Section: .. / 0711-advisories /
| /// File Name: |
MDKSA-2007-207.txt |
Description:
|
Mandriva Linux Security Advisory - Tavis Ormandy and Will Drewry discovered a flaw in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, resulting in the possible execution of arbitrary code with the permissions of the user running Perl.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8145 | | Related CVE(s): | CVE-2007-5116 | | Last Modified: | Nov 6 01:59:51 2007 |
| MD5 Checksum: | b70dba6f050f083bf9c03673493a9464 |
|
| /// File Name: |
AST-2007-024.txt |
Description:
|
Asterisk Project Security Advisory - This advisory is a response to a false security vulnerability published in several places on the Internet. Had Asterisk's developers been notified prior to its publication, there would be no need for this. There is a potential for a buffer overflow in the sethdlc application; however, running this application requires root access to the server, which means that exploiting this vulnerability gains the attacker no more advantage than what he already has. As such, this is a bug, not a security vulnerability.
| | Author: | Michal Bucko,Mark Michelson | | Homepage: | http://www.asterisk.org/security | | File Size: | 8005 | | Related CVE(s): | CVE-2007-5690 | | Last Modified: | Nov 8 18:48:00 2007 |
| MD5 Checksum: | 4e70e810f66fe1da827e00a4ea82b022 |
|
| /// File Name: |
AST-2007-026.txt |
Description:
|
Asterisk Project Security Advisory - A SQL injection vulnerability exists in Asterisk versions prior to 1.4.15. Input buffers were not properly escaped when providing the ANI and DNIS strings to the Call Detail Record Postgres logging engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things.
| | Author: | Tilghman Lesher | | Homepage: | http://www.asterisk.org/security | | File Size: | 7982 | | Last Modified: | Nov 30 01:54:47 2007 |
| MD5 Checksum: | c6c1a7986ed7ead3dab0bea6978ffb05 |
|
| /// File Name: |
AST-2007-025.txt |
Description:
|
Asterisk Project Security Advisory - A SQL injection vulnerability exists in Asterisk versions prior to 1.4.15. Input buffers were not properly escaped when providing lookup data to the Postgres Realtime Engine. An attacker could potentially compromise the administrative database containing users' usernames and passwords used for SIP authentication, among other things.
| | Author: | P. Chisteas, Tilghman Lesher | | Homepage: | http://www.asterisk.org/security | | File Size: | 7826 | | Last Modified: | Nov 30 01:53:45 2007 |
| MD5 Checksum: | ffa2808110235fd54fffd855e12201bc |
|
| /// File Name: |
sa27549.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gforge. This fixes a security issue, which can be exploited by malicious, local users to truncate arbitrary files.
| | Homepage: | http://secunia.com/advisories/27549/ | | File Size: | 7591 | | Last Modified: | Nov 8 18:19:25 2007 |
| MD5 Checksum: | 73bd8d79f3f3d14937430bea021e5133 |
|
| /// File Name: |
SSRT071499.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX Apache. The vulnerability could be exploited remotely to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 7377 | | Related CVE(s): | CVE-2007-5135 | | Last Modified: | Nov 30 01:04:22 2007 |
| MD5 Checksum: | 01a4cbc604d81903355a69b1541136cc |
|
| /// File Name: |
SSRT071319.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could by exploited remotely to allow cross site scripting (XSS).
| | Homepage: | http://www.hp.com/ | | File Size: | 7342 | | Last Modified: | Nov 30 01:03:53 2007 |
| MD5 Checksum: | e07411d9a1c25a2867dcd1ccdf2f004b |
|
| /// File Name: |
sa27718.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for tetex. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose and manipulate sensitive information and by malicious people to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27718/ | | File Size: | 7212 | | Last Modified: | Nov 27 23:02:19 2007 |
| MD5 Checksum: | 86f2fb6e1eea8d0f8b90d6b4564eb141 |
|
| /// File Name: |
TKADV2007-001.txt |
Description:
|
The xnu kernel of Mac OS X contains a vulnerability in the code that handles TIOCSETD ioctl requests. Exploitation of this vulnerability can lead to denial of service and code execution.
| | Author: | Tobias Klein | | Homepage: | http://www.trapkit.de/ | | File Size: | 7208 | | Related CVE(s): | CVE-2007-4686 | | Last Modified: | Nov 16 02:37:22 2007 |
| MD5 Checksum: | 88c07513ac15b9342ddde37b417d5f43 |
|
| /// File Name: |
sa27727.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for tomcat5. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/27727/ | | File Size: | 7188 | | Last Modified: | Nov 20 11:17:55 2007 |
| MD5 Checksum: | 89a147a65cc71398372c9800d917c908 |
|
| /// File Name: |
msjet-overflow.txt |
Description:
|
A remote code execute vulnerability exists in Microsoft Jet Engine. A remote attacker who successfully exploit this vulnerability can execute arbitrary code on the affected system.
| | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | File Size: | 6986 | | Last Modified: | Nov 26 15:46:41 2007 |
| MD5 Checksum: | 8c40aee731e7e2aff5e039121162cbcf |
|
| /// File Name: |
USN-537-2.txt |
Description:
|
Ubuntu Security Notice 537-2 - USN-537-1 fixed vulnerabilities in gnome-screensaver. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes related problems in compiz.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6752 | | Related CVE(s): | CVE-2007-3920 | | Last Modified: | Nov 2 12:25:20 2007 |
| MD5 Checksum: | baa7ae66da6dda5f4cd2d2d07cf13721 |
|
| /// File Name: |
dsa-1416-1.txt |
Description:
|
Debian Security Advisory 1416-1 - It was discovered that Tk, a cross-platform graphical toolkit for Tcl performs insufficient input validation in the code used to load GIF images, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 6713 | | Related CVE(s): | CVE-2007-5378 | | Last Modified: | Nov 27 23:03:45 2007 |
| MD5 Checksum: | b5bfb274c533aa3afee4ec926a099efb |
|
| /// File Name: |
SSRT071485.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP Secure Shell. The vulnerability could be exploited remotely to gain extended privileges.
| | Homepage: | http://www.hp.com/ | | File Size: | 6703 | | Related CVE(s): | CVE-2007-4752 | | Last Modified: | Nov 12 23:29:25 2007 |
| MD5 Checksum: | 2150f26620e2f6c3b7296e1bad71fb2b |
|
| /// File Name: |
MDKSA-2007-227.txt |
Description:
|
Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in poppler. An attacker could create a malicious PDF file that would cause poppler to crash or potentially execute arbitrary code when opened.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6604 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Nov 26 17:26:44 2007 |
| MD5 Checksum: | 89d580be4bc84ec7277dde50a2f6dd89 |
|
| /// File Name: |
SSRT071465.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified in OpenView Operations (OVO) running on HP-UX and Solaris. These vulnerabilities may be exploited remotely to gain unauthorized access or to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 6590 | | Related CVE(s): | CVE-2007-3922, CVE-2007-3698 | | Last Modified: | Nov 14 21:06:20 2007 |
| MD5 Checksum: | 2d9d3de100d7678ae81bc5ebc689317f |
|
| /// File Name: |
sa27806.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for tk8.3. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/27806/ | | File Size: | 6547 | | Last Modified: | Nov 28 19:37:31 2007 |
| MD5 Checksum: | f9ad32f8f443e3590e11adaf2cfacfad |
|
| /// File Name: |
gadugadu-overflow.txt |
Description:
|
Gadu-Gadu version 7.7 suffers from local and remote buffer overflow vulnerabilities.
| | Author: | j00ru/vx | | File Size: | 6428 | | Last Modified: | Nov 26 21:04:18 2007 |
| MD5 Checksum: | ec542ce11f11309987b28b00e537f6fb |
|
| /// File Name: |
sa27612.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for mono. This fixes a vulnerability with an unknown impact.
| | Homepage: | http://secunia.com/advisories/27612/ | | File Size: | 6315 | | Last Modified: | Nov 16 02:06:08 2007 |
| MD5 Checksum: | 7206226e00b80a1b9e5b759c1a543c98 |
|
| /// File Name: |
MDKSA-2007-206.txt |
Description:
|
Mandriva Linux Security Advisory - A memory management flaw was discovered in PWLib, that an attacker could use to crash an application linked with it, such as Ekiga.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6300 | | Related CVE(s): | CVE-2007-4897 | | Last Modified: | Nov 2 19:28:09 2007 |
| MD5 Checksum: | 9ce8be1563282a29693edb789a6c22a6 |
|
| /// File Name: |
MDKSA-2007-232.txt |
Description:
|
Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The minix filesystem code allows local users to cause a denial of service (hang) via a malformed minix file stream. An integer underflow in the Linux kernel prior to 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6235 | | Related CVE(s): | CVE-2007-4997, CVE-2006-6058 | | Last Modified: | Nov 28 20:19:35 2007 |
| MD5 Checksum: | 766cc256ddbcf93d4722fa79a16929c1 |
|
| /// File Name: |
MDKSA-2007-209.txt |
Description:
|
Mandriva Linux Security Advisory - A function in the JasPer JPEG-2000 library before 1.900 could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files. netpbm contains an embedded copy of libjasper and as such is vulnerable to this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6201 | | Related CVE(s): | CVE-2007-2721 | | Last Modified: | Nov 6 02:01:05 2007 |
| MD5 Checksum: | e093a85489abb706234d8bbb4f4dde59 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
