Section: .. / 0609-advisories /
| /// File Name: |
MDKSA-2006-161.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-161 - Daniel Bleichenbacher recently described an attack on PKCS #1 version 1.5 signatures where an RSA key with a small exponent used could be vulnerable to forgery of a PKCS #1 version 1.5 signature signed by that key. Any software using OpenSSL to verify X.509 certificates is potentially vulnerable to this issue, as well as any other use of PKCS #1 version 1.5, including software uses OpenSSL for SSL or TLS.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 5035 | | Related CVE(s): | CVE-2006-4339 | | Last Modified: | Sep 7 05:27:43 2006 |
| MD5 Checksum: | 779e310851570485664d412935a7d63e |
|
| /// File Name: |
dsa-1163-1.txt |
Description:
|
Debian Security Advisory 1163-1 - Michael Gehring discovered several potential out-of-bounds index accesses in gtetrinet, a multiplayer Tetris-like game, which may allow a remove server to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4939 | | Related CVE(s): | CVE-2006-3125 | | Last Modified: | Sep 7 01:37:31 2006 |
| MD5 Checksum: | 3f7120d33067b196d049a83ea17a0be6 |
|
| /// File Name: |
dsa-1176-1.txt |
Description:
|
Debian Security Advisory 1176-1 - It was discovered that the Zope web application server does not disable the csv_table directive in web pages containing ReST markup, allowing the exposure of files readable by the Zope server.
| | Homepage: | http://www.debian.org/security | | File Size: | 4917 | | Related CVE(s): | CVE-2006-4684 | | Last Modified: | Sep 14 03:34:06 2006 |
| MD5 Checksum: | 68d5b3e476bc948e88823aa2abbc23a7 |
|
| /// File Name: |
sa21953.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for zope2.7. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/21953/ | | File Size: | 4856 | | Last Modified: | Sep 21 19:56:25 2006 |
| MD5 Checksum: | ff2710d12154a0c39227c493ba644569 |
|
| /// File Name: |
sa21704.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gtetrinet. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21704/ | | File Size: | 4817 | | Last Modified: | Sep 1 04:31:54 2006 |
| MD5 Checksum: | a9eaa9098338644aa1d57157acb19751 |
|
| /// File Name: |
sa21905.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for isakmpd. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/21905/ | | File Size: | 4787 | | Last Modified: | Sep 14 18:28:53 2006 |
| MD5 Checksum: | 7d4a2b7bb67c12e84bd2001e1005d981 |
|
| /// File Name: |
sa21759.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for cheesetracker. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21759/ | | File Size: | 4771 | | Last Modified: | Sep 6 02:32:48 2006 |
| MD5 Checksum: | 993f8975c2067adfd388c0985342ed34 |
|
| /// File Name: |
sa21873.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for openssl096. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/21873/ | | File Size: | 4722 | | Last Modified: | Sep 12 18:17:26 2006 |
| MD5 Checksum: | d261d3e3a0a27014be03c71a230accf1 |
|
| /// File Name: |
dsa-1166-1.txt |
Description:
|
Debian Security Advisory 1166-1 - Luigi Auriemma discovered a buffer overflow in the loading component of cheesetracker, a sound module tracking program, which could allow a maliciously constructed input file to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4713 | | Related CVE(s): | CVE-2006-3814 | | Last Modified: | Sep 7 03:50:19 2006 |
| MD5 Checksum: | a3b6d83d1b9f551af12cf58f2abb87cb |
|
| /// File Name: |
sa22034.txt |
Description:
|
Secunia Security Advisory - Debian has issued an updated for gzip. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22034/ | | File Size: | 4696 | | Last Modified: | Sep 21 19:56:25 2006 |
| MD5 Checksum: | 036235dba3adc21e57ebc664a9a416ef |
|
| /// File Name: |
09.12.06-3.txt |
Description:
|
iDefense Security Advisory 09.12.06 - Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. The vulnerability specifically exists in the 'CIDAFM()' function of the code responsible for handling AFM (Adobe Font Metrics) files. The number of character metrics is obtained from the "StartCharMetrics" line of an AFM file and that value is then multiplied by the size of a single character metric record in order to calculate the space required to store the metrics. If the result of the multiplication is larger than the largest value that can be held in an integer, the amount actually allocated will be much smaller. Following this, the function attempts to read as many metric records as were specified on the line into that memory. As the contents of the file can be specified by a local user, and as the function will stop reading if an error is detected in the input, a controlled heap overflow may occur which may allow the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in the X.org server version 6.8.2. Analysis of the source code for the current versions of the X.org and XFree86 servers indicates that current versions of both are vulnerable. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4644 | | Related CVE(s): | CAN-2006-3740 | | Last Modified: | Sep 13 05:36:58 2006 |
| MD5 Checksum: | 97c66e62c52c4ccea06aaf8bd119ac58 |
|
| /// File Name: |
pandais.txt |
Description:
|
Panda Platinum Internet Security 2006/2007 suffers from multiple vulnerabilities. Insecure file permissions allow an unprivileged local user the ability to obtain system-level access or access to account of another logged on user. Insecure design of the spam filtering control engine allows remote attackers to control bayesian self learning spam filtering process using a malicious web page.
| | Author: | 3APA3A | | Homepage: | http://www.security.nnov.ru/ | | File Size: | 4629 | | Last Modified: | Sep 8 02:01:28 2006 |
| MD5 Checksum: | 158853187b3ce76c37ca3fe25fac646b |
|
| /// File Name: |
lotusTimeout.txt |
Description:
|
In Lotus Domino Web Access (DWA) version 7.0.1, the session token used to identify the user (called "LtpaToken") is not invalidated on the server upon user logout. The cookie is removed from the browser, but the token continues to be recognized by the server until a configurable expiration time is reached.
| | Author: | Dave Ferguson | | Homepage: | http://www.fishnetsecurity.com/ | | File Size: | 4611 | | Last Modified: | Sep 13 05:02:53 2006 |
| MD5 Checksum: | c875c84c8696e9e399187085105cf96d |
|
| /// File Name: |
scip-2555.txt |
Description:
|
scip AG Vulnerability ID 2555 (09/21/2006) Sun Secure Global Desktop prior 4.3 multiple remote vulnerabilities
| | Homepage: | https://sgddemo.sun.com/ | | File Size: | 4604 | | Last Modified: | Oct 2 18:11:03 2006 |
| MD5 Checksum: | 7098aa6085d0290daa91bcffb066fc80 |
|
| /// File Name: |
sa21906.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct man-in-the-middle, spoofing, and cross-site scripting attacks, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21906/ | | File Size: | 4453 | | Last Modified: | Sep 15 21:17:17 2006 |
| MD5 Checksum: | 8e5adc8b276a1ba5d33a3c43eba95db9 |
|
| /// File Name: |
MDKSA-2006-166.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-166: verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4365 | | Last Modified: | Sep 26 15:58:55 2006 |
| MD5 Checksum: | 3ec6900d539d69ab2170eca859cde3c1 |
|
| /// File Name: |
sa22101.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for gzip. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22101/ | | File Size: | 4357 | | Last Modified: | Sep 27 17:00:00 2006 |
| MD5 Checksum: | 954cc331d7e2325ec679622a4495a590 |
|
| /// File Name: |
dsa-1165-1.txt |
Description:
|
Debian Security Advisory 1165-1 - Lionel Elie Mamane discovered a security vulnerability in capi4hylafax, tools for faxing over a CAPI 2.0 device, that allows remote attackers to execute arbitrary commands on the fax receiving system.
| | Homepage: | http://www.debian.org/security | | File Size: | 4335 | | Related CVE(s): | CVE-2006-3126 | | Last Modified: | Sep 7 03:05:53 2006 |
| MD5 Checksum: | ca6e43250bce8c0a042c5cccd794d08c |
|
| /// File Name: |
CAID-34616.txt |
Description:
|
CAID 34616, 34617, 34618: CA eTrust Security Command Center and eTrust Audit vulnerabilities
| | Homepage: | http://www3.ca.com/securityadvisor/ | | File Size: | 4284 | | Last Modified: | Oct 2 18:59:10 2006 |
| MD5 Checksum: | 31c8181be157b2538ea7ecf9e3c526d5 |
|
| /// File Name: |
sa22029.txt |
Description:
|
Secunia Security Advisory - Tan Chew Keong has reported some vulnerabilities in Neon WebMail for Java, which can be exploited by malicious users to manipulate and disclose sensitive information, and conduct script insertion and SQL injection attacks, and by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22029/ | | File Size: | 4270 | | Last Modified: | Sep 21 19:56:25 2006 |
| MD5 Checksum: | fea768e59fbf626506e0e5cf5401a8c1 |
|
| /// File Name: |
Blojsom.txt |
Description:
|
Blojsom 2.3.1 suffers from a cross site scripting vulnerability.
| | Author: | p3rlhax | | File Size: | 4265 | | Last Modified: | Sep 14 19:01:35 2006 |
| MD5 Checksum: | e9d9fb985b675726b11bef0865a34600 |
|
| /// File Name: |
MDKSA-2006-156.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-156 - Moritz Jodeit discovered a vulnerability in sendmail when processing very long header lines that could be exploited to cause a Denial of Service by crashing sendmail.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4265 | | Related CVE(s): | CVE-2006-4434 | | Last Modified: | Sep 7 01:51:39 2006 |
| MD5 Checksum: | a60a68c04f694436ad4dfed1a78ff00c |
|
| /// File Name: |
MDKSA-2006-163.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-163 - A vulnerability in BIND was discovered where it did not sufficiently verify particular requests and responses from other name servers and users. This could be exploited by sending a specially crafted packet to crash the name server.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4194 | | Related CVE(s): | CVE-2006-4095, CVE-2006-4096 | | Last Modified: | Sep 8 21:58:25 2006 |
| MD5 Checksum: | 30afe88037aaea41e21ff1edc9fe7b91 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
