Section: .. / 0608-advisories /
| /// File Name: |
glsa-200608-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-11 - A vulnerability in both Webmin and Usermin has been discovered by Kenny Chen, wherein simplify_path is called before the HTML is decoded. Versions less than 1.290 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3011 | | Last Modified: | Aug 18 01:00:58 2006 |
| MD5 Checksum: | 9c6a30d099397dc0265047697ad2327f |
|
| /// File Name: |
glsa-200608-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-12 - x11vnc includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as Type 1 - None (GLSA-200608-05). x11vnc will accept this security type, even if it is not offered by the server. Versions less than 0.8.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2772 | | Last Modified: | Aug 18 01:14:50 2006 |
| MD5 Checksum: | 0978f6ac52f8d89e2d343e0d676ecb8f |
|
| /// File Name: |
glsa-200608-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-13 - Damian Put has discovered a boundary error in the pefromupx() function used by the UPX extraction module, which unpacks PE Windows executable files. Both the clamscan command-line utility and the clamd daemon are affected. Versions less than 0.88.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2646 | | Last Modified: | Aug 18 01:44:06 2006 |
| MD5 Checksum: | 04392bfae45c8b347770bfbb6b5d9f01 |
|
| /// File Name: |
glsa-200608-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-14 - Luigi Auriemma found a heap-based buffer overflow in the it_read_envelope function which reads the envelope values for volume, pan and pitch of the instruments referenced in a .it (Impulse Tracker) file with a large number of nodes. Versions less than 0.9.3-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2645 | | Last Modified: | Aug 18 02:24:59 2006 |
| MD5 Checksum: | cf4e6dedd54e0982e632567cd9898355 |
|
| /// File Name: |
glsa-200608-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-15 - Unchecked calls to setuid() in krshd and v4rcp, as well as unchecked calls to seteuid() in kftpd and in ksu, have been found in the MIT Kerberos 5 program suite and may lead to a local root privilege escalation. Versions less than 1.4.3-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2799 | | Last Modified: | Aug 26 21:38:56 2006 |
| MD5 Checksum: | dabe3a31dcdc17dbdb0e04a912b6c973 |
|
| /// File Name: |
glsa-200608-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-16 - Luigi Auriemma discovered two buffer overflow vulnerabilities in Warzone 2100 Resurrection. The recvTextMessage function of the Warzone 2100 Resurrection server and the NETrecvFile function of the client use insufficiently sized buffers. Versions less than or equal to 2.0.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3262 | | Last Modified: | Aug 26 21:43:16 2006 |
| MD5 Checksum: | c26a9de26ea0c12fb2f3af8e42e03839 |
|
| /// File Name: |
glsa-200608-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-17 - infamous41md discovered that libwmf fails to do proper bounds checking on the MaxRecordSize variable in the WMF file header. This could lead to an head-based buffer overflow. Versions less than 0.2.8.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2663 | | Last Modified: | Aug 26 21:43:34 2006 |
| MD5 Checksum: | 3cd50aaef4e60c27bed50ea026b2f353 |
|
| /// File Name: |
glsa-200608-18.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-18 - The log function of Net::Server does not handle format string specifiers properly before they are sent to syslog. Versions less than 0.88 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2520 | | Last Modified: | Aug 26 21:43:51 2006 |
| MD5 Checksum: | 08230f9d79c540ffd62c04d95cd190c6 |
|
| /// File Name: |
glsa-200608-19.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-19 - The WordPress developers have confirmed a vulnerability in capability checking for plugins. Versions less than 2.0.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2410 | | Last Modified: | Aug 26 21:45:40 2006 |
| MD5 Checksum: | b3aa681aab6cd648c01b8352659d901a |
|
| /// File Name: |
glsa-200608-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-20 - The Ruby on Rails developers have corrected some weaknesses in action_controller/, relative to the handling of the user input and the LOAD_PATH variable. A remote attacker could inject arbitrary entries into the LOAD_PATH variable and alter the main Ruby on Rails process. The security hole has only been partly solved in version 1.1.5. Version 1.1.6 now fully corrects it. Versions less than 1.1.6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2945 | | Last Modified: | Aug 27 00:19:15 2006 |
| MD5 Checksum: | 6db4d3e282777430d69b590a709e3e9a |
|
| /// File Name: |
glsa-200608-21.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-21 - The ftpd and rcp applications provided by Heimdal fail to check the return value of calls to seteuid(). Versions less than 0.7.2-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2605 | | Last Modified: | Aug 27 19:59:23 2006 |
| MD5 Checksum: | d5d1da305786c9437fac97affa78f993 |
|
| /// File Name: |
glsa-200608-22.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-22 - Toth Andras has discovered a typographic mistake in the fbgs script, shipped with fbida if the fbcon and pdf USE flags are both enabled. This script runs gs without the -dSAFER option, thus allowing a PostScript file to execute, delete or create any kind of file on the system. Versions less than 2.03-r4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2771 | | Last Modified: | Aug 27 19:59:43 2006 |
| MD5 Checksum: | 0b2f5466ba21d3dff057b1c3bae40f88 |
|
| /// File Name: |
glsa-200608-23.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-23 - Yan Rong Ge discovered that the peel_netstring() function in cl_netstring.c does not validate the length parameter of user input, which can lead to an out-of-bounds memory access when processing certain Heartbeat messages. Furthermore an unspecified local DoS issue was fixed. Versions less than 2.0.7 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2860 | | Related CVE(s): | CVE-2006-3121, CVE-2006-3815 | | Last Modified: | Aug 27 20:25:38 2006 |
| MD5 Checksum: | f09b81c0273defe3fd1215c44243264a |
|
| /// File Name: |
glsa-200608-24.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-24 - AlsaPlayer contains three buffer overflows: in the function that handles the HTTP connections, the GTK interface, and the CDDB querying mechanism. Versions less than or equal to 0.99.76-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3008 | | Last Modified: | Aug 28 01:22:51 2006 |
| MD5 Checksum: | 04c76dbf6fe0e9b46fd79ae5a010f0bc |
|
| /// File Name: |
glsa-200608-25.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-25 - Several X.org libraries and X.org itself contain system calls to set*uid() functions, without checking their result. Versions less than 1.0.4-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 5408 | | Last Modified: | Aug 28 23:18:22 2006 |
| MD5 Checksum: | 85856a37798bd3882480b4d577f911a8 |
|
| /// File Name: |
glsa-200608-26.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-26 - The following vulnerabilities have been discovered in Wireshark. Firstly, if the IPsec ESP parser is used it is susceptible to off-by-one errors, this parser is disabled by default; secondly, the SCSI dissector is vulnerable to an unspecified crash; and finally, the Q.2931 dissector of the SSCOP payload may use all the available memory if a port range is configured. By default, no port ranges are configured. Versions less than 0.99.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3359 | | Last Modified: | Aug 29 13:06:28 2006 |
| MD5 Checksum: | 42042525794558383d89ddfe6017ab99 |
|
| /// File Name: |
glsa-200608-27.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-27 - In November 2005, Zone-H Research reported a boundary error in the ktools library in the VGETSTRING() macro of kkstrtext.h, which may cause a buffer overflow via an overly long input string. Versions less than 3.4.0-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2892 | | Last Modified: | Aug 29 13:06:50 2006 |
| MD5 Checksum: | ba321d1d7e73806185ca8165c086bd4b |
|
| /// File Name: |
glsa-200608-28.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200608-28 - The sscanf() PHP function contains an array boundary error that can be exploited to dereference a null pointer. This can possibly allow the bypass of the safe mode protection by executing arbitrary code. Versions less than 5.1.4-r6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2940 | | Last Modified: | Aug 29 13:07:27 2006 |
| MD5 Checksum: | 0f87c08c2790a2f549fcaa75499511db |
|
| /// File Name: |
hordeXSS-2.txt |
Description:
|
The Horde Framework and Horde IMP systems are susceptible to cross site scripting attacks in search.php. Flaws are verified in Horde versions 3.0.4 through 3.1.2 and IMP versions prior to 4.1.3.
| | Author: | Marc Ruef | | Homepage: | http://www.scip.ch/ | | File Size: | 3939 | | Last Modified: | Aug 27 03:36:55 2006 |
| MD5 Checksum: | ca31bf019478f3037931e27060c2470b |
|
| /// File Name: |
hordeXSS.txt |
Description:
|
The Horde Framework and Horde IMP systems are susceptible to cross site scripting attacks in index.php. Flaws are verified in Horde versions 3.0.4 through 3.1.2 and IMP versions prior to 4.1.3.
| | Author: | Marc Ruef | | Homepage: | http://www.scip.ch/ | | File Size: | 4063 | | Last Modified: | Aug 27 03:36:20 2006 |
| MD5 Checksum: | 80cc6ee76eadd40659315f14aec856ba |
|
| /// File Name: |
imsgiheap.txt |
Description:
|
ImageMagick versions 6.2.8 and below suffer from a heap overflow in ReadSGIImage().
| | Author: | Damian Put | | Homepage: | http://www.overflow.pl/ | | File Size: | 1797 | | Last Modified: | Aug 27 00:44:38 2006 |
| MD5 Checksum: | 4543fb0874a95e128b1f8644b01981a3 |
|
| /// File Name: |
INFIGO-2006-08-04.txt |
Description:
|
During an audit, a critical vulnerability has been discovered in the MDaemon POP3 server. There is a buffer overflow vulnerability in 'USER' and 'APOP' command processing part of the Altn MDaemon POP3 server. The vulnerability can be triggered with providing a long string to USER or APOP commands with '@' characters included in the string. In this case, MDaemon will incorectly process the string and a heap overflow will happen as a result. To trigger the vulnerability, a few USER commands have to be sent to the POP3 Server. Sometimes (depending on the heap state and string length), it is even possible to redirect code execution directly to the supplied input buffer on the heap. MDaemon versions 8 and 9 are confirmed vulnerable.
| | Author: | Leon Juranic | | Homepage: | http://www.infigo.hr/ | | Related Exploit: | mdaemon_poc.txt | | File Size: | 2277 | | Last Modified: | Aug 27 19:13:23 2006 |
| MD5 Checksum: | d2a66b4cd82218e9adf2ff9ae6a3ab77 |
|
| /// File Name: |
ip2long.txt |
Description:
|
PHP versions 5.0.2 and 4.3.3 suffer from a bypass flaw in ip2long().
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org/ | | File Size: | 2685 | | Last Modified: | Aug 3 02:49:29 2006 |
| MD5 Checksum: | f8f118ce03762f13325aa9165cd1cf86 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
