Section: .. / 0805-advisories /
| /// File Name: |
TA08-134A.txt |
Description:
|
Technical Cyber Security Alert TA08-134A - Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Office, Jet Database Engine, Windows Live OneCare, Antigen, Windows Defender, and Forefront Security as part of the Microsoft Security Bulletin Summary for May 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3749 | | Last Modified: | May 13 15:41:07 2008 |
| MD5 Checksum: | 1b674f3df657c92d13731b2e7392126e |
|
| /// File Name: |
05.13.08-1.txt |
Description:
|
iDefense Security Advisory 05.13.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code with the privileges of the logged in user. This vulnerability exists in the way Word handles CSS rules in an HTML document. When the number of CSS selectors is above some specific amount, an unspecified object will be corrupted causing Word to access a memory region that has already been freed. iDefense has confirmed fully patched Microsoft Word 2003 SP2, Microsoft Word XP SP3, Microsoft Word 2000 SP3 are vulnerable. Microsoft Word 2003 SP3 and Microsoft Word 2007 do not appear to be affected. Microsoft reports that all supported versions of Word, Word Viewer, and Outlook 2007 are vulnerable.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 4164 | | Related CVE(s): | CVE-2008-1434 | | Last Modified: | May 13 15:39:58 2008 |
| MD5 Checksum: | fd7486dbe9fda5cc2883cbfa6ad3cc65 |
|
| /// File Name: |
ZDI-08-023.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. Successful exploitation can lead to remote compromise of a system under the credentials of the currently logged in user.
| | Author: | wushi | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3266 | | Related CVE(s): | CVE-2008-1091 | | Last Modified: | May 13 15:38:28 2008 |
| MD5 Checksum: | 3a4c70d8165cb815e52e832667c68280 |
|
| /// File Name: |
USN-612-3.txt |
Description:
|
Ubuntu Security Notice 612-3 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of shared encryption keys and SSL/TLS certificates in OpenVPN. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7395 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 13 15:37:41 2008 |
| MD5 Checksum: | fbc9eb044bb2cb99c735320b168eeffe |
|
| /// File Name: |
TPTI-08-04.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the target opens an Office file that contains malicious Jet DB Engine objects. The specific flaw exists within the parsing of a column structure. The DWORD value from the structure that specifies the column count is trusted. If this value is changed, an inline memcpy to the stack can overflow while reading a column name. Typically Jet DB structures are used within MDB files which are considered unsafe. However, it is possible to embed such files within a trusted format, such as an Office Document (.doc). This issue allows for remote code execution under the context of the currently logged in user.
| | Author: | Aaron Portnoy | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 1728 | | Related CVE(s): | CVE-2007-6026 | | Last Modified: | May 13 15:37:04 2008 |
| MD5 Checksum: | b0741f928fbcdfe0d4a4a46f4d209d1b |
|
| /// File Name: |
sa30150.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Publisher, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30150/ | | File Size: | 3579 | | Last Modified: | May 13 15:35:09 2008 |
| MD5 Checksum: | 5bf958eb7e53a52b0c81fcb50049fc3f |
|
| /// File Name: |
sa30172.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in various Microsoft products, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/30172/ | | File Size: | 2712 | | Last Modified: | May 13 15:35:09 2008 |
| MD5 Checksum: | 26e2aad9399de5a9686f792d7e1ffd20 |
|
| /// File Name: |
sa30220.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for OpenSSL. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system, and a security issue, which can lead to weak cryptographic key material.
| | Homepage: | http://secunia.com/advisories/30220/ | | File Size: | 12255 | | Last Modified: | May 13 15:35:09 2008 |
| MD5 Checksum: | d12ee4238859f20e114301c00d2d8b16 |
|
| /// File Name: |
USN-612-2.txt |
Description:
|
Ubuntu Security Notice 612-2 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 19137 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 13 11:11:26 2008 |
| MD5 Checksum: | 08b7a276f7d12fdf3ce857fbdc45404e |
|
| /// File Name: |
dsa-1571-1.txt |
Description:
|
Debian Security Advisory 1571-1 - Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package. As a result, cryptographic key material may be guessable. This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.
| | Homepage: | http://www.debian.org/security | | File Size: | 14589 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 13 11:10:24 2008 |
| MD5 Checksum: | 3519042f913d5ce265ca79a43a1d7f92 |
|
| /// File Name: |
dsa-1575-1.txt |
Description:
|
Debian Security Advisory 1575-1 - A vulnerability has been discovered in the Linux kernel that may lead to a denial of service. Alexander Viro discovered a race condition in the fcntl code that may permit local users on multi-processor systems to execute parallel code paths that are otherwise prohibited and gain re-ordered access to the descriptor table.
| | Homepage: | http://www.debian.org/security | | File Size: | 36131 | | Related CVE(s): | CVE-2008-1669 | | Last Modified: | May 13 11:04:01 2008 |
| MD5 Checksum: | a095807a32a3fc4ee13e1e39f557b145 |
|
| /// File Name: |
sa30145.txt |
Description:
|
Secunia Security Advisory - A weakness has been reported in Internet Explorer, which may result in potentially sensitive information being inadvertently saved on a system.
| | Homepage: | http://secunia.com/advisories/30145/ | | File Size: | 2149 | | Last Modified: | May 13 11:01:47 2008 |
| MD5 Checksum: | 019360ddc6e566bc46f584dd5aab1411 |
|
| /// File Name: |
sa30158.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for php5. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, malicious users to bypass certain security restrictions, and malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30158/ | | File Size: | 37324 | | Last Modified: | May 13 11:01:47 2008 |
| MD5 Checksum: | 06918163035e7adeb93187c96a7492fe |
|
| /// File Name: |
sa30159.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for rdesktop. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30159/ | | File Size: | 4318 | | Last Modified: | May 13 11:01:47 2008 |
| MD5 Checksum: | a79064430af599e735561dc1eb4cfd6f |
|
| /// File Name: |
sa30160.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for moinmoin. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/30160/ | | File Size: | 1872 | | Last Modified: | May 13 11:01:47 2008 |
| MD5 Checksum: | 53e447641020d598c6bdd79dd7c727e8 |
|
| /// File Name: |
sa30162.txt |
Description:
|
Secunia Security Advisory - Gentoo has acknowledged a security issue in firebird, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/30162/ | | File Size: | 2199 | | Last Modified: | May 13 11:01:47 2008 |
| MD5 Checksum: | 1151417c63dca8d392fad1a6a6efb9e8 |
|
| /// File Name: |
sa30167.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for bugzilla. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions or by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/30167/ | | File Size: | 2121 | | Last Modified: | May 13 11:01:47 2008 |
| MD5 Checksum: | b718cf762e2da4087d4b142ad7fc855d |
|
| /// File Name: |
sa30181.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Red Hat Directory Server, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30181/ | | File Size: | 2413 | | Last Modified: | May 13 11:01:47 2008 |
| MD5 Checksum: | f1692c035efe81f3305f292fa3c801ea |
|
| /// File Name: |
sa30185.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Fedora Directory Server, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30185/ | | File Size: | 2021 | | Last Modified: | May 13 11:01:47 2008 |
| MD5 Checksum: | 8c4c4077b00ccd7d51d066b64e2ef837 |
|
| /// File Name: |
sa30190.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30190/ | | File Size: | 2025 | | Last Modified: | May 13 11:01:47 2008 |
| MD5 Checksum: | a81851e94b991e648c8229053498cb09 |
|
| /// File Name: |
sa30204.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in IBM Lotus Quickr, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/30204/ | | File Size: | 2232 | | Last Modified: | May 13 11:01:47 2008 |
| MD5 Checksum: | 6cfe5ff3a20a272e46a59fa705e9d794 |
|
| /// File Name: |
USN-612-1.txt |
Description:
|
Ubuntu Security Notice 612-1 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15288 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 13 11:01:40 2008 |
| MD5 Checksum: | 4798966590d2c04dbeae52eda8904882 |
|
| /// File Name: |
05.12.08-1.txt |
Description:
|
iDefense Security Advisory 05.12.08 - Local exploitation of an input validation vulnerability within version 5.1.2600.2180 of i2omgmt.sys, as included with Microsoft Corp's Windows XP operating system, could allow an attacker to execute arbitrary code in the context of the kernel. iDefense has confirmed the existence of this vulnerability in i2omgmt.sys version 5.1.2600.2180 as installed on some Windows XP SP2 systems. All other Windows releases with this driver, including previous versions, are suspected to be vulnerable.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 4025 | | Related CVE(s): | CVE-2008-0322 | | Last Modified: | May 12 18:28:36 2008 |
| MD5 Checksum: | 9a855b4f3e57f9d46308c1a0f2293ded |
|
| /// File Name: |
glsa-200805-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-13 - Multiple issues were found in the teTeX 2 codebase that PTeX builds upon (GLSA 200709-17, GLSA 200711-26). PTeX also includes vulnerable code from the GD library (GLSA 200708-05), from Xpdf (GLSA 200709-12, GLSA 200711-22) and from T1Lib (GLSA 200710-12). Versions less than 3.1.10_p20071203 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3730 | | Last Modified: | May 12 18:27:15 2008 |
| MD5 Checksum: | 15830348aa8fe782c793f470674bbf22 |
|
| /// File Name: |
glsa-200805-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200805-12 - Stefan Cornelius (Secunia Research) reported a boundary error within the imb_loadhdr() function in in the file source/blender/imbuf/intern/radiance_hdr.c when processing RGBE images (CVE-2008-1102). Multiple vulnerabilities involving insecure usage of temporary files have also been reported (CVE-2008-1103). Versions less than 2.43-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3313 | | Related CVE(s): | CVE-2008-1102, CVE-2008-1103 | | Last Modified: | May 12 18:26:58 2008 |
| MD5 Checksum: | 448f5fac796df4e8c92d9693409be43e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
