Section: .. / 0707-advisories /
| /// File Name: |
mailmarshall-password.txt |
Description:
|
The MailMarshal Spam Quarantine version 6.2.0.x HTTP interface password reset facility is vulnerable to a SQL buffer truncation attack. The vulnerability could be exploited to reset and retrieve any user account. The attacker would require prior knowledge of the users email address.
| | Author: | Gary O'Leary-Steele | | Homepage: | http://www.sec-1.com/ | | File Size: | 2591 | | Related CVE(s): | CVE-2007-3796 | | Last Modified: | Jul 18 05:59:00 2007 |
| MD5 Checksum: | 1195fa7209354574609552bc888ef297 |
|
| /// File Name: |
MDKSA-2007-138.txt |
Description:
|
Mandriva Linux Security Advisory - An issue with the interaction between the Flash Player and the Konqueror web browser was discovered, which could lead to key presses leaking to the Flash Player instead of to the browser. This only affects users who have actually installed the Adobe Flash Player plugin.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 16384 | | Related CVE(s): | CVE-2007-2022 | | Last Modified: | Jul 7 05:30:15 2007 |
| MD5 Checksum: | 2bd85b9779dd1c6fc1e7330b9c850df8 |
|
| /// File Name: |
MDKSA-2007-139.txt |
Description:
|
Mandriva Linux Security Advisory - MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function. This issue does not affect MySQL 5.0.37 in Mandriva Linux 2007.1. The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10424 | | Related CVE(s): | CVE-2007-1420, CVE-2007-2583, CVE-2007-2691 | | Last Modified: | Jul 7 06:28:16 2007 |
| MD5 Checksum: | 6d21e30c82007518384acd8195695bdf |
|
| /// File Name: |
MDKSA-2007-140.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled. A vulnerability was found in the Apache mod_cache module that could cause the httpd server child process to crash if it was sent a carefully crafted request. This could lead to a denial of service if using a threaded MPM. The Apache server also did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15408 | | Related CVE(s): | CVE-2006-5752, CVE-2007-1863, CVE-2007-3304 | | Last Modified: | Jul 7 06:29:41 2007 |
| MD5 Checksum: | 322cb36012270200b88f81b6f2d54abb |
|
| /// File Name: |
MDKSA-2007-141.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled. A vulnerability was found in the Apache mod_cache module that could cause the httpd server child process to crash if it was sent a carefully crafted request. This could lead to a denial of service if using a threaded MPM.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7372 | | Related CVE(s): | CVE-2006-5752, CVE-2007-1863 | | Last Modified: | Jul 7 06:30:58 2007 |
| MD5 Checksum: | 1625eeb14a6ab25bc1b01e377f2742f1 |
|
| /// File Name: |
MDKSA-2007-142.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was discovered in the the Apache mod_status module that could lead to a cross-site scripting attack on sites where the server-status page was publically accessible and ExtendedStatus was enabled. The Apache server also did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the server could manipulate the scoreboard and cause arbitrary processes to be terminated.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3318 | | Related CVE(s): | CVE-2007-3304, CVE-2006-5752 | | Last Modified: | Jul 7 06:32:02 2007 |
| MD5 Checksum: | d0d53339ab9cf691e657bf11a87707a9 |
|
| /// File Name: |
MDKSA-2007-143.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long album title or category.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5280 | | Related CVE(s): | CVE-2007-2948 | | Last Modified: | Jul 11 09:03:52 2007 |
| MD5 Checksum: | cb31c9dd1e9358a920a966e22797417b |
|
| /// File Name: |
MDKSA-2007-144.txt |
Description:
|
Mandriva Linux Security Advisory - A heap overflow flaw was found in the RTF import filter of OpenOffice.org. If a victim were to open a specially-crafted RTF file, OpenOffice.org could crash or possibly execute arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 31343 | | Related CVE(s): | CVE-2007-0245 | | Last Modified: | Jul 11 10:45:30 2007 |
| MD5 Checksum: | c5dd5ecf3d74f3fd2aa7cd0efa87728c |
|
| /// File Name: |
MDKSA-2007-146.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw was discovered in the perl Net::DNS module in the way it generated the ID field in a DNS query. Because it is so predictable, a remote attacker could exploit this to return invalid DNS data. A denial of service vulnerability was found in how Net::DNS parsed certain DNS requests. A malformed response to a DNS request could cause the application using Net::DNS to crash or stop responding.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3978 | | Related CVE(s): | CVE-2007-3377, CVE-2007-3409 | | Last Modified: | Jul 13 23:55:31 2007 |
| MD5 Checksum: | 858a1ffee7d19abb06a54ea28e358ddb |
|
| /// File Name: |
MDKSA-2007-147.txt |
Description:
|
Mandriva Linux Security Advisory - A number of vulnerabilities were discovered in how ImageMagick handles DCM and XWD image files. If a user were tricked into processing a specially crafted image file with an application that uses ImageMagick, an attacker could cause a heap-based buffer overflow and possibly execute arbitrary code with the user's privileges.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7334 | | Related CVE(s): | CVE-2007-1667, CVE-2007-1797 | | Last Modified: | Jul 23 06:15:42 2007 |
| MD5 Checksum: | f3216450ce9dcbd1a1a9233c58a6e106 |
|
| /// File Name: |
MDKSA-2007-148.txt |
Description:
|
Mandriva Linux Security Advisory - An integer overflow in tcpdump could allow a remote attacker to execute arbitrary code via crafted TLVs in a BGP packet.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3524 | | Related CVE(s): | CVE-2007-3798 | | Last Modified: | Jul 26 07:07:05 2007 |
| MD5 Checksum: | 22cc421a2ff6e6f4a9dd043b8f522625 |
|
| /// File Name: |
MDKSA-2007-149.txt |
Description:
|
Mandriva Linux Security Advisory - The DNS query id generation code in BIND9 is vulnerable to cryptographic analysis which provides a 1-in-8 change of guessing the next query ID for 50% of the query IDs, which could be used by a remote attacker to perform cache poisoning by an attacker. As well, in BIND9 9.4.x, the default ACLs were note being correctly set, which could allow anyone to make recursive queries and/or query the cache contents.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5800 | | Related CVE(s): | CVE-2007-2926, CVE-2007-2925 | | Last Modified: | Jul 26 07:28:34 2007 |
| MD5 Checksum: | 281cfc23213cded6c7feace0a16b696f |
|
| /// File Name: |
MDKSA-2007-150.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in the RAR VM in ClamAV allowed user-assisted remote attackers to cause a crash via a crafted RAR archive which resulted in a NULL pointer dereference.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8267 | | Related CVE(s): | CVE-2007-3725 | | Last Modified: | Jul 26 07:53:21 2007 |
| MD5 Checksum: | d499e21944a3a41ef6ad8d92fad6784f |
|
| /// File Name: |
meta-clamav.txt |
Description:
|
ClamAV versions below 0.91 crash while processing corrupted RAR files causing a null pointer dereference.
| | Homepage: | http://www.metaeye.org/ | | File Size: | 1032 | | Last Modified: | Jul 12 03:52:54 2007 |
| MD5 Checksum: | babbeec796bbc4352f24f68c1ddd8bf6 |
|
| /// File Name: |
mitridat-xss.txt |
Description:
|
Mitridat's Form Processor Pro suffers from cross site scripting vulnerabilities.
| | Author: | Charles Kim | | File Size: | 2391 | | Last Modified: | Jul 26 07:15:55 2007 |
| MD5 Checksum: | e96743643844ea7bb3fcae10a6d0db96 |
|
| /// File Name: |
MSA01110707.txt |
Description:
|
By using a specially crafted "flv" video it is possible to trigger an integer overflow inside Adobe Flash interpreter which could lead to client/browser-plugin crash, arbitrary code execution or system denial of service.
| | Author: | Stefano di Paola | | Homepage: | http://www.mindedsecurity.com/ | | File Size: | 8196 | | Last Modified: | Jul 14 01:18:01 2007 |
| MD5 Checksum: | b746354064d05658a8ac2541f856ee2f |
|
| /// File Name: |
msdirectx-heap.txt |
Description:
|
Microsoft DirectX is prone to a heap overflow vulnerability due to the improper handling of targa files.
| | Author: | Ruben Santamarta | | Homepage: | http://www.reversemode.com/ | | File Size: | 5324 | | Last Modified: | Jul 19 07:06:23 2007 |
| MD5 Checksum: | bb5803ba2e354d2239ac11ee93edc562 |
|
| /// File Name: |
mysqldumper-bypass.txt |
Description:
|
MySQLDumper suffers from a vulnerability access control set by Apache can be bypassed. MySQLDumper 1.23_pre_release_REV227, MySQLDumper 1.22, MySQLDumper 1.21b, and MySQLDumper Typo3-Extension 0.0.5 are affected.
| | Author: | Henning Pingel, Lars Houmark | | File Size: | 3190 | | Last Modified: | Jul 7 05:59:36 2007 |
| MD5 Checksum: | 7edc2da0d510d1a7bee2042b6f539c76 |
|
| /// File Name: |
n.runs-SA-2007.016.txt |
Description:
|
ESET NOD32 Antivirus suffers from a heap corruption vulnerability during the parsing of .CAB files.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 3262 | | Last Modified: | Jul 23 06:02:20 2007 |
| MD5 Checksum: | c9d33a9cc3f409a0e231c14b048e0105 |
|
| /// File Name: |
n.runs-SA-2007.017.txt |
Description:
|
ESET NOD32 Antivirus suffers from an integer overflow vulnerability when handling ASPACK packed files.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 3326 | | Last Modified: | Jul 23 06:03:08 2007 |
| MD5 Checksum: | f0e6061c2d07e91c0bc55db2cb71b0e1 |
|
| /// File Name: |
n.runs-SA-2007.018.txt |
Description:
|
ESET NOD32 Antivirus suffers from a divide by zero vulnerability when parsing ASPACK and FSG packed files.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 3246 | | Last Modified: | Jul 23 06:04:09 2007 |
| MD5 Checksum: | 5711796b31ae2bd7ce430dbcf7620aa0 |
|
| /// File Name: |
n.runs-SA-2007.019.txt |
Description:
|
Panda Antivirus suffers from a buffer overflow vulnerability when parsing .EXE files.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 4339 | | Last Modified: | Jul 23 06:05:10 2007 |
| MD5 Checksum: | 86013db58c55550dc8f1820ff870690a |
|
| /// File Name: |
n.runs-SA-2007.020.txt |
Description:
|
All Norman Antivirus solutions suffer from a buffer overflow vulnerability via its .ACE file parsing functionality.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 7580 | | Last Modified: | Jul 24 06:13:43 2007 |
| MD5 Checksum: | 2c807fc9d60a5107cffa60335452a6e4 |
|
| /// File Name: |
n.runs-SA-2007.021.txt |
Description:
|
All Norman Antivirus solutions suffer from code execution vulnerabilities in the file parsing engine.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 7617 | | Last Modified: | Jul 24 06:04:17 2007 |
| MD5 Checksum: | 235b27c1a366c0c56d5ce3449a0ae836 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
