Section: .. / 0706-advisories /
| /// File Name: |
06.01.07-1.txt |
Description:
|
iDefense Security Advisory 06.01.07 - Remote exploitation of an input validation vulnerability in VERITAS Software Corp.'s Storage Foundation 4.3 Enterprise Administration service could allow an unauthenticated attacker to consume excessive resources or crash the service. The vulnerability specifically exists in the handling of packets delivered to the VVR Administration service port, TCP/8199. iDefense Labs confirmed that VERITAS Storage Foundation for Windows version 4.3.01 is vulnerable. It is suspected that all previous versions of are vulnerable.
| | Author: | CIRT.DK | | Homepage: | http://www.idefense.com/ | | File Size: | 4261 | | Related CVE(s): | CVE-2007-1593 | | Last Modified: | Jun 6 18:40:26 2007 |
| MD5 Checksum: | 4e09b7abf51d6d258e9b4e8dbf3cf8ae |
|
| /// File Name: |
06.05.07-1.txt |
Description:
|
iDefense Security Advisory 06.05.07 - Remote exploitation of multiple denial of service vulnerabilities in Symantec Corp.'s Ghost could allow remote attackers to crash the Ghost service. These vulnerabilities affect both the client and server daemons due to what looks like a shared communications library. The daemons listen on UDP ports 1346, and 1347 respectively. By sending a malformed UDP-based request to either service, an attacker can cause the service to crash due to an invalid memory reference. This condition can be caused by any of several unique requests. In each case, the particular cause for the access violation varies. iDefense confirmed the existence of these vulnerabilities using Symantec Ghost version 8.0.992 (as supplied with Ghost Solution Suite). Other versions may be vulnerable as well.
| | Author: | Pravus | | Homepage: | http://www.idefense.com/ | | File Size: | 3657 | | Last Modified: | Jun 7 03:01:21 2007 |
| MD5 Checksum: | 53a57d6339bb6433560202f42206587e |
|
| /// File Name: |
06.07.07-1.txt |
Description:
|
iDefense Security Advisory 06.07.07 - Local exploitation of an information disclosure vulnerability within the Linux Kernel allows attackers to obtain sensitive information from kernel memory. This vulnerability specifically exists in the "cpuset_tasks_read" function. This function is responsible for supplying user-land processes with data when they read from the /dev/cpuset/tasks file. iDefense has confirmed the existence of this vulnerability in version 2.6.20 of the Linux Kernel as installed with Fedora CORE 6. It is suspected that previous versions, at least until 2.6.12, are also vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4221 | | Related CVE(s): | CVE-2007-2875 | | Last Modified: | Jun 10 20:27:07 2007 |
| MD5 Checksum: | a7fd3925366c58795f3b1f852d06c23d |
|
| /// File Name: |
06.12.07-1.txt |
Description:
|
iDefense Security Advisory 06.12.07 - Remote exploitation of an invalid memory access vulnerability in various Microsoft products, including Internet Explorer, while creating certain COM objects may allow an attacker to execute arbitrary code. When creating certain COM objects in Internet Explorer, memory corruption can occur, which may allow an attacker to execute arbitrary code. When calling the IObjectSafety function, uninitialized memory is accessed in a way that can allow code execution to occur. The IObjectSafety function is used by COM objects to determine if an object is safe to load in a particular context. iDefense confirmed the existence of this vulnerability using Internet Explorer 6 on Windows XP SP2 and Windows Server 2000 SP4. Although Windows Server 2003 contains an affected version, the Enhanced Security Configuration mitigates exposure to this vulnerability. Microsoft reports that Internet Explorer 7 is not affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4017 | | Related CVE(s): | CVE-2007-0218 | | Last Modified: | Jun 12 21:31:51 2007 |
| MD5 Checksum: | 0d736098f00a2d86c0569d008d377a9a |
|
| /// File Name: |
06.12.07-2.txt |
Description:
|
iDefense Security Advisory 06.12.07 - Remote exploitation of an input validation error within version 2.1 of YaBB Forum allows attackers to register with forum Administrator privileges. The problem specifically exists due to insufficient validation when writing to the "vars" file for each user. By setting the values of certain variables to contain certain characters, attackers can elevate their privileges to that of the forum Administrator. iDefense confirmed the existence of this vulnerability within version 2.1 of YaBB Forum.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.idefense.com/ | | File Size: | 3330 | | Last Modified: | Jun 12 21:33:20 2007 |
| MD5 Checksum: | 6d920acc6c0d7d8ef9d3e8e10602216c |
|
| /// File Name: |
06.13.07-1.txt |
Description:
|
iDefense Security Advisory 06.13.07 - Remote exploitation of a integer overflow vulnerability in libexif, as included in various vendors' operating system distributions, could allow attackers to crash the process or execute arbitrary code. The problem exists while parsing a tagged image with a large number of Exif components. Applications using this library are susceptible to a heap overflow when an integer overflow is triggered in the exif_data_load_data_entry function. iDefense confirmed the existence of this vulnerability in versions 0.6.13 through 0.6.15 of libexif.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3046 | | Related CVE(s): | CVE-2006-4168 | | Last Modified: | Jun 14 00:43:10 2007 |
| MD5 Checksum: | ba5c5901b97e512fe7f59298c3d3fee4 |
|
| /// File Name: |
06.14.07-1.txt |
Description:
|
iDefense Security Advisory 06.14.07 - Remote exploitation of an input validation vulnerability in Apache Software Foundation's MyFaces Tomahawk JSF framework could allow an attacker to perform a cross-site scripting (XSS) attack. The code responsible for parsing HTTP requests is vulnerable to an XSS vulnerability. When parsing the 'autoscroll' parameter from a POST or GET request, the value of this variable is directly inserted into JavaScript that is sent back to the client. This allows an attacker to run arbitrary JavaScript in the context of the affected domain of the MyFaces application being targeted. iDefense has confirmed the existence of this vulnerability in MyFaces Tomahawk version 1.1.5. Previous versions may also be affected.
| | Author: | Rajat Swarup | | Homepage: | http://www.idefense.com/ | | File Size: | 3774 | | Related CVE(s): | CVE-2007-3101 | | Last Modified: | Jun 14 23:07:45 2007 |
| MD5 Checksum: | e872f4db6ae74a07dc365aa79ad418d6 |
|
| /// File Name: |
06.18.07-1.txt |
Description:
|
iDefense Security Advisory 06.18.07 - Remote exploitation of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger could allow attackers to execute arbitrary code as the currently logged on user. The vulnerability specifically exists due to improper handling of UTF-8 sequences. When word-wrapping UTF-8 text, the window width is improperly used as a buffer size value. As such, heap corruption can occur leading to a potentially exploitable condition. iDefense has confirmed the existence of this vulnerability in Cerulean Studios Trillian 3.1.5.1. Previous versions are suspected to be vulnerable.
| | Author: | blurredlogic.com | | Homepage: | http://www.idefense.com/ | | File Size: | 3090 | | Last Modified: | Jun 20 00:40:08 2007 |
| MD5 Checksum: | 4aa4fa081c88b36634a6a56d03402567 |
|
| /// File Name: |
06.21.07-1.txt |
Description:
|
iDefense Security Advisory 06.21.07 - Remote exploitation of multiple heap overflow vulnerabilities in Ingres Database Server as distributed with Computer Associates International Inc.'s (CA) products may allow attackers to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in Ingres Database 3.0.3 as included with CA eTrust Secure Content Manager r8 on Windows. Previous versions may also be affected. In addition, any application that uses the Ingres Database may be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3897 | | Related CVE(s): | CVE-2007-3334 | | Last Modified: | Jun 26 16:06:58 2007 |
| MD5 Checksum: | e033fbe06445e035163720fa22acc31b |
|
| /// File Name: |
06.26.07-1.txt |
Description:
|
iDefense Security Advisory 06.26.07 - Remote exploitation of a buffer overflow vulnerability within MIT Kerberos kadmind allows attackers to execute arbitrary code with the privileges of the running service, usually root. The vulnerability specifically exists within the code responsible for handling requests to rename principals. The rename_principal_2_svc function fails to properly bounds-check user-supplied data before copying it to a fixed-size stack buffer. The vulnerable code is shown below. iDefense confirmed the existence of this vulnerability within MIT Kerberos 1.5-21 as distributed with the Fedora CORE 6 Linux distribution. It has also been confirmed via source code review to exist in version 1.5.3 and version 1.6.1. All other distributions, as well as those for other computing platforms are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4825 | | Related CVE(s): | CVE-2007-2798 | | Last Modified: | Jun 29 00:09:55 2007 |
| MD5 Checksum: | 0a3aed3cee081a68d9792187e97223c2 |
|
| /// File Name: |
14070612.txt |
Description:
|
The PHP parse_str() function suffers from an arbitrary variable overwrite issue.
| | Author: | DarkFig | | Homepage: | http://www.acid-root.new.fr/ | | File Size: | 4620 | | Last Modified: | Jun 12 20:59:09 2007 |
| MD5 Checksum: | 622737b30b530a515a1bc655121bc4e6 |
|
| /// File Name: |
advisory-2007-06-29.txt |
Description:
|
Google suffers from re-authentication a bypass vulnerability with the SID and LSID cookies.
| | Author: | Susam Pal | | Homepage: | http://susam.in/ | | File Size: | 4099 | | Last Modified: | Jun 29 01:41:06 2007 |
| MD5 Checksum: | 459a086c430c1baab2876351e11bca5f |
|
| /// File Name: |
AS07062901.txt |
Description:
|
Airscanner Mobile Security Advisory - FlexiSpy.com's user administration web application contains a critical bug that allows anyone to view anyone else's captured voice, SMS, email, or location.
| | Author: | Seth Fogie | | Homepage: | http://www.airscanner.com | | File Size: | 3667 | | Last Modified: | Jun 29 23:02:58 2007 |
| MD5 Checksum: | 74fb23ba69e3f83513553654b75d2f0b |
|
| /// File Name: |
browserbugs.txt |
Description:
|
Multiple vulnerabilities have been discovered that affect Microsoft Internet Explorer and Mozilla Firefox.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx/ | | File Size: | 2477 | | Last Modified: | Jun 7 00:28:06 2007 |
| MD5 Checksum: | 789a0f916b31b2b1b4c9ad3c31fbccf9 |
|
| /// File Name: |
cacti-dos.txt |
Description:
|
Cacti suffers from a denial of service vulnerability when an authenticated user manipulates some parameters.
| | Author: | Mathieu Dessus | | File Size: | 1641 | | Last Modified: | Jun 7 02:50:09 2007 |
| MD5 Checksum: | 047b66c615530bd2f0e796931840a072 |
|
| /// File Name: |
CVE-2007-1358.txt |
Description:
|
Apache Tomcat versions 4.0.0 to 4.0.6, 4.1.0 to 4.1.34, 5.0.0 to 5.0.30, 5.5.0 to 5.5.20, and 6.0.0 to 6.0.5 suffer from a cross site scripting flaw in Accept-Language header processing.
| | Homepage: | http://tomcat.apache.org/ | | File Size: | 1351 | | Related CVE(s): | CVE-2007-1358 | | Last Modified: | Jun 20 00:53:01 2007 |
| MD5 Checksum: | fc3b3bcfefce5d61eb18aa13d0de4e53 |
|
| /// File Name: |
CVE-2007-2450.txt |
Description:
|
Apache Tomcat versions 4.0.0 to 4.0.6, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from a cross site scripting flaw in the Host Manager Application.
| | Homepage: | http://tomcat.apache.org/ | | File Size: | 1377 | | Related CVE(s): | CVE-2007-2450 | | Last Modified: | Jun 14 23:00:20 2007 |
| MD5 Checksum: | d749caffa30a4143a19313f8a0e45291 |
|
| /// File Name: |
CX-2007-04.txt |
Description:
|
Calyptix Security Advisory CX-2007-04 - Multiple versions of Check Point's Safe@Office UTM device are vulnerable to cross-site request forgery. The test firmware was version 7.0.39x, the latest available for the Safe@Office model. Cursory testing shows that prior version 5.0.82x was also vulnerable. Other Check Point products were not tested.
| | Author: | Daniel Weber | | File Size: | 6685 | | Last Modified: | Jun 29 00:06:48 2007 |
| MD5 Checksum: | 38fb53f8516d93dfe55af0364f02691e |
|
| /// File Name: |
denyfailblock-inject.txt |
Description:
|
DenyHosts, Fail2ban, and BlockHosts are vulnerable to remote log injection attacks that can lead to arbitrary injection of IP addresses in /etc/hosts.deny.
| | Author: | Daniel B. Cid | | Homepage: | http://www.ossec.net/ | | File Size: | 1681 | | Last Modified: | Jun 7 03:10:20 2007 |
| MD5 Checksum: | ec319e1024aecc80b1939fa1373da75f |
|
| /// File Name: |
dsa-1291-4.txt |
Description:
|
Debian Security Advisory 1291-4 - The samba security update for CVE-2007-2446 introduced a regression, which broke connection to domain member servers in some scenarios. This update fixes this regression.
| | Homepage: | http://www.debian.org/security | | File Size: | 22497 | | Related CVE(s): | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447 | | Last Modified: | Jun 7 01:00:42 2007 |
| MD5 Checksum: | 6a69c9a77344d1a0be464f58f6388bf1 |
|
| /// File Name: |
dsa-1299-1.txt |
Description:
|
Debian Security Advisory 1299-1 - It was discovered that a specially-crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 6602 | | Related CVE(s): | CVE-2007-2524 | | Last Modified: | Jun 10 19:44:48 2007 |
| MD5 Checksum: | 20461be8b154bb0cb8ddd3665b286af1 |
|
| /// File Name: |
dsa-1301-1.txt |
Description:
|
Debian Security Advisory 1301-1 - A buffer overflow has been identified in Gimp's SUNRAS plugin in versions prior to 2.2.15. This bug could allow an attacker to execute arbitrary code on the victim's computer by inducing the victim to open a specially crafted RAS file.
| | Homepage: | http://www.debian.org/security | | File Size: | 26056 | | Related CVE(s): | CVE-2007-2356 | | Last Modified: | Jun 10 20:41:56 2007 |
| MD5 Checksum: | ebc4ab67fa5872eea14ee1c03518dc1e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
