Section: .. / 0605-advisories /
| /// File Name: |
sa20221.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for quagga. This fixes two security issues and a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service), and by malicious people to bypass certain security restrictions and to disclose system information.
| | Homepage: | http://secunia.com/advisories/20221/ | | File Size: | 4550 | | Last Modified: | May 23 01:09:34 2006 |
| MD5 Checksum: | b9230d8550c176bfaf8e21feb4bd154f |
|
| /// File Name: |
sa20223.txt |
Description:
|
Secunia Security Advisory - Trustix has issued an update for mysql. This fixes some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/20223/ | | File Size: | 2071 | | Last Modified: | May 23 01:09:34 2006 |
| MD5 Checksum: | fc5926884dc01dd94d3910c3860a993f |
|
| /// File Name: |
skypeVuln.txt |
Description:
|
During the typical installation of the Windows Skype client, several URI handlers are installed. This allows for easy access to the Skype client through various URI types. Due to a flaw in the handling of one of these types, it is possible to include additional command line switches to be passed to the Skype client. One of these switches will initiate a file transfer, sending the specified file to an arbitrary Skype user. All releases prior to and included 2.0.*.104 and releases 2.5.*.0 to and including 2.5.*.78 are affected.
| | Author: | Brett Moore | | Homepage: | http://www.security-assessment.com/ | | File Size: | 2439 | | Last Modified: | May 22 03:36:17 2006 |
| MD5 Checksum: | fc255d4d355f756adbe4dda55b1adf56 |
|
| /// File Name: |
glsa-200605-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-15 - Konstantin V. Gavrilenko discovered two flaws in the Routing Information Protocol (RIP) daemon that allow the processing of RIP v1 packets (carrying no authentication) even when the daemon is configured to use MD5 authentication or, in another case, even if RIP v1 is completely disabled. Additionally, Fredrik Widell reported that the Border Gateway Protocol (BGP) daemon contains a flaw that makes it lock up and use all available CPU when a specific command is issued from the telnet interface. Versions less than 0.98.6-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3342 | | Last Modified: | May 22 03:26:25 2006 |
| MD5 Checksum: | a38e9d18f3849daa79e90015bb3d26ed |
|
| /// File Name: |
glsa-200605-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200605-14 - Luigi Auriemma has found two heap-based buffer overflows in libextractor 0.5.13 and earlier: one of them occurs in the asf_read_header function in the ASF plugin, and the other occurs in the parse_trak_atom function in the Qt plugin. Versions less than 0.5.14 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2799 | | Last Modified: | May 22 03:25:58 2006 |
| MD5 Checksum: | 3216110d63f3abbacf3b035f472a40d2 |
|
| /// File Name: |
TZO-072006-Xampp.txt |
Description:
|
XAMPP version 1.5.2 is susceptible to multiple privilege escalation flaws and a rogue autostart vulnerability.
| | Author: | Thierry Zoller | | Homepage: | http://secdev.zoller.lu/ | | File Size: | 4735 | | Last Modified: | May 22 03:23:07 2006 |
| MD5 Checksum: | 0400aa7b17ef7dce2b10569b91329299 |
|
| /// File Name: |
TA06-139A.txt |
Description:
|
Technical Cyber Security Alert TA06-139A - Microsoft Word contains a buffer overflow vulnerability. Opening a specially crafted Word document, including documents hosted on web sites or attached to email messages, could trigger the vulnerability.
| | Homepage: | http://cert.org/ | | File Size: | 3890 | | Last Modified: | May 22 03:03:59 2006 |
| MD5 Checksum: | d91a5a215848766d599da6cdafdc1e0b |
|
| /// File Name: |
SSRT061145.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified in Firefox for HP Tru64 UNIX and in the Mozilla Application Suite for HP Tru64 UNIX. The vulnerabilities could result in possible remote execution of arbitrary code or Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 6191 | | Related CVE(s): | CVE-2006-1993 | | Last Modified: | May 22 02:59:44 2006 |
| MD5 Checksum: | d6a01651795b00ae9891b6362dc3cae8 |
|
| /// File Name: |
SSRT2400.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running the BINDv4 Domain Name Server (DNS). The vulnerability could be exploited to poison the DNS cache leading to remote unauthorized access or Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 6709 | | Last Modified: | May 22 02:59:00 2006 |
| MD5 Checksum: | fedaba6b4e5114827cf2a563f34f4b52 |
|
| /// File Name: |
SSRT061133.txt |
Description:
|
HP Security Bulletin - A vulnerability has been identified in Sendmail which may allow a remote attacker to execute arbitrary code.
| | Homepage: | http://www.hp.com | | File Size: | 11857 | | Related CVE(s): | CVE-2006-0058 | | Last Modified: | May 22 02:58:10 2006 |
| MD5 Checksum: | d7b62d639fe55b268f77be3d0395f710 |
|
| /// File Name: |
applesafari203.txt |
Description:
|
A vulnerability exists in Apple Safari 2.0.3 (417.9.3) and perhaps in prior versions which shows up the SRCOD (Spinning Rainbow Cursor Of Death).
| | Author: | Yannick von Arx | | File Size: | 1158 | | Last Modified: | May 22 02:56:11 2006 |
| MD5 Checksum: | 6604f4348ea6f9ac439211f69d37901b |
|
| /// File Name: |
dsa-1070-1.txt |
Description:
|
Debian Security Advisory 1070-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Author: | Martin Schulze, Dann Frazier | | Homepage: | http://www.debian.org/security/ | | File Size: | 10473 | | Related CVE(s): | CVE-2004-0427, CVE-2005-0489, CVE-2004-0394, CVE-2004-0447, CVE-2004-0554, CVE-2004-0565, CVE-2004-0685, CVE-2005-0001, CVE-2004-0883, CVE-2004-0949, CVE-2004-1016, CVE-2004-1333, CVE-2004-0997, CVE-2004-1335, CVE-2004-1017, CVE-2005-0124, CVE-2005-0528, CVE-2003-0984, CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073, CVE-2004-1074, CVE-2004-0138, CVE-2004-1068, CVE-2004-1234, CVE-2005-0003, CVE-2004-1235, CVE-2005-0504, CVE-2005-0384, CVE-2005-0135 | | Last Modified: | May 22 02:34:27 2006 |
| MD5 Checksum: | 1a87ad816468b3802b21395a8e39d989 |
|
| /// File Name: |
dsa-1069-1.txt |
Description:
|
Debian Security Advisory 1069-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Author: | Martin Schulze, Dann Frazier | | Homepage: | http://www.debian.org/security/ | | File Size: | 6938 | | Related CVE(s): | CVE-2004-0427, CVE-2005-0489, CVE-2004-0394, CVE-2004-0447, CVE-2004-0554, CVE-2004-0565, CVE-2004-0685, CVE-2005-0001, CVE-2004-0883, CVE-2004-0949, CVE-2004-1016, CVE-2004-1333, CVE-2004-0997, CVE-2004-1335, CVE-2004-1017, CVE-2005-0124, CVE-2005-0528, CVE-2003-0984, CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073, CVE-2004-1074, CVE-2004-0138, CVE-2004-1068, CVE-2004-1234, CVE-2005-0003, CVE-2004-1235, CVE-2005-0504, CVE-2005-0384, CVE-2005-0135 | | Last Modified: | May 22 02:33:40 2006 |
| MD5 Checksum: | 0624ddb0d704e2264ed8dac627c7b9c6 |
|
| /// File Name: |
dsa-1068-1.txt |
Description:
|
Debian Security Advisory 1068-1 - Jan Braun discovered that the fbgs script of fbi, an image viewer for the framebuffer environment, creates an directory in a predictable manner, which allows denial of service through symlink attacks.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 9054 | | Related CVE(s): | CVE-2006-1695 | | Last Modified: | May 22 02:30:38 2006 |
| MD5 Checksum: | acb638b27457f63bb932542b52fcab0f |
|
| /// File Name: |
dsa-1067-1.txt |
Description:
|
Debian Security Advisory 1067-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Author: | Martin Schulze, Dann Frazier | | Homepage: | http://www.debian.org/security/ | | File Size: | 9383 | | Related CVE(s): | CVE-2004-0427, CVE-2005-0489, CVE-2004-0394, CVE-2004-0447, CVE-2004-0554, CVE-2004-0565, CVE-2004-0685, CVE-2005-0001, CVE-2004-0883, CVE-2004-0949, CVE-2004-1016, CVE-2004-1333, CVE-2004-0997, CVE-2004-1335, CVE-2004-1017, CVE-2005-0124, CVE-2005-0528, CVE-2003-0984, CVE-2004-1070, CVE-2004-1071, CVE-2004-1072, CVE-2004-1073, CVE-2004-1074, CVE-2004-0138, CVE-2004-1068, CVE-2004-1234, CVE-2005-0003, CVE-2004-1235, CVE-2005-0504, CVE-2005-0384, CVE-2005-0135 | | Last Modified: | May 22 02:29:12 2006 |
| MD5 Checksum: | 42387c7d775a6d17cce7ac7fc2c024c9 |
|
| /// File Name: |
dsa-1066-1.txt |
Description:
|
Debian Security Advisory 1066-1 - It was discovered that phpbb2, a web based bulletin board, does insufficiently sanitize values passed to the "Font Colour 3" setting, which might lead to the execution of injected code by admin users.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 3263 | | Related CVE(s): | CVE-2006-1896 | | Last Modified: | May 22 02:26:42 2006 |
| MD5 Checksum: | c3a55058b0ccee6680de14151d208c1b |
|
| /// File Name: |
dsa-1065-1.txt |
Description:
|
Debian Security Advisory 1065-1 - Matteo Rosi and Leonardo Maccari discovered that hostapd, a wifi network authenticator daemon, performs insufficient boundary checks on a key length value, which might be exploited to crash the service.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 4987 | | Related CVE(s): | CVE-2006-2213 | | Last Modified: | May 22 02:25:41 2006 |
| MD5 Checksum: | 703b95d47d5c83f72f9de44ecd56d174 |
|
| /// File Name: |
dsa-1064-1.txt |
Description:
|
Debian Security Advisory 1064-1 - Jason Duell discovered that cscope, a source code browsing tool, does not verify the length of file names sourced in include statements, which may potentially lead to the execution of arbitrary code through specially crafted source code files.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 7584 | | Related CVE(s): | CVE-2004-2541 | | Last Modified: | May 22 02:24:52 2006 |
| MD5 Checksum: | 760b7c5c025a3fd2ea392dadf8b9609c |
|
| /// File Name: |
dsa-1063-1.txt |
Description:
|
Debian Security Advisory 1063-1 - It was discovered that the Avatar upload feature of FUD Forum, a component of the web based groupware system phpgroupware, does not sufficiently validate uploaded files, which might lead to the execution of injected web script code.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 20533 | | Related CVE(s): | CVE-2005-2781 | | Last Modified: | May 22 02:23:17 2006 |
| MD5 Checksum: | e2122d52cbe1ea7831ab4eeb8ff4f911 |
|
| /// File Name: |
dsa-1062-1.txt |
Description:
|
Debian Security Advisory 1062-1 - Sven Dreyer discovered that KPhone, a Voice over IP client for KDE, creates a configuration file world-readable, which could leak sensitive information like SIP passwords.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 5008 | | Related CVE(s): | CVE-2006-2442 | | Last Modified: | May 22 02:22:36 2006 |
| MD5 Checksum: | 840ceff171d8f41a3d0336be165a3218 |
|
| /// File Name: |
dsa-1061-1.txt |
Description:
|
Debian Security Advisory 1061-1 - It has been discovered that popfile, a bayesian mail classifier, can be forced into a crash through malformed character sets within email messages, which allows denial of service.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 2938 | | Related CVE(s): | CVE-2006-0876 | | Last Modified: | May 22 02:22:00 2006 |
| MD5 Checksum: | eb2b0f3eb650023054d39450753b3bf6 |
|
| /// File Name: |
dsa-1060-1.txt |
Description:
|
Debian Security Advisory 1060-1 - Jan Rekorajski discovered that the kernel patch for virtual private servers does not limit context capabilities to the root user within the virtual server, which might lead to privilege escalation for some virtual server specific operations.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 2933 | | Related CVE(s): | CVE-2006-2110 | | Last Modified: | May 22 02:21:07 2006 |
| MD5 Checksum: | 6963d7926e2fd2d1ee74bbae2788a8b5 |
|
| /// File Name: |
secunia-CAM.txt |
Description:
|
Secunia Research has discovered a vulnerability in CAM UnZip versions 4.0 and 4.3, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when listing the contents of a ZIP archive. This can be exploited to cause a stack-based buffer overflow when a malicious ZIP archive containing a file with an overly long filename is opened.
| | Author: | Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 3485 | | Related CVE(s): | CVE-2006-2161 | | Last Modified: | May 22 02:18:39 2006 |
| MD5 Checksum: | 1843342c184ce46a32290e059fc17aa3 |
|
| /// File Name: |
dsa-1058-1.txt |
Description:
|
Debian Security Advisory 1058-1 - Hendrik Weimer discovered that specially crafted web requests can cause awstats, a powerful and featureful web server log analyzer, to execute arbitrary commands.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 2954 | | Related CVE(s): | CVE-2006-2237 | | Last Modified: | May 22 02:06:42 2006 |
| MD5 Checksum: | 2ecbc7810e4691fd5e14f8c47d4c35b8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
