Section: .. / 0611-advisories /
| /// File Name: |
MOKB-02-11-2006.html |
Description:
|
The squashfs module of the Linux kernel (2.6.x) fails to properly handle corrupted fs structures, leading to a denial of service and possible data corruption condition. A specially crafted squashfs image will cause the kernel to double free a buffer when a read operation is performed on the corrupted filesystem.
| | Author: | LMH | | Homepage: | http://projects.info-pull.com/ | | Related Exploit: | MOKB-02-11-2006.img.gz | | File Size: | 6497 | | Last Modified: | Nov 2 21:02:31 2006 |
| MD5 Checksum: | 0cf04f31eeb59d9181f07ed34f2987f8 |
|
| /// File Name: |
mozExpose.txt |
Description:
|
Mozilla has made public bug #360493 that discusses a flaw where Firefox's Password manager is exposed to public sites.
| | File Size: | 687 | | Last Modified: | Nov 26 21:29:32 2006 |
| MD5 Checksum: | c18474258b9dddc1a37e51ff69931c93 |
|
| /// File Name: |
n.runs-SA-2006.002.txt |
Description:
|
The Grisoft Inc. AVG Antivirus system has had multiple vulnerabilities discovered in the file parsing engine that allow for arbitrary code execution. The vulnerabilities are present in AVG Antivirus software versions prior to 7.1.407.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 3308 | | Last Modified: | Nov 14 02:27:16 2006 |
| MD5 Checksum: | 3bbd0c7852ae5559f60d243ce8a9a966 |
|
| /// File Name: |
netbsd-firewire.txt |
Description:
|
The Firewire device enabled by default in the GENERIC kernel for NetBSD defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.kernelhacking.com/rodrigo | | Related File: | bsd.patch | | File Size: | 3417 | | Last Modified: | Nov 16 12:14:36 2006 |
| MD5 Checksum: | d64c96b48c1144754f29164eff425a33 |
|
| /// File Name: |
NETRAGARD-20060810-1.txt |
Description:
|
Netragard, L.L.C Advisory NETRAGARD-20060810 - libpthread suffers from a buffer overflow vulnerability which may enable an attacker to execute arbitrary commands on the system. This vulnerability may potentially be exploited by a creating a specially crafted buffer and inserting it into the PTHREAD_CONFIG variable. Version 5.1b is affected.
| | Homepage: | http://www.netragard.com | | File Size: | 10610 | | Last Modified: | Nov 13 11:05:30 2006 |
| MD5 Checksum: | c15d7a566c97361fe11f65fdbda11ff9 |
|
| /// File Name: |
OpenPKG-SA-2006-035.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.035 - As undisclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix, a Denial of Service (DoS) vulnerability exists in the FTP server ProFTPD, up to and including version 1.3.0. The flaw is due to both a potential bus error and a definitive buffer overflow in the code which determines the FTP command buffer size limit. The vulnerability can be exploited only if the "CommandBufferSize" directive is explicitly used in the server configuration -- which is not the case in OpenPKG's default configuration of ProFTPD.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2453 | | Related CVE(s): | CVE-2006-5815 | | Last Modified: | Nov 18 20:45:21 2006 |
| MD5 Checksum: | dfe4c2215d5136d26ba773fef2dde194 |
|
| /// File Name: |
OpenPKG-SA-2006-036.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.036 - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the PNG image format library libpng, versions 1.0.6 through 1.2.12 and 1.0.20. The bug is in the decoder for the sPLT ("suggested palette") chunk and can lead to crashes and, accordingly, a DoS, when an application using libpng for PNG processing displays a specially crafted PNG image.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2231 | | Related CVE(s): | CVE-2006-5793 | | Last Modified: | Nov 18 20:46:25 2006 |
| MD5 Checksum: | f04fdad473b87488d81871d58148d512 |
|
| /// File Name: |
OpenPKG-SA-2006.033.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.033 - Evgeny Legerov discovered a vendor-confirmed denial of service vulnerability in OpenLDAP. The vulnerability allows remote attackers to cause a DoS via a certain combination of LDAP "Bind" requests that trigger an assertion failure in "libldap". The flaw is caused by incorrectly computing the length of a normalized name.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2340 | | Related CVE(s): | CVE-2006-5779 | | Last Modified: | Nov 13 11:08:26 2006 |
| MD5 Checksum: | fc9c419e7027615b51a28aea5fd2253f |
|
| /// File Name: |
OpenPKG-SA-2006.034.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.034 - Miloslav Trmac from Red Hat discovered a buffer overflow in GNU Texinfo. The flaw was found in a function used by Texinfo's texi2dvi and texindex commands. An attacker could construct a carefully crafted Texinfo file that could cause texi2dvi or texindex to crash or possibly execute arbitrary code when opened.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2235 | | Related CVE(s): | CVE-2006-4810 | | Last Modified: | Nov 16 12:18:51 2006 |
| MD5 Checksum: | 357716bd18fe692b04d953df901466f2 |
|
| /// File Name: |
openssh45.txt |
Description:
|
OpenSSH 4.5 has been released addressing a bug in the sshd privilege separation monitor that weakened its verification of successful authentication.
| | Homepage: | http://www.openssh.com/ | | Related File: | openssh-4.5p1.tar.gz | | File Size: | 1873 | | Last Modified: | Nov 9 01:26:34 2006 |
| MD5 Checksum: | 432780f91c42412fd8b5eeb9057c1d85 |
|
| /// File Name: |
os2a_1008.txt |
Description:
|
Remote exploitation of a denial of service vulnerability in ELOG's elogd server allows attackers to crash the service. Versions 2.6.2 (SVN revision 1748) and below are affected.
| | Author: | Jayesh KS, Arun Kethipelly | | File Size: | 4463 | | Last Modified: | Nov 14 02:17:36 2006 |
| MD5 Checksum: | 1acfd760ecdbf727aa5822f4090ea4a5 |
|
| /// File Name: |
outpost-failures.txt |
Description:
|
Outpost Firewall PRO version 4.0 (and possibly older versions) hooks many functions in SSDT and in at least twelve cases it fails to validate arguments that come from user mode.
| | Homepage: | http://www.matousec.com/ | | File Size: | 1465 | | Last Modified: | Nov 16 12:24:40 2006 |
| MD5 Checksum: | 53c661980a56348ae91ae63facb3c7a9 |
|
| /// File Name: |
PR05-06.txt |
Description:
|
PR05-06 - Immediacy .NET CMS suffers from a possible cross site scripting flaw due to a malformed cookie.
| | Author: | Gemma Hughes | | File Size: | 3818 | | Last Modified: | Nov 8 22:07:34 2006 |
| MD5 Checksum: | 314525efc889be6ae5d5b9ae9b793a87 |
|
| /// File Name: |
proftpdmodtls.txt |
Description:
|
A remote buffer overflow vulnerability has been found in mod_tls module of ProFTPD server. The vulnerability could allow a remote un-authenticated attacker to gain root privileges. All versions including 1.3.0a are affected.
| | Author: | Evgeny Legerov | | File Size: | 1708 | | Last Modified: | Nov 30 19:37:59 2006 |
| MD5 Checksum: | ecfc1ef50d87351b49f60628686006c2 |
|
| /// File Name: |
sa21142.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in My Firewall Plus, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21142/ | | File Size: | 2835 | | Last Modified: | Nov 21 19:45:15 2006 |
| MD5 Checksum: | 6ffe276e84598b58f18782c46c7d049e |
|
| /// File Name: |
sa21554.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a security issue in MDaemon, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21554/ | | File Size: | 3548 | | Last Modified: | Nov 16 10:09:27 2006 |
| MD5 Checksum: | 6462dfa2cbdb734860135ea8a24f6cba |
|
| /// File Name: |
sa21763.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered two vulnerabilities and a weakness in Panda ActiveScan, which can be exploited by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21763/ | | File Size: | 3229 | | Last Modified: | Nov 16 10:09:27 2006 |
| MD5 Checksum: | c04a0b94d5c0ac2eeef000b328248afe |
|
| /// File Name: |
sa22301.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a security issue in PassGo SSO Plus, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/22301/ | | File Size: | 2755 | | Last Modified: | Nov 25 23:47:38 2006 |
| MD5 Checksum: | f9cc5b37b81c3fd2bc48677c9028adf4 |
|
| /// File Name: |
sa22553.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been discovered in Universal FTP, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/22553/ | | File Size: | 3009 | | Last Modified: | Nov 15 22:19:38 2006 |
| MD5 Checksum: | 7e74f04685cdaa36b1fdcbcc4b652453 |
|
| /// File Name: |
sa22570.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Borland products, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22570/ | | File Size: | 3399 | | Last Modified: | Nov 29 10:21:40 2006 |
| MD5 Checksum: | 1df445d9dfe69da2db71a7818f8a2bb0 |
|
| /// File Name: |
sa22586.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for qt. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22586/ | | File Size: | 2993 | | Last Modified: | Nov 2 10:01:38 2006 |
| MD5 Checksum: | c5126d829ceb232ce19f5f5a2e259073 |
|
| /// File Name: |
sa22593.txt |
Description:
|
Secunia Security Advisory - Kacper has discovered a vulnerability in Lithium CMS, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/22593/ | | File Size: | 2652 | | Last Modified: | Nov 6 13:07:49 2006 |
| MD5 Checksum: | c0d6c6b80764d338990743753201618e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
