Section: .. / 0611-advisories /
| /// File Name: |
sa22976.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for pdns. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22976/ | | File Size: | 3936 | | Last Modified: | Nov 17 18:30:18 2006 |
| MD5 Checksum: | a62fe5531fd6083f9dead28969383845 |
|
| /// File Name: |
sa22979.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for asterisk. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22979/ | | File Size: | 3981 | | Last Modified: | Nov 17 18:30:18 2006 |
| MD5 Checksum: | 6c7a1bee34ba271e0765101c58f7e4ac |
|
| /// File Name: |
sa22980.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for MozillaFirefox, MozillaThunderbird, and seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22980/ | | File Size: | 9164 | | Last Modified: | Nov 17 18:30:18 2006 |
| MD5 Checksum: | 248e8badeed0b7ac5b0386b5fc4734a6 |
|
| /// File Name: |
sa22982.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in Apple Remote Desktop, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/22982/ | | File Size: | 2911 | | Last Modified: | Nov 17 18:30:18 2006 |
| MD5 Checksum: | 7ba8c7802747369467881bd421c9ac97 |
|
| /// File Name: |
ZDI-06-042.txt |
Description:
|
A vulnerability allows remote attackers to proxy web attacks and scan internal hosts through vulnerable installations of Verity Ultraseek. Authentication is not required to exploit this vulnerability. The specific flaw exists within the highlight script used to highlight search terms on spidered pages. An attacker can directly access the highlight script at '/highlight/index.html' to pass parameters to and retrieve content from arbitrary URLs. The same script can also be abused to enumerate otherwise inaccessible internal addresses and open ports.
| | Author: | sullo | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3735 | | Related CVE(s): | CVE-2006-5819 | | Last Modified: | Nov 16 12:26:07 2006 |
| MD5 Checksum: | 99c032d405a177ee8e3a87b4df6ceef2 |
|
| /// File Name: |
outpost-failures.txt |
Description:
|
Outpost Firewall PRO version 4.0 (and possibly older versions) hooks many functions in SSDT and in at least twelve cases it fails to validate arguments that come from user mode.
| | Homepage: | http://www.matousec.com/ | | File Size: | 1465 | | Last Modified: | Nov 16 12:24:40 2006 |
| MD5 Checksum: | 53c661980a56348ae91ae63facb3c7a9 |
|
| /// File Name: |
dsa-1212-1.txt |
Description:
|
Debian Security Advisory 1212-1 - Two denial of service vulnerabilities have been found in the OpenSSH server. The sshd support for ssh protocol version 1 does not properly handle duplicate incoming blocks. This could allow a remote attacker to cause sshd to consume significant CPU resources leading to a denial of service. A signal handler race condition could potentially allow a remote attacker to crash sshd and could theoretically lead to the ability to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 11437 | | Related CVE(s): | CVE-2006-4924, CVE-2006-5051 | | Last Modified: | Nov 16 12:20:08 2006 |
| MD5 Checksum: | 51971b066a8eeebbdfb1d58b79d8767e |
|
| /// File Name: |
OpenPKG-SA-2006.034.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.034 - Miloslav Trmac from Red Hat discovered a buffer overflow in GNU Texinfo. The flaw was found in a function used by Texinfo's texi2dvi and texindex commands. An attacker could construct a carefully crafted Texinfo file that could cause texi2dvi or texindex to crash or possibly execute arbitrary code when opened.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2235 | | Related CVE(s): | CVE-2006-4810 | | Last Modified: | Nov 16 12:18:51 2006 |
| MD5 Checksum: | 357716bd18fe692b04d953df901466f2 |
|
| /// File Name: |
trustedbsd-firewire.txt |
Description:
|
The Firewire device enabled by default in the GENERIC kernel for TrusedBSD* defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.kernelhacking.com/rodrigo | | Related File: | bsd.patch | | File Size: | 3422 | | Last Modified: | Nov 16 12:15:54 2006 |
| MD5 Checksum: | c4aa48265643c1fa61a56a7322579d01 |
|
| /// File Name: |
dragonflybsd-firewire.txt |
Description:
|
The Firewire device enabled by default in the GENERIC kernel for DragonFlyBSD defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.kernelhacking.com/rodrigo | | Related File: | bsd.patch | | File Size: | 3423 | | Last Modified: | Nov 16 12:15:20 2006 |
| MD5 Checksum: | e1730287e3cb0a8eb2886226197ccde0 |
|
| /// File Name: |
netbsd-firewire.txt |
Description:
|
The Firewire device enabled by default in the GENERIC kernel for NetBSD defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.kernelhacking.com/rodrigo | | Related File: | bsd.patch | | File Size: | 3417 | | Last Modified: | Nov 16 12:14:36 2006 |
| MD5 Checksum: | d64c96b48c1144754f29164eff425a33 |
|
| /// File Name: |
freebsd-firewire.txt |
Description:
|
The Firewire device enabled by default in the GENERIC kernel for FreeBSD defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.kernelhacking.com/rodrigo | | Related File: | bsd.patch | | File Size: | 3418 | | Last Modified: | Nov 16 12:13:44 2006 |
| MD5 Checksum: | 9bf61a2d6a3b88f11455cec5f19352c2 |
|
| /// File Name: |
sa22933.txt |
Description:
|
Secunia Security Advisory - r0ut3r has discovered some vulnerabilities in torrentflux-b4rt, which can be exploited by malicious people to gain system access or to manipulate data.
| | Homepage: | http://secunia.com/advisories/22933/ | | File Size: | 2860 | | Last Modified: | Nov 16 11:33:31 2006 |
| MD5 Checksum: | f4e7cc1da6ab1b6a6810cd8250911ef7 |
|
| /// File Name: |
MDKSA-2006-208.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-208 - An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 9400 | | Related CVE(s): | CVE-2006-5779 | | Last Modified: | Nov 16 11:33:14 2006 |
| MD5 Checksum: | f0c1c532227c9ff07f1e441a5d477e05 |
|
| /// File Name: |
MDKSA-2006-207.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-207 - The BIND DNS server is vulnerable to the recently-discovered OpenSSL RSA signature verification problem. BIND uses RSA cryptography as part of its DNSSEC implementation.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 5948 | | Related CVE(s): | CVE-2006-4339 | | Last Modified: | Nov 16 11:32:32 2006 |
| MD5 Checksum: | 4104389466279b56bbe309055b3063c2 |
|
| /// File Name: |
dsa-1211-1.txt |
Description:
|
Debian Security Advisory 1211-1 - It was discovered that malformed TCP packets may lead to denial of service and possibly the execution of arbitrary code if the PowerDNS nameserver acts as a recursive nameserver.
| | Homepage: | http://www.debian.org/security | | File Size: | 16507 | | Related CVE(s): | CVE-2006-4251 | | Last Modified: | Nov 16 11:04:18 2006 |
| MD5 Checksum: | 7951d6e360d53e1b5ddfa6467350f6c2 |
|
| /// File Name: |
TA06-318A.txt |
Description:
|
Technical Cyber Security Alert TA06-318A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, and Adobe Flash. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3903 | | Last Modified: | Nov 16 11:02:41 2006 |
| MD5 Checksum: | cdb5eb5c68a962d3f2542ce4fa05ae83 |
|
| /// File Name: |
EEYE-MSWS.txt |
Description:
|
A flaw exists in a default Windows component called the "Workstation Service" that when exploited allows for remote code execution in SYSTEM context, allowing an attacker to take complete control of affected systems. Systems affected include Windows 2000 (Remote Code Execution), Windows XP SP1 (Local Privilege Escalation).
| | Author: | JeongWook Matt Oh, Derek Soeder | | Homepage: | http://research.eeye.com/ | | File Size: | 3492 | | Last Modified: | Nov 16 11:01:48 2006 |
| MD5 Checksum: | ab5e44c09d742521217e98290229c887 |
|
| /// File Name: |
ZDI-06-041.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper parsing of HTML CSS 'float' properties. By ordering specially crafted 'div' tags in a web page, memory corruption can occur leading to remote code execution. Internet Explorer version 6 is affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2547 | | Related CVE(s): | CVE-2006-4687 | | Last Modified: | Nov 16 10:54:28 2006 |
| MD5 Checksum: | 12fbd5b70ece2d5a03788adc9df9460f |
|
| /// File Name: |
ZDI-06-040.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. Affected is WinZip 10.0 (pre build 7245).
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2690 | | Related CVE(s): | CVE-2006-5198 | | Last Modified: | Nov 16 10:52:35 2006 |
| MD5 Checksum: | 4590f18f8d729ff9e68c6744037ff57a |
|
| /// File Name: |
advisory_142006.139.txt |
Description:
|
Hardened PHP Project Security Advisory - Dotdeb PHP versions below 5.2.0 revision 3 suffer from an email header injection vulnerability.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 3377 | | Last Modified: | Nov 16 10:48:56 2006 |
| MD5 Checksum: | 94a0d7b89c35c24b152070fece362157 |
|
| /// File Name: |
sa22917.txt |
Description:
|
Secunia Security Advisory - Filipe Balestra and Rodrigo Rubira Branco have reported a vulnerability in FreeBSD, which can be exploited by malicious, local users to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/22917/ | | File Size: | 2640 | | Last Modified: | Nov 16 10:43:30 2006 |
| MD5 Checksum: | a0bacbb1de86f2187b1728a0b1960f86 |
|
| /// File Name: |
sa21554.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a security issue in MDaemon, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21554/ | | File Size: | 3548 | | Last Modified: | Nov 16 10:09:27 2006 |
| MD5 Checksum: | 6462dfa2cbdb734860135ea8a24f6cba |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
