d9a753cbdea57 |
|
| /// File Name: |
mcafee-linux1.txt |
Description:
|
The Linux kernel is susceptible to a locally exploitable flaw which may allow local users to gain root privileges and execute arbitrary code at kernel privilege level. Versions affected include 2.4.23 through 2.4.32, 2.6 up to and including 2.6.17.7.
| | Author: | Wei Wang | | Homepage: | http://www.mcafee.com/ | | File Size: | 2879 | | Last Modified: | Aug 27 19:51:03 2006 |
| MD5 Checksum: | 0cebc5ef3a993b9cdc35b82e0c3c6b71 |
|
| /// File Name: |
glsa-200608-23.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-23 - Yan Rong Ge discovered that the peel_netstring() function in cl_netstring.c does not validate the length parameter of user input, which can lead to an out-of-bounds memory access when processing certain Heartbeat messages. Furthermore an unspecified local DoS issue was fixed. Versions less than 2.0.7 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2860 | | Related CVE(s): | CVE-2006-3121, CVE-2006-3815 | | Last Modified: | Aug 27 20:25:38 2006 |
| MD5 Checksum: | f09b81c0273defe3fd1215c44243264a |
|
| /// File Name: |
sa21258.txt |
Description:
|
Secunia Security Advisory - Greg Sinclair has reported a vulnerability and a security issue in Barracuda Spam Firewall, which can be exploited by malicious people to bypass certain security restrictions and disclose various information.
| | Homepage: | http://secunia.com/advisories/21258/ | | File Size: | 2859 | | Last Modified: | Aug 2 23:35:36 2006 |
| MD5 Checksum: | 7eb49673195930a1a44bdadd137de969 |
|
| /// File Name: |
sa21628.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Java System Content Delivery Server, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/21628/ | | File Size: | 2859 | | Last Modified: | Aug 26 20:18:48 2006 |
| MD5 Checksum: | d088a1b4eff3ec6abd7b625c7b6f7b51 |
|
| /// File Name: |
MDKSA-2006-140.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-140 - Tavis Ormandy, of the Google Security Team, discovered that ncompress, when uncompressing data, performed no bounds checking, which could allow a specially crafted datastream to underflow a .bss buffer with attacker controlled data.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 2854 | | Related CVE(s): | CVE-2006-1168 | | Last Modified: | Aug 26 20:56:07 2006 |
| MD5 Checksum: | 7fae5c55618f254e0c79c41da1c45510 |
|
| /// File Name: |
MU-200608-01.txt |
Description:
|
A remote stack buffer overflow condition in Asterisk's MGCP implementation could allow for arbitrary code execution. The vulnerable code is triggered with the use of a malformed AUEP (audit endpoint) response message. A second issue exists in the handling of file names sent to the Record() application which could lead to arbitrary code execution via a format string attack or arbitrary file-overwrite via directory traversal techniques. The impact of this vulnerability is minimal, however, as it requires an administrator to use a client-controlled variable as part of the filename. Asterisk versions 1.0.0 through 1.2.10 are affected.
| | Author: | Mu Security research team | | Homepage: | http://labs.musecurity.com/ | | File Size: | 2849 | | Last Modified: | Aug 27 19:59:09 2006 |
| MD5 Checksum: | 3405904e50aa9f70f1d70da48e2cecd0 |
|
| /// File Name: |
sa21400.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for mantis. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/21400/ | | File Size: | 2847 | | Last Modified: | Aug 9 20:40:54 2006 |
| MD5 Checksum: | d7b5c7a1be5f3b304d440f8557655e11 |
|
| /// File Name: |
sa21660.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for multiple packages. This fixes some security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/21660/ | | File Size: | 2834 | | Last Modified: | Aug 29 12:55:20 2006 |
| MD5 Checksum: | bbcf42ded70c0a82adb9888773ffb59a |
|
| /// File Name: |
sa21506.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in MySQL, which can be exploited by malicious users to bypass certain security restrictions and perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/21506/ | | File Size: | 2831 | | Last Modified: | Aug 18 00:12:30 2006 |
| MD5 Checksum: | deb851a5822e802cbd4c2a1e7d88b718 |
|
| /// File Name: |
sa21223.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Symantec Brightmail AntiSpam, which can be exploited by malicious people to cause a DoS (Denial of Service) and overwrite or read sensitive information.
| | Homepage: | http://secunia.com/advisories/21223/ | | File Size: | 2821 | | Last Modified: | Aug 2 04:14:26 2006 |
| MD5 Checksum: | a7ec6995cddfab18eb26e09d1f1e2fa8 |
|
| /// File Name: |
dsa-1147-1.txt |
Description:
|
Debian Security Advisory 1147-1 - Ayman Hourieh discovered that Drupal, a dynamic website platform, performs insufficient input sanitizing in the user module, which might lead to cross-site scripting.
| | Homepage: | http://www.debian.org/security | | File Size: | 2815 | | Related CVE(s): | CVE-2006-4002 | | Last Modified: | Aug 26 20:54:39 2006 |
| MD5 Checksum: | 24a337793321b63e9afafa2dc798ba26 |
|
| /// File Name: |
sa21197.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Apache HTTP Server, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21197/ | | File Size: | 2813 | | Last Modified: | Aug 2 04:14:26 2006 |
| MD5 Checksum: | 39c21f3003793ebd929a4ae3d939ccee |
|
| /// File Name: |
sa21261.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for libwmf. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the vulnerable library.
| | Homepage: | http://secunia.com/advisories/21261/ | | File Size: | 2813 | | Last Modified: | Aug 2 04:14:26 2006 |
| MD5 Checksum: | 719962a4ccaa62ede842a3baf3177221 |
|
| /// File Name: |
glsa-200608-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-15 - Unchecked calls to setuid() in krshd and v4rcp, as well as unchecked calls to seteuid() in kftpd and in ksu, have been found in the MIT Kerberos 5 program suite and may lead to a local root privilege escalation. Versions less than 1.4.3-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2799 | | Last Modified: | Aug 26 21:38:56 2006 |
| MD5 Checksum: | dabe3a31dcdc17dbdb0e04a912b6c973 |
|
| /// File Name: |
sa21500.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/21500/ | | File Size: | 2798 | | Last Modified: | Aug 18 00:12:30 2006 |
| MD5 Checksum: | 988686d984d1e6a884d19f4679a376f0 |
|
| /// File Name: |
sa21553.txt |
Description:
|
Secunia Security Advisory - Philipp Niedziela has discovered some vulnerabilities in Sonium Enterprise Adressbook, which can be exploited by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21553/ | | File Size: | 2780 | | Last Modified: | Aug 26 20:18:48 2006 |
| MD5 Checksum: | ab98f414aada7778416966aff8f8271e |
|
| /// File Name: |
glsa-200607-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-13 - Luigi Auriemma has found that the adplug library fails to verify the size of the destination buffers in the unpacking instructions, resulting in various possible heap and buffer overflows. Versions less than 1.1.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2775 | | Last Modified: | Aug 17 01:09:54 2006 |
| MD5 Checksum: | 4376d909d137c5adf832cf7091026c9e |
|
| /// File Name: |
sa21248.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for sitebar. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/21248/ | | File Size: | 2774 | | Last Modified: | Aug 2 04:14:26 2006 |
| MD5 Checksum: | 97f3504bba5966f328c4c554b67215dc |
|
| /// File Name: |
glsa-200608-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-12 - x11vnc includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as Type 1 - None (GLSA-200608-05). x11vnc will accept this security type, even if it is not offered by the server. Versions less than 0.8.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2772 | | Last Modified: | Aug 18 01:14:50 2006 |
| MD5 Checksum: | 0978f6ac52f8d89e2d343e0d676ecb8f |
|
| /// File Name: |
glsa-200608-22.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-22 - Toth Andras has discovered a typographic mistake in the fbgs script, shipped with fbida if the fbcon and pdf USE flags are both enabled. This script runs gs without the -dSAFER option, thus allowing a PostScript file to execute, delete or create any kind of file on the system. Versions less than 2.03-r4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2771 | | Last Modified: | Aug 27 19:59:43 2006 |
| MD5 Checksum: | 0b2f5466ba21d3dff057b1c3bae40f88 |
|
| /// File Name: |
sa21254.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for freeciv. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21254/ | | File Size: | 2768 | | Last Modified: | Aug 2 04:14:26 2006 |
| MD5 Checksum: | 7483838a7c60da84c6c23dfb01b9fed2 |
|
| /// File Name: |
sa21631.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP response smuggling attacks, disclose sensitive information and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21631/ | | File Size: | 2768 | | Last Modified: | Aug 28 23:00:37 2006 |
| MD5 Checksum: | b197c050ec080c2809ac2752b09f4610 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
