Section: .. / 0709-advisories /
| /// File Name: |
DDIVRT-2007-04.txt |
Description:
|
The NetSupport Manager client that listens on TCP port 5405 does not properly handle authentication sessions. It is possible to pose as the NetSupport Manager, associate to a client, and then issue commands without performing the authentication sequence. Both the basic and advanced authentication schemes can be bypassed in the same manner. When properly exploited, this flaw will results in a complete compromise of the target system. Version 10.20 is susceptible.
| | Homepage: | http://www.netsupportmanager.com/ | | File Size: | 1681 | | Last Modified: | Sep 24 23:03:04 2007 |
| MD5 Checksum: | 4dee000df98b5afe03e2e7605156220f |
|
| /// File Name: |
dsa-1288-2.txt |
Description:
|
Debian Security Advisory 1288-2 - A regression in the handling of out-of-order sequence numbers of some MPPE implementations was fixed.
| | Homepage: | http://www.debian.org/security | | File Size: | 6543 | | Related CVE(s): | CVE-2007-0244 | | Last Modified: | Sep 5 01:18:35 2007 |
| MD5 Checksum: | 67587c0adc1bd4a06d9cb972f6bf9417 |
|
| /// File Name: |
dsa-1343-2.txt |
Description:
|
Debian Security Advisory 1343-2 - The Debian 4.0r1 release contains a file package with the same version number as the last security update (4.17-5etch2), potentially overriding it. This security advisory reissues DSA-1343-1 with a higher version number, to ensure that its changes remain in effect. The changes from Debian 4.0r1 (which fix a minor denial of service issue, CVE-2007-2026) are included as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 9926 | | Related CVE(s): | CVE-2007-2799, CVE-2007-2026 | | Last Modified: | Sep 26 22:51:53 2007 |
| MD5 Checksum: | a444df46f046149995068a46cc48bc51 |
|
| /// File Name: |
dsa-1364-1.txt |
Description:
|
Debian Security Advisory 1364-1 - Several vulnerabilities have been discovered in the vim editor. Ulf Harnhammar discovered that a format string flaw in helptags_one() from src/ex_cmds.c (triggered through the "helptags" command) can lead to the execution of arbitrary code. Editors often provide a way to embed editor configuration commands (aka modelines) which are executed once a file is opened. Harmful commands are filtered by a sandbox mechanism. It was discovered that function calls to writefile(), feedkeys() and system() were not filtered, allowing shell command execution with a carefully crafted file opened in vim.
| | Homepage: | http://www.debian.org/security | | File Size: | 41108 | | Related CVE(s): | CVE-2007-2953, CVE-2007-2438 | | Last Modified: | Sep 5 01:14:56 2007 |
| MD5 Checksum: | fd9375eee24f1c58e41b4c7adc5831df |
|
| /// File Name: |
dsa-1364-2.txt |
Description:
|
Debian Security Advisory 1364-2 - Several vulnerabilities have been discovered in the vim editor. Ulf Harnhammar discovered that a format string flaw in helptags_one() from src/ex_cmds.c (triggered through the "helptags" command) can lead to the execution of arbitrary code. Editors often provide a way to embed editor configuration commands (aka modelines) which are executed once a file is opened. Harmful commands are filtered by a sandbox mechanism. It was discovered that function calls to writefile(), feedkeys() and system() were not filtered, allowing shell command execution with a carefully crafted file opened in vim. This updated advisory repairs issues with missing files in the packages for the oldstable distribution (sarge) for the alpha, mips, and mipsel architectures.
| | Homepage: | http://www.debian.org/security | | File Size: | 41560 | | Related CVE(s): | CVE-2007-2953, CVE-2007-2438 | | Last Modified: | Sep 20 05:05:38 2007 |
| MD5 Checksum: | b58a312c9824db35ed8b97aedf36ed0a |
|
| /// File Name: |
dsa-1365-1.txt |
Description:
|
Debian Security Advisory 1365-1 - Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 7232 | | Related CVE(s): | CVE-2007-4460 | | Last Modified: | Sep 5 01:15:59 2007 |
| MD5 Checksum: | 43adeb02028de7b107a0892d16899421 |
|
| /// File Name: |
dsa-1365-2.txt |
Description:
|
Debian Security Advisory 1365-2 - Nikolaus Schulz discovered that a programming error in id3lib, an ID3 Tag Library, may lead to denial of service through symlink attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 6202 | | Related CVE(s): | CVE-2007-4460 | | Last Modified: | Sep 10 17:23:31 2007 |
| MD5 Checksum: | 5453a4dda94a0136c9790e97a6f9ca29 |
|
| /// File Name: |
dsa-1366-1.txt |
Description:
|
Debian Security Advisory 1366-1 - Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service. It was discovered clamav-milter performs insufficient input sanitizing, resulting in the execution of arbitrary shell commands.
| | Homepage: | http://www.debian.org/security | | File Size: | 16292 | | Related CVE(s): | CVE-2007-4510, CVE-2007-4560 | | Last Modified: | Sep 5 01:17:36 2007 |
| MD5 Checksum: | ae17bf9e4755b92155e8289d2260e7e1 |
|
| /// File Name: |
dsa-1367-1.txt |
Description:
|
Debian Security Advisory 1367-1 - It was discovered that a buffer overflow of the RPC library of the MIT Kerberos reference implementation allows the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 22219 | | Related CVE(s): | CVE-2007-3999 | | Last Modified: | Sep 5 01:19:30 2007 |
| MD5 Checksum: | cd3b0483bd86eaeb6194c88e59c99250 |
|
| /// File Name: |
dsa-1367-2.txt |
Description:
|
Debian Security Advisory 1367-2 - It was discovered that a buffer overflow of the RPC library of the MIT Kerberos reference implementation allows the execution of arbitrary code. The original patch from DSA-1367-1 didn't address the problem fully.
| | Homepage: | http://www.debian.org/security | | File Size: | 20544 | | Related CVE(s): | CVE-2007-3999 | | Last Modified: | Sep 7 03:07:57 2007 |
| MD5 Checksum: | 70d0460c6663846831d0fe8654f23c50 |
|
| /// File Name: |
dsa-1368-1.txt |
Description:
|
Debian Security Advisory 1368-1 - It was discovered that a buffer overflow of the library for secure RPC communication over the rpcsec_gss protocol allows the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 6767 | | Related CVE(s): | CVE-2007-3999 | | Last Modified: | Sep 5 01:20:25 2007 |
| MD5 Checksum: | 6559576657cec87ac6382ac682e62bcb |
|
| /// File Name: |
dsa-1369-1.txt |
Description:
|
Debian Security Advisory 1369-1 - Sumit I. Siddharth discovered that Gforge, a collaborative development tool performs insufficient input sanitizing, which allows SQL injection.
| | Homepage: | http://www.debian.org/security | | File Size: | 8063 | | Related CVE(s): | CVE-2007-3913 | | Last Modified: | Sep 7 03:09:02 2007 |
| MD5 Checksum: | 45d89ac7a9ed6ac79c3363474491c76e |
|
| /// File Name: |
dsa-1371-1.txt |
Description:
|
Debian Security Advisory 1371-1 - Several vulnerabilities have been discovered in phpWiki, a wiki engine written in PHP. It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. It was discovered that phpWiki performs insufficient file name validation, which allows unrestricted file uploads. If the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, phpWiki might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations.
| | Homepage: | http://www.debian.org/security | | File Size: | 3500 | | Related CVE(s): | CVE-2007-2024, CVE-2007-2025, CVE-2007-3193 | | Last Modified: | Sep 11 19:02:20 2007 |
| MD5 Checksum: | d8552e8dcc821f4be186d2bedea0abbe |
|
| /// File Name: |
dsa-1372-1.txt |
Description:
|
Debian Security Advisory 1372-1 - Aaron Plattner discovered a buffer overflow in the Composite extension of the X.org X server, which can lead to local privilege escalation.
| | Homepage: | http://www.debian.org/security | | File Size: | 15858 | | Related CVE(s): | CVE-2007-4730 | | Last Modified: | Sep 9 16:59:36 2007 |
| MD5 Checksum: | 02de3edbeb1381faa137fdf06866763f |
|
| /// File Name: |
dsa-1373-1.txt |
Description:
|
Debian Security Advisory 1373-1 - It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable to a directory traversal bug which potentially allowed remote users to overwrite arbitrary files.
| | Homepage: | http://www.debian.org/security | | File Size: | 4688 | | Related CVE(s): | CVE-2007-1799 | | Last Modified: | Sep 11 19:02:56 2007 |
| MD5 Checksum: | 99046cb4f83666c214b7c33d4d95a925 |
|
| /// File Name: |
dsa-1374-1.txt |
Description:
|
Debian Security Advisory 1374-1 - Several vulnerabilities have been discovered in jffnms, a web-based Network Management System for IP networks. These include cross site scripting and SQL injection vulnerabilities.
| | Homepage: | http://www.debian.org/security | | File Size: | 3388 | | Related CVE(s): | CVE-2007-3189, CVE-2007-3190, CVE-2007-3191 | | Last Modified: | Sep 11 19:03:53 2007 |
| MD5 Checksum: | e35fa105ea6da30bffd514a62d5ecd0f |
|
| /// File Name: |
dsa-1375-1.txt |
Description:
|
Debian Security Advisory 1375-1 - A heap overflow vulnerability has been discovered in the TIFF parsing code of the OpenOffice.org suite. The parser uses untrusted values from the TIFF file to calculate the number of bytes of memory to allocate. A specially crafted TIFF image could trigger an integer overflow and subsequently a buffer overflow that could cause the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 52039 | | Related CVE(s): | CVE-2007-2834 | | Last Modified: | Sep 18 12:58:05 2007 |
| MD5 Checksum: | 6a3c1ff684fdd265432c277410a69a1f |
|
| /// File Name: |
dsa-1376-1.txt |
Description:
|
Debian Security Advisory 1376-1 - iKees Huijgen discovered that under certain circumstances KDM, an X session manage for KDE, it is possible for KDM to be tricked into allowing user logins without a password.
| | Homepage: | http://www.debian.org/security | | File Size: | 41254 | | Related CVE(s): | CVE-2007-4569 | | Last Modified: | Sep 24 22:10:58 2007 |
| MD5 Checksum: | c49bea5391596d92bf13342e932b53ec |
|
| /// File Name: |
dsa-1377-1.txt |
Description:
|
Debian Security Advisory 1377-1 - Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder, can under certain circumstances attempt to dereference a NULL pointer and crash.
| | Homepage: | http://www.debian.org/security | | File Size: | 4413 | | Related CVE(s): | CVE-2007-4565 | | Last Modified: | Sep 24 22:11:54 2007 |
| MD5 Checksum: | 4e0d56b9efe48730352e38c5035f7915 |
|
| /// File Name: |
dsa-1377-2.txt |
Description:
|
Debian Security Advisory 1377-2 - Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder, can under certain circumstances attempt to dereference a NULL pointer and crash.
| | Homepage: | http://www.debian.org/security | | File Size: | 2394 | | Related CVE(s): | CVE-2007-4565 | | Last Modified: | Sep 24 22:13:06 2007 |
| MD5 Checksum: | 8677ba6eb258cf94983d6e38b149edb3 |
|
| /// File Name: |
dsa-1378-1.txt |
Description:
|
Debian Security Advisory 1378-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Evan Teran discovered a potential local denial of service (oops) in the handling of PTRACE_SETREGS and PTRACE_SINGLESTEP requests. Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. Steve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process' umask which may lead to unintentionally relaxed permissions. Wojciech Purczynski discovered a vulnerability that can be exploited by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavor. Michael Stone reported an issue with the JFFS2 filesystem. Legacy modes for inodes that were created with POSIX ACL support enabled were not being written out to the medium, resulting in incorrect permissions upon remount.
| | Homepage: | http://www.debian.org/security | | File Size: | 35220 | | Related CVE(s): | CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573, CVE-2007-4849 | | Last Modified: | Sep 27 21:33:30 2007 |
| MD5 Checksum: | 5e6dd1cd0082c7a2a3959335b7ea1e1b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
