.:[ packet storm ]:.
                               
notoriously trustworthy
notoriously trustworthy

 Section:  .. / Last 50 Advisory Files /

 ///  File Name:cisco-sa-20080514-cup.txt
Description:
Cisco Security Advisory - Administrators of systems running all Cisco Unified Presence versions can determine the software version by viewing the main page of the Cisco Unified Presence Administration interface. The software version can be determined by running the command show version active via the Command Line Interface (CLI).
Homepage:http://www.cisco.com/
File Size:11779
Related CVE(s):CVE-2008-1740, CVE-2008-1741
Last Modified:May 15 04:28:20 2008
MD5 Checksum:fddfe8a3e45e0c202a50e5bc67fa484a

 ///  File Name:cisco-sa-20080514-cucmdos.txt
Description:
Cisco Security Advisory - Cisco Unified Communications Manager, formerly Cisco CallManager, contains multiple denial of service (DoS) vulnerabilities that may cause an interruption in voice services, if exploited. These vulnerabilities were discovered internally by Cisco.
Homepage:http://www.cisco.com/
File Size:23251
Related CVE(s):CVE-2008-1742, CVE-2008-1743, CVE-2008-1744, CVE-2008-1745, CVE-2008-1747, CVE-2008-1748, CVE-2008-1746
Last Modified:May 15 04:27:01 2008
MD5 Checksum:f01d649c7340d9b0d53c17cf1ce68606

 ///  File Name:cisco-sa-20080514-csm.txt
Description:
Cisco Security Advisory - The Cisco Content Switching Module (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain a memory leak vulnerability that can result in a denial of service condition. The vulnerability exists when the CSM or CSM-S is configured for layer 7 load balancing. An attacker can trigger this vulnerability when the CSM or CSM-S processes TCP segments with a specific combination of TCP flags while servers behind the CSM/CSM-S are overloaded and/or fail to accept a TCP connection.
Homepage:http://www.cisco.com/
File Size:17388
Related CVE(s):CVE-2008-1749
Last Modified:May 15 04:25:13 2008
MD5 Checksum:0a7dfcd9f771e114ed6eafdd02388931

 ///  File Name:AD20080514.txt
Description:
The Microsoft Malware Protection Engine is susceptible to two denial of service vulnerabilities.
Author:Sowhat
Homepage:http://www.nevisnetworks.com/
File Size:2282
Related CVE(s):CVE-2008-1437, CVE-2008-1438
Last Modified:May 15 03:54:53 2008
MD5 Checksum:349d87c5c46ed91f4800ece0f2e55999

 ///  File Name:dsa-1577-1.txt
Description:
Debian Security Advisory 1577-1 - Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitrary files on the local system.
Homepage:http://www.debian.org/security
File Size:5237
Related CVE(s):CVE-2008-0167
Last Modified:May 15 03:51:39 2008
MD5 Checksum:81f578fa45368e855560e91c2dd60d4e

 ///  File Name:dsa-1576-1.txt
Description:
Debian Security Advisory 1576-1 - The recently announced vulnerability in Debian's openssl package (DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result, all user and host keys generated using broken versions of the openssl package must be considered untrustworthy, even after the openssl update has been applied.
Homepage:http://www.debian.org/security
File Size:15197
Related CVE(s):CVE-2008-0166
Last Modified:May 15 03:50:46 2008
MD5 Checksum:a79fd4e6e656f73f69d8c73cf16f3723

 ///  File Name:glsa-200805-16.txt
Description:
Gentoo Linux Security Advisory GLSA 200805-16 - Multiple vulnerabilities have been reported in OpenOffice.org, possibly allowing for user-assisted execution of arbitrary code. Versions less than 2.4.0 are affected.
Homepage:http://security.gentoo.org
File Size:4479
Related CVE(s):CVE-2007-4770, CVE-2007-4771, CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320
Last Modified:May 15 03:50:03 2008
MD5 Checksum:c5ac7f6c3461ccefbfb9d489ee5db5b6

 ///  File Name:glsa-200805-15.txt
Description:
Gentoo Linux Security Advisory GLSA 200805-15 - Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'. Versions less than 0.15.1b-r2 are affected.
Homepage:http://security.gentoo.org
File Size:2415
Related CVE(s):CVE-2008-2109
Last Modified:May 15 03:49:12 2008
MD5 Checksum:a924bb8eeda8ff0dbe39e3cd31978d5e

 ///  File Name:USN-612-6.txt
Description:
Ubuntu Security Notice 612-6 - USN-612-3 addressed a weakness in OpenSSL certificate and keys generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS and multi-client/server which caused OpenVPN to not start when using valid SSL certificates. It was also found that openssl-vulnkey from openssl-blacklist would fail when stderr was not available. This caused OpenVPN to fail to start when used with applications such as NetworkManager. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
Homepage:http://security.ubuntu.com/
File Size:8081
Related CVE(s):CVE-2008-0166
Last Modified:May 15 03:47:36 2008
MD5 Checksum:1b121b32f5b219bf781da551ba98e314

 ///  File Name:USN-612-5.txt
Description:
Ubuntu Security Notice 612-5 - Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This could cause some compromised keys not to be listed in ssh-vulnkey's output. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
Homepage:http://security.ubuntu.com/
File Size:16139
Related CVE(s):CVE-2008-0166
Last Modified:May 15 03:46:36 2008
MD5 Checksum:12c2407158560e7b8cd3525552c71aec

 ///  File Name:USN-612-4.txt
Description:
Ubuntu Security Notice 612-4 - USN-612-1 fixed vulnerabilities in openssl. This update provides the corresponding updates for ssl-cert -- potentially compromised snake-oil SSL certificates will be regenerated. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
Homepage:http://security.ubuntu.com/
File Size:4207
Related CVE(s):CVE-2008-0166
Last Modified:May 15 03:45:47 2008
MD5 Checksum:fbb384be18c0b97874a042383317e896

 ///  File Name:officepub-corrupt.txt
Description:
A memory corruption vulnerability exists in Microsoft Office Publisher when it is parsing a PUB file. An attacker who successfully exploits this vulnerability can execute arbitrary code on the affected system.
Author:cocoruder
Homepage:http://ruder.cdut.net/
File Size:1355
Related CVE(s):CVE-2008-0119
Last Modified:May 15 01:13:56 2008
MD5 Checksum:c3c39fb97be35f9f59393df7386d6245

 ///  File Name:glsa-200805-14.txt
Description:
Gentoo Linux Security Advisory GLSA 200805-14 - Alfredo Ortega (Core Security Technologies) reported a boundary error within the Read32s_64() function when processing CDF files. Versions less than 3.2.1 are affected.
Homepage:http://security.gentoo.org
File Size:3057
Related CVE(s):CVE-2008-2080
Last Modified:May 13 17:42:27 2008
MD5 Checksum:fb60597d6c2b729facceb809547eadbd

 ///  File Name:TA08-134A.txt
Description:
Technical Cyber Security Alert TA08-134A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Office, Jet Database Engine, Windows Live OneCare, Antigen, Windows Defender, and Forefront Security as part of the Microsoft Security Bulletin Summary for May 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database.
Homepage:http://www.us-cert.gov/
File Size:3749
Last Modified:May 13 15:41:07 2008
MD5 Checksum:1b674f3df657c92d13731b2e7392126e

 ///  File Name:05.13.08-1.txt
Description:
iDefense Security Advisory 05.13.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code with the privileges of the logged in user. This vulnerability exists in the way Word handles CSS rules in an HTML document. When the number of CSS selectors is above some specific amount, an unspecified object will be corrupted causing Word to access a memory region that has already been freed. iDefense has confirmed fully patched Microsoft Word 2003 SP2, Microsoft Word XP SP3, Microsoft Word 2000 SP3 are vulnerable. Microsoft Word 2003 SP3 and Microsoft Word 2007 do not appear to be affected. Microsoft reports that all supported versions of Word, Word Viewer, and Outlook 2007 are vulnerable.
Author:Jun Mao
Homepage:http://www.idefense.com/
File Size:4164
Related CVE(s):CVE-2008-1434
Last Modified:May 13 15:39:58 2008
MD5 Checksum:fd7486dbe9fda5cc2883cbfa6ad3cc65

 ///  File Name:ZDI-08-023.txt
Description:
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. Successful exploitation can lead to remote compromise of a system under the credentials of the currently logged in user.
Author:wushi
Homepage:http://www.zerodayinitiative.com/
File Size:3266
Related CVE(s):CVE-2008-1091
Last Modified:May 13 15:38:28 2008
MD5 Checksum:3a4c70d8165cb815e52e832667c68280

 ///  File Name:USN-612-3.txt
Description:
Ubuntu Security Notice 612-3 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of shared encryption keys and SSL/TLS certificates in OpenVPN. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
Homepage:http://security.ubuntu.com/
File Size:7395
Related CVE(s):CVE-2008-0166
Last Modified:May 13 15:37:41 2008
MD5 Checksum:fbc9eb044bb2cb99c735320b168eeffe

 ///  File Name:TPTI-08-04.txt
Description:
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the target opens an Office file that contains malicious Jet DB Engine objects. The specific flaw exists within the parsing of a column structure. The DWORD value from the structure that specifies the column count is trusted. If this value is changed, an inline memcpy to the stack can overflow while reading a column name. Typically Jet DB structures are used within MDB files which are considered unsafe. However, it is possible to embed such files within a trusted format, such as an Office Document (.doc). This issue allows for remote code execution under the context of the currently logged in user.
Author:Aaron Portnoy
Homepage:http://www.tippingpoint.com/
File Size:1728
Related CVE(s):CVE-2007-6026
Last Modified:May 13 15:37:04 2008
MD5 Checksum:b0741f928fbcdfe0d4a4a46f4d209d1b

 ///  File Name:USN-612-2.txt
Description:
Ubuntu Security Notice 612-2 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems.
Homepage:http://security.ubuntu.com/
File Size:19137
Related CVE(s):CVE-2008-0166
Last Modified:May 13 11:11:26 2008
MD5 Checksum:08b7a276f7d12fdf3ce857fbdc45404e

 ///  File Name:dsa-1571-1.txt
Description:
Debian Security Advisory 1571-1 - Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package. As a result, cryptographic key material may be guessable. This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.
Homepage:http://www.debian.org/security
File Size:14589
Related CVE(s):CVE-2008-0166
Last Modified:May 13 11:10:24 2008
MD5 Checksum:3519042f913d5ce265ca79a43a1d7f92

 ///  File Name:dsa-1575-1.txt
Description:
Debian Security Advisory 1575-1 - A vulnerability has been discovered in the Linux kernel that may lead to a denial of service. Alexander Viro discovered a race condition in the fcntl code that may permit local users on multi-processor systems to execute parallel code paths that are otherwise prohibited and gain re-ordered access to the descriptor table.
Homepage:http://www.debian.org/security
File Size:36131
Related CVE(s):CVE-2008-1669
Last Modified:May 13 11:04:01 2008
MD5 Checksum:a095807a32a3fc4ee13e1e39f557b145

 ///  File Name:USN-612-1.txt
Description:
Ubuntu Security Notice 612-1 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems.
Homepage:http://security.ubuntu.com/
File Size:15288
Related CVE(s):CVE-2008-0166
Last Modified:May 13 11:01:40 2008
MD5 Checksum:4798966590d2c04dbeae52eda8904882

 ///  File Name:05.12.08-1.txt
Description:
iDefense Security Advisory 05.12.08 - Local exploitation of an input validation vulnerability within version 5.1.2600.2180 of i2omgmt.sys, as included with Microsoft Corp's Windows XP operating system, could allow an attacker to execute arbitrary code in the context of the kernel. iDefense has confirmed the existence of this vulnerability in i2omgmt.sys version 5.1.2600.2180 as installed on some Windows XP SP2 systems. All other Windows releases with this driver, including previous versions, are suspected to be vulnerable.
Author:Ruben Santamarta
Homepage:http://www.idefense.com/
File Size:4025
Related CVE(s):CVE-2008-0322
Last Modified:May 12 18:28:36 2008
MD5 Checksum:9a855b4f3e57f9d46308c1a0f2293ded

 ///  File Name:glsa-200805-13.txt
Description:
Gentoo Linux Security Advisory GLSA 200805-13 - Multiple issues were found in the teTeX 2 codebase that PTeX builds upon (GLSA 200709-17, GLSA 200711-26). PTeX also includes vulnerable code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, GLSA 200711-22) and from T1Lib (GLSA 200710-12). Versions less than 3.1.10_p20071203 are affected.
Homepage:http://security.gentoo.org
File Size:3730
Last Modified:May 12 18:27:15 2008
MD5 Checksum:15830348aa8fe782c793f470674bbf22

 ///  File Name:glsa-200805-12.txt
Description:
Gentoo Linux Security Advisory GLSA 200805-12 - Stefan Cornelius (Secunia Research) reported a boundary error within the imb_loadhdr() function in in the file source/blender/imbuf/intern/radiance_hdr.c when processing RGBE images (CVE-2008-1102). Multiple vulnerabilities involving insecure usage of temporary files have also been reported (CVE-2008-1103). Versions less than 2.43-r2 are affected.
Homepage:http://security.gentoo.org
File Size:3313
Related CVE(s):CVE-2008-1102, CVE-2008-1103
Last Modified:May 12 18:26:58 2008
MD5 Checksum:448f5fac796df4e8c92d9693409be43e

 ///  File Name:glsa-200805-11.txt
Description:
Gentoo Linux Security Advisory GLSA 200805-11 - Chicken includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruption vulnerabilities (GLSA 200711-30). Versions less than 3.1.0 are affected.
Homepage:http://security.gentoo.org
File Size:3061
Last Modified:May 12 18:26:45 2008
MD5 Checksum:d9d22fd1973d39963760ae4fd6fe5097

 ///  File Name:SSRT071403.txt
Description:
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running ftp. The vulnerability could be exploited remotely to create a Denial of Service (DoS). The Denial of Service (DoS) affects the ftp server application only.
Homepage:http://www.hp.com/
File Size:7219
Related CVE(s):CVE-2008-0713
Last Modified:May 12 16:04:01 2008
MD5 Checksum:775ab8659a58b7670f90f607b3a6d47e

 ///  File Name:dsa-1574-1.txt
Description:
Debian Security Advisory 1574-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. "moz_bug_r_a4" discovered that insecure handling of event handlers could lead to cross-site scripting. Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered that incorrect principal handling can lead to cross-site scripting and the execution of arbitrary code. Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. "georgi", "tgirmann" and Igor Bukanov discovered crashes in the Javascript engine, which might allow the execution of arbitrary code.
Homepage:http://www.debian.org/security
File Size:16567
Related CVE(s):CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237
Last Modified:May 12 15:57:20 2008
MD5 Checksum:88c086a46a80505846192144f8ae384e

 ///  File Name:glsa-200805-10.txt
Description:
Gentoo Linux Security Advisory GLSA 200805-10 - It has been reported that Pngcrush includes a copy of libpng that is vulnerable to a memory corruption (GLSA 200804-15). Versions less than 1.6.4-r1 are affected.
Homepage:http://security.gentoo.org
File Size:3170
Related CVE(s):CVE-2008-1382
Last Modified:May 12 10:41:29 2008
MD5 Checksum:7cfec10bfa57130b88afb7bff74c84e3

 ///  File Name:dsa-1573-1.txt
Description:
Debian Security Advisory 1573-1 - Several remote vulnerabilities have been discovered in rdesktop, a Remote Desktop Protocol client. Remote exploitation of an integer underflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. Remote exploitation of a BSS overflow vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user. Remote exploitation of an integer signedness vulnerability allows attackers to execute arbitrary code with the privileges of the logged-in user.
Homepage:http://www.debian.org/security
File Size:5587
Related CVE(s):CVE-2008-1801, CVE-2008-1802, CVE-2008-1803
Last Modified:May 12 10:41:01 2008
MD5 Checksum:ba15a8cc0a3d8d809028c215d0f8f9a2

 ///  File Name:dsa-1572-1.txt
Description:
Debian Security Advisory 1572-1 - Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The glob function allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter. Integer overflow allows context-dependent attackers to cause a denial of service and possibly have other impact via a printf format parameter with a large width specifier. Stack-based buffer overflow in the FastCGI SAPI. The escapeshellcmd API function could be attacked via incomplete multibyte chars.
Homepage:http://www.debian.org/security
File Size:40512
Related CVE(s):CVE-2007-3806, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051
Last Modified:May 12 10:39:51 2008
MD5 Checksum:65c9c530978f313191386160ca68b3a9

 ///  File Name:glsa-200805-09.txt
Description:
Gentoo Linux Security Advisory GLSA 200805-09 - It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list. Versions less than 1.6.3 are affected.
Homepage:http://security.gentoo.org
File Size:2956
Related CVE(s):CVE-2008-1937
Last Modified:May 12 10:37:50 2008
MD5 Checksum:f5912af55302350b385b5dd9c8aea1a1

 ///  File Name:MDVSA-2008-100.txt
Description:
Mandriva Linux Security Advisory - A double free vulnerability in Perl 5.8.8 and earlier versions, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.
Homepage:http://www.mandriva.com/security/
File Size:6987
Related CVE(s):CVE-2008-1927
Last Modified:May 12 10:37:41 2008
MD5 Checksum:513fa7b59cd18f23cdf5a4d38273458e

 ///  File Name:glsa-200805-08.txt
Description:
Gentoo Linux Security Advisory GLSA 200805-08 - The namesx and uhnames modules do not properly validate network input, leading to a buffer overflow. Versions less than 1.1.19 are affected.
Homepage:http://security.gentoo.org
File Size:2399
Related CVE(s):CVE-2008-1925
Last Modified:May 9 13:53:32 2008
MD5 Checksum:cdb2393100a4faec5400559fd35ff0f8

 ///  File Name:glsa-200805-07.txt
Description:
Gentoo Linux Security Advisory GLSA 200805-07 - LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA 200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA 200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30) which were subject to multiple security vulnerabilities since 2006. Please note that the given list of vulnerabilities might not be exhaustive. Versions less than 5.0 are affected.
Homepage:http://security.gentoo.org
File Size:4366
Last Modified:May 9 13:53:07 2008
MD5 Checksum:b99107d7cc4efe620d3b52050bad0f8f

 ///  File Name:glsa-200805-06.txt
Description:
Gentoo Linux Security Advisory GLSA 200805-06 - Viesturs reported that the default configuration for Gentoo's init script (/etc/conf.d/firebird) sets the ISC_PASSWORD environment variable when starting Firebird. It will be used when no password is supplied by a client connecting as the SYSDBA user. Versions less than 2.0.3.12981.0-r6 are affected.
Homepage:http://security.gentoo.org
File Size:2857
Related CVE(s):CVE-2008-1880
Last Modified:May 9 13:52:37 2008
MD5 Checksum:85f645f65baa0b3fe9c141d775831681

 ///  File Name:MDVSA-2008-099.txt
Description:
Mandriva Linux Security Advisory - A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially-crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system running ImageMagick. Another heap-based buffer overflow vulnerability was found in how ImageMagick processed certain malformed PCX images. If ImageMagick opened a specially-crafted PCX image file, an attacker could possibly execute arbitrary code on the system running ImageMagick.
Homepage:http://www.mandriva.com/security/
File Size:7839
Related CVE(s):CVE-2008-1096, CVE-2008-1097
Last Modified:May 9 13:43:27 2008
MD5 Checksum:80671fb91b231ddf51ff6f60aef286c4

 ///  File Name:USN-611-3.txt
Description:
Ubuntu Security Notice 611-3 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for GStreamer Good Plugins. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.
Homepage:http://security.ubuntu.com/
File Size:15260
Related CVE(s):CVE-2008-1686
Last Modified:May 9 13:31:28 2008
MD5 Checksum:26dd30b7333f05b291b099650b8a9e89

 ///  File Name:USN-611-2.txt
Description:
Ubuntu Security Notice 611-2 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for ogg123, part of vorbis-tools. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.
Homepage:http://security.ubuntu.com/
File Size:7294
Related CVE(s):CVE-2008-1686
Last Modified:May 9 13:30:57 2008
MD5 Checksum:a2c8b46ce1f3301d099c7eb67973f3b0

 ///  File Name:USN-611-1.txt
Description:
Ubuntu Security Notice 611-1 - It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.
Homepage:http://security.ubuntu.com/
File Size:13345
Related CVE(s):CVE-2008-1686
Last Modified:May 9 13:30:27 2008
MD5 Checksum:218704e90625568f9bf94f8cb18d0063

 ///  File Name:novell-stackoverflow.txt
Description:
Novell Client versions 4.91 SP4 and below suffer from a local stack overflow vulnerability.
Author:laurent gaffi
File Size:2335
Last Modified:May 9 13:20:52 2008
MD5 Checksum:dcfbc10b009f3e54667c1a67566d1691

 ///  File Name:05.07.08-3.txt
Description:
iDefense Security Advisory 05.07.08 - Remote exploitation of an integer signedness vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reallocating dynamic buffers. The rdesktop xrealloc() function uses a signed comparison to determine if the requested allocation size is less than 1. When this occurs, the function will incorrectly set the allocation size to be 1. This results in an improperly sized heap buffer being allocated, which can later be overflowed. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.
Homepage:http://www.idefense.com/
File Size:3416
Related CVE(s):CVE-2008-1803
Last Modified:May 7 20:43:37 2008
MD5 Checksum:c3320ef9f586bf2a8eadea9bdb952524

 ///  File Name:05.07.08-2.txt
Description:
iDefense Security Advisory 05.07.08 - Remote exploitation of a BSS overflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP redirect request. This request is used to redirect an RDP connection from one server to another. When parsing the redirect request, the rdesktop client reads several 32-bit integers from the request packet. These integers are then used to control the number of bytes read into statically allocated buffers. This results in several buffers located in the BSS section being overflowed, which can lead to the execution of arbitrary code. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.
Homepage:http://www.idefense.com/
File Size:3480
Related CVE(s):CVE-2008-1802
Last Modified:May 7 20:42:49 2008
MD5 Checksum:dcb778aa36d5093d53a1522ad73f6ceb

 ///  File Name:05.07.08-1.txt
Description:
iDefense Security Advisory 05.07.08 - Remote exploitation of an integer underflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP request. When reading a request, a 16-bit integer value that represents the number of bytes that follow is taken from the packet. This value is then decremented by 4, and used to calculate how many bytes to read into a heap buffer. The subtraction operation can underflow, which will then lead to the heap buffer being overflowed. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.
Homepage:http://www.idefense.com/
File Size:3393
Related CVE(s):CVE-2008-1801
Last Modified:May 7 20:42:04 2008
MD5 Checksum:c018aff3b2b98000cb2a48058984a14d

 ///  File Name:google-spam.txt
Description:
It appears that manipulating the forwarding functionality in Google's GMail service allows people to spam.
Homepage:http://ece.uprm.edu/~andre/insert
File Size:2123
Last Modified:May 7 20:40:32 2008
MD5 Checksum:f7d31e6f454a2e5814a14ca9ac14dcfb

 ///  File Name:glsa-200805-05.txt
Description:
Gentoo Linux Security Advisory GLSA 200805-05 - Multiple Denial of Service vulnerabilities have been discovered in Wireshark. Versions less than 1.0.0 are affected.
Homepage:http://security.gentoo.org
File Size:3487
Related CVE(s):CVE-2008-1561, CVE-2008-1562, CVE-2008-1563
Last Modified:May 7 20:38:38 2008
MD5 Checksum:f3ef77392f063e96467936e65228cc61

 ///  File Name:glsa-200805-04.txt
Description:
Gentoo Linux Security Advisory GLSA 200805-04 - A vulnerability has been reported in FCKEditor due to the way that file uploads are handled in the file editor/filemanager/upload/php/upload.php when a filename has multiple file extensions (CVE-2008-2041). Another vulnerability exists in the _bad_protocol_once() function in the file phpgwapi/inc/class.kses.inc.php, which allows remote attackers to bypass HTML filtering (CVE-2008-1502). Versions less than 1.4.004 are affected.
Homepage:http://security.gentoo.org
File Size:3609
Related CVE(s):CVE-2008-1502, CVE-2008-2041
Last Modified:May 7 20:38:18 2008
MD5 Checksum:0ef7dd1b359cd5c05af051363a60b6d3

 ///  File Name:glsa-200805-03.txt
Description:
Gentoo Linux Security Advisory GLSA 200805-03 - Bernhard R. Link discovered that Eterm opens a terminal on :0 if the -display option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo Security Team has shown that aterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are also affected. Versions less than 1.0.1-r1 are affected.
Homepage:http://security.gentoo.org
File Size:4335
Related CVE(s):CVE-2008-1142, CVE-2008-1692
Last Modified:May 7 20:37:56 2008
MD5 Checksum:e7bce4b2f319f035e053ff26dbb0497a

 ///  File Name:USN-610-1.txt
Description:
Ubuntu Security Notice 610-1 - Christian Herzog discovered that it was possible to connect to any LTSP client's X session over the network. A remote attacker could eavesdrop on X events, read window contents, and record keystrokes, possibly gaining access to private information.
Homepage:http://security.ubuntu.com/
File Size:7189
Related CVE(s):CVE-2008-1293
Last Modified:May 7 13:36:46 2008
MD5 Checksum:77ac0e795794d36deede12c886ccdf18

 ///  File Name:USN-609-1.txt
Description:
Ubuntu Security Notice 609-1 - It was discovered that arbitrary Java methods were not filtered out when opening databases in OpenOffice.org. If a user were tricked into running a specially crafted query, a remote attacker could execute arbitrary Java with user privileges. Multiple memory overflow flaws were discovered in OpenOffice.org's handling of Quattro Pro, EMF, and OLE files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges.
Homepage:http://security.ubuntu.com/
File Size:62628
Related CVE(s):CVE-2007-4575, CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320
Last Modified:May 7 13:36:08 2008
MD5 Checksum:a3deee4ad320e4a22639ce04c53c56e9