Section: .. / 0710-advisories /
| /// File Name: |
TPTI-07-016.txt |
Description:
|
Vulnerabilities allow a remote attacker to execute arbitrary code on vulnerable installations of Computer Associates' BrightStor Hierarchical Storage Manager. Authentication is not required to exploit these vulnerabilities. The specific flaws exist in the CsAgent service that listens by default on TCP port 2000. An opcode parsing switch statement multiplexes data funneling across various vulnerable routines. A user-supplied DWORD size value is assumed by the vulnerable agent to contain the correct length of the subsequent data and is passed directly to memory allocation routines. At least 26 out of the available 68 opcodes are vulnerable to various overflows that allow for remote code execution due to insecure data copy operations.
| | Author: | Aaron Portnoy | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 2444 | | Related CVE(s): | CVE-2007-5082 | | Last Modified: | Oct 2 20:27:55 2007 |
| MD5 Checksum: | b45214555ac98338dbf353986bcee9d2 |
|
| /// File Name: |
TPTI-07-17.txt |
Description:
|
Vulnerabilities allow a remote attacker to inject arbitrary SQL into the backend database on vulnerable installations of CA BrightStor Hierarchical Storage Manager. Authentication is not required to exploit these vulnerabilities. The specific flaws exist in the CsAgent service that listens by default on TCP port 2000. An opcode parsing switch statement multiplexes data funneling across various vulnerable routines. At least 7 out of the available 68 opcodes are vulnerable to SQL injections.
| | Author: | Aaron Portnoy | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 2100 | | Related CVE(s): | CVE-2007-5084 | | Last Modified: | Oct 2 20:29:04 2007 |
| MD5 Checksum: | 9840fb7ea9adf38d8b25253227e70943 |
|
| /// File Name: |
TPTI-07-18.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of EMC RepliStor Server. User interaction is not required to exploit this vulnerability. The specific flaw exists in the RepliStor Server Service that listens by default on TCP port 7144. The vulnerable function trusts a user-supplied size value allowing an attacker to create an undersized buffer. A later call to recv() overflows that buffer allowing for arbitrary code execution in the context of the SYSTEM user. Replistor version 6.1.3 is affected.
| | Author: | Aaron Portnoy | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 2110 | | Related CVE(s): | CVE-2007-5323 | | Last Modified: | Oct 11 00:25:58 2007 |
| MD5 Checksum: | 12f108e9e28d674761caca444b1da76b |
|
| /// File Name: |
unistim-overflow.txt |
Description:
|
The UNIStim IP Softphone appears to suffer from a buffer overflow condition when flooded with data on the RTCP port.
| | Author: | Cyrill Brunschwiler | | Homepage: | http://www.csnc.ch/ | | File Size: | 1521 | | Last Modified: | Oct 22 16:59:25 2007 |
| MD5 Checksum: | c259b982524365914a35391b5fa61e3b |
|
| /// File Name: |
usd250-xss.txt |
Description:
|
The helpdesk utility called usd250 suffers from a cross site scripting vulnerability.
| | Author: | Joseph Giron | | File Size: | 414 | | Last Modified: | Oct 25 16:59:34 2007 |
| MD5 Checksum: | bf01b6b248e9d38683933c179061b35b |
|
| /// File Name: |
USN-501-2.txt |
Description:
|
Ubuntu Security Notice 501-2 - USN-501-1 fixed vulnerabilities in Jasper. This update provides the corresponding update for the Jasper internal to Ghostscript. It was discovered that Jasper did not correctly handle corrupted JPEG2000 images. By tricking a user into opening a specially crafted JPG, a remote attacker could cause the application using libjasper to crash, resulting in a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9150 | | Related CVE(s): | CVE-2007-2721 | | Last Modified: | Oct 22 23:54:11 2007 |
| MD5 Checksum: | bef4672949983b7fb996479d908d2631 |
|
| /// File Name: |
USN-523-1.txt |
Description:
|
Ubuntu Security Notice 523-1 - Multiple vulnerabilities were found in the image decoders of ImageMagick. If a user or automated system were tricked into processing a malicious DCM, DIB, XBM, XCF, or XWD image, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15632 | | Related CVE(s): | CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988 | | Last Modified: | Oct 5 01:30:30 2007 |
| MD5 Checksum: | 86e6f3964a537e5b0f856c134bd48572 |
|
| /// File Name: |
USN-524-1.txt |
Description:
|
Ubuntu Security Notice 524-1 - An integer overflow was discovered in the TIFF handling code in OpenOffice. If a user were tricked into loading a malicious TIFF image, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 50658 | | Related CVE(s): | CVE-2007-2834 | | Last Modified: | Oct 5 02:16:27 2007 |
| MD5 Checksum: | fe45d75534ce9b14eaebf33976068f43 |
|
| /// File Name: |
USN-525-1.txt |
Description:
|
Ubuntu Security Notice 525-1 - Robert Buchholz discovered that libsndfile did not correctly validate the size of its memory buffers. If a user were tricked into playing a specially crafted FLAC file, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9366 | | Related CVE(s): | CVE-2007-4974 | | Last Modified: | Oct 5 02:17:59 2007 |
| MD5 Checksum: | 68343c94c33daf1fad0469e20ae988af |
|
| /// File Name: |
USN-526-1.txt |
Description:
|
Ubuntu Security Notice 526-1 - Thomas de Grenier de Latour discovered that the checkrestart program included in debian-goodies did not correctly handle shell meta-characters. A local attacker could exploit this to gain the privileges of the user running checkrestart.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 2793 | | Related CVE(s): | CVE-2007-3912 | | Last Modified: | Oct 5 02:19:45 2007 |
| MD5 Checksum: | 49acc27f5041763004b3917121247e05 |
|
| /// File Name: |
USN-527-1.txt |
Description:
|
Ubuntu Security Notice 527-1 - Joris van Rantwijk discovered that the Xen host did not correctly validate the contents of a Xen guests's grug.conf file. Xen guest root users could exploit this to run arbitrary commands on the host when the guest system was rebooted.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3791 | | Related CVE(s): | CVE-2007-4993 | | Last Modified: | Oct 10 01:57:58 2007 |
| MD5 Checksum: | 426aa5e53b520753cc6d2ba13b08c8e9 |
|
| /// File Name: |
USN-528-1.txt |
Description:
|
Ubuntu Security Notice 528-1 - Neil Kettle discovered that MySQL could be made to dereference a NULL pointer and divide by zero. An authenticated user could exploit this with a crafted IF clause, leading to a denial of service. Victoria Reznichenko discovered that MySQL did not always require the DROP privilege. An authenticated user could exploit this via RENAME TABLE statements to rename arbitrary tables, possibly gaining additional database access. It was discovered that MySQL could be made to overflow a signed char during authentication. Remote attackers could use crafted authentication requests to cause a denial of service. Phil Anderton discovered that MySQL did not properly verify access privileges when accessing external tables. As a result, authenticated users could exploit this to obtain UPDATE privileges to external tables. In certain situations, when installing or upgrading mysql, there was no notification that the mysql root user password needed to be set. If the password was left unset, attackers would be able to obtain unrestricted access to mysql. This is now checked during mysql start-up.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15165 | | Related CVE(s): | CVE-2007-2583, CVE-2007-2691, CVE-2007-3780, CVE-2007-3782 | | Last Modified: | Oct 12 00:23:11 2007 |
| MD5 Checksum: | d9c83a427ad45d69379e7197ed90bb83 |
|
| /// File Name: |
USN-529-1.txt |
Description:
|
Ubuntu Security Notice 529-1 - It was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12766 | | Related CVE(s): | CVE-2007-5137 | | Last Modified: | Oct 12 00:24:55 2007 |
| MD5 Checksum: | 77c92b066b80efbd16298942f4020919 |
|
| /// File Name: |
USN-530-1.txt |
Description:
|
Ubuntu Security Notice 530-1 - It was discovered that the hpssd tool of hplip did not correctly handle shell meta-characters. A local attacker could exploit this to execute arbitrary commands as the hplip user.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6875 | | Related CVE(s): | CVE-2007-5208 | | Last Modified: | Oct 12 21:28:59 2007 |
| MD5 Checksum: | 4bc05762b82d541e1f43877cff023eb9 |
|
| /// File Name: |
USN-531-1.txt |
Description:
|
Ubuntu Security Notice 531-1 - Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 14112 | | Related CVE(s): | CVE-2007-5365 | | Last Modified: | Oct 22 23:49:49 2007 |
| MD5 Checksum: | f26d95797f689c3fc1c1129bfd38d570 |
|
| /// File Name: |
USN-531-2.txt |
Description:
|
Ubuntu Security Notice 531-2 - USN-531-1 fixed vulnerabilities in dhcp. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes the problem. Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 14318 | | Related CVE(s): | CVE-2007-5365 | | Last Modified: | Oct 23 19:56:28 2007 |
| MD5 Checksum: | 8c2c23432b88a2cdb1e4a4a902161683 |
|
| /// File Name: |
USN-532-1.txt |
Description:
|
Ubuntu Security Notice 532-1 - Nobuhiro Ban discovered that check_http in nagios-plugins did not properly sanitize its input when following redirection requests. A malicious remote web server could cause a denial of service or possibly execute arbitrary code as the user. Aravind Gottipati discovered that sslutils.c in nagios-plugins did not properly reset pointers to NULL. A malicious remote web server could cause a denial of service. Aravind Gottipati discovered that check_http in nagios-plugins did not properly calculate how much memory to reallocate when following redirection requests. A malicious remote web server could cause a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4191 | | Related CVE(s): | CVE-2007-5198 | | Last Modified: | Oct 22 23:50:36 2007 |
| MD5 Checksum: | e91105e1fb6b720a07b26dddb3a591bf |
|
| /// File Name: |
USN-533-1.txt |
Description:
|
Ubuntu Security Notice 533-1 - Ludwig Nussel discovered that mount and umount did not properly drop privileges when using helper programs. Local attackers may be able to bypass security restrictions and gain root privileges using programs such as mount.nfs or mount.cifs.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12797 | | Related CVE(s): | CVE-2007-5191 | | Last Modified: | Oct 22 23:52:24 2007 |
| MD5 Checksum: | 43cdabef17197796a0e6ed65fa2805b4 |
|
| /// File Name: |
USN-534-1.txt |
Description:
|
Ubuntu Security Notice 534-1 - Andy Polyakov discovered that the DTLS implementation in OpenSSL was vulnerable. A remote attacker could send a specially crafted connection request to services using DTLS and execute arbitrary code with the service's privileges. There are no known Ubuntu applications that are currently using DTLS.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16635 | | Related CVE(s): | CVE-2007-4995 | | Last Modified: | Oct 22 23:53:09 2007 |
| MD5 Checksum: | 3117c8dc3a3b0c45760d154d0cd66ccd |
|
| /// File Name: |
USN-535-1.txt |
Description:
|
Ubuntu Security Notice 535-1 - A large amount of flaws related to Firefox have been fixed under Ubuntu. These include forced upload and javascript insertion vulnerabilities.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 29953 | | Related CVE(s): | CVE-2006-2894, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-5334, CVE-2007-5335, CVE-2007-5336, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340 | | Last Modified: | Oct 23 14:16:38 2007 |
| MD5 Checksum: | 74505701d22543c4da59630624735bbb |
|
| /// File Name: |
USN-537-1.txt |
Description:
|
Ubuntu Security Notice 537-1 - Jens Askengren discovered that gnome-screensaver became confused when running under Compiz, and could lose keyboard lock focus. A local attacker could exploit this to bypass the user's locked screen saver.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 2322 | | Related CVE(s): | CVE-2007-3920 | | Last Modified: | Oct 23 20:03:45 2007 |
| MD5 Checksum: | 592797ef6ab8d8e676d24325c81e1429 |
|
| /// File Name: |
USN-538-1.txt |
Description:
|
Ubuntu Security Notice 538-1 - It was discovered that libpng did not properly perform bounds checking and comparisons in certain operations. An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12789 | | Related CVE(s): | CVE-2007-5268, CVE-2007-5269 | | Last Modified: | Oct 26 10:52:33 2007 |
| MD5 Checksum: | 4b4af6499f69b4b2a1ffcc8a68acadd9 |
|
| /// File Name: |
vfd-zlib.txt |
Description:
|
It appears that Virtual Floppy Drive is susceptible to an old zlib vulnerability associated with version 1.2.2.
| | Author: | Stefan Kanthak | | File Size: | 808 | | Related CVE(s): | CAN-2005-2096 | | Last Modified: | Oct 29 20:34:39 2007 |
| MD5 Checksum: | c9dab74bdea6472743947bcd8494b6f9 |
|
| /// File Name: |
viart-traverse.txt |
Description:
|
Viart Shopping Cart suffers from a directory traversal vulnerability.
| | Author: | Outlaw | | Homepage: | http://aria-security.net/ | | File Size: | 386 | | Last Modified: | Oct 8 18:57:34 2007 |
| MD5 Checksum: | ef88dc1ffc6f2e84d1edcaa250930917 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
