Section: .. / 0706-advisories /
| /// File Name: |
06.13.07-1.txt |
Description:
|
iDefense Security Advisory 06.13.07 - Remote exploitation of a integer overflow vulnerability in libexif, as included in various vendors' operating system distributions, could allow attackers to crash the process or execute arbitrary code. The problem exists while parsing a tagged image with a large number of Exif components. Applications using this library are susceptible to a heap overflow when an integer overflow is triggered in the exif_data_load_data_entry function. iDefense confirmed the existence of this vulnerability in versions 0.6.13 through 0.6.15 of libexif.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3046 | | Related CVE(s): | CVE-2006-4168 | | Last Modified: | Jun 14 00:43:10 2007 |
| MD5 Checksum: | ba5c5901b97e512fe7f59298c3d3fee4 |
|
| /// File Name: |
rpm2html-xss.txt |
Description:
|
rpm2html version 1.6 suffers from a cross site scripting vulnerability.
| | Author: | Vladiii | | Homepage: | http://www.rstzone.net/ | | File Size: | 1433 | | Last Modified: | Jun 14 00:40:24 2007 |
| MD5 Checksum: | 6f53292487c7a49a98562428dd5e3759 |
|
| /// File Name: |
USN-474-1.txt |
Description:
|
Ubuntu Security Notice 474-1 - It was discovered that xscreensaver did not correctly validate the return values from network authentication systems such as LDAP or NIS. A local attacker could bypass a locked screen if they were able to interrupt network connectivity.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 13296 | | Related CVE(s): | CVE-2007-1859 | | Last Modified: | Jun 14 00:35:41 2007 |
| MD5 Checksum: | d092c2c16d99d6ffa6ec16b321388785 |
|
| /// File Name: |
06.12.07-2.txt |
Description:
|
iDefense Security Advisory 06.12.07 - Remote exploitation of an input validation error within version 2.1 of YaBB Forum allows attackers to register with forum Administrator privileges. The problem specifically exists due to insufficient validation when writing to the "vars" file for each user. By setting the values of certain variables to contain certain characters, attackers can elevate their privileges to that of the forum Administrator. iDefense confirmed the existence of this vulnerability within version 2.1 of YaBB Forum.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.idefense.com/ | | File Size: | 3330 | | Last Modified: | Jun 12 21:33:20 2007 |
| MD5 Checksum: | 6d920acc6c0d7d8ef9d3e8e10602216c |
|
| /// File Name: |
06.12.07-1.txt |
Description:
|
iDefense Security Advisory 06.12.07 - Remote exploitation of an invalid memory access vulnerability in various Microsoft products, including Internet Explorer, while creating certain COM objects may allow an attacker to execute arbitrary code. When creating certain COM objects in Internet Explorer, memory corruption can occur, which may allow an attacker to execute arbitrary code. When calling the IObjectSafety function, uninitialized memory is accessed in a way that can allow code execution to occur. The IObjectSafety function is used by COM objects to determine if an object is safe to load in a particular context. iDefense confirmed the existence of this vulnerability using Internet Explorer 6 on Windows XP SP2 and Windows Server 2000 SP4. Although Windows Server 2003 contains an affected version, the Enhanced Security Configuration mitigates exposure to this vulnerability. Microsoft reports that Internet Explorer 7 is not affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4017 | | Related CVE(s): | CVE-2007-0218 | | Last Modified: | Jun 12 21:31:51 2007 |
| MD5 Checksum: | 0d736098f00a2d86c0569d008d377a9a |
|
| /// File Name: |
ZDI-07-038.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw is specifically exposed when a prototype variable points to a table cell and then that table cell is removed. This results in an invalid pointer dereference which can be leveraged to result in arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3156 | | Related CVE(s): | CVE-2007-1751 | | Last Modified: | Jun 12 21:28:14 2007 |
| MD5 Checksum: | 887b2592e09075e1f07bb057bbb8bcef |
|
| /// File Name: |
ZDI-07-037.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in routines responsible for the on-demand installation of Internet Explorer language packs. A race condition may occur when a web page contains several pieces of content written in a language not currently supported by any of the installed language packs. In some cases, this race condition results in exploitable memory corruption that can be leveraged to execute arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3366 | | Related CVE(s): | CVE-2007-3027 | | Last Modified: | Jun 12 21:26:56 2007 |
| MD5 Checksum: | a0968401dcc420aa0d12a0a9b67b8bd3 |
|
| /// File Name: |
TA07-163A.txt |
Description:
|
Technical Cyber Security Alert TA07-163A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Windows Secure Channel, Internet Explorer, Win32 API, Windows Mail and Outlook Express. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4104 | | Last Modified: | Jun 12 21:25:48 2007 |
| MD5 Checksum: | e1b9b39be2763f6b1f9ee8392e97d7be |
|
| /// File Name: |
schannel-offbyone.txt |
Description:
|
The Secure Channel (SChannel) library on Microsoft Windows XP SP1 and SP2 is vulnerable to an off-by-one heap buffer overwrite.
| | Author: | Thomas Lim, Steven | | File Size: | 8950 | | Last Modified: | Jun 12 21:22:49 2007 |
| MD5 Checksum: | 62ba1808a64d5f6509860fe18360b09f |
|
| /// File Name: |
SSRT061273.txt |
Description:
|
HP Security Bulletin - Potential vulnerabilities have been identified with HP-UX running BIND. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 7457 | | Related CVE(s): | CVE-2007-4339, CVE-2007-0493, CVE-2007-0494 | | Last Modified: | Jun 12 21:09:51 2007 |
| MD5 Checksum: | 74a843699337ab3d17789ce803e731a0 |
|
| /// File Name: |
dsa-1307-1.txt |
Description:
|
Debian Security Advisory 1307-1 - John Heasman discovered a heap overflow in the routines of OpenOffice.org that parse RTF files. A specially crafted RTF file could cause the filter to overwrite data on the heap, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 51808 | | Related CVE(s): | CVE-2007-0245 | | Last Modified: | Jun 12 21:06:55 2007 |
| MD5 Checksum: | 2979f28b859b37269bf3d9b44968dcb7 |
|
| /// File Name: |
ZDI-07-036.txt |
Description:
|
A vulnerability allows remote attackers to cause a denial of service on vulnerable Arris Cadant C3 CMTS systems. Authentication is not required to exploit this vulnerability. The flaw exists due to mishandling of IP options. When an unknown or bad option is specified, the C3 will terminate disabling all service that is handled by that CMTS. The vulnerability can be triggered with a single malformed IP packet.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2757 | | Related CVE(s): | CVE-2007-2796 | | Last Modified: | Jun 12 21:05:53 2007 |
| MD5 Checksum: | 3bb92cffcef566733be75acf6816b31e |
|
| /// File Name: |
ibm-ds400.txt |
Description:
|
The IBM Totalstorage ds400 comes with unpassworded root access.
| | Author: | kokanin | | Homepage: | http://www.lort.dk | | File Size: | 2673 | | Last Modified: | Jun 12 21:01:45 2007 |
| MD5 Checksum: | cde2ff111e2bfc41e6e205d930cc416d |
|
| /// File Name: |
14070612.txt |
Description:
|
The PHP parse_str() function suffers from an arbitrary variable overwrite issue.
| | Author: | DarkFig | | Homepage: | http://www.acid-root.new.fr/ | | File Size: | 4620 | | Last Modified: | Jun 12 20:59:09 2007 |
| MD5 Checksum: | 622737b30b530a515a1bc655121bc4e6 |
|
| /// File Name: |
USN-473-1.txt |
Description:
|
Ubuntu Security Notice 473-1 - A buffer overflow was discovered in libgd2's font renderer. By tricking an application using libgd2 into rendering a specially crafted string with a JIS encoded font, a remote attacker could read heap memory or crash the application, leading to a denial of service. Xavier Roche discovered that libgd2 did not correctly validate PNG callback results. If an application were tricked into processing a specially crafted PNG image, it would monopolize CPU resources. Since libgd2 is often used in PHP and Perl web applications, this could lead to a remote denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 13845 | | Related CVE(s): | CVE-2007-0455, CVE-2007-2756 | | Last Modified: | Jun 12 20:52:55 2007 |
| MD5 Checksum: | 8c53c90a1f9981b62999f9c72d19ae6e |
|
| /// File Name: |
USN-472-1.txt |
Description:
|
Ubuntu Security Notice 472-1 - It was discovered that libpng did not correctly handle corrupted CRC in grayscale PNG images. By tricking a user into opening a specially crafted PNG, a remote attacker could cause the application using libpng to crash, resulting in a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9764 | | Related CVE(s): | CVE-2007-2445 | | Last Modified: | Jun 12 20:51:14 2007 |
| MD5 Checksum: | df720d8f0a308760b529d2c7ceb14964 |
|
| /// File Name: |
USN-471-1.txt |
Description:
|
Ubuntu Security Notice 471-1 - Victor Stinner discovered that libexif did not correctly validate the size of some EXIF header fields. By tricking a user into opening an image with specially crafted EXIF headers, a remote attacker could cause the application using libexif to crash, resulting in a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7052 | | Related CVE(s): | CVE-2007-2645 | | Last Modified: | Jun 12 20:34:59 2007 |
| MD5 Checksum: | 711a4b74a75ef47cebf59215d02f83ca |
|
| /// File Name: |
USN-439-2.txt |
Description:
|
Ubuntu Security Notice 439-2 - USN-439-1 fixed a vulnerability in file. The original fix did not fully solve the problem. This update provides a more complete solution.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11324 | | Related CVE(s): | CVE-2007-2799 | | Last Modified: | Jun 12 20:33:21 2007 |
| MD5 Checksum: | 51dc7dbf35aca69fca878435f43d7e3b |
|
| /// File Name: |
glsa-200706-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200706-04 - Md Sohail Ahmad from AirTight Networks has discovered a division by zero in the ath_beacon_config() function (CVE-2007-2830). The vendor has corrected an input validation error in the ieee80211_ioctl_getwmmparams() and ieee80211_ioctl_getwmmparams() functions(CVE-207-2831), and an input sanitization error when parsing nested 802.3 Ethernet frame lengths (CVE-2007-2829). Versions less than 0.9.3.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3036 | | Related CVE(s): | CVE-2007-2829, CVE-2007-2830, CVE-2007-2831 | | Last Modified: | Jun 12 20:31:03 2007 |
| MD5 Checksum: | 3af3b5a0a95eb9ccb94dcdf88753de7c |
|
| /// File Name: |
phpmail.txt |
Description:
|
PHPMailer as included with applications such as WordPress, Mantis, etc, suffers from a remote command execution vulnerability.
| | Author: | Thor Larholm | | File Size: | 623 | | Last Modified: | Jun 12 20:30:50 2007 |
| MD5 Checksum: | 12f3e344451f51d52c3d0fd720c7f5e4 |
|
| /// File Name: |
winpt-spoof.txt |
Description:
|
WinPT suffers from a user ID spoofing vulnerability.
| | Author: | nnposter | | File Size: | 2285 | | Last Modified: | Jun 12 20:28:05 2007 |
| MD5 Checksum: | b585bb3e70a3ea95cfeeb1821bf0e026 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
