Section: .. / 0412-advisories /
| /// File Name: |
2004-advisories.tgz |
Description:
|
Packet Storm new advisories for all of 2004.
| | File Size: | 4830085 | | Last Modified: | Jan 2 22:08:44 2005 |
| MD5 Checksum: | e5b5fbcdd00c3bec0a70b4ae7fd8ea33 |
|
| /// File Name: |
dsa-607.txt |
Description:
|
Debian Security Advisory 607-1 - Several developers have discovered a number of problems in the libXpm library which is provided by X.Org, XFree86 and LessTif. These bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges, by using a specially crafted XPM image.
| | Homepage: | http://www.debian.org/security/ | | File Size: | 64052 | | Related CVE(s): | CAN-2004-0914 | | Last Modified: | Dec 12 20:38:36 2004 |
| MD5 Checksum: | 0306aa4812a6201556cbcaad87141bfa |
|
| /// File Name: |
deaap-sa1.txt |
Description:
|
Various vulnerabilities exist in rftpd2 and rpf 1.2.2.
| | Author: | Slotto Corleone | | File Size: | 21881 | | Last Modified: | Dec 31 10:15:37 2004 |
| MD5 Checksum: | af4fc9e21a0ce4a428bb4bc6dbaf0938 |
|
| /// File Name: |
SUSE-SA-2004-046.txt |
Description:
|
SUSE Security Announcement - Due to missing argument checking in the 32 bit compatibility system call handler in the 2.4 Linux Kernel on the AMD64 platform a local attacker can gain root access using a simple program. This is a 2.4 Kernel and AMD64 specific problem, other architectures and the 2.6 Kernel are not affected.
| | Homepage: | http://www.suse.com/ | | File Size: | 18169 | | Related CVE(s): | CAN-2004-1144 | | Last Modified: | Dec 31 20:43:26 2004 |
| MD5 Checksum: | dcd3e7be16864e0aa02410167a3b2cca |
|
| /// File Name: |
cisco-sa-20041215-guard.txt |
Description:
|
Cisco Security Advisory - The Cisco Guard and Cisco Traffic Anomaly Detector software contains a default password for an administrative account. This password is set, without any user's intervention, during installation of the software used by the Cisco Guard and Traffic Anomaly Detector Distributed Denial of Service (DDoS) mitigation appliances, and is the same in all installations of the product. Software version 3.0 and earlier of the Cisco Guard and Traffic Anomaly Detector are affected by this vulnerability.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20041215-guard.shtml | | File Size: | 13932 | | Last Modified: | Dec 30 09:26:52 2004 |
| MD5 Checksum: | 7da60a08d60833bdd7f9485549136315 |
|
| /// File Name: |
cisco-sa-20041202-cnr.txt |
Description:
|
Cisco Security Advisory - The Cisco CNS Network Registrar Domain Name Service /Dynamic Host Configuration Protocol (DNS/DHCP) server for the Windows Server platforms is vulnerable to a Denial of Service attack when a certain crafted packet sequence is directed to the server.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20041202-cnr.shtml | | File Size: | 11670 | | Last Modified: | Dec 12 01:19:01 2004 |
| MD5 Checksum: | 984d6244c6e9246fefb58841b3096d01 |
|
| /// File Name: |
djbrelease.txt |
Description:
|
Widely deployed open source software is commonly believed to contain fewer security vulnerabilities than similar closed source software due to the possibility of unrestricted third party source code auditing. Predictably, most users of open source software do not invest a significant amount of time to audit the applications they use and now a class of 25 students has discovered 44 vulnerabilities during a CS course.
| | Homepage: | http://tigger.uic.edu/~jlongs2/holes/ | | File Size: | 11567 | | Last Modified: | Dec 30 09:51:19 2004 |
| MD5 Checksum: | 7b5e1faec9b98b0f9334fd73c3305797 |
|
| /// File Name: |
cisco-sa-20041215-unity.txt |
Description:
|
Cisco Security Advisory - Several default username/password combinations are present in all available releases of Cisco Unity when integrated with Microsoft Exchange. The accounts include a privileged administrative account, as well as several messaging accounts used for integration with other systems. An unauthorized user may be able to use these default accounts to read incoming and outgoing messages, and perform administrative functions on the Unity system.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20041215-unity.shtml | | File Size: | 9900 | | Last Modified: | Dec 30 09:20:00 2004 |
| MD5 Checksum: | 8951cb4f2a9c829bcd1e69ea7b530ba5 |
|
| /// File Name: |
libkadm5srv.txt |
Description:
|
MIT krb5 Security Advisory 2004-004 - The MIT Kerberos 5 administration library (libkadm5srv) contains a heap buffer overflow in password history handling code which could be exploited to execute arbitrary code on a Key Distribution Center (KDC) host.
| | Homepage: | http://web.mit.edu/kerberos/advisories/ | | File Size: | 8114 | | Related CVE(s): | CAN-2004-1189 | | Last Modified: | Dec 31 10:52:26 2004 |
| MD5 Checksum: | c0729f3348ae5491d8191786b9d0a943 |
|
| /// File Name: |
AD_LAB-04003.txt |
Description:
|
Venustech AD-Lab Advisory AD_LAB-04003 - The Linux 2.6 kernel series POSIX Capability LSM module is problematic in that upon insertion, all the processes that currently exist from normal users will have root capabilities.
| | Author: | LiangBin, icbm | | File Size: | 7945 | | Last Modified: | Dec 31 22:14:54 2004 |
| MD5 Checksum: | a39459332a777e6539bde153cab326e3 |
|
| /// File Name: |
mtroff-by-one.txt |
Description:
|
mtr is susceptible to raw socket hijacking, allowing for the spoofing of ICMP packets.
| | Author: | Przemyslaw Frasunek | | File Size: | 7781 | | Last Modified: | Dec 30 07:15:17 2004 |
| MD5 Checksum: | 3cba2beb8ae7f282ff09a6215b7d27fb |
|
| /// File Name: |
kerioPerms.txt |
Description:
|
Microsoft versions of Kerio software suffer from insecure default file system permissions.
| | Author: | Javier Munoz | | File Size: | 7638 | | Related CVE(s): | CAN-2004-1023 | | Last Modified: | Dec 30 08:19:43 2004 |
| MD5 Checksum: | 9b8f27343884049dd91ab37aef283bcd |
|
| /// File Name: |
57659.html |
Description:
|
Sun Security Advisory - A security vulnerability in the in.rwhod daemon may allow a remote privileged user to execute arbitrary code with root privileges when the in.rwhod daemon is enabled on the system.
| | Homepage: | http://sunsolve.sun.com/search/document.do?assetkey=1-26-57659-1 | | File Size: | 7401 | | Last Modified: | Dec 12 19:59:29 2004 |
| MD5 Checksum: | 4d97c64d933275a0d682aa3a88e3b731 |
|
| /// File Name: |
SSRT4699.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with System Administration Manager (SAM) running on HP-UX that may allow local unauthorized privileges. Affected Versions: HP-UX B.11.00, B.11.11, B.11.22, and B.11.23.
| | Homepage: | http://www.hp.com/ | | File Size: | 7174 | | Last Modified: | Dec 31 22:59:23 2004 |
| MD5 Checksum: | c14db62e19bc70eeec74f51a043a334c |
|
| /// File Name: |
kerioCredential.txt |
Description:
|
Kerio software is susceptible to an insecure credential storage flaw.
| | Author: | Javier Munoz | | File Size: | 6976 | | Related CVE(s): | CAN-2004-1022 | | Last Modified: | Dec 30 08:17:55 2004 |
| MD5 Checksum: | 33001529b362eb3ab7b4eacfa9699be8 |
|
| /// File Name: |
xssEverywhere.txt |
Description:
|
A series of tests were performed to find Cross-Site Scripting (XSS) vulnerabilities. It quickly turned out that the majority of all major websites suffer from some kind of XSS flaw. This is a disclosure of 175 vulnerabilities at once.
| | Author: | Michael Krax | | Homepage: | http://www.mikx.de/ | | File Size: | 6748 | | Last Modified: | Dec 31 22:02:03 2004 |
| MD5 Checksum: | 003710494b7d82e6fcf4539f771db499 |
|
| /// File Name: |
SRT2004-12-14-0322.txt |
Description:
|
Secure Network Operations Advisory SRT2004-12-14-0322 - Symantec LiveUpdate versions prior to 2.5 are susceptible to a flaw that may allow for local privilege escalation to SYSTEM.
| | Author: | JxT | | Homepage: | http://www.secnetops.com/ | | File Size: | 6353 | | Last Modified: | Dec 30 07:48:43 2004 |
| MD5 Checksum: | c165c0623acf61da6251ead2128e8cd6 |
|
| /// File Name: |
SSRT4687.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with the HP-UX newgrp(1) command that may allow authorized users to elevate privileges. Affected versions are HP-UX B.11.00, B.11.04, B.11.11.
| | Homepage: | http://www.hp.com/ | | File Size: | 6252 | | Last Modified: | Dec 30 22:22:20 2004 |
| MD5 Checksum: | 034da78b0a883d952e92b38d095fce9e |
|
| /// File Name: |
FreeBSD-SA-04:17.procfs.txt |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-04:17.procfs - The implementation of the /proc/curproc/cmdline pseudofile in the procfs(5) file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline pseudofile in the linprocfs(5) file system on FreeBSD 5.x reads a process' argument vector from the process address space. During this operation, a pointer was dereferenced directly without the necessary validation steps being performed.
| | Homepage: | http://www.freebsd.org/security/ | | File Size: | 5923 | | Related CVE(s): | CAN-2004-1066 | | Last Modified: | Dec 12 01:07:55 2004 |
| MD5 Checksum: | 4d1821253f3b6964d3307c7b0dcd122d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
