Section: .. / 0705-advisories /
| /// File Name: |
dsa-1296-1.txt |
Description:
|
Debian Security Advisory 1296-1 - It was discovered that the ftp extension of PHP, a server-side, HTML-embedded scripting language performs insufficient input sanitising, which permits an attacker to execute arbitrary FTP commands. This requires the attacker to already have access to the FTP server.
| | Homepage: | http://www.debian.org/security | | File Size: | 72245 | | Related CVE(s): | CVE-2007-2509 | | Last Modified: | May 22 03:57:30 2007 |
| MD5 Checksum: | 6faea7ecb565932576eade47cf49581d |
|
| /// File Name: |
dsa-1297-1.txt |
Description:
|
Debian Security Advisory 1297-1 - Bernhard R. Link discovered that the CVS browsing interface of Gforge, a collaborative development tool, performs insufficient escaping of URLs, which allows the execution of arbitrary shell commands with the privileges of the www-data user.
| | Homepage: | http://www.debian.org/security | | File Size: | 2904 | | Related CVE(s): | CVE-2007-0246 | | Last Modified: | May 30 22:45:13 2007 |
| MD5 Checksum: | a9786fd6abe2ff8d3f62148987f3dd04 |
|
| /// File Name: |
efilecab-bypass.txt |
Description:
|
eFileCabinet version 3.3 suffers from an authentication bypass vulnerability.
| | Author: | Digital Defense Inc. Vulnerability Research Team | | File Size: | 1347 | | Last Modified: | May 12 04:44:05 2007 |
| MD5 Checksum: | 5fc62a65e195dccbed52762e25cc7b81 |
|
| /// File Name: |
exim-spamd-overflow.txt |
Description:
|
spamd as included with Exim version 4.66 suffers from a buffer overflow vulnerability.
| | Author: | calcite | | File Size: | 2478 | | Last Modified: | May 15 07:46:15 2007 |
| MD5 Checksum: | 23cdf78dacd95a89050a9c0b4d08d65a |
|
| /// File Name: |
FreeBSD-SA-07-03-ipv6.txt |
Description:
|
FreeBSD Security Advisory - There is no mechanism for preventing IPv6 routing headers from being used to route packets over the same link(s) many times. An attacker can "amplify" a denial of service attack against a link between two vulnerable hosts; that is, by sending a small volume of traffic the attacker can consume a much larger amount of bandwidth between the two vulnerable hosts. An attacker can use vulnerable hosts to "concentrate" a denial of service attack against a victim host or network; that is, a set of packets sent over a period of 30 seconds or more could be constructed such that they all arrive at the victim within a period of 1 second or less.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 5427 | | Related CVE(s): | CVE-2007-2242 | | Last Modified: | May 3 02:13:35 2007 |
| MD5 Checksum: | ccf88dc45c5dd4ba5063e991af6fab59 |
|
| /// File Name: |
FreeBSD-SA-07-04.file.txt |
Description:
|
FreeBSD Security Advisory - An attacker who can cause file to be run on a maliciously constructed input can cause file to crash. It may be possible for such an attacker to execute arbitrary code with the privileges of the user running file. The above also applies to any other applications using the libmagic library.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 5208 | | Related CVE(s): | CVE-2007-1536 | | Last Modified: | May 24 03:57:55 2007 |
| MD5 Checksum: | 460717f8e2c565242021f26418fd5339 |
|
| /// File Name: |
glsa-200705-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-01 - Bryan Burns of Juniper Networks discovered a vulnerability in chunkcounter.cpp when processing large or negative idx values, and a directory traversal vulnerability in torrent.cpp. Versions less than 2.1.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2777 | | Related CVE(s): | CVE-2007-1384, CVE-2007-1385, CVE-2007-1799 | | Last Modified: | May 3 09:00:49 2007 |
| MD5 Checksum: | a3731af8211d105db7ba47883c5f03b4 |
|
| /// File Name: |
glsa-200705-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-02 - Greg MacManus of iDefense Labs has discovered an integer overflow in the function bdfReadCharacters() when parsing BDF fonts. Versions less than 2.1.10-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2524 | | Related CVE(s): | CVE-2007-1351 | | Last Modified: | May 3 09:01:09 2007 |
| MD5 Checksum: | 21246a9406bee2a81ac9dd336a6cb7c1 |
|
| /// File Name: |
glsa-200705-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-03 - Tomcat allows special characters like slash, backslash or URL-encoded backslash as a separator, while Apache does not. Versions less than 5.5.22 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2699 | | Related CVE(s): | CVE-2007-0450 | | Last Modified: | May 3 09:01:34 2007 |
| MD5 Checksum: | 37430d63ecfad0daf99309f55aed81d8 |
|
| /// File Name: |
glsa-200705-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-04 - Alex Solvey discovered that the path_info variable used in file RegistryCooker.pm (mod_perl 2.x) or file PerlRun.pm (mod_perl 1.x), is not properly escaped before being processed. Versions less than 1.30 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2968 | | Related CVE(s): | CVE-2007-1349 | | Last Modified: | May 3 09:27:34 2007 |
| MD5 Checksum: | d909f5c5765cf831270fcc9dd517761d |
|
| /// File Name: |
glsa-200705-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-05 - The Quagga development team reported a vulnerability in the BGP routing daemon when processing NLRI attributes inside UPDATE messages. Versions less than 0.98.6-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2472 | | Related CVE(s): | CVE-2007-1995 | | Last Modified: | May 3 09:27:55 2007 |
| MD5 Checksum: | 1166885ce568c97bf515c1891c32ca97 |
|
| /// File Name: |
glsa-200705-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-06 - Multiple integer overflows have been reported in the XGetPixel() function of the X.Org X11 library. Versions less than 1.0.3-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2592 | | Related CVE(s): | CVE-2007-1667 | | Last Modified: | May 8 10:03:58 2007 |
| MD5 Checksum: | 8d93e993f528bbf688b05056720da2b9 |
|
| /// File Name: |
glsa-200705-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-07 - Robert Jakabosky discovered an infinite loop triggered by a connection abort when Lighttpd processes carriage return and line feed sequences. Marcus Rueckert discovered a NULL pointer dereference when a server running Lighttpd tries to access a file with a mtime of 0. Versions less than 1.4.14 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2753 | | Related CVE(s): | CVE-2007-1869, CVE-2007-1870 | | Last Modified: | May 8 11:21:20 2007 |
| MD5 Checksum: | 925a28efc763ea7828a49471d1b4e2d8 |
|
| /// File Name: |
glsa-200705-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-08 - Marsu discovered that the set_color_table() function in the SUNRAS plugin is vulnerable to a stack-based buffer overflow. Versions less than 2.2.14 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2455 | | Related CVE(s): | CVE-2007-2356 | | Last Modified: | May 8 11:21:37 2007 |
| MD5 Checksum: | 377379519adff2e46beaf5c2ebabdb87 |
|
| /// File Name: |
glsa-200705-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-09 - The isakmp_info_recv() function in src/racoon/isakmp_inf.c does not always check that DELETE (ISAKMP_NPTYPE_D) and NOTIFY (ISAKMP_NPTYPE_N) packets are encrypted. Versions less than 0.6.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2641 | | Related CVE(s): | CVE-2007-1841 | | Last Modified: | May 10 02:56:26 2007 |
| MD5 Checksum: | f126868f00f4214b95df1a8be4d9353d |
|
| /// File Name: |
glsa-200705-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-10 - The libXfont code is prone to several integer overflows, in functions ProcXCMiscGetXIDList(), bdfReadCharacters() and FontFileInitTable(). TightVNC contains a local copy of this code and is also affected. Versions less than 1.2.9-r4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3206 | | Related CVE(s): | CVE-2007-1003, CVE-2007-1351, CVE-2007-1352 | | Last Modified: | May 10 02:58:06 2007 |
| MD5 Checksum: | 4f3107dd626f8a2fd9887a41ac986405 |
|
| /// File Name: |
glsa-200705-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-11 - mu-b discovered a NULL pointer dereference in item_cmpfunc.cc when processing certain types of SQL requests. Sec Consult also discovered another NULL pointer dereference when sorting certain types of queries on the database metadata. Versions less than 5.0.38 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2758 | | Related CVE(s): | CVE-2007-1420 | | Last Modified: | May 10 02:58:21 2007 |
| MD5 Checksum: | b658ddedd31ec26c23e8aec9b7a2dbe9 |
|
| /// File Name: |
glsa-200705-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-12 - An error involving insecure search_path settings in the SECURITY DEFINER functions has been reported in PostgreSQL. Versions less than 8.0.13 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2785 | | Related CVE(s): | CVE-2007-2138 | | Last Modified: | May 11 03:58:59 2007 |
| MD5 Checksum: | be8e42d43b1d61bd287b5b10f160a9a4 |
|
| /// File Name: |
glsa-200705-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-13 - iDefense Labs has discovered multiple integer overflows in ImageMagick in the functions ReadDCMImage() and ReadXWDImage(), that are used to process DCM and XWD files. Versions less than 6.3.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2781 | | Related CVE(s): | CVE-2007-1797 | | Last Modified: | May 11 03:59:18 2007 |
| MD5 Checksum: | 26bce6bed1795434bc83f323da4d005d |
|
| /// File Name: |
glsa-200705-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-14 - XScreenSaver incorrectly handles the results of the getpwuid() function in drivers/lock.c when using directory servers during a network outage. Versions less than 5.02 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2572 | | Related CVE(s): | CVE-2007-1859 | | Last Modified: | May 15 07:58:08 2007 |
| MD5 Checksum: | 1448bbd17400d09798d97fe1700775d2 |
|
| /// File Name: |
glsa-200705-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-15 - Samba contains a logical error in the smbd daemon when translating local SID to user names (CVE-2007-2444). Furthermore, Samba contains several bugs when parsing NDR encoded RPC parameters (CVE-2007-2446). Lastly, Samba fails to properly sanitize remote procedure input provided via Microsoft Remote Procedure Calls (CVE-2007-2447). Versions less than 3.0.24-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2834 | | Related CVE(s): | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447 | | Last Modified: | May 17 03:41:45 2007 |
| MD5 Checksum: | 65698138a6ca1abe5ee01f4f35c2a8eb |
|
| /// File Name: |
glsa-200705-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-16 - Harold Hallikainen has reported that the Upload page fails to properly check the extension of a file. Versions less than 1.3.10-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2599 | | Related CVE(s): | CVE-2007-2024, CVE-2007-2025 | | Last Modified: | May 21 04:51:06 2007 |
| MD5 Checksum: | 9bf97383337dfa4c93c14dc8286bccfb |
|
| /// File Name: |
glsa-200705-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-17 - Stefan Esser discovered that mod_security processes NULL characters as terminators in POST requests using the application/x-www-form-urlencoded encoding type, while other parsers used in web applications do not. Versions less than 2.1.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2683 | | Related CVE(s): | CVE-2007-1359 | | Last Modified: | May 21 04:51:20 2007 |
| MD5 Checksum: | 17f0309269d69d5e877cc81250d35153 |
|
| /// File Name: |
glsa-200705-18.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-18 - James Cameron from HP has reported a vulnerability in PPTPD caused by malformed GRE packets. Versions less than 1.3.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2385 | | Related CVE(s): | CVE-2007-0244 | | Last Modified: | May 22 03:50:38 2007 |
| MD5 Checksum: | 0bb00711429a7d6db4d09bc39f6be8e0 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
