Gentoo Linux Security Advisory GLSA 200510-26 - When XLI or Xloadimage process an image, they create a new image object to contain the new image, copying the title from the old image to the newly created image. Ariel Berkman reported that the 'zoom', 'reduce', and 'rotate' functions use a fixed length buffer to contain the new title, which could be overwritten by the NIFF or XPM image processors. Versions less than 1.17.0-r2 are affected.
76e69adf5f0f0f47abc1583a7985d1fbGentoo Linux Security Advisory GLSA 200510-25 - Ethereal is vulnerable to numerous vulnerabilities, potentially resulting in the execution of arbitrary code or abnormal termination. Versions less than 0.10.13-r1 are affected.
d394c0f37473e9fd641f376f591b1413Ubuntu Security Notice USN-151-3 - USN-148-1 and USN-151-1 fixed two security flaws in zlib, which could be exploited to cause Denial of Service attacks or even arbitrary code execution with malicious data streams. Since aide is statically linked against the zlib library, it is also affected by these issues.
a407bb38c155967871980fb267291719SCO Security Advisory - When the RPC portmapper (rpcbind) receives an invalid portmap request from a remote (or local) host, it falls into a denial of service state and cannot respond. As a result, the RPC services will not operate normally.
a5e921749d8c7cf467e6365c7f3511e4iDEFENSE Security Advisory 10.28.05 - Remote exploitation of a stack overflow vulnerability in chmlib as included in various Linux distributions allows attackers to execute arbitrary code. The vulnerability specifically exists due to an unchecked memory copy while processing a CHM file. iDefense has confirmed the existence of this vulnerability in chmlib 0.35. It is suspected that all versions of chmlib are vulnerable.
a94e8da2d13edb5589294da5a0b96773Ubuntu Security Notice USN-212-1 - Steve Kemp discovered two format string vulnerabilities in the logging handler of the Gnome database access library. Depending on the application that uses the library, this could have been exploited to execute arbitrary code with the permission of the user running the application.
b97d5deb4fa1fd5692e5d87d0eff9968Debian Security Advisory DSA 878-1 - A buffer overflow has been identified in the pnmtopng component of the netpbm package, a set of graphics conversion tools. This vulnerability could allow an attacker to execute arbitrary code as a local user by providing a specially crafted PNM file.
c443646bceb386d23deea64689eeecbeA denial of service vulnerability exists within Internet Explorer 6.0 on XP SP2 with the J2SE Runtime Environment installed. Successful exploitation causes the browser to not respond. The flaw resides in mshtmled.dll.
3f184bc4e25e46344f0aeac0e81c54d9Gentoo Linux Security Advisory GLSA 200510-24 - Mantis is affected by multiple vulnerabilities ranging from information disclosure to arbitrary script execution. Versions less than 0.19.3 are affected.
53051a827b05bc6c810d683ab4a784eeGentoo Linux Security Advisory GLSA 200510-23 - Due to improper input validation, TikiWiki can be exploited to perform cross-site scripting attacks. Versions less than 1.9.1.1 are affected.
72ea187ec255bb49a0d639d000879c95Gentoo Linux Security Advisory GLSA 200510-22 - The SELinux patches for PAM introduce a vulnerability allowing a password to be checked with the unix_chkpwd utility without delay or logging. This vulnerability doesn't affect users who do not run SELinux. Versions less than 0.78-r3 are affected.
57c05143a558dfc6d5f723bddd0bd590British Telecom (BT) operates an automated fault detection and reporting system that allows anyone to test any line. If the line is found to be faulty the caller is given an option to divert all incoming calls for that line to another number, including mobile phones. No authentication is required and the owner of the line will be oblivious to the fact that her calls are being hijacked.
8bea0d8e943a9861a3dc95754a05bc8eDebian Security Advisory DSA 877-1 - Steve Kemp discovered two vulnerabilities in gnump3d, a streaming server for MP3 and OGG files. The 404 error page does not strip malicious javascript content from the resulting page, which would be executed in the victims browser. By using specially crafting URLs it is possible to read arbitrary files to which the user of the streaming server has access to.
36f7f68f2bb30887343c69272024e7ceMandriva Linux Security Advisory - Tavis Ormandy discovered that sudo does not perform sufficient environment cleaning; in particular the SHELLOPTS and PS4 variables are still passed to the program running as an alternate user which can result in the execution of arbitrary commands as the alternate user when a bash script is executed.
4a3154edcc098ad57806c9e3e7f5f347Mandriva Linux Security Advisory - The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
a41d0f6129ba44ac583e71b545bbfde8Debian Security Advisory DSA 876-1 - Ulf Harnhammar discovered a buffer overflow in lynx, a text-mode browser for the WWW that can be remotely exploited. During the handling of Asian characters when connecting to an NNTP server lynx can be tricked to write past the boundary of a buffer which can lead to the execution of arbitrary code.
6e52d25a55927514fcc971f0b6b17ae7Debian Security Advisory DSA 875-1 - Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.
b2d3fc860c97bcfc7c1448a7f8132922Fetchmail version 1.02 suffers from a password disclosure vulnerability where the configuration file stores the password in clear text prior to setting the proper permissions.
1ee284cb1131b5e832667be6e128fe86Debian Security Advisory DSA 874-1 - Ulf Harnhammar discovered a buffer overflow in lynx, a text-mode browser for the WWW that can be remotely exploited. During the handling of Asian characters when connecting to an NNTP server lynx can be tricked to write past the boundary of a buffer which can lead to the execution of arbitrary code.
b439083d0be503aacece3f937631b9f1Mandriva Linux Security Advisory - Pnmtopng in netpbm 10.2X, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.
18cc196fc3c9652c35eed5eedec5e3f3Mandriva Linux Security Advisory - Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim.
7884436aa9ab37c51f4035a97dd93705Mandriva Linux Security Advisory - Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
0aac38fb4386557d5b0fe42d8abf0ff9Mandriva Linux Security Advisory - The perl Compress::Zlib module contains an internal copy of the zlib library that was vulnerable to CVE-2005-1849 and CVE-2005-2096. This library was updated with version 1.35 of Compress::Zlib.
3118ed1624dc5e71a5c4e72d04b0bda1Mandriva Linux Security Advisory - The rfc1738_do_escape function in ftp.c for Squid 2.5.STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
4c27e5a9c2603714d754b14e82ffadf4Mandriva Linux Security Advisory - "infamous41md" discovered a buffer overflow in uw-imap, the University of Washington's IMAP Server that allows attackers to execute arbitrary code.
089f1510d1ee501e69a2dce300d9d9ab
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed