Section: .. / 0711-advisories /
| /// File Name: |
sa27743.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for tetex. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose and manipulate sensitive information, and by malicious people to potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27743/ | | File Size: | 4965 | | Last Modified: | Nov 27 10:53:31 2007 |
| MD5 Checksum: | acecebe7d8e2e274637a14c09a72edde |
|
| /// File Name: |
sa27783.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for link-grammar. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/27783/ | | File Size: | 4920 | | Last Modified: | Nov 27 21:51:05 2007 |
| MD5 Checksum: | 6cc8fc9a891a41aa5037b1cbd6ec1eed |
|
| /// File Name: |
sa27523.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, and compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27523/ | | File Size: | 4917 | | Last Modified: | Nov 6 22:14:24 2007 |
| MD5 Checksum: | f16914e115513a5608f10e15fb5a7ed3 |
|
| /// File Name: |
USN-548-1.txt |
Description:
|
Ubuntu Security Notice 548-1 - It was discovered that Pidgin did not correctly handle certain logging events. A remote attacker could send specially crafted messages and cause the application to crash, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4910 | | Related CVE(s): | CVE-2007-4999 | | Last Modified: | Nov 28 20:21:47 2007 |
| MD5 Checksum: | 1213091793c5e019bc3dcdb9fc792219 |
|
| /// File Name: |
sa27769.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for libopenssl-ruby. This fixes some security issues, which can be exploited by malicious people to conduct spoofing attacks.
| | Homepage: | http://secunia.com/advisories/27769/ | | File Size: | 4894 | | Last Modified: | Nov 26 21:10:48 2007 |
| MD5 Checksum: | 9524ac92071237d99d367749cea312d1 |
|
| /// File Name: |
secunia-xpdf.txt |
Description:
|
Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system. An array indexing error, integer overflow, and boundary error all exist. Xpdf version 3.02 with the xpdf-3.02pl1.patch is affected.
| | Author: | Alin Rad Pop | | Homepage: | http://secunia.com/ | | File Size: | 4883 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Nov 7 15:26:29 2007 |
| MD5 Checksum: | 799a1d5d74d1d0cd593022e5323f4b12 |
|
| /// File Name: |
SYM07-029.txt |
Description:
|
Symantec Backup Exec for Windows Servers (BEWS) may be susceptible to multiple denial of service attacks (DoS) if maliciously formatted packets are passed to the BEWS Job Engine. Versions affected are Symantec Backup Exec for Windows Servers 11d and 11.0.6325.
| | Homepage: | http://www.symantec.com/ | | File Size: | 4872 | | Related CVE(s): | CVE-2007-4346, CVE-2007-4347 | | Last Modified: | Nov 28 20:14:21 2007 |
| MD5 Checksum: | 3d13b69bded52fd01eb59c73aae1c1b7 |
|
| /// File Name: |
secunia-samba.txt |
Description:
|
Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "reply_netbios_packet()" function in nmbd/nmbd_packets.c when sending NetBIOS replies. This can be exploited to cause a stack-based buffer overflow by sending multiple specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request. Successful exploitation allows execution of arbitrary code, but requires that Samba is configured to run as a WINS server (the "wins support" option is enabled). Samba version 3.0.26a is affected.
| | Author: | Alin Rad Pop | | Homepage: | http://secunia.com/ | | File Size: | 4792 | | Related CVE(s): | CVE-2007-5398 | | Last Modified: | Nov 15 11:31:52 2007 |
| MD5 Checksum: | a78f93bd20591fd195541b9b8aab6c25 |
|
| /// File Name: |
secunia-acdsee.txt |
Description:
|
Secunia Research has discovered some vulnerabilities in ACDSee products, which can be exploited by malicious people to compromise a user's system. The flaws reside in PSP image file processing and LHA archive processing. Affected are ACDSee Photo Manager version 9.0 build 108, ACDSee Pro Photo Manager version 8.1 build 99, and ACDSee Photo Editor version 4.0 build 195.
| | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 4695 | | Related CVE(s): | CVE-2007-4344 | | Last Modified: | Nov 2 12:21:31 2007 |
| MD5 Checksum: | 18f14e10ba13bbc0cedcc859cb151dbe |
|
| /// File Name: |
sa27682.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for samba. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27682/ | | File Size: | 4679 | | Last Modified: | Nov 20 11:17:55 2007 |
| MD5 Checksum: | 6efdaffcaa02d64be5733e2e0ee42277 |
|
| /// File Name: |
USN-541-1.txt |
Description:
|
Ubuntu Security Notice 541-1 - Drake Wilson discovered that Emacs did not correctly handle the safe mode of "enable-local-variables". If a user were tricked into opening a specially crafted file while "enable-local-variables" was set to the non-default ":safe", a remote attacker could execute arbitrary commands with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4632 | | Related CVE(s): | CVE-2007-5795 | | Last Modified: | Nov 14 01:12:47 2007 |
| MD5 Checksum: | c10a63bd4549947ef08024c1805fa296 |
|
| /// File Name: |
secunia-netbios.txt |
Description:
|
Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "reply_netbios_packet()" function in nmbd/nmbd_packets.c when sending NetBIOS replies. This can be exploited to cause a stack-based buffer overflow by sending multiple specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request. Samba version 3.0.26a is affected.
| | Homepage: | http://secunia.com/ | | File Size: | 4590 | | Related CVE(s): | CVE-2007-5398 | | Last Modified: | Nov 16 02:18:43 2007 |
| MD5 Checksum: | db0f59106b8205bb0ddf17f924d35fa6 |
|
| /// File Name: |
MDKSA-2007-219.txt |
Description:
|
Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in xpdf. An attacker could create a malicious PDF file that would cause xpdf to crash or potentially execute arbitrary code when opened.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4565 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Nov 16 03:00:36 2007 |
| MD5 Checksum: | f2df8f41505283862496fbe63d3514af |
|
| /// File Name: |
FreeBSD-SA-07-09.random.txt |
Description:
|
FreeBSD Security Advisory - Under certain circumstances, a bug in the internal state tracking on the random and urandom devices can be exploited to allow replaying of data distributed during subsequent reads.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 4560 | | Related CVE(s): | CVE-2007-6150 | | Last Modified: | Nov 30 01:08:37 2007 |
| MD5 Checksum: | 1a8e43d82656db1e04719bae42deb95b |
|
| /// File Name: |
secunia-abiword.txt |
Description:
|
Secunia Research has discovered a vulnerability in AbiWord Link Grammar, which can be exploited by malicious people to compromise an application using the library. Version 4.2.4 is affected.
| | Author: | Alin Rad Pop | | Homepage: | http://secunia.com/ | | File Size: | 4543 | | Related CVE(s): | CVE-2007-5395 | | Last Modified: | Nov 7 15:23:18 2007 |
| MD5 Checksum: | 1c86e3f869d0038b2ad11508623a5f58 |
|
| /// File Name: |
MDKSA-2007-233.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in the safer_name_suffix function in GNU cpio has unspecified attack vectors and impact, resulting in a crashing stack. This problem is originally found in tar, but affects cpio too, due to similar code fragments. Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. This is an old issue, affecting only Mandriva Corporate Server 4 and Mandriva Linux 2007.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4480 | | Related CVE(s): | CVE-2007-4476, CVE-2005-1229 | | Last Modified: | Nov 28 20:21:11 2007 |
| MD5 Checksum: | 2a70c32f8fe21ac3d4b0c4bb809adf50 |
|
| /// File Name: |
secunia-linkgrammar.txt |
Description:
|
Secunia Research has discovered a vulnerability in Link Grammar, which can be exploited by malicious people to compromise an application using the affected code. Version 4.1b is affected.
| | Author: | Alin Rad Pop | | Homepage: | http://secunia.com/ | | File Size: | 4479 | | Related CVE(s): | CVE-2007-5395 | | Last Modified: | Nov 7 15:22:13 2007 |
| MD5 Checksum: | e57538a745ad765db929c35cbe71ad93 |
|
| /// File Name: |
MDKSA-2007-203.txt |
Description:
|
Mandriva Linux Security Advisory - Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code that is used in Xen. A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. Tavis Ormandy also discovered insufficient input validation leading to a heap overflow in the NE2000 network driver in Xen. If the driver is in use, a malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. Steve Kemp found that xen-utils used insecure temporary files within the xenmon tool that could allow local users to truncate arbitrary files. Joris van Rantwijk discovered a flaw in Pygrub, which is used as a boot loader for guest domains. A malicious local administrator of a guest domain could create a carefully-crafted grub.conf file which could trigger the execution of arbitrary code outside of that domain.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4426 | | Related CVE(s): | CVE-2007-4993, CVE-2007-3919, CVE-2007-1321, CVE-2007-5729, CVE-2007-5730, CVE-2007-1320 | | Last Modified: | Nov 1 19:26:48 2007 |
| MD5 Checksum: | ff8364f820413cda18b424722daf1611 |
|
| /// File Name: |
sa27633.txt |
Description:
|
Secunia Security Advisory - A weakness has been reported in Citrix Presentation Server, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27633/ | | File Size: | 4401 | | Last Modified: | Nov 15 11:27:52 2007 |
| MD5 Checksum: | 501a859de3e44bf2b1cb0b2937c6aea2 |
|
| /// File Name: |
MDKSA-2007-208.txt |
Description:
|
Mandriva Linux Security Advisory - A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files. Newer versions of ghostscript contain an embedded copy of libjasper and as such is vulnerable to this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4322 | | Related CVE(s): | CVE-2007-2721 | | Last Modified: | Nov 6 02:00:31 2007 |
| MD5 Checksum: | f489e3b14236946dd82d7120442763b2 |
|
| /// File Name: |
sa27651.txt |
Description:
|
Secunia Security Advisory - Adrian Pastor has reported some vulnerabilities and a security issue in BT Home Hub/Thomson SpeedTouch 7G routers, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, and script insertion attacks, and to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/27651/ | | File Size: | 4270 | | Last Modified: | Nov 20 11:17:55 2007 |
| MD5 Checksum: | a0e6834b424883cc1702cd3bebd059d8 |
|
| /// File Name: |
sa27683.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for openldap. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/27683/ | | File Size: | 4164 | | Last Modified: | Nov 20 11:17:55 2007 |
| MD5 Checksum: | 8f7964ad608f71cb3516230d3dcecba0 |
|
| /// File Name: |
dsa-1403-1.txt |
Description:
|
Debian Security Advisory 1403-1 - Omer Singer of the DigiTrust Group discovered several vulnerabilities in phpMyAdmin, an application to administrate MySQL over the WWW. phpMyAdmin allows a remote attacker to inject arbitrary web script or HTML in the context of a logged in user's session (cross site scripting). phpMyAdmin, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
| | Homepage: | http://www.debian.org/security | | File Size: | 4128 | | Related CVE(s): | CVE-2007-5589, CVE-2007-5386 | | Last Modified: | Nov 8 18:53:22 2007 |
| MD5 Checksum: | ebef30c98719dfff911a0788284f0536 |
|
| /// File Name: |
glsa-200711-34.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-34 - Multiple issues were found in the teTeX 2 codebase that CSTeX builds upon (GLSA 200709-17, GLSA 200711-26). CSTeX also includes vulnerable code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, GLSA 200711-22) and from T1Lib (GLSA 200710-12). Versions less than 2.0.2-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4114 | | Last Modified: | Nov 26 22:14:38 2007 |
| MD5 Checksum: | c33d31a631b5831bdc0888c4124f1862 |
|
| /// File Name: |
11.14.07-3.txt |
Description:
|
iDefense Security Advisory 11.14.07 - Local exploitation of a heap based buffer overflow in Apple Inc.'s OS X may allow an attacker to execute arbitrary code in kernel context. The vulnerability exists within a function responsible for allocating an mbuf. mbufs are a BSD concept, long used by BSD kernels to allocate buffers for storing network related data. iDefense has confirmed the existence of this vulnerability in Mac OS X 10.4.10, Workstation and Server editions. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4105 | | Related CVE(s): | CVE-2007-4268 | | Last Modified: | Nov 14 21:20:14 2007 |
| MD5 Checksum: | 6de650a9d042d02fefa2db42ec8f8855 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
