Section: .. / 0805-advisories /
| /// File Name: |
sa30312.txt |
Description:
|
Secunia Security Advisory - Adam Zabrocki has discovered a vulnerability in Mtr, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30312/ | | File Size: | 2288 | | Last Modified: | May 20 16:20:56 2008 |
| MD5 Checksum: | 33ea3ec30e4c772bca405251fefe8e2c |
|
| /// File Name: |
SSRT080071.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com/ | | File Size: | 9522 | | Related CVE(s): | CVE-2007-6026 | | Last Modified: | May 20 10:30:30 2008 |
| MD5 Checksum: | 98043204bdce4fad60e066367be30c8e |
|
| /// File Name: |
mtr-overflow.txt |
Description:
|
Mtr suffers from a local and remote stack overflow vulnerability.
| | Author: | Adam Zabrocki | | File Size: | 43807 | | Last Modified: | May 20 10:29:30 2008 |
| MD5 Checksum: | b18432f838e87911eed48c482bdd6978 |
|
| /// File Name: |
USN-612-7.txt |
Description:
|
Ubuntu Security Notice 612-7 - USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems that may have been affected themselves. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5554 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 20 10:17:08 2008 |
| MD5 Checksum: | a6547a41f905e6a3fd2d547f9767ba3e |
|
| /// File Name: |
dsa-1580-1.txt |
Description:
|
Debian Security Advisory 1580-1 - It was discovered that phpGedView, an application to provide online access to genealogical data, allowed remote attackers to gain administrator privileges due to a programming error.
| | Homepage: | http://www.debian.org/security | | File Size: | 4397 | | Related CVE(s): | CVE-2008-2064 | | Last Modified: | May 20 10:16:19 2008 |
| MD5 Checksum: | 85cc2abdaaad9d63dd016aac385c4e66 |
|
| /// File Name: |
secunia-foxit.txt |
Description:
|
Secunia Research has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" JavaScript function. This can be exploited to cause a stack-based buffer overflow via a specially crafted PDF file. Successful exploitation allows execution of arbitrary code. Foxit Reader 2.3 build 2825 is affected.
| | Author: | Dyon Balding | | Homepage: | http://secunia.com/ | | File Size: | 4610 | | Related CVE(s): | CVE-2008-1104 | | Last Modified: | May 20 10:15:21 2008 |
| MD5 Checksum: | 279d313f561b4f6687c47e56615435ef |
|
| /// File Name: |
ZDI-08-027.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserve Backup. Authentication is not required exploit this vulnerability. The specific flaw exists within the caloggerd log daemon during the processing of log messages that contain directory traversal modifiers. A lack of sanity checking on the provided path allows attackers to append arbitrary data to a file of their choosing and can easily result in a full system compromise.
| | Author: | Damian Put | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3422 | | Related CVE(s): | CVE-2008-2241 | | Last Modified: | May 19 21:38:49 2008 |
| MD5 Checksum: | f899af6260049b65f2a53fb1994143bd |
|
| /// File Name: |
ZDI-08-026.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of CA BrightStor ARCserve Backup for Linux. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper bounds checking in the xdr_rwsstring() library function. By sending a long parameter into a daemon using this function to process strings, a stack based buffer overflow occurs, leading to execution of arbitrary code.
| | Author: | Damian Put | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3359 | | Related CVE(s): | CVE-2008-2242 | | Last Modified: | May 19 21:37:57 2008 |
| MD5 Checksum: | 7c46da1a5c684af64366f73a09e2c1a4 |
|
| /// File Name: |
CA-caloggerdxdr.txt |
Description:
|
CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability, CVE-2008-2241, is due to insufficient path verification by the logging service, caloggerd. An attacker can append data to arbitrary files, which can lead to system compromise. The second vulnerability, CVE-2008-2242, is due to insufficient bounds checking by multiple xdr functions. An attacker can cause an overflow and execute arbitrary code.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 5864 | | Related CVE(s): | CVE-2008-2241, CVE-2008-2242 | | Last Modified: | May 19 21:36:12 2008 |
| MD5 Checksum: | 612eed8dc378f0b53f234e2a163e0464 |
|
| /// File Name: |
MDVSA-2008-103.txt |
Description:
|
Mandriva Linux Security Advisory - field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4050 | | Related CVE(s): | CVE-2008-2109 | | Last Modified: | May 19 21:34:29 2008 |
| MD5 Checksum: | 10430aaf27dc37931d82123caa93cd4b |
|
| /// File Name: |
ISVA-080516.2.txt |
Description:
|
Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request to this port that will result in the encrypted domain credentials being returned. Versions 6.8.x and 6.9.x are affected.
| | Author: | Brett Moore | | Homepage: | http://www.insomniasec.com/ | | File Size: | 2227 | | Last Modified: | May 19 21:23:46 2008 |
| MD5 Checksum: | 780baeb8dc7fa177ef07a78d25804d7b |
|
| /// File Name: |
ISVA-080516.1.txt |
Description:
|
Insomnia Security Vulnerability Advisory - Altiris deployment solution listens for connections from the Altiris client on port 402. It is possible to make a request that will result in the exploitation of a SQL Injection vulnerability. This leads to database access under the context of the Deployment server, which typically then allows, command execution under the context of the SQL Server. Versions 6.8.x and 6.9.x are affected.
| | Author: | Brett Moore | | Homepage: | http://www.insomniasec.com/ | | File Size: | 2393 | | Last Modified: | May 19 21:22:39 2008 |
| MD5 Checksum: | 6f30c4c0ca4cc9eecc602ed5ee3612ee |
|
| /// File Name: |
dsa-1579-1.txt |
Description:
|
Debian Security Advisory 1579-1 - A vulnerability was discovered in the GIF reader implementation in netpbm-free, a suite of image manipulation utilities. Insufficient input data validation could allow a maliciously-crafted GIF file to overrun a stack buffer, potentially permitting the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 12452 | | Related CVE(s): | CVE-2008-0554 | | Last Modified: | May 19 21:11:24 2008 |
| MD5 Checksum: | 5ba4b12b7513e8a9eb5d95741e785e77 |
|
| /// File Name: |
dsa-1578-1.txt |
Description:
|
Debian Security Advisory 1578-1 - Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The session_start function allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from various parameters. A denial of service was possible through a malicious script abusing the glob() function. Certain maliciously constructed input to the wordwrap() function could lead to a denial of service attack. Large len values of the stspn() or strcspn() functions could allow an attacker to trigger integer overflows to expose memory or cause denial of service. The escapeshellcmd API function could be attacked via incomplete multibyte chars.
| | Homepage: | http://www.debian.org/security | | File Size: | 41977 | | Related CVE(s): | CVE-2007-3799, CVE-2007-3806, CVE-2007-3998, CVE-2007-4657, CVE-2008-2051 | | Last Modified: | May 19 21:10:44 2008 |
| MD5 Checksum: | 3205ee8e6939c1ffec9ba34acd35594f |
|
| /// File Name: |
sa30035.txt |
Description:
|
Secunia Security Advisory - Lostmon has discovered a vulnerability in bcoos, which can be exploited by malicious users to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/30035/ | | File Size: | 2243 | | Last Modified: | May 19 18:15:47 2008 |
| MD5 Checksum: | b15f09cc422b03791f09260881feaf45 |
|
| /// File Name: |
sa30138.txt |
Description:
|
Secunia Security Advisory - 0in has discovered a vulnerability in Smeego, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/30138/ | | File Size: | 2284 | | Last Modified: | May 19 18:15:47 2008 |
| MD5 Checksum: | 99acaa6f6e033ae6f974068e3cb4f91c |
|
| /// File Name: |
sa30251.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in testMaker, which can be exploited by malicious users to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/30251/ | | File Size: | 2048 | | Last Modified: | May 19 18:15:47 2008 |
| MD5 Checksum: | 872a07816bd8ea1dd701874bfb855a44 |
|
| /// File Name: |
sa30280.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for netpbm-free. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30280/ | | File Size: | 11456 | | Last Modified: | May 19 18:15:47 2008 |
| MD5 Checksum: | 9ff061b35d1111f6477f884169d63d02 |
|
| /// File Name: |
sa30288.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for php4. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, and malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30288/ | | File Size: | 38852 | | Last Modified: | May 19 18:15:47 2008 |
| MD5 Checksum: | e69b4e4161d6321047db603b9177cbf0 |
|
| /// File Name: |
sa30293.txt |
Description:
|
Secunia Security Advisory - dun has reported some vulnerabilities in CMS WebManager-Pro, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/30293/ | | File Size: | 2065 | | Last Modified: | May 19 18:15:47 2008 |
| MD5 Checksum: | 144857bc835ad38b66bd5e7a4d843b9d |
|
| /// File Name: |
sa30301.txt |
Description:
|
Secunia Security Advisory - t0pP8uZz has discovered a vulnerability in GNU/Gallery, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/30301/ | | File Size: | 2139 | | Last Modified: | May 19 18:15:47 2008 |
| MD5 Checksum: | 12387be4272d32e3f42d8d88aee62a74 |
|
| /// File Name: |
MDVSA-2008-102.txt |
Description:
|
Mandriva Linux Security Advisory - Will Drewry of the Google Security Team reported several vulnerabilities in how libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it would cause an application linked to libvorbis to crash or possibly execute arbitrary code when opened.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7637 | | Related CVE(s): | CVE-2008-1419, CVE-2008-1420, CVE-2008-1423 | | Last Modified: | May 19 15:44:00 2008 |
| MD5 Checksum: | d34aae58445046348cb13faa447c0a16 |
|
| /// File Name: |
MDVSA-2008-101.txt |
Description:
|
Mandriva Linux Security Advisory - Several vulnerabilities were discovered in rdesktop, a Remote Desktop Protocol client. An integer underflow vulnerability allowed attackers to cause a denial of service (crash) and possibly execute arbitrary code with the privileges of the logged-in user. A buffer overflow vulnerability allowed attackers to execute arbitrary code with the privileges of the logged-in user. An integer signedness vulnerability allowed attackers to execute arbitrary code with the privileges of the logged-in user. In order for these vulnerabilities to be exploited, an attacker must persuade a targeted user to connect to a malicious RDP server.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4231 | | Related CVE(s): | CVE-2008-1801, CVE-2008-1802, CVE-2008-1803 | | Last Modified: | May 19 15:41:05 2008 |
| MD5 Checksum: | b93b1c2bea03bd7916006106d1a10f7c |
|
| /// File Name: |
TA08-137A.txt |
Description:
|
Technical Cyber Security Alert TA08-137A - A vulnerability in the OpenSSL package included with the Debian GNU/Linux operating system and its derivatives may cause weak cryptographic keys to be generated. Any package that uses the affected version of SSL could be vulnerable.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4530 | | Last Modified: | May 19 14:54:42 2008 |
| MD5 Checksum: | 545003fb0e62ad13cfa66b242929688b |
|
| /// File Name: |
dsa-1576-2.txt |
Description:
|
Debian Security Advisory 1576-2 - Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in openssh 1:4.3p2-9etch1 (see DSA 1576-1). This could cause some compromised keys not to be listed in ssh-vulnkey's output.
| | Homepage: | http://www.debian.org/security | | File Size: | 11669 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 19 14:53:44 2008 |
| MD5 Checksum: | 99b2764eac7fd3255e11c28f7cd3f369 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
