Section: .. / 0709-advisories /
| /// File Name: |
sa27007.txt |
Description:
|
Secunia Security Advisory - Ronald van den Heetkamp has discovered a weakness in Internet Explorer, which potentially can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/27007/ | | File Size: | 2305 | | Last Modified: | Sep 29 17:23:54 2007 |
| MD5 Checksum: | 2a29d5c3f355ab8036d251b0b6c7df91 |
|
| /// File Name: |
samba-gid0.txt |
Description:
|
An incorrect group assignment (gid 0) occurs for domain users using the rfc2307 or sfu Winbind nss info plugin.
| | Author: | Rick King | | Homepage: | http://www.samba.org/ | | File Size: | 3123 | | Related CVE(s): | CVE-2007-4138 | | Last Modified: | Sep 11 18:58:34 2007 |
| MD5 Checksum: | 1ead5be64671afa77f5732e9227c6812 |
|
| /// File Name: |
simpgb14602-pdisclose.txt |
Description:
|
SimpGB version 1.46.02 suffers from path disclosure vulnerabilities.
| | Author: | Jesper Jurcenoks | | Homepage: | http://www.netvigilance.com/ | | File Size: | 4655 | | Last Modified: | Sep 25 22:01:53 2007 |
| MD5 Checksum: | ffed5f003b06b19223ec4922e9d140cf |
|
| /// File Name: |
sophos-xss.txt |
Description:
|
A malformed ZIP archive being analyzed by the Sophos AV client can trigger cross site scripting attacks. Version 6.5.4 R2 is affected.
| | Author: | Michael Jordon | | Homepage: | http://www.contextis.co.uk/ | | File Size: | 2690 | | Related CVE(s): | CVE-2007-4512 | | Last Modified: | Sep 7 02:42:34 2007 |
| MD5 Checksum: | 6bc4e9f923d9b4d798b9c1e9307a7108 |
|
| /// File Name: |
ssdt-multi.txt |
Description:
|
It appears that a number of vulnerabilities have been discovered in implementations of SSDT hooks in many different products. Vulnerable products range from BlackICE, Norton Internet Security, Process Monitor, and more.
| | Author: | Matousec - Transparent Security Research | | Homepage: | http://www.matousec.com/ | | File Size: | 1302 | | Last Modified: | Sep 18 13:14:29 2007 |
| MD5 Checksum: | c6c31abec3a9a6656c80d4c0297d331c |
|
| /// File Name: |
SSRT071439.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in HP-UX running the logins(1M) command. This command incorrectly reports password status. As a result password issues may not be detected, allowing remote unauthorized access.
| | Homepage: | http://www.hp.com/ | | File Size: | 6287 | | Last Modified: | Sep 20 04:38:05 2007 |
| MD5 Checksum: | 49084d4aa243b4dd35a9878e3d7681e6 |
|
| /// File Name: |
SSRT071449-1.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been reported with HP OpenVMS when running BIND version 9.2.1 or BIND version 9.3.1. The vulnerability could be exploited remotely to cause DNS cache poisoning.
| | Homepage: | http://www.hp.com/ | | File Size: | 5772 | | Related CVE(s): | CVE-2007-2926 | | Last Modified: | Sep 25 00:04:31 2007 |
| MD5 Checksum: | 901bf77484794fee766fc5d12df252d4 |
|
| /// File Name: |
SSRT071470.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Windows on systems which are also running HP Version Control Agent (VCA) or Version Control Repository Manager (VCRM). The vulnerability may result in the incomplete installation of OpenSSL updates, including security updates.
| | Homepage: | http://www.hp.com/ | | File Size: | 5695 | | Last Modified: | Sep 18 11:03:58 2007 |
| MD5 Checksum: | bc74213c1054d9be403617ea5e1a2903 |
|
| /// File Name: |
SSRT071471.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com/ | | File Size: | 9176 | | Last Modified: | Sep 20 04:37:32 2007 |
| MD5 Checksum: | bec42473e5d89d7c4cd6864e9a6ac162 |
|
| /// File Name: |
SYM07-024.txt |
Description:
|
Symantec was notified of a potential denial of service vulnerability in the device driver SYMTDI.SYS. A specially crafted IRP sent to an IOCTL handler function could allow memory to be overwritten because the address space was not properly validated in some versions of the driver. A potential attacker must be logged into the computer to attempt an exploit. A successful exploit of this vulnerability could potentially allow that user to crash their computer.
| | Author: | Matousec-Transparent | | Homepage: | http://www.symantec.com/ | | File Size: | 2976 | | Related CVE(s): | CVE-2007-1476 | | Last Modified: | Sep 10 17:29:54 2007 |
| MD5 Checksum: | 86d3a379bfc033ddebb718d173f0afb9 |
|
| /// File Name: |
SYMSA-2007-008.txt |
Description:
|
Symantec Vulnerability Research SYMSA-2007-008 - The Autodesk Backburner software remote job queueing tool allows users to submit jobs consisting of operating system commands that will be executed by the Backburner Manager service on the render server(s) without authentication.
| | Author: | Dave Hartley, Stephen Kapp | | Homepage: | http://www.symantec.com/research | | File Size: | 5707 | | Related CVE(s): | CVE-2007-4749 | | Last Modified: | Sep 12 19:58:27 2007 |
| MD5 Checksum: | 919e39e02e428d638c9c369dc819d0ef |
|
| /// File Name: |
SYMSA-2007-009.txt |
Description:
|
Symantec Vulnerability Research SYMSA-2007-009 - There exists a design flaw in RemoteDocs R-Viewer where code can be executed upon opening the RDZ file without any knowledge or warning to the user. Additionally, temporary files are not properly removed of disk exposing the encrypted data.
| | Homepage: | http://www.symantec.com/research | | File Size: | 4922 | | Related CVE(s): | CVE-2007-4750, CVE-2007-4751 | | Last Modified: | Sep 18 13:00:07 2007 |
| MD5 Checksum: | c4dee8c6036cb677f67522e6fff6e1ed |
|
| /// File Name: |
TA07-254A.txt |
Description:
|
Technical Cyber Security Alert TA07-254A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Microsoft Visual Studio, Microsoft Windows Services for Unix, and Microsoft MSN Messenger. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3954 | | Last Modified: | Sep 11 19:06:43 2007 |
| MD5 Checksum: | 5dbec3956228d973b95b37cbe03097c7 |
|
| /// File Name: |
TPTI-07-15.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Automated Solutions Modbus TCP Slave ActiveX Control. Authentication is not required to exploit this vulnerability. The specific flaw exists within MiniHMI.exe which binds to TCP port 502. When processing malformed Modbus requests on this port a controllable heap corruption can occur which may result in execution of arbitrary code.
| | Author: | Ganesh Devarajan | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 3196 | | Related CVE(s): | CVE-2007-4827 | | Last Modified: | Sep 20 04:13:51 2007 |
| MD5 Checksum: | 0d534b93256518fcf493b72761cb45fa |
|
| /// File Name: |
txxcms-rfi.txt |
Description:
|
Txx CMS appears susceptible to remote file inclusion vulnerabilities.
| | Author: | nne | | Homepage: | http://nnc.unkn0wn.eu/ | | File Size: | 1244 | | Last Modified: | Sep 9 16:57:07 2007 |
| MD5 Checksum: | 669ef7e6dbf80b2a7fa86bac09bfd55b |
|
| /// File Name: |
USN-510-1.txt |
Description:
|
Ubuntu Security Notice 510-1 - Over a dozen vulnerabilities have been patched for the Linux 2.6 kernel.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 51361 | | Related CVE(s): | CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-2878, CVE-2007-3104, CVE-2007-3105, CVE-2007-3513, CVE-2007-3642, CVE-2007-3843, CVE-2007-3848, CVE-2007-3851, CVE-2007-4308 | | Last Modified: | Sep 1 00:09:47 2007 |
| MD5 Checksum: | ca3d6ef3b5512c4bf96630a40cd450f2 |
|
| /// File Name: |
USN-511-1.txt |
Description:
|
Ubuntu Security Notice 511-1 - It was discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. An unauthenticated remote user could send a specially crafted request and execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 29059 | | Related CVE(s): | CVE-2007-3999 | | Last Modified: | Sep 5 01:23:52 2007 |
| MD5 Checksum: | 878c5071c2ffec3b8ab1f0df03332c3e |
|
| /// File Name: |
USN-511-2.txt |
Description:
|
Ubuntu Security Notice 511-2 - USN-511-1 fixed vulnerabilities in krb5 and librpcsecgss. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. It was discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. An unauthenticated remote user could send a specially crafted request and execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 29284 | | Related CVE(s): | CVE-2007-3999 | | Last Modified: | Sep 7 20:28:40 2007 |
| MD5 Checksum: | a7b734c0ce5344db1d137bc8862fec37 |
|
| /// File Name: |
USN-512-1.txt |
Description:
|
Ubuntu Security Notice 512-1 - It was discovered that Quagga did not correctly verify OPEN messages or COMMUNITY attributes sent from configured peers. Malicious authenticated remote peers could send a specially crafted message which would cause bgpd to abort, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5532 | | Related CVE(s): | CVE-2007-4826 | | Last Modified: | Sep 18 12:48:01 2007 |
| MD5 Checksum: | bb78b35e012b55a3547156fbf63b2a4a |
|
| /// File Name: |
USN-513-1.txt |
Description:
|
Ubuntu Security Notice 513-1 - Dirk Mueller discovered that UTF8 strings could be made to cause a small buffer overflow. A remote attacker could exploit this by sending specially crafted strings to applications that use the Qt3 library for UTF8 processing, potentially leading to arbitrary code execution with user privileges, or a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 39342 | | Related CVE(s): | CVE-2007-4137 | | Last Modified: | Sep 18 22:43:07 2007 |
| MD5 Checksum: | acacaa6df6c5f832cadfd25c6d90be13 |
|
| /// File Name: |
USN-514-1.txt |
Description:
|
Ubuntu Security Notice 514-1 - Aaron Plattner discovered that the Composite extension did not correctly calculate the size of buffers when copying between different bit depths. An authenticated user could exploit this to execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5470 | | Related CVE(s): | CVE-2007-4730 | | Last Modified: | Sep 19 12:02:48 2007 |
| MD5 Checksum: | f84d51fe5ebe137454c39b3057bbb210 |
|
| /// File Name: |
USN-515-1.txt |
Description:
|
Ubuntu Security Notice 515-1 - It was discovered that t1lib does not properly perform bounds checking which can result in a buffer overflow vulnerability. An attacker could send specially crafted input to applications linked against t1lib which could result in a DoS or arbitrary code execution.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9402 | | Related CVE(s): | CVE-2007-4033 | | Last Modified: | Sep 20 04:59:48 2007 |
| MD5 Checksum: | b7118d409a112d9371ea0dc2ee682004 |
|
| /// File Name: |
USN-516-1.txt |
Description:
|
Ubuntu Security Notice 516-1 - Paul Martin discovered that xfs_fsr creates a temporary directory with insecure permissions. This allows a local attacker to exploit a race condition in xfs_fsr to read or overwrite arbitrary files on xfs filesystems.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4596 | | Related CVE(s): | CVE-2007-2654 | | Last Modified: | Sep 20 22:36:02 2007 |
| MD5 Checksum: | dc5838d0a6bd81618f55a60a47ea47ba |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
