Section: .. / 0702-advisories /
| /// File Name: |
glsa-200702-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-01 - A format string vulnerability exists in the VFS module when handling AFS file systems and an infinite loop has been discovered when handling file rename operations. Versions less than 3.0.24 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2758 | | Last Modified: | Feb 14 15:21:53 2007 |
| MD5 Checksum: | 37b8916eb662305d36b8186d34d0ec41 |
|
| /// File Name: |
glsa-200702-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-02 - A flaw exists in the mod_ctrls module of ProFTPD, normally used to allow FTP server administrators to configure the daemon at runtime. Versions less than 1.3.1_rc1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2559 | | Last Modified: | Feb 14 15:26:14 2007 |
| MD5 Checksum: | 8bc7163f39dfa905f532266356f93a9c |
|
| /// File Name: |
glsa-200702-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-03 - Randy Smith, Christian Estan and Somesh Jha discovered that the rule matching algorithm of Snort can be exploited in a way known as a backtracking attack to perform numerous time-consuming operations. Versions less than 2.6.1.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2564 | | Last Modified: | Feb 14 15:26:29 2007 |
| MD5 Checksum: | 2b9c74167d13081003be4897ae2809b6 |
|
| /// File Name: |
glsa-200702-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-04 - RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow. Versions less than 3.7.0_beta1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2945 | | Last Modified: | Feb 14 15:27:21 2007 |
| MD5 Checksum: | 1b9253f7075ca064fd92834a64ae908d |
|
| /// File Name: |
glsa-200702-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-05 - A flaw in the method used to parse log entries allows remote, unauthenticated attackers to forge authentication attempts from other hosts. Versions less than 0.6.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2493 | | Last Modified: | Feb 16 23:46:14 2007 |
| MD5 Checksum: | c798aab5b11958da7119770bbae3eb30 |
|
| /// File Name: |
glsa-200702-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-06 - An unspecified improper usage of an already freed context has been reported. Additionally, an assertion error could be triggered in the DNSSEC validation of some responses to type ANY queries with multiple RRsets. Versions less than 9.3.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3117 | | Related CVE(s): | CVE-2007-0493, CVE-2007-0494 | | Last Modified: | Feb 19 19:56:33 2007 |
| MD5 Checksum: | 10a59ea72a839fc8b8c79974e0e057a1 |
|
| /// File Name: |
glsa-200702-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-07 - A anonymous researcher discovered that an error in the handling of a GIF image with a zero width field block leads to a memory corruption flaw. Versions less than 1.5.0.10 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3977 | | Related CVE(s): | CVE-2007-0243 | | Last Modified: | Feb 19 20:00:40 2007 |
| MD5 Checksum: | 20842e6d08e51bf34ca2821f89367023 |
|
| /// File Name: |
glsa-200702-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-08 - Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in Sun JDK and Sun JRE allowing unintended Java applet or application resource acquisition. Additionally, a memory corruption error has been found in the handling of GIF images with zero width field blocks. Versions less than 1.5.0.10 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3865 | | Related CVE(s): | CVE-2006-6731, CVE-2006-6736, CVE-2006-6737, CVE-2006-6745, CVE-2007-0243 | | Last Modified: | Feb 19 20:01:11 2007 |
| MD5 Checksum: | afc5acc5c88524f859003134314f9e2c |
|
| /// File Name: |
glsa-200702-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-09 - Nexuiz fails to correctly validate input within client commands. There is also a failure to correctly handle connection attempts from remote hosts. Versions less than 2.2.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2855 | | Related CVE(s): | CVE-2006-6609, CVE-2006-6610 | | Last Modified: | Feb 27 19:48:14 2007 |
| MD5 Checksum: | 11797420f26fd61954d872d5bccdfa78 |
|
| /// File Name: |
glsa-200702-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-10 - Five vulnerabilities were found: a buffer overflow in recv_add_unit(); a problem with improperly trusting user-supplied string information in decode_stringmap(); several issues with array manipulation via various commands during play; an SQL injection in server_protocol.cpp; and finally, a second buffer overflow in recv_map_data(). Versions less than 0.7.1062 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3545 | | Related CVE(s): | CVE-2006-3788, CVE-2006-3789, CVE-2006-3790, CVE-2006-3791, CVE-2006-3792 | | Last Modified: | Feb 27 19:49:11 2007 |
| MD5 Checksum: | 99ddea7ead4b117736587c51b15ba5ce |
|
| /// File Name: |
glsa-200702-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-11 - When checking for matching asm rules in the asmrp.c code, the results are stored in a fixed-size array without boundary checks which may allow a buffer overflow. Versions less than 1.0_rc1-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2627 | | Related CVE(s): | CVE-2006-6172 | | Last Modified: | Feb 27 20:01:30 2007 |
| MD5 Checksum: | 197d8c9db70029d6ae36018aa3aea123 |
|
| /// File Name: |
glsa-200702-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-12 - When certain CHM files that contain tables and objects stored in pages are parsed by CHMlib, an unsanitized value is passed to the alloca() function resulting in a shift of the stack pointer to arbitrary memory locations. Versions less than 0.39 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2764 | | Related CVE(s): | CVE-2007-0619 | | Last Modified: | Feb 27 20:01:47 2007 |
| MD5 Checksum: | 4bc3efc12110f8aaabe1ae8edafe0e9f |
|
| /// File Name: |
hpnnm750.txt |
Description:
|
Hewlett-Packard Network Node Manager version 7.50 suffers from a weak file permission vulnerability.
| | Author: | 3APA3A | | File Size: | 3020 | | Related CVE(s): | CVE-2007-0819 | | Last Modified: | Feb 13 00:30:49 2007 |
| MD5 Checksum: | 2374414d743488ac9751a84746b258bb |
|
| /// File Name: |
iemobile-dos.txt |
Description:
|
A denial of service condition exists in Internet Explorer for Microsoft Windows Mobile 5.0.
| | Author: | Michael Kemp | | Homepage: | http://www.clappymonkey.com | | File Size: | 1082 | | Last Modified: | Feb 13 01:05:26 2007 |
| MD5 Checksum: | 69ebbdf1c60ed96cd83a7f8e486f8287 |
|
| /// File Name: |
ipswitch504-exec.txt |
Description:
|
Ipswitch WS_FTP Server version 5.04 suffers from multiple arbitrary code execution vulnerabilities.
| | Author: | sapheal | | File Size: | 1256 | | Last Modified: | Feb 5 23:12:11 2007 |
| MD5 Checksum: | 41c3dc01b6ba7b5d157817bca31c3260 |
|
| /// File Name: |
jbossvuln.txt |
Description:
|
JBoss suffers from a flaw that allows for unauthenticated access to the backend application that controls related data.
| | Author: | Ben Dexter | | File Size: | 1076 | | Last Modified: | Feb 23 18:00:39 2007 |
| MD5 Checksum: | fabf0bdec3eec553d4c785dd2b18d3d9 |
|
| /// File Name: |
jportal231-csrf.txt |
Description:
|
JPortal version 2.3.1 is susceptible to a CSRF vulnerability.
| | Author: | dzitu | | File Size: | 1880 | | Last Modified: | Feb 13 03:46:07 2007 |
| MD5 Checksum: | 2d150cc7829330face96c8ded37ad550 |
|
| /// File Name: |
ledger-multi.txt |
Description:
|
Another security issue has been found in LedgerSMB versions 1.1.5 and below and all versions of SQL-Ledger which allows an attacker to engage in directory transversal, retrieval of sensitive information, user account fabrication, or even arbitrary code execution.
| | Author: | Chris Travers | | File Size: | 1744 | | Last Modified: | Mar 6 00:05:49 2007 |
| MD5 Checksum: | 3ecf46beda31a0753fb83f0cdfdc107b |
|
| /// File Name: |
libevent-dos.txt |
Description:
|
A denial of service flaw exists in the parsing of DNS responses in libevent, specifically in the handling of label pointers. Versions 1.2 and 1.2a are affected.
| | Author: | Jon Oberheide | | File Size: | 1834 | | Last Modified: | Feb 19 20:11:11 2007 |
| MD5 Checksum: | a21155e823885e05984c506fbe4cf71f |
|
| /// File Name: |
ls-setgid.txt |
Description:
|
It appears that /bin/ls has slipped into the linux-ftpd distribution for Debian as setgid 0. This could possibly be used to leverage root group access.
| | Author: | Paul Szabo | | Homepage: | http://www.maths.usyd.edu.au/u/psz/ | | File Size: | 691 | | Last Modified: | Feb 23 19:00:05 2007 |
| MD5 Checksum: | 1c1ac6b027563fb2b5c07a86e4ae4302 |
|
| /// File Name: |
MDKSA-2007-031.txt |
Description:
|
Mandriva Linux Security Advisory - FIXME Konqueror 3.5.5 does not properly parse HTML comments in title tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment, a related issue to CVE-2007-0478.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5097 | | Related CVE(s): | CVE-2007-0478, CVE-2007-0537 | | Last Modified: | Feb 5 23:21:11 2007 |
| MD5 Checksum: | cc717265631106caba755eb8dd9e09de |
|
| /// File Name: |
MDKSA-2007-032.txt |
Description:
|
Mandriva Linux Security Advisory - The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3124 | | Related CVE(s): | CVE-2007-0578 | | Last Modified: | Feb 5 23:21:54 2007 |
| MD5 Checksum: | f7025f13a7d027995e4910ea0d7b896c |
|
| /// File Name: |
MDKSA-2007-034.txt |
Description:
|
Mandriva Linux Security Advisory - A logic error in the deferred open code for smbd may allow an authenticated user to exhaust resources such as memory and CPU on the server by opening multiple CIFS sessions, each of which will normally spawn a new smbd process, and sending each connection into an infinite loop. The name of a file on the server's share is used as the format string when setting an NT security descriptor through the afsacl.so VFS plugin.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15327 | | Related CVE(s): | CVE-2007-0452, CVE-2007-0454 | | Last Modified: | Feb 6 00:54:18 2007 |
| MD5 Checksum: | 49db2b01127faff68ad720c66cf9ff4e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
