Section: .. / 0707-advisories /
| /// File Name: |
sa26135.txt |
Description:
|
Secunia Security Advisory - mu-b has reported a vulnerability in tcpdump, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26135/ | | File Size: | 2405 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | b565340df87aba1466b846ef5c1f2670 |
|
| /// File Name: |
sa26133.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some weaknesses, security issues, and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), gain knowledge of potentially sensitive information, and gain escalated privileges, or by malicious people to cause a DoS.
| | Homepage: | http://secunia.com/advisories/26133/ | | File Size: | 50893 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | e99ac8395fc1f1c042704362ad39c47a |
|
| /// File Name: |
sa26132.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gimp. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26132/ | | File Size: | 23436 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | 9ee614ae995eb1c970522867af6d3edc |
|
| /// File Name: |
sa26131.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft DirectX, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26131/ | | File Size: | 2749 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | 4f0d363b96957289f7b6c93a2c903a68 |
|
| /// File Name: |
sa26129.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for freetype. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/26129/ | | File Size: | 8896 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | e513703788097da71d5fce49f4e6152d |
|
| /// File Name: |
sa26128.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for libcurl3-gnutls. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/26128/ | | File Size: | 11990 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | 8ae6d5b540ab9d9e7485781678b22f35 |
|
| /// File Name: |
sa26127.txt |
Description:
|
Secunia Security Advisory - bd0rk has discovered a vulnerability in the SupaNav module for phpBB, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26127/ | | File Size: | 2472 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | 74d79300a8b89edc0903df310de964c3 |
|
| /// File Name: |
sa26123.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Ipswitch IMail Server and Collaboration Suite, which can be exploited by malicious users and malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26123/ | | File Size: | 3533 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | e91f4f3b89ac9704f6472d6181fbe89c |
|
| /// File Name: |
sa26122.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Cisco Wide Area Application Services (WAAS), which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26122/ | | File Size: | 2619 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | f97038bcd3441618841b789d85c60a2d |
|
| /// File Name: |
sa26121.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in LedgerSMB, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/26121/ | | File Size: | 2396 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | a68a54ed05e47dc199c4d0c71112cf7f |
|
| /// File Name: |
sa26119.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for IBM Java JRE/SDK and Sun Java JRE/SDK. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, gain escalated privileges, cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26119/ | | File Size: | 14518 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | ddbfa3fb496016a6ea412e29c2e3ecbf |
|
| /// File Name: |
sa26118.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes some vulnerabilities, which can be exploited by malicious people to gain knowledge of sensitive information or compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26118/ | | File Size: | 4502 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | e24a91df2a13f5656c2f5115e3b075e8 |
|
| /// File Name: |
sa26113.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been discovered in MAXdev MD-Pro, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/26113/ | | File Size: | 2515 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | cb9587d6b23dd3e37fc20219b935d084 |
|
| /// File Name: |
sa26110.txt |
Description:
|
Secunia Security Advisory - Tim Brown has reported some vulnerabilities in eVisit Analyst, which can be exploited by malicious people conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/26110/ | | File Size: | 2384 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | 8792a5cc40159bda47c3ea84d1a9f36d |
|
| /// File Name: |
sa26107.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing and cross-site scripting attacks, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26107/ | | File Size: | 2945 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | 45f01190497aca349b97829975e36272 |
|
| /// File Name: |
sa26106.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26106/ | | File Size: | 2394 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | d4e19a6a19e5e067317e45723fb8b7de |
|
| /// File Name: |
sa26103.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing and cross-site scripting attacks, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26103/ | | File Size: | 2674 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | 9e70c5e18bcb42e33e873d2bea959075 |
|
| /// File Name: |
sa26092.txt |
Description:
|
Secunia Security Advisory - hdiamant has discovered a security issue in the Samsung SCX-4200 Driver, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/26092/ | | File Size: | 2456 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | 1238cd48ad50d9aae1da2dc4d8012d5e |
|
| /// File Name: |
sa26066.txt |
Description:
|
Secunia Security Advisory - Rajesh Sethumadhavan has reported a vulnerability in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26066/ | | File Size: | 2534 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | c3c42243a0162e18ee1b096ec8f7bf41 |
|
| /// File Name: |
USN-486-1.txt |
Description:
|
Ubuntu Security Notice 486-1 - The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. Due to a variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. A flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. A flaw was discovered in the IPv6 stack's handling of type 0 route headers. By sending a specially crafted IPv6 packet, a remote attacker could cause a denial of service between two IPv6 hosts. The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 55922 | | Related CVE(s): | CVE-2006-7203, CVE-2007-0005, CVE-2007-1000, CVE-2007-1353, CVE-2007-1861, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-2878 | | Last Modified: | Jul 19 07:10:35 2007 |
| MD5 Checksum: | d1fbda39809930977b9a5d12439c40b2 |
|
| /// File Name: |
msdirectx-heap.txt |
Description:
|
Microsoft DirectX is prone to a heap overflow vulnerability due to the improper handling of targa files.
| | Author: | Ruben Santamarta | | Homepage: | http://www.reversemode.com/ | | File Size: | 5324 | | Last Modified: | Jul 19 07:06:23 2007 |
| MD5 Checksum: | bb5803ba2e354d2239ac11ee93edc562 |
|
| /// File Name: |
shatter-mdsysmd.txt |
Description:
|
Team SHATTER Security Alert - The Oracle Database Server provides the MDSYS.MD package that is used in the Oracle Spatial component. These packages contain many public procedures that are vulnerable to buffer overflow and denial of service attacks.
| | Author: | Esteban Martinez Fayo | | Homepage: | http://www.appsecinc.com/ | | File Size: | 2277 | | Related CVE(s): | CVE-2007-0272 | | Last Modified: | Jul 19 05:42:37 2007 |
| MD5 Checksum: | afba5f5746af8553dd304410e1145eb9 |
|
| /// File Name: |
shatter-dbmsdrs.txt |
Description:
|
Team SHATTER Security Alert - Oracle Database Server provides the DBMS_DRS package that includes procedures used in Oracle Data Guard. This package contains the function GET_PROPERTY which is vulnerable to buffer overflow attacks.
| | Author: | Esteban Martinez Fayo | | Homepage: | http://www.appsecinc.com/ | | File Size: | 2252 | | Related CVE(s): | CVE-2007-0270 | | Last Modified: | Jul 19 05:40:08 2007 |
| MD5 Checksum: | b4b505cfada4710650557f7e45113851 |
|
| /// File Name: |
dsa-1335-1.txt |
Description:
|
Debian Security Advisory 1335-1 - Several remote vulnerabilities have been discovered in Gimp, the GNU Image Manipulation Program, which might lead to the execution of arbitrary code. Sean Larsson discovered several integer overflows in the processing code for DICOM, PNM, PSD, RAS, XBM and XWD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file. Stefan Cornelius discovered an integer overflow in the processing code for PSD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file.
| | Homepage: | http://www.debian.org/security | | File Size: | 25843 | | Related CVE(s): | CVE-2006-4519, CVE-2007-2949 | | Last Modified: | Jul 19 05:30:05 2007 |
| MD5 Checksum: | 8c2676d4606df48917eabd54c263e6c3 |
|
| /// File Name: |
07.18.07-2.txt |
Description:
|
iDefense Security Advisory 07.18.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Ipswitch Inc.'s IMail Server 2006 could allow attackers to execute arbitrary code. IMail includes an IMAP daemon that users can use to access their email. The "Search" IMAP command contains an exploitable stack-based buffer overflow vulnerability. Additionally, the "Search charset" contains an exploitable heap-based buffer overflow vulnerability. iDefense has confirmed the existence of these vulnerabilities in IMail Server 2006. The vulnerable executable used was version 6.8.8.1 of imapd32.exe.
| | Author: | Manuel Santamarina Suarez | | Homepage: | http://www.idefense.com/ | | File Size: | 3282 | | Last Modified: | Jul 19 05:28:10 2007 |
| MD5 Checksum: | 1e0ce85fd16d67c016ab72edc74b38c8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
