Section: .. / Last 20 Advisory Files /
| /// File Name: | USN-706-1.txt | Description:
| Ubuntu Security Notice USN-706-1 - It was discovered that Bind did not properly perform certificate verification. When DNSSEC with DSA certificates are in use, a remote attacker could exploit this to bypass certificate validation to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 37624 | | Related CVE(s): | CVE-2009-0025 | | Last Modified: | Jan 8 19:59:32 2009 | | MD5 Checksum: | 506056264ebfe80a7eaba22a136f9c66 |
|
| /// File Name: | AST-2009-001.txt | Description:
| Asterisk Project Security Advisory - IAX2 provides a different response during authentication when a user does not exist, as compared to when the password is merely wrong. This allows an attacker to scan a host to find specific users on which to concentrate password cracking attempts. | | Author: | Tilghman Lesher | | Homepage: | http://www.asterisk.org/security | | File Size: | 10478 | | Related CVE(s): | CVE-2009-0041 | | Last Modified: | Jan 8 19:27:39 2009 | | MD5 Checksum: | 51f47441fcd4678b7c237afe816ab371 |
|
| /// File Name: | USN-705-1.txt | Description:
| Ubuntu Security Notice USN-705-1 - It was discovered that NTP did not properly perform signature verification. A remote attacker could exploit this to bypass certificate validation via a malformed SSL/TLS signature. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 12500 | | Related CVE(s): | CVE-2009-0021 | | Last Modified: | Jan 8 17:27:06 2009 | | MD5 Checksum: | 14a35d7392f9fb849678e1dc2fb2c6f8 |
|
| /// File Name: | FreeBSD-SA-09-02.openssl.txt | Description:
| FreeBSD Security Advisory - The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. The SSL layer in OpenSSL uses EVP_VerifyFinal(), which in several places checks the return value incorrectly and treats verification errors as a good signature. This is only a problem for DSA and ECDSA keys. | | Homepage: | http://security.freebsd.org/ | | File Size: | 9519 | | Related CVE(s): | CVE-2008-5077 | | Last Modified: | Jan 7 17:43:21 2009 | | MD5 Checksum: | 2328586310ef4612f8f258d3c8e4f921 |
|
| /// File Name: | USN-704-1.txt | Description:
| Ubuntu Security Notice USN-704-1 - It was discovered that OpenSSL did not properly perform signature verification on DSA and ECDSA keys. If user or automated system connected to a malicious server or a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 19482 | | Related CVE(s): | CVE-2008-5077 | | Last Modified: | Jan 7 17:42:50 2009 | | MD5 Checksum: | 077790a3f249b28578aa11ebed3c7d63 |
|
| /// File Name: | CA20090107-01.txt | Description:
| CA Service Metric Analysis and CA Service Level Management contain a vulnerability that can allow a remote attacker to execute arbitrary commands. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient access restrictions associated with the smmsnmpd service. A remote attacker can exploit this vulnerability to execute arbitrary commands in the context of the service. Affected products include CA Service Level Management 3.5, CA Service Metric Analysis r11.0, CA Service Metric Analysis r11.1, and CA Service Metric Analysis r11.1 SP1. | | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4398 | | Related CVE(s): | CVE-2009-0043 | | Last Modified: | Jan 7 17:39:25 2009 | | MD5 Checksum: | 29eac4fb82df696ee49b0366799f009d |
|
| /// File Name: | dsa-1697-1.txt | Description:
| Debian Security Advisory 1697-1 - Several remote vulnerabilities have been discovered in Iceape an unbranded version of the Seamonkey internet suite. | | Homepage: | http://www.debian.org/security | | File Size: | 23670 | | Related CVE(s): | CVE-2008-0016, CVE-2008-0304, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811, CVE-2008-2933, CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069, CVE-2008-4070, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-0017, CVE-2008-5021, CVE-2008-5022, CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512 | | Last Modified: | Jan 7 17:38:42 2009 | | MD5 Checksum: | ea76c5b29f1d0319d27fce26bab370e7 |
|
| /// File Name: | dsa-1696-1.txt | Description:
| Debian Security Advisory 1696-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. | | Homepage: | http://www.debian.org/security | | File Size: | 21741 | | Related CVE(s): | CVE-2008-0016, CVE-2008-1380, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070, CVE-2008-5012, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024, CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512 | | Last Modified: | Jan 7 17:37:26 2009 | | MD5 Checksum: | 210d8ff45d55800a263974339b0aa0df |
|
| /// File Name: | cisco-sa-20090107-gss.txt | Description:
| Cisco Security Advisory - The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS. | | Homepage: | http://www.cisco.com/ | | File Size: | 13432 | | Related CVE(s): | CVE-2008-3819 | | Last Modified: | Jan 7 15:24:21 2009 | | MD5 Checksum: | 111832b44a96a01d091ace59ff081afd |
|
| /// File Name: | secadv_20090107.txt | Description:
| Several functions inside OpenSSL incorrectly checked the result aftercalling the EVP_VerifyFinal function, allowing a malformed signatureto be treated as a good signature rather than as an error. This issueaffected the signature checks on DSA and ECDSA keys used withSSL/TLS.One way to exploit this flaw would be for a remote attacker who is incontrol of a malicious server or who can use a 'man in the middle'attack to present a malformed SSL/TLS signature from a certificate chainto a vulnerable client, bypassing validation. | | Homepage: | http://www.openssl.org/ | | Related File: | oCERT-2008-016.txt | | File Size: | 7906 | | Related CVE(s): | CVE-2008-5077 | | Last Modified: | Jan 7 15:21:31 2009 | | MD5 Checksum: | 5ff1f702db3b6ad0f391aaa8dc65fdbb |
|
| /// File Name: | oCERT-2008-016.txt | Description:
| Several functions inside the OpenSSL library incorrectly check the result after calling the EVP_VerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. The flaw may be exploited by a malicious server or a man-in-the-middle attack that presents a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation. | | Author: | Will Drewry | | Homepage: | http://www.ocert.org/ | | File Size: | 3545 | | Related CVE(s): | CVE-2008-5077, CVE-2008-0021, CVE-2008-0025 | | Last Modified: | Jan 7 15:17:20 2009 | | MD5 Checksum: | be0e81721da50c8f104a4d26e99d8d02 |
|
| /// File Name: | msienull-dos.txt | Description:
| A NULL pointer read vulnerability exists in Microsoft Internet Explorer versions 6.0, 7.0, and 8.0 Beta. | | Author: | SkyLined | | File Size: | 330 | | Last Modified: | Jan 7 15:10:42 2009 | | MD5 Checksum: | f739f49d13fa6d3d74c4fc6650a3ff73 |
|
| /// File Name: | secunia-sapgui.txt | Description:
| Secunia Research has discovered a vulnerability in SAP GUI, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the included TabOne ActiveX control (sizerone.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding multiple tabs via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. SAP GUI 6.40 Patch 29 and SAP GUI 7.10 are both affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4916 | | Related CVE(s): | CVE-2008-4827 | | Last Modified: | Jan 7 15:02:45 2009 | | MD5 Checksum: | f6d854e9387019c1663440299fd11826 |
|
| /// File Name: | secunia-tsc2.txt | Description:
| Secunia Research has discovered a vulnerability in TSC2 Help Desk, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the included CTab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding multiple tabs via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. TSC2 Help Desk version 4.1.8 is affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4185 | | Related CVE(s): | CVE-2008-4827 | | Last Modified: | Jan 7 15:01:12 2009 | | MD5 Checksum: | 8e5f09145f01b0c4f776688b090702fa |
|
| /// File Name: | secunia-componentone.txt | Description:
| Secunia Research has discovered a vulnerability in ComponentOne SizerOne, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error in the included Tab ActiveX control (c1sizer.ocx) when copying tab captions. This can be exploited to cause a heap-based buffer overflow by e.g. adding tabs with overly long captions via the "AddTab()" method. Successful exploitation may allow execution of arbitrary code. ComponentOne SizerOne version 8.0.20081.140 is affected. | | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 5118 | | Related CVE(s): | CVE-2008-4827 | | Last Modified: | Jan 7 14:59:14 2009 | | MD5 Checksum: | 8ad3f227012766eb7fe25b07b3b6a9ec |
|
| /// File Name: | secunia-hpopenview.txt | Description:
| Secunia Research has discovered vulnerabilities in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. HP OpenView Network Node Manager 7.51 with NNM_01168 is affected. | | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 6405 | | Related CVE(s): | CVE-2008-0067 | | Last Modified: | Jan 7 14:23:56 2009 | | MD5 Checksum: | 9c680d6e547825ea20cdc34d517ebe8b |
|
| /// File Name: | dsa-1694-2.txt | Description:
| Debian Security Advisory 1694-2 - The xterm update in DSA-1694-1 disabled font changing as a precaution. However, users reported that they need this feature. The update in this DSA makes font shifting through escape sequences configurable, using a new allowFontOps X resource, and unconditionally enables font changing through keyboard sequences. | | Homepage: | http://www.debian.org/security | | File Size: | 4950 | | Related CVE(s): | CVE-2008-2383 | | Last Modified: | Jan 6 20:59:43 2009 | | MD5 Checksum: | 63fc5c0e5f6a119a647f787b6a6b68e9 |
|
| /// File Name: | USN-701-2.txt | Description:
| Ubuntu Security Notice USN-701-2 - Several flaws were discovered in the Thunderbird browser engine. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. Chris Evans discovered that Thunderbird did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Several flaws were discovered in the Javascript engine. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 6686 | | Related CVE(s): | CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512 | | Last Modified: | Jan 6 20:54:59 2009 | | MD5 Checksum: | 8ee27bf646d62f2d7d36ea846501908d |
|
| /// File Name: | USN-701-1.txt | Description:
| Ubuntu Security Notice USN-701-1 - Several flaws were discovered in the Thunderbird browser engine. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. Chris Evans discovered that Thunderbird did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Kojima Hajime discovered that Thunderbird did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Several flaws were discovered in the Javascript engine. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 14473 | | Related CVE(s): | CVE-2008-5500, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512 | | Last Modified: | Jan 6 20:51:28 2009 | | MD5 Checksum: | b633c149416e4d009e56252ffe61c45f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
