Section: .. / 0805-advisories /
| /// File Name: |
SSRT071454.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified HP-UX running the useradd(1M) command. The vulnerability could be exploited locally to allow unauthorized access to directories or files.
| | Homepage: | http://www.hp.com/ | | File Size: | 6995 | | Related CVE(s): | CVE-2008-1660 | | Last Modified: | May 20 16:23:58 2008 |
| MD5 Checksum: | 2ec5cd03dd2da29b6abd5663ef86fbe3 |
|
| /// File Name: |
SSRT080034.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Netscape Directory Server (NDS). The vulnerability could be used locally to gain extended privileges.
| | Homepage: | http://www.hp.com/ | | File Size: | 7308 | | Related CVE(s): | CVE-2008-0892 | | Last Modified: | May 6 16:42:02 2008 |
| MD5 Checksum: | d484200e5c25c9765700282b3a715e10 |
|
| /// File Name: |
SSRT080071.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com/ | | File Size: | 9522 | | Related CVE(s): | CVE-2007-6026 | | Last Modified: | May 20 10:30:30 2008 |
| MD5 Checksum: | 98043204bdce4fad60e066367be30c8e |
|
| /// File Name: |
SSRT080072.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be exploited locally to gain unauthorized access and create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 6965 | | Related CVE(s): | CVE-2008-1483 | | Last Modified: | May 22 19:41:08 2008 |
| MD5 Checksum: | 50c454b6000fc9686c5ccbb2e49c15d2 |
|
| /// File Name: |
TA08-134A.txt |
Description:
|
Technical Cyber Security Alert TA08-134A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Office, Jet Database Engine, Windows Live OneCare, Antigen, Windows Defender, and Forefront Security as part of the Microsoft Security Bulletin Summary for May 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3749 | | Last Modified: | May 13 15:41:07 2008 |
| MD5 Checksum: | 1b674f3df657c92d13731b2e7392126e |
|
| /// File Name: |
TA08-137A.txt |
Description:
|
Technical Cyber Security Alert TA08-137A - A vulnerability in the OpenSSL package included with the Debian GNU/Linux operating system and its derivatives may cause weak cryptographic keys to be generated. Any package that uses the affected version of SSL could be vulnerable.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4530 | | Last Modified: | May 19 14:54:42 2008 |
| MD5 Checksum: | 545003fb0e62ad13cfa66b242929688b |
|
| /// File Name: |
TA08-150A.txt |
Description:
|
Technical Cyber Security Alert TA08-150A - Apple has released Security Update 2008-003 and OS X version 10.5.3 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3282 | | Last Modified: | May 29 19:21:11 2008 |
| MD5 Checksum: | 45f28ce6b9a1d606c770a82e23858c8c |
|
| /// File Name: |
TPTI-08-04.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the target opens an Office file that contains malicious Jet DB Engine objects. The specific flaw exists within the parsing of a column structure. The DWORD value from the structure that specifies the column count is trusted. If this value is changed, an inline memcpy to the stack can overflow while reading a column name. Typically Jet DB structures are used within MDB files which are considered unsafe. However, it is possible to embed such files within a trusted format, such as an Office Document (.doc). This issue allows for remote code execution under the context of the currently logged in user.
| | Author: | Aaron Portnoy | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 1728 | | Related CVE(s): | CVE-2007-6026 | | Last Modified: | May 13 15:37:04 2008 |
| MD5 Checksum: | b0741f928fbcdfe0d4a4a46f4d209d1b |
|
| /// File Name: |
USN-605-1.txt |
Description:
|
Ubuntu Security Notice 605-1 - Various flaws were discovered in the JavaScript engine. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. Several problems were discovered in Thunderbird which could lead to crashes and memory corruption. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker may be able to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 18180 | | Related CVE(s): | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237 | | Last Modified: | May 6 19:12:13 2008 |
| MD5 Checksum: | 0b243038ac4bfd44eec2a7fae256dc22 |
|
| /// File Name: |
USN-606-1.txt |
Description:
|
Ubuntu Security Notice 606-1 - Thomas Pollet discovered that CUPS did not properly validate the size of PNG images. A local attacker, and a remote attacker if printer sharing is enabled, could send a crafted file and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 18105 | | Related CVE(s): | CVE-2008-1722 | | Last Modified: | May 5 14:00:06 2008 |
| MD5 Checksum: | 7d5d5bc230258dce039aa660f76063ad |
|
| /// File Name: |
USN-607-1.txt |
Description:
|
Ubuntu Security Notice 607-1 - It was discovered that Emacs did not account for precision when formatting integers. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly other unspecified actions. This issue does not affect Ubuntu 8.04. Steve Grubb discovered that the vcdiff script as included in Emacs created temporary files in an insecure way when used with SCCS. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 23245 | | Related CVE(s): | CVE-2008-1694, CVE-2007-6109 | | Last Modified: | May 6 19:10:40 2008 |
| MD5 Checksum: | a268f077c248e418988b3225432e51aa |
|
| /// File Name: |
USN-608-1.txt |
Description:
|
Ubuntu Security Notice 608-1 - It was discovered that start_kdeinit in KDE 3 did not properly sanitize its input. A local attacker could exploit this to send signals to other processes and cause a denial of service or possibly execute arbitrary code.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11178 | | Related CVE(s): | CVE-2008-1671 | | Last Modified: | May 6 19:11:14 2008 |
| MD5 Checksum: | d59d8585bfa28ce139cf8e4ff1045cad |
|
| /// File Name: |
USN-609-1.txt |
Description:
|
Ubuntu Security Notice 609-1 - It was discovered that arbitrary Java methods were not filtered out when opening databases in OpenOffice.org. If a user were tricked into running a specially crafted query, a remote attacker could execute arbitrary Java with user privileges. Multiple memory overflow flaws were discovered in OpenOffice.org's handling of Quattro Pro, EMF, and OLE files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 62628 | | Related CVE(s): | CVE-2007-4575, CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320 | | Last Modified: | May 7 13:36:08 2008 |
| MD5 Checksum: | a3deee4ad320e4a22639ce04c53c56e9 |
|
| /// File Name: |
USN-610-1.txt |
Description:
|
Ubuntu Security Notice 610-1 - Christian Herzog discovered that it was possible to connect to any LTSP client's X session over the network. A remote attacker could eavesdrop on X events, read window contents, and record keystrokes, possibly gaining access to private information.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7189 | | Related CVE(s): | CVE-2008-1293 | | Last Modified: | May 7 13:36:46 2008 |
| MD5 Checksum: | 77ac0e795794d36deede12c886ccdf18 |
|
| /// File Name: |
USN-611-1.txt |
Description:
|
Ubuntu Security Notice 611-1 - It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 13345 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 9 13:30:27 2008 |
| MD5 Checksum: | 218704e90625568f9bf94f8cb18d0063 |
|
| /// File Name: |
USN-611-2.txt |
Description:
|
Ubuntu Security Notice 611-2 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for ogg123, part of vorbis-tools. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7294 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 9 13:30:57 2008 |
| MD5 Checksum: | a2c8b46ce1f3301d099c7eb67973f3b0 |
|
| /// File Name: |
USN-611-3.txt |
Description:
|
Ubuntu Security Notice 611-3 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for GStreamer Good Plugins. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15260 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 9 13:31:28 2008 |
| MD5 Checksum: | 26dd30b7333f05b291b099650b8a9e89 |
|
| /// File Name: |
USN-612-1.txt |
Description:
|
Ubuntu Security Notice 612-1 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15288 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 13 11:01:40 2008 |
| MD5 Checksum: | 4798966590d2c04dbeae52eda8904882 |
|
| /// File Name: |
USN-612-2.txt |
Description:
|
Ubuntu Security Notice 612-2 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 19137 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 13 11:11:26 2008 |
| MD5 Checksum: | 08b7a276f7d12fdf3ce857fbdc45404e |
|
| /// File Name: |
USN-612-3.txt |
Description:
|
Ubuntu Security Notice 612-3 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of shared encryption keys and SSL/TLS certificates in OpenVPN. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7395 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 13 15:37:41 2008 |
| MD5 Checksum: | fbc9eb044bb2cb99c735320b168eeffe |
|
| /// File Name: |
USN-612-4.txt |
Description:
|
Ubuntu Security Notice 612-4 - USN-612-1 fixed vulnerabilities in openssl. This update provides the corresponding updates for ssl-cert -- potentially compromised snake-oil SSL certificates will be regenerated. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4207 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 15 03:45:47 2008 |
| MD5 Checksum: | fbb384be18c0b97874a042383317e896 |
|
| /// File Name: |
USN-612-5.txt |
Description:
|
Ubuntu Security Notice 612-5 - Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This could cause some compromised keys not to be listed in ssh-vulnkey's output. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16139 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 15 03:46:36 2008 |
| MD5 Checksum: | 12c2407158560e7b8cd3525552c71aec |
|
| /// File Name: |
USN-612-6.txt |
Description:
|
Ubuntu Security Notice 612-6 - USN-612-3 addressed a weakness in OpenSSL certificate and keys generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS and multi-client/server which caused OpenVPN to not start when using valid SSL certificates. It was also found that openssl-vulnkey from openssl-blacklist would fail when stderr was not available. This caused OpenVPN to fail to start when used with applications such as NetworkManager. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 8081 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 15 03:47:36 2008 |
| MD5 Checksum: | 1b121b32f5b219bf781da551ba98e314 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
