Section: .. / 0702-advisories /
| /// File Name: |
sa24010.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for gtk+2.0. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24010/ | | File Size: | 15760 | | Last Modified: | Feb 4 23:30:20 2007 |
| MD5 Checksum: | a51a18e8c5fb4f6f9b673d02035ab75e |
|
| /// File Name: |
USN-415-1.txt |
Description:
|
Ubuntu Security Notice 415-1 - A flaw was discovered in the error handling of GTK's image loading library. Applications opening certain corrupted images could be made to crash, causing a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15706 | | Related CVE(s): | CVE-2007-0010 | | Last Modified: | Feb 5 23:18:03 2007 |
| MD5 Checksum: | 64f24ebe7615fac59d16b1844dabbe74 |
|
| /// File Name: |
USN-422-1.txt |
Description:
|
Ubuntu Security Notice 422-1 - Vladimir Nadvornik discovered that the fix for CVE-2006-5456, released in USN-372-1, did not correctly solve the original flaw in PALM image handling. By tricking a user into processing a specially crafted image with an application that uses imagemagick, an attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15445 | | Related CVE(s): | CVE-2006-5456, CVE-2007-0770 | | Last Modified: | Feb 16 03:03:05 2007 |
| MD5 Checksum: | 83ef0fab7da91635c6a588e992b001c8 |
|
| /// File Name: |
sa24196.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for imagemagick. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24196/ | | File Size: | 15443 | | Last Modified: | Feb 16 23:12:18 2007 |
| MD5 Checksum: | 56bae3db282aabc4cdd4e3eae55bbe5e |
|
| /// File Name: |
MDKSA-2007-034.txt |
Description:
|
Mandriva Linux Security Advisory - A logic error in the deferred open code for smbd may allow an authenticated user to exhaust resources such as memory and CPU on the server by opening multiple CIFS sessions, each of which will normally spawn a new smbd process, and sending each connection into an infinite loop. The name of a file on the server's share is used as the format string when setting an NT security descriptor through the afsacl.so VFS plugin.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15327 | | Related CVE(s): | CVE-2007-0452, CVE-2007-0454 | | Last Modified: | Feb 6 00:54:18 2007 |
| MD5 Checksum: | 49db2b01127faff68ad720c66cf9ff4e |
|
| /// File Name: |
MDKSA-2007-037.txt |
Description:
|
Mandriva Linux Security Advisory - Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server's memory, which could be used to retrieve database contents that the user should not be able to see. Note that a user must be authenticated in order to exploit this. As well, Jeff Trout also discovered that the query planner did not verify that a table was still compatible with a previously-generated query plan, which could be exploted to read out arbitrary locations of the server's memory by using ALTER COLUMN TYPE during query execution. Again, a user must be authenticated in order to exploit this.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15287 | | Related CVE(s): | CVE-2007-0555, CVE-2007-0556 | | Last Modified: | Feb 7 23:52:45 2007 |
| MD5 Checksum: | 81f44b9308ec2b32d0d8a7917460d268 |
|
| /// File Name: |
dsa-1260-1.txt |
Description:
|
Debian Security Advisory 1260-1 - Vladimir Nadvornik discovered that the fix for a vulnerability in the PALM decoder of Imagemagick, a collection of image manipulation programs, was ineffective.
| | Homepage: | http://www.debian.org/security | | File Size: | 15271 | | Related CVE(s): | CVE-2007-0770 | | Last Modified: | Feb 14 17:29:56 2007 |
| MD5 Checksum: | 7dc46211a92cd3f14af3a8aa54629a6a |
|
| /// File Name: |
MDKSA-2007-048.txt |
Description:
|
Mandriva Security Advisory - Many buffer overflow flaws were discovered in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. An attacker able to use a PHP application using any of these functions could trigger these flaws and possibly execute arbitrary code as the apache user. A one-byte memory read will always occur prior to the beginning of a buffer, which could be triggered, for example, by any use of the header() function in a script. The wddx extension, if used to import WDDX data from an untrusted source, may allow a random portion of heap memory to be exposed due to certain WDDX input packets. The odbc_result_all() function, if used to display data from a database, and if the contents of the database are under the control of an attacker, could lead to the execution of arbitrary code due to a format string vulnerability. Several flaws in the PHP could allow attackers to clobber certain super-global variables via unspecified vectors. The zend_hash_init() function can be forced into an infinite loop if unserializing untrusted data on a 64-bit platform, resulting in the consumption of CPU resources until the script timeout alarm aborts the execution of the script.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 14576 | | Related CVE(s): | CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 | | Last Modified: | Feb 23 21:54:00 2007 |
| MD5 Checksum: | fcf252091d0bd2a2ca2cc2b59d97ab67 |
|
| /// File Name: |
XD100099.txt |
Description:
|
A vulnerability has been identified in Microsoft Internet Explorer, in Windows XP SP2 which could be exploited by malicious users to obtain a victim's local files.
| | Author: | Rajesh Sethumadhavan | | File Size: | 14429 | | Last Modified: | Feb 23 17:53:14 2007 |
| MD5 Checksum: | eb9bbae2d092c210693c0e46dfdad241 |
|
| /// File Name: |
sa24078.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24078/ | | File Size: | 14361 | | Last Modified: | Feb 7 23:22:52 2007 |
| MD5 Checksum: | ea55e4753eee4304edc19da1f6ccd807 |
|
| /// File Name: |
sa24167.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for imagemagick. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24167/ | | File Size: | 14300 | | Last Modified: | Feb 16 01:49:41 2007 |
| MD5 Checksum: | 2730a41101bad168fe0a6295fd95cbf3 |
|
| /// File Name: |
dsa-1256-1.txt |
Description:
|
Debian Security Advisory 1256-1 - It was discovered that the image loading code in the GTK+ graphical user interface library performs insufficient error handling when loading malformed images, which may lead to denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 14177 | | Related CVE(s): | CVE-2007-0010 | | Last Modified: | Feb 1 00:14:22 2007 |
| MD5 Checksum: | 04b34324ef7c745c3c0a166ead134e25 |
|
| /// File Name: |
sa24006.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gtk+2.0. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24006/ | | File Size: | 13238 | | Last Modified: | Feb 4 23:30:20 2007 |
| MD5 Checksum: | 00a43805f1011a2c6ee6ead56a4e21de |
|
| /// File Name: |
sa24065.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for kdelibs. This fixes a weakness, which can potentially be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/24065/ | | File Size: | 11904 | | Last Modified: | Feb 7 23:22:52 2007 |
| MD5 Checksum: | 7d20af0aec583130a7ebf33e447ec5f7 |
|
| /// File Name: |
USN-420-1.txt |
Description:
|
Ubuntu Security Notice 420-1 - Jose Avila III and Robert Tasarz discovered that the KDE HTML library did not correctly parse HTML comments inside the "title" tag. By tricking a Konqueror user into visiting a malicious website, an attacker could bypass cross-site scripting protections.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11571 | | Related CVE(s): | CVE-2007-0537 | | Last Modified: | Feb 7 23:48:24 2007 |
| MD5 Checksum: | 523b365c106d3e751f0f3e1200096356 |
|
| /// File Name: |
SYM07-002.txt |
Description:
|
Symantec Security Advisory SYM07-002 - Vulnerabilities were identified in third-party trouble-shooting ActiveX controls, developed by SupportSoft, www.supportsoft.com. Two of these controls were signed, shipped and installed with the identified versions of Symantec's consumer products and as part of the Symantec Automated Support Assistant support tool. The vulnerability identified in the Symantec shipped controls could potentially result in a stack overflow requiring user interaction to exploit. If successfully exploited this vulnerability could potentially compromise a user's system possibly allowing execution of arbitrary code or unauthorized access to system assets with the permissions of the user's browser.
| | Author: | Mark Litchfield | | Homepage: | http://www.symantec.com/security/ | | File Size: | 10817 | | Related CVE(s): | CVE-2006-6490 | | Last Modified: | Feb 23 22:05:34 2007 |
| MD5 Checksum: | ef738e6cc836e4b569b9df1624c54701 |
|
| /// File Name: |
sa24303.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, where one has unknown impacts and others can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service), or by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24303/ | | File Size: | 10642 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | 7daef3bf3c55531bea6ea57528f67814 |
|
| /// File Name: |
MDKSA-2007-051.txt |
Description:
|
Mandriva Security Advisory - An algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a backtracking attack.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10472 | | Related CVE(s): | CVE-2006-6931 | | Last Modified: | Mar 6 00:06:51 2007 |
| MD5 Checksum: | 53d7d5dd9bc1a6b957702dff664a6cfc |
|
| /// File Name: |
MDKSA-2007-038.txt |
Description:
|
Mandriva Linux Security Advisory - PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. PHP uses an embedded copy of GD and may be susceptible to the same issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9964 | | Related CVE(s): | CVE-2006-6383, CVE-2007-0455 | | Last Modified: | Feb 7 23:53:55 2007 |
| MD5 Checksum: | 5d5e1a8c4a3611075117ca91b0bbc976 |
|
| /// File Name: |
NGS00401.txt |
Description:
|
BrightStor ARCserve Backup for Laptops and Desktops r11.1 suffers from a remote resource exhaustion vulnerability. By sending a specially crafted series of packets to the LGSERVER.EXE process that listens on TCP port 2200, it is possible to cause LGSERVER.EXE to write very large files to the system disk. In addition, the LGSERVER.EXE process becomes unresponsive until the file has been written.
| | Author: | Mark Litchfield, John Heasman | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 9614 | | Last Modified: | Jan 31 23:45:51 2007 |
| MD5 Checksum: | f96044c51bcb9897bf083cf6eebbb52b |
|
| /// File Name: |
sa23988.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for mozilla-firefox. This fixes some vulnerabilities, which can be exploited by malicious people to gain knowledge of certain information, conduct cross-site scripting attacks, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23988/ | | File Size: | 9487 | | Last Modified: | Feb 4 23:30:20 2007 |
| MD5 Checksum: | a2979b7d97622020cba83a97a124f49a |
|
| /// File Name: |
MDKSA-2007-037-1.txt |
Description:
|
Mandriva Security Advisory - Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server's memory, which could be used to retrieve database contents that the user should not be able to see. Note that a user must be authenticated in order to exploit this. As well, Jeff Trout also discovered that the query planner did not verify that a table was still compatible with a previously-generated query plan, which could be exploited to read out arbitrary locations of the server's memory by using ALTER COLUMN TYPE during query execution. Again, a user must be authenticated in order to exploit this.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9129 | | Related CVE(s): | CVE-2007-0555, CVE-2007-0556 | | Last Modified: | Feb 13 00:57:58 2007 |
| MD5 Checksum: | 03ee161b8df333666d71a19c0f9b6f14 |
|
| /// File Name: |
SSRT061280.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with the Mercury LoadRunner Agent, Performance Center Agent, and Monitor over Firewall. The vulnerability could be exploited by a remote unauthenticated user to execute arbitrary code.
| | Homepage: | http://www.hp.com | | File Size: | 9119 | | Last Modified: | Feb 13 00:35:52 2007 |
| MD5 Checksum: | 4d28bd713f31419814e7aaf1cebcf7d4 |
|
| /// File Name: |
dsa-1255-1.txt |
Description:
|
Debian Security Advisory 1255-1 - Liu Qishuai discovered that the GNOME gtop library performs insufficient sanitising when parsing the system's /proc table, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 9109 | | Related CVE(s): | CVE-2007-0235 | | Last Modified: | Jan 31 23:56:22 2007 |
| MD5 Checksum: | 6b10603ecfdaa5f6ff1d5dedae59e8dd |
|
| /// File Name: |
vmware-weak.txt |
Description:
|
VMware Workstation version 5.5.3 build 34685 suffers from isolation failure and information leakage conditions.
| | Author: | Eitan Caspi | | File Size: | 8753 | | Last Modified: | Feb 6 00:03:59 2007 |
| MD5 Checksum: | 8a34145628a89038d96e44fb844d2ad9 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
