Section: .. / 0711-advisories /
| /// File Name: |
MDKSA-2007-226.txt |
Description:
|
Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream. An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6197 | | Related CVE(s): | CVE-2006-6058, CVE-2007-4997 | | Last Modified: | Nov 26 17:26:07 2007 |
| MD5 Checksum: | 78821709b8c62321dd92c246f966efc7 |
|
| /// File Name: |
TA07-334A.txt |
Description:
|
Technical Cyber Security Alert TA07-334A - Apple QuickTime contains a buffer overflow vulnerability in the way QuickTime processes Real Time Streaming Protocol (RTSP) streams. Exploitation of this vulnerability could allow an attacker to execute arbitrary code.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 6189 | | Last Modified: | Dec 2 15:40:22 2007 |
| MD5 Checksum: | af3a90f973dacfd90526128ee0e21b9e |
|
| /// File Name: |
SSRT071484.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in the Aries PA-RISC emulation software running on HP-UX IA-64 platforms only. This vulnerability may allow local unauthorized access.
| | Homepage: | http://www.hp.com/ | | File Size: | 6167 | | Last Modified: | Nov 8 18:36:19 2007 |
| MD5 Checksum: | b37ed6fcf3812f73f0e2bf08547f9d5b |
|
| /// File Name: |
glsa-200711-23.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-23 - Multiple vulnerabilities have been discovered in several VMware products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that the DHCP server contains an integer overflow vulnerability, an integer underflow vulnerability and another error when handling malformed packets, leading to stack-based buffer overflows or stack corruption. Rafal Wojtczvk (McAfee) discovered two unspecified errors that allow authenticated users with administrative or login privileges on a guest operating system to corrupt memory or cause a Denial of Service. Another unspecified vulnerability related to untrusted virtual machine images was discovered. Versions less than 6.0.1.55017 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 6028 | | Related CVE(s): | CVE-2004-0813, CVE-2006-3619, CVE-2006-4146, CVE-2006-4600, CVE-2007-0061, CVE-2007-0062, CVE-2007-0063, CVE-2007-1716, CVE-2007-4496, CVE-2007-4497, CVE-2007-5617 | | Last Modified: | Nov 26 16:44:54 2007 |
| MD5 Checksum: | a15a426e0b804db611464609d58fe90d |
|
| /// File Name: |
sa27614.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users and by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/27614/ | | File Size: | 5831 | | Last Modified: | Nov 16 02:06:08 2007 |
| MD5 Checksum: | 4ca7ce0e4b80ebb54af2b0198280302b |
|
| /// File Name: |
sa27858.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/27858/ | | File Size: | 5831 | | Last Modified: | Nov 30 00:36:59 2007 |
| MD5 Checksum: | 2eaae8ad5eaef751b5facf464b498903 |
|
| /// File Name: |
SSRT071461.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with HP-UX running BIND 8. The vulnerability could be exploited remotely to cause DNS cache poisoning.
| | Homepage: | http://www.hp.com/ | | File Size: | 5803 | | Related CVE(s): | CVE-2007-2930 | | Last Modified: | Nov 26 17:29:49 2007 |
| MD5 Checksum: | 0ba5ce2c58f488f4b6a9a7f8cfb737bd |
|
| /// File Name: |
MDKSA-2007-224-2.txt |
Description:
|
Mandriva Linux Security Advisory - The samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. If samba is configured as a Primary or Backup Domain Controller, this could be used by a remote attacker to send malicious logon requests and possibly cause a denial of service. As well, Alin Rad Pop of Secunia Research found that nmbd did not properly check the length of netbios packets. If samba is configured as a WINS server, this could be used by a remote attacker able to send multiple crafted requests to nmbd, resulting in the execution of arbitrary code with root privileges. The update packages on Corporate Server 4.0 resulted in the nmbd daemon crashing at startup. This update provides a newer version of samba (3.0.23d) that does not exhibit this behaviour.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5799 | | Related CVE(s): | CVE-2007-5398, CVE-2007-4572 | | Last Modified: | Nov 26 21:18:13 2007 |
| MD5 Checksum: | af94122a03abb9e752f705e053cd564a |
|
| /// File Name: |
NETRAGARD-20070313.txt |
Description:
|
Netragard, L.L.C Advisory - Netragard's SNOsoft Research Team discovered two critical vulnerabilities in the OpenBase SQL Relational Database that can lead to full system compromise. OpenBase versions 10.0.5 and below are affected.
| | Author: | Adriel T. Desautels, Kevin Finisterre | | Homepage: | http://www.netragard.com/ | | File Size: | 5598 | | Last Modified: | Nov 6 01:48:02 2007 |
| MD5 Checksum: | 0c384ec80b5dc1e8f843028ebcd5ff01 |
|
| /// File Name: |
sa27645.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27645/ | | File Size: | 5594 | | Last Modified: | Nov 14 19:18:41 2007 |
| MD5 Checksum: | 7f163a3f62b3e49c0d7d5c1bd135ed60 |
|
| /// File Name: |
glsa-200711-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-14 - Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the Javascript engine can be exploited to cause a memory corruption. Before being used in a request, input passed to the user ID when making an HTTP request with digest authentication is not properly sanitized. The titlebar can be hidden by a XUL markup language document. Additionally, an error exists in the handling of smb: and sftp: URI schemes on systems with gnome-vfs support. An unspecified error in the handling of XPCNativeWrappers and not properly implementing JavaScript onUnload() handlers may allow the execution of arbitrary Javascript code. Another error is triggered by using the addMicrosummaryGenerator sidebar method to access file: URIs. Versions less than 2.0.0.9 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 5565 | | Related CVE(s): | CVE-2007-1095, CVE-2007-2292, CVE-2007-5334, CVE-2007-5335, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340 | | Last Modified: | Nov 12 23:35:47 2007 |
| MD5 Checksum: | fa96dd3103e47ec1c52a35f012f0fd03 |
|
| /// File Name: |
dsa-1411-1.txt |
Description:
|
Debian Security Advisory 1411-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 5533 | | Related CVE(s): | CVE-2007-5162, CVE-2007-5770 | | Last Modified: | Nov 26 22:04:17 2007 |
| MD5 Checksum: | e010c9333d7617194bd9ea2dd48ed563 |
|
| /// File Name: |
sa27627.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for emacs. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27627/ | | File Size: | 5517 | | Last Modified: | Nov 20 11:17:55 2007 |
| MD5 Checksum: | 26eda205dc5e8c88755d887356f3544d |
|
| /// File Name: |
EEYE-bitdefender.txt |
Description:
|
eEye Digital Security has discovered a critical remote code execution condition within OScan8.ocx and Oscan81.ocx included by default in BitDefender Online Anti-Virus Scanner 8.0 released on May 24th 2006.
| | Author: | Greg Linares | | Homepage: | http://www.eeye.com/ | | File Size: | 5442 | | Last Modified: | Nov 26 17:30:47 2007 |
| MD5 Checksum: | 4799d99db7d7b71c17ec8dac9f47f60d |
|
| /// File Name: |
sa27613.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for perl. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27613/ | | File Size: | 5348 | | Last Modified: | Nov 14 21:10:34 2007 |
| MD5 Checksum: | 658f1301c6fb3fbfc9042b1fbf6297d9 |
|
| /// File Name: |
glsa-200711-30.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-30 - Tavis Ormandy (Google Security) discovered multiple vulnerabilities in PCRE. He reported an error when processing \Q\E sequences with unmatched \E codes that can lead to the compiled bytecode being corrupted. PCRE does not properly calculate sizes for unspecified multiple forms of character class, which triggers a buffer overflow. Further improper calculations of memory boundaries were reported when matching certain input bytes against regex patterns in non UTF-8 mode and when searching for unmatched brackets or parentheses. Multiple integer overflows when processing escape sequences may lead to invalid memory read operations or potentially cause heap-based buffer overflows. PCRE does not properly handle \P and \P{x} sequences which can lead to heap-based buffer overflows or trigger the execution of infinite loops, PCRE is also prone to an error when optimizing character classes containing a singleton UTF-8 sequence which might lead to a heap-based buffer overflow. Versions less than 7.3-r1 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 5255 | | Related CVE(s): | CVE-2006-7227, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768 | | Last Modified: | Nov 26 17:40:19 2007 |
| MD5 Checksum: | 52301116aa5ae4963242b6577a6a61d2 |
|
| /// File Name: |
sa27495.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/27495/ | | File Size: | 5200 | | Last Modified: | Nov 2 22:36:00 2007 |
| MD5 Checksum: | 4ffb1a076a0792e4c2cedf9922e4ad52 |
|
| /// File Name: |
sa27788.txt |
Description:
|
Secunia Security Advisory - ShAy6oOoN has reported some vulnerabilities in IAPR COMMENCE, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27788/ | | File Size: | 5192 | | Last Modified: | Nov 26 21:10:47 2007 |
| MD5 Checksum: | 4c9a36fdbb286983ad59d8dee881e8dd |
|
| /// File Name: |
secunia-symantecbackup.txt |
Description:
|
Secunia Research has discovered some vulnerabilities in Symantec Backup Exec for Windows Servers, which can be exploited by malicious people to cause a DoS (Denial of Service). Affected software includes Symantec Backup Exec for Windows Servers version 11d (11.0 rev 7170).
| | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 5083 | | Related CVE(s): | CVE-2007-4346, CVE-2007-4347 | | Last Modified: | Nov 28 20:12:16 2007 |
| MD5 Checksum: | 70be5dcb65405683c82b0fdaf41ddbda |
|
| /// File Name: |
dsa-1406-1.txt |
Description:
|
Debian Security Advisory 1406-1 - Several remote vulnerabilities have been discovered in the Horde web application framework. Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting). Moritz Naumann discovered that Horde does not properly restrict its image proxy, allowing remote attackers to use the server as a proxy. Marc Ruef discovered that Horde allows remote attackers to include web pages from other sites, which could be useful for phishing attacks. iDefense discovered that the cleanup cron script in Horde allows local users to delete arbitrary files.
| | Homepage: | http://www.debian.org/security | | File Size: | 5082 | | Related CVE(s): | CVE-2006-3548, CVE-2006-3549, CVE-2006-4256, CVE-2007-1473, CVE-2007-1474 | | Last Modified: | Nov 9 20:26:24 2007 |
| MD5 Checksum: | 2f37a86186a6ae315e0b9f273de2cc32 |
|
| /// File Name: |
glsa-200711-22.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-22 - Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the Stream.cc file of Xpdf: An integer overflow in the DCTStream::reset() method and a boundary error in the CCITTFaxStream::lookChar() method, both leading to heap-based buffer overflows. He also discovered a boundary checking error in the DCTStream::readProgressiveDataUnit() method causing memory corruption. Note: Gentoo's version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf. Versions less than 0.6.1-r1 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 5073 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Nov 26 16:42:57 2007 |
| MD5 Checksum: | cf524b80ddac93d7e85c3902d5b2422a |
|
| /// File Name: |
sa27720.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for samba. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27720/ | | File Size: | 5013 | | Last Modified: | Nov 20 11:17:55 2007 |
| MD5 Checksum: | 7dd35926deda209a65794ddc54a03cf5 |
|
| /// File Name: |
adobe-cdpfr.txt |
Description:
|
Canonicalization issues in Adobe Macromedia Flash Player version 9.0 r31 allow for the manipulation of the cross domain policy file source.
| | Author: | Antonio Parata | | Homepage: | http://www.ictsc.it/ | | File Size: | 4965 | | Last Modified: | Nov 9 20:24:41 2007 |
| MD5 Checksum: | fdd986ac6d562bd8d7748ae7198bd672 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
