Section: .. / 0609-advisories /
| /// File Name: |
USN-341-1.txt |
Description:
|
Ubuntu Security Notice USN-341-1 - An integer overflow has been discovered in X.org's font handling library. By using a specially crafted font file, this could be exploited to crash the X server or execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 72151 | | Related CVE(s): | CVE-2006-3467 | | Last Modified: | Sep 8 07:26:35 2006 |
| MD5 Checksum: | e5b75a2e8fc20b603e1f139e4cf7862d |
|
| /// File Name: |
USN-343-1.txt |
Description:
|
Ubuntu Security Notice USN-343-1 - bind did not sufficiently verify particular requests and responses from other name servers and users. By sending a specially crafted packet, a remote attacker could exploit this to crash the name server.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 21451 | | Related CVE(s): | CVE-2006-4095, CVE-2006-4096 | | Last Modified: | Sep 8 08:55:39 2006 |
| MD5 Checksum: | 961b3d39142aa8abe1d66706a0094555 |
|
| /// File Name: |
USN-344-1.txt |
Description:
|
Ubuntu Security Notice USN-344-1 - iDefense security researchers found several integer overflows in X.org's font handling library. By using a specially crafted Type1 CID font file, a local user could exploit these to crash the X server or execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 72211 | | Related CVE(s): | CVE-2006-3739, CVE-2006-3740 | | Last Modified: | Sep 13 11:28:02 2006 |
| MD5 Checksum: | 0ff8aa59054f8ce0cde141af0f62a900 |
|
| /// File Name: |
USN-345-1.txt |
Description:
|
Ubuntu Security Notice USN-345-1 - Steve Alexander discovered that mailman did not properly handle attachments with special filenames. A remote user could exploit that to stop mail delivery until the server administrator manually cleaned these posts. Various cross site scripting vulnerabilities have been reported by Barry Warsaw. By using specially crafted email addresses, names, and similar arbitrary user-defined strings, a remote attacker could exploit this to run web script code in the list administrator's web browser. URLs logged to the error log file are now checked for invalid characters. Before, specially crafted URLs could inject arbitrary messages into the log.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5228 | | Related CVE(s): | CVE-2006-2941, CVE-2006-3636 | | Last Modified: | Sep 14 08:41:52 2006 |
| MD5 Checksum: | e61bbd575ca9cddc45e9577dd417edcb |
|
| /// File Name: |
USN-346-1.txt |
Description:
|
Ubuntu Security Notice 346-1: Multiple problems in the Linux kernel
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 134687 | | Last Modified: | Sep 15 01:22:51 2006 |
| MD5 Checksum: | f75b179f7de1e559c2680a3ab2711d33 |
|
| /// File Name: |
USN-346-2.txt |
Description:
|
Ubuntu Security Notice 346-2: USN-346-1 provided an updated Linux kernel to fix several security vulnerabilities. Unfortunately the update broke the binary 'nvidia' driver from linux-restricted-modules. This update corrects this problem. We apologize for the inconvenience.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11307 | | Last Modified: | Sep 15 01:24:02 2006 |
| MD5 Checksum: | d80b8548ea440286a87213a2c11c40b1 |
|
| /// File Name: |
USN-347-1.txt |
Description:
|
Ubuntu Security Notice 347-1: linux-source-2.6.10/-2.6.12/-2.6.15 linux kernel vulnerabilities
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 157225 | | Last Modified: | Sep 22 02:11:37 2006 |
| MD5 Checksum: | 90c742a5ccad93c9d92a8651450408e5 |
|
| /// File Name: |
USN-348-1.txt |
Description:
|
Ubuntu Security Notice 348-1: The GnuTLS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 13696 | | Last Modified: | Sep 22 02:11:41 2006 |
| MD5 Checksum: | 5f8136a6278b9cbac05c048960df400b |
|
| /// File Name: |
USN-350-1.txt |
Description:
|
Ubuntu Security Notice 350-1: mozilla-thunderbird vulnerabilities
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12497 | | Last Modified: | Sep 26 21:50:42 2006 |
| MD5 Checksum: | 2c39b4cace57576403a93f485911b894 |
|
| /// File Name: |
USN-352-1.txt |
Description:
|
Ubuntu Security Notice 352-1: Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6571 | | Last Modified: | Sep 27 01:32:42 2006 |
| MD5 Checksum: | b6c53bc048768303dd5207d83e27ebe9 |
|
| /// File Name: |
webdictate.txt |
Description:
|
Web Dictate version 1.02 allows administrative login with a null password.
| | Author: | Revnic Vasile | | File Size: | 500 | | Last Modified: | Sep 7 09:57:30 2006 |
| MD5 Checksum: | 66d51d47a2973108b2b1e5188a529b71 |
|
| /// File Name: |
Woltlab-2.3.x.txt |
Description:
|
Woltlab Burning Board 2.3.X SQL Injection Vulnerability
| | Author: | sn4k3.23 | | File Size: | 263 | | Last Modified: | Oct 3 01:15:30 2006 |
| MD5 Checksum: | 0ff0518c371aaab5c13ca0ea8485d36e |
|
| /// File Name: |
wwwthreads-5.4.2.txt |
Description:
|
wwwthreads 5.4.2 and prior suffer from multiple cross site scripting vulnerabilities.
| | Author: | Root3r_H3ll | | Homepage: | http://Www.PersainFox.com | | File Size: | 2307 | | Last Modified: | Oct 3 01:57:00 2006 |
| MD5 Checksum: | 7aed22b7819d49ae37e0beb0d1f9331e |
|
| /// File Name: |
ZDI-06-028.txt |
Description:
|
A vulnerability in ICS/IMail Server 2006 allows remote attackers to execute arbitrary code on vulnerable installations of the Ipswitch Collaboration Suite and IMail. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SMTP daemon. A lack of bounds checking during the parsing of long strings contained within the characters '@' and ':' leads to a stack overflow vulnerability. Exploitation can result in code execution or a denial of service.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2560 | | Related CVE(s): | CVE-2006-4379 | | Last Modified: | Sep 8 08:50:37 2006 |
| MD5 Checksum: | 510771ca99c592b53d59c66437d24222 |
|
| /// File Name: |
ZDI-06-029.txt |
Description:
|
ZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2822 | | Last Modified: | Sep 28 00:21:01 2006 |
| MD5 Checksum: | a18aecd4e964c420fbf86eaf5a01542e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
