Section: .. / 0602-advisories /
| /// File Name: |
SUSE-SA-2006-016.txt |
Description:
|
SUSE Security Announcement - SUSE-SA:2006:016 - A programming flaw in the X.Org X Server allows local attackers to gain root access when the server is setuid root, as is the default in SUSE Linux 10.0. This flaw was spotted by the Coverity project.
| | Homepage: | http://www.suse.com | | File Size: | 12311 | | Last Modified: | Mar 21 23:17:20 2006 |
| MD5 Checksum: | a6a9900c4c24468a7a237eb8cfc8c54d |
|
| /// File Name: |
plus-6.2.0.189.txt |
Description:
|
PLUS (PatchLink Update Server) version: 6.2.0.189 suffers from several bugs and security issues.
| | Author: | Brian Boner | | File Size: | 12199 | | Last Modified: | Feb 20 22:19:51 2006 |
| MD5 Checksum: | 7cbb9e4d755998f24ea49dfbe015bed5 |
|
| /// File Name: |
SUSE-SA-2006-010.txt |
Description:
|
SUSE Security Announcement - An update has been released to fix a remotely exploitable stack buffer overflow in the pam_micasa authentication module.
| | Homepage: | http://www.suse.com | | File Size: | 11950 | | Related CVE(s): | CVE-2006-0736 | | Last Modified: | Feb 26 02:32:11 2006 |
| MD5 Checksum: | 41acb0431df9eb8cb4a8bd971718810a |
|
| /// File Name: |
dsa-976-1.txt |
Description:
|
Debian Security Advisory DSA 976-1 - Johnny Mast discovered a buffer overflow in libast, the library of assorted spiffy things, that can lead to the execution of arbitary code. This library is used by eterm which is installed setgid uid which leads to a vulnerability to alter the utmp file.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 11766 | | Last Modified: | Feb 15 19:57:08 2006 |
| MD5 Checksum: | 50d815121983f032baf4e3729f19fb1c |
|
| /// File Name: |
FLSA-2006-168935.txt |
Description:
|
Fedora Legacy Update Advisory - Updated openssh packages fix security issues.
| | Homepage: | http://www.fedoralegacy.org | | File Size: | 11274 | | Last Modified: | Feb 20 21:39:58 2006 |
| MD5 Checksum: | 21e3439e7fdf00498df3153eb5505116 |
|
| /// File Name: |
USN-255-1.txt |
Description:
|
Ubuntu Security Notice USN-255-1 - Tomas Mraz discovered a shell code injection flaw in scp. When doing local-to-local or remote-to-remote copying, scp expanded shell escape characters. By tricking an user into using scp on a specially crafted file name (which could also be caught by using an innocuous wild card like '*'), an attacker could exploit this to execute arbitrary shell commands with the privilege of that user.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11151 | | Last Modified: | Feb 22 20:37:21 2006 |
| MD5 Checksum: | 08178852ac4d01bbd9b62c1da09f06a4 |
|
| /// File Name: |
sa18889.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for nfs-user-server. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18889/ | | File Size: | 10842 | | Last Modified: | Feb 15 19:37:35 2006 |
| MD5 Checksum: | d8ed2d47b3b59aff92558150cc5d82b3 |
|
| /// File Name: |
sa18970.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for openssh. This fixes a weakness, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/18970/ | | File Size: | 10700 | | Last Modified: | Feb 22 20:02:22 2006 |
| MD5 Checksum: | 4d59684095a499f36eb5de0d083ab8f5 |
|
| /// File Name: |
sa18916.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for libast. This fixes a vulnerability, which potentially can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/18916/ | | File Size: | 10290 | | Last Modified: | Feb 16 22:45:30 2006 |
| MD5 Checksum: | a5ae81f1087a5d248d7cd360f755342b |
|
| /// File Name: |
FLSA-2006-175406.txt |
Description:
|
Fedora Legacy Update Advisory - Updated Apache httpd packages that correct three security issues are now available.
| | Homepage: | http://www.fedoralegacy.org | | File Size: | 10100 | | Last Modified: | Feb 20 21:40:35 2006 |
| MD5 Checksum: | ccf2ca9c4154795fcd2739e9bc5ada96 |
|
| /// File Name: |
SSRT061108.txt |
Description:
|
HPSBMA02096 SSRT061108 rev.3 - HP Systems Insight Manager Remote Unauthorized Access via Directory Traversal - Potential security vulnerabilities have been identified with HP Systems Insight Manager (SIM) versions 4.0 and 5.0 running on Microsoft Windows. The potential vulnerabilities could be exploited to allow remote unauthorized access to files via directory traversal.
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 10061 | | Last Modified: | Feb 17 02:55:43 2006 |
| MD5 Checksum: | 71e0be519be47e0e0b97d394f9d4d2a5 |
|
| /// File Name: |
SSRT051102.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in the SSL v2 implementation used in HP HTTP Server v5.9.6 that may allow a remote attacker to force the use of a weaker security protocol via a man-in-the-middle attack.
| | Author: | HP | | Homepage: | http://www.hp.com | | File Size: | 9718 | | Related CVE(s): | CAN-2005-2969 | | Last Modified: | Feb 13 07:25:28 2006 |
| MD5 Checksum: | 04c7e745be1b759d3e2316791b4988a4 |
|
| /// File Name: |
MDKSA-2006-031.txt |
Description:
|
Mandriva Linux Security Advisory - kdegraphics - Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same issues.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8774 | | Last Modified: | Feb 3 01:08:36 2006 |
| MD5 Checksum: | 2e1fa230a1b248e2abc26c7ff26fc183 |
|
| /// File Name: |
hauri.txt |
Description:
|
Global Hauri Virobot is susceptible to an authentication bypass flaw.
| | Author: | Xpl017Elz | | Homepage: | http://www.inetcop.org | | File Size: | 8622 | | Last Modified: | Feb 25 23:33:27 2006 |
| MD5 Checksum: | 0639d51c4366de335eddf6cc2e229776 |
|
| /// File Name: |
MDKSA-2006-034.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw was discovered in the scp local-to-local copy implementation where filenames that contain shell metacharacters or spaces are expanded twice, which could lead to the execution of arbitrary commands if a local user could be tricked into a scp'ing a specially crafted filename.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8559 | | Last Modified: | Feb 7 22:45:09 2006 |
| MD5 Checksum: | 0a2b09d1ab70260df41599f152e89796 |
|
| /// File Name: |
PseudoRandom-php.txt |
Description:
|
Due to poor design the gen_rand_string() can only generate up to 1 million hashes or random strings. This allow an attacker to reset any account through the lost password request form by "predicting" the validation id and the new password for the account. Vulnerabilities verified on phpBB 2.0.19 and IPB 2.1.4.
| | Author: | r-security | | Homepage: | http://www.r-security.net/tutorials/view/readtutorial.php?id=4 | | File Size: | 8520 | | Last Modified: | Feb 7 22:37:41 2006 |
| MD5 Checksum: | 0bd874e0735c50fd106fc6de4339c80e |
|
| /// File Name: |
sa18788.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by local users to gain knowledge of potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service), or by malicious people to cause a DoS.
| | Homepage: | http://secunia.com/advisories/18788/ | | File Size: | 8503 | | Last Modified: | Feb 11 20:35:30 2006 |
| MD5 Checksum: | bc4f32a3b0daf93199060b1675c62b13 |
|
| /// File Name: |
MDKSA-2006-028.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the session extension (aka ext/session) and the header function. Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in certain error conditions.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8090 | | Related CVE(s): | CVE-2006-0207, CVE-2006-0208 | | Last Modified: | Feb 2 20:49:07 2006 |
| MD5 Checksum: | 9ec058a64a1ce89469bbaf30fbf96254 |
|
| /// File Name: |
dsa-978-1.txt |
Description:
|
Debian Security Advisory DSA 978-1 - Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, verifies external signatures of files successfully even though they don't contain a signature at all.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 7435 | | Last Modified: | Feb 20 21:26:40 2006 |
| MD5 Checksum: | 6900ca41d318babf409f1e3221cfbb12 |
|
| /// File Name: |
dsa-968-1.txt |
Description:
|
Debian Security Advisory DSA 968-1 - Javier Fernández-Sanguino Peña from the Debian Security Audit project discovered that a script in noweb, a web like literate-programming tool, creates a temporary file in an insecure fashion.
| | Author: | Moritz Muehlenhoff | | Homepage: | http://www.debian.org/security/ | | File Size: | 7380 | | Last Modified: | Feb 13 09:38:53 2006 |
| MD5 Checksum: | 990aa4f6ee64023a6e4f0f1b87369fbc |
|
| /// File Name: |
MDKSA-2006-042.txt |
Description:
|
Mandriva Linux Security Advisory - Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. Although some of the previous updates appear to already catch this issue, this update adds some additional checks.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7300 | | Last Modified: | Feb 20 21:32:05 2006 |
| MD5 Checksum: | 6178602711f29d6907aa5d720b58f39a |
|
| /// File Name: |
dsa-965-1.txt |
Description:
|
Debian Security Advisory DSA 965-1 - The Internet Key Exchange version 1 (IKEv1) implementation in racoon from ipsec-tools, IPsec tools for Linux, try to dereference a NULL pointer under certain conditions which allows a remote attacker to cause a denial of service.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 7278 | | Last Modified: | Feb 7 22:44:33 2006 |
| MD5 Checksum: | e78aee54cd22c116c6c58cdc8ebace62 |
|
| /// File Name: |
dsa-963-1.txt |
Description:
|
Debian Security Advisory DSA 963-1 - NISCC reported that MyDNS, a DNS server using an SQL database for data storage, can be tricked into an infinite loop by a remote attacker and hence cause a denial of service condition.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 7120 | | Last Modified: | Feb 3 01:14:18 2006 |
| MD5 Checksum: | 30c847ca825c2637d14e38ec6814e241 |
|
| /// File Name: |
dsa-971-1.txt |
Description:
|
Debian Security Advisory DSA 971-1 - SuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, that can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 7109 | | Last Modified: | Feb 15 00:19:21 2006 |
| MD5 Checksum: | 9ea4f8690374507adbb5c3f8758c9157 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
