Section: .. / 0701-advisories /
| /// File Name: |
sa23789.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for xfree86. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/23789/ | | File Size: | 147048 | | Last Modified: | Jan 18 03:44:32 2007 |
| MD5 Checksum: | a01a019473b380beb6362769911a3f39 |
|
| /// File Name: |
2007_firepass.pdf |
Description:
|
Multiple cross site scripting, filter bypass, and information disclosure vulnerabilities exist in the F5 FirePass SSL VPN.
| | Author: | Michael Ligh, Greg Sinclair | | Homepage: | http://mnin.org/ | | File Size: | 131466 | | Last Modified: | Jan 13 16:06:06 2007 |
| MD5 Checksum: | 0c46d3878a3f7d7d800b63f62a85644d |
|
| /// File Name: |
cisco-sa-20070124-crafted-ip-option..> |
Description:
|
Cisco Security Advisory - Cisco routers and switches running Cisco IOS\256 or Cisco IOS XR software may be vulnerable to a remotely exploitable crafted IP option Denial of Service (DoS) attack. Exploitation of the vulnerability may potentially allow for arbitrary code execution. The vulnerability may be exploited after processing an Internet Control Message Protocol (ICMP) packet, Protocol Independent Multicast version 2 (PIMv2) packet, Pragmatic General Multicast (PGM) packet, or URL Rendezvous Directory (URD) packet containing a specific crafted IP option in the packet's IP header. No other IP protocols are affected by this issue.
| | Homepage: | http://www.cisco.com/ | | File Size: | 71315 | | Last Modified: | Jan 26 21:31:45 2007 |
| MD5 Checksum: | 577fd50627b0f80c7885e9f61dbd8439 |
|
| /// File Name: |
USN-410-1.txt |
Description:
|
Ubuntu Security Notice 410-1 - The poppler PDF loader library did not limit the recursion depth of the page model tree. By tricking a user into opening a specially crafter PDF file, this could be exploited to trigger an infinite loop and eventually crash an application that uses this library.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 64909 | | Related CVE(s): | CVE-2007-0104 | | Last Modified: | Jan 19 22:30:35 2007 |
| MD5 Checksum: | 0d13cbf8943c4ab18dd16154b4e34d5d |
|
| /// File Name: |
cisco-sa-20070124-crafted-tcp.txt |
Description:
|
Cisco Security Advisory - The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service condition. This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 63855 | | Last Modified: | Jan 26 21:29:42 2007 |
| MD5 Checksum: | 37c32831dda7d34aac95c6c587bb9175 |
|
| /// File Name: |
cisco-sa-20070124-IOS-IPv6.txt |
Description:
|
Cisco Security Advisory - Processing a specially crafted IPv6 Type 0 Routing header can crash a device running Cisco IOS software. This vulnerability does not affect IPv6 Type 2 Routing header which is used in mobile IPv6. IPv6 is not enabled by default in Cisco IOS.
| | Homepage: | http://www.cisco.com/ | | File Size: | 62324 | | Last Modified: | Jan 26 21:31:00 2007 |
| MD5 Checksum: | dcea7c1cf3bf61e222409a766a302c5f |
|
| /// File Name: |
sa23791.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for poppler. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23791/ | | File Size: | 60717 | | Last Modified: | Jan 19 19:09:28 2007 |
| MD5 Checksum: | 2c62a398cf6ca295dd003acc2993c0c2 |
|
| /// File Name: |
USN-403-1.txt |
Description:
|
Ubuntu Security Notice 403-1 - The DBE and Render extensions in X.org were vulnerable to integer overflows, which could lead to memory overwrites. An authenticated user could make a specially crafted request and execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 50575 | | Related CVE(s): | CVE-2006-6101, CVE-2006-6102, CVE-2006-6103 | | Last Modified: | Jan 13 17:59:42 2007 |
| MD5 Checksum: | 75a16c7c2e6cc43b4a0a0dc695bfb2e2 |
|
| /// File Name: |
cisco-sa-20070110-dlsw.txt |
Description:
|
Cisco Security Advisory - A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of this vulnerability requires that an attacker be able to establish a DLSw connection to the device.
| | Homepage: | http://www.cisco.com/ | | File Size: | 47426 | | Last Modified: | Jan 13 18:29:44 2007 |
| MD5 Checksum: | c7b16fd9119b6894b8b981c09db494b0 |
|
| /// File Name: |
dsa-1252-1.txt |
Description:
|
Debian Security Advisory 1252-1 - Kevin Finisterre discovered several format string problems in vlc, a multimedia player and streamer, that could lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 43890 | | Related CVE(s): | CVE-2007-0017 | | Last Modified: | Jan 29 11:28:27 2007 |
| MD5 Checksum: | 50f008dc34116d113f668e55e7928a24 |
|
| /// File Name: |
sa23971.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for vlc. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23971/ | | File Size: | 40432 | | Last Modified: | Jan 29 11:19:09 2007 |
| MD5 Checksum: | f6f545e76f535d481727fcc2e47b286d |
|
| /// File Name: |
USN-409-1.txt |
Description:
|
Ubuntu Security Notice 409-1 - Federico L. Bossi Bonin discovered a Denial of Service vulnerability in ksirc. By sending a special response packet, a malicious IRC server could crash ksirc.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 37672 | | Related CVE(s): | CVE-2006-6811 | | Last Modified: | Jan 15 22:19:10 2007 |
| MD5 Checksum: | 87726af2366057e0e782d3744e387f17 |
|
| /// File Name: |
USN-402-1.txt |
Description:
|
Ubuntu Security Notice 402-1 - A flaw was discovered in Avahi's handling of compressed DNS packets. If a specially crafted reply were received over the network, the Avahi daemon would go into an infinite loop, causing a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 36013 | | Related CVE(s): | CVE-2006-6870 | | Last Modified: | Jan 13 15:33:35 2007 |
| MD5 Checksum: | 08c800598d6d8c567a1cb655e8f76ddb |
|
| /// File Name: |
sa23620.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for openoffice.org. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23620/ | | File Size: | 35458 | | Last Modified: | Jan 5 18:44:16 2007 |
| MD5 Checksum: | 3bd224ba891f68f2dc93084b9c6f3076 |
|
| /// File Name: |
cisco-sa-20070105-csacs.txt |
Description:
|
Cisco Security Advisory - Certain versions of Cisco Secure Access Control Server (ACS) for Windows and the Cisco Secure ACS Solution Engine (here after both referred to as purely Cisco Secure ACS) are affected by multiple vulnerabilities that cause specific Cisco Secure services to crash. Two of the vulnerabilities may permit arbitrary code execution after exploitation of the specified vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 25828 | | Related CVE(s): | CVE-2006-4098, CVE-2006-4097 | | Last Modified: | Jan 13 15:45:56 2007 |
| MD5 Checksum: | 75996cdb0d85252d1f5d7e76cb1494ad |
|
| /// File Name: |
USN-406-1.txt |
Description:
|
Ubuntu Security Notice 406-1 - An integer overflow was discovered in OpenOffice.org's handling of WMF files. If a user were tricked into opening a specially crafted WMF file, an attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 24114 | | Related CVE(s): | CVE-2006-5870 | | Last Modified: | Jan 13 19:48:40 2007 |
| MD5 Checksum: | b89f96f7f5345d93c6ba785d83f0efc0 |
|
| /// File Name: |
dsa-1254-1.txt |
Description:
|
Debian Security Advisory 1254-1 - It was discovered that the Bind name server daemon is vulnerable to denial of service by triggering an assertion through a crafted DNS query. This only affects installations which use the DNSSEC extensions. Please note that the CVE listed in this advisory is incorrect.
| | Homepage: | http://www.debian.org/security | | File Size: | 22297 | | Last Modified: | Jan 29 19:47:18 2007 |
| MD5 Checksum: | b907768273ac2898bec098b21758ca35 |
|
| /// File Name: |
MDKSA-2007-024.txt |
Description:
|
Mandriva Linux Security Advisory - The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 21333 | | Related CVE(s): | CVE-2007-0104 | | Last Modified: | Jan 24 01:35:14 2007 |
| MD5 Checksum: | 02aec3e2f8ff6d92ad9da7bf1afb0ae7 |
|
| /// File Name: |
MDKSA-2007-006.txt |
Description:
|
Mandriva Linux Security Advisory - Several integer overflows were discovered in the OpenOffice.org WMF file processor. An attacker could create a carefully crafted WMF file that would cause OpenOffice.org to execute arbitrary code when opened.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 21330 | | Related CVE(s): | CVE-2006-5870 | | Last Modified: | Jan 13 18:30:38 2007 |
| MD5 Checksum: | d149d9cdcedfeecc30106ca461c1d2a4 |
|
| /// File Name: |
sa23944.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23944/ | | File Size: | 20552 | | Last Modified: | Jan 29 11:19:09 2007 |
| MD5 Checksum: | 0939916a3e0f74e4e838cc8c4fb16711 |
|
| /// File Name: |
MOAB-05-01-2007.html |
Description:
|
Month Of Apple Bugs - A vulnerability in the handling of Apple DiskManagement BOM files allows to set rogue permissions on the filesystem via the 'diskutil' tool. This can be used to execute arbitrary code and escalate privileges. A malicious user could create a BOM declaring new permissions for specific filesystem locations (ex. binaries, cron and log directories, etc). Once 'diskutil' runs a permission repair operation the rogue permissions would be set, allowing to plant a backdoor, overwrite resources or simply gain root privileges.
| | Author: | LMH, Kevin Finisterre | | Homepage: | http://projects.info-pull.com/moab/index.html | | File Size: | 19552 | | Last Modified: | Jan 13 16:03:11 2007 |
| MD5 Checksum: | c043b9b8f15a8b56a56b6be67621b106 |
|
| /// File Name: |
sa23549.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for OpenOffice_org. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23549/ | | File Size: | 19094 | | Last Modified: | Jan 5 18:44:16 2007 |
| MD5 Checksum: | fa93dd1d0da084637e1804f2c7727f32 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
