Section: .. / 0702-advisories /
| /// File Name: |
cisco-sa-20070228-mpls.txt |
Description:
|
Cisco Security Advisory - Cisco Catalyst 6500 series systems that are running certain versions of Cisco Internetwork Operating System (IOS) are vulnerable to an attack from a Multi Protocol Label Switching (MPLS) packet. Only the systems that are running in Hybrid Mode (Catalyst OS (CatOS) software on the Supervisor Engine and IOS Software on the Multilayer Switch Feature Card (MSFC)) or running with Cisco IOS Software Modularity are affected.
| | Homepage: | http://www.cisco.com/ | | File Size: | 15795 | | Last Modified: | Mar 5 23:26:06 2007 |
| MD5 Checksum: | f4f1ef6216f388ba59e83f34ad1a654a |
|
| /// File Name: |
comodofp.txt |
Description:
|
Comodo Firewall Pro (former Comodo Personal Firewall) implements a component control, which is based on a checksum comparison of process modules. Probably to achieve a better performance, cyclic redundancy check (CRC32) is used as a checksum function in its implementation. However, CRC32 was developed for error detection purposes and can not be used as a reliable cryptographic hashing function because it is possible to generate collisions in real time.
| | Homepage: | http://www.matousec.com/ | | File Size: | 1299 | | Last Modified: | Feb 16 02:50:00 2007 |
| MD5 Checksum: | 09a26a30d9a7113a40ac361ea315efe6 |
|
| /// File Name: |
CVE-2007-0452.tgz |
Description:
|
A logic error in the deferred open code can lead to an infinite loop in smbd. This affect Samba versions 3.0.6 through 3.0.23d. Patch included.
| | Homepage: | http://www.samba.org/ | | File Size: | 2930 | | Related CVE(s): | CVE-2007-0452 | | Last Modified: | Feb 6 00:35:24 2007 |
| MD5 Checksum: | f0ba91b5de2d60182956874ec84f0bc6 |
|
| /// File Name: |
CVE-2007-0453.tgz |
Description:
|
Samba versions 3.0.21 through 3.0.23d suffer from a potential overrun in the gethostbyname() and getipnodebyname() in the nss_winbind.so.1 library on Solaris that can potentially allow for code execution. Patch included.
| | Author: | Olivier Gay | | Homepage: | http://www.samba.org/ | | File Size: | 1777 | | Related CVE(s): | CVE-2007-0453 | | Last Modified: | Feb 6 00:33:25 2007 |
| MD5 Checksum: | 9d2e2d59f2d09444848d5da2e098f6be |
|
| /// File Name: |
CVE-2007-0454.tgz |
Description:
|
The name of a file on the server's share is used as the format string when setting an NT security descriptor through the afsacl.so VFS plugin. This affects Samba versions 3.0.6 through 3.0.23d. Patch included.
| | Homepage: | http://www.samba.org/ | | File Size: | 1689 | | Related CVE(s): | CVE-2007-0454 | | Last Modified: | Feb 6 00:38:08 2007 |
| MD5 Checksum: | eccb0d5eb64aff39de90329ce4125dc9 |
|
| /// File Name: |
dsa-1255-1.txt |
Description:
|
Debian Security Advisory 1255-1 - Liu Qishuai discovered that the GNOME gtop library performs insufficient sanitising when parsing the system's /proc table, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 9109 | | Related CVE(s): | CVE-2007-0235 | | Last Modified: | Jan 31 23:56:22 2007 |
| MD5 Checksum: | 6b10603ecfdaa5f6ff1d5dedae59e8dd |
|
| /// File Name: |
dsa-1256-1.txt |
Description:
|
Debian Security Advisory 1256-1 - It was discovered that the image loading code in the GTK+ graphical user interface library performs insufficient error handling when loading malformed images, which may lead to denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 14177 | | Related CVE(s): | CVE-2007-0010 | | Last Modified: | Feb 1 00:14:22 2007 |
| MD5 Checksum: | 04b34324ef7c745c3c0a166ead134e25 |
|
| /// File Name: |
dsa-1257-1.txt |
Description:
|
Debian Security Advisory 1257-1 - Several remote vulnerabilities have been discovered in samba, a free implementation of the SMB/CIFS protocol, which may lead to the execution of arbitrary code or denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 24874 | | Related CVE(s): | CVE-2007-0452, CVE-2007-0454 | | Last Modified: | Feb 6 00:44:32 2007 |
| MD5 Checksum: | 716b84149699e209c03b2728d1f47a6b |
|
| /// File Name: |
dsa-1259-1.txt |
Description:
|
Debian Security Advisory 1259-1 - Isaac Wilcox discovered that fetchmail, a popular mail retrieval and forwarding utility, insufficiently enforces encryption of connections, which might lead to information disclosure.
| | Homepage: | http://www.debian.org/security | | File Size: | 5418 | | Related CVE(s): | CVE-2006-5867 | | Last Modified: | Feb 14 17:29:13 2007 |
| MD5 Checksum: | e341bd5c2c976560f215749710449444 |
|
| /// File Name: |
dsa-1260-1.txt |
Description:
|
Debian Security Advisory 1260-1 - Vladimir Nadvornik discovered that the fix for a vulnerability in the PALM decoder of Imagemagick, a collection of image manipulation programs, was ineffective.
| | Homepage: | http://www.debian.org/security | | File Size: | 15271 | | Related CVE(s): | CVE-2007-0770 | | Last Modified: | Feb 14 17:29:56 2007 |
| MD5 Checksum: | 7dc46211a92cd3f14af3a8aa54629a6a |
|
| /// File Name: |
dsa-1261-1.txt |
Description:
|
Debian Security Advisory 1261-1 - It was discovered that the PostgreSQL database performs insufficient type checking for SQL function arguments, which might lead to denial of service or information disclosure.
| | Homepage: | http://www.debian.org/security | | File Size: | 21178 | | Related CVE(s): | CVE-2007-0555 | | Last Modified: | Feb 16 23:46:07 2007 |
| MD5 Checksum: | af333b926fbf35132c67504503fb8634 |
|
| /// File Name: |
easymail.txt |
Description:
|
EasyMail Objects version 6.5 suffers from a connect method stack overflow vulnerability.
| | Author: | Paul Craig | | Homepage: | http://www.security-assessment.com/ | | File Size: | 2683 | | Last Modified: | Feb 16 03:06:24 2007 |
| MD5 Checksum: | 42312e8a0f02a0562d27b6a7dfe8f2bf |
|
| /// File Name: |
esupport.txt |
Description:
|
ESupport versions 3.00.13 and 3.04.10 suffer from an input validation flaw.
| | Author: | Doz | | Homepage: | http://www.hackerscenter.com/ | | File Size: | 1782 | | Last Modified: | Feb 22 21:58:48 2007 |
| MD5 Checksum: | 834ab5da293dcd92bfd6079a72c99da4 |
|
| /// File Name: |
firefox-bookmark.txt |
Description:
|
There is an interesting vulnerability in how Firefox handles bookmarks. The flaw allows the attacker to steal credentials from commonly used browser start sites.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx/ | | File Size: | 1270 | | Last Modified: | Feb 23 20:45:50 2007 |
| MD5 Checksum: | a0329b99dae1c0984225a5d60d36c5a8 |
|
| /// File Name: |
firefox-boom.txt |
Description:
|
Mozilla Firefox versions 2.0.0.1 and below does not handle writes to the location.hostname DOM property.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx/ | | File Size: | 1757 | | Last Modified: | Feb 16 02:22:52 2007 |
| MD5 Checksum: | e03fdba9ebeb5f30f3ac6e99abb9d598 |
|
| /// File Name: |
firefox-file.txt |
Description:
|
There is an interesting logic flaw in Mozilla Firefox web browser. The vulnerability allows the attacker to silently redirect focus of selected key press events to an otherwise protected file upload form field.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx/ | | File Size: | 1621 | | Last Modified: | Feb 13 03:42:17 2007 |
| MD5 Checksum: | 42000d5f88fc6a835d6a4864a994494b |
|
| /// File Name: |
firefox-flaw.txt |
Description:
|
Firefox suffers from a design flaw that can be used to confuse casual users and evoke a false sense of authority when visiting a fraudulent website. The flaw can be also used to bypass a fix for an old UI spoofing bug that was thought to be addressed.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx/ | | File Size: | 3596 | | Last Modified: | Feb 16 23:52:09 2007 |
| MD5 Checksum: | ec8e7aac60183081b02eaa3b60e9f32b |
|
| /// File Name: |
firefox-popup.txt |
Description:
|
There is an interesting vulnerability in the default behavior of Firefox builtin popup blocker. This vulnerability, coupled with an additional trick, allows the attacker to read arbitrary user-accessible files on the system, and thus steal some fairly sensitive information. This was tested on 1.5.0.9.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx/ | | File Size: | 4615 | | Last Modified: | Feb 6 00:07:25 2007 |
| MD5 Checksum: | 539edaff52bc57444bea4293420707f2 |
|
| /// File Name: |
FreeBSD-SA-07-02.bind.txt |
Description:
|
FreeBSD Security Advisory - A remote attacker sending a type * (ANY) query to an authoritative DNS server for a DNSSEC signed zone can cause the named(8) daemon to exit, resulting in a Denial of Service.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 5755 | | Related CVE(s): | CVE-2007-0493, CVE-2007-0494 | | Last Modified: | Feb 13 01:25:31 2007 |
| MD5 Checksum: | 7dd0ce5e15ea2a438e64c71a1c893c96 |
|
| /// File Name: |
glsa-200611-05-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-05:02 - The original fix for Netkit FTP server introduced a new vulnerability allowing the listing of any arbitrary directory with root group permissions due to a typo in the setgid() call. New fixed packages are available. Also, this update adds a second CVE reference which was not originally mentioned while it was covered by the original fix. Versions less than 0.17-r5 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2630 | | Related CVE(s): | CVE-2006-5778, CVE-2006-6008 | | Last Modified: | Feb 14 15:09:27 2007 |
| MD5 Checksum: | 69668ca63f0b1518c02f14fe6c325614 |
|
| /// File Name: |
glsa-200701-26.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-26 - KSirc fails to check the size of an incoming PRIVMSG string sent from an IRC server during the connection process. Versions less than 3.5.5-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2451 | | Last Modified: | Jan 31 23:57:33 2007 |
| MD5 Checksum: | 818a74e3c4f13a6ceddd9c8806082188 |
|
| /// File Name: |
glsa-200701-27.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-27 - Teemu Salmela discovered an error in the validation code of smb:// URLs used by ELinks, the same issue as reported in GLSA 200612-16 concerning Links. Versions less than 0.11.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2731 | | Last Modified: | Jan 31 23:57:51 2007 |
| MD5 Checksum: | 6186634a29b53c15df8a6d424df4cfb6 |
|
| /// File Name: |
glsa-200701-28.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-28 - thttpd is vulnerable to an underlying change made to the start-stop-daemon command in the current stable Gentoo baselayout package (version 1.12.6). In the new version, the start-stop-daemon command performs a chdir / command just before starting the thttpd process. In the Gentoo default configuration, this causes thttpd to start with the document root set to /, the system root directory. Versions less than 2.25b-r6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3004 | | Last Modified: | Jan 31 23:56:37 2007 |
| MD5 Checksum: | e992fad7912ab6e6d3587fdf16cc2501 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
