Ubuntu Security Notice 522-1 - It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes. Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service.
81a8377a3cae000f1224491d8f4272e7Debian Security Advisory 1378-2 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
04adbac7175324943e6ca6d65e6bbeaeMandriva Linux Security Advisory - A vulnerability was discovered in KDM by Kees Huijgen where under certain circumstances and in particular configurations, KDM could be tricked into allowing users to login without a password.
9be7857e3066a43ebdd940e6aa5d3048Ubuntu Security Notice 521-1 - Luigi Auriemma discovered that libmodplug did not properly sanitize its input. A specially crafted AMF file could be used to exploit this situation to cause buffer overflows and possibly execute arbitrary code as the user.
bc77e9b2d2f87a175182f634fa4a1e79A vulnerability results from the Net::HTTPS library from Ruby versions 1.8.5 and 1.8.6 failing to validate the name on the SSL certificate against the DNS name requested by the user. By not validating the name, the library allows an attacker to present a cryptographically valid certificate with an invalid CN.
f43ab01ee2c728fcf04ea146cfb06364Secunia Security Advisory - 7jdg has reported a vulnerability in Xunlei Thunder, which can be exploited by malicious people to compromise a user's system.
475e7dcdc6b7b30e6f9bd82e49e388caSecunia Security Advisory - Tan Chew Keong has discovered a vulnerability in ICEOWS, which can be exploited by malicious people to compromise a user's system.
8a1016883f5ea30fc05d3b277ca73940Secunia Security Advisory - Two security issues have been reported in Sun Java System Access Manager, which can be exploited by malicious people to bypass certain security restrictions.
5d8b9035895680096e735107b08ab132Secunia Security Advisory - Mandriva has issued an update for kdebase. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.
49dcb905c83e0f67a5a7d44e6072e6fbSecunia Security Advisory - Debian has issued an update for the kernel. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, or gain escalated privileges.
4c6d289205eb65c462d39a49f019430dSecunia Security Advisory - Ubuntu has issued an update for libmodplug. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
376443262b26d0c2c79cd944a77089a1Secunia Security Advisory - rPath has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information.
a261b6a585ed0860a9eb2f873434ad05Secunia Security Advisory - Mandriva has issued an update for t1lib. This fixes a vulnerability, which can be exploited by malicious users to potentially compromise a vulnerable system.
b0d65887aa7b6565fd31fc17549f21fcSecunia Security Advisory - Gentoo has issued an update for tetex. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
c0fb21bb259f9eea49e14c9b72039c12Secunia Security Advisory - Some vulnerabilities, security issues, and a weakness have been reported in the Apple iPhone, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), or to compromise a vulnerable system.
16369830f14b7fbe8ee2c5298decf41bSecunia Security Advisory - Janek Vind has reported a vulnerability in NukeSentinel, which can be exploited by malicious people to conduct SQL injection attacks.
4f2af7373159aa45815ce361119118f7Secunia Security Advisory - xoron has discovered a vulnerability in IntegraMOD Nederland(s), which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
054ccbec4f9a71e66f6b83626a760138Secunia Security Advisory - IBM has acknowledged some vulnerabilities in IBM Websphere Application server for z/OS, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or by malicious people to conduct cross-site scripting attacks or cause a DoS (Denial of Service).
59a9b0fa6c202605e5857e35715685bcSecunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
8bcaf6d09a209d4bbe7fe08c80b3a428Secunia Security Advisory - Gentoo has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
c41ad6b5fa1523557b20266679f35050Secunia Security Advisory - A vulnerability has been reported in Aipo and Aipo ASP, which can be exploited by malicious people to conduct session fixation attacks.
c114f78531ff8c091f8f662472b3beb4Secunia Security Advisory - Ronald van den Heetkamp has discovered a weakness in Internet Explorer, which potentially can be exploited by malicious people to disclose sensitive information.
2a29d5c3f355ab8036d251b0b6c7df91Gentoo Linux Security Advisory GLSA 200709-16 - Mattias Bengtsson and Philip Olausson have discovered a buffer overflow vulnerability in the function fcgi_env_add() in the file mod_fastcgi.c when processing overly long HTTP headers. Versions less than 1.4.18 are affected.
af386920d4c2d8806df005d9b44aca48Gentoo Linux Security Advisory GLSA 200709-17 - Mark Richters discovered a buffer overflow in the open_sty() function in file mkind.c. Other vulnerabilities have also been discovered in the same file but might not be exploitable. Tetex also includes vulnerable code from GD library (GLSA 200708-05), and from Xpdf. Versions less than 3.0_p1-r4 are affected.
1d4c037ac593b7240f5499f7f6cdf85bDebian Security Advisory 1378-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Evan Teran discovered a potential local denial of service (oops) in the handling of PTRACE_SETREGS and PTRACE_SINGLESTEP requests. Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. Steve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process' umask which may lead to unintentionally relaxed permissions. Wojciech Purczynski discovered a vulnerability that can be exploited by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavor. Michael Stone reported an issue with the JFFS2 filesystem. Legacy modes for inodes that were created with POSIX ACL support enabled were not being written out to the medium, resulting in incorrect permissions upon remount.
5e6dd1cd0082c7a2a3959335b7ea1e1b
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed