Section: .. / 0612-advisories /
| /// File Name: |
12.01.06-1.txt |
Description:
|
iDefense Security Advisory 12.01.06 - Remote exploitation of an integer overflow vulnerability in Novell Inc.'s ZENworks Asset Management could potentially allow an attacker to execute arbitrary code with SYSTEM privileges on Windows or root on the various supported UNIX based operating systems. A heap overflow may occur when processing specially crafted packets sent to the Collection Client daemon. The root cause of this vulnerability is identical to that of the vulnerability in Msg.dll. For more information please consult the Msg.dll advisory. iDefense has confirmed the existence of this vulnerability in version 7.0.0.36 of the CClient.exe and Msg.dll files included with Novell Inc's ZENworks Asset Management 7.0 SP1. Older versions are suspected to be vulnerable as well.
| | Author: | Eric Detoisien | | Homepage: | http://www.idefense.com/ | | File Size: | 3388 | | Last Modified: | Dec 6 05:33:40 2006 |
| MD5 Checksum: | 91d9d7d9e35835f25ada4534818b2fed |
|
| /// File Name: |
lda-1-novell.txt |
Description:
|
Layered Defense Advisory - A format string vulnerability was discovered within Novell client 4.91 . The vulnerability is due to improper processing of format strings within NMAS (Novell Modular Authentication Services) Information message window. An attacker who enters special crafted format strings in the Username field at the Novell logon and selects Sequences under the NMAS tab can read data from the winlogon process stack or read from arbitrary memory, and at a minimum cause a denial of service.
| | Author: | Deral Heiland | | Homepage: | http://www.layereddefense.com | | File Size: | 2353 | | Last Modified: | Dec 6 05:26:04 2006 |
| MD5 Checksum: | c40208dd24ae2ceaa0a6b1b4062cbfeb |
|
| /// File Name: |
dsa-1222-2.txt |
Description:
|
Debian Security Advisory 1222-2 - Due to technical problems yesterday's proftpd update lacked a build for the amd64 architecture, which is now available. Several remote vulnerabilities have been discovered in the proftpd FTP daemon, which may lead to the execution of arbitrary code or denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 13828 | | Related CVE(s): | CVE-2006-5815, CVE-2006-6170, CVE-2006-6171 | | Last Modified: | Dec 6 05:07:30 2006 |
| MD5 Checksum: | 2ed558492cc7f916fdcedfd2b566ae70 |
|
| /// File Name: |
dsa-1223-1.txt |
Description:
|
Debian Security Advisory 1223-1 - Teemu Salmela discovered a vulnerability in GNU tar that could allow a malicious user to overwrite arbitrary files by inducing the victim to attempt to extract a specially crafted tar file containing a GNUTYPE_NAMES record with a symbolic link.
| | Homepage: | http://www.debian.org/security | | File Size: | 4862 | | Related CVE(s): | CVE-2006-6097 | | Last Modified: | Dec 6 05:06:14 2006 |
| MD5 Checksum: | 56fd74f2486c5eb66fff24adf279eb9c |
|
| /// File Name: |
dsa-1205-2.txt |
Description:
|
Debian Security Advisory 1205-2 - Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure temporary files when its logfiles are rotated, which might lead to a denial of service through a symlink attack. The original advisory for this issue did not contain fixed packages for all supported architectures which are corrected in this update.
| | Homepage: | http://www.debian.org/security | | File Size: | 7068 | | Related CVE(s): | CVE-2006-4248 | | Last Modified: | Dec 6 05:04:56 2006 |
| MD5 Checksum: | 07cd63b665e2ec67991dd49a4cccdbc6 |
|
| /// File Name: |
MDKSA-2006-221.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages that cause the make_printable_string function to return a longer string than expected while constructing a prompt.
| | Homepage: | http://www.mandriva.com/security | | File Size: | 4975 | | Related CVE(s): | CVE-2006-6169 | | Last Modified: | Dec 6 04:48:26 2006 |
| MD5 Checksum: | ae1488db9d998d40ccbb92cba27c8e5d |
|
| /// File Name: |
MDKSA-2006-220.txt |
Description:
|
Mandriva Linux Security Advisory - "infamous41md" discovered a heap buffer overflow vulnerability in libgsf, a GNOME library for reading and writing structured file formats, which could lead to the execution of arbitrary code.
| | Homepage: | http://www.mandriva.com/security | | File Size: | 3344 | | Last Modified: | Dec 6 04:47:50 2006 |
| MD5 Checksum: | 997efcae3cc68433e965727f3a854752 |
|
| /// File Name: |
glsa-200611-26.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-26 - Evgeny Legerov discovered a stack-based buffer overflow in the s_replace() function in support.c, as well as a buffer overflow in in the mod_tls module. Additionally, an off-by-two error related to the CommandBufferSize configuration directive was reported. Versions less than 1.3.0a are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3361 | | Last Modified: | Dec 6 04:44:43 2006 |
| MD5 Checksum: | 91b7b167053bcdb0805650ea799e9eb0 |
|
| /// File Name: |
USN-390-1.txt |
Description:
|
Ubuntu Security Notice 390-1 - A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4919 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Dec 6 04:44:35 2006 |
| MD5 Checksum: | d86db994f4af3cf20556dd98c3ae83b4 |
|
| /// File Name: |
11.30.06-1.txt |
Description:
|
iDefense Security Advisory 11.30.06 - Remote exploitation of a heap overflow vulnerability in libgsf, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code. iDefense has confirmed the existence of this vulnerability in version 1.14.0 of the Gnome Structured File library. Any applications or libraries that utilize this library for OLE should be considered vulnerable.
| | Author: | infamous41md | | Homepage: | http://www.idefense.com/ | | File Size: | 3466 | | Related CVE(s): | CVE-2006-4514 | | Last Modified: | Dec 6 04:42:27 2006 |
| MD5 Checksum: | efebacbf57f8445ba77f81bdc4f0c27e |
|
| /// File Name: |
woltlab23x.txt |
Description:
|
Woltlab Burning Board version 2.3.x suffers from a cross site scripting vulnerability in register.php.
| | Author: | 666 | | File Size: | 2877 | | Last Modified: | Dec 6 04:39:47 2006 |
| MD5 Checksum: | a6acd75e7e001bc13ccc757e6fffda05 |
|
| /// File Name: |
secunia-mailenimap.txt |
Description:
|
Secunia Research has discovered two vulnerabilities in MailEnable, which can be exploited by malicious users to cause a DoS (Denial of service) or compromise a vulnerable system. MailEnable Professional Edition version 2.32 is affected.
| | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 4579 | | Last Modified: | Dec 6 04:23:47 2006 |
| MD5 Checksum: | ca062a8aecc438078deb1258ce4726f9 |
|
| /// File Name: |
dsa-1222-1.txt |
Description:
|
Debian Security Advisory 1222-1 - Several remote vulnerabilities have been discovered in the proftpd FTP daemon, which may lead to the execution of arbitrary code or denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 12860 | | Related CVE(s): | CVE-2006-5815, CVE-2006-6170, CVE-2006-6171 | | Last Modified: | Dec 6 04:22:52 2006 |
| MD5 Checksum: | 02e822beb4d5b026c47e84d724b0617d |
|
| /// File Name: |
dsa-1221-1.txt |
Description:
|
Debian Security Advisory 1221-1 - "infamous41md" discovered a heap buffer overflow vulnerability in libgsf, a GNOME library for reading and writing structured file formats, which could lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 15029 | | Last Modified: | Dec 6 03:50:29 2006 |
| MD5 Checksum: | bc9d1e14e872bb07b374f42fc8293b7c |
|
| /// File Name: |
USN-389-1.txt |
Description:
|
Ubuntu Security Notice 389-1 - A buffer overflow was discovered in GnuPG. By tricking a user into running gpg interactively on a specially crafted message, an attacker could execute arbitrary code with the user's privileges. This vulnerability is not exposed when running gpg in batch mode.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7443 | | Last Modified: | Dec 6 03:49:45 2006 |
| MD5 Checksum: | 5f509dd942b610ab0fc36432c6963061 |
|
| /// File Name: |
USN-388-1.txt |
Description:
|
Ubuntu Security Notice 388-1 - An integer overflow was discovered in KOffice's filtering code. By tricking a user into opening a specially crafted PPT file, attackers could crash KOffice or possibly execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 10132 | | Related CVE(s): | CVE-2006-6120 | | Last Modified: | Dec 6 03:48:58 2006 |
| MD5 Checksum: | f57535d905ed36797277368dbec3d23f |
|
| /// File Name: |
TA06-333A.txt |
Description:
|
Technical Cyber Security Alert - Apple has released Security Update 2006-007 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser. Vulnerabilities in OpenSSL, gzip, and other products are also addressed. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Attackers may take advantage of the less serious vulnerabilities to bypass security restrictions or cause a denial of service. Systems affected include Apple Mac OS X version 10.3.x and 10.4.x, Apple Mac OS X Server version 10.3.x and 10.4.x, and the Apple Safari web browser.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4609 | | Last Modified: | Dec 6 03:47:36 2006 |
| MD5 Checksum: | 8c05023676fe51959201252f098c5e2d |
|
| /// File Name: |
SYM06-023.txt |
Description:
|
Symantec has released an update to address a security concern in PHP,? commonly used HTML-embedded scripting language, for Symantec's Veritas NetBackup 6.0 PureDisk Remote Office Edition.
| | Homepage: | http://www.symantec.com/security/ | | File Size: | 5162 | | Related CVE(s): | CVE-2006-5465 | | Last Modified: | Dec 6 03:46:11 2006 |
| MD5 Checksum: | 29c4e0850585d593690dabb207e7c859 |
|
| /// File Name: |
ZDI-06-043.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Versions 4.91 (SP1 and SP2) are affected. Authentication is not required to exploit this vulnerability.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3098 | | Related CVE(s): | CVE-2006-5854 | | Last Modified: | Dec 6 03:44:45 2006 |
| MD5 Checksum: | ea0f9c391083b6b381c251cc34ef9ee2 |
|
| /// File Name: |
11.27.06-1.txt |
Description:
|
iDefense Security Advisory 11.27.06 - Remote exploitation of a design error in Horde's Kronolith could allow an authenticated web mail user to execute arbitrary PHP code under the security context of the running Web server. iDefense has confirmed that versions 2.0.1 through 2.1.3 of Horde Kronolith are vulnerable to this issue. Other versions are also likely to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3430 | | Last Modified: | Dec 6 03:41:50 2006 |
| MD5 Checksum: | 019813eb7c05e9a2f3c80f4848f5a617 |
|
| /// File Name: |
secunia-borland.txt |
Description:
|
Secunia Research has discovered a vulnerability in Borland products, which can be exploited by malicious people to compromise a vulnerable system. Borland idsql32.dll versions 5.1.0.4 (as used by RevilloC MailServer) and 5.2.0.2 as included with Borland Developer Studio 2006 are affected. Other versions may also be affected. The vulnerability is caused due to a boundary error in idsql32.dll when processing SQL statements using the "DbiQExec()" function. This can be exploited to cause a heap-based buffer overflow via an overly long SQL statement (more than 4000 bytes).
| | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 4163 | | Last Modified: | Dec 6 03:40:47 2006 |
| MD5 Checksum: | d6df11c09ab6bd0cc516aaebfca19680 |
|
| /// File Name: |
aol-screen.txt |
Description:
|
The AOL ScreenName website suffered from phishing and redirection attacks.
| | Author: | Zeroknock | | File Size: | 1051 | | Last Modified: | Dec 6 03:36:07 2006 |
| MD5 Checksum: | 3e1d7995e19aa683c9c5a01ea2679ce9 |
|
| /// File Name: |
sa23249.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for xine-lib. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23249/ | | File Size: | 8740 | | Last Modified: | Dec 6 03:07:49 2006 |
| MD5 Checksum: | 4a2f8179d0be5cffb05943320484c777 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
