Section: .. / 0607-advisories /
| /// File Name: |
USN-311-1.txt |
Description:
|
Ubuntu Security Notice 311-1 - A race condition was discovered in the do_add_counters() functions. Processes which do not run with full root privileges, but have the CAP_NET_ADMIN capability can exploit this to crash the machine or read a random piece of kernel memory. In Ubuntu there are no packages that are affected by this, so this can only be an issue for you if you use third-party software that uses Linux capabilities. John Stultz discovered a faulty BUG_ON trigger in the handling of POSIX timers. A local attacker could exploit this to trigger a kernel oops and crash the machine. Dave Jones discovered that the PowerPC kernel did not perform certain required access_ok() checks. A local user could exploit this to read arbitrary kernel memory and crash the kernel on 64-bit systems, and possibly read arbitrary kernel memory on 32-bit systems. A design flaw was discovered in the prctl(PR_SET_DUMPABLE, ...) system call, which allowed a local user to have core dumps created in a directory he could not normally write to. This could be exploited to drain available disk space on system partitions, or, under some circumstances, to execute arbitrary code with full root privileges. This flaw only affects Ubuntu 6.06 LTS.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 153729 | | Related CVE(s): | CVE-2006-0039, CVE-2006-2445, CVE-2006-2448, CVE-2006-2451 | | Last Modified: | Jul 12 05:13:11 2006 |
| MD5 Checksum: | 2fc78c9c9f579a3520a7baac3bc441b0 |
|
| /// File Name: |
sa20991.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, bypass certain security restrictions, or potentially gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/20991/ | | File Size: | 139917 | | Last Modified: | Jul 12 03:20:23 2006 |
| MD5 Checksum: | 696b800200fa75530d178f6e534e9aec |
|
| /// File Name: |
04072006_tweed.pdf |
Description:
|
Tumbleweed's Email Firewall has three separate vulnerabilities within its LHA processing routines inside of its EMF Decomposer.
| | Author: | Ryan Smith | | Homepage: | http://www.hustlelabs.com | | File Size: | 117148 | | Last Modified: | Jul 26 04:11:23 2006 |
| MD5 Checksum: | b9120c970b1bbb456be2e586166b59a0 |
|
| /// File Name: |
SUSE-SA-2006-042.txt |
Description:
|
SUSE Security Announcement SUSE-SA:2006:042 - A slew of kernel related vulnerabilities has been fixed in SUSE Linux for the 2.6 series.
| | Homepage: | http://www.suse.com | | File Size: | 72071 | | Related CVE(s): | CVE-2006-0744, CVE-2006-1528, CVE-2006-1855, CVE-2006-1857, CVE-2006-1858, CVE-2006-1859, CVE-2006-1860, CVE-2006-2444, CVE-2006-2445, CVE-2006-2448, CVE-2006-2450, CVE-2006-2451, CVE-2006-2934, CVE-2006-2935, CVE-2006-3085, CVE-2006-3626 | | Last Modified: | Jul 27 22:40:22 2006 |
| MD5 Checksum: | 1f9995f27ac47ea16eaf51417e6e827a |
|
| /// File Name: |
04072006_rarlabs.pdf |
Description:
|
WinRAR versions less than 3.60 beta 7 and greater than 3.0 suffer from multiple buffer overflows due to a lack of constraints while copying data.
| | Author: | Ryan Smith | | Homepage: | http://www.hustlelabs.com/ | | File Size: | 68543 | | Last Modified: | Jul 23 23:19:21 2006 |
| MD5 Checksum: | 4b400cbd6dccb549b9da94522c248f9d |
|
| /// File Name: |
SUSE-SA-2006-040.txt |
Description:
|
SUSE Security Announcement SUSE-SA:2006:040 - Multiple vulnerabilities have been discovered in OpenOffice. A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. A security vulnerability related to OpenOffice.org documents may allow certain Java applets to break through the "sandbox" and therefore have full access to system resources with current user privileges. A buffer overflow in the XML UTF8 converter allows for a value to be written to an arbitrary location in memory. This may lead to command execution in the context of the current user.
| | Homepage: | http://www.suse.com | | File Size: | 55165 | | Related CVE(s): | CVE-2006-2198, CVE-2006-2199, CVE-2006-3117 | | Last Modified: | Jul 9 06:05:02 2006 |
| MD5 Checksum: | a364f0c11b9b8ec2bab518181300a6a4 |
|
| /// File Name: |
sa21179.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions or potentially gain escalated privileges, and by malicious people to cause a DoS.
| | Homepage: | http://secunia.com/advisories/21179/ | | File Size: | 48668 | | Last Modified: | Jul 27 21:04:26 2006 |
| MD5 Checksum: | 13b77af746f9850245f0c0f27d3e078a |
|
| /// File Name: |
USN-319-1.txt |
Description:
|
Ubuntu Security Notice 319-1 - A race condition has been discovered in the file permission handling of the /proc file system. A local attacker could exploit this to execute arbitrary code with full root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 43251 | | Related CVE(s): | CVE-2006-3626 | | Last Modified: | Jul 20 05:21:43 2006 |
| MD5 Checksum: | c11322efcaa2186e77df73be9880b31e |
|
| /// File Name: |
sa21073.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21073/ | | File Size: | 40368 | | Last Modified: | Jul 18 16:56:43 2006 |
| MD5 Checksum: | aa465fcb427fe83993046bfbd06f5aaa |
|
| /// File Name: |
sa20913.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for OpenOffice_org. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/20913/ | | File Size: | 39701 | | Last Modified: | Jul 4 05:53:37 2006 |
| MD5 Checksum: | 8f993322ea7275d4939205f5fd4bc445 |
|
| /// File Name: |
dsa-1118-1.txt |
Description:
|
Debian Security Advisory 1118-1 - A massive slew of vulnerabilities have been patched in Mozilla for Debian.
| | Homepage: | http://www.debian.org/security | | File Size: | 32339 | | Related CVE(s): | CVE-2006-1942, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787 | | Last Modified: | Jul 24 02:51:29 2006 |
| MD5 Checksum: | 849c2b82ab525b0e613ff0cbf78f0e9e |
|
| /// File Name: |
sa20914.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for kernel-source-2.6.8. This fixes some vulnerabilities and weaknesses, which can be exploited to bypass certain security restrictions, disclose potentially sensitive information, and cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/20914/ | | File Size: | 32120 | | Last Modified: | Jul 4 19:03:03 2006 |
| MD5 Checksum: | 4e75e91e79e3a4e9a2d6590b129660c3 |
|
| /// File Name: |
USN-320-1.txt |
Description:
|
Ubuntu Security Notice 320-1 - Multiple vulnerabilities in php4 and php5 have been fixed in Ubuntu.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 30846 | | Related CVE(s): | CVE-2006-0996, CVE-2006-1490, CVE-2006-1494, CVE-2006-1608, CVE-2006-1990, CVE-2006-1991, CVE-2006-2563, CVE-2006-2660, CVE-2006-3011, CVE-2006-3016, CVE-2006-3018 | | Last Modified: | Jul 23 23:25:38 2006 |
| MD5 Checksum: | f9d5c54a11f54233b9db53e9b237aef2 |
|
| /// File Name: |
dsa-1111-2.txt |
Description:
|
Debian Security Advisory 1111-2 - It was discovered that a race condition in the process filesystem can lead to privilege escalation for the Linux 2.6 kernel series. The initial advisory lacked builds for the IBM S/390, Motorola 680x0 and HP Precision architectures, which are now provided. Also, the kernels for the FAI installer have been updated.
| | Homepage: | http://www.debian.org/security | | File Size: | 28181 | | Related CVE(s): | CVE-2006-3625 | | Last Modified: | Jul 27 22:43:42 2006 |
| MD5 Checksum: | 0527c5c202899e957c006982219ad651 |
|
| /// File Name: |
USN-325-1.txt |
Description:
|
Ubuntu Security Notice USN-325-1 - ruby1.8 suffer from flaws where the alias function, certain directory operations, and regular expressions did not correctly implement safe levels. Depending on the application these flaws might allow attackers to bypass safe level restrictions and perform unintended operations.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 27993 | | Related CVE(s): | CVE-2006-3694 | | Last Modified: | Jul 27 23:26:40 2006 |
| MD5 Checksum: | f871c9ce413ce45050cfc2aaf09a69b6 |
|
| /// File Name: |
sa21125.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for PHP. This fixes some vulnerabilities, which allow malicious, local users to bypass certain security restrictions, or malicious people to gain knowledge of potentially sensitive information, conduct cross-site scripting attacks, or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21125/ | | File Size: | 27778 | | Last Modified: | Jul 20 06:20:00 2006 |
| MD5 Checksum: | ad38a698a58aa3099f5161f8319533b0 |
|
| /// File Name: |
sa21183.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for mozilla. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP response smuggling attacks, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21183/ | | File Size: | 27030 | | Last Modified: | Jul 26 01:33:34 2006 |
| MD5 Checksum: | 7c62479b745338984639aed2468f725d |
|
| /// File Name: |
USN-328-1.txt |
Description:
|
Ubuntu Security Notice USN-328-1 - Mark Dowd discovered an off-by-one buffer overflow in the mod_rewrite module's ldap scheme handling for Apache 2.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 26886 | | Related CVE(s): | CVE-2006-3747 | | Last Modified: | Jul 27 23:40:47 2006 |
| MD5 Checksum: | f7dfeb500655513bde2fc845015f145e |
|
| /// File Name: |
sa20995.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/20995/ | | File Size: | 25093 | | Last Modified: | Jul 13 01:44:02 2006 |
| MD5 Checksum: | dcf0b681569f45de063ba3ac6de313cc |
|
| /// File Name: |
dsa-1110-1.txt |
Description:
|
Debian Security Advisory 1110-1: Gerald Carter discovered that the smbd daemon from Samba, a free implementation of the SMB/CIFS protocol, imposes insufficient limits in the code to handle shared connections, which can be exploited to exhaust system memory by sending maliciously crafted requests, leading to denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 24644 | | Last Modified: | Jul 18 17:26:34 2006 |
| MD5 Checksum: | 3c6755c2f7965ec2f340be54f584a8ac |
|
| /// File Name: |
MDKSA-2006-118.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-118 - OpenOffice.org versions 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. An unspecified vulnerability in Java Applets in OpenOffice.org versions 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. Heap-based buffer overflow in OpenOffice.org versions 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 24019 | | Related CVE(s): | CVE-2006-2198, CVE-2006-2199, CVE-2006-3117 | | Last Modified: | Jul 9 08:54:54 2006 |
| MD5 Checksum: | c7d36c141e756d0ce80549bf0f5188b6 |
|
| /// File Name: |
sa21086.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21086/ | | File Size: | 22795 | | Last Modified: | Jul 17 13:11:29 2006 |
| MD5 Checksum: | f4c803833a659564fefd31a3602e26a2 |
|
| /// File Name: |
USN-314-1.txt |
Description:
|
Ubuntu Security Notice 314-1 - The Samba security team reported a Denial of Service vulnerability in the handling of information about active connections. In certain circumstances an attacker could continually increase the memory usage of the smbd process by issuing a large number of share connection requests. By draining all available memory, this could be exploited to render the remote Samba server unusable.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 22634 | | Related CVE(s): | CVE-2006-3403 | | Last Modified: | Jul 13 18:31:49 2006 |
| MD5 Checksum: | 881c386434b569c32336480c4ce5fdd0 |
|
| /// File Name: |
sa21018.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21018/ | | File Size: | 21855 | | Last Modified: | Jul 13 13:58:07 2006 |
| MD5 Checksum: | e952036d4d81b2a0967e08aa0e404fdc |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
