Section: .. / 0805-advisories /
| /// File Name: |
glsa-200805-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-14 - Alfredo Ortega (Core Security Technologies) reported a boundary error within the Read32s_64() function when processing CDF files. Versions less than 3.2.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3057 | | Related CVE(s): | CVE-2008-2080 | | Last Modified: | May 13 17:42:27 2008 |
| MD5 Checksum: | fb60597d6c2b729facceb809547eadbd |
|
| /// File Name: |
glsa-200805-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-15 - Kentaro Oda reported an infinite loop in the file field.c when parsing an MP3 file with an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0'. Versions less than 0.15.1b-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2415 | | Related CVE(s): | CVE-2008-2109 | | Last Modified: | May 15 03:49:12 2008 |
| MD5 Checksum: | a924bb8eeda8ff0dbe39e3cd31978d5e |
|
| /// File Name: |
glsa-200805-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-17 - Tavis Ormandy and Will Drewry of the Google Security Team have reported a double free vulnerability when processing a crafted regular expression containing UTF-8 characters. Versions less than 5.8.8-r5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2946 | | Related CVE(s): | CVE-2008-1927 | | Last Modified: | May 20 16:44:10 2008 |
| MD5 Checksum: | c61ac53f0481c399e80995f4f0c77a11 |
|
| /// File Name: |
glsa-200805-18.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-18 - Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted execution of arbitrary code. Versions less than 2.0.0.14 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 11033 | | Related CVE(s): | CVE-2007-4879, CVE-2008-0304, CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0420, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1240, CVE-2008-1241, CVE-2008-1380 | | Last Modified: | May 20 19:13:30 2008 |
| MD5 Checksum: | 6020894f441006219868b9bff9de2ca5 |
|
| /// File Name: |
glsa-200805-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-20 - Multiple vulnerabilities might allow for the execution of arbitrary code in daemons using GnuTLS. Versions less than 2.2.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3216 | | Related CVE(s): | CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 | | Last Modified: | May 22 01:48:49 2008 |
| MD5 Checksum: | ae1a27497ffdfe649bb414d13d8d7955 |
|
| /// File Name: |
glsa-200805-21.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-21 - Philipp Gortan reported that the xml-rpc server in Roundup does not check property permissions (CVE-2008-1475). Furthermore, Roland Meister discovered multiple vulnerabilities caused by unspecified errors, some of which may be related to cross-site scripting (CVE-2008-1474). Versions less than 1.4.4-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2790 | | Related CVE(s): | CVE-2008-1474, CVE-2008-1475 | | Last Modified: | May 27 18:29:19 2008 |
| MD5 Checksum: | fcd98f05ce6638672ee015b008eee6b6 |
|
| /// File Name: |
glsa-200805-22.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-22 - k`sOSe reported an integer overflow vulnerability in the sdpplin_parse() function in the file stream/realrtsp/sdpplin.c, which can be exploited to overwrite arbitrary memory regions via an overly large StreamCount SDP parameter. Versions less than 1.0_rc2_p26753 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2666 | | Related CVE(s): | CVE-2008-1558 | | Last Modified: | May 29 13:58:07 2008 |
| MD5 Checksum: | 398332a4ddd10ca94a9e8d8fa7a099c0 |
|
| /// File Name: |
glsa-200805-23.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-23 - Alin Rad Pop (Secunia Research) reported a vulnerability in Samba within the receive_smb_raw() function in the file lib/util_sock.c when parsing SMB packets, possibly leading to a heap-based buffer overflow via an overly large SMB packet. Versions less than 3.0.28a-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2712 | | Related CVE(s): | CVE-2008-1105 | | Last Modified: | May 29 13:58:30 2008 |
| MD5 Checksum: | 2f22783acef8220c60b0e1e321145329 |
|
| /// File Name: |
google-spam.txt |
Description:
|
It appears that manipulating the forwarding functionality in Google's GMail service allows people to spam.
| | Homepage: | http://ece.uprm.edu/~andre/insert | | File Size: | 2123 | | Last Modified: | May 7 20:40:32 2008 |
| MD5 Checksum: | f7d31e6f454a2e5814a14ca9ac14dcfb |
|
| /// File Name: |
ISVA-080516.1.txt |
Description:
|
Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request that will result in the exploitation of a SQL Injection vulnerability. This leads to database access under the context of the Deployment server, which typically then allows, command execution under the context of the SQL Server. Versions 6.8.x and 6.9.x are affected.
| | Author: | Brett Moore | | Homepage: | http://www.insomniasec.com/ | | File Size: | 2393 | | Last Modified: | May 19 21:22:39 2008 |
| MD5 Checksum: | 6f30c4c0ca4cc9eecc602ed5ee3612ee |
|
| /// File Name: |
ISVA-080516.2.txt |
Description:
|
Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request to this port that will result in the encrypted domain credentials being returned. Versions 6.8.x and 6.9.x are affected.
| | Author: | Brett Moore | | Homepage: | http://www.insomniasec.com/ | | File Size: | 2227 | | Last Modified: | May 19 21:23:46 2008 |
| MD5 Checksum: | 780baeb8dc7fa177ef07a78d25804d7b |
|
| /// File Name: |
lokicms-multi.txt |
Description:
|
LokiCMS versions 0.3.4 and below suffer from arbitrary file overwrite, code injection, file inclusion, and administrative hash retrieval vulnerabilities.
| | Author: | trueend5 | | Homepage: | http://www.kapda.ir/ | | File Size: | 3811 | | Last Modified: | May 31 15:39:49 2008 |
| MD5 Checksum: | 6baccc735f053b9073d18f892030bc12 |
|
| /// File Name: |
MDVSA-2008-096.txt |
Description:
|
Mandriva Linux Security Advisory - Steve Grubb found that the vcdiff script in Emacs create temporary files insecurely when used with SCCS. A local user could exploit a race condition to create or overwrite files with the privileges of the user invoking the program.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8840 | | Related CVE(s): | CVE-2008-1694 | | Last Modified: | May 6 19:15:29 2008 |
| MD5 Checksum: | 3a0ea4e3b1b58f64a7459c160c351863 |
|
| /// File Name: |
MDVSA-2008-097.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was found in start_kdeinit in KDE 3.5.5 through 3.5.9 where, if it was installed setuid root, it could allow local users to cause a denial of service or possibly execute arbitrary code. By default, start_kdeinit is not installed setuid root on Mandriva Linux, however updated packages have been patched to correct this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4032 | | Related CVE(s): | CVE-2008-1671 | | Last Modified: | May 7 13:29:17 2008 |
| MD5 Checksum: | c4ad65a04bf01fc452431de16f2c99c3 |
|
| /// File Name: |
MDVSA-2008-098.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to bypass intended security restrictions enabling them to execute commands other than those specified by the ForceCommand directive, provided they are able to modify to ~/.ssh/rc.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6090 | | Related CVE(s): | CVE-2008-1657 | | Last Modified: | May 7 13:29:56 2008 |
| MD5 Checksum: | c05d37c906d149b687d05a12d3686dbb |
|
| /// File Name: |
MDVSA-2008-099.txt |
Description:
|
Mandriva Linux Security Advisory - A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially-crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system running ImageMagick. Another heap-based buffer overflow vulnerability was found in how ImageMagick processed certain malformed PCX images. If ImageMagick opened a specially-crafted PCX image file, an attacker could possibly execute arbitrary code on the system running ImageMagick.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7839 | | Related CVE(s): | CVE-2008-1096, CVE-2008-1097 | | Last Modified: | May 9 13:43:27 2008 |
| MD5 Checksum: | 80671fb91b231ddf51ff6f60aef286c4 |
|
| /// File Name: |
MDVSA-2008-100.txt |
Description:
|
Mandriva Linux Security Advisory - A double free vulnerability in Perl 5.8.8 and earlier versions, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6987 | | Related CVE(s): | CVE-2008-1927 | | Last Modified: | May 12 10:37:41 2008 |
| MD5 Checksum: | 513fa7b59cd18f23cdf5a4d38273458e |
|
| /// File Name: |
MDVSA-2008-101.txt |
Description:
|
Mandriva Linux Security Advisory - Several vulnerabilities were discovered in rdesktop, a Remote Desktop Protocol client. An integer underflow vulnerability allowed attackers to cause a denial of service (crash) and possibly execute arbitrary code with the privileges of the logged-in user. A buffer overflow vulnerability allowed attackers to execute arbitrary code with the privileges of the logged-in user. An integer signedness vulnerability allowed attackers to execute arbitrary code with the privileges of the logged-in user. In order for these vulnerabilities to be exploited, an attacker must persuade a targeted user to connect to a malicious RDP server.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4231 | | Related CVE(s): | CVE-2008-1801, CVE-2008-1802, CVE-2008-1803 | | Last Modified: | May 19 15:41:05 2008 |
| MD5 Checksum: | b93b1c2bea03bd7916006106d1a10f7c |
|
| /// File Name: |
MDVSA-2008-102.txt |
Description:
|
Mandriva Linux Security Advisory - Will Drewry of the Google Security Team reported several vulnerabilities in how libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it would cause an application linked to libvorbis to crash or possibly execute arbitrary code when opened.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7637 | | Related CVE(s): | CVE-2008-1419, CVE-2008-1420, CVE-2008-1423 | | Last Modified: | May 19 15:44:00 2008 |
| MD5 Checksum: | d34aae58445046348cb13faa447c0a16 |
|
| /// File Name: |
MDVSA-2008-103.txt |
Description:
|
Mandriva Linux Security Advisory - field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4050 | | Related CVE(s): | CVE-2008-2109 | | Last Modified: | May 19 21:34:29 2008 |
| MD5 Checksum: | 10430aaf27dc37931d82123caa93cd4b |
|
| /// File Name: |
MDVSA-2008-105.txt |
Description:
|
Mandriva Linux Security Advisory - Denial of service, out of bounds, race condition, and various other vulnerabilities have been patched in the Linux 2.6 kernel.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7717 | | Related CVE(s): | CVE-2007-3740, CVE-2007-3851, CVE-2007-4133, CVE-2007-4573, CVE-2007-4997, CVE-2007-5093, CVE-2008-1375, CVE-2008-1669 | | Last Modified: | May 22 01:14:01 2008 |
| MD5 Checksum: | 3fa1ea0631b7512016f57ab83beef01d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
