Section: .. / 0803-advisories /
| /// File Name: |
sa29451.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29451/ | | File Size: | 2353 | | Last Modified: | Mar 19 18:04:21 2008 |
| MD5 Checksum: | 6e7ffc36abec1fa3bb76acc5980cec8d |
|
| /// File Name: |
MDVSA-2008-068.txt |
Description:
|
Mandriva Linux Security Advisory - Tavis Ormandy of Google Security discovered an invalid pointer flaw in unzip that could lead to the execution of arbitrary code with the privileges of the user running unzip.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4354 | | Related CVE(s): | CVE-2008-0888 | | Last Modified: | Mar 18 22:44:25 2008 |
| MD5 Checksum: | e36b7227b79e870237a7f130fb16e0fa |
|
| /// File Name: |
MDVSA-2008-067.txt |
Description:
|
Mandriva Linux Security Advisory - A number of vulnerabilities were found in Nagios and Nagios Plugins that are corrected with the latest version of both, as provided in this update. These vulnerabilities are buffer overflows and cross site scripting flaws.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 29119 | | Related CVE(s): | CVE-2007-5198, CVE-2007-5623, CVE-2007-5624, CVE-2008-1360 | | Last Modified: | Mar 18 22:43:45 2008 |
| MD5 Checksum: | 46c1767bff7aaf1e614ae4ab9469fd79 |
|
| /// File Name: |
03.18.08-1.txt |
Description:
|
iDefense Security Advisory 03.18.08 - Remote exploitation of a heap based buffer overflow vulnerability in CUPS, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the affected service. iDefense has confirmed the existence of this vulnerability in CUPS version 1.3.5. Previous versions may also be affected.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3384 | | Related CVE(s): | CVE-2008-0047 | | Last Modified: | Mar 18 22:41:26 2008 |
| MD5 Checksum: | c2e5a25c6026dfd6fb7f133b0d26623e |
|
| /// File Name: |
AST-2008-005.txt |
Description:
|
Asterisk Project Security Advisory - The HTTP Manager ID used by Asterisk is predictable, allowing an attack the ability to hijack a manager session.
| | Author: | Tilghman Lesher | | Homepage: | http://www.asterisk.org/security | | File Size: | 15827 | | Related CVE(s): | CVE-2008-1390 | | Last Modified: | Mar 18 22:40:12 2008 |
| MD5 Checksum: | b3ec2efc2d6a9a02d1ed7f6a496a55ea |
|
| /// File Name: |
AST-2008-003.txt |
Description:
|
Asterisk Project Security Advisory - Unauthenticated calls can be made via the SIP channel driver using an invalid From header. This acts similarly to the SIP configuration option 'allowguest=yes', in that calls with a specially crafted From header would be sent to the PBX in the context specified in the general section of sip.conf.
| | Author: | Jason Parker | | Homepage: | http://www.asterisk.org/security | | File Size: | 9431 | | Related CVE(s): | CVE-2008-1332 | | Last Modified: | Mar 18 22:36:42 2008 |
| MD5 Checksum: | 4503d7ec5e28b9a90bfa07d4c16f2dd4 |
|
| /// File Name: |
AST-2008-002.txt |
Description:
|
Asterisk Project Security Advisory - Two buffer overflows exist in the RTP payload handling code of Asterisk. Both overflows can be caused by an INVITE or any other SIP packet with SDP. The request may need to be authenticated depending on configuration of the Asterisk installation.
| | Author: | Joshua Colp | | Homepage: | http://www.asterisk.org/security | | File Size: | 10835 | | Related CVE(s): | CVE-2008-1289 | | Last Modified: | Mar 18 22:34:40 2008 |
| MD5 Checksum: | 9af18bb93f79be77066637b6ba8f4e94 |
|
| /// File Name: |
dsa-1524-1.txt |
Description:
|
Debian Security Advisory 1524-1 - Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network.
| | Homepage: | http://www.debian.org/security | | File Size: | 41045 | | Related CVE(s): | CVE-2008-0062, CVE-2008-0063, CVE-2008-0947 | | Last Modified: | Mar 18 22:26:54 2008 |
| MD5 Checksum: | 6d2bce7caab09eb36eab512d2b157d88 |
|
| /// File Name: |
MITKRB5-SA-2008-002.txt |
Description:
|
MIT krb5 Security Advisory 2008-002 - Two bugs in the RPC library server code, used in the kadmin server, causes an array overrun if too many file descriptors are opened. Memory corruption can result.
| | Homepage: | http://web.mit.edu/ | | File Size: | 7715 | | Related CVE(s): | CVE-2008-0947, CVE-2008-0948 | | Last Modified: | Mar 18 22:22:52 2008 |
| MD5 Checksum: | 548fe30eb399d6ce1de24ef032f0fda9 |
|
| /// File Name: |
VMSA-2008-0005.txt |
Description:
|
VMware Security Advisory - VMWare has addressed a folder traversal vulnerability, an insecure named pipe vulnerability, libpng, and various other bits and pieces.
| | Homepage: | http://www.vmware.com/ | | File Size: | 15844 | | Related CVE(s): | CVE-2008-0923, CVE-2008-0923, CVE-2008-1361, CVE-2008-1362, CVE-2007-5269, CVE-2006-2940, CVE-2006-2937, CVE-2006-4343, CVE-2006-4339, CVE-2007-5618, CVE-2008-1364, CVE-2008-1363, CVE-2008-1340 | | Last Modified: | Mar 18 22:18:56 2008 |
| MD5 Checksum: | ee66e4579274ee816d1615a56fe85d80 |
|
| /// File Name: |
SSRT080028.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com/ | | File Size: | 9318 | | Last Modified: | Mar 18 21:50:59 2008 |
| MD5 Checksum: | 6482a164639b3bbd56076d6992d4fd6a |
|
| /// File Name: |
glsa-200803-26.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-26 - SUSE reported that the acroread wrapper script does not create temporary files in a secure manner when handling SSL certificates (CVE-2008-0883). Versions less than 8.1.2-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2496 | | Related CVE(s): | CVE-2008-0883 | | Last Modified: | Mar 18 21:50:11 2008 |
| MD5 Checksum: | ba7bd20480a9c289bb055b91d942814d |
|
| /// File Name: |
glsa-200803-25.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-25 - Dovecot uses the group configured via the mail_extra_groups setting, which should be used to create lockfiles in the /var/mail directory, when accessing arbitrary files (CVE-2008-1199). Dovecot does not escape TAB characters in passwords when saving them, which might allow for argument injection in blocking passdbs such as MySQL, PAM or shadow (CVE-2008-1218). Versions less than 1.0.13-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3325 | | Related CVE(s): | CVE-2008-1199, CVE-2008-1218 | | Last Modified: | Mar 18 21:49:51 2008 |
| MD5 Checksum: | 76e43260116a23ea2d999c1d92295e87 |
|
| /// File Name: |
glsa-200803-24-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200803-24:02 - PCRE contains a buffer overflow vulnerability when processing a character class containing a very large number of characters with codepoints greater than 255. Versions less than 7.6-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3411 | | Related CVE(s): | CVE-2008-0674 | | Last Modified: | Mar 18 21:43:24 2008 |
| MD5 Checksum: | 2e890d70d0956a2904ab3874722f1435 |
|
| /// File Name: |
dsa-1523-1.txt |
Description:
|
Debian Security Advisory 1523-1 - Josh Triplett discovered that ikiwiki did not block Javascript in URLs, leading to cross-site scripting vulnerabilities.
| | Homepage: | http://www.debian.org/security | | File Size: | 2952 | | Related CVE(s): | CVE-2008-0808, CVE-2008-0809 | | Last Modified: | Mar 18 21:42:27 2008 |
| MD5 Checksum: | 9c131e45810e5b75e21d3db56f272e88 |
|
| /// File Name: |
08031201-flexispy.txt |
Description:
|
Airscanner Mobile Security Advisory #08031201 - FlexiSPY.com's user administration web application contains a critical bug that allows anyone to inject spoofed incoming/outgoing phone records, SMS messages, and Emails into the backend database for ANY user of the software if the IMEI value is known.
| | Author: | Seth Fogie | | Homepage: | http://www.airscanner.com/ | | File Size: | 2950 | | Last Modified: | Mar 18 21:40:49 2008 |
| MD5 Checksum: | ae3737a66fc225d2b129825fd2732d61 |
|
| /// File Name: |
sa29282.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for libpcre and glib. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/29282/ | | File Size: | 2212 | | Last Modified: | Mar 18 20:35:21 2008 |
| MD5 Checksum: | 6caead636ecc25aa442a1820ae52a192 |
|
| /// File Name: |
sa29361.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been discovered in Plone, which can be exploited by malicious people to conduct cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/29361/ | | File Size: | 2458 | | Last Modified: | Mar 18 20:35:21 2008 |
| MD5 Checksum: | aa7b1d8751de295028c174a4c5df2b50 |
|
| /// File Name: |
sa29369.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for ikiwiki. This fixes two vulnerabilities, which can be exploited by malicious people to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/29369/ | | File Size: | 2649 | | Last Modified: | Mar 18 20:35:21 2008 |
| MD5 Checksum: | 4b5de6383070f635e27aa149464d3eea |
|
| /// File Name: |
sa29380.txt |
Description:
|
Secunia Security Advisory - Omni has discovered two vulnerabilities in eForum, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/29380/ | | File Size: | 2272 | | Last Modified: | Mar 18 20:35:21 2008 |
| MD5 Checksum: | f143bb9ba1b09b347fa30fc6622a7602 |
|
| /// File Name: |
sa29394.txt |
Description:
|
Secunia Security Advisory - Robert Mitchell has reported a security issue in CheckPoint VPN-1, which can lead to a DoS (Denial of Service) or disclosure of sensitive information.
| | Homepage: | http://secunia.com/advisories/29394/ | | File Size: | 2787 | | Last Modified: | Mar 18 20:35:21 2008 |
| MD5 Checksum: | 182983e7dafb45cd614bd0182f09fd14 |
|
| /// File Name: |
sa29396.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29396/ | | File Size: | 2017 | | Last Modified: | Mar 18 20:35:21 2008 |
| MD5 Checksum: | b24b9a9352f473a9c60bac02bda0ab98 |
|
| /// File Name: |
sa29398.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Serendipity, which can be exploited by malicious people to conduct script insertion attacks and bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29398/ | | File Size: | 2573 | | Last Modified: | Mar 18 20:35:21 2008 |
| MD5 Checksum: | 194b174b214357f76534ea1e0d90ed72 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
