Section: .. / 0701-advisories /
| /// File Name: |
USN-407-1.txt |
Description:
|
Ubuntu Security Notice 407-1 - Liu Qishuai discovered a buffer overflow in the /proc parsing routines in libgtop. By creating and running a process in a specially crafted long path and tricking an user into running gnome-system-monitor, an attacker could exploit this to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7330 | | Last Modified: | Jan 15 22:13:22 2007 |
| MD5 Checksum: | e6b8ce5ead25be798a85307172385e7e |
|
| /// File Name: |
sa23588.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for w3m. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23588/ | | File Size: | 7323 | | Last Modified: | Jan 3 18:45:45 2007 |
| MD5 Checksum: | 7e7889c357314d0933b949d73705e653 |
|
| /// File Name: |
dsa-1248-1.txt |
Description:
|
Debian Security Advisory 1248-1 - Roland Lezuo and Josselin Mouette discovered that the libsoup HTTP library performs insufficient sanitizing when parsing HTTP headers, which might lead to denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 7312 | | Related CVE(s): | CVE-2006-5876 | | Last Modified: | Jan 13 20:05:32 2007 |
| MD5 Checksum: | 32c1a2838b83eedbbb78902ad3106ac2 |
|
| /// File Name: |
sa23833.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), overwrite arbitrary files, or gain escalated privileges, and by malicious people to cause a DoS.
| | Homepage: | http://secunia.com/advisories/23833/ | | File Size: | 7196 | | Last Modified: | Jan 19 19:09:28 2007 |
| MD5 Checksum: | 4b51cd26600aac145daef3f609028108 |
|
| /// File Name: |
SSRT061289.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running IPFilter in combination with PHNE_34474. The vulnerability could be exploited by a remote unauthorized user to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 7175 | | Last Modified: | Jan 19 20:53:03 2007 |
| MD5 Checksum: | da0124f2df8de6870a87d0ad1b624e30 |
|
| /// File Name: |
sa23776.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for mono. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges, and by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/23776/ | | File Size: | 7164 | | Last Modified: | Jan 15 20:56:26 2007 |
| MD5 Checksum: | a3b4203d2dadf207bbe25a4b90ec9501 |
|
| /// File Name: |
TA07-017A.txt |
Description:
|
Technical Cyber Security Alert TA07-017A - Oracle has released patches to address numerous vulnerabilities in different Oracle products. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 7135 | | Last Modified: | Jan 19 20:25:41 2007 |
| MD5 Checksum: | 328f37f91a4a0f569310a812317ad0c3 |
|
| /// File Name: |
sa23921.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for squid. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23921/ | | File Size: | 7129 | | Last Modified: | Jan 26 20:46:45 2007 |
| MD5 Checksum: | 22f6492e073bb5f077f85b577997e862 |
|
| /// File Name: |
sa23770.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for libsoup. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23770/ | | File Size: | 6939 | | Last Modified: | Jan 15 20:56:26 2007 |
| MD5 Checksum: | c12d6a48835575495e1f2d3526797352 |
|
| /// File Name: |
sa23727.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for mono. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/23727/ | | File Size: | 6907 | | Last Modified: | Jan 15 20:56:26 2007 |
| MD5 Checksum: | 928d7889c276f492220a013580934320 |
|
| /// File Name: |
USN-414-1.txt |
Description:
|
Ubuntu Security Notice 414-1 - David Duncan Ross Palmer and Henrik Nordstrom discovered that squid incorrectly handled special characters in FTP URLs. Remote users with access to squid could crash the server leading to a denial of service. Erick Dantas Rotole and Henrik Nordstrom discovered that squid could end up in an endless loop when exhausted of available external ACL helpers. Remote users with access to squid could cause CPU starvation, possibly leading to a denial of service. This does not affect a default Ubuntu installation, since external ACL helpers must be configured and used.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6812 | | Related CVE(s): | CVE-2007-0247, CVE-2007-0248 | | Last Modified: | Jan 26 22:04:03 2007 |
| MD5 Checksum: | 6fc3f283654dd2781fc2b61734798aa0 |
|
| /// File Name: |
USN-399-1.txt |
Description:
|
Ubuntu Security Notice 399-1 - A format string vulnerability was discovered in w3m. If a user were tricked into visiting an HTTPS URL protected by a specially crafted SSL certificate, an attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6722 | | Last Modified: | Jan 3 22:05:50 2007 |
| MD5 Checksum: | d3330a8eb70f1c734ff416f7b236bd8f |
|
| /// File Name: |
MITKRB5-SA-2006-002.txt |
Description:
|
MIT krb5 Security Advisory 2006-002 - The Kerberos administration daemon, "kadmind", can execute arbitrary code by calling through a function pointer located in freed memory. This vulnerability results from bugs in the server-side portion of the RPC library. Third-party server applications written using the RPC library provided with MIT krb5 may also be vulnerable.
| | Homepage: | http://web.mit.edu/ | | File Size: | 6594 | | Related CVE(s): | CVE-2006-6143 | | Last Modified: | Jan 13 18:09:08 2007 |
| MD5 Checksum: | 1867d707069ae4cb9ef850803d38994e |
|
| /// File Name: |
MDKSA-2007-003.txt |
Description:
|
Mandriva Linux Security Advisory - The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6281 | | Related CVE(s): | CVE-2006-6870 | | Last Modified: | Jan 13 17:50:35 2007 |
| MD5 Checksum: | 364fffd615a57fbb8ea2473c274c3209 |
|
| /// File Name: |
SSRT071290.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with HP Jetdirect running ftp. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 6137 | | Last Modified: | Jan 19 22:33:53 2007 |
| MD5 Checksum: | fed8320e215d7d4653023b9dc47b7404 |
|
| /// File Name: |
01.09.07-1.txt |
Description:
|
iDefense Security Advisory - Remote exploitation of an integer overflow vulnerability in the Vector Markup Language (VML) support in multiple Microsoft products allows attackers to execute arbitrary code within the context of the user running the vulnerable application. This vulnerability exists due to insufficient input validation within vgx.dll. Two integer properties are multiplied together and no overflow check is performed. This could allow an attacker to force a memory allocation of a smaller amount of memory than is required. When copying user supplied data into the newly allocated memory, it is possible to overwrite a function pointer stored on the heap, which leads to the execution of arbitrary code. iDefense testing shows that Internet Explorer 6.0 bundled with Windows XP SP2 with all available security patches is vulnerable. Other versions of Internet Explorer, including those with all security updates applied, are also vulnerable. Older versions of Internet Explorer may also vulnerable.
| | Author: | Joseph Moti | | Homepage: | http://www.idefense.com/ | | File Size: | 6051 | | Related CVE(s): | CVE-2007-0024 | | Last Modified: | Jan 13 18:11:44 2007 |
| MD5 Checksum: | f543d3cdd73135d2005868db2ff261af |
|
| /// File Name: |
USN-405-1.txt |
Description:
|
Ubuntu Security Notice 405-1 - It was discovered that fetchmail did not correctly require TLS negotiation in certain situations. This would result in a user's unencrypted password being sent across the network.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6008 | | Related CVE(s): | CVE-2006-5867 | | Last Modified: | Jan 13 19:20:15 2007 |
| MD5 Checksum: | b039672e263aba36609eb3f55e19073d |
|
| /// File Name: |
NETRAGARD-20061218.txt |
Description:
|
Netragard, L.L.C Advisory - It is possible to take control of an @Mail webmail email account by exploiting a Cross Site Request Forgery (XRSF) vulnerability in the @Mail webmail product. An attacker can send a specially crafted email to any @Mail webmail user with a forged "img" tag. This forged tag, if crafted properly, will inject new settings into the @Mail webmail users account. Version 4.51 is susceptible.
| | Homepage: | http://www.netragard.com | | File Size: | 5963 | | Last Modified: | Jan 26 22:50:51 2007 |
| MD5 Checksum: | 629b483b68e10bb70a63d9f54125e278 |
|
| /// File Name: |
tmvwall381v3_adv.txt |
Description:
|
A local buffer overflow vulnerability in the VSAPI library in Trend Micro VirusWall version 3.81 on Linux allows arbitrary code execution and leads to privilege escalation.
| | Author: | Sebastian Wolfgarten | | Related Exploit: | tmvwall381v3_exp.c | | File Size: | 5957 | | Last Modified: | Jan 26 23:11:35 2007 |
| MD5 Checksum: | 5582921034a6813c8c086f44b44ca424 |
|
| /// File Name: |
MDKSA-2007-030.txt |
Description:
|
Mandriva Linux Security Advisory - The use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context." ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5936 | | Related CVE(s): | CVE-2007-0493, CVE-2007-0494 | | Last Modified: | Jan 30 22:59:17 2007 |
| MD5 Checksum: | d06c0a7f871f388b7272710bf3a0e971 |
|
| /// File Name: |
sa21694.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered some vulnerabilities and a security issue in The Address Book, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting, cross-site request forgery, script insertion, and SQL injection attacks, disclose sensitive information, and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21694/ | | File Size: | 5771 | | Last Modified: | Jan 3 18:45:45 2007 |
| MD5 Checksum: | 5792648af03bec5fdf5af10d57c7b84e |
|
| /// File Name: |
TA07-024A.txt |
Description:
|
Technical Cyber Security Alert TA07-024A - Several vulnerabilities have been discovered in Cisco's Internet Operating System (IOS). A remote attacker may be able to execute arbitrary code on an affected device, cause an affected device to reload the operating system, or cause other types of denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 5750 | | Last Modified: | Jan 26 22:04:59 2007 |
| MD5 Checksum: | a3986b01c3509b58b598386c774f329e |
|
| /// File Name: |
sa23758.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for XFree86 and Xorg. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/23758/ | | File Size: | 5748 | | Last Modified: | Jan 15 20:56:26 2007 |
| MD5 Checksum: | 677207072553e99d495e3713d1239c52 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
