Section: .. / 0612-advisories /
| /// File Name: |
11.27.06-1.txt |
Description:
|
iDefense Security Advisory 11.27.06 - Remote exploitation of a design error in Horde's Kronolith could allow an authenticated web mail user to execute arbitrary PHP code under the security context of the running Web server. iDefense has confirmed that versions 2.0.1 through 2.1.3 of Horde Kronolith are vulnerable to this issue. Other versions are also likely to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3430 | | Last Modified: | Dec 6 03:41:50 2006 |
| MD5 Checksum: | 019813eb7c05e9a2f3c80f4848f5a617 |
|
| /// File Name: |
11.30.06-1.txt |
Description:
|
iDefense Security Advisory 11.30.06 - Remote exploitation of a heap overflow vulnerability in libgsf, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code. iDefense has confirmed the existence of this vulnerability in version 1.14.0 of the Gnome Structured File library. Any applications or libraries that utilize this library for OLE should be considered vulnerable.
| | Author: | infamous41md | | Homepage: | http://www.idefense.com/ | | File Size: | 3466 | | Related CVE(s): | CVE-2006-4514 | | Last Modified: | Dec 6 04:42:27 2006 |
| MD5 Checksum: | efebacbf57f8445ba77f81bdc4f0c27e |
|
| /// File Name: |
12.01.06-1.txt |
Description:
|
iDefense Security Advisory 12.01.06 - Remote exploitation of an integer overflow vulnerability in Novell Inc.'s ZENworks Asset Management could potentially allow an attacker to execute arbitrary code with SYSTEM privileges on Windows or root on the various supported UNIX based operating systems. A heap overflow may occur when processing specially crafted packets sent to the Collection Client daemon. The root cause of this vulnerability is identical to that of the vulnerability in Msg.dll. For more information please consult the Msg.dll advisory. iDefense has confirmed the existence of this vulnerability in version 7.0.0.36 of the CClient.exe and Msg.dll files included with Novell Inc's ZENworks Asset Management 7.0 SP1. Older versions are suspected to be vulnerable as well.
| | Author: | Eric Detoisien | | Homepage: | http://www.idefense.com/ | | File Size: | 3388 | | Last Modified: | Dec 6 05:33:40 2006 |
| MD5 Checksum: | 91d9d7d9e35835f25ada4534818b2fed |
|
| /// File Name: |
12.01.06-2.txt |
Description:
|
iDefense Security Advisory 12.01.06 - Remote exploitation of an integer overflow vulnerability in Novell Inc.'s ZENworks Asset Management could potentially allow an attacker to execute arbitrary code with the privileges of the administrator. A heap overflow may occur when processing specially crafted packets sent to the Task Server or Collection Server daemons. This problem specifically exists due to an integer overflow when allocating memory for remotely supplied data. iDefense has confirmed the existence of this vulnerability in version 7.0.0.36 of the CClient.exe and Msg.dll files included with Novell Inc's ZENworks Asset Management 7.0 SP1. Older versions are suspected to be vulnerable as well.
| | Author: | Eric Detoisien | | Homepage: | http://www.idefense.com/ | | File Size: | 3425 | | Last Modified: | Dec 6 05:34:27 2006 |
| MD5 Checksum: | 2dfccfa987262d75eab3c906f69f8a21 |
|
| /// File Name: |
12.08.06-1.txt |
Description:
|
iDefense Security Advisory 12.08.06 - Remote exploitation of a denial of service vulnerability in Multiple Vendors' Antivirus engines allows an attacker to cause the engines to consume excessive resources. The affected vendors' scan engines are vulnerable to a DoS attack when scanning specially malformed RAR archives. Specifically, the malformed archives will have the head_size and pack_size fields set to zero in Archive Header section. When such a file is encountered, the affected scan engines will enter an infinite loop. Confirmed systems affected: Sophos Small business edition (Windows/Linux) 4.06.1 with engine version 2.34.3. Trend Micro PC Cillin - Internet Security 2006. Trend Micro Office Scan 7.3. Trend Micro Server Protect 5.58.
| | Author: | Titon, Damian Put | | Homepage: | http://www.idefense.com/ | | File Size: | 4710 | | Related CVE(s): | CVE-2006-5645 | | Last Modified: | Dec 11 16:45:33 2006 |
| MD5 Checksum: | 5c0000a6d35f7f12401a74a547016533 |
|
| /// File Name: |
12.08.06-2.txt |
Description:
|
iDefense Security Advisory 12.08.06 - Sophos AntiVirus Engine is vulnerable to a Memory Corruption vulnerability when scanning malformed CHM archives. This memory corruption vulnerability can be triggered when Sophos Antivirus engine scans a malformed CHM file which has a large name length specified in a CHM chunk header. Affected includes Sophos Small business edition (Linux) product version 4.06.1 and engine version 2.34.3.
| | Author: | Damian Put | | Homepage: | http://www.idefense.com/ | | File Size: | 3289 | | Related CVE(s): | CVE-2006-5647 | | Last Modified: | Dec 11 16:47:03 2006 |
| MD5 Checksum: | 1b7f4f23ff6d7e3952f59e7327585d13 |
|
| /// File Name: |
12.08.06-3.txt |
Description:
|
iDefense Security Advisory 12.08.06 - Sophos AntiVirus Engine is vulnerable to a Heap Overflow attack when scanning malformed CHM archives. Specifically, if the CHM file has a Window_size of 0 set in a LZX decompression header then memory corruption will occur. Sophos Antivirus for Linux product version 4.03 and engine version 4.05 are affected.
| | Author: | Damian Put | | Homepage: | http://www.idefense.com/ | | File Size: | 3098 | | Related CVE(s): | CVE-2006-5646 | | Last Modified: | Dec 11 16:48:35 2006 |
| MD5 Checksum: | 69c008e6faa57caf714a10cd1017f259 |
|
| /// File Name: |
12.12.06-1.txt |
Description:
|
iDefense Security Advisory 12.12.06 - Local exploitation of a buffer overflow vulnerability in ld.so could potentially allow a non root user to execute arbitrary code as root. iDefense has confirmed that Solaris 10 for both x86 and SPARC is vulnerable. Older versions of Solaris are likely to be vulnerable as well.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 5388 | | Last Modified: | Dec 15 09:59:41 2006 |
| MD5 Checksum: | ac1761d2572b44e616c2ffe2f2101f37 |
|
| /// File Name: |
12.12.06-2.txt |
Description:
|
iDefense Security Advisory 12.12.06 - Local exploitation of a directory traversal vulnerability in ld.so could potentially allow a non root user to execute arbitrary code as root. iDefense has confirmed that Solaris 10 for both x86 and SPARC is vulnerable. It is speculated that older versions of Solaris are vulnerable as well.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3882 | | Last Modified: | Dec 15 10:01:38 2006 |
| MD5 Checksum: | ca8e1ff30728bf31c6ffdc63bf0606d1 |
|
| /// File Name: |
12.14.06.txt |
Description:
|
iDefense Security Advisory 12.14.06 - Local exploitation of a format string vulnerability in GNOME Foundation's GNOME Display Manager host chooser window (gdmchooser) could allow an unauthenticated attacker to execute arbitrary code on the affected system. This vulnerability has been confirmed to exist in the gdm-2.14.1-1 RPM from Red Hat Fedora Core 5. The vulnerability was introduced into the gdmchooser.c file in version 1.78 of gdm2/gui/gdmchooser.c in the GNOME CVS source code repository.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4634 | | Last Modified: | Dec 15 10:45:51 2006 |
| MD5 Checksum: | c41bb0c0525fc266875bc6551d1e38e3 |
|
| /// File Name: |
12.23.06-1.txt |
Description:
|
iDefense Security Advisory 12.23.06 - Remote exploitation of a buffer overflow vulnerability in Novell Inc.'s NetMail IMAP daemon allows authenticated attackers to execute arbitrary code with the privileges of the underlying user. Once logged in, attackers can execute the "subscribe" command with an overly long argument string to overflow a stack based buffer. iDefense has confirmed the existence of the vulnerability in version 3.52d of Novell NetMail. It is suspected that earlier versions of NetMail are also affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 2775 | | Last Modified: | Dec 28 01:12:55 2006 |
| MD5 Checksum: | c7bfe1c2293897723242c8f286179170 |
|
| /// File Name: |
12.23.06-2.txt |
Description:
|
iDefense Security Advisory 12.23.06 - Remote exploitation of a Denial of Service vulnerability in Novell Netmail 3.52 could allow an authenticated attacker the ability to crash the imapd server. Novell NetMail can be made to crash by sending an APPEND command with a single '(' character as an argument. iDefense has confirmed the existence of this vulnerability in the IMAPD server of Novell NetMail 3.52d and 3.52e. Older versions are suspected to be vulnerable as well.
| | Homepage: | http://www.idefense.com/ | | File Size: | 2705 | | Last Modified: | Dec 28 01:14:49 2006 |
| MD5 Checksum: | 9389a476e0e96d0b5d898c6f642f92d8 |
|
| /// File Name: |
advisory-20061204-1.txt |
Description:
|
KDE Security Advisory - The OLE import filter, which is used in KPresenter to open Microsoft Powerpoint files is vulnerable to an integer overflow problem that can be exploited to expose an heap memory overflow. This issue was reported by Kees Cook from Ubuntu security. KOffice versions 1.4.x and 1.6.0 are affected.
| | Homepage: | http://www.kde.org/ | | File Size: | 1128 | | Related CVE(s): | CVE-2006-6120 | | Last Modified: | Dec 6 07:34:37 2006 |
| MD5 Checksum: | c18e632bb7ac947a47aa6c2371282695 |
|
| /// File Name: |
allied-flaw.txt |
Description:
|
The Allied Telesis AT-9000/24 ethernet switch management has a flaw where it can be accessed from all VLANs.
| | Author: | Pasi Sjoholm | | File Size: | 2333 | | Last Modified: | Dec 22 00:07:32 2006 |
| MD5 Checksum: | 8a108bf0e0f95fc1c4e373314957a90c |
|
| /// File Name: |
aol-screen.txt |
Description:
|
The AOL ScreenName website suffered from phishing and redirection attacks.
| | Author: | Zeroknock | | File Size: | 1051 | | Last Modified: | Dec 6 03:36:07 2006 |
| MD5 Checksum: | 3e1d7995e19aa683c9c5a01ea2679ce9 |
|
| /// File Name: |
barracude-uulib.txt |
Description:
|
Further research has been performed against the Barracuda Convert-UUlib library buffer overflow.
| | Author: | Jean-Sebastien Guay-Leroux | | File Size: | 3650 | | Related CVE(s): | CVE-2005-1349 | | Last Modified: | Dec 6 08:01:04 2006 |
| MD5 Checksum: | 0317d42592e8a5ff205667efc5ae7cf7 |
|
| /// File Name: |
cahierdetexte22-bypass.txt |
Description:
|
Cahier de texte version 2.2 suffers from a bypass vulnerability.
| | Author: | DarkFig | | File Size: | 2881 | | Last Modified: | Dec 28 01:22:12 2006 |
| MD5 Checksum: | d2b6fff5a50354bedcd1c932aff31d6a |
|
| /// File Name: |
CAID-34846.txt |
Description:
|
CAID 34846 - CA BrightStor ARCserve Backup contains a buffer overflow that allows remote attackers to execute arbitrary code with local SYSTEM privileges on Windows. This issue affects the BrightStor Backup Discovery Service in multiple BrightStor ARCserve Backup application agents and the Base product.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 3341 | | Related CVE(s): | CVE-2006-6379 | | Last Modified: | Dec 9 00:08:00 2006 |
| MD5 Checksum: | 8de71a296de6c70c131d297bdf14a0b4 |
|
| /// File Name: |
caid-34870.txt |
Description:
|
Multiple instances of improper handling of NULL buffers in CA Anti-Virus allow local attackers to cause a denial of service condition. This issue affects only consumer CA Anti-Virus products.
| | Author: | Ken Williams | | Homepage: | http://ca.com/catalk.htm | | File Size: | 3266 | | Last Modified: | Dec 14 21:35:07 2006 |
| MD5 Checksum: | 263be2e3b35d09d31bb9a82e2e464ab6 |
|
| /// File Name: |
CAID-34876.txt |
Description:
|
CAID 34876 - CA CleverPath Portal and other CA solutions that embed Portal technology contain a session verification vulnerability.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 5236 | | Last Modified: | Dec 22 01:27:02 2006 |
| MD5 Checksum: | c9aa7f4a6d99dd533dcedb00dfb05c4a |
|
| /// File Name: |
coolplayer215.txt |
Description:
|
Coolplayer versions 215 and below suffer from multiple boundary error conditions.
| | Author: | Mehdi Oudad, Kevin Fernandez | | File Size: | 1540 | | Last Modified: | Dec 15 10:20:26 2006 |
| MD5 Checksum: | 3c17a0866c9560a8020efea41428345d |
|
| /// File Name: |
CORE-2006-1127.txt |
Description:
|
Core Security Technologies Advisory - A locally exploitable stack overflow vulnerability has been found in the mod_ctrls module of ProFTPD server. ProFTPD versions 1.3.0a and 1.3.0 are affected.
| | Author: | Alfredo Ortega | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 8433 | | Last Modified: | Dec 15 10:27:03 2006 |
| MD5 Checksum: | 6096a9dd5e3ec88cb5749723f3b93f9c |
|
| /// File Name: |
CYBSEC-Arbitrary.txt |
Description:
|
CYBSEC Security Advisory - A specially crafted HTTP request can remove any file located in SAP IGS file-system. SAP IGS versions 6.40 Patchlevel 16 and below and 7.00 Patchlevel 6 and below are affected.
| | Author: | Mariano Nunez Di Croce | | Homepage: | http://www.cybsec.com | | File Size: | 3196 | | Last Modified: | Dec 6 07:50:01 2006 |
| MD5 Checksum: | d57a01a5b3d05aaf6ecec121dbb72fec |
|
| /// File Name: |
CYBSEC-SAP-IGS.txt |
Description:
|
CYBSEC Security Advisory - Undocumented features have been discovered in SAP IGS service, some of which may signify security risks. SAP IGS versions 6.40 Patchlevel 15 and below and 7.00 Patchlevel 3 and below are affected.
| | Author: | Mariano Nunez Di Croce | | Homepage: | http://www.cybsec.com | | File Size: | 3173 | | Last Modified: | Dec 6 07:48:57 2006 |
| MD5 Checksum: | ed52b8035c0c9f2625fff8c9fbdacce2 |
|
| /// File Name: |
dada-shared.txt |
Description:
|
Due to a poor regular expression in FilesMatch in DadaIMC, arbitrary files can be uploaded and executed as PHP code.
| | Author: | Hagbard Celine | | File Size: | 1769 | | Last Modified: | Dec 11 17:24:10 2006 |
| MD5 Checksum: | eb64bc954fa9e25b1e44de0aa989a3b1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
