Section: .. / 0705-advisories /
| /// File Name: |
SSRT071337.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified on HP-UX running Kerberos. The vulnerability could be exploited by remote authorized users to execute arbitrary code.
| | Homepage: | http://www.hp.com | | File Size: | 7334 | | Related CVE(s): | CVE-2007-1261 | | Last Modified: | May 23 07:30:35 2007 |
| MD5 Checksum: | 23c7c5390ec136c69e0352e8ae7cc6ab |
|
| /// File Name: |
SSRT071396.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in the ProCurve Series 9300m Switches. The vulnerability could be remotely exploited resulting in a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 4976 | | Last Modified: | May 4 17:53:44 2007 |
| MD5 Checksum: | ce77d2471581cb7c80ee193fae81e733 |
|
| /// File Name: |
SSRT071422.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com | | File Size: | 10223 | | Last Modified: | May 21 05:50:06 2007 |
| MD5 Checksum: | 07c43e567efc714f036c08de50e8574d |
|
| /// File Name: |
sunshop-multi.txt |
Description:
|
SunShop version 4 suffers from cookie manipulation, cross site scripting, and SQL injection vulnerabilities.
| | Author: | John Martinelli | | Homepage: | http://john-martinelli.com/ | | File Size: | 2146 | | Last Modified: | May 8 10:03:43 2007 |
| MD5 Checksum: | 6350a9d207f58a47116d4613aad083b0 |
|
| /// File Name: |
SYM07-007.txt |
Description:
|
CERT notified Symantec that a buffer overflow exists in an ActiveX Control used by Norton Personal Firewall. The error occurs in the Get() and Set() functions used by ISAlertDataCOM, which is part of ISLALERT.DLL. A successful exploit of this vulnerability could potentially allow the remote execution of code on a vulnerable system, with the rights of the logged-in user.
| | Author: | Will Dormann | | Homepage: | http://www.symantec.com/ | | File Size: | 3523 | | Last Modified: | May 17 04:33:02 2007 |
| MD5 Checksum: | ede6160ce3905e7d5b3e1667b1d5fcaf |
|
| /// File Name: |
TA07-128A.txt |
Description:
|
Technical Cyber Security Alert TA07-128A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Office, Exchange, Cryptographic API Component Object Model (CAPICOM), and BizTalk. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4518 | | Last Modified: | May 10 03:42:20 2007 |
| MD5 Checksum: | d3d88bcd62b8340216fb50ed8ba3fe48 |
|
| /// File Name: |
tftpdwin-traverse.txt |
Description:
|
TFTPdWin version 0.4.2 contains a vulnerability that allows a potential intruder to gain read and write access to directories and files outside of the TFTP root.
| | Author: | Digital Defense Inc. Vulnerability Research Team | | File Size: | 1090 | | Last Modified: | May 12 04:43:04 2007 |
| MD5 Checksum: | 4f70c5b7a6bd532831cb8571cb07f460 |
|
| /// File Name: |
TPTI-07-05.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM Tivoli Provisioning Manager for OS Deployment. Authentication is not required to exploit this vulnerability. The specific flaws exist in the handling of HTTP requests to the rembo.exe service listening on TCP port 8080. Several components of an HTTP request can be modified to trigger buffer overflows. For example, by supplying an overly long filename an attacker is able to overflow a 150 byte stack buffer and subsequently execute arbitrary code.
| | Author: | Aaron Portnoy | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 1774 | | Related CVE(s): | CVE-2007-1868 | | Last Modified: | May 3 09:55:07 2007 |
| MD5 Checksum: | 7bd8df9f7bd880f2635e97d774b131d4 |
|
| /// File Name: |
TPTI-07-06.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Rendezvous / XMPP (Extensible Messaging and Presence Protocol) messaging subsystem. Trillian locates nearby users through the '_presence' mDNS (multicast DNS) service on UDP port 5353. Once a user is registered through mDNS, messaging is accomplished via XMPP over TCP port 5298.
| | Author: | Pedram Amini | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 3610 | | Related CVE(s): | CVE-2007-2418 | | Last Modified: | May 3 09:57:40 2007 |
| MD5 Checksum: | fb5aa90835f24579cb43a1eb28debb6f |
|
| /// File Name: |
TPTI-07-07.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of malformed Sample Table Sample Descriptor (STSD) atoms. Specifying a malicious atom size can result in an under allocated heap chunk and subsequently an exploitable heap corruption.
| | Author: | Ganesh Devarajan | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 1452 | | Related CVE(s): | CVE-2007-0754 | | Last Modified: | May 12 04:32:00 2007 |
| MD5 Checksum: | a91f457f0d975bafb053c7b656e4c8ed |
|
| /// File Name: |
USN-436-2.txt |
Description:
|
Ubuntu Security Notice 436-2 - USN-436-1 fixed a vulnerability in KTorrent. The original fix for path traversal was incomplete, allowing for alternate vectors of attack. Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5300 | | Related CVE(s): | CVE-2007-1799 | | Last Modified: | May 21 06:04:55 2007 |
| MD5 Checksum: | d84cb96af518cadc6de28eda55e86e49 |
|
| /// File Name: |
USN-456-1.txt |
Description:
|
Ubuntu Security Notice 456-1 - A really old denial of service issue with net-snmp has finally been fixed.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4990 | | Related CVE(s): | CVE-2005-4837 | | Last Modified: | May 3 09:30:36 2007 |
| MD5 Checksum: | bc9971d5d0c6d1a3bddd7be3a884236b |
|
| /// File Name: |
USN-457-1.txt |
Description:
|
Ubuntu Security Notice 457-1 - Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6884 | | Related CVE(s): | CVE-2007-2027 | | Last Modified: | May 8 11:07:09 2007 |
| MD5 Checksum: | c29f2ac88d08f765dce4c1fe7495e6a5 |
|
| /// File Name: |
USN-458-1.txt |
Description:
|
Ubuntu Security Notice 458-1 - A flaw was discovered in MoinMoin's error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted. Flaws were discovered in MoinMoin's ACL handling for calendars and includes. Unauthorized users would be able to read pages that would otherwise be unavailable to them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4131 | | Related CVE(s): | CVE-2007-2423 | | Last Modified: | May 10 02:56:28 2007 |
| MD5 Checksum: | e218d5152cdd15624a8e2c7f038d9ff1 |
|
| /// File Name: |
USN-459-1.txt |
Description:
|
Ubuntu Security Notice 459-1 - A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6612 | | Related CVE(s): | CVE-2007-0244 | | Last Modified: | May 15 08:43:06 2007 |
| MD5 Checksum: | 7735e3b7dab6d4dbbaddddf02559d151 |
|
| /// File Name: |
USN-459-2.txt |
Description:
|
Ubuntu Security Notice 459-2 - A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service. USN-459-1 fixed vulnerabilities in pptpd. However, a portion of the fix caused a regression in session establishment under Dapper for certain PPTP clients. This update fixes the problem.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3046 | | Last Modified: | May 22 03:59:32 2007 |
| MD5 Checksum: | 5a5561e11d3d5e9f5e0cb037942152a6 |
|
| /// File Name: |
USN-460-1.txt |
Description:
|
Ubuntu Security Notice 460-1 - Paul Griffith and Andrew Hogue discovered that Samba did not fully drop root privileges while translating SIDs. A remote authenticated user could issue SMB operations during a small window of opportunity and gain root privileges. Brian Schafer discovered that Samba did not handle NDR parsing correctly. A remote attacker could send specially crafted MS-RPC requests that could overwrite heap memory and execute arbitrary code. It was discovered that Samba did not correctly escape input parameters for external scripts defined in smb.conf. Remote authenticated users could send specially crafted MS-RPC requests and execute arbitrary shell commands.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 24858 | | Related CVE(s): | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447 | | Last Modified: | May 17 04:22:48 2007 |
| MD5 Checksum: | 476081583b5fad8dc1a8e0b09b69c66f |
|
| /// File Name: |
USN-460-2.txt |
Description:
|
Ubuntu Security Notice 460-2 - USN-460-1 fixed several vulnerabilities in Samba. The upstream changes for CVE-2007-2444 had an unexpected side-effect in Feisty. Shares configured with the "force group" option no longer behaved correctly.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 8980 | | Related CVE(s): | CVE-2007-2444 | | Last Modified: | May 23 07:40:28 2007 |
| MD5 Checksum: | b44ab22d2208b5ef3095f76fe7727e95 |
|
| /// File Name: |
USN-461-1.txt |
Description:
|
Ubuntu Security Notice 461-1 - It was discovered that Quagga did not correctly verify length information sent from configured peers. Remote malicious peers could send a specially crafted UPDATE message which would cause bgpd to abort, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5525 | | Related CVE(s): | CVE-2007-1995 | | Last Modified: | May 21 05:55:14 2007 |
| MD5 Checksum: | c9e5ff89aaf78c15915f43f9a469b7c5 |
|
| /// File Name: |
USN-462-1.txt |
Description:
|
Ubuntu Security Notice 462-1 - A flaw was discovered in the FTP command handler in PHP. Commands were not correctly filtered for control characters. An attacker could issue arbitrary FTP commands using specially crafted arguments. Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler in PHP. Remote attackers could send a specially crafted SOAP request and execute arbitrary code with web server privileges. Ilia Alshanetsky discovered a buffer overflow in the user filter factory in PHP. A local attacker could create a specially crafted script and execute arbitrary code with web server privileges. Gregory Beaver discovered that the PEAR installer did not validate installation paths. If a user were tricked into installing a malicious PEAR package, an attacker could overwrite arbitrary files.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 40563 | | Related CVE(s): | CVE-2007-2519, CVE-2007-2511, CVE-2007-2510, CVE-2007-2509 | | Last Modified: | May 23 07:51:19 2007 |
| MD5 Checksum: | aff70e3b3bc98415789824b7be8fccd9 |
|
| /// File Name: |
USN-463-1.txt |
Description:
|
Ubuntu Security Notice 463-1 - Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines. By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15484 | | Related CVE(s): | CVE-2007-2438 | | Last Modified: | May 23 07:53:34 2007 |
| MD5 Checksum: | 49faaeb4e914183e6fd8227250ad6d6d |
|
| /// File Name: |
USN-464-1.txt |
Description:
|
Ubuntu Security Notice 464-1 - Multiple vulnerabilities have been patched against in the Linux kernel. Philipp Richter discovered that the AppleTalk protocol handler did not sufficiently verify the length of packets. By sending a crafted AppleTalk packet, a remote attacker could exploit this to crash the kernel. Gabriel Campana discovered that the do_ipv6_setsockopt() function did not sufficiently verify option values for IPV6_RTHDR. A local attacker could exploit this to trigger a kernel crash. A Denial of Service vulnerability was discovered in the nfnetlink_log() netfilter function. A remote attacker could exploit this to trigger a kernel crash. The connection tracking module for IPv6 did not properly handle the status field when reassembling fragmented packets, so that the final packet always had the 'established' state. A remote attacker could exploit this to bypass intended firewall rules. Masayuki Nakagawa discovered an error in the flowlabel handling of IPv6 network sockets. A local attacker could exploit this to crash the kernel. The do_dccp_getsockopt() function did not sufficiently verify the optlen argument. A local attacker could exploit this to read kernel memory (which might expose sensitive data) or cause a kernel crash. This only affects Ubuntu 7.04. The IPv4 and DECnet network protocol handlers incorrectly declared an array variable so that it became smaller than intended. By sending crafted packets over a netlink socket, a local attacker could exploit this to crash the kernel.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 145200 | | Related CVE(s): | CVE-2007-1357, CVE-2007-1388, CVE-2007-1496, CVE-2007-1497, CVE-2007-1592, CVE-2007-1730, CVE-2007-2172 | | Last Modified: | May 30 22:52:13 2007 |
| MD5 Checksum: | 9b31d90401441ebd4532d2e93a14c4fe |
|
| /// File Name: |
USN-465-1.txt |
Description:
|
Ubuntu Security Notice 465-1 - Luigi Auriemma discovered multiple flaws in pulseaudio's network processing code. If an unauthenticated attacker sent specially crafted requests to the pulseaudio daemon, it would crash, resulting in a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9643 | | Related CVE(s): | CVE-2007-1804 | | Last Modified: | May 31 05:22:58 2007 |
| MD5 Checksum: | be02bc364009d306a797ce15f0cb26c6 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
