Section: .. / 0607-advisories /
| /// File Name: |
dsa-1109-1.txt |
Description:
|
Russ Allbery discovered that rssh, a restricted shell, performs insufficient checking of incoming commands, which might lead to a bypass of access restrictions.
| | Homepage: | http://www.debian.org/security | | File Size: | 5008 | | Last Modified: | Jul 18 17:27:37 2006 |
| MD5 Checksum: | a8fa5d7ac2e74ea2202690ca3c73be74 |
|
| /// File Name: |
dsa-1110-1.txt |
Description:
|
Debian Security Advisory 1110-1: Gerald Carter discovered that the smbd daemon from Samba, a free implementation of the SMB/CIFS protocol, imposes insufficient limits in the code to handle shared connections, which can be exploited to exhaust system memory by sending maliciously crafted requests, leading to denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 24644 | | Last Modified: | Jul 18 17:26:34 2006 |
| MD5 Checksum: | 3c6755c2f7965ec2f340be54f584a8ac |
|
| /// File Name: |
dsa-1111-1.txt |
Description:
|
Debian Security Advisory 1111-1: Linux Kernel vulnerabilities - It was discovered that a race condition in the process filesystem can lead to privilege escalation.
| | Homepage: | http://www.debian.org/security | | File Size: | 19706 | | Last Modified: | Jul 18 17:26:40 2006 |
| MD5 Checksum: | 36e2e411132de9cbed00284d755aa64e |
|
| /// File Name: |
dsa-1111-2.txt |
Description:
|
Debian Security Advisory 1111-2 - It was discovered that a race condition in the process filesystem can lead to privilege escalation for the Linux 2.6 kernel series. The initial advisory lacked builds for the IBM S/390, Motorola 680x0 and HP Precision architectures, which are now provided. Also, the kernels for the FAI installer have been updated.
| | Homepage: | http://www.debian.org/security | | File Size: | 28181 | | Related CVE(s): | CVE-2006-3625 | | Last Modified: | Jul 27 22:43:42 2006 |
| MD5 Checksum: | 0527c5c202899e957c006982219ad651 |
|
| /// File Name: |
dsa-1112-1.txt |
Description:
|
Debian Security Advisory 1111-1 - Several local vulnerabilities have been discovered in the MySQL database server, which may lead to denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 12091 | | Related CVE(s): | CVE-2006-3081, CVE-2006-3469 | | Last Modified: | Jul 20 04:59:22 2006 |
| MD5 Checksum: | 6429ffbde3f315b365abb8641ba0b678 |
|
| /// File Name: |
dsa-1113-1.txt |
Description:
|
Debian Security Advisory 1113-1 - It was discovered that the Zope web application server allows read access to arbitrary pages on the server, if a user has the privilege to edit "restructured text" pages.
| | Homepage: | http://www.debian.org/security | | File Size: | 4867 | | Related CVE(s): | CVE-2006-3458 | | Last Modified: | Jul 20 06:00:35 2006 |
| MD5 Checksum: | b89ed27ab007c2d6d9b0b1ceccc4a691 |
|
| /// File Name: |
dsa-1114-1.txt |
Description:
|
Debian Security Advisory 1114-1 - Andreas Seltenreich discovered a buffer overflow in hashcash, a postage payment scheme for email that is based on hash calculations, which could allow attackers to execute arbitrary code via specially crafted entries.
| | Homepage: | http://www.debian.org/security | | File Size: | 4992 | | Related CVE(s): | CVE-2006-3251 | | Last Modified: | Jul 24 00:51:29 2006 |
| MD5 Checksum: | 27086c7c341c00f6eec1a11b76b53775 |
|
| /// File Name: |
dsa-1115-1.txt |
Description:
|
Debian Security Advisory 1115-1 - Evgeny Legerov discovered that gnupg, the GNU privacy guard, a free PGP replacement contains an integer overflow that can cause a segmentation fault and possibly overwrite memory via a large user ID strings.
| | Homepage: | http://www.debian.org/security | | File Size: | 8799 | | Related CVE(s): | CVE-2006-3082 | | Last Modified: | Jul 24 00:54:46 2006 |
| MD5 Checksum: | 361a5b0d627dcc358b662ca68a8deb7f |
|
| /// File Name: |
dsa-1116-1.txt |
Description:
|
Debian Security Advisory 1116-1 - Henning Makholm discovered a buffer overflow in the XCF loading code of Gimp, an image editing program. Opening a specially crafted XCF image might cause the application to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 14888 | | Related CVE(s): | CVE-2006-3404 | | Last Modified: | Jul 24 01:02:46 2006 |
| MD5 Checksum: | 0a8548a6053d11a9bc1e848a2e04f8b8 |
|
| /// File Name: |
dsa-1117-1.txt |
Description:
|
Debian Security Advisory 1117-1 - It was discovered that the GD graphics library performs insufficient checks of the validity of GIF images, which might lead to denial of service by tricking the application into an infinite loop.
| | Homepage: | http://www.debian.org/security | | File Size: | 13499 | | Related CVE(s): | CVE-2006-2906 | | Last Modified: | Jul 24 01:03:20 2006 |
| MD5 Checksum: | 27fedbaf17245057da83e2551ea713cb |
|
| /// File Name: |
dsa-1118-1.txt |
Description:
|
Debian Security Advisory 1118-1 - A massive slew of vulnerabilities have been patched in Mozilla for Debian.
| | Homepage: | http://www.debian.org/security | | File Size: | 32339 | | Related CVE(s): | CVE-2006-1942, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787 | | Last Modified: | Jul 24 02:51:29 2006 |
| MD5 Checksum: | 849c2b82ab525b0e613ff0cbf78f0e9e |
|
| /// File Name: |
dsa-1119-1.txt |
Description:
|
Debian Security Advisory 1119-1 - Akira Tanaka discovered a vulnerability in Hiki Wiki, a Wiki engine written in Ruby that allows remote attackers to cause a denial of service via high CPU consumption using by performing a diff between large and specially crafted Wiki pages.
| | Homepage: | http://www.debian.org/security | | File Size: | 2894 | | Related CVE(s): | CVE-2006-3379 | | Last Modified: | Jul 24 02:53:28 2006 |
| MD5 Checksum: | bdd743b1f993dadac0d3c51831a81874 |
|
| /// File Name: |
dsa-1120-1.txt |
Description:
|
Debian Security Advisory 1118-1 - A massive slew of vulnerabilities have been patched in mozilla-firefox for Debian.
| | Homepage: | http://www.debian.org/security | | File Size: | 13140 | | Related CVE(s): | CVE-2006-1942, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787 | | Last Modified: | Jul 24 02:55:36 2006 |
| MD5 Checksum: | 18cb6e34f4ab06359356d981e72a0875 |
|
| /// File Name: |
dsa-1121-1.txt |
Description:
|
Debian Security Advisory 1121-1 - Peter Bieringer discovered that postgrey, an greylisting implementation for Postfix, is vulnerable to a format string attack that allows remote attackers to the daemon.
| | Homepage: | http://www.debian.org/security | | File Size: | 2956 | | Related CVE(s): | CVE-2005-1127 | | Last Modified: | Jul 26 03:13:16 2006 |
| MD5 Checksum: | f49ebaee37d5d2bd7a561d8c2b2f1bc5 |
|
| /// File Name: |
dsa-1122-1.txt |
Description:
|
Debian Security Advisory 1122-1 - Peter Bieringer discovered that the "log" function in the Net::Server Perl module, an extensible, general perl server engine, is not safe against format string exploits.
| | Homepage: | http://www.debian.org/security | | File Size: | 3017 | | Related CVE(s): | CVE-2005-1127 | | Last Modified: | Jul 26 03:29:55 2006 |
| MD5 Checksum: | 033b88cf30d57478f1b4a588ba952d7c |
|
| /// File Name: |
dsa-1123-1.txt |
Description:
|
Debian Security Advisory 1123-1 - Luigi Auriemma discovered that DUMB, a tracker music library, performs insufficient sanitising of values parsed from IT music files, which might lead to a buffer overflow and execution of arbitrary code if manipulated files are read.
| | Homepage: | http://www.debian.org/security | | File Size: | 10638 | | Related CVE(s): | CVE-2006-3668 | | Last Modified: | Jul 26 03:58:18 2006 |
| MD5 Checksum: | 9c4e3f208c8bfa1ae909c1864681427c |
|
| /// File Name: |
dsa-1124-1.txt |
Description:
|
Debian Security Advisory 1124-1 - Toth Andras discovered that the fbgs framebuffer postscript/PDF viewer contains a typo, which prevents the intended filter against malicious postscript commands from working correctly. This might lead to the deletion of user data when displaying a postscript file.
| | Homepage: | http://www.debian.org/security | | File Size: | 6676 | | Related CVE(s): | CVE-2006-3119 | | Last Modified: | Jul 26 03:58:51 2006 |
| MD5 Checksum: | 66ff21c247496d1a4f467fee67480976 |
|
| /// File Name: |
dsa-1126-1.txt |
Description:
|
Debian Security Advisory 1126-1 - A problem has been discovered in the IAX2 channel driver of Asterisk, an Open Source Private Branch Exchange and telephony toolkit, which may allow a remote to cause a crash of the Asterisk server.
| | Homepage: | http://www.debian.org/security | | File Size: | 10231 | | Related CVE(s): | CVE-2006-2898 | | Last Modified: | Jul 27 23:20:46 2006 |
| MD5 Checksum: | 6c717c066efa96be031027b621f9de7b |
|
| /// File Name: |
dynazip5007-en.txt |
Description:
|
Some vulnerabilities have been found in DynaZip DZIP32.DLL/DZIPS32.DLL that allow for arbitrary code execution. DynaZip Max version 5.0.0.7 and DynaZip Max Secure version 6.0.0.4 are affected.
| | Author: | Tan Chew Keong | | File Size: | 648 | | Last Modified: | Jul 26 04:24:30 2006 |
| MD5 Checksum: | 2ccfa941a7d2618004881b66f4ec8454 |
|
| /// File Name: |
EEYE-dlink.txt |
Description:
|
A remote stack overflow exists in a range of wired and wireless D-Link routers. This vulnerability allows an attacker to execute privileged code on an affected device. When a specific request is sent to an affected device, a traditional stack overflow is triggered allowing an attacker complete control of the router. With the ability to execute code on the device, it is then possible to apply modified firmware, and ultimately compromise the entire network.
| | Author: | Barnaby Jack | | Homepage: | http://www.eeye.com/ | | File Size: | 3303 | | Last Modified: | Jul 20 04:56:14 2006 |
| MD5 Checksum: | 214a0d0a3fd648eed7675ed8d96f9ec9 |
|
| /// File Name: |
EEYE-ePolicy.txt |
Description:
|
eEye Digital Security has discovered a serious flaw within the Framework Service component of the McAfee EPO management console. The Framework service is enabled and running by default on all servers and agents. The framework service listens by default on port 8081 and accepts requests over the HTTP protocol. The framework service allows for remotely submitting configuration and update changes. Each request is encrypted, SHA-1 hashed and DSA signed, and written to a file on disk. Due to a directory traversal attack, it is possible to write any file with any contents to anywhere on the remote system. This flaw allows a remote attacker to anonymously compromise an affected system and execute code within the SYSTEM context. Systems affected are McAfee Common Management (EPO) Agent versions below version 3.5.5.438.
| | Author: | Barnaby Jack, Derek Soeder | | Homepage: | http://www.eeye.com | | File Size: | 6312 | | Last Modified: | Jul 15 04:48:00 2006 |
| MD5 Checksum: | d601cca62a4d30e9a464a4829ca235f6 |
|
| /// File Name: |
excel-ohday.txt |
Description:
|
Excel 2000/XP/2003 suffers from a vulnerability in repair mode.
| | Author: | nanika | | Related Exploit: | Nanika.tgz | | File Size: | 361 | | Last Modified: | Jul 9 05:48:06 2006 |
| MD5 Checksum: | 95a0ab6001b835adecb1a360195bcc86 |
|
| /// File Name: |
freecivDoS.txt |
Description:
|
Freeciv versions 2.1.0-beta1 and below and versions SVN 15 and below suffer from memcpy crash and invalid memory access flaws.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org | | File Size: | 5428 | | Last Modified: | Jul 26 03:12:15 2006 |
| MD5 Checksum: | 94548b3be00fabd55a14c9b339ce3e08 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
