Section: .. / 0708-advisories /
| /// File Name: |
08.07.07-1.txt |
Description:
|
iDefense Security Advisory 08.07.07 - Remote exploitation of a buffer overflow vulnerability in ldcconn allows attackers to execute arbitrary code with root privileges. By sending a long string to the TCP port that ldcconn listens on, a buffer overflow is triggered. No authentication or data validation is performed. iDefense confirmed the existence of this vulnerability in HP-UX 11.11i. It is suspected that other versions are also vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3903 | | Last Modified: | Aug 8 10:00:40 2007 |
| MD5 Checksum: | 74d1ebba3dba3848decd2b5aede69fa5 |
|
| /// File Name: |
08.07.07-2.txt |
Description:
|
iDefense Security Advisory 08.07.07 - Remote exploitation of a heap overflow vulnerability in Apple Inc.'s mDNSResponder application may allow attackers to execute arbitrary code with root privileges. The vulnerability exists within the Legacy NAT Traversal code. Unlike the core of the mDNSResponder service, this area of code does not rely on Multicast UDP. It listens on a dynamically allocated Unicast UDP port. The vulnerability occurs when parsing a malformed HTTP request. This results in an exploitable heap overflow. iDefense has confirmed the existence of this vulnerability in Mac OS X version 10.4.10, Server and Workstation, with mDNSResponder version 108.5. Previous versions may also be affected.
| | Author: | Neil Kettle | | Homepage: | http://www.idefense.com/ | | File Size: | 3451 | | Related CVE(s): | CVE-2007-3744 | | Last Modified: | Aug 8 10:07:00 2007 |
| MD5 Checksum: | 4b45f03094f51eb2ad0bf0fa50c47eaa |
|
| /// File Name: |
08.09.07-1.txt |
Description:
|
iDefense Security Advisory 08.09.07 - Remote exploitation of multiple stack-based buffer overflow vulnerabilities in Hewlett-Packard Development Co.'s OpenView Operations for Windows OVTrace service may allow an attacker to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of these vulnerabilities in HP OpenView version A.07.50 for Windows, with all patches applied as of Jun 27, 2007. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4604 | | Related CVE(s): | CVE-2007-3872 | | Last Modified: | Aug 10 05:13:10 2007 |
| MD5 Checksum: | 8336a4888237e606896af41e7dcf8ce7 |
|
| /// File Name: |
08.14.07-1.txt |
Description:
|
iDefense Security Advisory 08.14.07 - Remote exploitation of a Cross Site Scripting (XSS) vulnerability in the Windows Vista Sidebar RSS Gadget allows an attacker to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the parsing of the certain elements of the items in an RSS feed. A properly crafted HTML tag within these elements will not be removed, and will be rendered by the RSS gadget. Since the RSS gadget runs in the local zone, the injected JavaScript has full access to the system. iDefense has confirmed the existence of this vulnerability in Microsoft Windows Vista Business. Other versions are suspected to be vulnerable.
| | Author: | Aviv Raff | | Homepage: | http://www.idefense.com/ | | File Size: | 4897 | | Related CVE(s): | CVE-2007-3033 | | Last Modified: | Aug 15 06:35:18 2007 |
| MD5 Checksum: | 1aa166600fa7109e872458bec4156bc6 |
|
| /// File Name: |
08.14.07-2.txt |
Description:
|
iDefense Security Advisory 08.14.07 - Remote exploitation of a buffer overflow vulnerability within Microsoft Corp.'s XML Core Services may allow an attacker to execute arbitrary code in the context of the current user. The vulnerability specifically exists in incorrect checking being performed on the length argument to the substringData() method of an XMLDOM object. When certain length values are supplied, a large region of memory is copied into a buffer of insufficient size. iDefense confirmed the existence of this vulnerability using Internet Explorer 6.x on Windows XP SP2. It is suspected that other versions are also affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3933 | | Related CVE(s): | CVE-2007-2223 | | Last Modified: | Aug 15 06:36:51 2007 |
| MD5 Checksum: | 16d231b15a7d57fa94999dca7d16f492 |
|
| /// File Name: |
08.15.07-1.txt |
Description:
|
iDefense Security Advisory 08.15.07 - Remote exploitation of a buffer overflow vulnerability within Environmental Systems Research Institute (ESRI) Inc.'s ArcSDE service allows attackers to crash the service or potentially execute arbitrary code. This vulnerability specifically exists due to insufficient buffer space when representing user-supplied numeric values in ASCII. Certain requests result in an sprintf() call using a static-sized 8 byte stack buffer. If an attacker supplies a number that's ASCII value cannot be represented within 8 bytes, a stack-based buffer overflow occurs. The vendor has confirmed that version 9.2 of ArcSDE, as bundled with ArcGIS, is vulnerable to this attack. All versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3533 | | Related CVE(s): | CVE-2007-4278 | | Last Modified: | Aug 16 10:45:46 2007 |
| MD5 Checksum: | efc19a0f0f68db26f16302283e1efab6 |
|
| /// File Name: |
08.16.07-1.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of multiple race condition vulnerabilities in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. These vulnerabilities are due to insufficient checking being performed while handling files with elevated privileges. In each case, a race condition exists between a check to see if an existing file is a symbolic link and modifying it. By quickly and repeatedly removing and recreating the file as a symbolic link, an attacker could modify arbitrary files with root privileges. iDefense confirmed the existence of these vulnerabilities in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 3900 | | Related CVE(s): | CVE-2007-4270 | | Last Modified: | Aug 17 08:17:05 2007 |
| MD5 Checksum: | 515807fc57dc8ba1f64372577e80ee74 |
|
| /// File Name: |
08.16.07-2.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of a directory traversal vulnerability in IBM Corp.'s DB2 Universal Database allows attackers to cause a denial of service (DoS) condition or elevate privileges to root. Some DB2 binaries that are installed setuid-root will save event information to a log file. When creating the full path to the destination file, an environment variable is concatenated with "/tmp/". Since there is no checking for path traversal strings, such as "../", within the environment variable, an attacker is able to create arbitrary files on the system. iDefense confirmed the existence of this vulnerability in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3960 | | Related CVE(s): | CVE-2007-4271 | | Last Modified: | Aug 17 08:19:00 2007 |
| MD5 Checksum: | d9c108b924ba8ae4d0455dbfaa0f0745 |
|
| /// File Name: |
08.16.07-3.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of multiple file creation vulnerabilities in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. These vulnerabilities are due to insufficient checking being performed while handling files with elevated privileges. By setting certain combinations of environment variables, an attacker is able to create or append to arbitrary files on the system. iDefense confirmed the existence of this vulnerability in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 3842 | | Related CVE(s): | CVE-2007-4272 | | Last Modified: | Aug 17 08:20:42 2007 |
| MD5 Checksum: | fa67305bc50f5d281ebe6e85e267c4ce |
|
| /// File Name: |
08.16.07-4.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of a directory creation vulnerability in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. This vulnerability exists due to insecure directory creation within setuid-binaries included with DB2. While creating specific directory structures, attacker created symbolic links will be followed. This allows world-writable directories to be created anywhere on the file system. iDefense confirmed the existence of this vulnerability in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3997 | | Related CVE(s): | CVE-2007-4273 | | Last Modified: | Aug 17 08:22:17 2007 |
| MD5 Checksum: | e7074858185112623a7ed4e554ff2dd6 |
|
| /// File Name: |
08.16.07-5.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of multiple untrusted search path vulnerabilities in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. These vulnerabilities exist due to the execution of binaries or loading of libraries within untrusted paths. In each case, the path to a binary or library is generated based on an environment variable that is under attacker control. Additionally, the files to be executed or loaded are located in a directory under attacker control. iDefense confirmed the existence of this vulnerability in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3959 | | Related CVE(s): | CVE-2007-4275 | | Last Modified: | Aug 17 08:23:44 2007 |
| MD5 Checksum: | b11f7e9a67d7aeac3783ed4668d0fd69 |
|
| /// File Name: |
08.16.07-6.txt |
Description:
|
iDefense Security Advisory 08.16.07 - Local exploitation of a buffer overflow vulnerability in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. This vulnerability specifically exists due to insufficient validation of the length of attacker supplied data. When an attacker specifies a specially crafted string via certain environment variables, the string is copied into a static sized buffer stored on the stack. By supplying too much data, an attacker can overflow the buffer and overwrite stack-stored execution control structures resulting in arbitrary code execution. iDefense confirmed the existence of this vulnerability in version 9.1 Fix Pack 2 of IBM Corp.'s DB2 Universal Database installed on a Linux system. All prior versions, as well as builds for other UNIX-based operating systems, are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3797 | | Related CVE(s): | CVE-2007-4276 | | Last Modified: | Aug 17 08:25:10 2007 |
| MD5 Checksum: | c5b91aebbfaea50b067a3bd8179c060e |
|
| /// File Name: |
08.20.07-1.txt |
Description:
|
iDefense Security Advisory 08.20.07 - Local exploitation of an insecure permission vulnerability in multiple Check Point Zone Labs products allows attackers to escalate privileges or disable protection. The vulnerability specifically exists in the default file Access Control List (ACL) settings that are applied during installation. When an administrator installs any of the Zone Labs ZoneAlarm tools, the default ACL allows any user to modify the installed files. Some of the programs run as system services. This allows a user to simply replace an installed ZoneAlarm file with their own code that will later be executed with system-level privileges. iDefense has confirmed the existence of this vulnerability in ZoneAlarm Security Suite 5.5.062.004 and 6.5.737. It is strongly suspected that other versions of ZoneAlarm and other Zone Labs products are affected by this.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3548 | | Related CVE(s): | CVE-2005-2932 | | Last Modified: | Aug 21 22:08:39 2007 |
| MD5 Checksum: | d7dd896aaf7baf1b202ed833bfdac86e |
|
| /// File Name: |
08.20.07-2.txt |
Description:
|
iDefense Security Advisory 08.20.07 - Local exploitation of multiple input validation vulnerabilities within multiple Check Point Zone Alarm products could allow an attacker to execute arbitrary code in kernel (ring0) context. The problems specifically exist within the IOCTL handling code in the vsdatant.sys device driver. The device driver fails to validate user-land supplied addresses passed to IOCTL 0x8400000F and IOCTL 0x84000013. Since the Irp parameters are not correctly validated, an attacker could utilize these IOCTLs to overwrite arbitrary memory with the constant double-word value of 0x60001 or the contents of a buffer returned from ZwQuerySystemInformation. This includes kernel memory as well as the code segments of running processes. iDefense has confirmed the existence of these vulnerabilities within version 6.5.737.0 of vsdatant.sys as installed with Check Point Zone Labs Zone Alarm Free. All other products within the Zone Alarm product line are suspected to be vulnerable. Previous versions are also suspected to be vulnerable.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 3747 | | Related CVE(s): | CVE-2007-4216 | | Last Modified: | Aug 21 22:09:51 2007 |
| MD5 Checksum: | e676ae3a6bc4dafa566b3d839c9776ca |
|
| /// File Name: |
08.20.07-3.txt |
Description:
|
iDefense Security Advisory 08.20.07 - Remote exploitation of buffer overflow vulnerability in Trend Micro Inc.'s SSAPI Engine could allow attackers to execute arbitrary code with system level privileges. Trend Micro products which include the VST functionality are vulnerable to a stack-based buffer overflow in the vstlib32.dll library. This overflow is triggered when an attacker creates a file on the local file system with an overly long path. When vstlib32 receives the ReadDirectoryChangesW callback notification from the Operating System, a stack based buffer overflow will occur. iDefense confirmed the existence of this vulnerability in vstlib32.dll version 1.2.0.1012. This file is known to be included in several of Trend Micro's products such as PC-Cillin Internet Security 2007 and their AntiSpyware products.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3479 | | Related CVE(s): | CVE-2007-3873 | | Last Modified: | Aug 21 23:12:28 2007 |
| MD5 Checksum: | 192695eb948f31d52f3f2e83436ab79d |
|
| /// File Name: |
08.21.07-1.txt |
Description:
|
iDefense Security Advisory 08.21.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Trend Micro Inc.'s ServerProtect anti-virus software could allow attackers to execute arbitrary code with system level privilege. iDefense has confirmed the existence of these vulnerabilities in ServerProtect for Windows 5.58 Build 1176 (Security Patch 3). Previous versions, as well as versions for other platforms, are suspected to be vulnerable.
| | Author: | Code Audit Labs, Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 5291 | | Related CVE(s): | CVE-2007-4218 | | Last Modified: | Aug 22 05:28:51 2007 |
| MD5 Checksum: | d3438206ebffc136ca8bf363a5b397a6 |
|
| /// File Name: |
08.21.07-2.txt |
Description:
|
iDefense Security Advisory 08.21.07 - Remote exploitation of an integer overflow vulnerability in Trend Micro Inc.'s ServerProtect anti-virus software could allow attackers to execute arbitrary code with system level privilege. iDefense has confirmed the existence of this vulnerability in ServerProtect for Windows 5.58 Build 1176 (Security Patch 3). Previous versions, as well as versions for other platforms, are suspected to be vulnerable.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 3729 | | Related CVE(s): | CVE-2007-4219 | | Last Modified: | Aug 22 05:30:11 2007 |
| MD5 Checksum: | 8fd467dd35cd0eb802b69ada8af66951 |
|
| /// File Name: |
08.27.07-1.txt |
Description:
|
iDefense Security Advisory 08.27.07 - Remote exploitation of a directory traversal vulnerability in Motorola Inc.'s Timbuktu Pro allows attackers to delete or create files with SYSTEM privileges. iDefense confirmed the existence of this vulnerability in version 8.6.3.1367 of Motorola Inc.'s Timbuktu Pro for Windows. Other versions, including those for other operating systems are suspected to be vulnerable.
| | Author: | Titon | | Homepage: | http://www.idefense.com/ | | File Size: | 3890 | | Related CVE(s): | CVE-2007-4220 | | Last Modified: | Aug 27 17:26:47 2007 |
| MD5 Checksum: | b05606c0d244cd6c03b5e12a4c142899 |
|
| /// File Name: |
08.27.07-2.txt |
Description:
|
iDefense Security Advisory 08.27.07 - Remote exploitation of multiple buffer overflow vulnerabilities within Motorola Inc.'s Timbuktu allows attackers to crash the service or potentially execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of these vulnerabilities within version 8.6.3.1367 of Motorola Inc.'s Timbuktu Pro for Windows. Older versions are suspected to be vulnerable.
| | Author: | Titon | | Homepage: | http://www.idefense.com/ | | File Size: | 4318 | | Related CVE(s): | CVE-2007-4221 | | Last Modified: | Aug 27 17:28:16 2007 |
| MD5 Checksum: | 1429829150418ac56a8f20217cf4ad95 |
|
| /// File Name: |
08.30.07-1.txt |
Description:
|
iDefense Security Advisory 08.30.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Yahoo Inc.'s Yahoo! Messenger 8.1 allows attackers to execute arbitrary code with the privileges of the currently logged in user. iDefense has confirmed the existence of this vulnerability in version 8.1 of Yahoo Instant Messenger. Previous versions are suspected to be vulnerable as well.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3649 | | Related CVE(s): | CVE-2007-4515 | | Last Modified: | Aug 31 18:58:05 2007 |
| MD5 Checksum: | 44bf2944288480d2f88cd559b0d9ab27 |
|
| /// File Name: |
alpass27-en.txt |
Description:
|
ESTsoft ALPass version 2.7 suffers from an arbitrary code execution vulnerability when importing a specially crafted DB file.
| | Author: | Tan Chew Keong | | Homepage: | http://vuln.sg/ | | File Size: | 751 | | Last Modified: | Aug 24 23:15:25 2007 |
| MD5 Checksum: | 147b4a42f368e665253bd55c03fa1774 |
|
| /// File Name: |
amsterdammail-sql.txt |
Description:
|
Amsterdammail (www.amsterdammail.nl) is susceptible to cross site scripting and SQL injection vulnerabilities.
| | Author: | Tosser | | File Size: | 406 | | Last Modified: | Aug 24 03:18:13 2007 |
| MD5 Checksum: | 4c0eb7275331d208a5be9752aa1ac11b |
|
| /// File Name: |
as3socket.txt |
Description:
|
Due to a design flaw in ActionScript 3 socket handling, compiled Flash movies are able to scan for open TCP ports on any host reachable from the host running the SWF, bypassing the Flash Player Security Sandbox Model and without the need to rebind DNS.
| | Author: | David Neu, fukami | | Homepage: | http://sektioneins.de/ | | File Size: | 3700 | | Last Modified: | Aug 10 05:09:19 2007 |
| MD5 Checksum: | df08ea5923024e057f69b27d240723ee |
|
| /// File Name: |
ASA-2007-019.txt |
Description:
|
Asterisk Project Security Advisory - The Asterisk Skinny channel driver, chan_skinny, has a remotely exploitable crash vulnerability. A segfault can occur when Asterisk receives a "CAPABILITIES_RES_MESSAGE" packet where the capabilities count is greater than the total number of items in the capabilities_res_message array. Note that this requires an authenticated session.
| | Author: | Wei Wang, Jason Parker | | Homepage: | http://www.asterisk.org/security | | File Size: | 8963 | | Last Modified: | Aug 8 10:05:50 2007 |
| MD5 Checksum: | e798ca193e72739ce8e5faa034a34d2a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
