Section: .. / 0611-advisories /
| /// File Name: |
SSRT061269-1.txt |
Description:
|
HPSBUX02172 SSRT061269 rev.1 - HP-UX VirtualVault running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS) , and Unauthorized Access
| | Homepage: | http://www.hp.com | | File Size: | 6181 | | Last Modified: | Nov 2 19:28:28 2006 |
| MD5 Checksum: | dd214bfb8e395c8dfeaf4d70cc37a95c |
|
| /// File Name: |
TA06-312A.txt |
Description:
|
Technical Cyber Security Alert TA06-312A - The Mozilla web browser and derived products contain several vulnerabilities. The most severe impact of these vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the user running the affected application. Other effects include forging an RSA signatures and denial of service. A remote, unauthenticated attacker could execute arbitrary code, or cause a denial of service. Forging an RSA signature (VU#335392) may allow an attacker to craft a TLS/SSL or email certificate that will not be detected as invalid. This may allow that attacker to impersonate a website or email system that relies on certificates for authentication.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 5116 | | Last Modified: | Nov 8 22:23:21 2006 |
| MD5 Checksum: | 11870073daed2cef7d1918c4a8882d30 |
|
| /// File Name: |
TA06-318A.txt |
Description:
|
Technical Cyber Security Alert TA06-318A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, and Adobe Flash. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3903 | | Last Modified: | Nov 16 11:02:41 2006 |
| MD5 Checksum: | cdb5eb5c68a962d3f2542ce4fa05ae83 |
|
| /// File Name: |
topstory-rfi.txt |
Description:
|
Topstory Basic version 1.0 suffers from a remote file inclusion vulnerability.
| | Author: | rUnViRuS | | Homepage: | http://sec-area.com/ | | File Size: | 269 | | Last Modified: | Nov 14 02:14:50 2006 |
| MD5 Checksum: | abc7bd1b3532debdbb95483acfecacd9 |
|
| /// File Name: |
trustedbsd-firewire.txt |
Description:
|
The Firewire device enabled by default in the GENERIC kernel for TrusedBSD* defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.kernelhacking.com/rodrigo | | Related File: | bsd.patch | | File Size: | 3422 | | Last Modified: | Nov 16 12:15:54 2006 |
| MD5 Checksum: | c4aa48265643c1fa61a56a7322579d01 |
|
| /// File Name: |
TSRT-06-13.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable device installations of HP OpenView Client Configuraton Manager (CCM). Authentication is not required to exploit this vulnerability. The CCM server is not affected. OpenView Client Configuration Manager version 1.0 is affected.
| | Author: | Pedram Amini | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 2063 | | Related CVE(s): | CVE-2006-5782 | | Last Modified: | Nov 8 22:32:32 2006 |
| MD5 Checksum: | a9fb0a1d76c98986f4f646ac266020e2 |
|
| /// File Name: |
USN-369-2.txt |
Description:
|
Ubuntu Security Notice 369-2: multiple vulnerabilities in postgresql-8.1 server.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12260 | | Last Modified: | Nov 2 19:24:21 2006 |
| MD5 Checksum: | 8c226ca83dec25799b2980fe173bd0ab |
|
| /// File Name: |
USN-370-1.txt |
Description:
|
Ubuntu Security Notice 370-1: cstone and Rich Felker discovered a programming error in the UTF8 string handling code of "screen" leading to a denial of service. If a crafted string was displayed within a screen session, screen would crash or possibly execute arbitrary code.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6277 | | Last Modified: | Nov 2 19:24:32 2006 |
| MD5 Checksum: | 5b4a81192dffbf487afe42b9c0e0875c |
|
| /// File Name: |
USN-371-1.txt |
Description:
|
Ubuntu Security Notice 371-1: An error was found in Ruby's CGI library that did not correctly check for the end of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 35183 | | Last Modified: | Nov 2 19:24:37 2006 |
| MD5 Checksum: | db049394245c6abb33ab670b9606a8ac |
|
| /// File Name: |
USN-372-1.txt |
Description:
|
Ubuntu Security Notice 372-1: M. Joonas Pihlaja discovered that ImageMagick did not sufficiently verify the validity of PALM and DCM images. When processing a specially crafted image with an application that uses imagemagick, this could be exploited to execute arbitrary code with the application's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 20129 | | Last Modified: | Nov 2 19:24:27 2006 |
| MD5 Checksum: | d03135b6964ce1ae856b12e458c1ff0f |
|
| /// File Name: |
USN-373-1.txt |
Description:
|
Ubuntu Security Notice 373-1: Race conditions were discovered in mutt's handling of temporary files. Under certain conditions when using a shared temp directory (the default), other local users could overwrite arbitrary files owned by the user running mutt. This vulnerability is more likely when the temp directory is over NFS.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4945 | | Last Modified: | Nov 2 19:46:29 2006 |
| MD5 Checksum: | 891f01c876d47c20c081d75524f1a6db |
|
| /// File Name: |
USN-374-1.txt |
Description:
|
Ubuntu Security Notice 374-1: An integer overflow was discovered in the DOC file parser of the wv library. By tricking a user into opening a specially crafted MSWord (.DOC) file, remote attackers could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4087 | | Last Modified: | Nov 2 19:30:14 2006 |
| MD5 Checksum: | 3e6c8e2766100693559884dedfd96122 |
|
| /// File Name: |
USN-375-1.txt |
Description:
|
Ubuntu Security Notice 375-1: \Stefan Esser discovered two buffer overflows in the htmlentities() and htmlspecialchars() functions. By supplying specially crafted input to PHP applications which process that input with these functions, a remote attacker could potentially exploit this to execute arbitrary code with the privileges of the application.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 38421 | | Last Modified: | Nov 3 17:29:11 2006 |
| MD5 Checksum: | a8e5654b52cccc7014be8d414e380b5a |
|
| /// File Name: |
USN-376-1.txt |
Description:
|
Ubuntu Security Notice 376-1 - M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7003 | | Related CVE(s): | CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809 | | Last Modified: | Nov 6 00:04:59 2006 |
| MD5 Checksum: | ca6c6312d8d85bd2f200e8fb5afb8212 |
|
| /// File Name: |
USN-376-2.txt |
Description:
|
Ubuntu Security Notice 376-2: USN-376-1 provided an update to imlib2 to fix several security vulnerabilities. Unfortunately the update broke JPG file handling in certain situations. This update corrects this problem. We apologize for the inconvenience.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6869 | | Last Modified: | Nov 8 18:30:10 2006 |
| MD5 Checksum: | 4c8fb56bccc01a4c734cc9adaf25f7f8 |
|
| /// File Name: |
USN-377-1.txt |
Description:
|
Ubuntu Security Notice 377-1 - Derek Abdine discovered that the NVIDIA Xorg driver did not correctly verify the size of buffers used to render text glyphs. When displaying very long strings of text, the Xorg server would crash. If a user were tricked into viewing a specially crafted series of glyphs, this flaw could be exploited to run arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 19511 | | Related CVE(s): | CVE-2006-5379 | | Last Modified: | Nov 6 00:06:48 2006 |
| MD5 Checksum: | 3a8bfb6ecedfb6d10ccde1523c0092aa |
|
| /// File Name: |
USN-378-1.txt |
Description:
|
Ubuntu Security Notice 378-1 - An error was found in the RPM library's handling of query reports. In some locales, certain RPM packages would cause the library to crash. If a user was tricked into querying a specially crafted RPM package, the flaw could be exploited to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 8407 | | Related CVE(s): | CVE-2006-5466 | | Last Modified: | Nov 6 00:08:37 2006 |
| MD5 Checksum: | a003845c4cad2d673bcaa864b2f39ea7 |
|
| /// File Name: |
USN-379-1.txt |
Description:
|
Ubuntu Security Notice 379-1 - Miloslav Trmac discovered a buffer overflow in texinfo's index processor. If a user is tricked into processing a .texi file with texindex, this could lead to arbitrary code execution with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6753 | | Related CVE(s): | CVE-2006-4810 | | Last Modified: | Nov 13 10:38:22 2006 |
| MD5 Checksum: | 622c73f9b543b2cf4d53eb7b07e702d8 |
|
| /// File Name: |
USN-380-1.txt |
Description:
|
Ubuntu Security Notice 380-1 - Steve Grubb discovered that netlink messages were not being checked for their sender identity. This could lead to local users manipulating the Avahi service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 36145 | | Related CVE(s): | CVE-2006-5461 | | Last Modified: | Nov 14 00:36:04 2006 |
| MD5 Checksum: | 615a576f793040dda9e160492a32298c |
|
| /// File Name: |
USN-381-1.txt |
Description:
|
Ubuntu Security Notice 381-1 - USN-351-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 13018 | | Related CVE(s): | CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748 | | Last Modified: | Nov 21 21:48:54 2006 |
| MD5 Checksum: | 0f560f6f914a8eceb4ade850d5c7feb8 |
|
| /// File Name: |
USN-382-1.txt |
Description:
|
Ubuntu Security Notice 382-1 - USN-352-1 fixed a flaw in the verification of PKCS certificate signatures. Ulrich Kuehn discovered a variant of the original attack which the original fix did not cover. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12794 | | Related CVE(s): | CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748 | | Last Modified: | Nov 21 21:51:00 2006 |
| MD5 Checksum: | 521f19287302bd9e6b41cffda2f5f7d1 |
|
| /// File Name: |
USN-383-1.txt |
Description:
|
Ubuntu Security Notice 383-1 - Tavis Ormandy discovered that libpng did not correctly calculate the size of sPLT structures when reading an image. By tricking a user or an automated system into processing a specially crafted PNG file, an attacker could exploit this weakness to crash the application using the library.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9219 | | Related CVE(s): | CVE-2006-5793 | | Last Modified: | Nov 18 20:47:03 2006 |
| MD5 Checksum: | 7a604cad4a9aa146e9d607a0f365d182 |
|
| /// File Name: |
USN-384-1.txt |
Description:
|
Ubuntu Security Notice 384-1 - Evgeny Legerov discovered that the OpenLDAP libraries did not correctly truncate authcid names. This situation would trigger an assert and abort the program using the libraries. A remote attacker could send specially crafted bind requests that would lead to an LDAP server denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9011 | | Related CVE(s): | CVE-2006-5779 | | Last Modified: | Nov 21 02:24:09 2006 |
| MD5 Checksum: | 97d073428c4a8c11f1c73b6744d0b6bf |
|
| /// File Name: |
USN-385-1.txt |
Description:
|
Ubuntu Security Notice 385-1 - Teemu Salmela discovered that tar still handled the deprecated GNUTYPE_NAMES record type. This record type could be used to create symlinks that would be followed while unpacking a tar archive. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4942 | | Related CVE(s): | CVE-2006-6097 | | Last Modified: | Nov 30 19:07:26 2006 |
| MD5 Checksum: | bfde5d7997b7b6a4f79a2a7a7b8c7e9b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
