Section: .. / 0710-advisories /
| /// File Name: |
sa27363.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for OpenSSL. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27363/ | | File Size: | 16392 | | Last Modified: | Oct 23 19:22:54 2007 |
| MD5 Checksum: | c52d1deed3fd7cebf60ff5f87530553b |
|
| /// File Name: |
sa27273.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27273/ | | File Size: | 16266 | | Last Modified: | Oct 22 14:39:08 2007 |
| MD5 Checksum: | 4ed8a7f3b416da9b96bd062cad1e8972 |
|
| /// File Name: |
USN-523-1.txt |
Description:
|
Ubuntu Security Notice 523-1 - Multiple vulnerabilities were found in the image decoders of ImageMagick. If a user or automated system were tricked into processing a malicious DCM, DIB, XBM, XCF, or XWD image, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15632 | | Related CVE(s): | CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988 | | Last Modified: | Oct 5 01:30:30 2007 |
| MD5 Checksum: | 86e6f3964a537e5b0f856c134bd48572 |
|
| /// File Name: |
sa27048.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for imagemagick. This fixes some vulnerabilities, which can be exploited by malicious people to conduct DoS (Denial of Service) attacks or compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27048/ | | File Size: | 15608 | | Last Modified: | Oct 5 01:20:47 2007 |
| MD5 Checksum: | 52be894c8e4dc09361d3736a15398aab |
|
| /// File Name: |
sa27261.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for Sun Java. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate data, disclose sensitive/system information, or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27261/ | | File Size: | 15607 | | Last Modified: | Oct 19 11:32:30 2007 |
| MD5 Checksum: | 1c38828d7ee507a99fb094c46a49175e |
|
| /// File Name: |
sa27241.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for wesnoth. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/27241/ | | File Size: | 15415 | | Last Modified: | Oct 15 18:42:41 2007 |
| MD5 Checksum: | 2d44b310e5b1a801d9cebd84a8c4c8e2 |
|
| /// File Name: |
cisco-sa-20071017-cucm.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, contains two denial of service (DoS) vulnerabilities. Large volumes of UDP Session Initiation Protocol (SIP) INVITE messages may cause a resource exhaustion condition on CUCM systems resulting in a kernel panic. The CUCM Trivial File Transfer Protocol (TFTP) service contains a buffer overflow vulnerability that may result in a denial of service condition or allow a remote, unauthenticated user to execute arbitrary code. There are no workarounds for these vulnerabilities.
| | Homepage: | http://www.cisco.com/ | | File Size: | 15285 | | Last Modified: | Oct 18 18:31:26 2007 |
| MD5 Checksum: | 12346c759f4592e4e636e40e7256679e |
|
| /// File Name: |
sa27326.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for icedove. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27326/ | | File Size: | 15221 | | Last Modified: | Oct 22 18:54:34 2007 |
| MD5 Checksum: | 0c3bd2c1e7ad93a48b2ee13a8c16266d |
|
| /// File Name: |
USN-528-1.txt |
Description:
|
Ubuntu Security Notice 528-1 - Neil Kettle discovered that MySQL could be made to dereference a NULL pointer and divide by zero. An authenticated user could exploit this with a crafted IF clause, leading to a denial of service. Victoria Reznichenko discovered that MySQL did not always require the DROP privilege. An authenticated user could exploit this via RENAME TABLE statements to rename arbitrary tables, possibly gaining additional database access. It was discovered that MySQL could be made to overflow a signed char during authentication. Remote attackers could use crafted authentication requests to cause a denial of service. Phil Anderton discovered that MySQL did not properly verify access privileges when accessing external tables. As a result, authenticated users could exploit this to obtain UPDATE privileges to external tables. In certain situations, when installing or upgrading mysql, there was no notification that the mysql root user password needed to be set. If the password was left unset, attackers would be able to obtain unrestricted access to mysql. This is now checked during mysql start-up.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15165 | | Related CVE(s): | CVE-2007-2583, CVE-2007-2691, CVE-2007-3780, CVE-2007-3782 | | Last Modified: | Oct 12 00:23:11 2007 |
| MD5 Checksum: | d9c83a427ad45d69379e7197ed90bb83 |
|
| /// File Name: |
sa27350.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27350/ | | File Size: | 15135 | | Last Modified: | Oct 23 19:22:54 2007 |
| MD5 Checksum: | 2d796fd3ebbe5d23b13b70e14cf60a2a |
|
| /// File Name: |
dsa-1390-1.txt |
Description:
|
Debian Security Advisory 1390-1 - Hamid Ebadi has discovered a buffer overflow the intT1_Env_GetCompletePath routine in t1lib, a Type 1 font rasterizer library. This flaw could allow an attacker to crash and application using the t1lib shared libraries, and potentially execute arbitrary code within such an application's security context.
| | Homepage: | http://www.debian.org/security | | File Size: | 14681 | | Related CVE(s): | CVE-2007-4033 | | Last Modified: | Oct 22 18:09:49 2007 |
| MD5 Checksum: | ae420976e7c5372549fdce9c120966d2 |
|
| /// File Name: |
CORE-2007-0928.txt |
Description:
|
Core Security Technologies Advisory - A vulnerability found in OpenBSD's dhcpd allows attackers on the local network to remotely cause the DHCP server to corrupt its process memory and crash; or continue functioning erratically thus denying service to all DHCP clients on the network and, if PF updates are in use, potentially affecting egress/ingress filtering as well. OpenBSD 4.0, 4.1, and 4.2 are affected.
| | Author: | Nahuel Riva, Gerardo Richarte | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 14380 | | Related CVE(s): | CVE-2007-0063 | | Last Modified: | Oct 11 00:28:53 2007 |
| MD5 Checksum: | 4f54934bbd0acff7397c83a86dcce243 |
|
| /// File Name: |
USN-531-2.txt |
Description:
|
Ubuntu Security Notice 531-2 - USN-531-1 fixed vulnerabilities in dhcp. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes the problem. Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 14318 | | Related CVE(s): | CVE-2007-5365 | | Last Modified: | Oct 23 19:56:28 2007 |
| MD5 Checksum: | 8c2c23432b88a2cdb1e4a4a902161683 |
|
| /// File Name: |
USN-531-1.txt |
Description:
|
Ubuntu Security Notice 531-1 - Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 14112 | | Related CVE(s): | CVE-2007-5365 | | Last Modified: | Oct 22 23:49:49 2007 |
| MD5 Checksum: | f26d95797f689c3fc1c1129bfd38d570 |
|
| /// File Name: |
sa27155.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mysql. This fixes some vulnerabilities and security issues, which can be exploited by malicious users to gain escalated privileges, bypass certain security restrictions and cause a DoS (Denial of Service) or malicious people to cause a DoS.
| | Homepage: | http://secunia.com/advisories/27155/ | | File Size: | 14096 | | Last Modified: | Oct 12 00:13:39 2007 |
| MD5 Checksum: | c1225dc86b4c8381111164b863af2cb4 |
|
| /// File Name: |
sa27297.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for t1lib. This fixes a vulnerability, which can be exploited by malicious users to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27297/ | | File Size: | 13940 | | Last Modified: | Oct 22 14:39:08 2007 |
| MD5 Checksum: | 0600d99939daae0e7673e1e7f78ad82c |
|
| /// File Name: |
cisco-sa-20071017-IPCC.txt |
Description:
|
Cisco Security Advisory - Unified Contact Center and Intelligent Contact Management products contain a vulnerability that may result in unauthorized access to the web-based reporting and script monitoring tool (Web View) and the web-based configuration tool (Web Admin).
| | Homepage: | http://www.cisco.com/ | | File Size: | 13405 | | Last Modified: | Oct 18 18:32:04 2007 |
| MD5 Checksum: | 244e079104e4868a9ff5bec548531d60 |
|
| /// File Name: |
sa27405.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for libpng. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/27405/ | | File Size: | 12945 | | Last Modified: | Oct 29 11:03:58 2007 |
| MD5 Checksum: | ae3da0795395af2fa9df9fb1c3edcff5 |
|
| /// File Name: |
sa27354.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for util-linux. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/27354/ | | File Size: | 12933 | | Last Modified: | Oct 23 14:14:24 2007 |
| MD5 Checksum: | 66890c5983f4565b48914df0263c209f |
|
| /// File Name: |
sa27021.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for openssl. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27021/ | | File Size: | 12845 | | Last Modified: | Oct 1 14:36:17 2007 |
| MD5 Checksum: | cedc47d9de3f1903e3455f0d49162a8c |
|
| /// File Name: |
USN-533-1.txt |
Description:
|
Ubuntu Security Notice 533-1 - Ludwig Nussel discovered that mount and umount did not properly drop privileges when using helper programs. Local attackers may be able to bypass security restrictions and gain root privileges using programs such as mount.nfs or mount.cifs.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12797 | | Related CVE(s): | CVE-2007-5191 | | Last Modified: | Oct 22 23:52:24 2007 |
| MD5 Checksum: | 43cdabef17197796a0e6ed65fa2805b4 |
|
| /// File Name: |
USN-538-1.txt |
Description:
|
Ubuntu Security Notice 538-1 - It was discovered that libpng did not properly perform bounds checking and comparisons in certain operations. An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12789 | | Related CVE(s): | CVE-2007-5268, CVE-2007-5269 | | Last Modified: | Oct 26 10:52:33 2007 |
| MD5 Checksum: | 4b4af6499f69b4b2a1ffcc8a68acadd9 |
|
| /// File Name: |
USN-529-1.txt |
Description:
|
Ubuntu Security Notice 529-1 - It was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12766 | | Related CVE(s): | CVE-2007-5137 | | Last Modified: | Oct 12 00:24:55 2007 |
| MD5 Checksum: | 77c92b066b80efbd16298942f4020919 |
|
| /// File Name: |
sa27207.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for tk. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/27207/ | | File Size: | 12700 | | Last Modified: | Oct 12 20:30:02 2007 |
| MD5 Checksum: | 506adc67a3a01b72d9a6f055019dc745 |
|
| /// File Name: |
cisco-sa-20071010-wcs.txt |
Description:
|
Cisco Security Advisory - Customers who use the CiscoWorks Wireless LAN Solution Engine (WLSE) may use a conversion utility to convert over to a Cisco Wireless Control System (WCS). This conversion utility creates and uses administrative accounts with default credentials. Because there is no requirement to change these credentials during the conversion process, an attacker may be able to leverage the accounts that have default credentials to take full administrative control of the WCS after the conversion has been completed.
| | Homepage: | http://www.cisco.com/ | | File Size: | 12248 | | Last Modified: | Oct 10 23:52:19 2007 |
| MD5 Checksum: | 88515006ebec8b1fa0285611c0e5dee7 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
