Section: .. / 0607-advisories /
| /// File Name: |
cisco-sa-20060712-crws.txt |
Description:
|
Cisco Security Advisory - The default Cisco IOS configuration shipped with the Cisco Router Web Setup (CRWS) application allows the execution of commands at privilege level 15 through the Cisco IOS HTTP (Hypertext Transfer Protocol) server web interface without requiring authentication credentials. Privilege level 15 is the highest privilege level on Cisco IOS devices. Cisco routers whose configurations have been based on the default IOS configuration shipped with any version of CRWS prior to version 3.3.0 build 31 may be affected by this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 21531 | | Last Modified: | Jul 13 18:35:11 2006 |
| MD5 Checksum: | 79e018a8b2ee3146a31cb0f6de190017 |
|
| /// File Name: |
USN-323-1.txt |
Description:
|
Ubuntu Security Notice 323-1 - A massive security update for multiple vulnerabilities in Mozilla has been released.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 20538 | | Related CVE(s): | CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787 | | Last Modified: | Jul 27 21:40:06 2006 |
| MD5 Checksum: | fa69ec6a59a30bab3fb4a9ab6577f858 |
|
| /// File Name: |
dsa-1111-1.txt |
Description:
|
Debian Security Advisory 1111-1: Linux Kernel vulnerabilities - It was discovered that a race condition in the process filesystem can lead to privilege escalation.
| | Homepage: | http://www.debian.org/security | | File Size: | 19706 | | Last Modified: | Jul 18 17:26:40 2006 |
| MD5 Checksum: | 36e2e411132de9cbed00284d755aa64e |
|
| /// File Name: |
sa21123.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for kernel-source. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21123/ | | File Size: | 17583 | | Last Modified: | Jul 20 06:20:00 2006 |
| MD5 Checksum: | 9864987b9f9033c0bc51a2119284635e |
|
| /// File Name: |
sa21178.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mozilla. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP response smuggling attacks, disclose sensitive information, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21178/ | | File Size: | 17296 | | Last Modified: | Jul 26 05:12:12 2006 |
| MD5 Checksum: | df13c7ef99811116b1d51afcd48e5983 |
|
| /// File Name: |
USN-326-1.txt |
Description:
|
Ubuntu Security Notice USN-326-1 - Yan Rong Ge discovered that heartbeat did not set proper permissions for an allocated shared memory segment. A local attacker could exploit this to render the heartbeat service unavailable causing a denial of service condition.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15851 | | Related CVE(s): | CVE-2006-3815 | | Last Modified: | Jul 27 23:27:27 2006 |
| MD5 Checksum: | 68dcb259ec00bff26a001ecda3a338ed |
|
| /// File Name: |
USN-318-1.txt |
Description:
|
Ubuntu Security Notice 318-1: libtunepimp vulnerability - Kevin Kofler discovered several buffer overflows in the tag parser. By tricking a user into opening a specially crafted tagged multimedia file (such as .ogg or .mp3 music) with an application that uses libtunepimp, this could be exploited to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15776 | | Last Modified: | Jul 13 20:01:11 2006 |
| MD5 Checksum: | 89cccb526181796c345f21779654cc71 |
|
| /// File Name: |
sa21027.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for libtunepimp. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21027/ | | File Size: | 15500 | | Last Modified: | Jul 13 13:58:07 2006 |
| MD5 Checksum: | 0661722de187e651dbafbbacd4e60d89 |
|
| /// File Name: |
USN-312-1.txt |
Description:
|
Ubuntu Security Notice 312-1 - Henning Makholm discovered that the gimp does not sufficiently validate the 'num_axes' parameter in XCF files. By tricking a user into opening a specially crafted XCF file with Gimp, an attacker could exploit this to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15225 | | Related CVE(s): | CVE-2006-3404 | | Last Modified: | Jul 12 04:50:53 2006 |
| MD5 Checksum: | 6fdb44786e3500203812d79cd48e71f9 |
|
| /// File Name: |
sa20979.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for gimp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/20979/ | | File Size: | 15048 | | Last Modified: | Jul 12 03:20:23 2006 |
| MD5 Checksum: | 8f530d43c98615b9175c697a446c4060 |
|
| /// File Name: |
dsa-1116-1.txt |
Description:
|
Debian Security Advisory 1116-1 - Henning Makholm discovered a buffer overflow in the XCF loading code of Gimp, an image editing program. Opening a specially crafted XCF image might cause the application to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 14888 | | Related CVE(s): | CVE-2006-3404 | | Last Modified: | Jul 24 01:02:46 2006 |
| MD5 Checksum: | 0a8548a6053d11a9bc1e848a2e04f8b8 |
|
| /// File Name: |
SUSE-SA-2006-041.txt |
Description:
|
SUSE Security Announcement SUSE-SA:2006:041 - Various unspecified security problems have been fixed in Acrobat Reader version 7.0.8.
| | Homepage: | http://www.suse.com | | File Size: | 14611 | | Related CVE(s): | CVE-2006-3093 | | Last Modified: | Jul 9 06:54:37 2006 |
| MD5 Checksum: | 0f00c4291cdbc364933a24a0ab6ee735 |
|
| /// File Name: |
SUSE-SA-2006-038.txt |
Description:
|
SUSE Security Announcement SUSE-SA:2006:038 - Multiple flaws have been addressed in Opera. An integer overflow vulnerability exists in the Opera Web Browser due to the improper handling of JPEG files. Also, Opera did not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.
| | Homepage: | http://www.suse.com | | File Size: | 14513 | | Related CVE(s): | CVE-2006-3198, CVE-2006-3331 | | Last Modified: | Jul 9 06:01:46 2006 |
| MD5 Checksum: | 58c188bfe06b8200d76e994a6e6dbd2d |
|
| /// File Name: |
dsa-1104-2.txt |
Description:
|
Debian Security Advisory 1104-2 - Loading malformed XML documents can cause buffer overflows in OpenOffice.org, a free office suite, and cause a denial of service or execute arbitrary code. It turned out that the correction in DSA 1104-1 was not sufficient, hence, another update.
| | Homepage: | http://www.debian.org/security | | File Size: | 14405 | | Related CVE(s): | CVE-2006-3117 | | Last Modified: | Jul 9 07:43:47 2006 |
| MD5 Checksum: | 75ba8c067f5bea8c274442d86089828d |
|
| /// File Name: |
SUSE-SA-2006-039.txt |
Description:
|
SUSE Security Announcement SUSE-SA:2006:039 - The KDE Display Manager KDM stores the type of the previously used session in the user's home directory. By using a symlink a local attacker could trick kdm into also storing content of files that are normally not accessible by users, like for instance /etc/shadow.
| | Homepage: | http://www.suse.com | | File Size: | 14404 | | Related CVE(s): | CVE-2006-2449 | | Last Modified: | Jul 9 06:03:08 2006 |
| MD5 Checksum: | afd0358626f0526244b53ab6e7aae08b |
|
| /// File Name: |
sa21182.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gimp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21182/ | | File Size: | 13912 | | Last Modified: | Jul 26 01:33:34 2006 |
| MD5 Checksum: | f1db3d6087363368cf18fa7491250b53 |
|
| /// File Name: |
sa21188.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP response smuggling attacks, disclose sensitive information, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21188/ | | File Size: | 13709 | | Last Modified: | Jul 26 01:33:34 2006 |
| MD5 Checksum: | f9e582f2055507581baf334003ef6fee |
|
| /// File Name: |
dsa-1117-1.txt |
Description:
|
Debian Security Advisory 1117-1 - It was discovered that the GD graphics library performs insufficient checks of the validity of GIF images, which might lead to denial of service by tricking the application into an infinite loop.
| | Homepage: | http://www.debian.org/security | | File Size: | 13499 | | Related CVE(s): | CVE-2006-2906 | | Last Modified: | Jul 24 01:03:20 2006 |
| MD5 Checksum: | 27fedbaf17245057da83e2551ea713cb |
|
| /// File Name: |
sa21210.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP response smuggling attacks, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21210/ | | File Size: | 13427 | | Last Modified: | Jul 27 01:44:57 2006 |
| MD5 Checksum: | 065c912a81a055ea554cfc6e43ed990d |
|
| /// File Name: |
MDKSA-2006-120.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-120 - A vulnerability in samba 3.0.x was discovered where an attacker could cause a single smbd process to bloat, exhausting memory on the system. This bug is caused by continually increasing the size of an array which maintains state information about the number of active share connections.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 13289 | | Related CVE(s): | CVE-2006-3403 | | Last Modified: | Jul 12 05:11:03 2006 |
| MD5 Checksum: | a280dbb5918dfdd8b8f8ae91d9e45d02 |
|
| /// File Name: |
sa20975.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for OpenOffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/20975/ | | File Size: | 13267 | | Last Modified: | Jul 12 03:20:23 2006 |
| MD5 Checksum: | 378664df0adca90b96a669b43cfebb37 |
|
| /// File Name: |
dsa-1120-1.txt |
Description:
|
Debian Security Advisory 1118-1 - A massive slew of vulnerabilities have been patched in mozilla-firefox for Debian.
| | Homepage: | http://www.debian.org/security | | File Size: | 13140 | | Related CVE(s): | CVE-2006-1942, CVE-2006-2775, CVE-2006-2776, CVE-2006-2777, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787 | | Last Modified: | Jul 24 02:55:36 2006 |
| MD5 Checksum: | 18cb6e34f4ab06359356d981e72a0875 |
|
| /// File Name: |
cisco-sa-20060719-mars.txt |
Description:
|
Cisco Security Advisory - Cisco Security Monitoring, Analysis and Response System (CS-MARS) software contains vulnerabilities related to third-party software and the command line interface (CLI). CS-MARS ships with an Oracle database. The database contains several default Oracle accounts which have well-known passwords. If access to the database is obtained, the default accounts may be used to access sensitive information contained in the database. CS-MARS ships with the JBoss web application server. A component of the JBoss installation may allow a remote, unauthenticated user to execute arbitrary shell commands with the privileges of the CS-MARS administrator. The CS-MARS CLI contains several vulnerabilities which may allow authenticated administrators to execute arbitrary shell commands with root privileges. All vulnerabilities addressed in this advisory have been corrected in CS-MARS software version 4.2.1.
| | Homepage: | http://www.cisco.com | | File Size: | 12800 | | Last Modified: | Jul 23 23:29:23 2006 |
| MD5 Checksum: | 4a4019359c7c105d244a5a0eb58e07eb |
|
| /// File Name: |
sa21186.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for libgd2. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) against applications and services using libgd2.
| | Homepage: | http://secunia.com/advisories/21186/ | | File Size: | 12680 | | Last Modified: | Jul 26 01:33:34 2006 |
| MD5 Checksum: | 37f272dec03feeb02d125b2cbc281968 |
|
| /// File Name: |
dsa-1112-1.txt |
Description:
|
Debian Security Advisory 1111-1 - Several local vulnerabilities have been discovered in the MySQL database server, which may lead to denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 12091 | | Related CVE(s): | CVE-2006-3081, CVE-2006-3469 | | Last Modified: | Jul 20 04:59:22 2006 |
| MD5 Checksum: | 6429ffbde3f315b365abb8641ba0b678 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
