Section: .. / 0605-advisories /
| /// File Name: |
USN-280-1.txt |
Description:
|
Ubuntu Security Notice 280-1 - The Render extension of the X.org server incorrectly calculated the size of a memory buffer, which led to a buffer overflow. A local attacker could exploit this to crash the X server or even execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 95741 | | Related CVE(s): | CVE-2006-1526 | | Last Modified: | May 6 17:08:37 2006 |
| MD5 Checksum: | 8c18a8d0c4ccceff2f41787ca29bc684 |
|
| /// File Name: |
USN-281-1.txt |
Description:
|
Ubuntu Security Notice 281-1 - Multiple vulnerabilities have been discovered in the Linux 2.6 kernel. The sys_mbind() function did not properly verify the validity of the 'maxnod' argument. A local user could exploit this to trigger a buffer overflow, which caused a kernel crash. The SELinux module did not correctly handle the tracer SID when a process was already being traced. A local attacker could exploit this to cause a kernel crash. Al Viro discovered a local Denial of Service in the sysfs write buffer handling. By writing a block wit h a length exactly equal to the processor's page size to any writable file in /sys, a local attacker could cause a kernel crash. John Blackwood discovered a race condition with single-step debugging multiple processes at the same time. A local attacker could exploit this to crash the system. This only affects the amd64 platform. Marco Ivaldi discovered a flaw in the handling of the ID number of IP packets. This number was incremented after receiving unsolicited TCP SYN-ACK packets. A remote attacker could exploit this to conduct port scans with the 'Idle scan' method (nmap -sI), which bypassed intended port scan protections. Pavel Kankovsky discovered that the getsockopt() function, when called with an SO_ORIGINAL_DST argument, does not properly clear the returned structure, so that a random piece of kernel memory is exposed to the user. This could potentially reveal sensitive data like passwords or encryption keys. A buffer overflow was discovered in the USB Gadget RNDIS implementation. While creating a reply message, the driver did not allocate enough memory for the reply structure. A remote attacker could exploit this to cause a kernel crash. Alexandra Kossovsky discovered an invalid memory access in the ip_route_input() function. By using the 'ip' command in a particular way to retrieve multicast routes, a local attacker could exploit this to crash the kernel.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 88963 | | Related CVE(s): | CVE-2006-0557, CVE-2006-1052, CVE-2006-1055, CVE-2006-1066, CVE-2006-1242, CVE-2006-1343, CVE-2006-1368, CVE-2006-1525 | | Last Modified: | May 6 17:07:56 2006 |
| MD5 Checksum: | 86c4e4a8a74cce0a7462b38366038f87 |
|
| /// File Name: |
USN-282-1.txt |
Description:
|
Ubuntu Security Notice 282-1 - The nagios CGI scripts did not sufficiently check the validity of the HTTP Content-Length attribute. By sending a specially crafted HTTP request with a negative Content-Length value to the Nagios server, a remote attacker could exploit this to execute arbitrary code with web server privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5789 | | Related CVE(s): | CVE-2006-2162 | | Last Modified: | May 9 16:45:04 2006 |
| MD5 Checksum: | 9e38fc437a0a03d94075fbd95654b6ec |
|
| /// File Name: |
USN-283-1.txt |
Description:
|
Ubuntu Security Notice 283-1 - Stefano Di Paola discovered an information leak in the login packet parser. By sending a specially crafted malformed login packet, a remote attacker could exploit this to read a random piece of memory, which could potentially reveal sensitive data. Stefano Di Paola also found a similar information leak in the parser for the COM_TABLE_DUMP request.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9508 | | Related CVE(s): | CVE-2006-1516, CVE-2006-1517 | | Last Modified: | May 9 16:47:08 2006 |
| MD5 Checksum: | 64b42f33a66b1a93676c4da0e2b56e53 |
|
| /// File Name: |
USN-284-1.txt |
Description:
|
Ubuntu Security Notice 284-1: Paul Jakma discovered that Quagga's ripd daemon did not properly handle authentication of RIPv1 requests. If the RIPv1 protocol had been disabled, or authentication for RIPv2 had been enabled, ripd still replied to RIPv1 requests, which could lead to information disclosure.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3861 | | Last Modified: | May 17 17:47:02 2006 |
| MD5 Checksum: | 0938dd2ba4e57de8d6bf473428364a11 |
|
| /// File Name: |
USN-285-1.txt |
Description:
|
Ubuntu Security Notice 285-1: AWStats did not properly sanitize the 'migrate' CGI parameter. If the update of the stats via web front-end is allowed, a remote attacker could execute arbitrary commands on the server with the privileges of the AWStats server.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 2269 | | Last Modified: | May 26 18:13:50 2006 |
| MD5 Checksum: | 16816c83453e806800d575421942bfa8 |
|
| /// File Name: |
USN-286-1.txt |
Description:
|
Ubuntu Security Notice 286-1: Several format string vulnerabilities have been discovered in dia. By tricking a user into opening a specially crafted dia file, or a file with a specially crafted name, this could be exploited to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5692 | | Last Modified: | May 26 18:13:57 2006 |
| MD5 Checksum: | d5f1a212478ffe6cb7ef72769722ba82 |
|
| /// File Name: |
USN-287-1.txt |
Description:
|
Ubuntu Security Notice 287-1: The nagios CGI scripts did not sufficiently check the validity of the HTTP Content-Length attribute. By sending a specially crafted HTTP request with an invalidly large Content-Length value to the Nagios server, a remote attacker could exploit this to execute arbitrary code with web server privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5797 | | Last Modified: | May 29 19:43:55 2006 |
| MD5 Checksum: | 4adadba0298c4e39e2e1288d2f8a60e5 |
|
| /// File Name: |
USN-288-1.txt |
Description:
|
Ubuntu Security Notice 288-1: postgresql-7.4/-8.0, postgresql, psycopg, python-pgsql vulnerabilities
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 28608 | | Last Modified: | May 29 19:43:59 2006 |
| MD5 Checksum: | 4d81bd37f42f6a0ab18f6b88ff0a521a |
|
| /// File Name: |
V-Webmail1.6.4.txt |
Description:
|
V-Webmail 1.6.4 suffers from a remote file inclusion vulnerability.
| | Author: | beford | | File Size: | 749 | | Last Modified: | May 29 03:30:14 2006 |
| MD5 Checksum: | 511de337406152fd8cec7c59aaf08c7b |
|
| /// File Name: |
VacationRetal.txt |
Description:
|
Vacation Rental Script v1.0 suffers from XSS
| | Homepage: | http://www.youfucktard.com | | File Size: | 690 | | Last Modified: | May 29 03:23:51 2006 |
| MD5 Checksum: | 2f99ca27a97c99127afdcc41dd967e48 |
|
| /// File Name: |
variomat.txt |
Description:
|
Variomat CMS suffers from multiple SQL injection vulnerabilities.
| | Author: | CrAzY.CrAcKeR | | File Size: | 376 | | Last Modified: | May 29 19:50:58 2006 |
| MD5 Checksum: | bb4579b80a85095859089d36d5c25e62 |
|
| /// File Name: |
vCard2.9.txt |
Description:
|
vCard 2.9 suffers from multiple XSS vulnerabilities.
| | Author: | black-cod3 | | File Size: | 837 | | Last Modified: | May 29 19:47:13 2006 |
| MD5 Checksum: | e45e3defed869256dcce775847db8bff |
|
| /// File Name: |
verizonLinksys.txt |
Description:
|
Verizon voicewing combined with Linksys PAP2-VN suffers from a trust issue.
| | Author: | Haavar Valeur | | File Size: | 1969 | | Last Modified: | May 21 14:44:56 2006 |
| MD5 Checksum: | 6f379397376e06e6edf46d68215ec555 |
|
| /// File Name: |
visionsource.txt |
Description:
|
VisionSource CMS versions 0.6 and below suffer from cross site scripting flaws.
| | Author: | Nomenumbra | | File Size: | 285 | | Last Modified: | May 6 18:16:47 2006 |
| MD5 Checksum: | 21402d32ef0f38fd2ddb5784a9558a4d |
|
| /// File Name: |
VSR-2006-05-23.txt |
Description:
|
On April 18th, 2006 VSR has identified a stack overflow in the PDF Tools AG PDF Form Filling and Flattening tool. Although this is a traditional command line utility there may be a risk to those users of the application who use it within web application or a network service, particularly when relying on user supplied input to generate the PDF form field name or value pairs.
| | Homepage: | http://www.vsecurity.com/ | | File Size: | 4424 | | Last Modified: | May 26 18:43:54 2006 |
| MD5 Checksum: | b6ed72429d95e4de71ab22b8e31caed7 |
|
| /// File Name: |
Wavecon-Open-Xchange.txt |
Description:
|
Wavecon Advisory: Open-Xchange versions less than or equal to 0.8.2 defaultuser with /bin/bash and default password.
| | Homepage: | http://www.wavecon.de | | File Size: | 2544 | | Last Modified: | May 29 03:52:26 2006 |
| MD5 Checksum: | 0ccf1216f89f1cdacc1c0b8a2bc0a409 |
|
| /// File Name: |
webcalEnumerate.txt |
Description:
|
WebCalendar is susceptible to user enumeration flaws.
| | Author: | David Maciejak | | File Size: | 700 | | Last Modified: | May 6 17:36:44 2006 |
| MD5 Checksum: | 556f03dfc448cde1165e0384291d7ef0 |
|
| /// File Name: |
WebHostDirectoryv1.2.txt |
Description:
|
AlstraSoft Web Host Directory v1.2 suffers from XSS.
| | Author: | luny | | File Size: | 1361 | | Last Modified: | May 26 18:13:02 2006 |
| MD5 Checksum: | eb34f99114fcc4563636fe4d6f7d034e |
|
| /// File Name: |
websitebaker.txt |
Description:
|
WebsiteBaker CMS allows for injection of HTML and javascript.
| | Author: | Nomenumbra | | File Size: | 265 | | Last Modified: | May 6 18:17:31 2006 |
| MD5 Checksum: | 3d3fc53d87798f28202ccf161090c8c4 |
|
| /// File Name: |
WGR614.txt |
Description:
|
If the Netgear WGR614 Cable/DSL Wireless Router is configured to backup configuration settings, the device will store various information in cleartext. Accessing this file could allow an attacker to obtain sensitive information which could aid the attacker in compromising the web administration interface of the device, DSL/cable account passwords etc.
| | Author: | info | | File Size: | 496 | | Last Modified: | May 25 21:19:19 2006 |
| MD5 Checksum: | 5025cb5dff834832cef0e6fc103f8e15 |
|
| /// File Name: |
whatsupwiththat.txt |
Description:
|
Ipswitch What's Up Professional 2006 is vulnerable to a spoofing attack whereby the attacker can trick the application into thinking he/she is making a request from the console (which is considered trusted). This attack will allow the attacker to bypass the authentication mechanism of the application and login without credentials.
| | Author: | Kenneth F. Belva | | Homepage: | http://www.ftusecurity.com/ | | File Size: | 1326 | | Last Modified: | May 22 01:28:39 2006 |
| MD5 Checksum: | 5ae2438411d0ab8e2e5ec1d060e2f806 |
|
| /// File Name: |
x7chat202.txt |
Description:
|
X7Chat versions 2.0.2 and below suffer from cross site scripting flaws.
| | Author: | Nomenumbra | | File Size: | 337 | | Last Modified: | May 6 18:18:04 2006 |
| MD5 Checksum: | 20c2a45c2c1298da369a5e797d01e731 |
|
| /// File Name: |
xine0994.txt |
Description:
|
Xine version 0.99.4 appears susceptible to format string attacks.
| | Author: | KaDaL-X | | Homepage: | http://kandangjamur.net | | File Size: | 1109 | | Last Modified: | May 2 01:29:48 2006 |
| MD5 Checksum: | 35903154c046b291fd2cf40640e4f829 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
