Section: .. / 0704-advisories /
| /// File Name: |
dsa-1283-1.txt |
Description:
|
Debian Security Advisory 1283-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 32003 | | Related CVE(s): | CVE-2007-1286, CVE-2007-1375, CVE-2007-1376, CVE-2007-1380, CVE-2007-1453, CVE-2007-1454, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1711, CVE-2007-1718, CVE-2007-1777, CVE-2007-1824, CVE-2007-1887, CVE-2007-1889, CVE-2007-1900 | | Last Modified: | May 3 05:25:57 2007 |
| MD5 Checksum: | 75fbfcf5dbc7740ecc59ffbcfaa8a3a7 |
|
| /// File Name: |
glsa-200704-23.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200704-23 - The bufprint() function in capi4k-utils fails to properly check boundaries of data coming from CAPI packets. Versions less than 20050718-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2456 | | Related CVE(s): | CVE-2007-1217 | | Last Modified: | May 3 03:48:07 2007 |
| MD5 Checksum: | 46804317c725150a6bd1cf67b2c5130f |
|
| /// File Name: |
glsa-200704-22.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200704-22 - BEAST, which is installed as setuid root, fails to properly check whether it can drop privileges accordingly if seteuid() fails due to a user exceeding assigned resource limits. Versions less than 0.7.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2776 | | Related CVE(s): | CVE-2006-2916, CVE-2006-4447 | | Last Modified: | May 3 03:47:51 2007 |
| MD5 Checksum: | 2b72440271eba9de7155d2f5d02c6e77 |
|
| /// File Name: |
afflib-overflows.txt |
Description:
|
Virtual Security Research, LLC. Security Advisory - Multiple buffer overflows exist in AFFLIB version 2.2.0. Earlier versions may also be affected.
| | Author: | Timothy D. Morgan | | Homepage: | http://www.vsecurity.com/ | | File Size: | 11680 | | Related CVE(s): | CVE-2007-2053 | | Last Modified: | May 3 03:44:07 2007 |
| MD5 Checksum: | 446352877e3aa73c1f54b3318d5ff7be |
|
| /// File Name: |
afflib-toctou.txt |
Description:
|
Virtual Security Research, LLC. Security Advisory - A Time-of-Check-Time-of-Use file race condition exists in AFFLIB versions 2.2.0 through 2.2.8.
| | Author: | Timothy D. Morgan | | Homepage: | http://www.vsecurity.com/ | | File Size: | 6878 | | Related CVE(s): | CVE-2007-2056 | | Last Modified: | May 3 03:42:48 2007 |
| MD5 Checksum: | 0c56679cd5d6f442117bbe96db6ea730 |
|
| /// File Name: |
afflib-fmtstr.txt |
Description:
|
Virtual Security Research, LLC. Security Advisory - Multiple format string injection vulnerabilities exist in AFFLIB versions 2.2.0 through 2.2.8.
| | Author: | Timothy D. Morgan | | Homepage: | http://www.vsecurity.com/ | | File Size: | 9197 | | Related CVE(s): | CVE-2007-2054 | | Last Modified: | May 3 03:35:01 2007 |
| MD5 Checksum: | f5720e6ca358ef67b2fbb4e58f26fd49 |
|
| /// File Name: |
04.26.07-3.txt |
Description:
|
iDefense Security Advisory 04.26.07 - Norton Ghost allows administrators and other power users to schedule snapshots of local disks for backup and recovery purposes. If these recovery points are set to save to a remote network share Ghost will prompt the user to enter a user name and password for the share. Password information entered into Ghost for this purpose is encrypted and saved to the local file system in the applications home directory which has read access allowed for all users. The encryption key used by Ghost to decrypt these stored credentials is derived from the MD5 hash of the plain text user name stored in the configuration file. Since every user on the system has read access to these configuration files, any user can decrypt the stored passwords. iDefense verified the existence of this vulnerability on Norton Ghost 10.0. Other versions may be vulnerable as well.
| | Author: | Pravus | | Homepage: | http://www.idefense.com/ | | File Size: | 3690 | | Last Modified: | May 3 02:45:34 2007 |
| MD5 Checksum: | c9c6043fee23fdf1fc462b362a8403d3 |
|
| /// File Name: |
04.26.07-2.txt |
Description:
|
iDefense Security Advisory 04.26.07 - Local exploitation of a buffer overflow vulnerability in Norton Ghost could allow local attackers to run code as the SYSTEM level user. Norton Ghost Service Manager is a Local Server COM object that allows privileged Ghost Backup Operators the ability to take and restore Ghost images of the system. A function within the Service Manager can be used to trigger a buffer overflow by supplying an overly long string. iDefense verified the existence of this vulnerability on Norton Ghost 10.0. Other versions may be vulnerable as well.
| | Author: | Pravus | | Homepage: | http://www.idefense.com/ | | File Size: | 3063 | | Last Modified: | May 3 02:44:41 2007 |
| MD5 Checksum: | 8e1831adea9ac92f11f0c6b4c607ea0b |
|
| /// File Name: |
USN-454-1.txt |
Description:
|
Ubuntu Security Notice 454-1 - PostgreSQL did not handle the "search_path" configuration option in a secure way for functions declared as "SECURITY DEFINER". Previously, an attacker could override functions and operators used by the security definer function to execute arbitrary SQL commands with the privileges of the user who created the security definer function. The updated version does not search the temporary table schema for functions and operators any more.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 31224 | | Related CVE(s): | CVE-2007-2138 | | Last Modified: | May 3 02:43:16 2007 |
| MD5 Checksum: | 0c69ebd23c86a1fa63415620f7f3e232 |
|
| /// File Name: |
USN-455-1.txt |
Description:
|
Ubuntu Security Notice 455-1 - A slew of vulnerabilities for PHP5 have been patched.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 42526 | | Related CVE(s): | CVE-2007-1375, CVE-2007-1376, CVE-2007-1380, CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1718, CVE-2007-1824, CVE-2007-1887, CVE-2007-1888, CVE-2007-1900 | | Last Modified: | May 3 02:40:45 2007 |
| MD5 Checksum: | c6010940f066f19053aea86e55037dad |
|
| /// File Name: |
04.26.07-1.txt |
Description:
|
iDefense Security Advisory 04.26.07 - Remote exploitation of a denial of service (DoS) vulnerability in Novell Inc.'s eDirectory product could allow an attacker to force the running daemon to cease servicing requests. The problem specifically exists within the NCP functionality of eDirectory. Sending a sequence of specially crafted fragmented requests will cause a DoS condition. iDefense has confirmed the existence of this vulnerability in version 8.8.1 of Novell Inc.'s eDirectory server with FTF1 applied. The earliest version tested was 8.8. Earlier versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3838 | | Related CVE(s): | CVE-2006-4520 | | Last Modified: | May 3 02:11:38 2007 |
| MD5 Checksum: | 48a75120cc625ccfb07acaa52aedc405 |
|
| /// File Name: |
USN-453-2.txt |
Description:
|
Ubuntu Security Notice 453-2 - USN-453-1 provided an updated libx11 package to fix a security vulnerability. This triggered an error in rdesktop so that it crashed on startup. This update fixes the problem.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3637 | | Related CVE(s): | CVE-2007-1667 | | Last Modified: | May 3 02:01:01 2007 |
| MD5 Checksum: | c65cd90b31c101264b86a08cc036d8f7 |
|
| /// File Name: |
CAID-35277.txt |
Description:
|
CA CleverPath Portal contains a vulnerability that can allow a local attacker to access confidential data. The vulnerability is due to insufficient filtering of SQL search queries. CA has issued a patch to address the vulnerability.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 3125 | | Related OSVDB(s): | 34128 | | Related CVE(s): | CVE-2007-2230 | | Last Modified: | May 3 01:57:44 2007 |
| MD5 Checksum: | b3399cd503f4b6d1f198fd59ee6855d9 |
|
| /// File Name: |
CAID-35198-35276.txt |
Description:
|
CA BrightStor ARCserve Backup Media Server contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4768 | | Related OSVDB(s): | 34126,34127 | | Related CVE(s): | CVE-2007-1785, CVE-2007-2139 | | Last Modified: | May 3 01:53:33 2007 |
| MD5 Checksum: | 836fb8b03fb3f4e770291a868d924eb8 |
|
| /// File Name: |
MDKSA-2007-094.txt |
Description:
|
Mandriva Linux Security Advisory - A weakness in previous versions of PostgreSQL was found in the security definer functions in which an authenticated but otherwise unprivileged SQL user could use temporary objects to execute arbitrary code with the privileges of the security-definer function.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15509 | | Related CVE(s): | CVE-2007-2138 | | Last Modified: | May 3 01:50:33 2007 |
| MD5 Checksum: | 9440c19744ef56d999ba572a309cc4ae |
|
| /// File Name: |
iedos-issue.txt |
Description:
|
Microsoft Internet Explorer contains a flaw that may allow a malicious user to cause IE7 to enter a loop in which IE7 become unresponsive resulting in a recoverable denial of service issue.
| | Author: | Lostmon | | Homepage: | http://lostmon.blogspot.com/ | | File Size: | 3651 | | Last Modified: | May 3 01:48:22 2007 |
| MD5 Checksum: | 57d7f19f626cd637a47ac4c467099cc9 |
|
| /// File Name: |
ieff-split.txt |
Description:
|
Firefox and Internet Explorer are prone to HTTP request splitting when Digest Authentication occurs.
| | Author: | Stefano di Paola | | Homepage: | http://www.wisec.it/ | | File Size: | 7622 | | Last Modified: | May 3 01:44:15 2007 |
| MD5 Checksum: | 5426a639741037c2c3ecdb00815e92d0 |
|
| /// File Name: |
cisco-sa-20070425-nfc.txt |
Description:
|
Cisco Security Advisory - Versions of Cisco Network Services (CNS) NetFlow Collection Engine (NFC) prior to 6.0 create and use default accounts with identical usernames and passwords. An attacker with knowledge of these accounts can modify the application configuration and, in certain instances, gain user access to the host operating system.
| | Homepage: | http://www.cisco.com | | File Size: | 15701 | | Last Modified: | May 3 01:42:29 2007 |
| MD5 Checksum: | cf553a8d2b4152c2e86675fa2dae6d8c |
|
| /// File Name: |
ASA-2007-012.txt |
Description:
|
Asterisk Project Security Advisory - The Asterisk Manager Interface has a remote crash vulnerability. If a manager user is configured in manager.conf without a password, and then a connection is made that attempts to use that username and MD5 authentication, Asterisk will dereference a NULL pointer and crash.
| | Homepage: | http://www.asterisk.org/security | | File Size: | 12084 | | Last Modified: | Apr 25 07:32:40 2007 |
| MD5 Checksum: | 5b817c74c96c6fedc5164d93d80850d7 |
|
| /// File Name: |
ASA-2007-011.txt |
Description:
|
Asterisk Project Security Advisory - Multiple problems have been identified in the Asterisk SIP channel driver (chan_sip) when handling response packets from other SIP endpoints.
| | Author: | qwerty1979 | | Homepage: | http://www.asterisk.org/security | | File Size: | 8564 | | Last Modified: | Apr 25 07:31:22 2007 |
| MD5 Checksum: | 15147c6214e06f689cb0273dd6ad4c52 |
|
| /// File Name: |
ASA-2007-010.txt |
Description:
|
Asterisk Project Security Advisory - Two closely related stack based buffer overflows exist in the SIP/SDP handler of Asterisk, the vulnerabilities are very similar but exist as two separate unsafe function calls.
| | Author: | Barrie Dempster | | Homepage: | http://www.asterisk.org/security | | File Size: | 28456 | | Last Modified: | Apr 25 07:30:03 2007 |
| MD5 Checksum: | 252a950355a472b214e00960e093be58 |
|
| /// File Name: |
ZDI-07-022.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates BrightStor ARCserve Media Server. User interaction is not required to exploit this vulnerability.
| | Author: | Tenable Network Security | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2934 | | Related CVE(s): | CVE-2007-2139 | | Last Modified: | Apr 25 07:27:39 2007 |
| MD5 Checksum: | 2e27e27253c5a55507c1f03fbdf93dad |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
