Section: .. / 0702-advisories /
| /// File Name: |
dsa-1260-1.txt |
Description:
|
Debian Security Advisory 1260-1 - Vladimir Nadvornik discovered that the fix for a vulnerability in the PALM decoder of Imagemagick, a collection of image manipulation programs, was ineffective.
| | Homepage: | http://www.debian.org/security | | File Size: | 15271 | | Related CVE(s): | CVE-2007-0770 | | Last Modified: | Feb 14 17:29:56 2007 |
| MD5 Checksum: | 7dc46211a92cd3f14af3a8aa54629a6a |
|
| /// File Name: |
dsa-1259-1.txt |
Description:
|
Debian Security Advisory 1259-1 - Isaac Wilcox discovered that fetchmail, a popular mail retrieval and forwarding utility, insufficiently enforces encryption of connections, which might lead to information disclosure.
| | Homepage: | http://www.debian.org/security | | File Size: | 5418 | | Related CVE(s): | CVE-2006-5867 | | Last Modified: | Feb 14 17:29:13 2007 |
| MD5 Checksum: | e341bd5c2c976560f215749710449444 |
|
| /// File Name: |
cisco-sa-20070214-fwsm.txt |
Description:
|
Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco Firewall Services Module (FWSM). These vulnerabilities occur in the processing of specific Hypertext Transfer Protocol (HTTP), Secure HTTP (HTTPS), Session Initiation Protocol (SIP), and Simple Network Management Protocol (SNMP) traffic. If verbose logging is enabled for debugging purposes, a vulnerability exists when the FWSM processes packets destined to itself. All of these vulnerabilities may result in a reload of the device. An additional vulnerability is included in this advisory in which the manipulation of access control lists (ACLs) that make use of object groups may corrupt the ACL and create a situation where unwanted traffic may be permitted or desirable traffic may be blocked.
| | Homepage: | http://www.cisco.com/ | | File Size: | 41063 | | Last Modified: | Feb 14 17:28:19 2007 |
| MD5 Checksum: | 81507c5ff4d851323d723cbf6d6fdbd0 |
|
| /// File Name: |
cisco-sa-20070214-pix.txt |
Description:
|
Cisco Security Advisory - Multiple vulnerabilities have been found in Cisco PIX 500 Series Security Appliances and the Cisco ASA 5500 Series Adaptive Security Appliances. They affect enhanced inspection of Malformed Hypertext Transfer Protocol (HTTP) traffic, inspection of malformed Session Initiation Protocol (SIP) packets, inspection of a stream of malformed Transmission Control Protocol (TCP) packets, and privilege escalation.
| | Homepage: | http://www.cisco.com/ | | File Size: | 26971 | | Last Modified: | Feb 14 17:18:41 2007 |
| MD5 Checksum: | b821bb1d898f29a1e9d50d79ba46895d |
|
| /// File Name: |
webtester-sqlxss.txt |
Description:
|
WebTester versions 5.0.20060927 and below suffer from SQL injection and cross site scripting flaws.
| | Author: | Moran Zavdi | | Homepage: | http://www.vigilon.com/ | | File Size: | 1880 | | Last Modified: | Feb 14 17:14:48 2007 |
| MD5 Checksum: | d0b5f67ac553dd18db44913d585a9af3 |
|
| /// File Name: |
SSRT061233.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running ARPA transport. The vulnerability could be exploited by a local user to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 5911 | | Last Modified: | Feb 14 17:12:02 2007 |
| MD5 Checksum: | 4d278250b558285d4cbbf240c2e8652d |
|
| /// File Name: |
SSRT071302.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running SLSd. The vulnerability could be exploited by a remote unauthorized user to create arbitrary files leading to root access.
| | Homepage: | http://www.hp.com | | File Size: | 6042 | | Last Modified: | Feb 14 17:11:01 2007 |
| MD5 Checksum: | 015956da27b510da97dcffecbe7db1ef |
|
| /// File Name: |
secunia-mailenable-xss.txt |
Description:
|
Secunia Research has discovered some vulnerabilities in MailEnable Web Mail Client, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. MailEnable Professional Edition 2.351 is affected. Other versions may also be affected.
| | Author: | JJ Reyes | | Homepage: | http://secunia.com/ | | File Size: | 5247 | | Related CVE(s): | CVE-2007-0651, CVE-2007-0652 | | Last Modified: | Feb 14 17:10:26 2007 |
| MD5 Checksum: | 50195b14c3b57b078995cfb69c9e29ae |
|
| /// File Name: |
02.13.07-2.txt |
Description:
|
iDefense Security Advisory 02.13.07 - Remote exploitation of a design error within Hewlett-Packard's "SLSd" daemon could allow an attacker to execute privileges as the superuser. The problem specifically exists due to a design error within the "SLSd_daemon" RPC daemon that provides connectivity between the distributed systems. This daemon registers itself under the RPC PROGID of 536870913 or 351456, depending on the HP-UX version. By sending a specially crafted request, the daemon will write attacker supplied data to an arbitrary file as the superuser. iDefense has confirmed the existence of this vulnerability within the "SLSd_daemon" binary as shipped with HP-UX 11.11i and 10.20. All versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com | | File Size: | 3194 | | Last Modified: | Feb 14 15:45:24 2007 |
| MD5 Checksum: | 941e1f5e13db359a50c195fe44b121cf |
|
| /// File Name: |
mscbo-overflow.txt |
Description:
|
Microsoft Interactive Training suffers from a buffer overflow vulnerability when accessing files with .cbo extensions.
| | Author: | Brett Moore | | File Size: | 2226 | | Last Modified: | Feb 14 15:43:54 2007 |
| MD5 Checksum: | 4578d86f1a30073759832f0148f70941 |
|
| /// File Name: |
glsa-200702-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-04 - RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow. Versions less than 3.7.0_beta1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2945 | | Last Modified: | Feb 14 15:27:21 2007 |
| MD5 Checksum: | 1b9253f7075ca064fd92834a64ae908d |
|
| /// File Name: |
glsa-200702-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-03 - Randy Smith, Christian Estan and Somesh Jha discovered that the rule matching algorithm of Snort can be exploited in a way known as a backtracking attack to perform numerous time-consuming operations. Versions less than 2.6.1.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2564 | | Last Modified: | Feb 14 15:26:29 2007 |
| MD5 Checksum: | 2b9c74167d13081003be4897ae2809b6 |
|
| /// File Name: |
glsa-200702-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-02 - A flaw exists in the mod_ctrls module of ProFTPD, normally used to allow FTP server administrators to configure the daemon at runtime. Versions less than 1.3.1_rc1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2559 | | Last Modified: | Feb 14 15:26:14 2007 |
| MD5 Checksum: | 8bc7163f39dfa905f532266356f93a9c |
|
| /// File Name: |
SYMSA-2007-002.txt |
Description:
|
Symantec Vulnerability Research SYMSA-2007-002 - Palm OS Treo smartphones are equipped with a system password lock to secure contents of handheld data from unauthorized access. When this lock is engaged, Treo's built-in Find feature is still accessible and can be used to perform searches on text in Treo applications and databases (e.g. SMS Messages, Memos, Calendar, Tasks, etc). Search results are accessible, and depending on their size, may be truncated. An attacker may use this vulnerability to retrieve information from a locked device.
| | Author: | J.R. Wikes, Matt Cooley, Scott King | | Homepage: | http://www.symantec.com/research | | File Size: | 6124 | | Related CVE(s): | CVE-2007-0859 | | Last Modified: | Feb 14 15:26:06 2007 |
| MD5 Checksum: | 245f920185e5a29e93c6666977ff1d45 |
|
| /// File Name: |
02.13.07.txt |
Description:
|
iDefense Security Advisory 02.13.07 - Remote exploitation of a design error in Microsoft Corp.'s 'wininet.dll' FTP client code could allow an attacker to execute arbitrary code. The vulnerability specifically exists in the parsing of reply lines from remote FTP servers. During an FTP session, the client makes requests for the server to perform some operation and the server responds with a numeric code, a human readable message and possibly some other information. As there can be multiple lines in a reply, code in the client breaks the reply up into lines, putting a null byte (character 0x00) after any end of line character. In the case where a line ends exactly on the last character of the reply buffer, the terminating null byte is written outside of the allocated space, overwriting a byte of the heap management structure. By sending a specially crafted series of replys to the client, the heap may be corrupted in a controlled way to cause the execution of arbitrary code.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com | | File Size: | 5426 | | Related CVE(s): | CVE-2007-0217 | | Last Modified: | Feb 14 15:24:21 2007 |
| MD5 Checksum: | 9da9783032d32d571d8fbe51d6f6a082 |
|
| /// File Name: |
glsa-200702-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200702-01 - A format string vulnerability exists in the VFS module when handling AFS file systems and an infinite loop has been discovered when handling file rename operations. Versions less than 3.0.24 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2758 | | Last Modified: | Feb 14 15:21:53 2007 |
| MD5 Checksum: | 37b8916eb662305d36b8186d34d0ec41 |
|
| /// File Name: |
TA07-044A.txt |
Description:
|
Technical Cyber Security Alert TA07-044A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Office, Works, Malware Protection Engine, Visual Studio, and Step-by-Step Interactive Training. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4752 | | Last Modified: | Feb 14 15:11:31 2007 |
| MD5 Checksum: | 4dcdd89aaeb0f7a4457b50fd535a3b69 |
|
| /// File Name: |
glsa-200611-05-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-05:02 - The original fix for Netkit FTP server introduced a new vulnerability allowing the listing of any arbitrary directory with root group permissions due to a typo in the setgid() call. New fixed packages are available. Also, this update adds a second CVE reference which was not originally mentioned while it was covered by the original fix. Versions less than 0.17-r5 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2630 | | Related CVE(s): | CVE-2006-5778, CVE-2006-6008 | | Last Modified: | Feb 14 15:09:27 2007 |
| MD5 Checksum: | 69668ca63f0b1518c02f14fe6c325614 |
|
| /// File Name: |
cisco-sa-20070213-iosips.txt |
Description:
|
Cisco Security Advisory - The Intrusion Prevention System (IPS) feature set of Cisco IOS contains several vulnerabilities. These include a flaw where fragmented IP packets may be used to evade signature inspection and another flaw where IPS signatures utilizing the regular expression feature of the ATOMIC.TCP signature engine may cause a router to crash resulting in a denial of service.
| | Homepage: | http://www.cisco.com/ | | File Size: | 24702 | | Last Modified: | Feb 14 15:05:23 2007 |
| MD5 Checksum: | 3c3c330852f9ad6e7663f928dbe5017b |
|
| /// File Name: |
n.runs-SA-2007.002.txt |
Description:
|
Both the command line based and the web based management interface of the Aruba Mobility Controller are vulnerable to a heap based buffer overflow when overly long strings are passed as credentials. This can potentially lead to remote code execution, resulting in a system compromise.
| | Homepage: | http://www.nruns.com/ | | File Size: | 2905 | | Last Modified: | Feb 14 15:02:47 2007 |
| MD5 Checksum: | 396ed1146e2c0f39a31d176df2aa7044 |
|
| /// File Name: |
n.runs-SA-2007.001.txt |
Description:
|
A flaw in an authorization component allows for unauthorized access to the Wireless LAN through a Captive Portal, VPN, and administrative access using either the web-based administration or the command line interface. This vulnerability affects all versions of the Aruba Controller beginning with version 2.3.
| | Homepage: | http://www.nruns.com/ | | File Size: | 3286 | | Last Modified: | Feb 14 15:02:05 2007 |
| MD5 Checksum: | 6980987bd144f6f1768b0d92349b39ab |
|
| /// File Name: |
sa22452.txt |
Description:
|
Secunia Security Advisory - Yag Kohha has reported a vulnerability in Microsoft Data Access Components, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/22452/ | | File Size: | 4291 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | 15953ac5e941bc47b3d27b32eed1ed24 |
|
| /// File Name: |
sa23998.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in MailEnable Web Mail Client, which can be exploited by malicious people to conduct cross-site request forgery attacks, cross-site scripting attacks, and script insertion attacks.
| | Homepage: | http://secunia.com/advisories/23998/ | | File Size: | 3696 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | 73bbef42af1a2ec4a736c33ac7a030b5 |
|
| /// File Name: |
sa23999.txt |
Description:
|
Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in Total Video Player, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23999/ | | File Size: | 2419 | | Last Modified: | Feb 14 14:41:53 2007 |
| MD5 Checksum: | 1b4cf1c59246e5252238f65243a01544 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
