Section: .. / 0701-advisories /
| /// File Name: |
TA07-024A.txt |
Description:
|
Technical Cyber Security Alert TA07-024A - Several vulnerabilities have been discovered in Cisco's Internet Operating System (IOS). A remote attacker may be able to execute arbitrary code on an affected device, cause an affected device to reload the operating system, or cause other types of denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 5750 | | Last Modified: | Jan 26 22:04:59 2007 |
| MD5 Checksum: | a3986b01c3509b58b598386c774f329e |
|
| /// File Name: |
tmvwall381v3_adv.txt |
Description:
|
A local buffer overflow vulnerability in the VSAPI library in Trend Micro VirusWall version 3.81 on Linux allows arbitrary code execution and leads to privilege escalation.
| | Author: | Sebastian Wolfgarten | | Related Exploit: | tmvwall381v3_exp.c | | File Size: | 5957 | | Last Modified: | Jan 26 23:11:35 2007 |
| MD5 Checksum: | 5582921034a6813c8c086f44b44ca424 |
|
| /// File Name: |
USN-398-3.txt |
Description:
|
Ubuntu Security Notice 398-3 - USN-398-1 fixed vulnerabilities in Firefox. Due to the updated version, a flaw was uncovered in the Firefox Themes bundle, which erroneously reported to be incompatible with the updated Firefox. This update fixes the problem. Various flaws have been reported in Firefox that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious web page containing JavaScript or SVG.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 1562 | | Related CVE(s): | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6506, CVE-2006-6507 | | Last Modified: | Jan 5 02:33:57 2007 |
| MD5 Checksum: | c1a0488095d1b8b4ba2005f12142ee72 |
|
| /// File Name: |
USN-399-1.txt |
Description:
|
Ubuntu Security Notice 399-1 - A format string vulnerability was discovered in w3m. If a user were tricked into visiting an HTTPS URL protected by a specially crafted SSL certificate, an attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6722 | | Last Modified: | Jan 3 22:05:50 2007 |
| MD5 Checksum: | d3330a8eb70f1c734ff416f7b236bd8f |
|
| /// File Name: |
USN-400-1.txt |
Description:
|
Ubuntu Security Notice 400-1 - Georgi Guninski and David Bienvenu discovered that long Content-Type and RFC2047-encoded headers we vulnerable to heap overflows. By tricking the user into opening a specially crafted email, an attacker could execute arbitrary code with user privileges. Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges or bypass internal XSS protections by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12838 | | Related CVE(s): | CVE-2006-6497, CVE-2006-6498, CVE-2006-6499, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6505 | | Last Modified: | Jan 5 03:09:37 2007 |
| MD5 Checksum: | 585c084b6cac9f09a0225c147620205f |
|
| /// File Name: |
USN-401-1.txt |
Description:
|
Ubuntu Security Notice 401-1 - It was discovered that local users could delete other users' D-Bus match rules. Applications would stop receiving D-Bus messages, resulting in a local denial of service, and potential data loss for applications that depended on D-Bus for storing information.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 18018 | | Related CVE(s): | CVE-2006-6107 | | Last Modified: | Jan 5 03:08:12 2007 |
| MD5 Checksum: | e45cabfacad3e7e35cec768cbb4a9b97 |
|
| /// File Name: |
USN-402-1.txt |
Description:
|
Ubuntu Security Notice 402-1 - A flaw was discovered in Avahi's handling of compressed DNS packets. If a specially crafted reply were received over the network, the Avahi daemon would go into an infinite loop, causing a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 36013 | | Related CVE(s): | CVE-2006-6870 | | Last Modified: | Jan 13 15:33:35 2007 |
| MD5 Checksum: | 08c800598d6d8c567a1cb655e8f76ddb |
|
| /// File Name: |
USN-403-1.txt |
Description:
|
Ubuntu Security Notice 403-1 - The DBE and Render extensions in X.org were vulnerable to integer overflows, which could lead to memory overwrites. An authenticated user could make a specially crafted request and execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 50575 | | Related CVE(s): | CVE-2006-6101, CVE-2006-6102, CVE-2006-6103 | | Last Modified: | Jan 13 17:59:42 2007 |
| MD5 Checksum: | 75a16c7c2e6cc43b4a0a0dc695bfb2e2 |
|
| /// File Name: |
USN-404-1.txt |
Description:
|
Ubuntu Security Notice 404-1 - Laurent Butti, Jerome Razniewski, and Julien Tinnes discovered that the MadWifi wireless driver did not correctly check packet contents when receiving scan replies. A remote attacker could send a specially crafted packet and execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 10637 | | Related CVE(s): | CVE-2006-6332 | | Last Modified: | Jan 13 18:16:48 2007 |
| MD5 Checksum: | a683bf299b92824f24c8165e6899dd2a |
|
| /// File Name: |
USN-405-1.txt |
Description:
|
Ubuntu Security Notice 405-1 - It was discovered that fetchmail did not correctly require TLS negotiation in certain situations. This would result in a user's unencrypted password being sent across the network.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6008 | | Related CVE(s): | CVE-2006-5867 | | Last Modified: | Jan 13 19:20:15 2007 |
| MD5 Checksum: | b039672e263aba36609eb3f55e19073d |
|
| /// File Name: |
USN-406-1.txt |
Description:
|
Ubuntu Security Notice 406-1 - An integer overflow was discovered in OpenOffice.org's handling of WMF files. If a user were tricked into opening a specially crafted WMF file, an attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 24114 | | Related CVE(s): | CVE-2006-5870 | | Last Modified: | Jan 13 19:48:40 2007 |
| MD5 Checksum: | b89f96f7f5345d93c6ba785d83f0efc0 |
|
| /// File Name: |
USN-407-1.txt |
Description:
|
Ubuntu Security Notice 407-1 - Liu Qishuai discovered a buffer overflow in the /proc parsing routines in libgtop. By creating and running a process in a specially crafted long path and tricking an user into running gnome-system-monitor, an attacker could exploit this to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7330 | | Last Modified: | Jan 15 22:13:22 2007 |
| MD5 Checksum: | e6b8ce5ead25be798a85307172385e7e |
|
| /// File Name: |
USN-408-1.txt |
Description:
|
Ubuntu Security Notice 408-1 - The server-side portion of Kerberos' RPC library had a memory management flaw which allowed users of that library to call a function pointer located in unallocated memory. By doing specially crafted calls to the kadmind server, a remote attacker could exploit this to execute arbitrary code with root privileges on the target computer.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15937 | | Related CVE(s): | CVE-2006-6143 | | Last Modified: | Jan 15 22:18:37 2007 |
| MD5 Checksum: | 1b38828773836a9965daa3b17771775f |
|
| /// File Name: |
USN-409-1.txt |
Description:
|
Ubuntu Security Notice 409-1 - Federico L. Bossi Bonin discovered a Denial of Service vulnerability in ksirc. By sending a special response packet, a malicious IRC server could crash ksirc.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 37672 | | Related CVE(s): | CVE-2006-6811 | | Last Modified: | Jan 15 22:19:10 2007 |
| MD5 Checksum: | 87726af2366057e0e782d3744e387f17 |
|
| /// File Name: |
USN-410-1.txt |
Description:
|
Ubuntu Security Notice 410-1 - The poppler PDF loader library did not limit the recursion depth of the page model tree. By tricking a user into opening a specially crafter PDF file, this could be exploited to trigger an infinite loop and eventually crash an application that uses this library.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 64909 | | Related CVE(s): | CVE-2007-0104 | | Last Modified: | Jan 19 22:30:35 2007 |
| MD5 Checksum: | 0d13cbf8943c4ab18dd16154b4e34d5d |
|
| /// File Name: |
USN-410-2.txt |
Description:
|
Ubuntu Security Notice 410-2 - USN-410-1 fixed vulnerabilities in the poppler PDF loader library. This update provides the corresponding updates for a copy of this code in tetex-bin in Ubuntu 5.10. Versions of tetex-bin after Ubuntu 5.10 use poppler directly and do not need a separate update. The poppler PDF loader library did not limit the recursion depth of the page model tree. By tricking a user into opening a specially crafter PDF file, this could be exploited to trigger an infinite loop and eventually crash an application that uses this library.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3836 | | Related CVE(s): | CVE-2007-0104 | | Last Modified: | Jan 26 23:17:53 2007 |
| MD5 Checksum: | 9e90300be556dfebee280bc8f1cd8a60 |
|
| /// File Name: |
USN-411-1.txt |
Description:
|
Ubuntu Security Notice 411-1 - Roland Lezuo and Josselin Mouette discovered that the HTTP server code in libsoup did not correctly verify request headers. Remote attackers could crash applications using libsoup by sending a crafted HTTP request, resulting in a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7696 | | Related CVE(s): | CVE-2006-5876 | | Last Modified: | Jan 24 01:47:15 2007 |
| MD5 Checksum: | 7af98aa271c19c91faa41f5e181be4f5 |
|
| /// File Name: |
USN-412-1.txt |
Description:
|
Ubuntu Security Notice 412-1 - Dean Gaudet discovered that the GeoIP update tool did not validate the filename responses from the update server. A malicious server, or man-in-the-middle system posing as a server, could write to arbitrary files with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 8694 | | Related CVE(s): | CVE-2007-0159 | | Last Modified: | Jan 24 01:53:16 2007 |
| MD5 Checksum: | 653f02e2b2630a6f8030c87bb00e6097 |
|
| /// File Name: |
USN-413-1.txt |
Description:
|
Ubuntu Security Notice 413-1 - A flaw was discovered in the HID daemon of bluez-utils. A remote attacker could gain control of the mouse and keyboard if hidd was enabled. This does not affect a default Ubuntu installation, since hidd is normally disabled.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3212 | | Related CVE(s): | CVE-2006-6899 | | Last Modified: | Jan 24 01:54:05 2007 |
| MD5 Checksum: | 4bef66326f94da32f322b0dea50afec3 |
|
| /// File Name: |
USN-414-1.txt |
Description:
|
Ubuntu Security Notice 414-1 - David Duncan Ross Palmer and Henrik Nordstrom discovered that squid incorrectly handled special characters in FTP URLs. Remote users with access to squid could crash the server leading to a denial of service. Erick Dantas Rotole and Henrik Nordstrom discovered that squid could end up in an endless loop when exhausted of available external ACL helpers. Remote users with access to squid could cause CPU starvation, possibly leading to a denial of service. This does not affect a default Ubuntu installation, since external ACL helpers must be configured and used.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6812 | | Related CVE(s): | CVE-2007-0247, CVE-2007-0248 | | Last Modified: | Jan 26 22:04:03 2007 |
| MD5 Checksum: | 6fc3f283654dd2781fc2b61734798aa0 |
|
| /// File Name: |
veredirect.txt |
Description:
|
Verisign's Weblogs service is susceptible to redirection attacks.
| | Author: | ZeroKnock | | File Size: | 972 | | Last Modified: | Jan 6 19:49:34 2007 |
| MD5 Checksum: | 1bbfcaa10952c7cca665959a20f48269 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
