Section: .. / 0711-advisories /
| /// File Name: |
TA07-317A.txt |
Description:
|
Technical Cyber Security Alert TA07-317A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Windows DNS Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary commands or to cause a Windows DNS server to provide incorrect DNS responses.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3975 | | Last Modified: | Nov 14 00:26:42 2007 |
| MD5 Checksum: | abf903fcb717f2ac6de1f00ee75983b9 |
|
| /// File Name: |
phpstream-dos.txt |
Description:
|
PHP versions 5.2.5 and below suffer from a denial of service vulnerability in stream_wrapper_register().
| | Author: | laurent gaffi | | File Size: | 942 | | Last Modified: | Nov 13 22:54:26 2007 |
| MD5 Checksum: | 5b4db4e5101ce323537b625a3cbded22 |
|
| /// File Name: |
phpgettext-dos.txt |
Description:
|
PHP versions 5.2.5 and below suffer from denial of service vulnerabilities in the Gettext Lib.
| | Author: | laurent gaffi | | File Size: | 1794 | | Last Modified: | Nov 13 22:53:46 2007 |
| MD5 Checksum: | 229781eceee8ae4657cfbd4b2f7bee22 |
|
| /// File Name: |
PR07-13.txt |
Description:
|
A cross site scripting vulnerability exists in F5 Networks FirePass versions 5.4 through 5.5.2 and versions 6.0 through 6.0.1.
| | Author: | Adrian Pastor, Jan Fry | | Homepage: | http://www.procheckup.com/ | | File Size: | 1277 | | Last Modified: | Nov 12 23:40:25 2007 |
| MD5 Checksum: | 38cb24b936a46e1a0f3233a4764a3314 |
|
| /// File Name: |
MDKSA-2007-204-1.txt |
Description:
|
Mandriva Linux Security Advisory - Alin Rad Pop of Secunia Research discovered a vulnerability in CUPS that can be exploited by malicious individuals to execute arbitrary code. This flaw is due to a boundary error when processing IPP (Internet Printing Protocol) tags. Due to incorrect build requirements/conflicts, the cups-config in Mandriva Linux 2008.0 was displaying the full CFLAGS and libs instead of just the libraries when 'cups-config --libs' was invoked. This update corrects the cups-config behaviour.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3468 | | Related CVE(s): | CVE-2007-4351 | | Last Modified: | Nov 12 23:38:36 2007 |
| MD5 Checksum: | 010e831f1ceb7b70422adc9007b89d76 |
|
| /// File Name: |
glsa-200711-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-16 - Alin Rad Pop (Secunia Research) discovered an off-by-one error in the ippReadIO() function when handling Internet Printing Protocol (IPP) tags that might allow to overwrite one byte on the stack. Versions less than 1.2.12-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3287 | | Related CVE(s): | CVE-2007-4351 | | Last Modified: | Nov 12 23:36:46 2007 |
| MD5 Checksum: | b80fe36cdf462f5ee677cccb59c25326 |
|
| /// File Name: |
glsa-200711-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-15 - Sean de Regge reported multiple integer overflows when processing FLAC media files that could lead to improper memory allocations resulting in heap-based buffer overflows. Versions less than 1.2.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3177 | | Related CVE(s): | CVE-2007-4619 | | Last Modified: | Nov 12 23:36:24 2007 |
| MD5 Checksum: | e8a6b3c13ae6bdef5e815020ef25e348 |
|
| /// File Name: |
glsa-200711-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-14 - Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the Javascript engine can be exploited to cause a memory corruption. Before being used in a request, input passed to the user ID when making an HTTP request with digest authentication is not properly sanitized. The titlebar can be hidden by a XUL markup language document. Additionally, an error exists in the handling of smb: and sftp: URI schemes on systems with gnome-vfs support. An unspecified error in the handling of XPCNativeWrappers and not properly implementing JavaScript onUnload() handlers may allow the execution of arbitrary Javascript code. Another error is triggered by using the addMicrosummaryGenerator sidebar method to access file: URIs. Versions less than 2.0.0.9 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 5565 | | Related CVE(s): | CVE-2007-1095, CVE-2007-2292, CVE-2007-5334, CVE-2007-5335, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340 | | Last Modified: | Nov 12 23:35:47 2007 |
| MD5 Checksum: | fa96dd3103e47ec1c52a35f012f0fd03 |
|
| /// File Name: |
SSRT071485.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP Secure Shell. The vulnerability could be exploited remotely to gain extended privileges.
| | Homepage: | http://www.hp.com/ | | File Size: | 6703 | | Related CVE(s): | CVE-2007-4752 | | Last Modified: | Nov 12 23:29:25 2007 |
| MD5 Checksum: | 2150f26620e2f6c3b7296e1bad71fb2b |
|
| /// File Name: |
safrcdlg-overflow.txt |
Description:
|
The Microsoft Remote Help safrcdlg.dll appears to suffer from a buffer overflow vulnerability.
| | Author: | Elazar Broad | | File Size: | 708 | | Last Modified: | Nov 12 23:28:54 2007 |
| MD5 Checksum: | 5b8e23d1f09548e80c7ef89b763d71b8 |
|
| /// File Name: |
11.12.07-1.txt |
Description:
|
iDefense Security Advisory 11.12.07 - Local exploitation of an invalid array indexing vulnerability in the NPF.SYS device driver of WinPcap allows attackers to execute arbitrary code in kernel context. The problem specifically exists within the bpf_filter_init function. In several places throughout this function, values supplied from a potential attacker are used as array indexes without proper bounds checking. By making IOCTL requests with specially chosen values, attackers are able to corrupt the stack, or pool memory, within the kernel. iDefense has confirmed the existence of this vulnerability in version 4.0.1 of WinPcap as included in Wireshark 0.99.6a. The version of NPF.SYS tested was 4.0.0.901. iDefense suspects older versions to also be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3806 | | Related CVE(s): | CVE-2007-5756 | | Last Modified: | Nov 12 23:26:43 2007 |
| MD5 Checksum: | ccb4207f94afc8cd90c0b5776dc0c638 |
|
| /// File Name: |
oracle-sysdba.txt |
Description:
|
Tanel Poder has found a way to get SYSDBA access to the Oracle database by utilizing a user who has the BECOME USER system privilege, execute privileges on KUPP$PROC.CHANGE_USER and CREATE SESSION.
| | Author: | Pete | | File Size: | 832 | | Last Modified: | Nov 12 23:25:46 2007 |
| MD5 Checksum: | 6e0ac7cb849365bf62c2d03852f33d25 |
|
| /// File Name: |
dsa-1405-2.txt |
Description:
|
Debian Security Advisory 1405-2 - The zope-cmfplone update in DSA 1405 introduced a regression. This update corrects this flaw.
| | Homepage: | http://www.debian.org/security | | File Size: | 3246 | | Related CVE(s): | CVE-2007-5741 | | Last Modified: | Nov 12 23:15:15 2007 |
| MD5 Checksum: | 347d7f36794b6872add8dd766ad92774 |
|
| /// File Name: |
bt-pwnage.txt |
Description:
|
Pwning the BT Home Hub details have been published. Various cross site scripting and cross site request forgery issues still exist.
| | Author: | pagvac | | Homepage: | http://www.gnucitizen.org/ | | File Size: | 2331 | | Last Modified: | Nov 12 22:39:42 2007 |
| MD5 Checksum: | 33bf36a9c0244909428ecd0367127de6 |
|
| /// File Name: |
iedosowc11-dos.txt |
Description:
|
An unhandled memory access violation in the OWC11.DataSourceControl in Internet Explorer may cause a denial of service condition.
| | Author: | Elazar Broad | | File Size: | 750 | | Last Modified: | Nov 12 22:12:02 2007 |
| MD5 Checksum: | 167bf60f97e78d10625a872a2a1640e3 |
|
| /// File Name: |
qt_pdat_heapbof.pdf |
Description:
|
QuickTime is prone to a heap overflow vulnerability when parsing malformed Panorama Sample Atoms, which are used in QuickTime Virtual Reality Movies.
| | Author: | Mario Ballano Barcena | | Homepage: | http://www.48Bits.com | | File Size: | 54534 | | Last Modified: | Nov 12 21:50:42 2007 |
| MD5 Checksum: | c3be020bca030b61f2924275b9def402 |
|
| /// File Name: |
tbsource-sql.txt |
Description:
|
It appears that the bittorrent tracker TBSource is susceptible to SQL injection attacks.
| | Author: | Emiliano Scavuzzo | | File Size: | 499 | | Last Modified: | Nov 12 20:08:14 2007 |
| MD5 Checksum: | b5636d8f3913a6068c774518cfb3a5ea |
|
| /// File Name: |
dsa-1406-1.txt |
Description:
|
Debian Security Advisory 1406-1 - Several remote vulnerabilities have been discovered in the Horde web application framework. Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting). Moritz Naumann discovered that Horde does not properly restrict its image proxy, allowing remote attackers to use the server as a proxy. Marc Ruef discovered that Horde allows remote attackers to include web pages from other sites, which could be useful for phishing attacks. iDefense discovered that the cleanup cron script in Horde allows local users to delete arbitrary files.
| | Homepage: | http://www.debian.org/security | | File Size: | 5082 | | Related CVE(s): | CVE-2006-3548, CVE-2006-3549, CVE-2006-4256, CVE-2007-1473, CVE-2007-1474 | | Last Modified: | Nov 9 20:26:24 2007 |
| MD5 Checksum: | 2f37a86186a6ae315e0b9f273de2cc32 |
|
| /// File Name: |
dsa-1405-1.txt |
Description:
|
Debian Security Advisory 1405-1 - It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies.
| | Homepage: | http://www.debian.org/security | | File Size: | 3301 | | Related CVE(s): | CVE-2007-5741 | | Last Modified: | Nov 9 20:25:10 2007 |
| MD5 Checksum: | 580ddeefe92d83875b885acbb1cff022 |
|
| /// File Name: |
adobe-cdpfr.txt |
Description:
|
Canonicalization issues in Adobe Macromedia Flash Player version 9.0 r31 allow for the manipulation of the cross domain policy file source.
| | Author: | Antonio Parata | | Homepage: | http://www.ictsc.it/ | | File Size: | 4965 | | Last Modified: | Nov 9 20:24:41 2007 |
| MD5 Checksum: | fdd986ac6d562bd8d7748ae7198bd672 |
|
| /// File Name: |
11.09.07-2.txt |
Description:
|
iDefense Security Advisory 11.09.07 - Local exploitation of a directory traversal vulnerability in IBM Corp.'s Informix Dynamic Server allows attackers to elevate privileges to root. This vulnerability exists due to insufficient checking for directory traversal sequences when processing the DBLANG environment variable. By using values containing directory traversal specifiers, such as "../", an attacker can cause set-uid binaries to use Native Language Support (NLS) message files under their control. iDefense confirmed the existence of this vulnerability in IBM Corp.'s Informix Dynamic Server version 10.00 UC6TL installed on a Linux system. Other versions are also suspected as vulnerable. Versions for other supported Unix systems should also be considered vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3995 | | Related CVE(s): | CVE-2007-5670 | | Last Modified: | Nov 9 18:09:25 2007 |
| MD5 Checksum: | a34eb657aa0ca282313ff895926cc760 |
|
| /// File Name: |
11.09.07-1.txt |
Description:
|
iDefense Security Advisory 11.09.07 - Remote exploitation of multiple buffer overflow vulnerabilities in AOL's AmpX ActiveX control could allow attackers to execute arbitrary code with the credentials of the user visiting a malicious website. Several methods within the vulnerable ActiveX control (CLSID B49C4597-8721-4789-9250-315DFBD9F525) were found to be vulnerable to stack-based buffer overflows. In each case, variable length attacker supplied data is copied into a fixed-size stack buffer using the strcpy() function. Since no input validation is performed, it is possible to corrupt stack memory, resulting in an exploitable condition. iDefense has confirmed the existence of this vulnerability in version 2.6.1.11 of America Online's AmpX.dll. Other versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3927 | | Related CVE(s): | CVE-2007-5755 | | Last Modified: | Nov 9 18:07:31 2007 |
| MD5 Checksum: | 8a8729cd693564fd75b4df22dc3d79b3 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
