Section: .. / 0906-advisories /
| /// File Name: |
USN-779-1.txt |
Description:
|
Ubuntu Security Notice USN-779-1 - Several flaws were discovered in the browser and JavaScript engines of Firefox. Pavel Cvrcek discovered that Firefox would sometimes display certain invalid Unicode characters as whitespace. Gregory Fleischer, Adam Barth and Collin Jackson discovered that Firefox would allow access to local files from resources loaded via the file: protocol. Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Firefox did not properly handle error responses when connecting to a proxy server. Wladimir Palant discovered Firefox did not check content-loading policies when loading external script files into XUL documents. It was discovered that Firefox could be made to run scripts with elevated privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 39320 | | Related CVE(s): | CVE-2009-1832, CVE-2009-1833, CVE-2009-1834, CVE-2009-1835, CVE-2009-1836, CVE-2009-1837, CVE-2009-1838, CVE-2009-1839, CVE-2009-1840, CVE-2009-1841 | | Last Modified: | Jun 15 15:19:01 2009 |
| MD5 Checksum: | 20d73ec790559f5e32462003396de707 |
|
| /// File Name: |
USN-780-1.txt |
Description:
|
Ubuntu Security Notice USN-780-1 - Anibal Sacco discovered that CUPS did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 28307 | | Related CVE(s): | CVE-2009-0949 | | Last Modified: | Jun 4 18:36:44 2009 |
| MD5 Checksum: | be1d94ddae6c3ed3f380451898ddc0b4 |
|
| /// File Name: |
USN-781-1.txt |
Description:
|
Ubuntu Security Notice USN-781-1 - It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. It was discovered that Pidgin did not properly handle certain malformed messages in the QQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash. This issue only affected Ubuntu 8.10 and 9.04. It was discovered that Pidgin did not properly handle certain malformed messages in the XMPP and Sametime protocol handlers. A remote attacker could send a specially crafted message and cause Pidgin to crash. It was discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15399 | | Related CVE(s): | CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376 | | Last Modified: | Jun 4 18:39:51 2009 |
| MD5 Checksum: | a6eb12f8b58c9b78c48f4166060058d3 |
|
| /// File Name: |
USN-781-2.txt |
Description:
|
Ubuntu Security Notice USN-781-2 - It was discovered that Gaim did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Gaim to crash, or possibly execute arbitrary code with user privileges. It was discovered that Gaim did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3524 | | Related CVE(s): | CVE-2009-1373, CVE-2009-1376 | | Last Modified: | Jun 4 18:41:12 2009 |
| MD5 Checksum: | d74cb76df8b38e0209f284e5b01abe54 |
|
| /// File Name: |
USN-782-1.txt |
Description:
|
Ubuntu Security Notice USN-782-1 - Several flaws were discovered in the JavaScript engine of Thunderbird. Several flaws were discovered in the way Thunderbird processed malformed URI schemes. Cefn Hoile discovered Thunderbird did not adequately protect against embedded third-party stylesheets. Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang discovered that Thunderbird did not properly handle error responses when connecting to a proxy server. It was discovered that Thunderbird could be made to run scripts with elevated privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 14825 | | Related CVE(s): | CVE-2009-1303, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1392, CVE-2009-1833, CVE-2009-1836, CVE-2009-1838, CVE-2009-1841 | | Last Modified: | Jun 25 22:22:52 2009 |
| MD5 Checksum: | bc8e94801fbf6a964cf6017070fddcf0 |
|
| /// File Name: |
USN-783-1.txt |
Description:
|
Ubuntu Security Notice USN-783-1 - Chris Jones discovered that the eCryptfs support utilities would report the mount passphrase into installation logs when an eCryptfs home directory was selected during Ubuntu installation. The logs are only readable by the root user, but this still left the mount passphrase unencrypted on disk, potentially leading to a loss of privacy.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4103 | | Related CVE(s): | CVE-2009-1296 | | Last Modified: | Jun 8 19:50:12 2009 |
| MD5 Checksum: | 9cbabee30c57549b3268aeb2af8fcfe6 |
|
| /// File Name: |
USN-784-1.txt |
Description:
|
Ubuntu Security Notice USN-784-1 - It was discovered that ImageMagick did not properly verify the dimensions of TIFF files. If a user or automated system were tricked into opening a crafted TIFF file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 25694 | | Related CVE(s): | CVE-2009-1882 | | Last Modified: | Jun 8 19:50:30 2009 |
| MD5 Checksum: | 9fd87107c7750f632161e031f3c30659 |
|
| /// File Name: |
USN-785-1.txt |
Description:
|
Ubuntu Security Notice USN-785-1 - It was discovered that ipsec-tools did not properly handle certain fragmented packets. A remote attacker could send specially crafted packets to the server and cause a denial of service. It was discovered that ipsec-tools did not properly handle memory usage when verifying certificate signatures or processing nat-traversal keep-alive messages. A remote attacker could send specially crafted packets to the server and exhaust available memory, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 10406 | | Related CVE(s): | CVE-2009-1574, CVE-2009-1632 | | Last Modified: | Jun 9 14:59:46 2009 |
| MD5 Checksum: | 37b56ce4d0cad8f67c7a010e9ab97fac |
|
| /// File Name: |
USN-786-1.txt |
Description:
|
Ubuntu Security Notice USN-786-1 - Matthew Palmer discovered an underflow flaw in apr-util. An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, .htaccess file, or when using mod_apreq2. Applications using libapreq2 are also affected. It was discovered that the XML parser did not properly handle entity expansion. A remote attacker could cause a denial of service via memory resource consumption by sending a crafted request to an Apache server configured to use mod_dav or mod_dav_svn. C. Michael Pilato discovered an off-by-one buffer overflow in apr-util when formatting certain strings. For big-endian machines (powerpc, hppa and sparc in Ubuntu), a remote attacker could cause a denial of service or information disclosure leak. All other architectures for Ubuntu are not considered to be at risk.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11268 | | Related CVE(s): | CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 | | Last Modified: | Jun 11 15:53:30 2009 |
| MD5 Checksum: | f59dc6250b81e749143228aa2dcd20d1 |
|
| /// File Name: |
USN-788-1.txt |
Description:
|
Ubuntu Security Notice USN-788-1 - Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6126 | | Related CVE(s): | CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783 | | Last Modified: | Jun 15 16:42:09 2009 |
| MD5 Checksum: | bc1b230d16aa5648a4fdd15ad3fd1766 |
|
| /// File Name: |
USN-789-1.txt |
Description:
|
Ubuntu Security Notice USN-789-1 - Tielei Wang discovered that GStreamer Good Plugins did not correctly handle malformed PNG image files. If a user were tricked into opening a crafted PNG image file with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17427 | | Related CVE(s): | CVE-2009-1932 | | Last Modified: | Jun 22 22:36:26 2009 |
| MD5 Checksum: | 3617da61c8320d7798f267a1c9bfb9d1 |
|
| /// File Name: |
USN-790-1.txt |
Description:
|
Ubuntu Security Notice USN-790-1 - James Ralston discovered that the Cyrus SASL base64 encoding function could be used unsafely. If a remote attacker sent a specially crafted request to a service that used SASL, it could lead to a loss of privacy, or crash the application, resulting in a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 32010 | | Related CVE(s): | CVE-2009-0688 | | Last Modified: | Jun 24 20:11:26 2009 |
| MD5 Checksum: | 75898842c78d22af19c3d437f1677171 |
|
| /// File Name: |
USN-791-1.txt |
Description:
|
Ubuntu Security Notice USN-791-1 - A large amount of Moodle vulnerabilities have been addressed including code execution, SQL injection, and cross site request forgery issues.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6917 | | Related CVE(s): | CVE-2007-3215, CVE-2008-4796, CVE-2008-4810, CVE-2008-4811, CVE-2008-5153, CVE-2008-5432, CVE-2008-5619, CVE-2008-6124, CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502, CVE-2009-1171, CVE-2009-1669 | | Last Modified: | Jun 24 20:11:46 2009 |
| MD5 Checksum: | 5a3ef5242ea05fa6d920131af4b10931 |
|
| /// File Name: |
USN-791-2.txt |
Description:
|
Ubuntu Security Notice USN-791-2 - Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 1713 | | Related CVE(s): | CVE-2009-1171 | | Last Modified: | Jun 24 20:14:45 2009 |
| MD5 Checksum: | 4fd0c82404d02d7a3113689bfd2d677a |
|
| /// File Name: |
USN-791-3.txt |
Description:
|
Ubuntu Security Notice USN-791-3 - It was discovered that Smarty did not correctly filter certain math inputs. A remote attacker using Smarty via a web service could exploit this to execute subsets of shell commands as the web server user.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 1522 | | Related CVE(s): | CVE-2009-1669 | | Last Modified: | Jun 24 20:13:55 2009 |
| MD5 Checksum: | 3a1ed8b1387b98b11aca335aaf7288c4 |
|
| /// File Name: |
USN-792-1.txt |
Description:
|
Ubuntu Security Notice USN-792-1 - It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly free memory when processing DTLS fragments. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. It was discovered that OpenSSL did not properly handle certain server certificates when processing DTLS packets. A remote DTLS server could cause a denial of service by sending a message containing a specially crafted server certificate. It was discovered that OpenSSL did not properly handle a DTLS ChangeCipherSpec packet when it occurred before ClientHello. A remote attacker could cause a denial of service by sending a specially crafted request. It was discovered that OpenSSL did not properly handle out of sequence DTLS handshake messages. A remote attacker could cause a denial of service by sending a specially crafted request.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 20360 | | Related CVE(s): | CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387 | | Last Modified: | Jun 25 19:59:19 2009 |
| MD5 Checksum: | 8a0f6e8d5cf353cfc8d4f7aa10111228 |
|
| /// File Name: |
ZDI-09-024.txt |
Description:
|
Zero Day Initiative Advisory 09-024 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Safenet Softremote IKE VPN service. Authentication is not required to exploit this vulnerability. The specific flaw exists in the ireIke.exe service listening on UDP port 62514. The process does not adequately handle long requests resulting in a stack overflow. Exploitation can result in complete system compromise under the SYSTEM credentials.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2525 | | Last Modified: | Jun 2 23:51:21 2009 |
| MD5 Checksum: | 3398901258a38b0fb81b5e249abcb411 |
|
| /// File Name: |
ZDI-09-025.txt |
Description:
|
Zero Day Initiative Advisory 09-025 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must either open a malicious file, or visit a malicious web page. The specific flaw exists during decompression of a delta-encoded chunk. The algorithm to decompress the frame trusts a line specifier when calculating where to write decompressed data. This results in a relative write using attacker supplied values which can lead to remove code execution under the context of the current user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2687 | | Related CVE(s): | CVE-2009-0951 | | Last Modified: | Jun 2 23:51:46 2009 |
| MD5 Checksum: | f6f404bd04331163e7eae913086bf526 |
|
| /// File Name: |
ZDI-09-026.txt |
Description:
|
Zero Day Initiative Advisory 09-026 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application parses a malformed .PSD image. While decoding the columns, rows and channels in the image header, the application trusts a different length for copying than used for allocating it. This results in a heap overflow and can lead to code execution under the context of the current user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2664 | | Related CVE(s): | CVE-2009-0952 | | Last Modified: | Jun 2 23:52:00 2009 |
| MD5 Checksum: | c5b0b628eaa28f3955ad4f5ec517445f |
|
| /// File Name: |
ZDI-09-027.txt |
Description:
|
Zero Day Initiative Advisory 09-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of PICT files in QuickTime.qts. While processing data for opcode 0x8201 QuickTime trusts a value contained in the file and makes an allocation accordingly. The process then enters a loop whose terminating condition is controlled. The previously allocated heap buffer can be overflowed leading to arbitrary code execution under the context of the user running QuickTime.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2778 | | Related CVE(s): | CVE-2009-0953 | | Last Modified: | Jun 2 23:52:15 2009 |
| MD5 Checksum: | 2d4a2ee623f219af5c4cea3f8222d043 |
|
| /// File Name: |
ZDI-09-028.txt |
Description:
|
Zero Day Initiative Advisory 09-028 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must either open a malicious file, or visit a malicious web page. The specific flaw exists during parsing of Clipping Region (CRGN) atom types in a Quicktime Movie file. The application trusts the contents of the atom to contain a terminator during a copy operation. The application will copy user-supplied data into a heap-buffer until it identifies this terminator. This will allow one to overwrite heap-control structures which can be leveraged to achieve code execution from the context of the application.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2807 | | Related CVE(s): | CVE-2009-0954 | | Last Modified: | Jun 2 23:52:30 2009 |
| MD5 Checksum: | 1d243ef20d50ea20f4eaf0929cad3aec |
|
| /// File Name: |
ZDI-09-029.txt |
Description:
|
Zero Day Initiative Advisory 09-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed Jpen2000 image files. A field is read directly from the file and used to allocate memory for a structure. If the value read is smaller then the expected structure size then a memory corruption will occur which can be leveraged by an attacker to execute arbitrary code under the context of the current user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2700 | | Related CVE(s): | CVE-2009-0957 | | Last Modified: | Jun 2 23:52:46 2009 |
| MD5 Checksum: | 93ec52737aca8f17a5bee16fa8642cc1 |
|
| /// File Name: |
ZDI-09-030.txt |
Description:
|
Zero Day Initiative Advisory 09-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of PICT files in QuickTime.qts. While processing data for opcode 0x71 QuickTime trusts a value contained in the file and makes an allocation accordingly. By providing a malicious value this buffer can be undersized and subsequently can be overflowed leading to arbitrary code execution under the context of the user running QuickTime.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2741 | | Related CVE(s): | CVE-2009-0010 | | Last Modified: | Jun 2 23:52:59 2009 |
| MD5 Checksum: | 9bf715cbe4ec82ffa0cf02d41a06bddd |
|
| /// File Name: |
ZDI-09-031.txt |
Description:
|
Zero Day Initiative Advisory 09-031 - This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability. The specific flaw exists in the implementation of the MSN protocol, specifically the handling of SLP messages. The function msn_slplink_process_msg() fails to properly validate an offset value specified in the SLP packet. By providing a specific value, an attacker can overflow a heap buffer resulting in arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2431 | | Related CVE(s): | CVE-2009-1376 | | Last Modified: | Jun 9 14:50:30 2009 |
| MD5 Checksum: | d1162fc407c94b4183b1eec6ff066838 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
