Section: .. / 0708-advisories /
| /// File Name: |
USN-499-1.txt |
Description:
|
Ubuntu Security Notice 499-1 - Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu. Niklas Edmundsson discovered that the mod_cache module could be made to crash using a specially crafted request. A remote user could use this to cause a denial of service if Apache was configured to use a threaded worker. By default, mod_cache is disabled in Ubuntu. A flaw was discovered in the signal handling of Apache. A local attacker could trick Apache into sending SIGUSR1 to other processes. The vulnerable code was only present in Ubuntu Feisty.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 22711 | | Related CVE(s): | CVE-2006-5752, CVE-2007-1863, CVE-2007-3304 | | Last Modified: | Aug 17 08:30:14 2007 |
| MD5 Checksum: | 7c60f4ea73486685f797832eeb5940f5 |
|
| /// File Name: |
08.16.07-6.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of a buffer overflow vulnerability in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. This vulnerability specifically exists due to insufficient validation of the length of attacker supplied data. When an attacker specifies a specially crafted string via certain environment variables, the string is copied into a static sized buffer stored on the stack. By supplying too much data, an attacker can overflow the buffer and overwrite stack-stored execution control structures resulting in arbitrary code execution. iDefense confirmed the existence of this vulnerability in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3797 | | Related CVE(s): | CVE-2007-4276 | | Last Modified: | Aug 17 08:25:10 2007 |
| MD5 Checksum: | c5b91aebbfaea50b067a3bd8179c060e |
|
| /// File Name: |
08.16.07-5.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of multiple untrusted search path vulnerabilities in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. These vulnerabilities exist due to the execution of binaries or loading of libraries within untrusted paths. In each case, the path to a binary or library is generated based on an environment variable that is under attacker control. Additionally, the files to be executed or loaded are located in a directory under attacker control. iDefense confirmed the existence of this vulnerability in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3959 | | Related CVE(s): | CVE-2007-4275 | | Last Modified: | Aug 17 08:23:44 2007 |
| MD5 Checksum: | b11f7e9a67d7aeac3783ed4668d0fd69 |
|
| /// File Name: |
08.16.07-4.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of a directory creation vulnerability in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. This vulnerability exists due to insecure directory creation within setuid-binaries included with DB2. While creating specific directory structures, attacker created symbolic links will be followed. This allows world-writable directories to be created anywhere on the file system. iDefense confirmed the existence of this vulnerability in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3997 | | Related CVE(s): | CVE-2007-4273 | | Last Modified: | Aug 17 08:22:17 2007 |
| MD5 Checksum: | e7074858185112623a7ed4e554ff2dd6 |
|
| /// File Name: |
08.16.07-3.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of multiple file creation vulnerabilities in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. These vulnerabilities are due to insufficient checking being performed while handling files with elevated privileges. By setting certain combinations of environment variables, an attacker is able to create or append to arbitrary files on the system. iDefense confirmed the existence of this vulnerability in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 3842 | | Related CVE(s): | CVE-2007-4272 | | Last Modified: | Aug 17 08:20:42 2007 |
| MD5 Checksum: | fa67305bc50f5d281ebe6e85e267c4ce |
|
| /// File Name: |
08.16.07-2.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of a directory traversal vulnerability in IBM Corp.'s DB2 Universal Database allows attackers to cause a denial of service (DoS) condition or elevate privileges to root. Some DB2 binaries that are installed setuid-root will save event information to a log file. When creating the full path to the destination file, an environment variable is concatenated with "/tmp/". Since there is no checking for path traversal strings, such as "../", within the environment variable, an attacker is able to create arbitrary files on the system. iDefense confirmed the existence of this vulnerability in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3960 | | Related CVE(s): | CVE-2007-4271 | | Last Modified: | Aug 17 08:19:00 2007 |
| MD5 Checksum: | d9c108b924ba8ae4d0455dbfaa0f0745 |
|
| /// File Name: |
08.16.07-1.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of multiple race condition vulnerabilities in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. These vulnerabilities are due to insufficient checking being performed while handling files with elevated privileges. In each case, a race condition exists between a check to see if an existing file is a symbolic link and modifying it. By quickly and repeatedly removing and recreating the file as a symbolic link, an attacker could modify arbitrary files with root privileges. iDefense confirmed the existence of these vulnerabilities in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 3900 | | Related CVE(s): | CVE-2007-4270 | | Last Modified: | Aug 17 08:17:05 2007 |
| MD5 Checksum: | 515807fc57dc8ba1f64372577e80ee74 |
|
| /// File Name: |
glsa-200708-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-12 - Wireshark doesn't properly handle chunked encoding in HTTP responses, iSeries capture files, certain types of DCP ETSI packets, and SSL or MMS packets. An off-by-one error has been discovered in the DHCP/BOOTP dissector when handling DHCP-over-DOCSIS packets. Versions less than 0.99.6 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3313 | | Related CVE(s): | CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3393 | | Last Modified: | Aug 17 08:07:59 2007 |
| MD5 Checksum: | cc88b54041517dcd6ccb51035dc695b2 |
|
| /// File Name: |
glsa-200708-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-11 - Stefan Esser discovered errors with evidence of memory corruption in the code parsing the headers. Several independent researchers also reported errors involving the handling of HTTP headers, the mod_auth and mod_scgi modules, and the limitation of active connections. Versions less than 1.4.16 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3153 | | Related CVE(s): | CVE-2007-3946, CVE-2007-3947, CVE-2007-3948, CVE-2007-3949, CVE-2007-3950 | | Last Modified: | Aug 17 08:06:36 2007 |
| MD5 Checksum: | 9bd27ce7a20101b5b936e1a7c226f9cb |
|
| /// File Name: |
glsa-200708-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-10 - Dormando reported a vulnerability within the handling of password packets in the connection protocol. Andrei Elkin also found that the CREATE TABLE LIKE command didn't require SELECT privileges on the source table. Versions less than 5.0.44 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2788 | | Related CVE(s): | CVE-2007-3780, CVE-2007-3781 | | Last Modified: | Aug 17 08:06:22 2007 |
| MD5 Checksum: | ee0149052460245ae2cdba93d6f42499 |
|
| /// File Name: |
olate-bypass.txt |
Description:
|
Olate Download version 3.4.1 suffers from an authentication bypass vulnerability in admin.php.
| | Author: | imei addmimistrator | | Homepage: | http://myimei.com/ | | File Size: | 1593 | | Last Modified: | Aug 17 07:56:15 2007 |
| MD5 Checksum: | 9cc0fc74d7fbd26518b8dcf63db8bd78 |
|
| /// File Name: |
NGS-cvpnd.txt |
Description:
|
NGS has discovered a local privilege escalation vulnerability in the Cisco VPN client. Versions below 5.0.01.0600 are affected.
| | Author: | Dominic Beecher | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 4035 | | Last Modified: | Aug 17 07:45:46 2007 |
| MD5 Checksum: | 2a2d3b20b94c9d2a58e8b903bfeab3bf |
|
| /// File Name: |
sa26493.txt |
Description:
|
Secunia Security Advisory - Sebastian Krahmer has reported a vulnerability in rsync, which can potentially be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26493/ | | File Size: | 2391 | | Last Modified: | Aug 17 03:17:23 2007 |
| MD5 Checksum: | e1cfe532e0541a025c03115db3198aa4 |
|
| /// File Name: |
sa26480.txt |
Description:
|
Secunia Security Advisory - Jab Oravec has reported a security issue in Tomboy, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/26480/ | | File Size: | 2283 | | Last Modified: | Aug 17 03:17:23 2007 |
| MD5 Checksum: | 5f5036fedeec7de1afcbcc05a8a036d0 |
|
| /// File Name: |
sa26479.txt |
Description:
|
Secunia Security Advisory - Robert Watson has reported some vulnerabilities in Systrace and Sysjail included in OpenBSD, which can be exploited by malicious, local users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/26479/ | | File Size: | 2284 | | Last Modified: | Aug 17 03:17:23 2007 |
| MD5 Checksum: | 25883710661c1392b6fc46ef598b4e17 |
|
| /// File Name: |
sa26478.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information or to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26478/ | | File Size: | 2424 | | Last Modified: | Aug 17 03:17:23 2007 |
| MD5 Checksum: | 5f4327d77bdbfa9b9cc5cd4ec7e42981 |
|
| /// File Name: |
sa26474.txt |
Description:
|
Secunia Security Advisory - Robert Watson has reported some vulnerabilities in CerbNG, which can be exploited by malicious, local users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/26474/ | | File Size: | 2253 | | Last Modified: | Aug 17 03:17:23 2007 |
| MD5 Checksum: | eabb2cccada0adf6c3a0cd795db5b005 |
|
| /// File Name: |
sa26471.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM DB2, some of which have an unknown impact, while others can potentially be exploited to bypass certain security restrictions or perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/26471/ | | File Size: | 3511 | | Last Modified: | Aug 17 03:17:23 2007 |
| MD5 Checksum: | 07f59a0f1fbfaa3911f3a032c190335b |
|
| /// File Name: |
sa26469.txt |
Description:
|
Secunia Security Advisory - Robert Watson has reported some vulnerabilities in Generic Software Wrappers Toolkit, which can be exploited by malicious, local users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/26469/ | | File Size: | 2622 | | Last Modified: | Aug 17 03:17:23 2007 |
| MD5 Checksum: | fa94b69a2348dcd7e0c01b7c77716321 |
|
| /// File Name: |
sa26428.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Dell Remote Access Card 4, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26428/ | | File Size: | 2397 | | Last Modified: | Aug 17 03:17:23 2007 |
| MD5 Checksum: | 574e55b2dc3a300a21172215de61e4c4 |
|
| /// File Name: |
sa26402.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun JRE, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26402/ | | File Size: | 3130 | | Last Modified: | Aug 17 03:17:23 2007 |
| MD5 Checksum: | 22d66339b28987da12c44bc7c5fdb604 |
|
| /// File Name: |
USN-498-1.txt |
Description:
|
Ubuntu Security Notice 498-1 - David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11163 | | Related CVE(s): | CVE-2007-3106, CVE-2007-4029 | | Last Modified: | Aug 16 10:56:59 2007 |
| MD5 Checksum: | 1fa171cc33091ba997a41481db0d9703 |
|
| /// File Name: |
tlbinf32-exec.txt |
Description:
|
The TypeLib Information object library, implemented in TlbInf32.dll, suffers from a code execution vulnerability.
| | Author: | Brett Moore | | Homepage: | http://security-assessment.com/ | | File Size: | 3496 | | Last Modified: | Aug 16 10:54:07 2007 |
| MD5 Checksum: | 8b8dc31409539f5c54ad3f777ade2d98 |
|
| /// File Name: |
MDKSA-2007-165.txt |
Description:
|
Mandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause cups to crash and possibly execute arbitrary code open a user opening the file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7172 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 16 10:47:55 2007 |
| MD5 Checksum: | 99560061e62852f302dc418de9ecbe74 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
