Gentoo Linux Security Advisory GLSA 200705-20 - Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered an unspecified vulnerability in the Sun JDK and the Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in the Sun JDK and the Sun JRE allowing unintended Java applet or application resource acquisition. Additionally, a memory corruption error has been found in the handling of GIF images with zero width field blocks. Versions less than 1.4.2.03-r14 are affected.
000b449b02865f4a4bcf9959e52b5db0Gentoo Linux Security Advisory GLSA 200705-19 - Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the GD library and in the substr_compare() PHP 5 function. Ilia Alshanetsky also reported a buffer overflow in the make_http_soap_request() and in the user_filter_factory_create() functions, and Stanislav Malyshev discovered another buffer overflow in the bundled XMLRPC library. Additionally, the session_regenerate_id() and the array_user_key_compare() functions contain a double-free vulnerability. Finally, there exist implementation errors in the Zend engine, in the mb_parse_str(), the unserialize() and the mail() functions and other elements. Versions less than 5.2.2 are affected.
57aafd3389cccd61dd0f2470e8144248Ubuntu Security Notice 465-1 - Luigi Auriemma discovered multiple flaws in pulseaudio's network processing code. If an unauthenticated attacker sent specially crafted requests to the pulseaudio daemon, it would crash, resulting in a denial of service.
be02bc364009d306a797ce15f0cb26c6iDefense Security Advisory 05.25.07 - Remote exploitation of multiple stack-based buffer overflows in Sun Microsystems Inc's Java System Web Proxy allows unauthenticated attackers to execute arbitrary code with superuser privileges. The problem specifically exists within the "sockd" daemon. This daemon implements SOCKS proxy support for the Web Proxy product. Attackers can cause a buffer overflow by manipulating certain bytes during protocol negotiation. iDefense has confirmed the existence of this vulnerability using version 4.0.3 of Sun Java Web Proxy Server. Lab tests were performed on an x86 RedHat enterprise Linux machine. Previous versions, including products released under the "Sun ONE" product line, are suspected to be vulnerable.
1598909a3d4f1ba7380b51a8e5f82b75OpenPKG Security Advisory - Multiple vulnerabilities in PHP versions 5.2.2 and below have been addressed.
b6e50daee02b6a72dc70cee56c380b95A remotely exploitable vulnerability has been found in the file parsing engine of ALWIL avast! antivirus software versions prior to 4.7.700 when parsing .SIS files.
68ed6d70bc1d37d65e894b6af1bfe3a8Ubuntu Security Notice 464-1 - Multiple vulnerabilities have been patched against in the Linux kernel. Philipp Richter discovered that the AppleTalk protocol handler did not sufficiently verify the length of packets. By sending a crafted AppleTalk packet, a remote attacker could exploit this to crash the kernel. Gabriel Campana discovered that the do_ipv6_setsockopt() function did not sufficiently verify option values for IPV6_RTHDR. A local attacker could exploit this to trigger a kernel crash. A Denial of Service vulnerability was discovered in the nfnetlink_log() netfilter function. A remote attacker could exploit this to trigger a kernel crash. The connection tracking module for IPv6 did not properly handle the status field when reassembling fragmented packets, so that the final packet always had the 'established' state. A remote attacker could exploit this to bypass intended firewall rules. Masayuki Nakagawa discovered an error in the flowlabel handling of IPv6 network sockets. A local attacker could exploit this to crash the kernel. The do_dccp_getsockopt() function did not sufficiently verify the optlen argument. A local attacker could exploit this to read kernel memory (which might expose sensitive data) or cause a kernel crash. This only affects Ubuntu 7.04. The IPv4 and DECnet network protocol handlers incorrectly declared an array variable so that it became smaller than intended. By sending crafted packets over a netlink socket, a local attacker could exploit this to crash the kernel.
9b31d90401441ebd4532d2e93a14c4feiDefense Security Advisory 05.24.07 - Local exploitation of a privilege escalation vulnerability in Apple Computer Inc.'s Mac OS X pppd could allow an attacker to gain root privileges. The vulnerability exists due to insufficient access validation when processing the "plugin" command line option. The application does not properly verify that the requesting user has root privileges and allows any user to load plug-ins. When checking to see if the executing user has root privileges, a check is made to see if the stdin file descriptor is owned by root. Passing this check is trivial and allows the attacker to load arbitrary plug-ins resulting in arbitrary code execution with root privileges. iDefense has confirmed the existence of this vulnerability in version 10.4.8 of Mac OS X. Other versions may also be affected.
05fecd15da1bbba24ed181f41519fb2dDebian Security Advisory 1297-1 - Bernhard R. Link discovered that the CVS browsing interface of Gforge, a collaborative development tool, performs insufficient escaping of URLs, which allows the execution of arbitrary shell commands with the privileges of the www-data user.
a9786fd6abe2ff8d3f62148987f3dd04A serious security flaw is present in Credant Mobile Guardian Shield for Windows versions 5.2.1.105 and prior. Several instances of the users Windows Domain name, Domain username, and password are stored in plain text within the memory (RAM) of the mobile device. This risk is compounded by the fact that the Windows paging file is not encrypted per default settings. The unencrypted paging file would likely contain the plain text Windows Domain credentials as well.
639db5372851ab5e33bda00468c915c3A remotely exploitable vulnerability has been found in the file parsing engine of ALWIL avast! antivirus software versions prior to 4.7.700.
f7cc625231d8cfcdaec87993739d6639OpenPKG Security Advisory - A vulnerability caused by an integer signedness error was found by Victor Stinner in the font rendering library Freetype, versions up to and including 2.3.4. The vulnerability might allow remote attackers to execute arbitrary code via a specially crafted TrueType Font (TTF) file with a negative "n_points" value, which leads to an integer overflow and heap-based buffer overflow.
c3045c83e517a3031694ffaa7cac2ec4Mandriva Linux Security Advisory - A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server. A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh. Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user.
03c7517049bd8ddbff5b953a0ff86565Mandriva Linux Security Advisory - Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Tetex 3.x uses an embedded copy of the gd source and may also be affected by this issue. A buffer overflow in the open_sty function for makeindex in Tetex could allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename.
4e102e4b4ba75c80e6325b2e84cd1d80iDefense Security Advisory 05.23.07 - Remote exploitation of a stack-based buffer overflow in Opera Software ASA's Opera Web browser could allow an attacker to execute arbitrary code on the affected host. Opera 9.2 supports BitTorrent downloads. If a server sends the browser a specially crafted BitTorrent header, it can lead to a buffer overflow. The buffer overflow is triggered when the user right clicks on the item in the download pane. iDefense has confirmed the existence of this vulnerability in the Opera version 9.2 for Windows. Previous versions may also be affected.
e782312def384c697fff20d9c45a910bFreeBSD Security Advisory - An attacker who can cause file to be run on a maliciously constructed input can cause file to crash. It may be possible for such an attacker to execute arbitrary code with the privileges of the user running file. The above also applies to any other applications using the libmagic library.
460717f8e2c565242021f26418fd5339Secunia Research has discovered a vulnerability in various eScan products, which may be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the MicroWorld Agent service (MWAGENT.EXE) when decrypting received commands. This can be exploited to cause a stack-based buffer overflow via an overly long command sent to the service (default port 2222/tcp). Successful exploitation may allow execution of arbitrary code with SYSTEM privileges. eScan version 9.0.715.1 is affected.
72d33f4f8916920c2e00262419f926edUbuntu Security Notice 463-1 - Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines. By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges.
49faaeb4e914183e6fd8227250ad6d6dMandriva Linux Security Advisory - Marsu discovered a stack overflow issue in the GIMP's RAS file loader. An attacker could create a carefully crafted file that would cause the GIMP to crash or potentially execute arbitrary code as the user opening the file.
a1627792539c9d375a9fa670959abb88Ubuntu Security Notice 462-1 - A flaw was discovered in the FTP command handler in PHP. Commands were not correctly filtered for control characters. An attacker could issue arbitrary FTP commands using specially crafted arguments. Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler in PHP. Remote attackers could send a specially crafted SOAP request and execute arbitrary code with web server privileges. Ilia Alshanetsky discovered a buffer overflow in the user filter factory in PHP. A local attacker could create a specially crafted script and execute arbitrary code with web server privileges. Gregory Beaver discovered that the PEAR installer did not validate installation paths. If a user were tricked into installing a malicious PEAR package, an attacker could overwrite arbitrary files.
aff70e3b3bc98415789824b7be8fccd9Ubuntu Security Notice 460-2 - USN-460-1 fixed several vulnerabilities in Samba. The upstream changes for CVE-2007-2444 had an unexpected side-effect in Feisty. Shares configured with the "force group" option no longer behaved correctly.
b44ab22d2208b5ef3095f76fe7727e95HP Security Bulletin - A potential security vulnerability has been identified on HP-UX running Kerberos. The vulnerability could be exploited by remote authorized users to execute arbitrary code.
23c7c5390ec136c69e0352e8ae7cc6abCisco Security Advisory - Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS). However, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
046365c9408891641728dd9d4ef424e7Cisco Security Advisory - A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password). Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS). However, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
64938b2f1372fada115a7dd016695a2aCubeCart version 3.0.16 suffers from a SQL injection vulnerability.
7a01325b63a0de20dfc908a258fa4e6a
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed