Section: .. / 0803-advisories /
| /// File Name: |
ZDI-08-012.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM's Informix Dynamic Server. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the oninit.exe process that listens by default on TCP port 1526. During authentication, the process does not validate the length of the supplied user password. An attacker can provide a overly long password and overflow a stack based buffer resulting in arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3527 | | Related CVE(s): | CVE-2008-0727 | | Last Modified: | Mar 13 16:44:04 2008 |
| MD5 Checksum: | 0514694ac6e8577a2f7e74face18c5f7 |
|
| /// File Name: |
ZDI-08-011.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM's Informix Dynamic Server. User interaction is not required to exploit this vulnerability. Authentication is required in that an attacker must have database connection privileges. The specific flaw exists in the oninit.exe process that listens by default on TCP port 1526. During authentication, the process does not validate the length of the DBPATH variable. An attacker can provide a overly long variable name and overflow a global buffer, overwriting function pointers leading to arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3560 | | Related CVE(s): | CVE-2008-0727 | | Last Modified: | Mar 13 16:43:11 2008 |
| MD5 Checksum: | 9aba0695949a10843e411aecb47a4ad6 |
|
| /// File Name: |
MDVSA-2008-066.txt |
Description:
|
Mandriva Linux Security Advisory - Jurgen Weigert found a directory traversal vulnerability in fastjar versions prior to 0.93. This vulnerability allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filename with ../ sequences.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 12532 | | Related CVE(s): | CVE-2006-3619 | | Last Modified: | Mar 13 16:42:16 2008 |
| MD5 Checksum: | d44b1a87f91fbceb277c852597cd642c |
|
| /// File Name: |
zabbix-dos.txt |
Description:
|
Zabbix is susceptible to a resource consumption denial of service vulnerability when the zabbix_agentd is told to checksum a device (like /dev/urandom, etc).
| | Author: | Milen Rangelov | | File Size: | 1810 | | Last Modified: | Mar 13 16:40:36 2008 |
| MD5 Checksum: | 6ec48b5583f2b94e763b3972da82b95f |
|
| /// File Name: |
sa29337.txt |
Description:
|
Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in McAfee ePolicy Orchestrator, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29337/ | | File Size: | 2589 | | Last Modified: | Mar 13 16:32:45 2008 |
| MD5 Checksum: | 43275ece99f12b57fb23a8d0ea55c09a |
|
| /// File Name: |
sa29362.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been discovered in eXV2, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/29362/ | | File Size: | 2168 | | Last Modified: | Mar 13 16:32:45 2008 |
| MD5 Checksum: | 2dd787ca508dde1d4293acc63dede8ca |
|
| /// File Name: |
sa29368.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29368/ | | File Size: | 2645 | | Last Modified: | Mar 13 16:32:45 2008 |
| MD5 Checksum: | d7735c3a325ca0804a4699f5be61e44c |
|
| /// File Name: |
sa29375.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for roundup. This fixes some vulnerabilities with unknown impacts, and a security issue, which can be exploited by malicious users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29375/ | | File Size: | 2232 | | Last Modified: | Mar 13 16:32:45 2008 |
| MD5 Checksum: | dd94364f1e76699497bebec4acf6264c |
|
| /// File Name: |
meccaffi.txt |
Description:
|
McAfee Framework versions 3.6.0.569 and below suffer from a format string vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | meccaffi.zip | | File Size: | 2006 | | Last Modified: | Mar 13 01:54:38 2008 |
| MD5 Checksum: | 13ac7c2291390d7e54f0ea02f534bab8 |
|
| /// File Name: |
glsa-200803-21.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-21 - Sarg doesn't properly check its input for abnormal content when processing Squid log files. Versions less than 2.2.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2832 | | Related CVE(s): | CVE-2008-1167, CVE-2008-1168 | | Last Modified: | Mar 13 01:50:44 2008 |
| MD5 Checksum: | 8507a82a3018f92e30f921c57e5ed0a0 |
|
| /// File Name: |
sa29340.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for java-1.4.2-bea. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive/system information, cause a DoS (Denial of Service), manipulate data, or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29340/ | | File Size: | 2575 | | Last Modified: | Mar 13 01:50:13 2008 |
| MD5 Checksum: | f94c7f2ada0f94f84305f91441385721 |
|
| /// File Name: |
sa29350.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Red Hat Directory Server, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/29350/ | | File Size: | 2380 | | Last Modified: | Mar 13 01:50:13 2008 |
| MD5 Checksum: | e52f3112ab2be09f26f7e33ce39b7013 |
|
| /// File Name: |
sa29352.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29352/ | | File Size: | 2336 | | Last Modified: | Mar 13 01:50:13 2008 |
| MD5 Checksum: | b01c1ccaef9e80bf35a91ac06d6add83 |
|
| /// File Name: |
SCOSA-2008.2.txt |
Description:
|
SCO Security Advisory SCOSA-2008.2 - sshd in OpenSSH versions before 4.4, when using the version 1 SSH protocol, could allow a remote attacker to cause a denial of service. It certainly is nice to have SCO bring this to light for their consumers two years after the fact.
| | Author: | SCO | | Homepage: | http://www.sco.com/support/security/index.html | | File Size: | 4620 | | Related CVE(s): | CVE-2006-4924 | | Last Modified: | Mar 13 01:50:02 2008 |
| MD5 Checksum: | 4dc7715fb3a411b0fca873e248936b25 |
|
| /// File Name: |
ZDI-08-010.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the useEncodingDecl() function used while parsing the xml header character encoding attribute. When a user downloads a malicious JNLP file, the charset value is read into a static buffer. If an overly charset name in the xml header is included, a stack based buffer overflow occurs, resulting in an exploitable condition.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3284 | | Related CVE(s): | CVE-2008-1188 | | Last Modified: | Mar 13 01:46:04 2008 |
| MD5 Checksum: | 5a74d23adc6e1b3e991f4b6243651b6f |
|
| /// File Name: |
ZDI-08-009.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the useEncodingDecl() function used while checking xml based JNLP files for UTF8 characters. When a user downloads a malicious JNLP file, the data immediately preceding the opening of the xml tag is read into a static buffer. If an overly long key name in the xml header is included, a stack based buffer overflow occurs, resulting in an exploitable condition.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3323 | | Related CVE(s): | CVE-2008-1188 | | Last Modified: | Mar 13 01:45:20 2008 |
| MD5 Checksum: | d8d717d09ec7deffd5ccca6cbd673ae4 |
|
| /// File Name: |
cisco-sa-20080312-ucp.txt |
Description:
|
Cisco Security Advisory - Two sets of vulnerabilities were discovered in the Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application. The first set of vulnerabilities address several buffer overflow conditions in the UCP application that could result in remote execution of arbitrary code on the host system where UCP is installed. The second set of vulnerabilities address cross-site scripting in the UCP application pages.
| | Author: | FX | | Homepage: | http://www.cisco.com/ | | File Size: | 14162 | | Related CVE(s): | CVE-2008-0532, CVE-2008-0533 | | Last Modified: | Mar 13 01:37:56 2008 |
| MD5 Checksum: | 383c5bf5fc0d9bcd46fd639132dd50a6 |
|
| /// File Name: |
03.11.08-3.txt |
Description:
|
iDefense Security Advisory 03.11.08 - Remote exploitation of an input validation error in the handling of "mailto" URIs by Microsoft Corp.'s Outlook may allow arbitrary code execution. It is possible to construct a "mailto" URI which causes the web browser to pass extra command line switches to Outlook. These switches can modify Outlook's account configuration. iDefense has confirmed the existence of this vulnerability in Microsoft Outlook 2007 on Windows XP SP2. Previous versions may also be affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 3012 | | Related CVE(s): | CVE-2008-0110 | | Last Modified: | Mar 13 01:28:43 2008 |
| MD5 Checksum: | 3a1dfceb0f15cb2f4c8b70699b4e23c8 |
|
| /// File Name: |
03.11.08-2.txt |
Description:
|
iDefense Security Advisory 03.11.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel 2003 could allow attackers to execute arbitrary code in the context of the currently logged on user. This vulnerability specifically exists due to the improper handling of malformed formulas. By creating a document containing a specially crafted formula, an attacker is able to cause memory corruption that leads to arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Excel 2003 SP2. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3240 | | Related CVE(s): | CVE-2008-0115 | | Last Modified: | Mar 13 01:27:41 2008 |
| MD5 Checksum: | 21b457751f6f41a127dcdbc087383750 |
|
| /// File Name: |
03.11.08-1.txt |
Description:
|
iDefense Security Advisory 03.11.08 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Excel spreadsheet application allows attackers to execute arbitrary code in the context of the user who started Excel. The vulnerability exists in the handling of DVAL records in BIFF8 format spreadsheet files. When certain fields are set to invalid values, heap corruption occurs. iDefense has confirmed the existence of this vulnerability in Microsoft Excel 2003 and Excel 2007. Previous versions may also be affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 3086 | | Related CVE(s): | CVE-2008-0111 | | Last Modified: | Mar 13 01:26:35 2008 |
| MD5 Checksum: | 1c71a5cca97e7d7714ca5a12198093ca |
|
| /// File Name: |
glsa-200803-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-20 - Will Drewry (Google Security) reported a vulnerability in the regular expression engine when using back references to capture \0 characters (CVE-2007-4770). He also found that the backtracking stack size is not limited, possibly allowing for a heap-based buffer overflow (CVE-2007-4771). Versions less than 3.8.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3361 | | Related CVE(s): | CVE-2007-4770, CVE-2007-4771 | | Last Modified: | Mar 13 00:54:32 2008 |
| MD5 Checksum: | eaf7de4e9d22e760b2e1a5d10e3173f9 |
|
| /// File Name: |
glsa-200803-19.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-19 - Adrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method specifier header is not properly sanitized when the HTTP return code is 413 Request Entity too large (CVE-2007-6203). The mod_proxy_balancer module does not properly check the balancer name before using it (CVE-2007-6422). The mod_proxy_ftp does not define a charset in its answers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported that filenames are not properly sanitized within the mod_negociation module (CVE-2008-0455, CVE-2008-0456). Versions less than 2.2.8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3663 | | Related CVE(s): | CVE-2007-6203, CVE-2007-6422, CVE-2008-0005, CVE-2008-0455, CVE-2008-0456 | | Last Modified: | Mar 13 00:49:36 2008 |
| MD5 Checksum: | dc957d1a1a0a8a3af3296443b86966e4 |
|
| /// File Name: |
dsa-1515-1.txt |
Description:
|
Debian Security Advisory 1515-1 - Several remote vulnerabilities have been discovered in libnet-dns-perl. It was discovered that libnet-dns-perl generates very weak transaction IDs when sending queries. Compression loops in domain names resulted in an infinite loop in the domain name expander written in Perl. Decoding malformed A records could lead to a crash (via an uncaught Perl exception) of certain applications using libnet-dns-perl.
| | Homepage: | http://www.debian.org/security | | File Size: | 9075 | | Related CVE(s): | CVE-2007-3377, CVE-2007-3409, CVE-2007-6341 | | Last Modified: | Mar 13 00:49:08 2008 |
| MD5 Checksum: | 96e00d35300c28a7d23ec47818dab7e7 |
|
| /// File Name: |
TPTI-08-03.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed tag a heap allocation can be adversely controlled. When user supplied data is copied to a heap buffer the resulting data results in a arbitrary memory overwrite. If successfully exploited this could lead to system compromise under the credentials of the currently logged in user.
| | Author: | Cody Pierce | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 1613 | | Related CVE(s): | CVE-2008-0116 | | Last Modified: | Mar 13 00:47:20 2008 |
| MD5 Checksum: | 7d12530a43a2ce9e769aa39d05521eb2 |
|
| /// File Name: |
ZDI-08-008.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of malformed cell comments. When Excel encounters a malformed record it attempts to rebuild the broken meta-data. A flaw in this rebuilding process allows the user to specify critical data offsets eventually leading to code execution under the logged in users credentials.
| | Author: | Arnaud Dovi | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3286 | | Related CVE(s): | CVE-2008-0113 | | Last Modified: | Mar 13 00:21:49 2008 |
| MD5 Checksum: | fad9ca3fbd2db4d159a2d0d8c46e7a60 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
