Section: .. / 0507-advisories /
| /// File Name: |
NateOnMessenger30.txt |
Description:
|
NateOn Messenger version 3.0 suffers from a file sharing flaw that allows for traversal attacks allowing for directory listings.
| | Author: | PARK | | File Size: | 62230 | | Last Modified: | Jul 12 16:55:17 2005 |
| MD5 Checksum: | d5bb8e32de0d862cd7423c29f28aa274 |
|
| /// File Name: |
dsa-758-1.txt |
Description:
|
Debian Security Advisory DSA 758-1 - A buffer overflow has been discovered in the telnet server from Heimdal, a free implementation of Kerberos 5, that could lead to the execution of arbitrary code.
| | Homepage: | http://security.debian.org/ | | File Size: | 61853 | | Related CVE(s): | CAN-2005-2040 | | Last Modified: | Jul 19 16:26:16 2005 |
| MD5 Checksum: | 9561fca84626eeb926df28b6c7164c6f |
|
| /// File Name: |
adv4.pdf |
Description:
|
A race condition vulnerability has been found in the ia32 compatibility execve() systemcall of the Linux kernel. The race condition may lead to heap corruption. Versions up to 2.4.31 and 2.6.6 are affected.
| | Author: | Ilja van Sprundel | | Homepage: | http://www.suresec.org/ | | File Size: | 56041 | | Related CVE(s): | CAN-2005-1768 | | Last Modified: | Jul 12 16:35:56 2005 |
| MD5 Checksum: | d3d8659f1b53b656ded2430e67270208 |
|
| /// File Name: |
dsa-765-1.txt |
Description:
|
Debian Security Advisory DSA 765-1 - A buffer overflow was discovered in the handling of the LINEMODE suboptions in telnet clients. Heimdal, a free implementation of Kerberos 5, also contains such a client. This can lead to the execution of arbitrary code when connected to a malicious server.
| | Homepage: | http://security.debian.org/ | | File Size: | 36932 | | Related CVE(s): | CAN-2005-0469 | | Last Modified: | Jul 28 08:36:03 2005 |
| MD5 Checksum: | 3333dc5397a018f7f305b8a410a618d8 |
|
| /// File Name: |
cisco-sa-20050729-ipv6.txt |
Description:
|
Cisco Security Advisory - Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml | | File Size: | 30839 | | Last Modified: | Aug 5 07:33:00 2005 |
| MD5 Checksum: | 81aa26610de87bb904cf13a389cf7167 |
|
| /// File Name: |
dsa-761-1.txt |
Description:
|
Debian Security Advisory DSA 761-1 - Eric Romang discovered several insecure temporary file creations in heartbeat, the subsystem for High-Availability Linux.
| | Homepage: | http://security.debian.org/ | | File Size: | 24176 | | Related CVE(s): | CAN-2005-2231 | | Last Modified: | Jul 19 16:56:15 2005 |
| MD5 Checksum: | cf9fd19daad569f1d47ca207ad1120f5 |
|
| /// File Name: |
clamav.pdf |
Description:
|
Clam AntiVirus (ClamAV) versions 0.86.1 and below suffer from remote heap overflows.
| | Author: | Neel Mehta, Alex Wheeler | | File Size: | 21601 | | Last Modified: | Jul 28 07:47:41 2005 |
| MD5 Checksum: | f9508af9cf88b63143dc1098b4e7655f |
|
| /// File Name: |
dsa-748-1.txt |
Description:
|
Debian Security Advisory DSA 748-1 - A vulnerability has been discovered in ruby 1.8 that could allow arbitrary command execution on a server running the ruby xmlrpc server.
| | Homepage: | http://security.debian.org/ | | File Size: | 20254 | | Related CVE(s): | CAN-2005-1992 | | Last Modified: | Jul 12 16:42:20 2005 |
| MD5 Checksum: | e1081c0b95a9b1effe8db20462deab33 |
|
| /// File Name: |
belkinWireless.txt |
Description:
|
Belkin wireless routers appear to ship with a default telnetd backdoor, password-less administrative account, and other oddities.
| | Author: | pagvac (Adrian Pastor) | | File Size: | 17241 | | Last Modified: | Jul 15 18:24:55 2005 |
| MD5 Checksum: | a80790d2121644bc9455f8505bb395be |
|
| /// File Name: |
cisco-sa-20050712-ccm.txt |
Description:
|
Cisco Security Advisory - Cisco CallManager 3.3 and earlier, 4.0, and 4.1 are vulnerable to Denial of Service (DoS) attacks, memory leaks, and memory corruption which may result in services being interrupted, servers rebooting, or arbitrary code being executed.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml | | File Size: | 14216 | | Last Modified: | Jul 13 08:34:34 2005 |
| MD5 Checksum: | 609c1ff4a15bf93a491b5cf1157193a9 |
|
| /// File Name: |
SSRT4884.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running TCP/IP. This vulnerability could be remotely exploited by an unauthorized user to cause a Denial of Service(DoS).
| | Homepage: | http://www.hp.com | | File Size: | 13937 | | Related CVE(s): | CAN-2004-0790, CAN-2004-0791, CAN-2004-1060 | | Last Modified: | Jul 20 09:23:12 2005 |
| MD5 Checksum: | 848203de6dd2d00623a935f795ade27d |
|
| /// File Name: |
dsa-746-1.txt |
Description:
|
Debian Security Advisory DSA 746-1 - A vulnerability had been identified in the xmlrpc library included with phpgroupware, a web-based application including email, calendar and other groupware functionality. This vulnerability could lead to the execution of arbitrary commands on the server running phpgroupware.
| | Homepage: | http://security.debian.org/ | | File Size: | 11645 | | Related CVE(s): | CAN-2005-1921 | | Last Modified: | Jul 14 08:00:09 2005 |
| MD5 Checksum: | 486e90d73b6508b1ae7c02ab8206bea4 |
|
| /// File Name: |
SSRT4743-SSRT4884.txt |
Description:
|
HP Security Bulletin - Several potential security vulnerabilities have been identified in the HP Tru64 UNIX TCP/IP including ICMP, and Initial Sequence Number generation (ISNs). These exploits could result in a remote Denial of Service (DoS) from network throughput reduction for TCP connections, the reset of TCP connections, or TCP spoofing.
| | Homepage: | http://www.hp.com | | File Size: | 11562 | | Related CVE(s): | CAN-2004-0790, CAN-2004-0791, CAN-2004-1060, CAN-2001-0328 | | Last Modified: | Jul 19 16:36:44 2005 |
| MD5 Checksum: | cf012e700b07b6fc00d58fa21c3ba41c |
|
| /// File Name: |
SSRT5954.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running TCP/IP (IPv4). This vulnerability could be remotely exploited by an unauthorized user to cause a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 11519 | | Related CVE(s): | CAN-2005-1192 | | Last Modified: | Jul 20 09:20:56 2005 |
| MD5 Checksum: | 052031cfdd509e3180744e24e56a85a5 |
|
| /// File Name: |
dsa-763-1.txt |
Description:
|
Debian Security Advisory DSA 763-1 - Markus Oberhumer discovered a flaw in the way zlib, a library used for file compression and decompression, handles invalid input. This flaw can cause programs which use zlib to crash when opening an invalid file.
| | Homepage: | http://security.debian.org/ | | File Size: | 11034 | | Related CVE(s): | CAN-2005-1849 | | Last Modified: | Jul 21 08:21:53 2005 |
| MD5 Checksum: | 87bc4c3b254470bb2bd15e26b687711b |
|
| /// File Name: |
cisco-sa-20050713-ons.txt |
Description:
|
Cisco Security Advisory - The Cisco ONS 15216 OADM (Optical Add/Drop Multiplexer) contains a vulnerability in the handling of telnet sessions that can cause a denial-of-service condition in the management plane. Traffic going through the Cisco ONS 15216 OADM (i.e. transit traffic), is not affected when the management plane is under a denial-of-service condition. However, clearing the denial-of-service condition on the management plane requires resetting the device, which impacts transit traffic.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20050713-ons.shtml | | File Size: | 10993 | | Last Modified: | Jul 14 08:52:30 2005 |
| MD5 Checksum: | f5e9e7d1760c1b95781c5dbf517dd4c4 |
|
| /// File Name: |
USN-152-1.txt |
Description:
|
Ubuntu Security Notice USN-152-1 - Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and libnss-ldap. When a client connected to a slave LDAP server using SSL, the slave server did not use SSL as well when contacting the LDAP master server. This caused passwords and other confident information to be transmitted unencrypted between the slave and the master.
| | Homepage: | http://www.ubuntu.com/ | | File Size: | 10742 | | Related CVE(s): | CAN-2005-2069 | | Last Modified: | Jul 22 09:01:55 2005 |
| MD5 Checksum: | 7b48ea67d909e579b55b086390dbeda1 |
|
| /// File Name: |
sa16161.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued updates for libnss-ldap, libpam-ldap and slapd. These fix a security issue, which can be exploit by malicious people to gain knowledge of sensitive information.
| | Homepage: | http://secunia.com/advisories/16161/ | | File Size: | 10601 | | Last Modified: | Jul 22 08:22:59 2005 |
| MD5 Checksum: | 4ddcb838808305ec9d5596d911f35aeb |
|
| /// File Name: |
dsa-754-1.txt |
Description:
|
Debian Security Advisory DSA 754-1 - Eric Romang discovered that centericq, a text-mode multi-protocol instant messenger client, creates some temporary files with predictable filenames and is hence vulnerable to symlink attacks by local attackers.
| | Homepage: | http://security.debian.org/ | | File Size: | 10471 | | Related CVE(s): | CAN-2005-1914 | | Last Modified: | Jul 14 07:53:37 2005 |
| MD5 Checksum: | c048fafa67e00ddeef37243ae95308eb |
|
| /// File Name: |
dsa-725-2.txt |
Description:
|
Debian Security Advisory DSA 725-1 - Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell.
| | Homepage: | http://security.debian.org/ | | File Size: | 10270 | | Related CVE(s): | CAN-2005-0392 | | Last Modified: | Jul 7 09:58:30 2005 |
| MD5 Checksum: | ea0f1eb00dab1b2cd70ff988ca8e3be7 |
|
| /// File Name: |
NRVA05-03.txt |
Description:
|
HAURI live update suffers from remote file download and execution vulnerabilities.
| | Author: | Park Gyutae | | File Size: | 10030 | | Last Modified: | Jul 28 18:55:46 2005 |
| MD5 Checksum: | b0c582692ccecdb7dab8e7a8d192f5e0 |
|
| /// File Name: |
dsa-747-1.txt |
Description:
|
Debian Security Advisory DSA 747-1 - A vulnerability has been identified in the xmlrpc library included in the egroupware package. This vulnerability could lead to the execution of arbitrary commands on the server running egroupware.
| | Homepage: | http://security.debian.org/ | | File Size: | 8939 | | Related CVE(s): | CAN-2005-1921 | | Last Modified: | Jul 12 16:24:35 2005 |
| MD5 Checksum: | 85768ac6ec95c8af06b2472bdbe11af3 |
|
| /// File Name: |
dsa-749-1.txt |
Description:
|
Debian Security Advisory DSA 749-1 - A vulnerability was discovered in the ettercap package which could allow a remote attacker to execute arbitrary code on the system running ettercap.
| | Homepage: | http://security.debian.org/ | | File Size: | 8774 | | Related CVE(s): | CAN-2005-1796 | | Last Modified: | Jul 12 16:25:41 2005 |
| MD5 Checksum: | 53be4ecc5ed938cabb54a20542370b1c |
|
| /// File Name: |
dsa-770-1.txt |
Description:
|
Debian Security Advisory DSA 770-1 - John Goerzen discovered that gopher, a client for the Gopher Distributed Hypertext protocol, creates temporary files in an insecure fashion.
| | Homepage: | http://security.debian.org/ | | File Size: | 8634 | | Related CVE(s): | CAN-2005-1853 | | Last Modified: | Aug 5 07:33:36 2005 |
| MD5 Checksum: | 161a6ee1f53a5397084bdb43665a8d99 |
|
| /// File Name: |
dsa-751-1.txt |
Description:
|
Debian Security Advisory DSA 751-1 - The upstream developers have discovered a bug in the DNS lookup code of Squid, the popular WWW proxy cache. When the DNS client UDP port (assigned by the operating system at startup) is unfiltered and the network is not protected from IP spoofing, malicious users can spoof DNS lookups which could result in users being redirected to arbitrary web sites.
| | Homepage: | http://security.debian.org/ | | File Size: | 8622 | | Related CVE(s): | CAN-2005-1519 | | Last Modified: | Jul 12 16:44:33 2005 |
| MD5 Checksum: | 30fb3feb33beb089c0ef6065ada59b1a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
