Section: .. / 0705-advisories /
| /// File Name: |
dsa-1281-2.txt |
Description:
|
Debian Security Advisory 1281-2 - On 25 April, the Debian Security Team released clamav 0.90.1-3etch1, an update to the Clam anti-virus toolkit, to address several vulnerabilities. Unfortunately, there was an error in the updated packages and CVE-2007-2029, a file descriptor leak in the PDF document handler, was not properly fixed in Debian 4.0 (etch) or the Debian testing distribution (lenny).
| | Homepage: | http://www.debian.org/security | | File Size: | 15916 | | Related CVE(s): | CVE-2007-2029 | | Last Modified: | May 23 06:31:15 2007 |
| MD5 Checksum: | 492588824ef5cc820221a67dde763282 |
|
| /// File Name: |
USN-459-2.txt |
Description:
|
Ubuntu Security Notice 459-2 - A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service. USN-459-1 fixed vulnerabilities in pptpd. However, a portion of the fix caused a regression in session establishment under Dapper for certain PPTP clients. This update fixes the problem.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3046 | | Last Modified: | May 22 03:59:32 2007 |
| MD5 Checksum: | 5a5561e11d3d5e9f5e0cb037942152a6 |
|
| /// File Name: |
dsa-1291-3.txt |
Description:
|
Debian Security Advisory 1291-3 - The security update for CVE-2007-2444 introduced a regression in the handling of the "force group" share parameter if the forced group is a local Unix group for domain member servers. This update fixes this regression.
| | Homepage: | http://www.debian.org/security | | File Size: | 21001 | | Related CVE(s): | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447 | | Last Modified: | May 22 03:58:32 2007 |
| MD5 Checksum: | 1ff6e301b3553e7c9b79d510fead0938 |
|
| /// File Name: |
dsa-1296-1.txt |
Description:
|
Debian Security Advisory 1296-1 - It was discovered that the ftp extension of PHP, a server-side, HTML-embedded scripting language performs insufficient input sanitising, which permits an attacker to execute arbitrary FTP commands. This requires the attacker to already have access to the FTP server.
| | Homepage: | http://www.debian.org/security | | File Size: | 72245 | | Related CVE(s): | CVE-2007-2509 | | Last Modified: | May 22 03:57:30 2007 |
| MD5 Checksum: | 6faea7ecb565932576eade47cf49581d |
|
| /// File Name: |
glsa-200705-18.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-18 - James Cameron from HP has reported a vulnerability in PPTPD caused by malformed GRE packets. Versions less than 1.3.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2385 | | Related CVE(s): | CVE-2007-0244 | | Last Modified: | May 22 03:50:38 2007 |
| MD5 Checksum: | 0bb00711429a7d6db4d09bc39f6be8e0 |
|
| /// File Name: |
MDKSA-2007-107.txt |
Description:
|
Mandriva Linux Security Advisory - A weakness in the way Evolution processed certain APOP authentication requests was discovered. A remote attacker could potentially obtain certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8137 | | Related CVE(s): | CVE-2007-1558 | | Last Modified: | May 22 03:50:25 2007 |
| MD5 Checksum: | acb80c6bbe7ca3a3bb483aa81ec8bdbe |
|
| /// File Name: |
MDKSA-2007-106.txt |
Description:
|
Mandriva Linux Security Advisory - A number of HTML filtering bugs were found in SquirrelMail that could allow an attacker to inject arbitrary JavaScript leading to cross-site scripting attacks by sending an email viewed by a user within SquirrelMail. As well, SquirrelMail did not sufficiently check arguments to IMG tags in HTML messages that could be exploited by an attacker by sending arbitrary email messages on behalf of a SquirrelMail user tricked into opening a maliciously-crafted HTML email message.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 13908 | | Related CVE(s): | CVE-2007-1262, CVE-2007-2589 | | Last Modified: | May 22 03:49:28 2007 |
| MD5 Checksum: | f57964ac9c10eaa501973270fec9ce02 |
|
| /// File Name: |
dsa-1295-1.txt |
Description:
|
Debian Security Advisory 1295-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 40480 | | Related CVE(s): | CVE-2007-2509, CVE-2007-2510 | | Last Modified: | May 22 03:40:08 2007 |
| MD5 Checksum: | 8571f744590f17fca69a2b36a006a226 |
|
| /// File Name: |
USN-436-2.txt |
Description:
|
Ubuntu Security Notice 436-2 - USN-436-1 fixed a vulnerability in KTorrent. The original fix for path traversal was incomplete, allowing for alternate vectors of attack. Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5300 | | Related CVE(s): | CVE-2007-1799 | | Last Modified: | May 21 06:04:55 2007 |
| MD5 Checksum: | d84cb96af518cadc6de28eda55e86e49 |
|
| /// File Name: |
REWTERZ-20070518.txt |
Description:
|
rewterz has discovered a critical vulnerability in Hidden Administrator. This vulnerability allows a remote attacker to execute arbitrary code in the context of the user who executed Hidden Administrator. Versions 1.7 and below are affected.
| | Author: | Muhammed Ahmed Siddiqui | | Homepage: | http://rewterz.com/ | | Related Exploit: | irrational-bypass.txt | | File Size: | 1591 | | Last Modified: | May 21 06:02:31 2007 |
| MD5 Checksum: | 715d35ef123ec3ddf6eda96c8705a8d4 |
|
| /// File Name: |
ASPR-2007-05-14-1.txt |
Description:
|
ACROS Security Problem Report #2007-05-14-1 - There is a session fixation vulnerability in HP Systems Insight Manager 4.2 and 5.0 SP4/5 (IM) that allows an attacker to gain administrative access to IM console. As a result, the attacker can take complete administrative control over all managed systems, upload and execute malicious code on them, extract any information from them and disable them at her will.
| | Homepage: | http://www.acrossecurity.com/ | | File Size: | 4675 | | Last Modified: | May 21 06:01:13 2007 |
| MD5 Checksum: | e7e668d4412559a0e42a337e73fbbb1d |
|
| /// File Name: |
packeteer.txt |
Description:
|
The TCP/IP stack of Packeteer PacketShaper is generating predictable initial sequence numbers.
| | Author: | nnposter | | File Size: | 1012 | | Last Modified: | May 21 05:59:42 2007 |
| MD5 Checksum: | a43516f2337fdcc03c6f568150c7d917 |
|
| /// File Name: |
OpenPKG-SA-2007.017.txt |
Description:
|
OpenPKG Security Advisory - A Denial of Service (DoS) vulnerability exists in the Ratbox IRC Daemon, versions up to and including 2.2.5. Too many pending connections to the server from a single unknown client could result in a resource starvation.
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 2482 | | Last Modified: | May 21 05:58:26 2007 |
| MD5 Checksum: | 3c9fe94c4884d52a8d6b82eb0d64d605 |
|
| /// File Name: |
OpenPKG-SA-2007.015.txt |
Description:
|
OpenPKG Security Advisory - A Denial of Service (DoS) vulnerability exists in the routing daemon Quagga, versions up to and including 0.99.6. The Quagga bgpd(8) daemon is vulnerable as configured peers may cause it to abort because of an assertion which can be triggered by peers by sending an "UPDATE" message with a specially crafted, malformed Multi-Protocol reachable/unreachable "NLRI" attribute.
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 2722 | | Related CVE(s): | CVE-2007-1995 | | Last Modified: | May 21 05:57:45 2007 |
| MD5 Checksum: | 7c6b268789474aed4854ea45864a2d2d |
|
| /// File Name: |
USN-461-1.txt |
Description:
|
Ubuntu Security Notice 461-1 - It was discovered that Quagga did not correctly verify length information sent from configured peers. Remote malicious peers could send a specially crafted UPDATE message which would cause bgpd to abort, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5525 | | Related CVE(s): | CVE-2007-1995 | | Last Modified: | May 21 05:55:14 2007 |
| MD5 Checksum: | c9e5ff89aaf78c15915f43f9a469b7c5 |
|
| /// File Name: |
MDKSA-2007-105.txt |
Description:
|
Mandriva Linux Security Advisory - The APOP functionality in fetchmail's POP3 client implementation was validating the APOP challenge too lightly, accepting random garbage as a POP3 server's APOP challenge, rather than insisting it conform to RFC-822 specifications. As a result of this flaw, it made man-in-the-middle attacks easier than necessary to retrieve the first few characters of the APOP secret, allowing them to potentially brute force the remaining characters easier than should be possible.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5625 | | Related CVE(s): | CVE-2007-1558 | | Last Modified: | May 21 05:54:04 2007 |
| MD5 Checksum: | 5405353ca73ccee3e5eb079b046836ce |
|
| /// File Name: |
OpenPKG-SA-2007.013.txt |
Description:
|
OpenPKG Security Advisory - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the PNG image format library libpng. The bug is a NULL-pointer-dereference vulnerability involving palette images with a malformed "tRNS" PNG chunk, i.e., one with a bad CRC value. This bug can, at a minimum, cause crashes in applications simply by displaying a malformed image.
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 2966 | | Related CVE(s): | CVE-2007-2445 | | Last Modified: | May 21 05:50:57 2007 |
| MD5 Checksum: | cfe0c8073d23c3040e87d6f860fd4fd3 |
|
| /// File Name: |
SSRT071422.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com | | File Size: | 10223 | | Last Modified: | May 21 05:50:06 2007 |
| MD5 Checksum: | 07c43e567efc714f036c08de50e8574d |
|
| /// File Name: |
SSRT061214.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP Systems Insight Manager (SIM) for Windows. The vulnerability could be exploited to allow remote privileged access and arbitrary code execution.
| | Homepage: | http://www.hp.com | | File Size: | 5490 | | Last Modified: | May 21 05:05:08 2007 |
| MD5 Checksum: | 8f0b46e66a7c1b59695eba661098e06b |
|
| /// File Name: |
SSRT071323.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP Tru64 UNIX running Secure Shell (SSH). The vulnerability could be exploited remotely by an unauthorized user to identify valid users.
| | Homepage: | http://www.hp.com | | File Size: | 7156 | | Last Modified: | May 21 05:04:26 2007 |
| MD5 Checksum: | cd6174b74807743728d9533d56cccf46 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
