Cisco Security Advisory - Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution. The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.
f7a50af3ec20c59e5ab5ff3dc4993ae6Cisco Security Advisory - A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
b6b22521b835b52b20c91e549abbb8edCisco Security Advisory - A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
497441b74e0004aa9688a6d78b55fdacCisco Security Advisory - Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that run branches of Cisco IOS based on 12.2 can be vulnerable to a denial of service vulnerability that can prevent any traffic from entering an affected interface. For a device to be vulnerable, it must be configured for Open Shortest Path First (OSPF) Sham-Link and Multi Protocol Label Switching (MPLS) Virtual Private Networking (VPN). This vulnerability only affects Cisco Catalyst 6500 Series or Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720) modules. The Supervisor 32, Supervisor 720, Supervisor 720-3B, Supervisor 720-3BXL, Route Switch Processor 720, Route Switch Processor 720-3C, and Route Switch Processor 720-3CXL are all potentially vulnerable.
5c74aa992cd5ee8cef86af771b355b71Cisco Security Advisory - Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets. Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.
4996d1c7db9a231f201e973caff24acdMandriva Linux Security Advisory - Two vulnerabilities were found in the Website META Language (WML) package that allowed local users to overwrite arbitrary files via symlink attacks.
8635c05f2b3a0be9d4fa9a4dc214b51bA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory for Linux. Authentication is not required to exploit this vulnerability. The specific flaw exists in the libnldap library. When a large LDAP delRequest message is sent, a stack overflow occurs overwriting a function pointer. This results in a situation allowing the execution of arbitrary code.
e35e7ad52a9e2a0a6d71048d250a4a7bIBM solidDB versions 6.00.1018 and below suffer from format string, crash, NULL pointer, and server termination vulnerabilities.
06638a5eb857c1968c60370c919a7ecaSecunia Security Advisory - Digital Security Research Group has discovered a vulnerability in PowerBook, which can be exploited by malicious people to disclose sensitive information.
1145ad2a630ad9682ebcfade207fed47Secunia Security Advisory - Daniel Papasian has reported a vulnerability in the PECL Alternative PHP Cache (APC) extension, which can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system.
6da1389bbd3a47271c1ead3df22fef8bUbuntu Security Notice 596-1 - Chris Clark discovered that Ruby's HTTPS module did not check for commonName mismatches early enough during SSL negotiation. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to view sensitive information in HTTPS requests coming from Ruby applications. It was discovered that Ruby's FTPTLS, telnets, and IMAPS modules did not check the commonName when performing SSL certificate checks. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to eavesdrop on encrypted communications from Ruby applications using these protocols.
a46d0b7c1d5e53f0d8ea29f86db14854Ubuntu Security Notice 595-1 - Michael Skladnikiewicz discovered that SDL_image did not correctly load GIF images. If a user or automated system were tricked into processing a specially crafted GIF, a remote attacker could execute arbitrary code or cause a crash, leading to a denial of service. David Raulo discovered that SDL_image did not correctly load ILBM images. If a user or automated system were tricked into processing a specially crafted ILBM, a remote attacker could execute arbitrary code or cause a crash, leading to a denial of service.
56a5c4510b1bed524cff5c00ce259ee5Ubuntu Security Notice 594-1 - It was discovered that Net::DNS did not correctly validate the size of DNS replies. A remote attacker could send a specially crafted DNS response and cause applications using Net::DNS to abort, leading to a denial of service.
e7eaa3c8cfc9df83a00033734478e816Ubuntu Security Notice 593-1 - It was discovered that the default configuration of dovecot could allow access to any email files with group "mail" without verifying that a user had valid rights. An attacker able to create symlinks in their mail directory could exploit this to read or delete another user's email. By default, dovecot passed special characters to the underlying authentication systems. While Ubuntu releases of dovecot are not known to be vulnerable, the authentication routine was proactively improved to avoid potential future problems.
4a2fd40b872bf6b94fc599b98e0f26b3Ubuntu Security Notice 592-1 - A ridiculous amount of vulnerabilities in Firefox have been addressed in this advisory for Ubuntu.
aeed7a8b0cc4c145af558bade514732bHP Security Bulletin - A potential security vulnerability has been identified in the SFTP Server (sftp-server) component of SSH version 3.2.0 and earlier running on HP Tru64 UNIX. The vulnerability could be exploited by a remote user to execute arbitrary code or cause a Denial of Service (DoS). Yes, this is from 2006. Yes, HP is just notifying people now.
ff783e16ea6d5ea497e199cd8890a3a2Secunia Security Advisory - Secunia Research has discovered a vulnerability in Orb, which can be exploited by malicious people to compromise a user's system.
b2cd9878b0b8a996f5db6ff4c311f4c4Secunia Security Advisory - Pranav Joshi has reported a security issue in ZyXEL ZyWALL 1050, which can be exploited by malicious people to bypass certain security restrictions.
f31a4208e8b21f4a6a26b5928384ac2dSecunia Security Advisory - Ubuntu has issued an update for libicu. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
6f802f1be02976217f8218ee4825e6d0Secunia Security Advisory - Mandriva has issued an update for bzip2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
e472f97aac0e929389a5d7a6ca905657Secunia Security Advisory - c0ndemned has reported a vulnerability in XLPortal, which can be exploited by malicious people to conduct SQL injection attacks.
10f6a7ba08ff6953b09da9a2bab9ab07Secunia Security Advisory - Russ McRee has reported a vulnerability in Photo Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.
524def9a4430fcc6b389d737f6d5d975Secunia Security Advisory - Jerome Athias has discovered a vulnerability in the my_gallery plugin for e107, which can be exploited by malicious people to disclose sensitive information.
6ce00330e5aa0980d6d4cc4b09750534Secunia Security Advisory - Debian has issued an update for serendipity. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and script-insertion attacks or to bypass certain security restrictions.
843f5201e1243c69c94de0a9bab68203Secunia Security Advisory - Ubuntu has issued an update for bzip2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
1bce3206f382a7b5d40d057c15645357
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed