Section: .. / 0801-advisories /
| /// File Name: |
01.17.08-3.txt |
Description:
|
iDefense Security Advisory 01.17.08 - Local exploitation of multiple integer overflow vulnerabilities in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. One vulnerability exists within the EVI extension. When processing a request, the server uses a 32-bit value provided by the client in an arithmetic operation that calculates the number of bytes to allocate for a dynamic buffer. This operation can overflow, which later leads to a potentially exploitable heap overflow. Another vulnerability exists within the MIT-SHM extension. When allocating a pixmap, the server uses values from the request to verify that the requested size is not greater than the amount of allocated shared memory. The calculation can overflow, which leads to the overwriting of arbitrary addresses in memory that aren't part of the shared memory segment. iDefense has confirmed the existence of these vulnerabilities in X.Org X11 version R7.3. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4381 | | Related CVE(s): | CVE-2007-6429 | | Last Modified: | Jan 18 05:54:08 2008 |
| MD5 Checksum: | d8374f2c1aa7d9c49935b8406407713d |
|
| /// File Name: |
01.17.08-2.txt |
Description:
|
iDefense Security Advisory 01.17.08 - Local exploitation of an information disclosure vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to gain access to sensitive information stored in server memory. The vulnerable code exists within the TOG-CUP extension. A 32-bit client supplied value is taken directly from the request, and then used as an index into an array. The value located at this index is then stored into a buffer which is later sent to the client. This allows a client to read memory from arbitrary locations in server memory. iDefense has confirmed the existence of this vulnerability in X.Org X11 version R7.3. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3966 | | Related CVE(s): | CVE-2007-6428 | | Last Modified: | Jan 18 05:53:07 2008 |
| MD5 Checksum: | 1b7e32af0eef6ebb2945a5211db21469 |
|
| /// File Name: |
01.17.08-1.txt |
Description:
|
iDefense Security Advisory 01.17.08 - Local exploitation of multiple memory corruption vulnerabilities in the X.Org X server, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the X server, typically root. Vulnerable code exists within multiple functions in the XInput extension. By sending specially crafted X11 requests, an attacker is able to corrupt heap memory located after their request data. This results in a potentially exploitable condition. Defense has confirmed the existence of these vulnerabilities in X.Org X11 version R7.3. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3575 | | Related CVE(s): | CVE-2007-6427 | | Last Modified: | Jan 18 05:51:55 2008 |
| MD5 Checksum: | 0967a9706d57df5829dd28f1fd67a786 |
|
| /// File Name: |
USN-571-1.txt |
Description:
|
Ubuntu Security Notice 571-1 - Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 33458 | | Related CVE(s): | CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006 | | Last Modified: | Jan 18 05:40:18 2008 |
| MD5 Checksum: | 51a73d44d004d14fcffd34cae74ca8b5 |
|
| /// File Name: |
ZDI-08-002.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Citrix Presentation Server. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Independent Management Architecture service, ImaSrv.exe, which listens by default on TCP port 2512 or 2513. The process trusts a user-suppled value as a parameter to a memory allocation. By supplying a specific value, an undersized heap buffer may be allocated. Subsequently, an attacker can then overflow that heap buffer by sending an overly large packet leading to arbitrary code execution in the context of the SYSTEM user.
| | Author: | Eric DETOISIEN | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3437 | | Last Modified: | Jan 18 05:38:14 2008 |
| MD5 Checksum: | b633e3e2771697f71e17271da86d5369 |
|
| /// File Name: |
CORE-2007-1119.txt |
Description:
|
Core Security Technologies Advisory - Locally exploitable kernel buffer overflow vulnerabilities and improperly validated input arguments have been found in CORE FORCE Firewall and Registry modules. The vulnerabilities allow unprivileged logged on users to crash the system (denial of service), and they also may lead to a privilege escalation or even a local root exploit. Versions 0.95.167 and below are affected.
| | Author: | Sebastian Gottschalk | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 7267 | | Last Modified: | Jan 18 05:36:14 2008 |
| MD5 Checksum: | bcb349a094c8d4b1163b33bdcee0b3c9 |
|
| /// File Name: |
okiprinter-reveal.txt |
Description:
|
The OKI C5510MFP printer offers a web interface for the configuration. Certain pages require higher privileges for making changes. However, the password required for accessing these pages is sent to the client in clear text by the printer. Furthermore, the password can be set without prior authentication. Consequently, the whole configuration can be changed without knowing the password.
| | Author: | Adrian Leuenberger | | Homepage: | http://www.csnc.ch/ | | File Size: | 2496 | | Last Modified: | Jan 18 05:34:10 2008 |
| MD5 Checksum: | 6b806f7020e003bd2b23965068abe821 |
|
| /// File Name: |
dsa-1465-2.txt |
Description:
|
Debian Security Advisory 1465-2 - Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to. This security update fixes a regression in the previous one, which caused the package to fail to work.
| | Homepage: | http://www.debian.org/security | | File Size: | 3199 | | Related CVE(s): | CVE-2008-0302 | | Last Modified: | Jan 18 04:44:45 2008 |
| MD5 Checksum: | 284a11895b6f28fb3f08d53c3fde9955 |
|
| /// File Name: |
dsa-1465-1.txt |
Description:
|
Debian Security Advisory 1465-1 - Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to.
| | Homepage: | http://www.debian.org/security | | File Size: | 2880 | | Related CVE(s): | CVE-2008-0302 | | Last Modified: | Jan 18 04:44:06 2008 |
| MD5 Checksum: | 4a76a6c200cfa119e85d92a4d859a153 |
|
| /// File Name: |
sa28472.txt |
Description:
|
Secunia Security Advisory - mu-b has reported a vulnerability in Cisco VPN Client, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28472/ | | File Size: | 2306 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | ffc9290cc9686cc929d06ad908a3076f |
|
| /// File Name: |
sa28488.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for python-paramiko. This fixes a weakness, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/28488/ | | File Size: | 2516 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | 8d345987327f2468a95ef0c3df8df76e |
|
| /// File Name: |
sa28499.txt |
Description:
|
Secunia Security Advisory - Silentz has reported a vulnerability in Pixelpost, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/28499/ | | File Size: | 2563 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | 3bc7cbaa36d3c24c5cba5f42c33dc721 |
|
| /// File Name: |
sa28504.txt |
Description:
|
Secunia Security Advisory - Scary-Boys and S.W.A.T. have discovered a vulnerability in Mini File Host, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/28504/ | | File Size: | 2455 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | 12bdafa06be464305381ef0ace0ebf78 |
|
| /// File Name: |
sa28508.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Citrix Presentation Server, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28508/ | | File Size: | 3305 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | 6047955e99d03f5cf95dd5bcd8615e05 |
|
| /// File Name: |
sa28509.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in MyBB, which can be exploited by malicious users to conduct SQL injection attacks, and by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28509/ | | File Size: | 3623 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | 56a04de7f39160e558af472b54a12236 |
|
| /// File Name: |
sa28510.txt |
Description:
|
Secunia Security Advisory - A weakness has been reported in paramiko, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/28510/ | | File Size: | 2444 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | 826f8e1744c321d38d707584bd82e8b3 |
|
| /// File Name: |
sa28511.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Boost, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28511/ | | File Size: | 2323 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | 11296d7e8e9347eaa7f33094cac0d521 |
|
| /// File Name: |
sa28515.txt |
Description:
|
Secunia Security Advisory - tomplixsee has discovered some vulnerabilities in aliTalk, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/28515/ | | File Size: | 3435 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | 1a66156d6359184963ba6c72cb007c6c |
|
| /// File Name: |
sa28516.txt |
Description:
|
Secunia Security Advisory - IRCRASH has discovered a vulnerability in php-residence, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/28516/ | | File Size: | 2359 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | 99df634709bb1504debcf794429fee83 |
|
| /// File Name: |
sa28517.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Adobe Connect Enterprise Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28517/ | | File Size: | 2749 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | a3e126db1ebe42d10180266054f78f4b |
|
| /// File Name: |
sa28519.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Adobe Dreamweaver and Adobe Contribute, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28519/ | | File Size: | 2865 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | bd8f326539d17674cf059e974d90bd6c |
|
| /// File Name: |
sa28520.txt |
Description:
|
Secunia Security Advisory - JosS has discovered a vulnerability in GradMan, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/28520/ | | File Size: | 2336 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | f7e328a3853e9d69f21c0db72f2f9601 |
|
| /// File Name: |
sa28521.txt |
Description:
|
Secunia Security Advisory - -=M.o.B=- has reported a vulnerability in MailBee WebMail Pro, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/28521/ | | File Size: | 2296 | | Last Modified: | Jan 18 03:50:24 2008 |
| MD5 Checksum: | bc9925a08f0bd8084177a1b0fc5f5f59 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
