Section: .. / 0601-advisories /
| /// File Name: |
sa18480.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered some vulnerabilities in various E-Post Mail Server products, which can be exploited by malicious users to bypass certain security restrictions, gain knowledge of certain system information, and cause a DoS (Denial of Service), or by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18480/ | | File Size: | 5374 | | Last Modified: | Jan 25 18:27:50 2006 |
| MD5 Checksum: | f1d48a4123d988fd93d0231a486a58d8 |
|
| /// File Name: |
USN-233-1.txt |
Description:
|
Ubuntu Security Notice USN-233-1 - Steve Fosdick discovered a remote Denial of Service vulnerability in fetchmail. When using fetchmail in 'multidrop' mode, a malicious email server could cause a crash by sending an email without any headers.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5324 | | Related CVE(s): | CVE-2005-4348 | | Last Modified: | Jan 3 03:50:14 2006 |
| MD5 Checksum: | 1ff5310dd89df8c9acf0b8ec68b7b692 |
|
| /// File Name: |
sa18559.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for kdelibs3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18559/ | | File Size: | 5323 | | Last Modified: | Jan 25 07:44:12 2006 |
| MD5 Checksum: | a11f83bdec17431166f8fbb0a4927a8d |
|
| /// File Name: |
sa18591.txt |
Description:
|
Secunia Security Advisory - Erika Mendoza has reported a vulnerability in various CA products, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18591/ | | File Size: | 5253 | | Last Modified: | Jan 25 07:44:12 2006 |
| MD5 Checksum: | 1c580397588bf4d9af68bad55e384d76 |
|
| /// File Name: |
sa18592.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities and security issues have been reported in WebLogic Server and WebLogic Express, where the most critical ones potentially can be exploited by malicious people to cause a DoS (Denial of Service), disclose sensitive information, and bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/18592/ | | File Size: | 5237 | | Last Modified: | Jan 25 07:44:12 2006 |
| MD5 Checksum: | 8025d7db31a0ff17d4f2891534817f7d |
|
| /// File Name: |
dsa-941-1.txt |
Description:
|
Debian Security Advisory DSA 941-1 - The Debian Security Audit project discovered that a script in tuxpaint, a paint program for young children, creates a temporary file in an insecure fashion.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 5210 | | Related CVE(s): | CVE-2005-3340 | | Last Modified: | Jan 22 00:43:06 2006 |
| MD5 Checksum: | 9c1c60c5af284375ce6042f599a4a2c4 |
|
| /// File Name: |
dsa-955-1.txt |
Description:
|
Debian Security Advisory DSA 955-1 - Two denial of service bugs were found in the mailman list server. In one, attachment filenames containing UTF8 strings were not properly parsed, which could cause the server to crash. In another, a message containing a bad date string could cause a server crash.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 5179 | | Last Modified: | Jan 26 06:12:15 2006 |
| MD5 Checksum: | 3700e7de87f9033c7a5bda74941ef3de |
|
| /// File Name: |
FreeBSD-SA-06-02.ee.txt |
Description:
|
FreeBSD Security Advisory - The ispell_op function used by ee(1) while executing spell check operations employs an insecure method of temporary file generation. This method produces predictable file names based on the process ID and fails to confirm which path will be over written with the user.
| | Homepage: | http://www.freebsd.org/security/ | | File Size: | 5165 | | Related CVE(s): | CAN-2006-0055 | | Last Modified: | Jan 15 02:39:30 2006 |
| MD5 Checksum: | b9ff2feeff308372cbe743a954fe1571 |
|
| /// File Name: |
sa18448.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for tetex. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/18448/ | | File Size: | 5157 | | Last Modified: | Jan 14 06:07:24 2006 |
| MD5 Checksum: | 1fb1e045a3e6546d050e4115009727b9 |
|
| /// File Name: |
MDKSA-2006-024.txt |
Description:
|
Mandriva Linux Security Advisory - The delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. (CVE-2005-4601)
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5128 | | Last Modified: | Jan 27 07:53:33 2006 |
| MD5 Checksum: | 1426ca973b0513a7a34e23964de14cf7 |
|
| /// File Name: |
USN-239-1.txt |
Description:
|
Ubuntu Security Notice USN-239-1 - Several format string vulnerabilities were discovered in the error logging handling of libapache2-mod-auth-pgsql. By sending specially crafted user names, an unauthenticated remote attacker could exploit this to crash the Apache server or possibly even execute arbitrary code with the privileges of Apache.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5127 | | Related CVE(s): | CVE-2005-3656 | | Last Modified: | Jan 10 05:19:58 2006 |
| MD5 Checksum: | c63bb4290dbb2697a9432ab2f2070308 |
|
| /// File Name: |
dsa-930-2.txt |
Description:
|
Debian Security Advisory DSA 930-2 - Ulf Harnhammar from the Debian Security Audit project discovered a format string attack in the logging code of smstools, which may be exploited to execute arbitrary code with root privileges.
| | Author: | Steve Kemp | | Homepage: | http://www.debian.org/security/ | | File Size: | 5084 | | Related CVE(s): | CVE-2006-0083 | | Last Modified: | Jan 11 06:56:12 2006 |
| MD5 Checksum: | c5952807a3a8d2b495420fb99eebf494 |
|
| /// File Name: |
MDKSA-2006-018.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple vulnerabilities in the Linux Kernel.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5040 | | Last Modified: | Jan 25 09:39:37 2006 |
| MD5 Checksum: | 8a7a8b8c969395c874ee1906cf15bb56 |
|
| /// File Name: |
EEYEB-20051031.txt |
Description:
|
eEye Security Advisory - eEye Digital Security has discovered a critical heap overflow in the Apple Quicktime player that allows for the execution of arbitrary code via a maliciously crafted GIF file. This flaw has proven to allow for reliable control of data on the heap chunk and can be exploited via a web site by using ActiveX controls.
| | Author: | Fang Xing | | Homepage: | http://www.eeye.com/ | | File Size: | 4970 | | Related CVE(s): | CAN-2005-3713 | | Last Modified: | Jan 15 16:35:32 2006 |
| MD5 Checksum: | 144e38c9afe72b23ef2d14788692ffbd |
|
| /// File Name: |
sa18339.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for apache2. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/18339/ | | File Size: | 4967 | | Last Modified: | Jan 6 18:58:29 2006 |
| MD5 Checksum: | 041c34d31ac9cc5f7fba80afe751ad80 |
|
| /// File Name: |
dsa-954-1.txt |
Description:
|
Debian Security Advisory DSA 954-1 - H D Moore that discovered that Wine, a free implementation of the Microsoft Windows APIs, inherits a design flaw from the Windows GDI API, which may lead to the execution of code through GDI escape functions in WMF files.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 4964 | | Last Modified: | Jan 25 09:29:28 2006 |
| MD5 Checksum: | 6d918e8ccdf13c242e7e9a3ee9ebfd72 |
|
| /// File Name: |
USN-235-2.txt |
Description:
|
Ubuntu Security Notice USN-235-2 - USN-235-1 fixed a vulnerability in sudo's handling of environment variables. Tavis Ormandy noticed that sudo did not filter out the PYTHONINSPECT environment variable, so that users with the limited privilege of calling a python script with sudo could still escalate their privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4908 | | Related CVE(s): | CVE-2005-4158 | | Last Modified: | Jan 10 05:39:13 2006 |
| MD5 Checksum: | 8958705501f5ee195c029d9e31e371d8 |
|
| /// File Name: |
sa18397.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for libapache2-mod-auth-pgsql. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18397/ | | File Size: | 4859 | | Last Modified: | Jan 12 01:49:01 2006 |
| MD5 Checksum: | b8c605853d1edef2d2dd9e3e6378e9ab |
|
| /// File Name: |
advisory_012006.112.txt |
Description:
|
Hardened-PHP Project Security Advisory - Since PHP5 a user supplied session ID is sent back to the user within a Set-Cookie HTTP header. Because there were no checks performed on the validity of this session id, it was possible to inject arbitrary HTTP headers into the response body of applications using PHP's builtin session functionality by supplying a special crafted session id. Versions 5.1.1 and below are affected. PHP4 is not affected.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 4826 | | Last Modified: | Jan 15 16:54:41 2006 |
| MD5 Checksum: | 04d3dba49413f20ee344aa659bd6cf2e |
|
| /// File Name: |
glsa-200601-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200601-02 - KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf code is vulnerable to several heap overflows (GLSA 200512-08) as well as several buffer and integer overflows discovered by Chris Evans. Versions less than 3.4.3-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4821 | | Related CVE(s): | CAN-2005-3191, CAN-2005-3192, CAN-2005-3193 | | Last Modified: | Jan 5 03:10:09 2006 |
| MD5 Checksum: | 770b399d5b0749ee80133555e8dda679 |
|
| /// File Name: |
advisory_022006.113.txt |
Description:
|
Hardened-PHP Project Security Advisory - PHP5 comes with the new mysqli extension, which recently got a new error reporting feature using exceptions. When an exception for such an error is thrown the error message is used as format string. Depending on the situation and configuration, f.e. a malicious MySQL server or an erroneous SQL query (f.e. through SQL injection) can result in PHP reporting a (partly) user supplied error message, which can result in triggering the format string vulnerability, which can lead to remote code execution. Versions 5.1 through 5.1.1 are affected. PHP4 is not affected.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 4768 | | Last Modified: | Jan 15 16:55:48 2006 |
| MD5 Checksum: | 29f6651d4c9a1137b6551b4140bef858 |
|
| /// File Name: |
sa18456.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mailman. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18456/ | | File Size: | 4675 | | Last Modified: | Jan 17 02:18:29 2006 |
| MD5 Checksum: | 4f956b44133295f833d60560a54c3cd8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
