Section: .. / 0611-advisories /
| /// File Name: |
dsa-1220-1.txt |
Description:
|
Debian Security Advisory 1220-1 - Brian May discovered that pstotext, a utility to extract plain text from Postscript and PDF files, performs insufficient quoting of file names, which allows execution of arbitrary shell commands.
| | Homepage: | http://www.debian.org/security | | File Size: | 5132 | | Related CVE(s): | CVE-2006-5869 | | Last Modified: | Nov 28 21:56:18 2006 |
| MD5 Checksum: | 80450ab65824de103e20e39d5c753acf |
|
| /// File Name: |
sa22997.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for linux-ftpd. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information, or perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/22997/ | | File Size: | 5124 | | Last Modified: | Nov 25 23:47:38 2006 |
| MD5 Checksum: | e6a2fe3e2378959fec1c056a739c2bba |
|
| /// File Name: |
TA06-312A.txt |
Description:
|
Technical Cyber Security Alert TA06-312A - The Mozilla web browser and derived products contain several vulnerabilities. The most severe impact of these vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the user running the affected application. Other effects include forging an RSA signatures and denial of service. A remote, unauthenticated attacker could execute arbitrary code, or cause a denial of service. Forging an RSA signature (VU#335392) may allow an attacker to craft a TLS/SSL or email certificate that will not be detected as invalid. This may allow that attacker to impersonate a website or email system that relies on certificates for authentication.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 5116 | | Last Modified: | Nov 8 22:23:21 2006 |
| MD5 Checksum: | 11870073daed2cef7d1918c4a8882d30 |
|
| /// File Name: |
dsa-1217-1.txt |
Description:
|
Debian Security Advisory 1217-1 - Paul Szabo discovered that the netkit ftp server switches the user id too late, which may lead to the bypass of access restrictions when running on NFS. This update also adds return value checks to setuid() calls, which may fail in some PAM configurations.
| | Homepage: | http://www.debian.org/security | | File Size: | 5073 | | Related CVE(s): | CVE-2006-5778 | | Last Modified: | Nov 21 02:20:33 2006 |
| MD5 Checksum: | af3dcf3d5702d191ed500c2a54005f81 |
|
| /// File Name: |
dsa-1203-1.txt |
Description:
|
Debian Security Advisory 1203-1: Steve Rigler discovered that the PAM module for authentication against LDAP servers processes PasswordPolicyReponse control messages incorrectly, which might lead to an attacker being able to login into a suspended system account.
| | Homepage: | http://www.debian.org/security | | File Size: | 5066 | | Last Modified: | Nov 3 17:27:49 2006 |
| MD5 Checksum: | f08f02aa45cdfb41ca5dc772176ff0bd |
|
| /// File Name: |
USN-373-1.txt |
Description:
|
Ubuntu Security Notice 373-1: Race conditions were discovered in mutt's handling of temporary files. Under certain conditions when using a shared temp directory (the default), other local users could overwrite arbitrary files owned by the user running mutt. This vulnerability is more likely when the temp directory is over NFS.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4945 | | Last Modified: | Nov 2 19:46:29 2006 |
| MD5 Checksum: | 891f01c876d47c20c081d75524f1a6db |
|
| /// File Name: |
USN-385-1.txt |
Description:
|
Ubuntu Security Notice 385-1 - Teemu Salmela discovered that tar still handled the deprecated GNUTYPE_NAMES record type. This record type could be used to create symlinks that would be followed while unpacking a tar archive. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4942 | | Related CVE(s): | CVE-2006-6097 | | Last Modified: | Nov 30 19:07:26 2006 |
| MD5 Checksum: | bfde5d7997b7b6a4f79a2a7a7b8c7e9b |
|
| /// File Name: |
sa22694.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for pam_ldap. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/22694/ | | File Size: | 4933 | | Last Modified: | Nov 3 17:27:13 2006 |
| MD5 Checksum: | 2f64ba4694a515f5e8de0e61dd0a9a8a |
|
| /// File Name: |
MDKSA-2006-203.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-203 - Miloslav Trmac discovered a buffer overflow in texinfo. This issue can cause texi2dvi or texindex to crash when processing a carefully crafted file.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4925 | | Related CVE(s): | CVE-2006-4810 | | Last Modified: | Nov 8 22:19:01 2006 |
| MD5 Checksum: | 8b0a5af35b5a507348e95e3b1dd4eacc |
|
| /// File Name: |
dsa-1214-1.txt |
Description:
|
Debian Security Advisory 1214-1 - Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow.
| | Homepage: | http://www.debian.org/security | | File Size: | 4877 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Nov 21 02:17:07 2006 |
| MD5 Checksum: | 43cf2d2f71ecce2b449a2911da3f44cc |
|
| /// File Name: |
sa23006.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gv. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23006/ | | File Size: | 4875 | | Last Modified: | Nov 21 19:45:15 2006 |
| MD5 Checksum: | f5aa8acf1f4349ababd4235b9c1ef975 |
|
| /// File Name: |
sa22814.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for openssh. This fixes a weakness, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/22814/ | | File Size: | 4804 | | Last Modified: | Nov 13 10:24:28 2006 |
| MD5 Checksum: | b3416e21cd22267695485f4e79c08e63 |
|
| /// File Name: |
MDKSA-2006-212.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-212 - Doxygen is a documentation system for C, C++ and IDL. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4764 | | Related CVE(s): | CVE-2006-3334, CVE-2006-5793 | | Last Modified: | Nov 17 20:44:10 2006 |
| MD5 Checksum: | 4fd21ed25923ab000212c01519728690 |
|
| /// File Name: |
secunia-panda.txt |
Description:
|
Secunia Research has discovered two vulnerabilities and a weakness in Panda ActiveScan version 5.53.00, which can be exploited by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a user's system.
| | Author: | Andreas Sandblad | | Homepage: | http://secunia.com/ | | File Size: | 4755 | | Last Modified: | Nov 17 19:58:46 2006 |
| MD5 Checksum: | 7b2bacdcb21d5664233196fd6beec86c |
|
| /// File Name: |
sa22647.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for screen. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22647/ | | File Size: | 4730 | | Last Modified: | Nov 2 19:05:01 2006 |
| MD5 Checksum: | e4daf7e6824f56da119d0e1d6c109baa |
|
| /// File Name: |
sa22752.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for imlib2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/22752/ | | File Size: | 4707 | | Last Modified: | Nov 8 18:29:38 2006 |
| MD5 Checksum: | e4c283f28bba9e8acf21f01312d0d572 |
|
| /// File Name: |
VMSA-2006-0008.txt |
Description:
|
VMware Security Advisory - A new update has been released for VMware ESX 2.0.2 versions prior to upgrade patch 2. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.
| | Homepage: | http://www.vmware.com/ | | File Size: | 4672 | | Related CVE(s): | CAN-2004-2069, CVE-2006-3403, CVE-2005-2177, CVE-2006-3467, CVE-2006-1056, CVE-2006-1342, CVE-2006-1343, CVE-2006-1864, CVE-2006-2071 | | Last Modified: | Nov 14 03:20:33 2006 |
| MD5 Checksum: | bb35ebbd06f52a0140b2bf867e5172fa |
|
| /// File Name: |
sa22680.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for wvWare. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22680/ | | File Size: | 4572 | | Last Modified: | Nov 2 10:01:38 2006 |
| MD5 Checksum: | 9ff8735088cbed572cd4ed2b6ad0d096 |
|
| /// File Name: |
sa22693.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for php. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22693/ | | File Size: | 4548 | | Last Modified: | Nov 3 17:27:13 2006 |
| MD5 Checksum: | 50b56c4efbe4d3a3d54d992c04673e12 |
|
| /// File Name: |
os2a_1008.txt |
Description:
|
Remote exploitation of a denial of service vulnerability in ELOG's elogd server allows attackers to crash the service. Versions 2.6.2 (SVN revision 1748) and below are affected.
| | Author: | Jayesh KS, Arun Kethipelly | | File Size: | 4463 | | Last Modified: | Nov 14 02:17:36 2006 |
| MD5 Checksum: | 1acfd760ecdbf727aa5822f4090ea4a5 |
|
| /// File Name: |
secunia-myfirewall.txt |
Description:
|
Secunia Research has discovered a vulnerability in My Firewall Plus, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the application windows running with SYSTEM privileges and the application not checking if explorer.exe is running before performing certain actions. This can be exploited to launch iexplore.exe with SYSTEM privileges by terminating explorer.exe and then use the "Test Your Firewall" functionality. Affected is My Firewall Plus version 5.0 Build 1119.
| | Homepage: | http://secunia.com/ | | File Size: | 4463 | | Related CVE(s): | CVE-2006-3973 | | Last Modified: | Nov 21 21:31:30 2006 |
| MD5 Checksum: | 9faab7bc2bb1515a63b18a8e102f8af2 |
|
| /// File Name: |
sa22799.txt |
Description:
|
Secunia Security Advisory - Cisco has acknowledged some vulnerabilities in various products, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22799/ | | File Size: | 4456 | | Last Modified: | Nov 10 11:02:24 2006 |
| MD5 Checksum: | 04f753c31c85b67dea390d2db49800f2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
