Section: .. / 0703-advisories /
| /// File Name: |
02.27.07-1.txt |
Description:
|
iDefense Security Advisory 02.27.07 - Computer Associates eTrust Intrusion Detection is susceptible to a denial of service condition during key length validation. iDefense has confirmed this vulnerability in Computer Associates eTrust Intrusion Detection version 3.0.5.57. Other versions are suspected vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3299 | | Related CVE(s): | CVE-2007-1005 | | Last Modified: | Mar 6 05:15:55 2007 |
| MD5 Checksum: | 3782103db7e6d2c6d3e94970cac75966 |
|
| /// File Name: |
03.02.07.txt |
Description:
|
iDefense Security Advisory 03.02.07 - Remote exploitation of a denial of service (DoS) vulnerability in Kaspersky Lab's Antivirus could allow an attacker to conduct a DoS attack on a targeted host. The antivirus engine is vulnerable to a DoS condition when processing an executable packed with UPX compression. Malformed compressed data causes the decompression routine to enter an infinite loop. Specifically, a negative data offset results in the same compressed data chunk being processed endlessly. iDefense has confirmed the existence of this vulnerability in Kaspersky Labs Antivirus Engine version 6.0.1.411 for Windows and 5.5-10 for Linux. Previous versions may also be affected. Any products that use the scanning engine are also affected, which includes the Kaspersky e-mail gateway scanner.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3561 | | Last Modified: | Mar 6 09:56:37 2007 |
| MD5 Checksum: | abd06d19441a10cf0a0631ab4e99f695 |
|
| /// File Name: |
03.05.07-1.txt |
Description:
|
iDefense Security Advisory 03.05.07 - Remote exploitation of a heap corruption vulnerability in Apple Computer Inc.'s QuickTime media player could allow an attacker to execute arbitrary commands in the context of the current user. The vulnerability specifically exists in QuickTime players handling of Video media atoms. When the 'Color table ID' field in the Video Sample Description is 0, QuickTime expects a color table to be present immediately after the description. A byte swap process is then performed on the memory following the description, regardless if a table is present or not. Heap corruption will occur in the case when the memory following the description is not part of the heap chunk being processed. iDefense Labs confirmed this vulnerability exists in version 7.1.3 of QuickTime on Windows. Previous versions are suspected to be vulnerable.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 3674 | | Related CVE(s): | CVE-2007-0718 | | Last Modified: | Mar 9 00:27:30 2007 |
| MD5 Checksum: | 54feb9602d6d111ed4418218312eece5 |
|
| /// File Name: |
03.07.07.txt |
Description:
|
iDefense Security Advisory 03.07.07 - Remote exploitation of several ActiveX control buffer overflow vulnerabilities in Ipswitch Inc.'s IMail Server 2006 could allow attackers to execute arbitrary code with the credentials of the user visiting a malicious website. Multiple stack and heap based buffer overflows caused be unsafe strcpy and wsprintf calls could corrupt memory in a way that leads to code execution. iDefense has confirmed this vulnerability in IMail Server 2006.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3646 | | Last Modified: | Mar 9 03:24:20 2007 |
| MD5 Checksum: | 2adcb0140082805996e36e8038b8e9fd |
|
| /// File Name: |
03.14.07-1.txt |
Description:
|
iDefense Security Advisory 03.14.07 - Remote exploitation of a divide by zero error in Trend Micro AntiVirus may allow attackers to cause a denial of service. The vulnerability exists in the kernel driver, VsapiNT.sys. This driver is responsible for scanning various file formats for malicious content. The code that parses UPX files takes an integer value from an attacker supplied file and uses it as a divisor. This results in a divide by zero error in kernel mode. This causes a kernel fault resulting in a blue screen of death (BSOD). iDefense has confirmed the existence of this vulnerability in Trend Micro AntiVirus version 14.10.1041, engine version 8.320.1003. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3527 | | Last Modified: | Mar 20 04:28:42 2007 |
| MD5 Checksum: | a8a4894d3b7deab3e2f1b8c739d2db42 |
|
| /// File Name: |
03.15.07-1.txt |
Description:
|
iDefense Security Advisory 03.15.07 - Local exploitation of an input processing vulnerability within Horde Project's Horde and IMP allows attackers to delete arbitrary files. This vulnerability specifically exists due to the improper handling of the output from an execution of find(1). The output from find(1) is passed directly to a "for X in Y; do" as the Y value. Since the Y value is delimited by spaces, the for loop will process files containing spaces in their path as separate files. An attacker can create a file path containing spaces to manipulate the output from find(1).
| | Homepage: | http://www.idefense.com/ | | File Size: | 3824 | | Last Modified: | Mar 20 05:56:48 2007 |
| MD5 Checksum: | 37895c99333e5f22c5409a1ca8d7816f |
|
| /// File Name: |
03.16.07-1.txt |
Description:
|
iDefense Security Advisory 03.16.07 - Remote exploitation of multiple buffer overflow vulnerabilities in libwpd, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code. One problem specifically exists in the WP6GeneralTextPacket::_readContents function. This function reads in a series of integer values and sums them. This sum is then used to allocate a block of memory from the heap. The function then copies data from the file into the buffer using each operand from the addition as the number of bytes to copy. The summing operation leads to an integer overflow, and the buffer can then be overflowed by the copy operations. Two additional problems exist in the WP3TablesGroup::_readContents() and WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup() functions. These functions read an integer value from an attacker supplied file, and uses the value as a loop counter. In the loop a statically sized buffer is filled with arbitrary data from the file. This leads to an exploitable heap overflow. iDefense has confirmed the existence of this vulnerability in libwpd version 0.8.7. Previous versions may also be affected. This library is used by applications such as Abiword, Kword, and Open Office.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3754 | | Related CVE(s): | CVE-2007-0002 | | Last Modified: | Mar 20 16:02:55 2007 |
| MD5 Checksum: | 9d9760e59178eb41935981aabae847cd |
|
| /// File Name: |
03.23.07-1.txt |
Description:
|
iDefense Security Advisory 03.23.07 - Remote exploitation of a password bypass vulnerability in DataRescue Inc.'s IDA Pro Remote Debugger Server allows attackers to execute arbitrary code under the context of the user who is running the remote debugger server. iDefense has confirmed the existence of this vulnerability in the remote debugger server for Windows and Linux from IDA Pro versions 5.0 and 5.1. It is suspected that the MacOS X version and earlier versions are also affected.
| | Author: | enhalos | | Homepage: | http://www.idefense.com/ | | File Size: | 3994 | | Last Modified: | Mar 24 03:05:08 2007 |
| MD5 Checksum: | 4e0caef6b3f01e800f6daff9d177c1e6 |
|
| /// File Name: |
03.23.07-2.txt |
Description:
|
iDefense Security Advisory 03.23.07 - Remote exploitation of a design error vulnerability in Sun Microsystems Inc.'s Java System Directory Server 5.2 may cause a denial of service (DoS) condition. Due to a design error in the clean-up code following certain types of failed queries, it is possible to cause the server to call the free() function on an address obtained from uninitialized memory. This can result in an invalid memory reference leading to denial of service. iDefense has confirmed Sun Java System Directory Server 5.2 Directory Server 5.2 2005Q4 is affected by this vulnerability. Previous versions are also suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3456 | | Related CVE(s): | CVE-2006-4175 | | Last Modified: | Mar 24 03:06:07 2007 |
| MD5 Checksum: | b26c06cca2e2250afd1b18efa83ab2b3 |
|
| /// File Name: |
03.28.07-2.txt |
Description:
|
iDefense Security Advisory 03.28.07 - Remote exploitation of a heap overflow vulnerability in the LDAP component of IBM Corp.'s Lotus Domino Server 7.0.1 may allow a remote attacker to cause denial of service or execute arbitrary code. When a malformed request is made to the LDAP component of a Lotus Domino Enterprise Server, a heap overflow can be triggered. The vulnerability specifically exists in the handling of strings larger than 65535 bytes. When a string longer than this value is encountered, the service allocates memory using only the lower 16-bits of the string length. Since the entire string is subsequently copied into the newly allocated buffer, a heap-overflow occurs. This vulnerability has been confirmed to exist within versions 7.0.1 and 7.0.1.1 the Directory Service (LDAP) component of Lotus Domino Server.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3439 | | Last Modified: | Mar 29 08:23:56 2007 |
| MD5 Checksum: | 8aa117e485430eecd0ea8755e3b22dc2 |
|
| /// File Name: |
03.28.07.txt |
Description:
|
iDefense Security Advisory 03.28.07 - Remote exploitation of a cross-site scripting vulnerability in IBM Lotus Domino Web Access allows attackers to execute arbitrary script code in a targeted users browser. The vulnerability specifically exists due to improper HTML filtering of e-mail message contents. Although Web Access attempts to filter out HTML and script code, certain code sequences will bypass the filters and successfully execute JavaScript. iDefense has confirmed that Lotus Domino Web Access 7.0 is vulnerable. Earlier versions are suspected vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3152 | | Related CVE(s): | CVE-2006-4843 | | Last Modified: | Mar 29 08:23:03 2007 |
| MD5 Checksum: | c98de655a9e1663189d5fba0586928d6 |
|
| /// File Name: |
03.29.07-1.txt |
Description:
|
iDefense Security Advisory 03.29.07 - Remote exploitation of a input validation vulnerability in IBM Corp.'s Lotus Sametime allows attackers to execute arbitrary code in the context of the user viewing a malicious web page. The problem specifically exists in the STJNILoader.ocx component of IBM Corp.'s Lotus Sametime product. This ActiveX control is safe for scripting and exports a LoadLibrary function that does not properly sanitize input. iDefense has confirmed that this vulnerability is present in IBM Corp.'s Lotus Sametime STJNILoader.ocx version 3.1.0.26.
| | Author: | Andrew Christensen | | Homepage: | http://www.idefense.com/ | | File Size: | 4033 | | Last Modified: | Apr 2 23:28:54 2007 |
| MD5 Checksum: | d2a6b72234e867756deaf189de4faed8 |
|
| /// File Name: |
advisory-20070326-1.txt |
Description:
|
KDE Security Advisory - The KDE FTP ioslave parses the host address in the PASV response of a FTP server response. mark from bindshell.net pointed out that this could be exploited via JavaScript for automated port scanning. It was not possible to demonstrate the vulnerability via JavaScript with Konqueror from KDE 3.5.x. However, other scenarios are possible. Systems affected are KDE up to and including KDE version 3.5.6.
| | Homepage: | http://www.kde.org/ | | File Size: | 1470 | | Related CVE(s): | CVE-2007-1564 | | Last Modified: | Mar 28 18:01:27 2007 |
| MD5 Checksum: | e41d0dae2db60f0e276e0faac260dac9 |
|
| /// File Name: |
aol-dos.txt |
Description:
|
AOL has recently been made aware of a denial of service condition that exists in early versions of the AOL 9.0 client software.
| | Author: | Justin Seitz | | File Size: | 1027 | | Last Modified: | Apr 2 23:22:03 2007 |
| MD5 Checksum: | 0711cb74c450ea2d89b5fb1cc01a6f05 |
|
| /// File Name: |
asterisk-dos.txt |
Description:
|
The Asterisk PBX is susceptible to a remote denial of service vulnerability via a specially crafted INVITE message. Affected versions include 1.2.14, 1.2.15, 1.2.16, 1.4.1, and possibly earlier versions.
| | Author: | Radu State, Humberto J. Abdelnur, Olivier Festor | | File Size: | 20694 | | Last Modified: | Mar 20 16:59:44 2007 |
| MD5 Checksum: | aca5dd7b214659a519b7584fe9303a83 |
|
| /// File Name: |
blackberry-dos.txt |
Description:
|
A vulnerability has been discovered that could impact upon the availability of the BlackBerry 8100 Wireless handheld version 4.2.0.51.
| | Author: | Michael Kemp | | Homepage: | http://www.clappymonkey.com | | File Size: | 1133 | | Last Modified: | Mar 14 03:00:38 2007 |
| MD5 Checksum: | f397fc522258233fb850e781e638abac |
|
| /// File Name: |
CAID-35145.txt |
Description:
|
The CA eTrust Admin GINA component contains a privilege escalation vulnerability within the reset password interface. This vulnerability is exploitable only through physical interactive access or through Remote Desktop. Affected products include eTrust Admin 8.1 SP2 (8.1.2), eTrust Admin 8.1 SP1 (8.1.1), and eTrust Admin 8.1 (8.1.0).
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 3216 | | Related OSVDB(s): | 32722 | | Related CVE(s): | CVE-2007-1345 | | Last Modified: | Mar 9 04:26:54 2007 |
| MD5 Checksum: | c6562cb4f6cf0c40deb50930f24bdb74 |
|
| /// File Name: |
cisco-sa-20070228-nam.txt |
Description:
|
Cisco Security Advisory - Cisco Catalyst 6000, 6500 series and Cisco 7600 series that have a Network Analysis Module installed are vulnerable to an attack, which could allow an attacker to gain complete control of the system. Only Cisco Catalyst systems that have a NAM on them are affected. This vulnerability affects systems that run Internetwork Operating System (IOS) or Catalyst Operating System (CatOS).
| | Homepage: | http://www.cisco.com/ | | File Size: | 19056 | | Last Modified: | Mar 6 05:25:18 2007 |
| MD5 Checksum: | 44eeb78f88fddd0c6fe4d8626f26a436 |
|
| /// File Name: |
cisco-sa-20070328-voip.txt |
Description:
|
Cisco Security Advisory - Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) contain multiple vulnerabilities which may result in the failure of CUCM or CUPS functionality, resulting in a Denial of Service (DoS) condition. There are no workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers.
| | Homepage: | http://www.cisco.com/ | | File Size: | 17281 | | Last Modified: | Mar 29 08:56:59 2007 |
| MD5 Checksum: | 1b50992d840f1049b2eaca81708c20ac |
|
| /// File Name: |
cisco-xss.txt |
Description:
|
Fourteen different Cisco applications suffer from a cross site scripting vulnerability in their help system.
| | Author: | cassio | | File Size: | 1663 | | Last Modified: | Mar 20 05:57:55 2007 |
| MD5 Checksum: | ea8b77a5e05660af0a11a01b1ccaf78f |
|
| /// File Name: |
comodo-bypass.txt |
Description:
|
Comodo Firewall Pro (former Comodo Personal Firewall) stores some of its internal settings in the registry key HKLM\SYSTEM\Software\Comodo\Personal Firewall. This key is protected by Comodo drivers such that other applications are not able to change the settings. This protection can be bypassed if very special conditions are met.
| | Homepage: | http://www.matousec.com/ | | Related Exploit: | BTP00001P005CF.zip | | File Size: | 1294 | | Last Modified: | Mar 6 06:22:57 2007 |
| MD5 Checksum: | 4b82edf086020945d71a792b7b57c18f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
