Section: .. / 0903-advisories /
| /// File Name: |
03.17.09-1.txt |
Description:
|
iDefense Security Advisory 03.17.09 - Remote exploitation of a stack-based buffer overflow in Autonomy Inc's KeyView SDK allows attackers to execute arbitrary code with the privileges of the current user. This vulnerability exists within the "wp6sr.dll" which implements the processing of Word Perfect Documents. When processing certain records, data is copied from the file into a fixed-size stack buffer without ensuring that enough space is available. By overflowing the buffer, an attacker can overwrite control flow structures stored on the stack. iDefense confirmed that this vulnerability exists within Lotus Notes 8 installed on a Windows XP SP3 machine. All applications which utilize the Autonomy KeyView SDK to process Word Perfect Documents are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 6165 | | Related CVE(s): | CVE-2008-4564 | | Last Modified: | Mar 17 22:06:53 2009 |
| MD5 Checksum: | f108b1538a97e95c3da65394ca775b80 |
|
| /// File Name: |
03.24.09-1.txt |
Description:
|
iDefense Security Advisory 03.24.09 - Remote exploitation of a heap based buffer overflow vulnerability in Adobe Systems Inc.'s Reader and Acrobat could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a JBIG2-encoded stream inside of a PDF file. JBIG2 is an image encoding format that is primarily used for encoding monochrome images such as faxes. Acrobat Reader and Acrobat Professional versions 7.1.0, 8.1.3, 9.0.0 and prior versions are vulnerable.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4531 | | Related CVE(s): | CVE-2009-0928 | | Last Modified: | Mar 25 03:17:05 2009 |
| MD5 Checksum: | e0b5b61d8f6275d9210d796ccbbac746 |
|
| /// File Name: |
03.25.09-1.txt |
Description:
|
iDefense Security Advisory 03.25.09 - Remote exploitation of an integer signedness vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the font parsing code in the JRE. As part of its font API, the JRE provides the ability to load a font from a remote URL. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s Java JRE version 1.6.0_11 for Windows. Previous versions and versions for other platforms may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4562 | | Last Modified: | Mar 26 14:26:48 2009 |
| MD5 Checksum: | cb6bb6c5533e769fb18b73a55e15c663 |
|
| /// File Name: |
03.25.09-2.txt |
Description:
|
iDefense Security Advisory 03.25.09 - Remote exploitation of a heap corruption vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for a JNLP file to provide its own splash logo. This allows an attacker to pass an arbitrary GIF file to the splash logo parsing code to trigger the vulnerability. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_11 on Windows and Linux. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 5230 | | Last Modified: | Mar 27 19:23:00 2009 |
| MD5 Checksum: | f4970366dc2949bf014b5f17a84b519e |
|
| /// File Name: |
03.25.09-3.txt |
Description:
|
iDefense Security Advisory 03.25.09 - Remote exploitation of a heap corruption vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. Values from the GIF file are used to calculate an offset to store data in a dynamic heap buffer. These values are not validated before use, which allows an attacker to store controlled data outside of the bounds of the allocated buffer. This leads to corruption of object pointers, which can be leveraged to execute arbitrary code. iDefense has confirmed the existence of this vulnerability in Java JRE version 1.6_11. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3870 | | Last Modified: | Mar 27 19:24:43 2009 |
| MD5 Checksum: | 88e5ed50eb496fcad942a6f8a27321cc |
|
| /// File Name: |
03.25.09-4.txt |
Description:
|
iDefense Security Advisory 03.25.09 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for a JNLP file to provide its own splash logo. This allows an attacker to pass an arbitrary PNG file to the splash logo parsing code. The vulnerability occurs when parsing a PNG file used as part of the splash screen. When parsing the image, several values are taken from the file and used in an arithmetic operation that calculates the size of a heap buffer. This calculation can overflow, which results in an undersized buffer being allocated. This buffer is later overflowed with data from the file. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_11 on Windows and Linux. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 5456 | | Last Modified: | Mar 27 19:25:52 2009 |
| MD5 Checksum: | a7c03e14bec9efc4a560b352713741e2 |
|
| /// File Name: |
03.25.09-5.txt |
Description:
|
iDefense Security Advisory 03.25.09 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java Runtime Environment (JRE) could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs during decompression when, to calculate the size of a heap buffer, the code manipulates several integers in the file. The bounds of these values are not checked, and the arithmetic operations can overflow. This results in an undersized buffer being allocated, which leads to a heap-based buffer overflow. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s JRE version 1.6.0_11 for Windows and Linux.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 5410 | | Last Modified: | Mar 27 19:27:22 2009 |
| MD5 Checksum: | 745655f99192eab0cfcaad45f2db5a40 |
|
| /// File Name: |
AST-2009-002.txt |
Description:
|
Asterisk Project Security Advisory - A remote crash vulnerability exists in the SIP channel driver allow for a denial of service condition.
| | Homepage: | http://www.asterisk.org/security | | File Size: | 9854 | | Last Modified: | Mar 10 19:39:57 2009 |
| MD5 Checksum: | c21066b5904a6cb5852a2580725a407c |
|
| /// File Name: |
Bkis-03-2009.txt |
Description:
|
Rapidleech versions prior to revision 36 suffer from arbitrary file download, local file inclusion, and cross site scripting vulnerabilities.
| | Author: | SVRT | | Homepage: | http://security.bkis.vn/ | | File Size: | 3150 | | Last Modified: | Mar 16 16:21:35 2009 |
| MD5 Checksum: | 28f8d086ce53e0e637688f9d6a14d7ef |
|
| /// File Name: |
Bkis-04-2009.txt |
Description:
|
GOM Encoder Demo versions 1.0.0.11 and below suffer from a buffer overflow vulnerability.
| | Author: | SVRT | | Homepage: | http://security.bkis.vn/ | | File Size: | 1928 | | Last Modified: | Mar 16 16:25:19 2009 |
| MD5 Checksum: | 39814080e7815193b49d4efb3ba636ed |
|
| /// File Name: |
Bkis-05-2009.txt |
Description:
|
PowerCHM suffers from a stack-based buffer overflow when processing files with the .HHP extension. Version 5.7 is affected.
| | Author: | SVRT | | Homepage: | http://security.bkis.vn/ | | File Size: | 1640 | | Last Modified: | Mar 26 14:21:08 2009 |
| MD5 Checksum: | 51978c2beab4c533f161e47119ef342f |
|
| /// File Name: |
CESA-2009-003.txt |
Description:
|
LittleCMS versions prior to 1.18beta2 suffers from various integer and buffer overflows as well as memory leak errors.
| | Author: | Chris Evans | | File Size: | 4032 | | Last Modified: | Mar 19 23:57:19 2009 |
| MD5 Checksum: | bb38dbc806d63d06a94a21d1530a58fc |
|
| /// File Name: |
cisco-sa-20090304-sbc.txt |
Description:
|
Cisco Security Advisory - A denial of service (DoS) vulnerability exists in the Cisco Session Border Controller (SBC) for the Cisco 7600 series routers. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
| | Homepage: | http://www.cisco.com/ | | File Size: | 12861 | | Related CVE(s): | CVE-2009-0619 | | Last Modified: | Mar 4 20:57:00 2009 |
| MD5 Checksum: | dd9c0b6eaed0148918ace156c1b99f40 |
|
| /// File Name: |
cisco-sa-20090311-cucmpab.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Communications Manager, formerly CallManager, contains a privilege escalation vulnerability in the IP Phone Personal Address Book (PAB) Synchronizer feature that may allow an attacker to gain complete administrative access to a vulnerable Cisco Unified Communications Manager system. If Cisco Unified Communications Manager is integrated with an external directory service, it may be possible for an attacker to leverage the privilege escalation vulnerability to gain access to additional systems configured to use the directory service for authentication.
| | Homepage: | http://www.cisco.com/ | | File Size: | 22504 | | Related CVE(s): | CVE-2009-0632 | | Last Modified: | Mar 11 14:40:53 2009 |
| MD5 Checksum: | d8645c24d171bd6853d4e520322efe43 |
|
| /// File Name: |
cisco-sa-20090325-ctcp.txt |
Description:
|
Cisco Security Advisory - A series of TCP packets may cause a denial of service (DoS) condition on Cisco IOS devices that are configured as Easy VPN servers with the Cisco Tunneling Control Protocol (cTCP) encapsulation feature. Cisco has released free software updates that address this vulnerability. No workarounds are available; however, the IPSec NAT traversal (NAT-T) feature can be used as an alternative.
| | Homepage: | http://www.cisco.com/ | | File Size: | 24659 | | Related CVE(s): | CVE-2009-0635 | | Last Modified: | Mar 25 20:53:33 2009 |
| MD5 Checksum: | 4ae06216d9b0b9d3ceb849d73c26dfa6 |
|
| /// File Name: |
cisco-sa-20090325-ip.txt |
Description:
|
Cisco Security Advisory - A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS Software are enabled.
| | Homepage: | http://www.cisco.com/ | | File Size: | 134554 | | Related CVE(s): | CVE-2009-0630 | | Last Modified: | Mar 25 21:15:10 2009 |
| MD5 Checksum: | c7eab8bfb77cb1fcdc77ffbb84368b54 |
|
| /// File Name: |
cisco-sa-20090325-mobileip.txt |
Description:
|
Cisco Security Advisory - Devices that are running Cisco IOS Software and configured for Mobile IP Network Address Translation (NAT) Traversal feature or Mobile IPv6 are vulnerable to a denial of service (DoS) attack that may result in a blocked interface.
| | Homepage: | http://www.cisco.com/ | | File Size: | 39020 | | Related CVE(s): | CVE-2009-0633, CVE-2009-0634 | | Last Modified: | Mar 25 20:58:22 2009 |
| MD5 Checksum: | eee56ea6fa21d7e2983a7e14dfc95b3e |
|
| /// File Name: |
cisco-sa-20090325-scp.txt |
Description:
|
Cisco Security Advisory - The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do, per the CLI view configuration. This vulnerability could allow valid users to retrieve or write to any file on the device's file system, including the device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information.
| | Homepage: | http://www.cisco.com/ | | File Size: | 67081 | | Related CVE(s): | CVE-2009-0637 | | Last Modified: | Mar 25 21:00:04 2009 |
| MD5 Checksum: | 91d7b59025b0930329d45da187db75bd |
|
| /// File Name: |
cisco-sa-20090325-sip.txt |
Description:
|
Cisco Security Advisory - A vulnerability exists in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that can be exploited remotely to cause a reload of the Cisco IOS device.
| | Homepage: | http://www.cisco.com/ | | File Size: | 113486 | | Related CVE(s): | CVE-2009-0636 | | Last Modified: | Mar 25 21:11:47 2009 |
| MD5 Checksum: | 435cd9388e83e7fc07986f1d9c142134 |
|
| /// File Name: |
cisco-sa-20090325-tcp.txt |
Description:
|
Cisco Security Advisory - Cisco IOS Software contains a vulnerability in multiple features that could allow an attacker to cause a denial of service (DoS) condition on the affected device. A sequence of specially crafted TCP packets can cause the vulnerable device to reload.
| | Homepage: | http://www.cisco.com/ | | File Size: | 71774 | | Related CVE(s): | CVE-2009-0629 | | Last Modified: | Mar 25 21:01:29 2009 |
| MD5 Checksum: | ed16c16c2d546e5184a20843f234de7f |
|
| /// File Name: |
cisco-sa-20090325-udp.txt |
Description:
|
Cisco Security Advisory - Several features within Cisco IOS Software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.
| | Homepage: | http://www.cisco.com/ | | File Size: | 123615 | | Related CVE(s): | CVE-2009-0631 | | Last Modified: | Mar 25 21:13:21 2009 |
| MD5 Checksum: | 17fe15b2dee8be81a6c5521e4bcebfee |
|
| /// File Name: |
cisco-sa-20090325-webvpn.txt |
Description:
|
Cisco Security Advisory - Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial of service condition. A crafted HTTPS packet will crash device. SSLVPN sessions cause a memory leak in the device.
| | Homepage: | http://www.cisco.com/ | | File Size: | 38199 | | Related CVE(s): | CVE-2009-0626 | | Last Modified: | Mar 25 20:56:07 2009 |
| MD5 Checksum: | 9a67d2ac3147d0d2071a0e8e3c8b4b38 |
|
| /// File Name: |
CORE-2009-0122.txt |
Description:
|
Core Security Technologies Advisory - Several buffer overflows have been found in HP OpenView Network Node Manager, which can be exploited to remotely compromise a user's system.
| | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 13002 | | Related CVE(s): | CVE-2009-0920, CVE-2009-0921 | | Last Modified: | Mar 24 01:15:36 2009 |
| MD5 Checksum: | b176bcd48a477e558a3cea4da4a1615c |
|
| /// File Name: |
cryptographp-disclose.txt |
Description:
|
Cryptographp version 1.4 suffers from a file disclosure vulnerability.
| | Author: | Jan G.B. | | File Size: | 877 | | Last Modified: | Mar 16 17:15:33 2009 |
| MD5 Checksum: | 75fb1968e47ef5dd48a9e0aca2b68f13 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
