Section: .. / 0705-advisories /
| /// File Name: |
USN-463-1.txt |
Description:
|
Ubuntu Security Notice 463-1 - Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines. By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15484 | | Related CVE(s): | CVE-2007-2438 | | Last Modified: | May 23 07:53:34 2007 |
| MD5 Checksum: | 49faaeb4e914183e6fd8227250ad6d6d |
|
| /// File Name: |
MDKSA-2007-104.txt |
Description:
|
Mandriva Linux Security Advisory - A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server. A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh. Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15273 | | Related CVE(s): | CVE-2007-2446, CVE-2007-2447, CVE-207-2444 | | Last Modified: | May 15 08:45:37 2007 |
| MD5 Checksum: | 3eec7b3218dacabfa577cc59717b5c64 |
|
| /// File Name: |
MDKSA-2007-106.txt |
Description:
|
Mandriva Linux Security Advisory - A number of HTML filtering bugs were found in SquirrelMail that could allow an attacker to inject arbitrary JavaScript leading to cross-site scripting attacks by sending an email viewed by a user within SquirrelMail. As well, SquirrelMail did not sufficiently check arguments to IMG tags in HTML messages that could be exploited by an attacker by sending arbitrary email messages on behalf of a SquirrelMail user tricked into opening a maliciously-crafted HTML email message.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 13908 | | Related CVE(s): | CVE-2007-1262, CVE-2007-2589 | | Last Modified: | May 22 03:49:28 2007 |
| MD5 Checksum: | f57964ac9c10eaa501973270fec9ce02 |
|
| /// File Name: |
MDKSA-2007-109.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Tetex 3.x uses an embedded copy of the gd source and may also be affected by this issue. A buffer overflow in the open_sty function for makeindex in Tetex could allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 13713 | | Related CVE(s): | CVE-2007-0455, CVE-2007-0650 | | Last Modified: | May 30 21:43:47 2007 |
| MD5 Checksum: | 4e102e4b4ba75c80e6325b2e84cd1d80 |
|
| /// File Name: |
SSRT071422.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com | | File Size: | 10223 | | Last Modified: | May 21 05:50:06 2007 |
| MD5 Checksum: | 07c43e567efc714f036c08de50e8574d |
|
| /// File Name: |
MDKSA-2007-098.txt |
Description:
|
Mandriva Linux Security Advisory - iDefense discovered a stack-based overflow in ClamAV when processing negative values in .cab files. As well, multiple file descriptor leaks were also reported and fixed in chmunpack.c, pdf.c, and dblock.c.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10146 | | Related CVE(s): | CVE-2007-1745, CVE-2007-1997, CVE-2007-2029 | | Last Modified: | May 10 04:18:55 2007 |
| MD5 Checksum: | cfca507cc140144be51f7b12b72d5ae9 |
|
| /// File Name: |
USN-465-1.txt |
Description:
|
Ubuntu Security Notice 465-1 - Luigi Auriemma discovered multiple flaws in pulseaudio's network processing code. If an unauthenticated attacker sent specially crafted requests to the pulseaudio daemon, it would crash, resulting in a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9643 | | Related CVE(s): | CVE-2007-1804 | | Last Modified: | May 31 05:22:58 2007 |
| MD5 Checksum: | be02bc364009d306a797ce15f0cb26c6 |
|
| /// File Name: |
USN-460-2.txt |
Description:
|
Ubuntu Security Notice 460-2 - USN-460-1 fixed several vulnerabilities in Samba. The upstream changes for CVE-2007-2444 had an unexpected side-effect in Feisty. Shares configured with the "force group" option no longer behaved correctly.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 8980 | | Related CVE(s): | CVE-2007-2444 | | Last Modified: | May 23 07:40:28 2007 |
| MD5 Checksum: | b44ab22d2208b5ef3095f76fe7727e95 |
|
| /// File Name: |
OpenPKG-SA-2007.019.txt |
Description:
|
OpenPKG Security Advisory - Multiple vulnerabilities in PHP versions 5.2.2 and below have been addressed.
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 8486 | | Related CVE(s): | CVE-2007-1380, CVE-2007-1375, CVE-2007-1376, CVE-2007-1521, CVE-2007-1484, CVE-2007-1583, CVE-2007-1700, CVE-2007-1718, CVE-2007-1461, CVE-2007-1887, CVE-2007-1888, CVE-2007-1717, CVE-2007-1835, CVE-2007-1890, CVE-2007-1824 | | Last Modified: | May 31 05:11:16 2007 |
| MD5 Checksum: | b6e50daee02b6a72dc70cee56c380b95 |
|
| /// File Name: |
MDKSA-2007-104-1.txt |
Description:
|
Mandriva Linux Security Advisory - A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server. A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh. Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8317 | | Related CVE(s): | CVE-2007-2446, CVE-2007-2447, CVE-2007-2444 | | Last Modified: | May 30 21:45:26 2007 |
| MD5 Checksum: | 03c7517049bd8ddbff5b953a0ff86565 |
|
| /// File Name: |
SSRT061256.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with the HP Tru64 UNIX Operating System running the ps command. The ps command could be used to disclose information about a process's arguments and environmental variables that might be exploited by a local, authorized user.
| | Homepage: | http://www.hp.com | | File Size: | 8261 | | Last Modified: | May 4 17:52:43 2007 |
| MD5 Checksum: | 78a385e10bcdf42c9e7b9f05898b3fcc |
|
| /// File Name: |
MDKSA-2007-107.txt |
Description:
|
Mandriva Linux Security Advisory - A weakness in the way Evolution processed certain APOP authentication requests was discovered. A remote attacker could potentially obtain certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8137 | | Related CVE(s): | CVE-2007-1558 | | Last Modified: | May 22 03:50:25 2007 |
| MD5 Checksum: | acb80c6bbe7ca3a3bb483aa81ec8bdbe |
|
| /// File Name: |
MDKSA-2007-099.txt |
Description:
|
Mandriva Linux Security Advisory - An off-by-one error was discovered in the PyLocale_strxfrm function in Python 2.4 and 2.5 that could allow context-dependent attackers the ability to read portions of memory via special manipulations that trigger a buffer over-read due to missing null termination.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8041 | | Related CVE(s): | CVE-2007-2052 | | Last Modified: | May 10 04:20:04 2007 |
| MD5 Checksum: | 81e8b3a63ba41ed78498606f4867461a |
|
| /// File Name: |
sa25005.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for postgresql. This fixes a security issue, which potentially can be exploited by malicious users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/25005/ | | File Size: | 7993 | | Last Modified: | May 2 04:17:18 2007 |
| MD5 Checksum: | c0ded4fdbfffe52911242f377d2b234a |
|
| /// File Name: |
vmware-gpf.txt |
Description:
|
Vmware Virtualization products are affected by a design flaw which can lead to a local denial of service vulnerability within the Guest OS.
| | Author: | Ruben Santamarta | | Homepage: | http://www.reversemode.com/ | | File Size: | 7920 | | Related CVE(s): | CVE-2007-1877 | | Last Modified: | May 8 11:06:21 2007 |
| MD5 Checksum: | 8ed06141300222f276e4ddb49aa37d0f |
|
| /// File Name: |
dsa-1293-1.txt |
Description:
|
Debian Security Advisory 1293-1 - Paul Jakma discovered that specially crafted UPDATE messages can trigger an out of boundary read that can result in a system crash of quagga, the BGP/OSPF/RIP routing daemon.
| | Homepage: | http://www.debian.org/security | | File Size: | 7915 | | Related CVE(s): | CVE-2007-1995 | | Last Modified: | May 21 04:44:19 2007 |
| MD5 Checksum: | 02fe5b809432ed3d4b6d91c2d20229b5 |
|
| /// File Name: |
sa25256.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for samba. This fixes some vulnerabilities, which can be exploited by malicious users to perform certain actions with escalated privileges and to compromise a vulnerable system, and by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25256/ | | File Size: | 7807 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 589a351fc945d9604d0552d42627ff31 |
|
| /// File Name: |
sa25284.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities and two security issues have been reported in BEA WebLogic, which can be exploited by malicious users to disclose sensitive information, bypass certain security restrictions, and conduct script insertion attacks, and by malicious people to bypass certain security restrictions, brute force an administrator's password, conduct cross-site scripting attacks, and cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/25284/ | | File Size: | 7747 | | Last Modified: | May 16 03:04:41 2007 |
| MD5 Checksum: | 6188f47b1c36b56366a13e2ea4ba8201 |
|
| /// File Name: |
sa25198.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for elinks. This fixes a weakness, which potentially can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/25198/ | | File Size: | 7410 | | Last Modified: | May 10 02:32:46 2007 |
| MD5 Checksum: | d0c6ba316bcc1b845f43c070fe2a0e05 |
|
| /// File Name: |
SSRT071337.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified on HP-UX running Kerberos. The vulnerability could be exploited by remote authorized users to execute arbitrary code.
| | Homepage: | http://www.hp.com | | File Size: | 7334 | | Related CVE(s): | CVE-2007-1261 | | Last Modified: | May 23 07:30:35 2007 |
| MD5 Checksum: | 23c7c5390ec136c69e0352e8ae7cc6ab |
|
| /// File Name: |
SSRT071323.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP Tru64 UNIX running Secure Shell (SSH). The vulnerability could be exploited remotely by an unauthorized user to identify valid users.
| | Homepage: | http://www.hp.com | | File Size: | 7156 | | Last Modified: | May 21 05:04:26 2007 |
| MD5 Checksum: | cd6174b74807743728d9533d56cccf46 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
