Section: .. / 0703-advisories /
| /// File Name: |
03.16.07-1.txt |
Description:
|
iDefense Security Advisory 03.16.07 - Remote exploitation of multiple buffer overflow vulnerabilities in libwpd, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code. One problem specifically exists in the WP6GeneralTextPacket::_readContents function. This function reads in a series of integer values and sums them. This sum is then used to allocate a block of memory from the heap. The function then copies data from the file into the buffer using each operand from the addition as the number of bytes to copy. The summing operation leads to an integer overflow, and the buffer can then be overflowed by the copy operations. Two additional problems exist in the WP3TablesGroup::_readContents() and WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup() functions. These functions read an integer value from an attacker supplied file, and uses the value as a loop counter. In the loop a statically sized buffer is filled with arbitrary data from the file. This leads to an exploitable heap overflow. iDefense has confirmed the existence of this vulnerability in libwpd version 0.8.7. Previous versions may also be affected. This library is used by applications such as Abiword, Kword, and Open Office.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3754 | | Related CVE(s): | CVE-2007-0002 | | Last Modified: | Mar 20 16:02:55 2007 |
| MD5 Checksum: | 9d9760e59178eb41935981aabae847cd |
|
| /// File Name: |
n.runs-SA-2007.003.txt |
Description:
|
PHProjekt version 5.2.0 suffers from a SQL injection vulnerability.
| | Author: | Alexios Fakos | | Homepage: | http://www.nruns.com/ | | File Size: | 3742 | | Last Modified: | Mar 20 04:02:16 2007 |
| MD5 Checksum: | 1b6f4d8350d2713a6ef18e077f149916 |
|
| /// File Name: |
USN-436-1.txt |
Description:
|
Ubuntu Security Notice 436-1 - Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3726 | | Related CVE(s): | CVE-2007-1384, CVE-2007-1385 | | Last Modified: | Mar 14 03:09:54 2007 |
| MD5 Checksum: | d8fc06197e1961113b0ab85d1d976242 |
|
| /// File Name: |
MDKSA-2007-056.txt |
Description:
|
Mandriva Linux Security Advisory - Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3709 | | Related CVE(s): | CVE-2007-1218 | | Last Modified: | Mar 9 04:17:57 2007 |
| MD5 Checksum: | 23e9227a2dcc706ff24062c147a89876 |
|
| /// File Name: |
sa24512.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in BrightStor ARCserve Backup, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24512/ | | File Size: | 3702 | | Last Modified: | Mar 17 03:22:27 2007 |
| MD5 Checksum: | 0acc38255d62adbb4627e5652cdaf6f9 |
|
| /// File Name: |
glsa-200703-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-05 - Several vulnerabilities ranging from code execution with elevated privileges to information leaks affect the Mozilla Suite. Versions less than or equal to 1.7.13 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3685 | | Last Modified: | Mar 6 07:26:37 2007 |
| MD5 Checksum: | 9488c354f170da6e9cda12e22fed0989 |
|
| /// File Name: |
03.05.07-1.txt |
Description:
|
iDefense Security Advisory 03.05.07 - Remote exploitation of a heap corruption vulnerability in Apple Computer Inc.'s QuickTime media player could allow an attacker to execute arbitrary commands in the context of the current user. The vulnerability specifically exists in QuickTime players handling of Video media atoms. When the 'Color table ID' field in the Video Sample Description is 0, QuickTime expects a color table to be present immediately after the description. A byte swap process is then performed on the memory following the description, regardless if a table is present or not. Heap corruption will occur in the case when the memory following the description is not part of the heap chunk being processed. iDefense Labs confirmed this vulnerability exists in version 7.1.3 of QuickTime on Windows. Previous versions are suspected to be vulnerable.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 3674 | | Related CVE(s): | CVE-2007-0718 | | Last Modified: | Mar 9 00:27:30 2007 |
| MD5 Checksum: | 54feb9602d6d111ed4418218312eece5 |
|
| /// File Name: |
yahoo-msg.txt |
Description:
|
Yahoo mail services when accessed via Yahoo! messenger are vulnerable to information leakage and authentication bypass which is caused due to improper caching of pages by the browser.
| | Author: | Kishor Datar | | File Size: | 3658 | | Last Modified: | Mar 29 07:55:05 2007 |
| MD5 Checksum: | c1be1240f8410d328795203fce4e74f5 |
|
| /// File Name: |
03.07.07.txt |
Description:
|
iDefense Security Advisory 03.07.07 - Remote exploitation of several ActiveX control buffer overflow vulnerabilities in Ipswitch Inc.'s IMail Server 2006 could allow attackers to execute arbitrary code with the credentials of the user visiting a malicious website. Multiple stack and heap based buffer overflows caused be unsafe strcpy and wsprintf calls could corrupt memory in a way that leads to code execution. iDefense has confirmed this vulnerability in IMail Server 2006.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3646 | | Last Modified: | Mar 9 03:24:20 2007 |
| MD5 Checksum: | 2adcb0140082805996e36e8038b8e9fd |
|
| /// File Name: |
MDKSA-2007-066.txt |
Description:
|
Mandriva Linux Security Advisory - By default, OpenAFS prior to 1.44 and 1.5.17 supports setuid programs within the local cell, which could allow attackers to obtain privileges.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3597 | | Related CVE(s): | CVE-2007-1507 | | Last Modified: | Mar 21 04:15:03 2007 |
| MD5 Checksum: | 8c1f188cb343cd182e3b9e6c07e0d627 |
|
| /// File Name: |
USN-441-1.txt |
Description:
|
Ubuntu Security Notice 441-1 - A flaw was discovered in Squid's handling of the TRACE request method which could lead to a crash. Remote attackers with access to the Squid server could send malicious TRACE requests, and cause a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3580 | | Related CVE(s): | CVE-2007-1560 | | Last Modified: | Mar 27 05:00:28 2007 |
| MD5 Checksum: | 42382dc09fbda524e07c489a924a9da1 |
|
| /// File Name: |
03.02.07.txt |
Description:
|
iDefense Security Advisory 03.02.07 - Remote exploitation of a denial of service (DoS) vulnerability in Kaspersky Lab's Antivirus could allow an attacker to conduct a DoS attack on a targeted host. The antivirus engine is vulnerable to a DoS condition when processing an executable packed with UPX compression. Malformed compressed data causes the decompression routine to enter an infinite loop. Specifically, a negative data offset results in the same compressed data chunk being processed endlessly. iDefense has confirmed the existence of this vulnerability in Kaspersky Labs Antivirus Engine version 6.0.1.411 for Windows and 5.5-10 for Linux. Previous versions may also be affected. Any products that use the scanning engine are also affected, which includes the Kaspersky e-mail gateway scanner.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3561 | | Last Modified: | Mar 6 09:56:37 2007 |
| MD5 Checksum: | abd06d19441a10cf0a0631ab4e99f695 |
|
| /// File Name: |
sa24575.txt |
Description:
|
Secunia Security Advisory - Fedora has acknowledged a security issue, which can be exploited by malicious users to gain knowledge of sensitive information.
| | Homepage: | http://secunia.com/advisories/24575/ | | File Size: | 3551 | | Last Modified: | Mar 20 16:05:29 2007 |
| MD5 Checksum: | 65acb8c7e4ea1b6b94c7dc5d895cbcbf |
|
| /// File Name: |
03.14.07-1.txt |
Description:
|
iDefense Security Advisory 03.14.07 - Remote exploitation of a divide by zero error in Trend Micro AntiVirus may allow attackers to cause a denial of service. The vulnerability exists in the kernel driver, VsapiNT.sys. This driver is responsible for scanning various file formats for malicious content. The code that parses UPX files takes an integer value from an attacker supplied file and uses it as a divisor. This results in a divide by zero error in kernel mode. This causes a kernel fault resulting in a blue screen of death (BSOD). iDefense has confirmed the existence of this vulnerability in Trend Micro AntiVirus version 14.10.1041, engine version 8.320.1003. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3527 | | Last Modified: | Mar 20 04:28:42 2007 |
| MD5 Checksum: | a8a4894d3b7deab3e2f1b8c739d2db42 |
|
| /// File Name: |
sa24406.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for thunderbird. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24406/ | | File Size: | 3497 | | Last Modified: | Mar 8 01:54:52 2007 |
| MD5 Checksum: | 77dd3e846df5d223a4269d606e8f91a0 |
|
| /// File Name: |
03.23.07-2.txt |
Description:
|
iDefense Security Advisory 03.23.07 - Remote exploitation of a design error vulnerability in Sun Microsystems Inc.'s Java System Directory Server 5.2 may cause a denial of service (DoS) condition. Due to a design error in the clean-up code following certain types of failed queries, it is possible to cause the server to call the free() function on an address obtained from uninitialized memory. This can result in an invalid memory reference leading to denial of service. iDefense has confirmed Sun Java System Directory Server 5.2 Directory Server 5.2 2005Q4 is affected by this vulnerability. Previous versions are also suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3456 | | Related CVE(s): | CVE-2006-4175 | | Last Modified: | Mar 24 03:06:07 2007 |
| MD5 Checksum: | b26c06cca2e2250afd1b18efa83ab2b3 |
|
| /// File Name: |
03.28.07-2.txt |
Description:
|
iDefense Security Advisory 03.28.07 - Remote exploitation of a heap overflow vulnerability in the LDAP component of IBM Corp.'s Lotus Domino Server 7.0.1 may allow a remote attacker to cause denial of service or execute arbitrary code. When a malformed request is made to the LDAP component of a Lotus Domino Enterprise Server, a heap overflow can be triggered. The vulnerability specifically exists in the handling of strings larger than 65535 bytes. When a string longer than this value is encountered, the service allocates memory using only the lower 16-bits of the string length. Since the entire string is subsequently copied into the newly allocated buffer, a heap-overflow occurs. This vulnerability has been confirmed to exist within versions 7.0.1 and 7.0.1.1 the Directory Service (LDAP) component of Lotus Domino Server.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3439 | | Last Modified: | Mar 29 08:23:56 2007 |
| MD5 Checksum: | 8aa117e485430eecd0ea8755e3b22dc2 |
|
| /// File Name: |
sa24599.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for openafs. This fixes a vulnerability, which can be exploited by malicious users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24599/ | | File Size: | 3425 | | Last Modified: | Mar 22 02:31:03 2007 |
| MD5 Checksum: | b305d0a39920b1c7fbb1bd6dfc326ef0 |
|
| /// File Name: |
eportfolio10-multi.txt |
Description:
|
ePortfolio version 1.0 suffers from java related input validation vulnerabilities.
| | Author: | Stefan Friedli | | Homepage: | http://www.scip.ch/ | | File Size: | 3400 | | Last Modified: | Mar 9 00:22:22 2007 |
| MD5 Checksum: | f53eaf2b962ec6930e6f137e8d1d547b |
|
| /// File Name: |
n.runs-SA-2007.006.txt |
Description:
|
PHProjekt version 5.2.0 suffers from a privilege escalation vulnerability.
| | Author: | Alexios Fakos | | Homepage: | http://www.nruns.com/ | | File Size: | 3392 | | Last Modified: | Mar 20 04:04:46 2007 |
| MD5 Checksum: | 66dd131430a93cb420337e9ab18cbb4c |
|
| /// File Name: |
sa24696.txt |
Description:
|
Secunia Security Advisory - ThE dE@Th has discovered several vulnerabilities in Kaqoo Auction Software Free Edition, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24696/ | | File Size: | 3386 | | Last Modified: | Apr 2 04:42:23 2007 |
| MD5 Checksum: | e7a9aef069e642a04e32d111941573e8 |
|
| /// File Name: |
sa24359.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24359/ | | File Size: | 3372 | | Last Modified: | Mar 8 01:54:52 2007 |
| MD5 Checksum: | 0ef5ee01f4a94de2aaf40644fbe9be90 |
|
| /// File Name: |
sa24407.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for gnupg and gpgme. This fixes a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions when applications use GnuPG in an insecure manner.
| | Homepage: | http://secunia.com/advisories/24407/ | | File Size: | 3367 | | Last Modified: | Mar 13 01:30:19 2007 |
| MD5 Checksum: | f23f388aec7a74d847bf02daef920975 |
|
| /// File Name: |
sa24508.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Interstage Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/24508/ | | File Size: | 3366 | | Last Modified: | Mar 20 03:46:32 2007 |
| MD5 Checksum: | 3f85a8b6d97618cc6dc35299454aceb2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
