Section: .. / 0907-advisories /
| /// File Name: |
glsa-200907-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-05 - An error in git-daemon might lead to a Denial of Service via resource consumption. Shawn O. Pearce reported that git-daemon runs into an infinite loop when handling requests that contain unrecognized arguments. Versions less than 1.6.3.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2489 | | Related CVE(s): | CVE-2009-2108 | | Last Modified: | Jul 13 11:47:19 2009 |
| MD5 Checksum: | 7e67634d25ace0468dcededbbdcd0685 |
|
| /// File Name: |
glsa-200907-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-06 - Adobe Reader is vulnerable to remote code execution via crafted PDF files. Versions less than 8.1.6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 5294 | | Related CVE(s): | CVE-2009-0198, CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889, CVE-2009-1492, CVE-2009-1493, CVE-2009-1855, CVE-2009-1856, CVE-2009-1857, CVE-2009-1858, CVE-2009-1859, CVE-2009-1861, CVE-2009-2028 | | Last Modified: | Jul 13 11:47:51 2009 |
| MD5 Checksum: | d407795ec1f30be94ab2af7f8cf2d9dd |
|
| /// File Name: |
glsa-200907-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-07 - ModPlug contains several buffer overflows that could lead to the execution of arbitrary code. Versions less than 0.8.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3679 | | Related CVE(s): | CVE-2009-1438, CVE-2009-1513 | | Last Modified: | Jul 13 11:48:17 2009 |
| MD5 Checksum: | da695fabc718713f3b809b5f6922a57e |
|
| /// File Name: |
glsa-200907-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-08 - An integer overflow in multiple Ralink wireless drivers might lead to the execution of arbitrary code with elevated privileges. Aviv reported an integer overflow in multiple Ralink wireless card drivers when processing a probe request packet with a long SSID, possibly related to an integer signedness error. Versions less than or equal to 1.2.2_beta3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3903 | | Related CVE(s): | CVE-2009-0282 | | Last Modified: | Jul 13 14:12:47 2009 |
| MD5 Checksum: | 8f7dd84a980aff225748671e573647df |
|
| /// File Name: |
glsa-200907-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-09 - A buffer overflow in Cyrus-SASL might allow for the execution of arbitrary code in applications or daemons that authenticate using SASL. James Ralston reported that in certain situations, Cyrus-SASL does not properly terminate strings which can result in buffer overflows when performing Base64 encoding. Versions less than 2.1.23 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2667 | | Related CVE(s): | CVE-2009-0688 | | Last Modified: | Jul 13 14:13:09 2009 |
| MD5 Checksum: | 70a68bb54438ac43e37358dda9693d96 |
|
| /// File Name: |
glsa-200907-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-10 - Syslog-ng does not properly initialize its chroot jail allowing for an escape if a separate vulnerability in Syslog-ng is exploited. Florian Grandel reported that Syslog-ng does not call chdir() before chroot() which leads to an inherited file descriptor to the current working directory. Versions less than 2.1.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2730 | | Related CVE(s): | CVE-2008-5110 | | Last Modified: | Jul 13 14:25:33 2009 |
| MD5 Checksum: | b9cf8d18a76290e6c9a44b56afa523f9 |
|
| /// File Name: |
glsa-200907-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-12 - A buffer overflow in dhclient as included in the ISC DHCP implementation allows for the remote execution of arbitrary code with root privileges. The Mandriva Linux Engineering Team has reported a stack-based buffer overflow in the subnet-mask handling of dhclient. Versions less than 3.1.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2594 | | Related CVE(s): | CVE-2009-0692 | | Last Modified: | Jul 14 15:58:52 2009 |
| MD5 Checksum: | 0203d7b18f819cf7a6ee13296903ea32 |
|
| /// File Name: |
glsa-200907-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-13 - A vulnerability in PulseAudio may allow a local user to execute code with escalated privileges. Tavis Ormandy and Julien Tinnes of the Google Security Team discovered that the pulseaudio binary is installed setuid root, and does not drop privileges before re-executing itself. The vulnerability has independently been reported to oCERT by Yorick Koster. Versions less than 0.9.9-r54 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2750 | | Related CVE(s): | CVE-2009-1894 | | Last Modified: | Jul 17 15:03:19 2009 |
| MD5 Checksum: | aea609733017683cb5b3e8f655347fd5 |
|
| /// File Name: |
glsa-200907-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-14 - A directory traversal vulnerability in Rasterbar libtorrent might allow a remote attacker to overwrite arbitrary files. census reported a directory traversal vulnerability in src/torrent_info.cpp that can be triggered via .torrent files. Versions less than 0.13-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3101 | | Related CVE(s): | CVE-2009-1760 | | Last Modified: | Jul 17 16:45:54 2009 |
| MD5 Checksum: | 2e58ce13a38bbbc244731ed16edc194c |
|
| /// File Name: |
glsa-200907-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200907-16 - Multiple integer overflows in Python have an unspecified impact. Chris Evans reported multiple integer overflows in the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. Versions less than 2.5.4-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2880 | | Related CVE(s): | CVE-2008-5031 | | Last Modified: | Jul 20 14:16:51 2009 |
| MD5 Checksum: | bc4ca6e08debeadbdd1bcbed9966a18b |
|
| /// File Name: |
GSEC-TZO-45-2009.txt |
Description:
|
Calling the CSS attr() attribute with a large number leads to memory corruption, heap spraying allows execution of code. Arbitrary remote code execution can be achieved by creating a special website and enticing the victim into visiting that site. iPhone OS versions 1.x through 2.2.1 and iPhone OS for iPod Touch versions 1.x through 2.2.1 are affected.
| | Author: | Thierry Zoller | | File Size: | 1637 | | Related CVE(s): | CVE-2009-1698 | | Last Modified: | Jul 23 10:44:50 2009 |
| MD5 Checksum: | e33e33f153200de3198d38ae05262597 |
|
| /// File Name: |
HPSBGN02446-SSRT090111.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified with HP ProCurve Threat Management Services zl Module (J9155A). These vulnerabilities could be exploited remotely to gain unauthorized access or to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 6175 | | Related CVE(s): | CVE-2009-1422, CVE-2009-1423, CVE-2009-1424, CVE-2009-1425 | | Last Modified: | Jul 13 17:04:11 2009 |
| MD5 Checksum: | d1b4a55ef6eeba5cebf8b6cae7bb9460 |
|
| /// File Name: |
HPSBMA02438-SSRT090092.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with certain HP ProLiant DL/ML 100 Series G5/G6 Servers with ProLiant Onboard Administrator Powered by LO100i. The vulnerability could be exploited remotely to create a Denial of Service (DoS). The HP ProLiant Onboard Administrator Powered by LO100i was formerly known as HP Lights Out 100.
| | Homepage: | http://www.hp.com/ | | File Size: | 9633 | | Related CVE(s): | CVE-2009-1426 | | Last Modified: | Jul 28 18:27:27 2009 |
| MD5 Checksum: | a95cfb22321ab8d6b9e771c87429dcb8 |
|
| /// File Name: |
HPSBUX02421-SSRT090047.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 7275 | | Related CVE(s): | CVE-2009-0846, CVE-2009-0847 | | Last Modified: | Jul 30 11:51:46 2009 |
| MD5 Checksum: | de8d458838985b6d57b4a33cd148e5d4 |
|
| /// File Name: |
HPSBUX02431-SSRT090085.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), or execution of arbitrary code. Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
| | Homepage: | http://www.hp.com/ | | File Size: | 11260 | | Related CVE(s): | CVE-2007-4465, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658 | | Last Modified: | Jul 2 14:53:57 2009 |
| MD5 Checksum: | 8d217e44e2ffdb59535dddf13b4c5ce2 |
|
| /// File Name: |
HPSBUX02437-SSRT090038.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running XNTP. The vulnerabilities could be exploited remotely to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 6615 | | Related CVE(s): | CVE-2009-0159, CVE-2009-1252 | | Last Modified: | Jul 22 17:00:05 2009 |
| MD5 Checksum: | 864e8926a91c7697359ccf06fb2a7ec6 |
|
| /// File Name: |
HPSBUX02440-SSRT090106.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX. The vulnerability could be exploited locally to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 6540 | | Related CVE(s): | CVE-2009-1421 | | Last Modified: | Jul 2 14:52:48 2009 |
| MD5 Checksum: | c9e6d9c2a146587c784d7b5dfa661e6b |
|
| /// File Name: |
INFIGO-2009-07-09.txt |
Description:
|
Memory corruption vulnerabilities have been discovered in NASA's Common Data Format. Versions 3.2.4 and below are affected.
| | Author: | Leon Juranic | | Homepage: | http://www.infigo.hr/ | | File Size: | 5723 | | Last Modified: | Jul 21 16:54:24 2009 |
| MD5 Checksum: | 9a6f3fe0344236a32819b4e5fb47147c |
|
| /// File Name: |
iphone-pwnability.txt |
Description:
|
iPhones running OS 3 have a usability feature where Safari is launched immediately when joining a network. This allows rogue access points a known vector of attack.
| | Author: | Max Moser | | Homepage: | http://www.remote-exploit.org/ | | File Size: | 1559 | | Last Modified: | Jul 7 13:25:36 2009 |
| MD5 Checksum: | 95085f026f78216ff73ebb598f9e0247 |
|
| /// File Name: |
lotus-enumerate.txt |
Description:
|
Lotus Sametime suffers from a user enumeration vulnerability. This is based on the time it takes to respond when authenticating credentials. IBM Lotus Instant Messaging and Web Conferencing (Sametime) version 6.5.1 is affected.
| | Author: | Karan Khosla | | Homepage: | http://www.senseofsecurity.com/ | | File Size: | 2560 | | Last Modified: | Jul 9 14:04:32 2009 |
| MD5 Checksum: | 3ba356225abd2cf662b2b2183f2ad9a5 |
|
| /// File Name: |
MDVSA-2009-124-1.txt |
Description:
|
Mandriva Linux Security Advisory 2009-124-1 - Multiple vulnerabilities have been found and corrected in apache. These include a cross site scripting vulnerability in proxy_ftp.c in the mod_proxy_ftp module, a memory leak relating to OpenSSL, and a local privilege escalation issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8042 | | Related CVE(s): | CVE-2008-1678, CVE-2008-2939, CVE-2009-1195 | | Last Modified: | Jul 8 00:56:05 2009 |
| MD5 Checksum: | b44198d7a0653346d60c49a198f9cf15 |
|
| /// File Name: |
MDVSA-2009-149.txt |
Description:
|
Mandriva Linux Security Advisory 2009-149 - The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests. Fixed a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. This update provides fixes for these vulnerabilities.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 25582 | | Related CVE(s): | CVE-2009-1890, CVE-2009-1891 | | Last Modified: | Jul 9 14:00:52 2009 |
| MD5 Checksum: | 28d8442d0e4d1cbdd013bef37a6ca810 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
