Section: .. / 0709-advisories /
| /// File Name: |
MDKSA-2007-189.txt |
Description:
|
Mandriva Linux Security Advisory - A buffer overflow vulnerability was discovered in t1lib due to improper bounds checking. An attacker could send specially crafted input to an application linked against t1lib which could lead to a denial of service or the execution of arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6570 | | Related CVE(s): | CVE-2007-4033 | | Last Modified: | Sep 27 21:30:57 2007 |
| MD5 Checksum: | d75f1fdc0c361fc7740e1dcd2cf00fde |
|
| /// File Name: |
09.27.07-1.txt |
Description:
|
iDefense Security Advisory 09.27.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Computer Associates International Inc.'s (CA) BrightStor HSM allows attackers to execute arbitrary code with SYSTEM privileges. These problems specifically exist within various command handlers in the CsAgent service. There are eleven command handlers that contain one or more stack based buffer overflow vulnerabilities each. All of these vulnerabilities are simple sprintf() calls that overflow fixed size stack buffers with attacker supplied data. Additionally, there are five command handlers that are vulnerable to integer overflow vulnerabilities. In addition to this, the function responsible for reading in and dispatching a request to the appropriate handler also contains an integer overflow vulnerability. iDefense has confirmed the existence of these vulnerabilities in Computer Associates BrightStor HSM version r11.5. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4473 | | Related CVE(s): | CVE-2007-5082, CVE-2007-5083 | | Last Modified: | Sep 27 21:25:23 2007 |
| MD5 Checksum: | ee2417c015c6a34fccef4c071b848987 |
|
| /// File Name: |
openssl-offbyone.txt |
Description:
|
OpenSSL versions before 0.9.7m and 0.9.8e suffer from an off-by-one buffer overflow in SSL_get_shared_ciphers().
| | Author: | Moritz Jodeit | | File Size: | 2685 | | Last Modified: | Sep 27 21:13:04 2007 |
| MD5 Checksum: | 3d7843c79ac6b8326682eeccba09d0a5 |
|
| /// File Name: |
waraxe-2007-SA058.txt |
Description:
|
NukeSentinel version 2.5.12 suffers from a critical SQL injection vulnerability.
| | Author: | waraxe | | Homepage: | http://www.waraxe.us/ | | File Size: | 3026 | | Last Modified: | Sep 27 21:08:43 2007 |
| MD5 Checksum: | 6843712a4bc81fd83a8308aaf139efe7 |
|
| /// File Name: |
waraxe-2007-SA056.txt |
Description:
|
NukeSentinel version 2.5.11 suffers from another critical SQL injection vulnerability.
| | Author: | waraxe | | Homepage: | http://www.waraxe.us/ | | File Size: | 3132 | | Last Modified: | Sep 27 21:05:18 2007 |
| MD5 Checksum: | 9afc74094509084f762b82481efef3f9 |
|
| /// File Name: |
waraxe-2007-SA055.txt |
Description:
|
SiteX CMS version 0.7.3 Beta is susceptible to a SQL injection vulnerability.
| | Author: | waraxe | | Homepage: | http://www.waraxe.us/ | | File Size: | 2536 | | Last Modified: | Sep 27 21:04:31 2007 |
| MD5 Checksum: | cd2b36502c1c23c638e0858f37f9925b |
|
| /// File Name: |
cisco-sr-20070926-lb.txt |
Description:
|
Cisco Security Advisory - Cisco Catalyst 6500 and Cisco 7600 series devices use addresses from the 127.0.0.0/8 (loopback) range in the Ethernet Out-of-Band Channel (EOBC) for internal communication. Addresses from this range that are used in the EOBC on Cisco Catalyst 6500 and Cisco 7600 series devices are accessible from outside of the system. The Supervisor module, Multilayer Switch Feature Card (MSFC), or any other intelligent module may receive and process packets that are destined for the 127.0.0.0/8 network. An attacker can exploit this behavior to bypass existing access control lists that do not filter 127.0.0.0/8 address range; however, an exploit will not allow an attacker to bypass authentication or authorization. Valid authentication credentials are still required to access the module in question.
| | Homepage: | http://www.cisco.com/ | | File Size: | 9913 | | Last Modified: | Sep 27 21:02:06 2007 |
| MD5 Checksum: | 6e93ee9fd6cdbb94b05db75190415dbc |
|
| /// File Name: |
sa26914.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in CA BrightStor Hierarchical Storage Manager, which can be exploited by malicious people to conduct SQL injection attacks, cause a DoS (Denial of Service), or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26914/ | | File Size: | 2937 | | Last Modified: | Sep 27 19:54:21 2007 |
| MD5 Checksum: | c6e016c87dd4ba262148aeacd4335268 |
|
| /// File Name: |
sa26942.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Tk, which can potentially be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/26942/ | | File Size: | 2401 | | Last Modified: | Sep 27 19:54:21 2007 |
| MD5 Checksum: | 75dfc38cecb3893c15825bb402799e70 |
|
| /// File Name: |
sa26948.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in F-Secure Anti-Virus, which can be exploited by malware to bypass the scanning functionality.
| | Homepage: | http://secunia.com/advisories/26948/ | | File Size: | 2468 | | Last Modified: | Sep 27 19:54:21 2007 |
| MD5 Checksum: | c7c50045010b87695984d1a9b763e6a7 |
|
| /// File Name: |
sa26950.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26950/ | | File Size: | 3010 | | Last Modified: | Sep 27 19:54:21 2007 |
| MD5 Checksum: | 74b676947d33cba69e418d0b96715ddb |
|
| /// File Name: |
sa26954.txt |
Description:
|
Secunia Security Advisory - Janek Vind has reported a vulnerability in NukeSentinel, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/26954/ | | File Size: | 2335 | | Last Modified: | Sep 27 19:54:21 2007 |
| MD5 Checksum: | 9d2f5e740aafda0ba210d70521a94c88 |
|
| /// File Name: |
sa26957.txt |
Description:
|
Secunia Security Advisory - darkbunny91 has discovered a vulnerability in FlatNuke, which can be exploited by malicious people to conduct cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/26957/ | | File Size: | 2402 | | Last Modified: | Sep 27 19:54:21 2007 |
| MD5 Checksum: | 3b2de823efdc3110ae04c11a7d5de91b |
|
| /// File Name: |
sa26966.txt |
Description:
|
Secunia Security Advisory - ka0x has reported a vulnerability in Novus, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/26966/ | | File Size: | 2236 | | Last Modified: | Sep 27 19:54:21 2007 |
| MD5 Checksum: | c94f8b06a0d640e1deab9a31b6f05856 |
|
| /// File Name: |
sa26984.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26984/ | | File Size: | 2599 | | Last Modified: | Sep 27 19:54:21 2007 |
| MD5 Checksum: | e13012970e9d3c9534e1b58057aeee82 |
|
| /// File Name: |
sa26986.txt |
Description:
|
Secunia Security Advisory - Joris van Rantwijk has reported a vulnerability in Xen, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/26986/ | | File Size: | 2356 | | Last Modified: | Sep 27 19:54:21 2007 |
| MD5 Checksum: | 57ebdf3346e9269a3d4b1b364b7f1c19 |
|
| /// File Name: |
sa26988.txt |
Description:
|
Secunia Security Advisory - A weakness has been reported in Cisco Catalyst 6500 and Cisco 7600 series devices, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/26988/ | | File Size: | 2721 | | Last Modified: | Sep 27 19:54:21 2007 |
| MD5 Checksum: | 32467b0c6e34f3704ccd8016df89fc6e |
|
| /// File Name: |
CAID-hsmcmv.txt |
Description:
|
Multiple vulnerabilities exist in the CsAgent service that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first set of vulnerabilities, CVE-2007-5082, occur due to insufficient bounds checking in multiple CsAgent service commands. The second set of vulnerabilities, CVE-2007-5083, occur due to insufficient validation of integer values in multiple CsAgent service commands, which can lead to buffer overflow. The third set of vulnerabilities, CVE-2007-5084, occur due to insufficient validation of strings used in SQL statements in multiple CsAgent service commands.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 3782 | | Related CVE(s): | CVE-2007-5082, CVE-2007-5083, CVE-2007-5084 | | Last Modified: | Sep 26 22:53:42 2007 |
| MD5 Checksum: | 5758d3c018842776cb44bd43a352c4c7 |
|
| /// File Name: |
dsa-1343-2.txt |
Description:
|
Debian Security Advisory 1343-2 - The Debian 4.0r1 release contains a file package with the same version number as the last security update (4.17-5etch2), potentially overriding it. This security advisory reissues DSA-1343-1 with a higher version number, to ensure that its changes remain in effect. The changes from Debian 4.0r1 (which fix a minor denial of service issue, CVE-2007-2026) are included as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 9926 | | Related CVE(s): | CVE-2007-2799, CVE-2007-2026 | | Last Modified: | Sep 26 22:51:53 2007 |
| MD5 Checksum: | a444df46f046149995068a46cc48bc51 |
|
| /// File Name: |
sa26874.txt |
Description:
|
Secunia Security Advisory - Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26874/ | | File Size: | 2591 | | Last Modified: | Sep 26 22:37:08 2007 |
| MD5 Checksum: | 07c99f20e56974208bbf1579c3dae566 |
|
| /// File Name: |
sa26893.txt |
Description:
|
Secunia Security Advisory - rPath has issued an update for openssl. This fixes some vulnerabilities and a weakness, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to potentially bypass certain security restrictions or to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26893/ | | File Size: | 2486 | | Last Modified: | Sep 26 22:37:08 2007 |
| MD5 Checksum: | b7a9f6a1dba6f748ed556fb3a9daa14e |
|
| /// File Name: |
sa26917.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/26917/ | | File Size: | 5662 | | Last Modified: | Sep 26 22:37:08 2007 |
| MD5 Checksum: | 0b3b8fe21cc67ebaee24838d9f428992 |
|
| /// File Name: |
sa26938.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for ntfs-3g. This fixes a weakness, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/26938/ | | File Size: | 3191 | | Last Modified: | Sep 26 22:37:08 2007 |
| MD5 Checksum: | befe241d21090882d26d834fa0525358 |
|
| /// File Name: |
sa26939.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for gimp. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26939/ | | File Size: | 2883 | | Last Modified: | Sep 26 22:37:08 2007 |
| MD5 Checksum: | 3bc56839eda4f2ee08f01b1e5da161ef |
|
| /// File Name: |
sa26949.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for elinks. This fixes a weakness, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/26949/ | | File Size: | 7432 | | Last Modified: | Sep 26 22:37:08 2007 |
| MD5 Checksum: | a6679c92667c6f7c115c2b5650b28556 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
