Section: .. / 0804-advisories /
| /// File Name: |
AKLINK-SA-2008-005.txt |
Description:
|
Apache-SSL versions prior to apache_1.3.41+ssl_1.59 suffer from a memory disclosure vulnerability that may allow for privilege escalation.
| | Author: | Alexander Klink | | Homepage: | https://www.cynops.de/ | | File Size: | 5271 | | Related CVE(s): | CVE-2008-0555 | | Last Modified: | Apr 3 01:13:41 2008 |
| MD5 Checksum: | 2878008d9e266abac14534bd7ec467fe |
|
| /// File Name: |
AST-2008-006.txt |
Description:
|
Asterisk Project Security Advisory - Javantea found multiple security issues in IAX2 including an incomplete 3-way handshake.
| | Author: | Javantea | | Homepage: | http://www.asterisk.org/security | | File Size: | 10837 | | Related CVE(s): | CVE-2008-1897 | | Last Modified: | Apr 22 21:41:02 2008 |
| MD5 Checksum: | 1784691eda57201cf6362b96624b5595 |
|
| /// File Name: |
CAalert-multi.txt |
Description:
|
CA Security Advisory - CA Alert Notification Server service contains multiple vulnerabilities that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities. The vulnerabilities are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4301 | | Related CVE(s): | CVE-2007-4620 | | Last Modified: | Apr 4 20:06:38 2008 |
| MD5 Checksum: | 0f210394aad268a0f3f84f8d8acfb639 |
|
| /// File Name: |
CAarc-multi.txt |
Description:
|
CA Security Advisory - CA ARCserve Backup for Laptops and Desktops Server contains multiple vulnerabilities that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities. The first issue occurs due to insufficient bounds checking on command arguments by the LGServer service. The second issue occurs due to insufficient verification of file uploads by the NetBackup service. In most cases, an attacker can potentially gain complete control of an affected installation. Additionally, only a server installation of BrightStor ARCserve Backup for Laptops and Desktops is affected. The client installation is not affected.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 5240 | | Related CVE(s): | CVE-2008-1328, CVE-2008-1329 | | Last Modified: | Apr 4 20:08:05 2008 |
| MD5 Checksum: | 579f6632d25d2375c8f0987283a05848 |
|
| /// File Name: |
cadsm-activex.txt |
Description:
|
CA products that implement the DSM gui_cm_ctrls ActiveX control contain a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. The vulnerability is due to insufficient verification of function arguments by the gui_cm_ctrls control. An attacker can execute arbitrary code under the context of the user running the web browser.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 8206 | | Related CVE(s): | CVE-2008-1786 | | Last Modified: | Apr 16 18:07:18 2008 |
| MD5 Checksum: | 0459d642cca948564271c7536b495555 |
|
| /// File Name: |
cisco-sa-20080403-drf.txt |
Description:
|
Cisco Security Advisory - Several products in the Cisco Unified Communications family of products contain a command execution vulnerability in the Disaster Recovery Framework (DRF) feature. A remote, unauthenticated user could exploit this vulnerability to execute arbitrary commands that may allow full administrative access to affected systems. There is a workaround for this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 12435 | | Related CVE(s): | CVE-2008-1154 | | Last Modified: | Apr 4 17:56:55 2008 |
| MD5 Checksum: | 9d04ddfdd8879fbb50747c67c1fb4a86 |
|
| /// File Name: |
cisco-sa-20080416-nac.txt |
Description:
|
Cisco Security Advisory - A vulnerability exists in the Cisco Network Admission Control (NAC) Appliance that can allow an attacker to obtain the shared secret that is used between the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM).
| | Homepage: | http://www.cisco.com/ | | File Size: | 12378 | | Related CVE(s): | CVE-2008-1155 | | Last Modified: | Apr 16 17:53:33 2008 |
| MD5 Checksum: | f0a4beb6ab4ff7f5a8cf2431ee424f93 |
|
| /// File Name: |
CORE-2008-0314.txt |
Description:
|
Core Security Technologies Advisory - Orbit Downloader is vulnerable to a buffer overflow attack which can be exploited to execute arbitrary code. Versions 2.6.3 and 2.6.4 are verified vulnerable.
| | Author: | Diego Juarez | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 7486 | | Related CVE(s): | CVE-2008-1602 | | Last Modified: | Apr 4 18:03:17 2008 |
| MD5 Checksum: | 3cb9c129e128a6f459b5ce8739aaf7a1 |
|
| /// File Name: |
CORE-2008-0320.txt |
Description:
|
Core Security Technologies Advisory - Insufficient argument validation of hooked SSDT functions exists in BitDefender Antivirus 2008 Build 11.0.11, Comodo Firewall Pro 2.4.18.184, Sophos Antivirus 7.0.5, and Rising Antivirus 19.60.0.0 and 19.66.0.0. Older versions may be affected, but were not checked.
| | Author: | Damian Saura, Anibal Sacco, Dario Menichelli, Norberto Kueffner, Andres Blanco, Rodrigo Carvalho | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 24176 | | Related CVE(s): | CVE-2008-1735, CVE-2008-1736, CVE-2008-1737, CVE-2008-1738 | | Last Modified: | Apr 28 18:43:55 2008 |
| MD5 Checksum: | 07f48db168be845e6c0d39ee8563171e |
|
| /// File Name: |
DDIVRT-2008-11.txt |
Description:
|
BadBlue is a web server used for peer-to-peer file sharing. By default, several executable files are stored in the web root: badblue.exe, uninst.exe, and dyndns.exe. Executable files stored in the web root of BadBlue can be launched remotely by any user. This can be leveraged to create a DoS condition by repeatedly invoking the uninst.exe executable. Due to the fact that BadBlue has not released a patch for the previously documented directory traversal vulnerability, an attacker may utilize these two flaws in conjunction to place a malicious executable in the web root and compromise a vulnerable server.
| | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1453 | | Related CVE(s): | CVE-2007-6378 | | Last Modified: | Apr 24 16:24:36 2008 |
| MD5 Checksum: | 97b22c9a16c638ad5d8a3727cfad7bfb |
|
| /// File Name: |
dotclear-upload.txt |
Description:
|
Dotclear versions 1.2.7.1 and below suffer from an arbitrary upload vulnerability in ecrire/images.php.
| | Author: | Morgan ARMAND | | File Size: | 858 | | Last Modified: | Apr 15 13:27:08 2008 |
| MD5 Checksum: | 8f3d51baf48ad372a0b2fca6a59b1107 |
|
| /// File Name: |
dsa-1492-2.txt |
Description:
|
Debian Security Advisory 1492-2 - The security update DSA 1492-1 fixed the security problem below but introduced a new problem by not removing temporary directories in the ipp backend. This update corrects this.
| | Homepage: | http://www.debian.org/security | | File Size: | 5199 | | Related CVE(s): | CVE-2008-0665, CVE-2008-0666 | | Last Modified: | Apr 28 11:05:21 2008 |
| MD5 Checksum: | 6089ef64c5f3604733d60efdf1bde197 |
|
| /// File Name: |
dsa-1533-2.txt |
Description:
|
Debian Security Advisory 1533-2 - Christian Schmid and Meder Kydyraliev (Google Security) discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images. This update merely adds the packages for Debian 3.1 sarge (oldstable) which were missing in the previous DSA.
| | Homepage: | http://www.debian.org/security | | File Size: | 8364 | | Related CVE(s): | CVE-2007-6354, CVE-2007-6355, CVE-2007-6356 | | Last Modified: | Apr 1 22:15:20 2008 |
| MD5 Checksum: | c0263d8a954340e247c814c20791301d |
|
| /// File Name: |
dsa-1537-1.txt |
Description:
|
Debian Security Advisory 1537-1 - Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files.
| | Homepage: | http://www.debian.org/security | | File Size: | 7172 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Apr 4 17:36:47 2008 |
| MD5 Checksum: | d48aae6288a7f069b72300c4ff33fcda |
|
| /// File Name: |
dsa-1538-1.txt |
Description:
|
Debian Security Advisory 1538-1 - Erik Sjolund discovered a buffer overflow vulnerability in the Ogg Vorbis input plugin of the alsaplayer audio playback application. Successful exploitation of this vulnerability through the opening of a maliciously-crafted Vorbis file could lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 25300 | | Related CVE(s): | CVE-2007-5301 | | Last Modified: | Apr 4 20:11:20 2008 |
| MD5 Checksum: | 509381d3a9dc0720051f2c4c85abb62d |
|
| /// File Name: |
dsa-1539-1.txt |
Description:
|
Debian Security Advisory 1539-1 - Chris Schmidt and Daniel Morissette discovered two vulnerabilities in mapserver, a development environment for spatial and mapping applications. Lack of input sanitizing and output escaping in the CGI mapserver's template handling and error reporting routines leads to cross-site scripting vulnerabilities. Missing bounds checking in mapserver's template handling leads to a stack-based buffer overrun vulnerability, allowing a remote attacker to execute arbitrary code with the privileges of the CGI or httpd user.
| | Homepage: | http://www.debian.org/security | | File Size: | 13952 | | Related CVE(s): | CVE-2007-4542, CVE-2007-4629 | | Last Modified: | Apr 4 20:12:14 2008 |
| MD5 Checksum: | 2447663616ac764bd4c71d920e8e0627 |
|
| /// File Name: |
dsa-1540-1.txt |
Description:
|
Debian Security Advisory 1540-1 - It was discovered that lighttpd, a fast webserver with minimal memory footprint, did not correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections.
| | Homepage: | http://www.debian.org/security | | File Size: | 13040 | | Related CVE(s): | CVE-2008-1531 | | Last Modified: | Apr 8 01:31:28 2008 |
| MD5 Checksum: | f8fac331687637375cb06cec297e82f8 |
|
| /// File Name: |
dsa-1540-2.txt |
Description:
|
Debian Security Advisory 1540-2 - It was discovered that lighttpd, a fast webserver with minimal memory footprint, did not correctly handle SSL errors. This could allow a remote attacker to disconnect all active SSL connections. This security update fixes a regression in the previous one, which caused SSL failures.
| | Homepage: | http://www.debian.org/security | | File Size: | 11091 | | Related CVE(s): | CVE-2008-1531 | | Last Modified: | Apr 15 22:03:04 2008 |
| MD5 Checksum: | 092f75b80afc4f0cec9c33d9c65b5be9 |
|
| /// File Name: |
dsa-1542-1.txt |
Description:
|
Debian Security Advisory 1542-1 - Peter Valchev (Google Security) discovered a series of integer overflow weaknesses in Cairo, a vector graphics rendering library used by many other applications. If an application uses cairo to render a maliciously-crafted PNG image, the vulnerability allows the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 12772 | | Related CVE(s): | CVE-2007-5503 | | Last Modified: | Apr 10 10:12:48 2008 |
| MD5 Checksum: | 2fe7514d32330d4652a01caf2edba8f8 |
|
| /// File Name: |
dsa-1543-1.txt |
Description:
|
Debian Security Advisory 1543-1 - A fair amount of people have discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc.
| | Homepage: | http://www.debian.org/security | | File Size: | 23070 | | Related CVE(s): | CVE-2007-6681, CVE-2007-6682, CVE-2007-6683, CVE-2008-0295, CVE-2008-0296, CVE-2008-0073, CVE-2008-0984, CVE-2008-1489 | | Last Modified: | Apr 10 16:36:51 2008 |
| MD5 Checksum: | f21e2006584c648bf8aafc1ba9d3afa2 |
|
| /// File Name: |
dsa-1544-1.txt |
Description:
|
Debian Security Advisory 1544-1 - Amit Klein discovered that pdns-recursor, a caching DNS resolver, uses a weak random number generator to create DNS transaction IDs and UDP source port numbers. As a result, cache poisoning attacks were simplified.
| | Homepage: | http://www.debian.org/security | | File Size: | 4181 | | Related CVE(s): | CVE-2008-1637 | | Last Modified: | Apr 10 16:37:42 2008 |
| MD5 Checksum: | 5f318a0c586da19bca411140ef2d5fe4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
