Section: .. / 0701-advisories /
| /// File Name: |
MITKRB5-SA-2006-003.txt |
Description:
|
MIT krb5 Security Advisory 2006-003 - The Kerberos administration daemon, "kadmind", can free uninitialized pointers, possibly leading to arbitrary code execution. This vulnerability results from memory management bugs in the "mechglue" abstraction interface of the GSS-API implementation. Third-party applications written using the GSS-API may also be vulnerable.
| | Homepage: | http://web.mit.edu/ | | File Size: | 4518 | | Related CVE(s): | CVE-2006-6144 | | Last Modified: | Jan 13 18:09:55 2007 |
| MD5 Checksum: | a9a6339525bc0ebd575b5d8162b8a693 |
|
| /// File Name: |
MOAB-05-01-2007.html |
Description:
|
Month Of Apple Bugs - A vulnerability in the handling of Apple DiskManagement BOM files allows to set rogue permissions on the filesystem via the 'diskutil' tool. This can be used to execute arbitrary code and escalate privileges. A malicious user could create a BOM declaring new permissions for specific filesystem locations (ex. binaries, cron and log directories, etc). Once 'diskutil' runs a permission repair operation the rogue permissions would be set, allowing to plant a backdoor, overwrite resources or simply gain root privileges.
| | Author: | LMH, Kevin Finisterre | | Homepage: | http://projects.info-pull.com/moab/index.html | | File Size: | 19552 | | Last Modified: | Jan 13 16:03:11 2007 |
| MD5 Checksum: | c043b9b8f15a8b56a56b6be67621b106 |
|
| /// File Name: |
msagent-heap.txt |
Description:
|
COSEINC Alert - A security researcher of COSEINC Vulnerability Research Lab has discovered that Microsoft Agent has a heap overflow vulnerability. This vulnerability is triggered when Microsoft Agent parses the malformed character file in its uncompressed state in memory, by having an overly large value in a length field. This will lead to an integer overflow during the allocation of buffer. Subsequently, when data is copied to the buffer, the heap overflow will occur. The result is possible remote code execution.
| | Author: | Willow | | Homepage: | http://www.coseinc.com/ | | File Size: | 4453 | | Last Modified: | Jan 30 22:57:30 2007 |
| MD5 Checksum: | 82458ffea0deef0d6dab6da244ba9b38 |
|
| /// File Name: |
msie-race.txt |
Description:
|
Microsoft Internet Explorer is susceptible to a race condition when handling XML files.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx/ | | File Size: | 2407 | | Last Modified: | Jan 5 03:06:06 2007 |
| MD5 Checksum: | 3ac9e1d6eac8e2e5db65a6f5a428768d |
|
| /// File Name: |
mythcontrol.txt |
Description:
|
MythControl versions 1.0 and below suffer from an arbitrary code execution vulnerability.
| | Author: | sapheal | | File Size: | 1133 | | Last Modified: | Jan 1 21:47:33 2007 |
| MD5 Checksum: | 1e8c174016c747373cae2b773afd06b8 |
|
| /// File Name: |
NETRAGARD-20061218.txt |
Description:
|
Netragard, L.L.C Advisory - It is possible to take control of an @Mail webmail email account by exploiting a Cross Site Request Forgery (XRSF) vulnerability in the @Mail webmail product. An attacker can send a specially crafted email to any @Mail webmail user with a forged "img" tag. This forged tag, if crafted properly, will inject new settings into the @Mail webmail users account. Version 4.51 is susceptible.
| | Homepage: | http://www.netragard.com | | File Size: | 5963 | | Last Modified: | Jan 26 22:50:51 2007 |
| MD5 Checksum: | 629b483b68e10bb70a63d9f54125e278 |
|
| /// File Name: |
ngs-openoffice.txt |
Description:
|
Three heap overflows have been discovered in OpenOffice versions below 2.1.0 and StarOffice 6, 7 and 8. If an attacker can coax a user into opening a specially crafted document then the attacker can execute arbitrary code in the security context of their victim.
| | Author: | John Heasman | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 3113 | | Last Modified: | Jan 5 02:36:04 2007 |
| MD5 Checksum: | d57f283a83a2b118789d23e98b0062fd |
|
| /// File Name: |
ngs-pgp.txt |
Description:
|
NGSSoftware has discovered a medium risk vulnerability in PGP Desktop versions prior to 9.5.1 which can allow a remote authenticated attacker to execute arbitrary code on a system on which PGP Desktop is installed.
| | Author: | Peter Winter-Smith | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 3993 | | Last Modified: | Jan 26 23:14:29 2007 |
| MD5 Checksum: | 241330362f1a75aea36240a564a5fc2c |
|
| /// File Name: |
OpenPKG-SA-2007.001.txt |
Description:
|
OpenPKG Security Advisory - Three vulnerabilities have been identified and exploited in the network monitoring and graphing frontend Cacti, versions up to and including 0.8.6i. They can be exploited by malicious people to bypass certain security restrictions, manipulate data and compromise vulnerable systems.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 3659 | | Last Modified: | Jan 1 22:24:23 2007 |
| MD5 Checksum: | 5bc18c5ade804565b19da52efea172eb |
|
| /// File Name: |
OpenPKG-SA-2007.002.txt |
Description:
|
OpenPKG Security Advisory - Together with two portability and stability issues, two older security issues were fixed in the compression tool BZip2, versions up to and including 1.0.3.
| | Homepage: | http://openpkg.com/security/ | | File Size: | 3342 | | Related CVE(s): | CVE-2005-0953, CVE-2005-0758 | | Last Modified: | Jan 13 15:35:58 2007 |
| MD5 Checksum: | aab4dc3086c8c35f78e33845441257e8 |
|
| /// File Name: |
OpenPKG-SA-2007.003.txt |
Description:
|
OpenPKG Security Advisory - According to upstream vendor security advisories, two vulnerabilities exist in the content management system Drupal, versions up to and including 4.7.4.
| | Homepage: | http://openpkg.com/security/ | | File Size: | 3609 | | Last Modified: | Jan 13 15:40:20 2007 |
| MD5 Checksum: | 89dd66645e3cbda3108074c6a4ba7f09 |
|
| /// File Name: |
OpenPKG-SA-2007.004.txt |
Description:
|
OpenPKG Security Advisory - According to vendor release notes and security advisories, two security issues exist in the POP3/IMAP batch client Fetchmail, version up to and including 6.3.5
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 3225 | | Related CVE(s): | CVE-2006-5867, CVE-2006-5974 | | Last Modified: | Jan 13 16:10:41 2007 |
| MD5 Checksum: | 9181a50fcb8e0f7003aa26fc56e316bb |
|
| /// File Name: |
OpenPKG-SA-2007.005.txt |
Description:
|
OpenPKG Security Advisory - According to a security advisory from Stefan Esser, a vulnerability exists in the Weblog publishing system WordPress, versions up to and including 2.0.5.
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 3083 | | Last Modified: | Jan 13 16:12:47 2007 |
| MD5 Checksum: | 1ccf2de1be50e5673323b0d28d7e9d42 |
|
| /// File Name: |
OpenPKG-SA-2007.006.txt |
Description:
|
OpenPKG Security Advisory - According to vendor security advisories, two security issues exist in the Kerberos network authentication system implementation MIT Kerberos. First, the RPC library could call an uninitialized function pointer, which created a security vulnerability for kadmind(8). Second, the GSS-API "mechglue" layer could fail to initialize some output pointers, causing callers to attempt to free uninitialized pointers. This caused another security vulnerability in kadmind(8).
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 3214 | | Related CVE(s): | CVE-2006-6143, CVE-2006-6144 | | Last Modified: | Jan 13 18:28:16 2007 |
| MD5 Checksum: | 3a75c439922141b24caa9ca32a52438c |
|
| /// File Name: |
OpenPKG-SA-2007.007.txt |
Description:
|
OpenPKG Security Advisory - As confirmed by vendor security advisories, two security issues exist in the DNS server BIND, versions up to 9.3.4. The first issue is a "use after free" vulnerability which allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors that cause BIND to "dereference (read) a freed fetch context". The second issue allows remote attackers to cause a Denial of Service (DoS) via a type "*" (ANY) DNS query response that contains multiple resource record (RR) sets in the answer section, which triggers an assertion error. To be vulnerable you need to have enabled DNSSEC validation in the configuration by specifying "trusted-keys".
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 3272 | | Related CVE(s): | CVE-2007-0493, CVE-2007-0494 | | Last Modified: | Jan 29 20:35:12 2007 |
| MD5 Checksum: | ef98c338e7f5a017b8877bfeaad6e259 |
|
| /// File Name: |
OpenPKG-SA-2007.008.txt |
Description:
|
OpenPKG Security Advisory - Ralf S. Engelschall from OpenPKG GmbH discovered a Denial of Service (DoS) vulnerability in the CVS/Subversion/Git Version Control System (VCS) frontend CVSTrac, version 2.0.0.
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 4076 | | Related CVE(s): | CVE-2007-0347 | | Last Modified: | Jan 29 21:02:50 2007 |
| MD5 Checksum: | 0b5659d03a1c3f75f54ba3f47f82e56d |
|
| /// File Name: |
oracle-1.txt |
Description:
|
The Oracle Database Server provides the DBMS_DRS package that includes procedures used in Oracle Data Guard. This package contains the function GET_PROPERTY which is vulnerable to buffer overflow attacks.
| | Homepage: | http://www.appsecinc.com/ | | File Size: | 2303 | | Last Modified: | Jan 26 21:59:05 2007 |
| MD5 Checksum: | 1844076621023b56b018cd7fbd2f0068 |
|
| /// File Name: |
oracle-2.txt |
Description:
|
The Oracle Database Server provides the DBMS_LOGMNR package that contains procedures used to initialize the LogMiner tool. This package contains the procedure ADD_LOGFILE which is vulnerable to buffer overflow attacks.
| | Homepage: | http://www.appsecinc.com/ | | File Size: | 2315 | | Last Modified: | Jan 26 21:59:31 2007 |
| MD5 Checksum: | eea0706ed5c842c047b120a62eb8c46d |
|
| /// File Name: |
oracle-3.txt |
Description:
|
The Oracle Database Server provides the MDSYS.MD package that is used in the Oracle Spatial component. These packages contain many public procedures that are vulnerable to buffer overflow and denial of service attacks.
| | Homepage: | http://www.appsecinc.com/ | | File Size: | 2338 | | Last Modified: | Jan 26 21:59:59 2007 |
| MD5 Checksum: | 9f64e41f2ecd5b7b793a8920c01ba5dd |
|
| /// File Name: |
oracle-4.txt |
Description:
|
The Oracle Database Server provides the DBMS_REPCAT_UNTRUSTED package that can be used to administer a replicated environment. This package contains the procedure UNREGISTER_SNAPSHOT which is vulnerable to buffer overflow attacks.
| | Homepage: | http://www.appsecinc.com/ | | File Size: | 2327 | | Last Modified: | Jan 26 22:00:24 2007 |
| MD5 Checksum: | 7f7dbe72bc9222e1c0d5fe5efdc4ffd7 |
|
| /// File Name: |
oracle-5.txt |
Description:
|
The Oracle Database Server provides the DBMS_LOGREP_UTIL package that is used internally by Oracle. This package contains the procedure GET_OBJECT_NAME which is vulnerable to buffer overflow attacks.
| | Homepage: | http://www.appsecinc.com/ | | File Size: | 2328 | | Last Modified: | Jan 26 22:02:43 2007 |
| MD5 Checksum: | 2165936a9b0f7ce36ab92857ddd4f6d5 |
|
| /// File Name: |
oracle-6.txt |
Description:
|
The Oracle Database Server provides the DBMS_CAPTURE_ADM_INTERNAL package that is used internally by the Streams Change Data Capture component. This package contains the procedures CREATE_CAPTURE, ALTER_CAPTURE, ABORT_TABLE_INSTANTIATION that are vulnerable to buffer overflow attacks.
| | Homepage: | http://www.appsecinc.com/ | | File Size: | 2437 | | Last Modified: | Jan 26 22:03:12 2007 |
| MD5 Checksum: | c3d6ff1ddae8ab45d2292921bf47168c |
|
| /// File Name: |
packeteer-overflow.txt |
Description:
|
Packeteer PacketWise version 8.x suffers from a buffer overflow vulnerability.
| | Author: | kian.mohageri | | File Size: | 1222 | | Last Modified: | Jan 13 17:00:35 2007 |
| MD5 Checksum: | a4064b9a49e40719409775538d94e237 |
|
| /// File Name: |
perforce.txt |
Description:
|
It appears that the Perforce client/server model is a bit broken. The client appears to give the server full control over the machine of the client. This,.. is not happiness.
| | Author: | Ben Bucksch | | Homepage: | http://www.bucksch.org/ | | File Size: | 3742 | | Last Modified: | Jan 4 00:35:32 2007 |
| MD5 Checksum: | a6efd8cb99916801b6455b6fe779e3df |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
