Section: .. / 0712-advisories /
| /// File Name: |
incidents-summary.txt |
Description:
|
A quick summary of recent web hacking incidents in December 2007.
| | Author: | Ofer Shezaf | | File Size: | 9000 | | Last Modified: | Dec 28 19:36:19 2007 |
| MD5 Checksum: | f2632d64721a936dcca32425bc9cd383 |
|
| /// File Name: |
dsa-1432-1.txt |
Description:
|
Debian Security Advisory 1432-1 - Alin Rad Pop discovered that link-grammar, Carnegie Mellon University's link grammar parser for English, performed insufficient validation within its tokenizer, which could allow a malicious input file to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 8879 | | Related CVE(s): | CVE-2007-5395 | | Last Modified: | Dec 17 20:26:26 2007 |
| MD5 Checksum: | 764bcc1dc4dd9095916d5a12c1972e44 |
|
| /// File Name: |
sa28101.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for link-grammar. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28101/ | | File Size: | 8652 | | Last Modified: | Dec 18 19:48:19 2007 |
| MD5 Checksum: | 81e0226fd5ceafe9823105b760ebb559 |
|
| /// File Name: |
AST-2007-027.txt |
Description:
|
Asterisk Project Security Advisory - Due to the way database-based registrations ("realtime") are processed, IP addresses are not checked when the username is correct and there is no password. An attacker may impersonate any user using host-based authentication without a secret, simply by guessing the username of that user. This is limited in scope to administrators who have set up the registration database ("realtime") for authentication and are using only host-based authentication, not passwords. However, both the SIP and IAX protocols are affected.
| | Author: | Tilghman Lesher | | Homepage: | http://www.asterisk.org/security | | File Size: | 8605 | | Related CVE(s): | CVE-2007-6430 | | Last Modified: | Dec 18 19:56:53 2007 |
| MD5 Checksum: | f9dfea6ea0b39fe7b65dcff07dc9ba1f |
|
| /// File Name: |
dsa-1442-1.txt |
Description:
|
Debian Security Advisory 1442-1 - Rubert Buchholz discovered that libsndfile, a library for reading / writing audio files performs insufficient boundary checks when processing FLAC files, which might lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 8448 | | Related CVE(s): | CVE-2007-4974 | | Last Modified: | Dec 29 15:40:29 2007 |
| MD5 Checksum: | 57b37d2a4f4496939ae7a1675e08b537 |
|
| /// File Name: |
dsa-1430-1.txt |
Description:
|
Debian Security Advisory 1430-1 - It was reported that a race condition exists in libnss-ldap, an NSS module for using LDAP as a naming service, which could cause denial of service attacks when applications use pthreads.
| | Homepage: | http://www.debian.org/security | | File Size: | 7993 | | Related CVE(s): | CVE-2007-5794 | | Last Modified: | Dec 11 23:26:53 2007 |
| MD5 Checksum: | bf0f4fcb1717a4e3fc9857992734d35a |
|
| /// File Name: |
MDKSA-2007-236.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in OpenSSH prior to 4.7 prevented ssh from properly handling when an untrusted cookie could not be created and used a trusted X11 cookie instead, which could allow attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7816 | | Related CVE(s): | CVE-2007-4752 | | Last Modified: | Dec 5 23:35:24 2007 |
| MD5 Checksum: | fbd6eaf14eebbb0b688a45ef45ee6de1 |
|
| /// File Name: |
sa28061.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for nss-ldap. This fixes a security issue, which can be exploited by malicious persons to manipulate certain data.
| | Homepage: | http://secunia.com/advisories/28061/ | | File Size: | 7773 | | Last Modified: | Dec 13 13:34:25 2007 |
| MD5 Checksum: | 5439f4551eab216408951cea2497bed5 |
|
| /// File Name: |
tk53-clamav.txt |
Description:
|
TK53 Advisory 2 - Multiple vulnerabilities exist in ClamAV version 0.92 including a race condition and bypass flaws.
| | Author: | Roflek, Lolek | | File Size: | 7766 | | Last Modified: | Dec 31 16:26:46 2007 |
| MD5 Checksum: | e18caa0c092d7067ea71b97be00c10c7 |
|
| /// File Name: |
dsa-1438-1.txt |
Description:
|
Debian Security Advisory 1438-1 - Several vulnerabilities have been discovered in GNU Tar. A directory traversal vulnerability enables attackers using specially crafted archives to extract contents outside the directory tree created by tar. A stack-based buffer overflow in the file name checking code may lead to arbitrary code execution when processing maliciously crafted archives.
| | Homepage: | http://www.debian.org/security | | File Size: | 7757 | | Related CVE(s): | CVE-2007-4131, CVE-2007-4476 | | Last Modified: | Dec 28 20:18:33 2007 |
| MD5 Checksum: | 9876b5a2363d163e5bd48c7c91cf6a80 |
|
| /// File Name: |
SSRT061261.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could be exploited remotely by an unauthorized user to execute arbitrary code with the permissions of the NNM server.
| | Homepage: | http://www.hp.com/ | | File Size: | 7681 | | Related CVE(s): | CVE-2007-6204 | | Last Modified: | Dec 7 13:08:15 2007 |
| MD5 Checksum: | 85e069e026e75fadfb5da36308648a58 |
|
| /// File Name: |
dsa-1420-1.txt |
Description:
|
Debian Security Advisory 1420-1 - Bas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation.
| | Homepage: | http://www.debian.org/security | | File Size: | 7625 | | Related CVE(s): | CVE-2007-6210 | | Last Modified: | Dec 6 01:05:07 2007 |
| MD5 Checksum: | 1021459e5bdabe31e5d3c3e215fcff28 |
|
| /// File Name: |
sa27977.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27977/ | | File Size: | 7480 | | Last Modified: | Dec 11 21:35:59 2007 |
| MD5 Checksum: | 578aeac4b8e7284b103b77ceaf7e2b92 |
|
| /// File Name: |
sa27948.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for zabbix. This fixes a weakness, which can be exploited by malicious users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/27948/ | | File Size: | 7367 | | Last Modified: | Dec 7 11:22:07 2007 |
| MD5 Checksum: | 84919e68d20a49c00affea84310331e3 |
|
| /// File Name: |
CAID-brightstor.txt |
Description:
|
CA Security Advisory - Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action.
| | Author: | Dyon Balding, Cocoruder, Tenable Network Security, Pedram Amini, eEye Digital Security, shirkdog | | Homepage: | http://www3.ca.com/ | | File Size: | 7341 | | Related CVE(s): | CVE-2007-5326, CVE-2007-5329, CVE-2007-5327, CVE-2007-5325, CVE-2007-5328, CVE-2007-5330, CVE-2007-5331, CVE-2007-5332 | | Last Modified: | Dec 7 20:03:25 2007 |
| MD5 Checksum: | b570156ca875e160d5434e5fb72b11c5 |
|
| /// File Name: |
sa28216.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Sun Java System Web Server / Web Proxy Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/28216/ | | File Size: | 7229 | | Last Modified: | Dec 24 13:50:38 2007 |
| MD5 Checksum: | ad88dc94856cf1faf692d8b0c3526a7d |
|
| /// File Name: |
fengulo.txt |
Description:
|
Feng versions 0.1.15 and below suffer from buffer overflow and denial of service vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | fengulo.zip | | File Size: | 7202 | | Last Modified: | Dec 28 19:58:39 2007 |
| MD5 Checksum: | b9d0d28e5b0104405b411a0afd34090d |
|
| /// File Name: |
SSRT071504.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running OpenSSL. The vulnerability could be exploited remotely to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 7176 | | Related CVE(s): | CVE-2007-4995 | | Last Modified: | Dec 13 17:57:13 2007 |
| MD5 Checksum: | f7c42212c5895b6e0c7827b3cf5fe9f5 |
|
| /// File Name: |
sa28180.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in Fedora, which can be exploited by malicious, local users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/28180/ | | File Size: | 7083 | | Last Modified: | Dec 24 13:50:38 2007 |
| MD5 Checksum: | 48daeec3475d98cca479094f724e75f3 |
|
| /// File Name: |
sa28025.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for mysql. This fixes two vulnerabilities and a security issue, which can be exploited by malicious users to gain escalated privileges, manipulate certain data, or to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28025/ | | File Size: | 6829 | | Last Modified: | Dec 17 19:58:22 2007 |
| MD5 Checksum: | b9c755ec9b72db20a5e829c794d2e629 |
|
| /// File Name: |
SSRT071502.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with the HP Quick Launch Button (QLB) software running on Windows. The vulnerability could be exploited remotely to execute arbitrary code or to gain privileged access.
| | Homepage: | http://www.hp.com/ | | File Size: | 6734 | | Related CVE(s): | CVE-2007-6331, CVE-2007-6332, CVE-2007-6333 | | Last Modified: | Dec 17 20:24:27 2007 |
| MD5 Checksum: | 80ea31203b6b91cb16508db40df1656d |
|
| /// File Name: |
eleytt-various.txt |
Description:
|
Eleytt has discovered cross site scripting and username enumeration vulnerabilities in the IBM Tivoli Provisioning Manager Express, a HTML injection vulnerability in the Computer Associates eTrust Threat Management Console, and a denial of service and remote user addition vulnerability in Gadu-Gadu.
| | Author: | Michal Bucko, Tomasz Polis | | Homepage: | http://www.eleytt.com/ | | File Size: | 6731 | | Last Modified: | Dec 5 23:33:36 2007 |
| MD5 Checksum: | 5c1482d536691a3868f0e2029cdfc0df |
|
| /// File Name: |
SSRT071451.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX applications running DCE such as Software Distributor (SD). The vulnerability could be exploited remotely to create a denial of service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 6638 | | Related CVE(s): | CVE-2007-6195 | | Last Modified: | Dec 13 17:56:41 2007 |
| MD5 Checksum: | c5fdc8116ee8af5a63f95b835d6af576 |
|
| /// File Name: |
MDKSA-2007-242.txt |
Description:
|
Mandriva Linux Security Advisory - Rafal Wojtczuk of McAfee AVERT Research found that e2fsprogs contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These flaws could result in heap-based overflows potentially allowing for the execution of arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6614 | | Related CVE(s): | CVE-2007-5497 | | Last Modified: | Dec 10 20:30:47 2007 |
| MD5 Checksum: | 42458e5239abe8645204d05adff4bd1d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
