Section: .. / 0708-advisories /
| /// File Name: |
toribashish.txt |
Description:
|
Toribash versions 2.71 and below suffer from buffer overflow and format string vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | toribashish.zip | | File Size: | 7133 | | Last Modified: | Aug 20 03:41:18 2007 |
| MD5 Checksum: | a41802309d644a473be3e484e199e5ae |
|
| /// File Name: |
TPTI-07-14.txt |
Description:
|
Vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of multiple Hewlett-Packard (HP) OpenView products, including: Performance Manager, Performance Agent, Reporter, Operations, Operations Manager, Service Quality Manager, Network Node Manager, Business Process Insight, Dashboard and Performance Insight. Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the OpenView Shared Trace Service. A service that is distributed with multiple products as ovtrcsvc.exe and OVTrace.exe. The vulnerable service may be found bound to TCP port 5053 (ovtrcsvc.exe) or TCP port 5051 (OVTrace.exe). Specially crafted data through opcode handlers 0x1a and 0x0f can result in arbitrary code execution under the context of the SYSTEM user.
| | Author: | Cody Pierce, Pedram Amini, Aaron Portnay | | Homepage: | http://dvlabs.tippingpoint.com/ | | File Size: | 3620 | | Related CVE(s): | CVE-2007-1676 | | Last Modified: | Aug 15 06:11:14 2007 |
| MD5 Checksum: | 42bec810b1475c3040bb5b97899fc85d |
|
| /// File Name: |
USN-469-2.txt |
Description:
|
Ubuntu Security Notice 469-2 - USN-469-1 fixed vulnerabilities in the Mozilla Thunderbird email client. The updated Thunderbird version broken compatibility with the Enigmail plugin. This update corrects the problem.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5236 | | Related CVE(s): | CVE-2007-1558, CVE-2007-2867, CVE-2007-2868 | | Last Modified: | Aug 29 06:41:59 2007 |
| MD5 Checksum: | d6065899ef69d1526f395fc58b659828 |
|
| /// File Name: |
USN-492-1.txt |
Description:
|
Ubuntu Security Notice 492-1 - A flaw was discovered in the BGP dissector of tcpdump. Remote attackers could send specially crafted packets and execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4876 | | Related CVE(s): | CVE-2007-3798 | | Last Modified: | Aug 1 02:38:17 2007 |
| MD5 Checksum: | 0f7327b30579b7789e7ca71f3da2dc92 |
|
| /// File Name: |
USN-493-1.txt |
Description:
|
Ubuntu Security Notice 493-1 - A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious web page, an attacker could execute helpers with arbitrary arguments with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 23784 | | Related CVE(s): | CVE-2007-3844, CVE-2007-3845 | | Last Modified: | Aug 8 06:27:26 2007 |
| MD5 Checksum: | f9d508262fd7a81703b35191aaacfa3a |
|
| /// File Name: |
USN-494-1.txt |
Description:
|
Ubuntu Security Notice 494-1 - Sean Larsson discovered multiple integer overflows in Gimp. By tricking a user into opening a specially crafted DICOM, PNM, PSD, PSP, RAS, XBM, or XWD image, a remote attacker could exploit this to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17012 | | Related CVE(s): | CVE-2006-4519 | | Last Modified: | Aug 8 07:09:06 2007 |
| MD5 Checksum: | 6dd892ea6ad69dd3a2dc450dc6e1cc13 |
|
| /// File Name: |
USN-495-1.txt |
Description:
|
Ubuntu Security Notice 495-1 - Several format string vulnerabilities have been discovered in Qt warning messages. By causing an application to process specially crafted input data which triggered Qt warnings, this could be exploited to execute arbitrary code with the privilege of the user running the application.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 39325 | | Related CVE(s): | CVE-2007-3388 | | Last Modified: | Aug 8 08:40:19 2007 |
| MD5 Checksum: | b5de8e5ea8c7de131c344ed8dd24fb7a |
|
| /// File Name: |
USN-496-1.txt |
Description:
|
Ubuntu Security Notice 496-1 - Derek Noonburg discovered an integer overflow in the Xpdf function StreamPredictor::StreamPredictor(). By importing a specially crafted PDF file into KWord, this could be exploited to run arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 36100 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 8 08:39:30 2007 |
| MD5 Checksum: | f67af0bc4a182e995415bdad3afa84db |
|
| /// File Name: |
USN-496-2.txt |
Description:
|
Ubuntu Security Notice 496-2 - USN-496-1 fixed a vulnerability in koffice. This update provides the corresponding updates for poppler, the library used for PDF handling in Gnome. Derek Noonburg discovered an integer overflow in the Xpdf function StreamPredictor::StreamPredictor(). By importing a specially crafted PDF file into KWord, this could be exploited to run arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 19266 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 8 10:07:51 2007 |
| MD5 Checksum: | 3e8891c25b0a5051bf52ab27fde68e06 |
|
| /// File Name: |
USN-497-1.txt |
Description:
|
Ubuntu Security Notice 497-1 - Lasse Kärkkäinen discovered that the Xfce Terminal did not correctly escape shell meta-characters during "Open Link" actions. If a remote attacker tricked a user into opening a specially crafted URI, they could execute arbitrary commands with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5384 | | Related CVE(s): | CVE-2007-3770 | | Last Modified: | Aug 14 19:53:31 2007 |
| MD5 Checksum: | 13ab212b8888bcc78c6cb3f91ba65e36 |
|
| /// File Name: |
USN-498-1.txt |
Description:
|
Ubuntu Security Notice 498-1 - David Thiel discovered that libvorbis did not correctly verify the size of certain headers, and did not correctly clean up a broken stream. If a user were tricked into processing a specially crafted Vorbis stream, a remote attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11163 | | Related CVE(s): | CVE-2007-3106, CVE-2007-4029 | | Last Modified: | Aug 16 10:56:59 2007 |
| MD5 Checksum: | 1fa171cc33091ba997a41481db0d9703 |
|
| /// File Name: |
USN-499-1.txt |
Description:
|
Ubuntu Security Notice 499-1 - Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu. Niklas Edmundsson discovered that the mod_cache module could be made to crash using a specially crafted request. A remote user could use this to cause a denial of service if Apache was configured to use a threaded worker. By default, mod_cache is disabled in Ubuntu. A flaw was discovered in the signal handling of Apache. A local attacker could trick Apache into sending SIGUSR1 to other processes. The vulnerable code was only present in Ubuntu Feisty.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 22711 | | Related CVE(s): | CVE-2006-5752, CVE-2007-1863, CVE-2007-3304 | | Last Modified: | Aug 17 08:30:14 2007 |
| MD5 Checksum: | 7c60f4ea73486685f797832eeb5940f5 |
|
| /// File Name: |
USN-500-1.txt |
Description:
|
Ubuntu Security Notice 500-1 - Sebastian Krahmer discovered that rsync contained an off-by-one miscalculation when handling certain file paths. By creating a specially crafted tree of files and tricking an rsync server into processing them, a remote attacker could write a single NULL to stack memory, possibly leading to arbitrary code execution.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4963 | | Related CVE(s): | CVE-2007-4091 | | Last Modified: | Aug 21 22:52:31 2007 |
| MD5 Checksum: | dfa497d0dfc47f8fa6a7754ca178a16d |
|
| /// File Name: |
USN-501-1.txt |
Description:
|
Ubuntu Security Notice 501-1 - It was discovered that Jasper did not correctly handle corrupted JPEG2000 images. By tricking a user into opening a specially crafted JPG, a remote attacker could cause the application using libjasper to crash, resulting in a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9183 | | Related CVE(s): | CVE-2007-2721 | | Last Modified: | Aug 21 22:53:13 2007 |
| MD5 Checksum: | 18edf90bd95d39f3b3040bf19cf030b2 |
|
| /// File Name: |
USN-502-1.txt |
Description:
|
Ubuntu Security Notice 502-1 - It was discovered that Konqueror could be tricked into displaying incorrect URLs. Remote attackers could exploit this to increase their chances of tricking a user into visiting a phishing URL, which could lead to credential theft.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 67210 | | Related CVE(s): | CVE-2007-3820, CVE-2007-4224, CVE-2007-4225 | | Last Modified: | Aug 24 23:16:36 2007 |
| MD5 Checksum: | a88d1e8cb714c03879f57c92495e06d4 |
|
| /// File Name: |
USN-503-1.txt |
Description:
|
Ubuntu Security Notice 503-1 - Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious email, an attacker could execute arbitrary code with the user's privileges. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious email, an attacker could execute helpers with arbitrary arguments with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12955 | | Related CVE(s): | CVE-2007-3670, CVE-2007-3734, CVE-2007-3735, CVE-2007-3844, CVE-2007-3845 | | Last Modified: | Aug 27 17:24:38 2007 |
| MD5 Checksum: | 2c06cd51d5fdc140e11897c175c68979 |
|
| /// File Name: |
USN-504-1.txt |
Description:
|
Ubuntu Security Notice 504-1 - Hendrik Tews discovered that emacs21 did not correctly handle certain GIF images. By tricking a user into opening a specially crafted GIF, a remote attacker could cause emacs21 to crash, resulting in a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 10456 | | Related CVE(s): | CVE-2007-2833 | | Last Modified: | Aug 29 06:38:05 2007 |
| MD5 Checksum: | 32db6a6ba52b0c954ddff36b5563f85a |
|
| /// File Name: |
USN-505-1.txt |
Description:
|
Ubuntu Security Notice 505-1 - Ulf Harnhammar discovered that vim does not properly sanitize the "helptags_one()" function when running the "helptags" command. By tricking a user into running a crafted help file, a remote attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 22721 | | Related CVE(s): | CVE-2007-2953 | | Last Modified: | Aug 29 06:39:32 2007 |
| MD5 Checksum: | 53db9796ef8862d6d9999eb93f9283e1 |
|
| /// File Name: |
USN-506-1.txt |
Description:
|
Ubuntu Security Notice 506-1 - Dmitry V. Levin discovered that tar did not correctly detect the ".." file path element when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4824 | | Related CVE(s): | CVE-2007-4131 | | Last Modified: | Aug 29 06:40:39 2007 |
| MD5 Checksum: | 32687fc87da2b79105619cb2047b7328 |
|
| /// File Name: |
USN-507-1.txt |
Description:
|
Ubuntu Security Notice 507-1 - It was discovered that the TCP wrapper library was incorrectly allowing connections to services that did not specify server-side connection details. Remote attackers could connect to services that had been configured to block such connections. This only affected Ubuntu Feisty.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3608 | | Last Modified: | Aug 30 10:12:46 2007 |
| MD5 Checksum: | af6c4b0f9373ea115dd1700086c18346 |
|
| /// File Name: |
USN-509-1.txt |
Description:
|
Ubuntu Security Notice 509-1 - The Linux 2.6 kernel series suffers from multiple vulnerabilities. A flaw in the sysfs_readdir function allowed a local user to cause a denial of service by dereferencing a NULL pointer. A buffer overflow was discovered in the random number generator. In environments with granular assignment of root privileges, a local attacker could gain additional privileges. A flaw was discovered in the usblcd driver. A local attacker could cause large amounts of kernel memory consumption, leading to a denial of service. It was discovered that certain setuid-root processes did not correctly reset process death signal handlers. A local user could manipulate this to send signals to processes they would not normally have access to. The Direct Rendering Manager for the i915 driver could be made to write to arbitrary memory locations. An attacker with access to a running X11 session could send a specially crafted buffer and gain root privileges. It was discovered that the aacraid SCSI driver did not correctly check permissions on certain ioctls. A local attacker could cause a denial of service or gain privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 54241 | | Related CVE(s): | CVE-2007-3104, CVE-2007-3105, CVE-2007-3513, CVE-2007-3848, CVE-2007-3851, CVE-2007-4308 | | Last Modified: | Aug 31 19:03:00 2007 |
| MD5 Checksum: | 71d8853d53804ac2aa9e5b6ad74a2932 |
|
| /// File Name: |
vmware60-escalate.txt |
Description:
|
VMWare Workstation version 6.0 for Windows suffers from a denial of service vulnerability and possible privilege escalation.
| | Author: | seppi | | File Size: | 1228 | | Last Modified: | Aug 25 21:19:49 2007 |
| MD5 Checksum: | a391980051559a7eee6dff2ad74603e9 |
|
| /// File Name: |
vmwarevix-vuln.txt |
Description:
|
VMWware suffers from a poor guest isolation design.
| | Homepage: | http://www.vmware.com/ | | File Size: | 4302 | | Last Modified: | Aug 31 18:36:33 2007 |
| MD5 Checksum: | 6f1db85eb6f7a1f8d6ed25f9064ddba3 |
|
| /// File Name: |
ZDI-07-045.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Novell Netware Client. Authentication is not required to exploit this vulnerability. The specific flaw exists in nwspool.dll which is responsible for handling RPC requests through the spools named pipe. Several RPC functions exposed by this DLL do not properly verify argument sizes and subsequently copy user-supplied data to a stack-based buffer resulting in an exploitable overflow.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3179 | | Last Modified: | Aug 8 09:39:11 2007 |
| MD5 Checksum: | cd418df7def7fa08d91aa73fdbe6c118 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
