Section: .. / 0704-advisories /
| /// File Name: |
MITKRB5-SA-2007-003.txt |
Description:
|
MIT krb5 Security Advisory 2007-003 - The MIT krb5 Kerberos administration daemon (kadmind) is vulnerable to a double-free attack in the RPCSEC_GSS authentication flavor of the RPC library, which itself results from a bug in the GSS-API library. Under some error conditions, the krb5 GSS-API mechanism can free a buffer which an application may then free again. This may result in arbitrary code execution. Third-party applications using the GSS-API library provided with MIT krb5 may also be vulnerable. Exploitation of double-free bugs is believed to be difficult. This is a bug in the GSS-API library included with MIT krb5, which is used by kadmind and by some third-party applications. It is not a bug in the Kerberos protocol.
| | Homepage: | http://web.mit.edu/ | | File Size: | 5528 | | Related CVE(s): | CVE-2007-1216 | | Last Modified: | Apr 4 20:09:38 2007 |
| MD5 Checksum: | e13181a17d363e4d308695a65e436cfe |
|
| /// File Name: |
TA07-093B.txt |
Description:
|
Technical Cyber Security Alert TA07-093B - The MIT Kerberos 5 implementation contains several vulnerabilities. One of these vulnerabilities (VU#220816) could allow a remote, unauthenticated attacker to log in via telnet (23/tcp) with elevated privileges. The other vulnerabilities (VU#704024, VU#419344) could allow a remote, authenticated attacker to execute arbitrary code on a Key Distribution Center (KDC).
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 5481 | | Last Modified: | Apr 4 22:03:39 2007 |
| MD5 Checksum: | 38ca86561f393d1c03131f539d97b99d |
|
| /// File Name: |
sa24785.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS or compromise a vulnerable system and by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/24785/ | | File Size: | 5348 | | Last Modified: | Apr 7 15:35:58 2007 |
| MD5 Checksum: | b03bbb49304fc36ffe590c606160a57b |
|
| /// File Name: |
MITKRB5-SA-2007-001.txt |
Description:
|
MIT krb5 Security Advisory 2007-001 - The MIT krb5 telnet daemon (telnetd) allows unauthorized login as an arbitrary user, when presented with a specially crafted username. Exploitation of this vulnerability is trivial.
| | Homepage: | http://web.mit.edu/ | | File Size: | 5340 | | Related CVE(s): | CVE-2007-0956 | | Last Modified: | Apr 4 20:07:02 2007 |
| MD5 Checksum: | 97b9ab99466f4830aeeaac2bae9ad4f9 |
|
| /// File Name: |
dsa-1275-1.txt |
Description:
|
Debian Security Advisory 1275-1 - A cross-site scripting vulnerability in zope, a web application server, could allow an attacker to inject arbitrary HTML and/or JavaScript into the victim's web browser. This code would run within the security context of the web browser, potentially allowing the attacker to access private data such as authentication cookies, or to affect the rendering or behavior of zope web pages.
| | Homepage: | http://www.debian.org/security | | File Size: | 5253 | | Related CVE(s): | CVE-2007-0240 | | Last Modified: | Apr 4 18:41:22 2007 |
| MD5 Checksum: | 2f86de82e9ea1a1f1c50c699ebcb6594 |
|
| /// File Name: |
MDKSA-2007-076.txt |
Description:
|
Mandriva Linux Security Advisory - A bug was discovered in KJS where UTF8 decoding did not reject overlong sequences. This vulnerability is similar to that discovered by Andreas Nolden in QT3 and QT4, but at this current time there is no known exploit for this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5056 | | Related CVE(s): | CVE-2007-0242 | | Last Modified: | Apr 4 22:06:52 2007 |
| MD5 Checksum: | efa29c977c0aaffa8d5ed0ec28984068 |
|
| /// File Name: |
dsa-1278-1.txt |
Description:
|
Debian Security Advisory 1278-1 - A buffer overflow has been discovered in the man command that could allow an attacker to execute code as the man user by providing specially crafted arguments to the -H flag. This is likely to be an issue only on machines with the man and mandb programs installed setuid.
| | Homepage: | http://www.debian.org/security | | File Size: | 5019 | | Related CVE(s): | CVE-2006-4250 | | Last Modified: | Apr 7 20:55:31 2007 |
| MD5 Checksum: | e606532640cf05baa6b7bcd9bd4e9e31 |
|
| /// File Name: |
04.10.07-1.txt |
Description:
|
iDefense Security Advisory 04.10.07 - Remote exploitation of a buffer overflow vulnerability in the Universal Plug-and-Play (UPnP) component of Microsoft Windows could allow an attacker to execute code in the context of the vulnerable service. The vulnerability specifically exists in the handling of HTTP headers sent to the UPnP control point as part of a request or notification. Because it processes certain fields without checking if there is enough storage space, a malicious request may cause a stack-based buffer overflow, potentially resulting in code execution.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 4866 | | Related CVE(s): | CVE-2007-1204 | | Last Modified: | Apr 11 00:49:54 2007 |
| MD5 Checksum: | d3f3aeb459678c191f6ad6d63656eb56 |
|
| /// File Name: |
CAID-35198-35276.txt |
Description:
|
CA BrightStor ARCserve Backup Media Server contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4768 | | Related OSVDB(s): | 34126,34127 | | Related CVE(s): | CVE-2007-1785, CVE-2007-2139 | | Last Modified: | May 2 19:53:33 2007 |
| MD5 Checksum: | 836fb8b03fb3f4e770291a868d924eb8 |
|
| /// File Name: |
04.03.07-1.txt |
Description:
|
iDefense Security Advisory 04.03.07 - Remote exploitation of a design error in certain kernel GDI functions in multiple versions of Microsoft Corp.'s Windows operating system may allow an attacker to cause a denial of service condition. During testing of the MS06-001 WMF (Windows Metafile) vulnerability, a flaw was found in the handling of WMF files. This flaw can cause the kernel to perform a bug check, also known as a "blue screen" or system crash, when it tries to parse the file. The cause of this bug check is an attempt by a function in a kernel system call to read a value obtained by dereferencing an offset into a kernel structure. This value had been previously created and then reset by previous system calls, and at the point it is accessed it does not contain a valid memory reference. This results in an access violation error, which in turn triggers the bug check. This vulnerability is different from both the Microsoft MS06-001 WMF vulnerability and the MS05-053 WMF vulnerability and is not fixed by either of these patches.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 4758 | | Related CVE(s): | CVE-2007-1211 | | Last Modified: | Apr 4 18:51:14 2007 |
| MD5 Checksum: | 3ac9834c0e713667c5071757fe38e31a |
|
| /// File Name: |
TA07-093A.txt |
Description:
|
Technical Cyber Security Alert TA07-093A - Microsoft has released updates to address vulnerabilities in the way that Microsoft Windows handles image files. A fix for the animated cursor buffer overflow vulnerability (VU#191609) is included in these updates.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4741 | | Last Modified: | Apr 4 20:43:07 2007 |
| MD5 Checksum: | 154470f1462d501d8f8d467611e45aaa |
|
| /// File Name: |
sa24713.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for zope2.7. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/24713/ | | File Size: | 4734 | | Last Modified: | Apr 5 01:27:45 2007 |
| MD5 Checksum: | 2870dcf364465f21c94bc0a2e8203955 |
|
| /// File Name: |
MDKSA-2007-084.txt |
Description:
|
Mandriva Linux Security Advisory - The ipsec-tools package prior to version 0.6.7 allows remote attackers to cause a Denial of Service (tunnel crash) via crafted DELTE and NOTIFY messages.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4732 | | Related CVE(s): | CVE-2007-1841 | | Last Modified: | Apr 17 13:08:22 2007 |
| MD5 Checksum: | 50244c14b7e61065a25cf150c68bee6c |
|
| /// File Name: |
sa24828.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for man-db. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24828/ | | File Size: | 4714 | | Last Modified: | Apr 9 19:10:43 2007 |
| MD5 Checksum: | 6b6697ae608b5aa6aebd2c48bc711721 |
|
| /// File Name: |
sa24946.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for clamav. This fixes some vulnerabilities, one of which has an unknown impact, while the other can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24946/ | | File Size: | 4700 | | Last Modified: | Apr 20 17:50:15 2007 |
| MD5 Checksum: | 2dc57edb840f3e17a64b39913a62e10b |
|
| /// File Name: |
MDKSA-2007-077-1.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was found in the username handling of the MIT krb5 telnet daemon. A remote attacker that could access the telnet port of a target machine could login as root without requiring a password. Buffer overflows in the kadmin server daemon were discovered that could be exploited by a remote attacker able to access the KDC. Successful exploitation could allow for the execution of arbitrary code with the privileges of the KDC or kadmin server processes. Finally, a double-free flaw was discovered in the GSSAPI library used by the kadmin server daemon, which could lead to a denial of service condition or the execution of arbitrary code with the privileges of the KDC or kadmin server processes.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4627 | | Related CVE(s): | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216 | | Last Modified: | Apr 11 00:51:27 2007 |
| MD5 Checksum: | c14f21429b7ee650b576ef36751fb480 |
|
| /// File Name: |
MITKRB5-SA-2007-002.txt |
Description:
|
MIT krb5 Security Advisory 2007-002 - The library function krb5_klog_syslog() can write past the end of a stack buffer. The Kerberos administration daemon (kadmind) as well as the KDC, are vulnerable. Exploitation of this vulnerability is probably simple. This is a vulnerability in the the kadm5 library, which is used by the KDC and kadmind, and possibly by some third-party applications. It is not a bug in the MIT krb5 protocol libraries or in the Kerberos protocol.
| | Homepage: | http://web.mit.edu/ | | File Size: | 4497 | | Related CVE(s): | CVE-2007-0957 | | Last Modified: | Apr 4 20:08:28 2007 |
| MD5 Checksum: | f37c1abafcf67029c4f7e78b4fee8494 |
|
| /// File Name: |
ATSA-2007-001.txt |
Description:
|
Akamai Technologies Security Advisory 2007-0001 - Two security vulnerabilities have been discovered in the ActiveX version of Akamai Download Manager. For successful exploitation, both vulnerabilities require the user to visit a malicious URL, triggering a stack-based buffer overflow that allows the attacker to execute arbitrary code within the context of the victim.
| | Author: | Fortinet,iDefense | | Homepage: | http://www.akamai.com/ | | File Size: | 4477 | | Related CVE(s): | CVE-2007-1891, CVE-2007-1892 | | Last Modified: | Apr 17 13:07:48 2007 |
| MD5 Checksum: | c35d99f51e62cd01b32e771ab6142984 |
|
| /// File Name: |
sa24929.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in various Oracle products. Some of these vulnerabilities have unknown impacts, while others can be exploited to bypass certain security restrictions, cause a DoS (Denial of Service), conduct cross-site scripting and SQL injection attacks, or potentially compromise a vulnerable system..
| | Homepage: | http://secunia.com/advisories/24929/ | | File Size: | 4393 | | Last Modified: | Apr 18 20:36:06 2007 |
| MD5 Checksum: | 017d3f021ebef93c834ee213d0fd502d |
|
| /// File Name: |
dsa-1280-1.txt |
Description:
|
Debian Security Advisory 1280-1 - It was discovered that aircrack-ng, a WEP/WPA security analysis tool, performs insufficient validation of 802.11 authentication packets, which allows the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4377 | | Related CVE(s): | CVE-2007-2057 | | Last Modified: | Apr 25 01:26:34 2007 |
| MD5 Checksum: | 40c2da40902c8e73cef513eb022fd7c8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
