Section: .. / 0801-advisories /
| /// File Name: |
01.07.08-1.txt |
Description:
|
iDefense Security Advisory 01.07.08 - Local exploitation of a privilege escalation vulnerability in Motorola Inc.'s netOctopus could allow an attacker to execute arbitrary code in kernel context. iDefense has confirmed the existence of this vulnerability in version 5.0.0.115 of the nantsys.sys driver as included with netOctopus version 5.1.2 build 1011. Previous versions may also be affected.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3913 | | Related CVE(s): | CVE-2007-5761 | | Last Modified: | Jan 7 16:03:56 2008 |
| MD5 Checksum: | 61e51ae15fb273e26e18067d2f5ee0d4 |
|
| /// File Name: |
01.09.08-1.txt |
Description:
|
iDefense Security Advisory 01.09.08 - Local exploitation of an input validation error vulnerability within Novell Inc.'s NetWare Client allows attackers to execute arbitrary code within the kernel. iDefense has confirmed the existence of this vulnerability in nicm.sys, file version 3.0.0.4, as included with Novell's NetWare Client 4.91 SP4. Other versions may also be vulnerable.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3547 | | Related CVE(s): | CVE-2007-5762 | | Last Modified: | Jan 10 03:33:24 2008 |
| MD5 Checksum: | c3b21473ead37ed6968f5bd86ad99e65 |
|
| /// File Name: |
01.15.08-1.txt |
Description:
|
iDefense Security Advisory 01.15.08 - Remote exploitation of a heap overflow vulnerability in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. A heap overflow vulnerability exists within the code responsible for processing requests. Two distinct values from the request are used for the allocation size and the amount of data copied. Since both values are attacker controlled, this can lead to a heap overflow, potentially resulting in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
| | Author: | McSlibin | | Homepage: | http://www.idefense.com/ | | File Size: | 3257 | | Related CVE(s): | CVE-2007-5658 | | Last Modified: | Jan 16 00:34:14 2008 |
| MD5 Checksum: | a8dbf1e1da5a2a7f6a24e4e845e4d23c |
|
| /// File Name: |
01.15.08-2.txt |
Description:
|
iDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted pointer vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests as pointers. These pointer values are then used in various memory operations. Since attackers can control these values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
| | Author: | McSlibin, Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3321 | | Related CVE(s): | CVE-2007-5655 | | Last Modified: | Jan 16 00:35:19 2008 |
| MD5 Checksum: | cb39535d499d31a340f99f3591932ea3 |
|
| /// File Name: |
01.15.08-3.txt |
Description:
|
iDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted pointer offset vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests as offsets added to valid pointers. The resulting pointer values are then used in various memory operations. Since attackers can control these offset values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
| | Author: | McSlibin, Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3366 | | Related CVE(s): | CVE-2007-5657 | | Last Modified: | Jan 16 00:36:04 2008 |
| MD5 Checksum: | 5c6a4da086edd62deb07e6ab599235a5 |
|
| /// File Name: |
01.15.08-4.txt |
Description:
|
iDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted loop bounds vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests to control the number of iterations of several loops. Inside these loops, various memory operations are performed. Since attackers can control these values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
| | Author: | McSlibin, Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3350 | | Related CVE(s): | CVE-2007-5656 | | Last Modified: | Jan 16 00:36:59 2008 |
| MD5 Checksum: | 0ea32d532b898054a6944d733fdfa008 |
|
| /// File Name: |
01.15.08-5.txt |
Description:
|
iDefense Security Advisory 01.15.08 - Remote exploitation of a heap corruption vulnerability in Apple Computer Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the handling of Macintosh Resources embedded in QuickTime movies. When processing these records, a length value stored in the resource header is not properly validated. When a length value larger than the actual buffer size is supplied, potentially exploitable memory corruption occurs. iDefense Labs confirmed this vulnerability exists in QuickTime Player version 7.3.1. Previous versions are suspected to be vulnerable.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 3266 | | Related CVE(s): | CVE-2008-0032 | | Last Modified: | Jan 16 00:38:32 2008 |
| MD5 Checksum: | 9e6e90cfa4d64a44ebf691fac2f1f239 |
|
| /// File Name: |
01.17.08-1.txt |
Description:
|
iDefense Security Advisory 01.17.08 - Local exploitation of multiple memory corruption vulnerabilities in the X.Org X server, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the X server, typically root. Vulnerable code exists within multiple functions in the XInput extension. By sending specially crafted X11 requests, an attacker is able to corrupt heap memory located after their request data. This results in a potentially exploitable condition. Defense has confirmed the existence of these vulnerabilities in X.Org X11 version R7.3. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3575 | | Related CVE(s): | CVE-2007-6427 | | Last Modified: | Jan 18 05:51:55 2008 |
| MD5 Checksum: | 0967a9706d57df5829dd28f1fd67a786 |
|
| /// File Name: |
01.17.08-2.txt |
Description:
|
iDefense Security Advisory 01.17.08 - Local exploitation of an information disclosure vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to gain access to sensitive information stored in server memory. The vulnerable code exists within the TOG-CUP extension. A 32-bit client supplied value is taken directly from the request, and then used as an index into an array. The value located at this index is then stored into a buffer which is later sent to the client. This allows a client to read memory from arbitrary locations in server memory. iDefense has confirmed the existence of this vulnerability in X.Org X11 version R7.3. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3966 | | Related CVE(s): | CVE-2007-6428 | | Last Modified: | Jan 18 05:53:07 2008 |
| MD5 Checksum: | 1b7e32af0eef6ebb2945a5211db21469 |
|
| /// File Name: |
01.17.08-3.txt |
Description:
|
iDefense Security Advisory 01.17.08 - Local exploitation of multiple integer overflow vulnerabilities in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. One vulnerability exists within the EVI extension. When processing a request, the server uses a 32-bit value provided by the client in an arithmetic operation that calculates the number of bytes to allocate for a dynamic buffer. This operation can overflow, which later leads to a potentially exploitable heap overflow. Another vulnerability exists within the MIT-SHM extension. When allocating a pixmap, the server uses values from the request to verify that the requested size is not greater than the amount of allocated shared memory. The calculation can overflow, which leads to the overwriting of arbitrary addresses in memory that aren't part of the shared memory segment. iDefense has confirmed the existence of these vulnerabilities in X.Org X11 version R7.3. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4381 | | Related CVE(s): | CVE-2007-6429 | | Last Modified: | Jan 18 05:54:08 2008 |
| MD5 Checksum: | d8374f2c1aa7d9c49935b8406407713d |
|
| /// File Name: |
01.17.08-4.txt |
Description:
|
iDefense Security Advisory 01.17.08 - Local exploitation of an invalid array index vulnerability in the X.Org X server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the X server, typically root. The vulnerability exists within the XFree86-Misc extension. When processing a request, a 32-bit value from the client's request is used as an index into an array of structures. This structure contains an array of function pointers, one of which is used later in the request handling. By supplying a large array index, an arbitrary function pointer can be dereferenced. This results in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in X.org X11 version R7.3. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4054 | | Related CVE(s): | CVE-2007-5760 | | Last Modified: | Jan 18 05:55:09 2008 |
| MD5 Checksum: | e9363376f421d5734a8bb62a5b45c073 |
|
| /// File Name: |
01.22.08-1.txt |
Description:
|
iDefense Security Advisory 01.22.08 - Remote exploitation of a buffer overflow vulnerability in the web server component of IBM Corp.'s Tivoli Provisioning Manager for OS Deployment allows attackers to cause a denial of service condition or potentially execute arbitrary code with SYSTEM privileges. This vulnerability specifically exists within the logging functionality of the web server component. By making requests with a large HTTP request method, an attacker can cause a static-sized buffer to be overrun with data they supplied. iDefense has confirmed the existence of this vulnerability in IBM Tivoli Provisioning Manager for OS Deployment version 5.1.0.3. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3404 | | Related CVE(s): | CVE-2008-0401 | | Last Modified: | Jan 25 03:37:38 2008 |
| MD5 Checksum: | 2e1615ccca521c085288606e7b913359 |
|
| /// File Name: |
01.23.08-1.txt |
Description:
|
iDefense Security Advisory 01.23.08 - Local exploitation of a buffer overflow vulnerability in IBM Corp.'s AIX operating system 'pioout' program allows attackers to execute arbitrary code with root privileges. The vulnerability exists due to insufficient input validation when copying user-supplied data to a fixed-size buffer. By passing a long string as a command line option, an attacker can cause an exploitable buffer overflow. iDefense has confirmed the existence of this vulnerability in version 5.2 and 5.3 of AIX with all patches applied as of November 29th, 2007. Previous versions are suspected to be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3215 | | Related CVE(s): | CVE-2007-5764 | | Last Modified: | Jan 25 03:38:26 2008 |
| MD5 Checksum: | ccae057bb83d9a716ba730ad509810d3 |
|
| /// File Name: |
12.24.07-1.txt |
Description:
|
iDefense Security Advisory 12.24.07 - Local exploitation of a privilege escalation vulnerability in Novell ZENworks Endpoint Security Management allows attackers to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in STEngine.exe version 3.5.0.20 as included with Novell Inc's ZENworks Endpoint Security Management 3.5. Other versions may also be affected.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3947 | | Related CVE(s): | CVE-2007-5665 | | Last Modified: | Jan 4 19:25:04 2008 |
| MD5 Checksum: | e67c26c468fb8d535a7fe75eab2aae44 |
|
| /// File Name: |
AID-122207.txt |
Description:
|
Aruba Networks Security Advisory - A user authentication vulnerability was discovered during standard bug reporting procedures in the Aruba Mobility Controller. This vulnerability affects customers using versions at or below 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS using LDAP authentication for management and VPN (PAP-L2TP) users.
| | Homepage: | http://www.arubanetworks.com/ | | File Size: | 4959 | | Last Modified: | Jan 5 18:58:39 2008 |
| MD5 Checksum: | c55a0c5be2b25664bc1fdad2974b316e |
|
| /// File Name: |
apache-modproxy.txt |
Description:
|
Apache versions 2.2.6 and below, 1.3.39 and below, and 2.0.61 and below suffer from an undefined charset UTF-7 cross site scripting vulnerability in mod_proxy_ftp.
| | Author: | sp3x | | Homepage: | http://www.securityreason.com/ | | File Size: | 2359 | | Related CVE(s): | CVE-2008-0005 | | Last Modified: | Jan 11 13:25:45 2008 |
| MD5 Checksum: | 643cb2f85a85ba793a4f0dbc01a14614 |
|
| /// File Name: |
apache-modstatus.txt |
Description:
|
The Apache mod_status functionality suffers from a refresh header cross site scripting vulnerability. Versions 2.2.x, 1.3.x, and 2.0.x are affected.
| | Author: | sp3x | | Homepage: | http://www.securityreason.com/ | | File Size: | 2807 | | Related CVE(s): | CVE-2007-6388 | | Last Modified: | Jan 15 15:26:59 2008 |
| MD5 Checksum: | bcb5c638ccfe70f1f04b397718661ee7 |
|
| /// File Name: |
AST-2008-001.txt |
Description:
|
Asterisk Project Security Advisory - The handling of the BYE with Also transfer method was broken during the development of Asterisk 1.4. If a transfer attempt is made using this method the system will immediately crash upon handling the BYE message due to trying to copy data into a NULL pointer.
| | Author: | Joshua Colp | | Homepage: | http://www.asterisk.org/security | | File Size: | 9190 | | Last Modified: | Jan 2 17:55:27 2008 |
| MD5 Checksum: | f650cdc7e34b6e2ec797a8d92bb23acd |
|
| /// File Name: |
captcha-digest.txt |
Description:
|
This is a digest of vulnerabilities in multiple CAPTCHA systems. All vulnerabilities were reported by MustLive (websecurity.com.ua) during "The Month of Bugs in CAPTCHA".
| | Homepage: | http://securityvulns.com/ | | File Size: | 5404 | | Last Modified: | Jan 3 18:10:06 2008 |
| MD5 Checksum: | fa91a54b96e2127e77e0e4dbd02ab727 |
|
| /// File Name: |
cisco-sa-200080130-wcs.txt |
Description:
|
Cisco Security Advisory - Apache Tomcat is the servlet container for JavaServlet and JavaServer Pages Web within the Cisco Wireless Control System (WCS). A vulnerability exists in the mod_jk.so URI handler within Apache Tomcat which, if exploited, may result in a remote code execution attack.
| | Homepage: | http://www.cisco.com/ | | File Size: | 12331 | | Related CVE(s): | CVE-2007-0774 | | Last Modified: | Jan 30 19:27:28 2008 |
| MD5 Checksum: | 3e7e563897fb70280fe79e9cd829bfb0 |
|
| /// File Name: |
cisco-sa-20080116-cucmctl.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, contains a heap overflow vulnerability in the Certificate Trust List (CTL) Provider service that could allow a remote, unauthenticated user to cause a denial of service (DoS) condition or execute arbitrary code. There is a workaround for this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 14944 | | Related CVE(s): | CVE-2008-0027 | | Last Modified: | Jan 17 00:24:16 2008 |
| MD5 Checksum: | 97e3026e42de1ae8e311442a0ececf89 |
|
| /// File Name: |
cisco-sa-20080123-asa.txt |
Description:
|
Cisco Security Advisory - A crafted IP packet vulnerability exists in the Cisco PIX 500 Series Security Appliance (PIX) and the Cisco 5500 Series Adaptive Security Appliance (ASA) that may result in a reload of the device. This vulnerability is triggered during processing of a crafted IP packet when the Time-to-Live (TTL) decrement feature is enabled.
| | Homepage: | http://www.cisco.com/ | | File Size: | 12690 | | Related CVE(s): | CVE-2008-0028 | | Last Modified: | Jan 23 23:24:57 2008 |
| MD5 Checksum: | ee44bd7dede178400b8e0e71a92c6bea |
|
| /// File Name: |
cisco-sa-20080123-avs.txt |
Description:
|
Cisco Security Advisory - Versions of the Cisco Application Velocity System (AVS) prior to software version AVS 5.1.0 do not prompt users to modify system account passwords during the initial configuration process. Because there is no requirement to change these credentials during the initial configuration process, an attacker may be able to leverage the accounts that have default credentials, some of which have root privileges, to take full administrative control of the AVS system.
| | Homepage: | http://www.cisco.com/ | | File Size: | 20371 | | Related CVE(s): | CVE-2008-0029 | | Last Modified: | Jan 23 23:25:41 2008 |
| MD5 Checksum: | c63427ba381292b84f12fd1fbb98d7bd |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
