Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead to a compromise of almost all ElGamal keys used for signing. Note that this is a real world vulnerability which will reveal your private key within a few seconds.
d2e8729c12da064590ac01ae3beb9558OpenCA Security Advisory - Multiple flaws in OpenCA before version 0.9.1.4 could cause OpenCA to use an incorrect certificate in the chain to determine the serial being checked which could lead to certificates that are revoked or expired being incorrectly accepted.
90f2c90aa0a8bc013a77340246b38646The GNU Screen utility versions 4.0.1, 3.9.15, and below, suffer from a buffer overflow vulnerability that allows local users to escalate their privileges. The screen utility is installed either setgid-utmp or setuid-root. It also has some potential for remote attacks and allows an attacker to get control of another user's screen, providing a 2-3 gigabyte transfer of data needed to exploit this vulnerability.
ed6abaef39c08733e0402b3360f0a43dFreeBSD Security Advisory FreeBSD-SA-03:19.bind - A programming error in BIND 8 named can allow an attacker the ability to arrange for malicious DNS messages to be delivered to a target name server, and cause that name server to cache a negative response for some target domain name. The name server would thereafter respond negatively to legitimate queries for that domain name, resulting in a denial-of-service for applications that require DNS. Affected versions are up to FreeBSD 4.9-RELEASE and 5.1-RELEASE.
c3e8ac90fc782233f100b528a248a26cSecure Network Operations Advisory SRT2003-TURKEY-DAY - Administrators using the traceroute detection utility published in Phrack Volume 7, Issue 51 may be leaving themselves exploitable to a format strings issue in detecttr.c.
3ee1350709882cba46a214fa5506924eS-Quadra Advisory #2003-11-26 - FreeRADIUS version 0.9.3 and below suffers from a stack overflow in the rlm_smb module. Successful exploitation of the vulnerability leads to code execution abilities as root.
e0af404d1347c842bb816348e3d130afUtilizing the MHTML parsing vulnerability in conjunction with the BackToFramedJpu vulnerability, a malicious attacker can obtain full MYCOMPUTER security zone access to a victim machine.
560f5f3680ade229e1b80ea41d4412d0A flaw exists in the way Microsoft Internet Explorer performs MHTML redirection that can lead to a victim having executables downloaded and run. Link to a demonstration included.
4a0f22ce33818d4d8b5e8ad0e4a72970By combining the Microsoft Internet Explorer cache file disclosure vulnerability with several other unpatched vulnerabilities, a malicious INTERNET page can reach the MYCOMPUTER zone. Link to two demonstrations included.
6af73a20bb010072be91f05cc8b71f9aMicrosoft Internet Explorer v6.SP1 and below has a vulnerable download function that can be exploited by a malicious attacker to gain access to a user's cache directory. Link to two demonstrations included.
f5f58452fe96ccac411affb2f9aa1ac7A cross-zone scripting vulnerability has been found in Internet Explorer. If a web page contains some sub-frame, its security zone may be compromised. Link to a demonstration included.
321eb5687bad72de83a782fb73439364After applying the patch for MS03-048, Windows is still susceptible to the Hijack Click attack when performed in conjunction with the method caching attack which can make the window.move accessible again. Link to a demonstration included.
bbbe6142ef64fb71d189c053a995c343Rapid7 Security Advisory - Sybase Adaptive Server Enterprise (ASE) 12.5 is susceptible to a denial of service attack when a login is made with an invalid remote password array. A valid login is required to exploit this vulnerability. Version 11.0.3.3 for Linux is not vulnerable.
68c419231c535ce39ca3187c3c632165CERT Quarterly Summary CS-2003-04 - There have been documented vulnerabilities in the Microsoft Windows Workstation Service, RPCSS Service, and Exchange, various SSL/TLS implementations, a buffer overflow in Sendmail, and a buffer management error in OpenSSH. There have also been reports of W32/Swen.A, W32/Mimail variants, and exploitation of an Internet Explorer vulnerability reported in August of 2003.
64bcd2eac439122f37c384aaa8bd86b5S-Quadra Advisory #2003-11-24 - Monit version 4.1 is susceptible to a denial of service via a negative Content-length field and is also vulnerable to a stack overflow when accepting long HTTP requests.
ddfa2ceae5a29fda453212302c494a98Vapid Labs Security Note - The PrimeBase SQL Database Server 4.2 stores passwords in clear text. Depending on the installation user's umask settings, it may be readable by all local users.
1dcb3778cf0666564820fc49425c8d2fTwo vulnerabilities were found in the Opera web browser versions up to 7.22. Both are related to skin files, with one being a directory traversal attack that allows an attacker to upload a file to a victim's machine while the other is a buffer overflow in the skin file handling.
8021b039c337a9b27a5ea27d4cc63157Xitami's LiteServe webserver versions 2.5 and below suffer from a denial of service vulnerability that stems from a logic error during the processing of a POST request.
f99731f08cbe75282ebf2e8919136ef4FreeRADIUS versions 0.9.2 and below have a tunnel-password attribute handling vulnerability. When a malformed attribute trigger gets passed, the server invokes memcpy() with a negative third argument, causing a crash.
abdc6fada3052a56f58280691cbe9f68Debian Security Advisory - Within the last thirty hours, some Debian project machines have been compromised, including the bug tracking system, the mailing list, the cvs server, and more.
1235249d5b83123842e5e8663541d543Atstake Security Advisory A111703-2 - A directory traversal vulnerability lies in the web-tools component of the SAP database server that enables any remote attacker to gain access to any file on the host due to the server running as SYSTEM. The Web Agent Administration service pages are also open by default, allowing any remote attacker to reconfigure the server as they see fit and the service also has at least one buffer overflow vulnerability. Default services within the Web Agent, such as waecho, contain buffer overflows that can be exploited remotely. The session identification generated is also considered to be unsafe since they are stored in the URL and not kept in a cookie either.
d4f74469008126bdd4695266129b0bf7Atstake Security Advisory A111703-1 - Using the SQLAT stored procedure, a local attacker can obtain system access by swapping the NETAPI32.DLL in the current working directory. There is also a remote buffer overflow in the niserver interface on TCP port 7629.
a5303bd1de0df515730eff5878db363dThe Symbol PDT 8100 does not attempt to change its default existing WEP keys during installation. If not changed, the PDT 8100 will reveal the WEP keys to any user in plain text by taping on the wireless icon on lower right hand of 8100 and scrolling to the 'encryption tab'. A stolen PDT 8100 or copied keys can allow an insider the ability to totally compromise the Wi-Fi network.
28cd5a58a0d77a5c6742869cd27b5101Secure Network Operations Advisory SRT2003-11-13-0218 - Symantec PCAnywhere versions 10.x to 11.x allow for a local attacker to gain SYSTEM privileges via AWHOST32.exe that can be run via an icon.
27f4e7fd59775343a00610be2dbb1a3dCorsaire Security Advisory - The PeopleSoft PeopleBooks Search CGI is susceptible to argument handling vulnerabilities that allow a remote attacker to gain access to files outside of the webroot.
68a2b0c861e67a84c3d3f4e573668b8b
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed