Section: .. / 0705-advisories /
| /// File Name: |
USN-457-1.txt |
Description:
|
Ubuntu Security Notice 457-1 - Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6884 | | Related CVE(s): | CVE-2007-2027 | | Last Modified: | May 8 11:07:09 2007 |
| MD5 Checksum: | c29f2ac88d08f765dce4c1fe7495e6a5 |
|
| /// File Name: |
sa25226.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges, and by malicious people to cause a DoS.
| | Homepage: | http://secunia.com/advisories/25226/ | | File Size: | 6771 | | Last Modified: | May 11 02:35:58 2007 |
| MD5 Checksum: | 56d769afb38696de5708739181d0c15e |
|
| /// File Name: |
SSRT071326.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with the HP Tru64 UNIX Operating System running the dop command. The vulnerability could be exploited by a local, authorized user to execute arbitrary code with the privileges of the root user.
| | Homepage: | http://www.hp.com | | File Size: | 6731 | | Last Modified: | May 10 03:41:08 2007 |
| MD5 Checksum: | f66784706b7cd679c1a2c3633a9b9465 |
|
| /// File Name: |
USN-459-1.txt |
Description:
|
Ubuntu Security Notice 459-1 - A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6612 | | Related CVE(s): | CVE-2007-0244 | | Last Modified: | May 15 08:43:06 2007 |
| MD5 Checksum: | 7735e3b7dab6d4dbbaddddf02559d151 |
|
| /// File Name: |
SSRT061285.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP Power Manager Remote Agent (RA). The vulnerability could be exploited by a local authorized user to execute arbitrary code with the privileges of the root user.
| | Homepage: | http://www.hp.com | | File Size: | 6510 | | Last Modified: | May 3 05:26:42 2007 |
| MD5 Checksum: | 44408e2e40da528f85a0ccad3ccab35e |
|
| /// File Name: |
dsa-1288-1.txt |
Description:
|
Debian Security Advisory 1288-1 - It was discovered that the PoPToP Point to Point Tunneling Server contains a programming error, which allows the tear-down of a PPTP connection through a malformed GRE packet, resulting in denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 6397 | | Related CVE(s): | CVE-2007-0244 | | Last Modified: | May 10 03:43:30 2007 |
| MD5 Checksum: | a14b7fc739049a2723d4bec220d3656e |
|
| /// File Name: |
sa25115.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for net-snmp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/25115/ | | File Size: | 5813 | | Last Modified: | May 4 07:48:13 2007 |
| MD5 Checksum: | 1ab369c7263f97ad02a652c7d00f5b26 |
|
| /// File Name: |
MDKSA-2007-105.txt |
Description:
|
Mandriva Linux Security Advisory - The APOP functionality in fetchmail's POP3 client implementation was validating the APOP challenge too lightly, accepting random garbage as a POP3 server's APOP challenge, rather than insisting it conform to RFC-822 specifications. As a result of this flaw, it made man-in-the-middle attacks easier than necessary to retrieve the first few characters of the APOP secret, allowing them to potentially brute force the remaining characters easier than should be possible.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5625 | | Related CVE(s): | CVE-2007-1558 | | Last Modified: | May 21 05:54:04 2007 |
| MD5 Checksum: | 5405353ca73ccee3e5eb079b046836ce |
|
| /// File Name: |
sa25099.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/25099/ | | File Size: | 5571 | | Last Modified: | May 4 17:30:32 2007 |
| MD5 Checksum: | ed84b92c3e3cbdc5040f1b034e527cf1 |
|
| /// File Name: |
USN-461-1.txt |
Description:
|
Ubuntu Security Notice 461-1 - It was discovered that Quagga did not correctly verify length information sent from configured peers. Remote malicious peers could send a specially crafted UPDATE message which would cause bgpd to abort, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5525 | | Related CVE(s): | CVE-2007-1995 | | Last Modified: | May 21 05:55:14 2007 |
| MD5 Checksum: | c9e5ff89aaf78c15915f43f9a469b7c5 |
|
| /// File Name: |
SSRT061214.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP Systems Insight Manager (SIM) for Windows. The vulnerability could be exploited to allow remote privileged access and arbitrary code execution.
| | Homepage: | http://www.hp.com | | File Size: | 5490 | | Last Modified: | May 21 05:05:08 2007 |
| MD5 Checksum: | 8f0b46e66a7c1b59695eba661098e06b |
|
| /// File Name: |
MDKSA-2007-108.txt |
Description:
|
Mandriva Linux Security Advisory - Marsu discovered a stack overflow issue in the GIMP's RAS file loader. An attacker could create a carefully crafted file that would cause the GIMP to crash or potentially execute arbitrary code as the user opening the file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5448 | | Related CVE(s): | CVE-2007-2356 | | Last Modified: | May 23 07:52:20 2007 |
| MD5 Checksum: | a1627792539c9d375a9fa670959abb88 |
|
| /// File Name: |
MDKSA-2007-097.txt |
Description:
|
Mandriva Linux Security Advisory - A problem with the way xscreensaver verifies user passwords was discovered by Alex Yamauchi. When a system is using remote authentication (i.e. LDAP) for logins, a local attacker able to cause a network outage on the system could cause xscreensaver to crash, which would unlock the screen.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5445 | | Related CVE(s): | CVE-2007-1859 | | Last Modified: | May 3 09:59:37 2007 |
| MD5 Checksum: | c579a767dbc315aa96f2458392c2bc9a |
|
| /// File Name: |
FreeBSD-SA-07-03-ipv6.txt |
Description:
|
FreeBSD Security Advisory - There is no mechanism for preventing IPv6 routing headers from being used to route packets over the same link(s) many times. An attacker can "amplify" a denial of service attack against a link between two vulnerable hosts; that is, by sending a small volume of traffic the attacker can consume a much larger amount of bandwidth between the two vulnerable hosts. An attacker can use vulnerable hosts to "concentrate" a denial of service attack against a victim host or network; that is, a set of packets sent over a period of 30 seconds or more could be constructed such that they all arrive at the victim within a period of 1 second or less.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 5427 | | Related CVE(s): | CVE-2007-2242 | | Last Modified: | May 3 02:13:35 2007 |
| MD5 Checksum: | ccf88dc45c5dd4ba5063e991af6fab59 |
|
| /// File Name: |
sa25189.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for clamav. This fixes some vulnerabilities, where one has an unknown impact and the others can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25189/ | | File Size: | 5350 | | Last Modified: | May 10 02:32:46 2007 |
| MD5 Checksum: | 5601894f0c111d4d43fe59857c33c602 |
|
| /// File Name: |
USN-436-2.txt |
Description:
|
Ubuntu Security Notice 436-2 - USN-436-1 fixed a vulnerability in KTorrent. The original fix for path traversal was incomplete, allowing for alternate vectors of attack. Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5300 | | Related CVE(s): | CVE-2007-1799 | | Last Modified: | May 21 06:04:55 2007 |
| MD5 Checksum: | d84cb96af518cadc6de28eda55e86e49 |
|
| /// File Name: |
FreeBSD-SA-07-04.file.txt |
Description:
|
FreeBSD Security Advisory - An attacker who can cause file to be run on a maliciously constructed input can cause file to crash. It may be possible for such an attacker to execute arbitrary code with the privileges of the user running file. The above also applies to any other applications using the libmagic library.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 5208 | | Related CVE(s): | CVE-2007-1536 | | Last Modified: | May 24 03:57:55 2007 |
| MD5 Checksum: | 460717f8e2c565242021f26418fd5339 |
|
| /// File Name: |
sa23769.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23769/ | | File Size: | 5166 | | Last Modified: | May 10 02:32:46 2007 |
| MD5 Checksum: | 8ef593aabd10a079b9c1027c2238b18b |
|
| /// File Name: |
glsa-200705-19.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-19 - Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the GD library and in the substr_compare() PHP 5 function. Ilia Alshanetsky also reported a buffer overflow in the make_http_soap_request() and in the user_filter_factory_create() functions, and Stanislav Malyshev discovered another buffer overflow in the bundled XMLRPC library. Additionally, the session_regenerate_id() and the array_user_key_compare() functions contain a double-free vulnerability. Finally, there exist implementation errors in the Zend engine, in the mb_parse_str(), the unserialize() and the mail() functions and other elements. Versions less than 5.2.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 5041 | | Related CVE(s): | CVE-2007-1001, CVE-2007-1285, CVE-2007-1286, CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1701, CVE-2007-1711, CVE-2007-1717, CVE-2007-1718, CVE-2007-1864, CVE-2007-1900, CVE-2007-2509, CVE-2007-2510, CVE-2007-2511 | | Last Modified: | May 31 05:25:46 2007 |
| MD5 Checksum: | 57aafd3389cccd61dd0f2470e8144248 |
|
| /// File Name: |
USN-456-1.txt |
Description:
|
Ubuntu Security Notice 456-1 - A really old denial of service issue with net-snmp has finally been fixed.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4990 | | Related CVE(s): | CVE-2005-4837 | | Last Modified: | May 3 09:30:36 2007 |
| MD5 Checksum: | bc9971d5d0c6d1a3bddd7be3a884236b |
|
| /// File Name: |
SSRT071396.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in the ProCurve Series 9300m Switches. The vulnerability could be remotely exploited resulting in a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 4976 | | Last Modified: | May 4 17:53:44 2007 |
| MD5 Checksum: | ce77d2471581cb7c80ee193fae81e733 |
|
| /// File Name: |
ag-leak.txt |
Description:
|
Advanced Guestbook version 2.4.2 is prone to multiple information disclosure vulnerabilities.
| | Author: | Jesper Jurcenoks | | Homepage: | http://www.netvigilance.com/ | | File Size: | 4950 | | Related OSVDB(s): | 33876 | | Related CVE(s): | CVE-2007-0608 | | Last Modified: | May 8 11:42:12 2007 |
| MD5 Checksum: | 55f6efc225d1bfb0e161cc07b32412a2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
