Section: .. / 0801-advisories /
| /// File Name: |
USN-568-1.txt |
Description:
|
Ubuntu Security Notice 568-1 - Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. It was discovered that the TCL regular expression parser used by PostgreSQL did not properly check its input. An attacker could send crafted regular expressions to PostgreSQL and cause a denial of service via resource exhaustion or database crash. It was discovered that PostgreSQL executed VACUUM and ANALYZE operations within index functions with superuser privileges and also allowed SET ROLE and SET SESSION AUTHORIZATION within index functions. A remote authenticated user could exploit these flaws to gain privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 42455 | | Related CVE(s): | CVE-2007-6600, CVE-2007-3278, CVE-2007-6601, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067 | | Last Modified: | Jan 14 17:39:53 2008 |
| MD5 Checksum: | 6ec3155b2d021d108bf1736b8660cdac |
|
| /// File Name: |
ZDI-08-001.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw resides in the TSM Express Backup Server service, dsmsvc.exe, which listens by default on TCP port 1500. The process trusts a user-supplied length value. By supplying a large number, an attacker can overflow a static heap buffer leading to arbitrary code execution in the context of the SYSTEM user. Tivoli Storage Manager Express version 5.3 is affected.
| | Author: | Tenable Network Security,Sebastian Apelt | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3054 | | Related CVE(s): | CVE-2008-0247 | | Last Modified: | Jan 14 17:38:21 2008 |
| MD5 Checksum: | 7a0c52554fa38a18476a3e556c03e3d5 |
|
| /// File Name: |
sa28478.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in the Meta Tags module for Drupal, which can be exploited by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28478/ | | File Size: | 2321 | | Last Modified: | Jan 14 17:13:14 2008 |
| MD5 Checksum: | a65e8a515f859d323b5a5a82a312a5da |
|
| /// File Name: |
sa28460.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been discovered in Merak Mail Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28460/ | | File Size: | 2230 | | Last Modified: | Jan 14 17:12:58 2008 |
| MD5 Checksum: | 634f8ab1e5d6fcc106f488582aec7959 |
|
| /// File Name: |
sa28469.txt |
Description:
|
Secunia Security Advisory - Avaya has acknowledged a vulnerability in multiple Avaya Products, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/28469/ | | File Size: | 2656 | | Last Modified: | Jan 14 17:12:58 2008 |
| MD5 Checksum: | 007c56f2e20a23a5f431d0143f9d0dc3 |
|
| /// File Name: |
dsa-1462-1.txt |
Description:
|
Debian Security Advisory 1462-1 - Kees Cook discovered that the hpssd tool of the HP Linux Printing and Imaging System (HPLIP) performs insufficient input sanitising of shell meta characters, which may result in local privilege escalation to the hplip user.
| | Homepage: | http://www.debian.org/security | | File Size: | 8747 | | Related CVE(s): | CVE-2007-5208 | | Last Modified: | Jan 14 17:11:40 2008 |
| MD5 Checksum: | 1910044ec3c90d531908d5056eb88251 |
|
| /// File Name: |
dsa-1461-1.txt |
Description:
|
Debian Security Advisory 1461-1 - Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop.
| | Homepage: | http://www.debian.org/security | | File Size: | 22986 | | Related CVE(s): | CVE-2007-6284 | | Last Modified: | Jan 14 17:11:10 2008 |
| MD5 Checksum: | 3f9f3034d66fc071725507a6f87731e3 |
|
| /// File Name: |
dsa-1459-1.txt |
Description:
|
Debian Security Advisory 1459-1 - It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports.
| | Homepage: | http://www.debian.org/security | | File Size: | 8144 | | Related CVE(s): | CVE-2008-0173 | | Last Modified: | Jan 14 14:10:05 2008 |
| MD5 Checksum: | 8d1500e18a1360c8c533fe09d99b9de7 |
|
| /// File Name: |
MDVSA-2008-009-1.txt |
Description:
|
Mandriva Linux Security Advisory - The default behaviour of autofs 5 for the hosts map did not specify the nosuid and nodev mount options. This could allow a local user with control of a remote NFS server to create a setuid root executable on the exported filesystem of the remote NFS server. If this filesystem was mounted with the default hosts map, it would allow the user to obtain root privileges. Likewise, the same scenario would be available for local users able to create device files on the exported filesystem which could allow the user to gain access to important system devices. Because the default behaviour of autofs was to mount -hosts map entries with the dev and suid options enabled by default, autofs has been altered to always use nodev and nosuid by default. In order to have the old behaviour, the configuration must now explicitly set the dev and/or suid options. The previous update shipped with an incorrect LDAP lookup module that would prevent the automount daemon from starting. This update corrects that problem.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3937 | | Related CVE(s): | CVE-2007-5964, CVE-2007-6285 | | Last Modified: | Jan 12 19:37:36 2008 |
| MD5 Checksum: | f6177e8e7d3f51b060fff3292eb5e11a |
|
| /// File Name: |
S21SEC-039-en.txt |
Description:
|
S21Sec Advisory - Safari 2 suffers from a remote denial of service vulnerability.
| | Author: | David Barroso | | Homepage: | http://www.s21sec.com/ | | File Size: | 1969 | | Last Modified: | Jan 12 19:36:30 2008 |
| MD5 Checksum: | 09a558e83aa81f8e210a31cfeaa998bd |
|
| /// File Name: |
MDVSA-2008-011.txt |
Description:
|
Mandriva Linux Security Advisory - rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4845 | | Related CVE(s): | CVE-2007-6199, CVE-2007-6200 | | Last Modified: | Jan 11 20:48:55 2008 |
| MD5 Checksum: | 6f2cfd48534e199dce8883b43461836d |
|
| /// File Name: |
MDVSA-2008-010.txt |
Description:
|
Mandriva Linux Security Advisory - A denial of service flaw was discovered by the Google Security Team in the way libxml2 processes malformed XML content. This flaw could cause the application to stop responding.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7090 | | Related CVE(s): | CVE-2007-6284 | | Last Modified: | Jan 11 20:48:03 2008 |
| MD5 Checksum: | 0ac803914998a47b135ab3740d0315ba |
|
| /// File Name: |
MDVSA-2008-009.txt |
Description:
|
Mandriva Linux Security Advisory - The default behaviour of autofs 5 for the hosts map did not specify the nosuid and nodev mount options. This could allow a local user with control of a remote NFS server to create a setuid root executable on the exported filesystem of the remote NFS server. If this filesystem was mounted with the default hosts map, it would allow the user to obtain root privileges. Likewise, the same scenario would be available for local users able to create device files on the exported filesystem which could allow the user to gain access to important system devices. Because the default behaviour of autofs was to mount -hosts map entries with the dev and suid options enabled by default, autofs has been altered to always use nodev and nosuid by default. In order to have the old behaviour, the configuration must now explicitly set the dev and/or suid options.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4190 | | Related CVE(s): | CVE-2007-5964, CVE-2007-6285 | | Last Modified: | Jan 11 20:47:25 2008 |
| MD5 Checksum: | f9d1f61a7e9c079463f7defadccd3a0d |
|
| /// File Name: |
sa28389.txt |
Description:
|
Secunia Security Advisory - Ricky Zhou has reported a vulnerability in WebEvent, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28389/ | | File Size: | 2153 | | Last Modified: | Jan 11 20:30:53 2008 |
| MD5 Checksum: | 1d74300bff8fb5a85cf399cb634bb36d |
|
| /// File Name: |
sa28392.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Mambo, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28392/ | | File Size: | 2331 | | Last Modified: | Jan 11 20:30:53 2008 |
| MD5 Checksum: | 899f7634ab6d0f7ba978838d2356a8a4 |
|
| /// File Name: |
sa28407.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been discovered in Oracle Siebel SimBuilder, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28407/ | | File Size: | 2193 | | Last Modified: | Jan 11 20:30:53 2008 |
| MD5 Checksum: | 7bdfd5819bc621b1f81071bcc1469e22 |
|
| /// File Name: |
sa28418.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in the BUEditor module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/28418/ | | File Size: | 2480 | | Last Modified: | Jan 11 20:30:53 2008 |
| MD5 Checksum: | 3f2e7cbb407f9ae2f96ffb692e823c58 |
|
| /// File Name: |
sa28430.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in vBGallery, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28430/ | | File Size: | 2235 | | Last Modified: | Jan 11 20:30:53 2008 |
| MD5 Checksum: | 7c4150b76f217642b91aa9eb727d2952 |
|
| /// File Name: |
sa28437.txt |
Description:
|
Secunia Security Advisory - Sun has acknowledged some vulnerabilities in Solaris, which can be exploited by malicious users to gain escalated privileges or to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28437/ | | File Size: | 2166 | | Last Modified: | Jan 11 20:30:53 2008 |
| MD5 Checksum: | 3f8a9f6e5ff11abb5d01c555795e84e3 |
|
| /// File Name: |
sa28440.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Tivoli Storage Manager Express, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28440/ | | File Size: | 2644 | | Last Modified: | Jan 11 20:30:53 2008 |
| MD5 Checksum: | 4e04945f94e7ccd56dce11f7da909173 |
|
| /// File Name: |
sa28441.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious users or malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28441/ | | File Size: | 8684 | | Last Modified: | Jan 11 20:30:53 2008 |
| MD5 Checksum: | b49c11b91b9b5a586263cad5a5021c6b |
|
| /// File Name: |
sa28445.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for postgresql. This fixes some vulnerabilities, which can be exploited by malicious users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/28445/ | | File Size: | 2179 | | Last Modified: | Jan 11 20:30:53 2008 |
| MD5 Checksum: | 6937e83a5fe198078a27858930158c02 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
