Section: .. / 0704-advisories /
| /// File Name: |
SSRT061120.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running ARPA Transport. The vulnerability could be exploited by a local user to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 6144 | | Last Modified: | Apr 13 00:54:18 2007 |
| MD5 Checksum: | 1f9c8670f4e3e450080df90375d4040f |
|
| /// File Name: |
SSRT061177.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could be exploited remotely to gain unauthorized access to certain facilities of the NNM server.
| | Homepage: | http://www.hp.com | | File Size: | 8604 | | Last Modified: | Apr 3 02:48:43 2007 |
| MD5 Checksum: | eee11b60a8ee7a3f80449afa18e42d73 |
|
| /// File Name: |
SSRT061243.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 7734 | | Last Modified: | Apr 24 09:49:29 2007 |
| MD5 Checksum: | 0eb9d9b7d152034fd3a35b97ce143f59 |
|
| /// File Name: |
SSRT071312.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with a Mercury Quality Center ActiveX control. The vulnerability could be exploited by a remote unauthorized user to execute arbitrary code on a Windows client running the ActiveX control.
| | Homepage: | http://www.hp.com | | File Size: | 5860 | | Last Modified: | Apr 13 00:18:06 2007 |
| MD5 Checksum: | b7a5e243cb8d8c4a0e78816c6ca098a7 |
|
| /// File Name: |
SSRT071330.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with HP StorageWorks Command View Advanced Edition for XP software where new user registration or addition may allow local unauthorized access to user accounts.
| | Homepage: | http://www.hp.com | | File Size: | 6156 | | Last Modified: | Apr 25 07:22:47 2007 |
| MD5 Checksum: | 74b2707a8305f2e7fff4376282156071 |
|
| /// File Name: |
SSRT071339.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in HP-UX with the Portable File System (PFS). The vulnerability could be exploited remotely to gain an increase in privilege.
| | Homepage: | http://www.hp.com | | File Size: | 7552 | | Last Modified: | Apr 13 01:01:42 2007 |
| MD5 Checksum: | ca99600abe0585d9284e3833de055347 |
|
| /// File Name: |
SSRT071341.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running CIFS Server (Samba). This vulnerability may allow a remote unauthorized user to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 6297 | | Related CVE(s): | CVE-2007-0452 | | Last Modified: | Apr 8 01:33:31 2007 |
| MD5 Checksum: | 44cd3d59cc8a8d9654c16b5a643594d9 |
|
| /// File Name: |
SSRT071354.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com | | File Size: | 8293 | | Last Modified: | Apr 13 00:54:47 2007 |
| MD5 Checksum: | bbe10b19f8bafbdcb8782b1cd2f2793e |
|
| /// File Name: |
SSRT071365.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com | | File Size: | 9488 | | Last Modified: | Apr 23 05:36:37 2007 |
| MD5 Checksum: | d35a186f94ca44dd8214355b056fa3a6 |
|
| /// File Name: |
SYMSA-2007-003.txt |
Description:
|
Symantec Vulnerability Research SYMSA-2007-003 - Macrovision InstallAnywhere packages include an XML project configuration file named InstallScript.iap_xml. This file controls the behavior of the installation process, including verification of a password and/or serial number (if applicable). Upon starting an installer, a directory is created in temporary disk space. This directory contains multiple files, including a ZIP archive that contains the XML project file. A LaunchAnywhere executable is also created during the installation process and is used to launch the actual Java application installer. It is possible to bypass serial number and password controls by creating a copy of this temporary directory, extracting a copy of the XML project file from the ZIP archive, deleting the relevant serial number or password verification sections from the XML project file, replacing the modifiedXML project file in the ZIP archive, and then manually starting the installation process via the included LaunchAnywhere executable.
| | Author: | Brian Reilly | | Homepage: | http://www.symantec.com/research | | File Size: | 5567 | | Related CVE(s): | CVE-2007-1009 | | Last Modified: | Apr 19 02:43:00 2007 |
| MD5 Checksum: | 35052e0bca8a0f09eec13aa887d65791 |
|
| /// File Name: |
TA07-093A.txt |
Description:
|
Technical Cyber Security Alert TA07-093A - Microsoft has released updates to address vulnerabilities in the way that Microsoft Windows handles image files. A fix for the animated cursor buffer overflow vulnerability (VU#191609) is included in these updates.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4741 | | Last Modified: | Apr 5 02:43:07 2007 |
| MD5 Checksum: | 154470f1462d501d8f8d467611e45aaa |
|
| /// File Name: |
TA07-093B.txt |
Description:
|
Technical Cyber Security Alert TA07-093B - The MIT Kerberos 5 implementation contains several vulnerabilities. One of these vulnerabilities (VU#220816) could allow a remote, unauthenticated attacker to log in via telnet (23/tcp) with elevated privileges. The other vulnerabilities (VU#704024, VU#419344) could allow a remote, authenticated attacker to execute arbitrary code on a Key Distribution Center (KDC).
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 5481 | | Last Modified: | Apr 5 04:03:39 2007 |
| MD5 Checksum: | 38ca86561f393d1c03131f539d97b99d |
|
| /// File Name: |
TA07-100A.txt |
Description:
|
Technical Cyber Security Alert TA07-100A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Content Management Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4085 | | Last Modified: | Apr 11 06:52:16 2007 |
| MD5 Checksum: | 1d5870a076e87dd1d9757cff7f4ec740 |
|
| /// File Name: |
TA07-103A.txt |
Description:
|
Technical Cyber Security Alert TA07-103A - A buffer overflow in the the Remote Procedure Call (RPC) management interface used by the Microsoft Windows Domain Name Service (DNS) service is actively being exploited. This vulnerability may allow a remote attacker to execute arbitrary code with SYSTEM privileges.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 5941 | | Last Modified: | Apr 17 05:52:47 2007 |
| MD5 Checksum: | 42abbaf3166584681a12e1c81f44a253 |
|
| /// File Name: |
TA07-109A.txt |
Description:
|
Technical Cyber Security Alert TA07-109A - Apple has released Security Update 2007-004 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Attackers may take advantage of the less serious vulnerabilities to bypass security restrictions or cause a denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3803 | | Last Modified: | Apr 23 05:37:19 2007 |
| MD5 Checksum: | a1faec9291f00d2264a25b5145652dda |
|
| /// File Name: |
TSRT-07-04.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of LANDesk Management Suite. User interaction is not required to exploit this vulnerability. Management Suite version 8.7 is affected.
| | Author: | Aaron Portnoy | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 1882 | | Related CVE(s): | CVE-2007-1674 | | Last Modified: | Apr 17 05:54:36 2007 |
| MD5 Checksum: | a07356cc2330e081b023fda47d55e0a2 |
|
| /// File Name: |
USN-448-1.txt |
Description:
|
Ubuntu Security Notice 448-1 - Sean Larsson of iDefense Labs discovered that the MISC-XC extension of Xorg did not correctly verify the size of allocated memory. An authenticated user could send a specially crafted X11 request and execute arbitrary code with root privileges. Greg MacManus of iDefense Labs discovered that the BDF font handling code in Xorg and FreeType did not correctly verify the size of allocated memory. If a user were tricked into using a specially crafted font, a remote attacker could execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 67713 | | Related CVE(s): | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352 | | Last Modified: | Apr 5 02:54:35 2007 |
| MD5 Checksum: | c87718dafe998ff55e151815cf800c51 |
|
| /// File Name: |
USN-449-1.txt |
Description:
|
Ubuntu Security Notice 449-1 - The krb5 telnet service did not appropriately verify user names. A remote attacker could log in as the root user by requesting a specially crafted user name. The krb5 syslog library did not correctly verify the size of log messages. A remote attacker could send a specially crafted message and execute arbitrary code with root privileges. The krb5 administration service was vulnerable to a double-free in the GSS RPC library. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 23616 | | Related CVE(s): | CVE-2007-0956, CVE-2007-0957, CVE-2007-1216 | | Last Modified: | Apr 5 04:04:37 2007 |
| MD5 Checksum: | 8dbe3d02516ebce6da8a20376066cf07 |
|
| /// File Name: |
USN-450-1.txt |
Description:
|
Ubuntu Security Notice 450-1 - A flaw was discovered in the IPSec key exchange server "racoon". Remote attackers could send a specially crafted packet and disrupt established IPSec tunnels, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6946 | | Related CVE(s): | CVE-2007-1841 | | Last Modified: | Apr 10 08:23:36 2007 |
| MD5 Checksum: | 6331463f14087a9b2de67f267ec82437 |
|
| /// File Name: |
USN-451-1.txt |
Description:
|
Ubuntu Security Notice 451-1 - The kernel key management code did not correctly handle key reuse. A local attacker could create many key requests, leading to a denial of service. The kernel NFS code did not correctly validate NFSACL2 ACCESS requests. If a system was serving NFS mounts, a remote attacker could send a specially crafted packet, leading to a denial of service. When dumping core, the kernel did not correctly handle PT_INTERP processes. A local attacker could create situations where they could read the contents of otherwise unreadable executable programs.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 95308 | | Related CVE(s): | CVE-2007-0006, CVE-2007-0772, CVE-2007-0958 | | Last Modified: | Apr 11 07:00:57 2007 |
| MD5 Checksum: | 22fcefde27a7d2c98a15b20e8b6963f4 |
|
| /// File Name: |
USN-452-1.txt |
Description:
|
Ubuntu Security Notice 452-1 - The Qt library did not correctly handle truncated UTF8 strings, which could cause some applications to incorrectly filter malicious strings. If a Konqueror user were tricked into visiting a web site containing specially crafted strings, normal XSS prevention could be bypassed allowing a remote attacker to steal confidential data.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 48542 | | Related CVE(s): | CVE-2007-0242 | | Last Modified: | Apr 13 00:04:01 2007 |
| MD5 Checksum: | 9817c5f2fd3da7a0d55c099e744cfa98 |
|
| /// File Name: |
USN-453-1.txt |
Description:
|
Ubuntu Security Notice 453-1 - Multiple integer overflows were found in the XGetPixel function of libx11. If a user were tricked into opening a specially crafted XWD image, remote attackers could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6341 | | Related CVE(s): | CVE-2007-1667 | | Last Modified: | Apr 19 06:56:08 2007 |
| MD5 Checksum: | ea108fb8ea29b9e3a38f9f0a0988dd66 |
|
| /// File Name: |
USN-453-2.txt |
Description:
|
Ubuntu Security Notice 453-2 - USN-453-1 provided an updated libx11 package to fix a security vulnerability. This triggered an error in rdesktop so that it crashed on startup. This update fixes the problem.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3637 | | Related CVE(s): | CVE-2007-1667 | | Last Modified: | May 3 02:01:01 2007 |
| MD5 Checksum: | c65cd90b31c101264b86a08cc036d8f7 |
|
| /// File Name: |
USN-454-1.txt |
Description:
|
Ubuntu Security Notice 454-1 - PostgreSQL did not handle the "search_path" configuration option in a secure way for functions declared as "SECURITY DEFINER". Previously, an attacker could override functions and operators used by the security definer function to execute arbitrary SQL commands with the privileges of the user who created the security definer function. The updated version does not search the temporary table schema for functions and operators any more.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 31224 | | Related CVE(s): | CVE-2007-2138 | | Last Modified: | May 3 02:43:16 2007 |
| MD5 Checksum: | 0c69ebd23c86a1fa63415620f7f3e232 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
