Section: .. / 0707-advisories /
| /// File Name: |
USN-480-1.txt |
Description:
|
Ubuntu Security Notice 480-1 - Stefan Cornelius discovered that Gimp could miscalculate the size of heap buffers when processing PSD images. By tricking a user into opening a specially crafted PSD file with Gimp, an attacker could exploit this to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17030 | | Related CVE(s): | CVE-2007-2949 | | Last Modified: | Jul 7 06:27:09 2007 |
| MD5 Checksum: | 6b8210814ba11fb5b90ee0da69eb476e |
|
| /// File Name: |
USN-481-1.txt |
Description:
|
Ubuntu Security Notice 481-1 - Multiple vulnerabilities were found in ImageMagick's handling of DCM and WXD image files. By tricking a user into processing a specially crafted image with an application that uses imagemagick, an attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15633 | | Related CVE(s): | CVE-2007-1667, CVE-2007-1797 | | Last Modified: | Jul 11 09:07:00 2007 |
| MD5 Checksum: | 095128437acef8fc0977a7ab0e8f6c21 |
|
| /// File Name: |
USN-482-1.txt |
Description:
|
Ubuntu Security Notice 482-1 - John Heasman discovered that OpenOffice did not correctly validate the sizes of tags in RTF documents. If a user were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 40780 | | Related CVE(s): | CVE-2007-0245 | | Last Modified: | Jul 12 03:12:07 2007 |
| MD5 Checksum: | 75edb6d8b7d27085e8b4f1cb97ca11fd |
|
| /// File Name: |
USN-483-1.txt |
Description:
|
Ubuntu Security Notice 483-1 - Peter Johannes Holzer discovered that the Net::DNS Perl module had predictable sequence numbers. This could allow remote attackers to carry out DNS spoofing, leading to possible man-in-the-middle attacks. Steffen Ullrich discovered that the Net::DNS Perl module did not correctly detect recursive compressed responses. A remote attacker could send a specially crafted packet, causing applications using Net::DNS to crash or monopolize CPU resources, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4124 | | Related CVE(s): | CVE-2007-3377, CVE-2007-3409 | | Last Modified: | Jul 14 01:19:24 2007 |
| MD5 Checksum: | 1ee28020e77f1222473434a7acd3442a |
|
| /// File Name: |
USN-484-1.txt |
Description:
|
Ubuntu Security Notice 484-1 - It was discovered that the GnuTLS certificate verification methods implemented in Curl did not check for expiration and activation dates. When performing validations, tools using libcurl3-gnutls would incorrectly allow connections to sites using expired certificates.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 14903 | | Related CVE(s): | CVE-2007-3564 | | Last Modified: | Jul 18 06:10:08 2007 |
| MD5 Checksum: | 2a3136b383d581b9ea3888a39dbd7f77 |
|
| /// File Name: |
USN-485-1.txt |
Description:
|
Ubuntu Security Notice 485-1 - It was discovered that the PHP xmlrpc extension did not correctly check heap memory allocation sizes. A remote attacker could send a specially crafted request to a PHP application using xmlrpc and execute arbitrary code as the Apache user. Stefan Esser discovered a flaw in the random number initialization of the PHP SOAP extension. This could lead to remote attackers being able to predict certain elements of the authentication mechanism.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 39606 | | Related CVE(s): | CVE-2007-1864, CVE-2007-2728 | | Last Modified: | Jul 18 06:11:30 2007 |
| MD5 Checksum: | 54166507fb3399332f713fbdf8eaeafc |
|
| /// File Name: |
USN-486-1.txt |
Description:
|
Ubuntu Security Notice 486-1 - The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. Due to a variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. A flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. A flaw was discovered in the IPv6 stack's handling of type 0 route headers. By sending a specially crafted IPv6 packet, a remote attacker could cause a denial of service between two IPv6 hosts. The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 55922 | | Related CVE(s): | CVE-2006-7203, CVE-2007-0005, CVE-2007-1000, CVE-2007-1353, CVE-2007-1861, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-2878 | | Last Modified: | Jul 19 07:10:35 2007 |
| MD5 Checksum: | d1fbda39809930977b9a5d12439c40b2 |
|
| /// File Name: |
USN-487-1.txt |
Description:
|
Ubuntu Security Notice 487-1 - It was discovered that Dovecot, when configured to use non-system-user spools and compressed folders, would allow directory traversals in mailbox names. Remote authenticated users could potentially read email owned by other users.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 8965 | | Related CVE(s): | CVE-2007-2231 | | Last Modified: | Jul 18 06:15:00 2007 |
| MD5 Checksum: | 1a395f4269147a818dd83e8c739a0749 |
|
| /// File Name: |
USN-488-1.txt |
Description:
|
Ubuntu Security Notice 488-1 - Alex Solovey discovered that mod_perl did not correctly validate certain regular expression matches. A remote attacker could send a specially crafted request to a web application using mod_perl, causing the web server to monopolize CPU resources. This could lead to a remote denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 10253 | | Related CVE(s): | CVE-2007-1349 | | Last Modified: | Jul 18 06:16:11 2007 |
| MD5 Checksum: | 9554903b8b1bd33beb787ddc2290a529 |
|
| /// File Name: |
USN-489-1.txt |
Description:
|
Ubuntu Security Notice 489-1 - A ridiculous amount of vulnerabilities in the Linux 2.6 kernel have been fixed.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 45306 | | Related CVE(s): | CVE-2006-4623, CVE-2006-7203, CVE-2007-0005, CVE-2007-1000, CVE-2007-1353, CVE-2007-1861, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-2878, CVE-2007-3380, CVE-2007-3513 | | Last Modified: | Jul 20 08:22:42 2007 |
| MD5 Checksum: | 44760b5f718175c47aece71c76f178d5 |
|
| /// File Name: |
USN-489-2.txt |
Description:
|
Ubuntu Security Notice 489-2 - USN-489-1 fixed vulnerabilities in the Linux kernel. This update provides the corresponding fixes for the redhat cluster suite kernel sources. A flaw was discovered in the cluster manager. A remote attacker could connect to the DLM port and block further DLM operations.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16619 | | Related CVE(s): | CVE-2007-3380 | | Last Modified: | Jul 20 08:23:59 2007 |
| MD5 Checksum: | fa2d1e36c3decb09b0108ca5b75c592a |
|
| /// File Name: |
USN-491-1.txt |
Description:
|
Ubuntu Security Notice 491-1 - A flaw was discovered in Bind's sequence number generator. A remote attacker could calculate future sequence numbers and send forged DNS query responses. This could lead to client connections being directed to attacker-controlled hosts, resulting in credential theft and other attacks.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 23689 | | Related CVE(s): | CVE-2007-2926 | | Last Modified: | Jul 26 07:06:03 2007 |
| MD5 Checksum: | 73266bb57ca7241e26e5568088debcea |
|
| /// File Name: |
vaheapoverflow-06_040.txt |
Description:
|
The Visionsoft Audit VSAOD server has input validation flaws which can result in an unauthenticated heap overflow.
| | Author: | Tim Brown | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 2188 | | Last Modified: | Jul 11 10:07:41 2007 |
| MD5 Checksum: | 6efa6cb9145412b7d3dc4b682a919f62 |
|
| /// File Name: |
vapassword-06-042.txt |
Description:
|
The Visionsoft Audit VSAOD server uses a weak algorithm to obscure passwords on the wire and within configuration files.
| | Author: | Tim Brown, Mark Lowe | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 2255 | | Last Modified: | Jul 11 10:12:18 2007 |
| MD5 Checksum: | ffa43823200cb8febf97c88cd85b06b2 |
|
| /// File Name: |
vareplay-06_044.txt |
Description:
|
The Visionsoft Audit VSAOD server allows remote execution via replay attacks.
| | Author: | Tim Brown | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 2610 | | Last Modified: | Jul 11 10:21:41 2007 |
| MD5 Checksum: | e7d5eaf8dd0de53efd3d04a56ac09459 |
|
| /// File Name: |
vauninstall-06_45.txt |
Description:
|
The Visionsoft Audit VSAOD server allows unauthenticated remote uninstalls.
| | Author: | Tim Brown | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 1853 | | Last Modified: | Jul 11 10:22:51 2007 |
| MD5 Checksum: | b7946225f4438b008477609fbb64f020 |
|
| /// File Name: |
wachovia-leak.txt |
Description:
|
Wachovia Bank submits confidential user information via a simple HTTP POST without using SSL.
| | Author: | Bob Toxen | | Homepage: | http://VerySecureLinux.com/ | | File Size: | 3810 | | Last Modified: | Jul 11 11:01:02 2007 |
| MD5 Checksum: | a819cb7b4c3710195ca7bddd7bea75a8 |
|
| /// File Name: |
wetpaint-xss.txt |
Description:
|
Wetpaint suffers from a cross site scripting vulnerability.
| | Author: | e.wiZz! | | File Size: | 649 | | Last Modified: | Jul 21 04:23:06 2007 |
| MD5 Checksum: | c5607b73bd75cb641565165f62aa2144 |
|
| /// File Name: |
wii-flash.txt |
Description:
|
It appears that the Wii is susceptible to the recent Flash vulnerability.
| | Author: | Juha-Matti Laurio | | File Size: | 660 | | Related CVE(s): | CVE-2007-3456 | | Last Modified: | Jul 20 08:46:25 2007 |
| MD5 Checksum: | a9b33e8c3d3adde0e675d05dbd32efe8 |
|
| /// File Name: |
wsftp75290-dos.txt |
Description:
|
IPSwitch WS_FTP Logging server version 7.5.29.0 suffers from a remote denial of service vulnerability.
| | Author: | Justin Seitz | | File Size: | 1804 | | Last Modified: | Jul 13 03:05:04 2007 |
| MD5 Checksum: | cbbaf70f189bb4b9afcda66966358fa9 |
|
| /// File Name: |
wyciwyg.txt |
Description:
|
A vulnerability exists in how Mozilla Firefox handles internal wyciwyg:// pseudo-URIs.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx/ | | File Size: | 1435 | | Last Modified: | Jul 10 05:04:59 2007 |
| MD5 Checksum: | abfc62b40701ed2d0de2a1efeaf77641 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
