Section: .. / 0803-advisories /
| /// File Name: |
USN-593-1.txt |
Description:
|
Ubuntu Security Notice 593-1 - It was discovered that the default configuration of dovecot could allow access to any email files with group "mail" without verifying that a user had valid rights. An attacker able to create symlinks in their mail directory could exploit this to read or delete another user's email. By default, dovecot passed special characters to the underlying authentication systems. While Ubuntu releases of dovecot are not known to be vulnerable, the authentication routine was proactively improved to avoid potential future problems.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12819 | | Related CVE(s): | CVE-2008-1199, CVE-2008-1218 | | Last Modified: | Mar 26 18:00:16 2008 |
| MD5 Checksum: | 4a2fd40b872bf6b94fc599b98e0f26b3 |
|
| /// File Name: |
USN-594-1.txt |
Description:
|
Ubuntu Security Notice 594-1 - It was discovered that Net::DNS did not correctly validate the size of DNS replies. A remote attacker could send a specially crafted DNS response and cause applications using Net::DNS to abort, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3821 | | Related CVE(s): | CVE-2007-6341 | | Last Modified: | Mar 26 18:00:59 2008 |
| MD5 Checksum: | e7eaa3c8cfc9df83a00033734478e816 |
|
| /// File Name: |
USN-595-1.txt |
Description:
|
Ubuntu Security Notice 595-1 - Michael Skladnikiewicz discovered that SDL_image did not correctly load GIF images. If a user or automated system were tricked into processing a specially crafted GIF, a remote attacker could execute arbitrary code or cause a crash, leading to a denial of service. David Raulo discovered that SDL_image did not correctly load ILBM images. If a user or automated system were tricked into processing a specially crafted ILBM, a remote attacker could execute arbitrary code or cause a crash, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9803 | | Related CVE(s): | CVE-2008-0544, CVE-2007-6697 | | Last Modified: | Mar 26 18:02:04 2008 |
| MD5 Checksum: | 56a5c4510b1bed524cff5c00ce259ee5 |
|
| /// File Name: |
USN-596-1.txt |
Description:
|
Ubuntu Security Notice 596-1 - Chris Clark discovered that Ruby's HTTPS module did not check for commonName mismatches early enough during SSL negotiation. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to view sensitive information in HTTPS requests coming from Ruby applications. It was discovered that Ruby's FTPTLS, telnets, and IMAPS modules did not check the commonName when performing SSL certificate checks. If a remote attacker were able to perform man-in-the-middle attacks, this flaw could be exploited to eavesdrop on encrypted communications from Ruby applications using these protocols.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 31030 | | Related CVE(s): | CVE-2007-5162, CVE-2007-5770 | | Last Modified: | Mar 26 18:02:56 2008 |
| MD5 Checksum: | a46d0b7c1d5e53f0d8ea29f86db14854 |
|
| /// File Name: |
versantcmd.txt |
Description:
|
Vershant Object Database versions 7.0.1.3 and below suffer from an arbitrary command execution vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | versantcmd.zip | | File Size: | 3865 | | Last Modified: | Mar 4 17:40:05 2008 |
| MD5 Checksum: | 1127c7a25aa511f58d5c9ab916106e52 |
|
| /// File Name: |
visibroken.txt |
Description:
|
Borland VisiBroker Smart Agent versions 08.00.00.C1.03 and below suffer from a heap overflow vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | visibroken.zip | | File Size: | 2534 | | Last Modified: | Mar 3 17:53:55 2008 |
| MD5 Checksum: | f6588a8d50668be1e359971c741656b3 |
|
| /// File Name: |
vlc-stillbroked.txt |
Description:
|
The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e, in fact buffer_text2 in ParseSSA is still unchecked.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | vlcboffs.zip | | File Size: | 607 | | Last Modified: | Mar 17 15:44:30 2008 |
| MD5 Checksum: | e946b5b2d991e495d3526244567d4009 |
|
| /// File Name: |
VMSA-2008-0004.txt |
Description:
|
VMware Security Advisory - An updated service console package for e2fsprogs has been released for ESX Server versions 2.5.5 and 2.5.4.
| | Homepage: | http://www.vmware.com/ | | File Size: | 3342 | | Related CVE(s): | CVE-2007-5497 | | Last Modified: | Mar 3 17:45:14 2008 |
| MD5 Checksum: | 8e4aad71756e9ab0a3cd93ac097bc1fb |
|
| /// File Name: |
VMSA-2008-0005.txt |
Description:
|
VMware Security Advisory - VMWare has addressed a folder traversal vulnerability, an insecure named pipe vulnerability, libpng, and various other bits and pieces.
| | Homepage: | http://www.vmware.com/ | | File Size: | 15844 | | Related CVE(s): | CVE-2008-0923, CVE-2008-0923, CVE-2008-1361, CVE-2008-1362, CVE-2007-5269, CVE-2006-2940, CVE-2006-2937, CVE-2006-4343, CVE-2006-4339, CVE-2007-5618, CVE-2008-1364, CVE-2008-1363, CVE-2008-1340 | | Last Modified: | Mar 18 22:18:56 2008 |
| MD5 Checksum: | ee66e4579274ee816d1615a56fe85d80 |
|
| /// File Name: |
VMSA-2008-0006.txt |
Description:
|
VMware Security Advisory - VMware has released an updated libxml2 package that addresses a security issue.
| | Homepage: | http://www.vmware.com/ | | File Size: | 3028 | | Related CVE(s): | CVE-2007-6284 | | Last Modified: | Mar 29 15:50:19 2008 |
| MD5 Checksum: | 2a723fe9cc3a345fee9423b599fb6de1 |
|
| /// File Name: |
xinehof.txt |
Description:
|
xine-lib versions 1.1.11 and below suffer from six heap overflow vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | xinehof.zip | | File Size: | 3966 | | Last Modified: | Mar 20 17:17:19 2008 |
| MD5 Checksum: | 2cfe9d6e272a5f0691aaff6313456fda |
|
| /// File Name: |
zabbix-dos.txt |
Description:
|
Zabbix is susceptible to a resource consumption denial of service vulnerability when the zabbix_agentd is told to checksum a device (like /dev/urandom, etc).
| | Author: | Milen Rangelov | | File Size: | 1810 | | Last Modified: | Mar 13 16:40:36 2008 |
| MD5 Checksum: | 6ec48b5583f2b94e763b3972da82b95f |
|
| /// File Name: |
ZDI-08-008.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of malformed cell comments. When Excel encounters a malformed record it attempts to rebuild the broken meta-data. A flaw in this rebuilding process allows the user to specify critical data offsets eventually leading to code execution under the logged in users credentials.
| | Author: | Arnaud Dovi | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3286 | | Related CVE(s): | CVE-2008-0113 | | Last Modified: | Mar 13 00:21:49 2008 |
| MD5 Checksum: | fad9ca3fbd2db4d159a2d0d8c46e7a60 |
|
| /// File Name: |
ZDI-08-009.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the useEncodingDecl() function used while checking xml based JNLP files for UTF8 characters. When a user downloads a malicious JNLP file, the data immediately preceding the opening of the xml tag is read into a static buffer. If an overly long key name in the xml header is included, a stack based buffer overflow occurs, resulting in an exploitable condition.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3323 | | Related CVE(s): | CVE-2008-1188 | | Last Modified: | Mar 13 01:45:20 2008 |
| MD5 Checksum: | d8d717d09ec7deffd5ccca6cbd673ae4 |
|
| /// File Name: |
ZDI-08-010.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the useEncodingDecl() function used while parsing the xml header character encoding attribute. When a user downloads a malicious JNLP file, the charset value is read into a static buffer. If an overly charset name in the xml header is included, a stack based buffer overflow occurs, resulting in an exploitable condition.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3284 | | Related CVE(s): | CVE-2008-1188 | | Last Modified: | Mar 13 01:46:04 2008 |
| MD5 Checksum: | 5a74d23adc6e1b3e991f4b6243651b6f |
|
| /// File Name: |
ZDI-08-011.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM's Informix Dynamic Server. User interaction is not required to exploit this vulnerability. Authentication is required in that an attacker must have database connection privileges. The specific flaw exists in the oninit.exe process that listens by default on TCP port 1526. During authentication, the process does not validate the length of the DBPATH variable. An attacker can provide a overly long variable name and overflow a global buffer, overwriting function pointers leading to arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3560 | | Related CVE(s): | CVE-2008-0727 | | Last Modified: | Mar 13 16:43:11 2008 |
| MD5 Checksum: | 9aba0695949a10843e411aecb47a4ad6 |
|
| /// File Name: |
ZDI-08-012.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of IBM's Informix Dynamic Server. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the oninit.exe process that listens by default on TCP port 1526. During authentication, the process does not validate the length of the supplied user password. An attacker can provide a overly long password and overflow a stack based buffer resulting in arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3527 | | Related CVE(s): | CVE-2008-0727 | | Last Modified: | Mar 13 16:44:04 2008 |
| MD5 Checksum: | 0514694ac6e8577a2f7e74face18c5f7 |
|
| /// File Name: |
ZDI-08-013.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory for Linux. Authentication is not required to exploit this vulnerability. The specific flaw exists in the libnldap library. When a large LDAP delRequest message is sent, a stack overflow occurs overwriting a function pointer. This results in a situation allowing the execution of arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3185 | | Related CVE(s): | CVE-2008-0924 | | Last Modified: | Mar 26 18:20:54 2008 |
| MD5 Checksum: | e35e7ad52a9e2a0a6d71048d250a4a7b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
