Section: .. / 0808-advisories /
| /// File Name: |
USN-626-2.txt |
Description:
|
Ubuntu Security Notice 626-2 - USN-626-1 fixed vulnerabilities in xulrunner-1.9. The changes required that Devhelp, Epiphany, Midbrowser and Yelp also be updated to use the new xulrunner-1.9. Original advisory details: A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Billy Rios discovered that Firefox and xulrunner, as used by browsers such as Epiphany, did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox or xulrunner were passed a malicious URL, an attacker may be able to execute local content with chrome privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 8866 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2933 | | Last Modified: | Aug 4 17:57:58 2008 |
| MD5 Checksum: | 78b80dacd0018da31d715ffdd0641891 |
|
| /// File Name: |
USN-633-1.txt |
Description:
|
Ubuntu Security Notice 633-1 - It was discovered that long transformation matches in libxslt could overflow. If an attacker were able to make an application linked against libxslt process malicious XSL style sheet input, they could execute arbitrary code with user privileges or cause the application to crash, leading to a denial of service. Chris Evans discovered that the RC4 processing code in libxslt did not correctly handle corrupted key information. If a remote attacker were able to make an application linked against libxslt process malicious XML input, they could crash the application, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 20529 | | Related CVE(s): | CVE-2008-1767, CVE-2008-2935 | | Last Modified: | Aug 1 16:35:05 2008 |
| MD5 Checksum: | a26158bfc3c374efd7747546270e8b34 |
|
| /// File Name: |
USN-634-1.txt |
Description:
|
Ubuntu Security Notice 634-1 - Cameron Hotchkies discovered that OpenLDAP did not correctly handle certain ASN.1 BER data. A remote attacker could send a specially crafted packet and crash slapd, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15025 | | Related CVE(s): | CVE-2008-2952 | | Last Modified: | Aug 1 16:35:42 2008 |
| MD5 Checksum: | aa94fbbd1d0b00eb7e90517afeb9ba5b |
|
| /// File Name: |
USN-636-1.txt |
Description:
|
Ubuntu Security Notice 636-1 - Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user. The default Ubuntu configuration was not vulnerable.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 21465 | | Related CVE(s): | CVE-2008-2936 | | Last Modified: | Aug 20 02:46:11 2008 |
| MD5 Checksum: | cce112ac7583d275595f69c51a839d9d |
|
| /// File Name: |
USN-637-1.txt |
Description:
|
Ubuntu Security Notice 637-1 - It was discovered that there were multiple NULL-pointer function dereferences in the Linux kernel terminal handling code. A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service. The do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. Tobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. Zoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 191184 | | Related CVE(s): | CVE-2008-2812, CVE-2008-2931, CVE-2008-3272, CVE-2008-3275 | | Last Modified: | Aug 26 21:53:24 2008 |
| MD5 Checksum: | 4ff77f698b3af8e2303260d5110f0d63 |
|
| /// File Name: |
USN-638-1.txt |
Description:
|
Ubuntu Security Notice 638-1 - Aaron Grattafiori discovered that the Gnome Help Viewer did not handle format strings correctly when displaying certain error messages. If a user were tricked into opening a specially crafted URI, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3742 | | Related CVE(s): | CVE-2008-3533 | | Last Modified: | Aug 27 18:03:15 2008 |
| MD5 Checksum: | c3002bba563957c93b2edfad569c7c01 |
|
| /// File Name: |
vim-tar.txt |
Description:
|
Vim versions below 7.2c.002 and above 7.0 suffer from a vulnerability that allows for potential arbitrary code execution when handling tar archives.
| | Author: | Jan Minar | | File Size: | 3305 | | Last Modified: | Aug 8 16:48:52 2008 |
| MD5 Checksum: | 27231022c87b27cb55f59e0c85154b57 |
|
| /// File Name: |
vim-tarplugin.txt |
Description:
|
Vim versions 7.0 through 7.2c.002 suffer from unfixed vulnerabilities in Tar plugin version 20.
| | Author: | Jan Minar | | File Size: | 9242 | | Related CVE(s): | CVE-2008-2712 | | Last Modified: | Aug 8 16:51:29 2008 |
| MD5 Checksum: | 1e85b27072e0bf40a65443366c365933 |
|
| /// File Name: |
VMSA-2008-0012.txt |
Description:
|
VMware Security Advisory - An information disclosure vulnerability is present in VirtualCenter. Exploitation of this flaw might result in disclosure of the user names of system accounts. VirtualCenter versions 2.5 previous to update 2 and VirtualCenter versions 2.0.2 previous to update 5 are vulnerable.
| | Homepage: | http://www.vmware.com/ | | File Size: | 3846 | | Related CVE(s): | CVE-2008-3514 | | Last Modified: | Aug 13 00:55:09 2008 |
| MD5 Checksum: | efde66850073b28d67a286322174229e |
|
| /// File Name: |
VMSA-2008-0014.txt |
Description:
|
VMware Security Advisory - Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.
| | Homepage: | http://www.vmware.com/ | | File Size: | 26548 | | Related CVE(s): | CVE-2008-2101, CVE-2007-5269, CVE-2008-1447, CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, CVE-2007-5438, CVE-2008-3696, CVE-2008-3697, CVE-2008-3698, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808, CVE-2007-5503 | | Last Modified: | Aug 31 19:44:00 2008 |
| MD5 Checksum: | 66543adde34c36baff73bda1674cfb79 |
|
| /// File Name: |
webex-overflow.txt |
Description:
|
The Webex Meeting Manager utilizes several ActiveX controls, one of which is vulnerable to a stack based buffer overflow. The atucfobj Module contains a single method called NewObject() who's only parameter is vulnerable to this issue.
| | Author: | Elazar Broad | | File Size: | 2039 | | Last Modified: | Aug 6 17:43:05 2008 |
| MD5 Checksum: | ffcef6e99156b9761932f07647471908 |
|
| /// File Name: |
wingate-dos.txt |
Description:
|
WinGate version 6.2.2 is vulnerable to denial of service attacks.
| | Author: | Joao Antunes | | File Size: | 1293 | | Last Modified: | Aug 12 22:14:29 2008 |
| MD5 Checksum: | a97d3556224ccb8c19a18e67e9381f82 |
|
| /// File Name: |
ZDI-08-048.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed Country (0x8c) record, user-supplied data may be used in a memory copy operation resulting in memory corruption. If successfully exploited remote control of the affected system can be obtained under the credentials of the currently logged in user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3501 | | Related CVE(s): | CVE-2008-3006 | | Last Modified: | Aug 13 02:01:12 2008 |
| MD5 Checksum: | 84acfb115b505098052b43ce129d2f84 |
|
| /// File Name: |
ZDI-08-049.txt |
Description:
|
A potential vulnerability exists in the Microsoft Office Suite. The issue is a result of insufficient bounds checking on the content of PICT files embedded into documents. Successful exploitation of this issue enables an attacker to remotely execute arbitrary code on a target system. User interaction would be required, as an attacker would have to convince the target user to open a malformed file. One of the filter DLLs for processing image files in Microsoft Office suffers from a potentially-exploitable memory corruption condition when processing .PICT images. An invalid value in the bits_per_pixel field (offset 0x257) causes heap corruption. Different values of this field result in distinctly different types of corruption. Internally, the issue was only reproducible when the malformed image was directly inserted into an Office document by the target user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3817 | | Related CVE(s): | CVE-2008-3021 | | Last Modified: | Aug 13 02:01:58 2008 |
| MD5 Checksum: | 95a2365a606823614531bdc803a5d3ab |
|
| /// File Name: |
ZDI-08-050.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects. When an object is appended in a specific order, memory corruption occurs. Successful exploitation leads to remote compromise of the affected system under the credentials of the currently logged in user.
| | Author: | Sam Thomas | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3195 | | Related CVE(s): | CVE-2008-2257 | | Last Modified: | Aug 13 02:05:43 2008 |
| MD5 Checksum: | 1e767b4d0710b6c931e46b42a3154c5f |
|
| /// File Name: |
ZDI-08-051.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects. When an object is appended in a specific order and particular functions are performed on these objects memory corruption occurs. Successful exploitation leads to remote compromise of the affected system under the credentials of the currently logged in user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3215 | | Related CVE(s): | CVE-2008-2258 | | Last Modified: | Aug 13 02:06:43 2008 |
| MD5 Checksum: | 92b4db3d7e7da409de10fa99687ee417 |
|
| /// File Name: |
ZDI-08-052.txt |
Description:
|
A vulnerability allows remote attackers to deny services on vulnerable installations of OpenLDAP. Authentication is not required to exploit this vulnerability. The specific flaw exists in the decoding of ASN.1 BER network datagrams. When the size of a BerElement is specified incorrectly, the application will trigger an assert(), leading to abnormal program termination.
| | Author: | Oscar Mira-Sanchez | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3289 | | Related CVE(s): | CVE-2008-2952 | | Last Modified: | Aug 14 20:04:56 2008 |
| MD5 Checksum: | c4b36d8934d8c8254cbb4f7fa85d22ad |
|
| /// File Name: |
ZDI-08-053.txt |
Description:
|
A vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the functionality exposed by the Storage Foundation for Windows Scheduler Service, VxSchedService.exe, which listens by default on TCP port 4888. The management console allows NULL NTLMSSP authentication thereby enabling a remote attacker to add, modify, or delete snapshots schedules and consequently run arbitrary code under the context of the SYSTEM user.
| | Author: | Tenable Network Security | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3128 | | Last Modified: | Aug 14 20:05:49 2008 |
| MD5 Checksum: | 95e5d86646e2ad48b9ff8481f0549ee9 |
|
| /// File Name: |
ZDI-08-054.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3008 | | Related CVE(s): | CVE-2008-2927 | | Last Modified: | Aug 29 01:49:37 2008 |
| MD5 Checksum: | d76ab9bcd5ffc3e70e7f81027f487560 |
|
| /// File Name: |
zoneminder-multi.txt |
Description:
|
ZoneMinder versions 1.23.3 and below suffer from command injection, SQL injection, and cross site scripting vulnerabilities.
| | Author: | Filip Palian | | File Size: | 1273 | | Last Modified: | Aug 26 22:10:06 2008 |
| MD5 Checksum: | d8bb2d877419e579e9d76b0f207b8425 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
