Section: .. / 0607-advisories /
| /// File Name: |
dsa-1109-1.txt |
Description:
|
Russ Allbery discovered that rssh, a restricted shell, performs insufficient checking of incoming commands, which might lead to a bypass of access restrictions.
| | Homepage: | http://www.debian.org/security | | File Size: | 5008 | | Last Modified: | Jul 18 17:27:37 2006 |
| MD5 Checksum: | a8fa5d7ac2e74ea2202690ca3c73be74 |
|
| /// File Name: |
dsa-1114-1.txt |
Description:
|
Debian Security Advisory 1114-1 - Andreas Seltenreich discovered a buffer overflow in hashcash, a postage payment scheme for email that is based on hash calculations, which could allow attackers to execute arbitrary code via specially crafted entries.
| | Homepage: | http://www.debian.org/security | | File Size: | 4992 | | Related CVE(s): | CVE-2006-3251 | | Last Modified: | Jul 24 00:51:29 2006 |
| MD5 Checksum: | 27086c7c341c00f6eec1a11b76b53775 |
|
| /// File Name: |
sa20968.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gnupg. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/20968/ | | File Size: | 4976 | | Last Modified: | Jul 12 03:20:23 2006 |
| MD5 Checksum: | 27f2b8e867c06193c442eca60f5f001e |
|
| /// File Name: |
sa20996.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for ppp. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/20996/ | | File Size: | 4955 | | Last Modified: | Jul 12 03:20:23 2006 |
| MD5 Checksum: | 50347b4eed52605e6b7e7741e462de4a |
|
| /// File Name: |
ciscoVPN.txt |
Description:
|
NTA Monitor discovered a denial of service vulnerability in the Cisco VPN 3000 series concentrator products while performing a VPN security test for a customer in July 2005. The vulnerability affects Phase-1 of the IKE protocol. Both Main Mode and Aggressive Mode over both UDP and TCP transports are affected. The vulnerability allows an attacker to exhaust the IKE resources on a VPN concentrator by sending a high rate of IKE requests, which will prevent valid clients from connected or re-keying. The attack does not require a high bandwidth, so one attacker could potentially target many concentrators. This mechanism behind this vulnerability is similar to the well-known TCP SYN flood vulnerability.
| | Author: | Roy Hills | | Homepage: | http://www.nta-monitor.com/ | | File Size: | 4892 | | Last Modified: | Jul 27 22:24:46 2006 |
| MD5 Checksum: | 10be1a5fa890c9694fb8a199a8cab198 |
|
| /// File Name: |
dsa-1113-1.txt |
Description:
|
Debian Security Advisory 1113-1 - It was discovered that the Zope web application server allows read access to arbitrary pages on the server, if a user has the privilege to edit "restructured text" pages.
| | Homepage: | http://www.debian.org/security | | File Size: | 4867 | | Related CVE(s): | CVE-2006-3458 | | Last Modified: | Jul 20 06:00:35 2006 |
| MD5 Checksum: | b89ed27ab007c2d6d9b0b1ceccc4a691 |
|
| /// File Name: |
kailleraex.txt |
Description:
|
Kaillera versions 0.86 and below suffer from a buffer overflow that can lead to arbitrary code execution.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | kailleraex.zip | | File Size: | 4754 | | Last Modified: | Jul 9 08:03:51 2006 |
| MD5 Checksum: | 4027d4b09d4b9f96ea680299769eb21d |
|
| /// File Name: |
sa21146.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for hashcash. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21146/ | | File Size: | 4731 | | Last Modified: | Jul 23 14:30:55 2006 |
| MD5 Checksum: | f76cdae2a6f015ffb5389b475490c45d |
|
| /// File Name: |
sa21147.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mysql-dfsg-4.1. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/21147/ | | File Size: | 4713 | | Last Modified: | Jul 23 14:30:55 2006 |
| MD5 Checksum: | a007404f43740234e4cb3f13f44eb677 |
|
| /// File Name: |
sa21251.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Java System Application Server (SJSAS) and Sun Java System Web Server (SJSWS), which can be exploited by malicious people to gain knowledge of sensitive information.
| | Homepage: | http://secunia.com/advisories/21251/ | | File Size: | 4699 | | Last Modified: | Jul 28 13:18:05 2006 |
| MD5 Checksum: | 0abdeb437b4928c2ef7f8ee09a7c6248 |
|
| /// File Name: |
sa21124.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for mutt. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21124/ | | File Size: | 4642 | | Last Modified: | Jul 20 03:49:23 2006 |
| MD5 Checksum: | e3944eed0466d83a8cf7028d476d411b |
|
| /// File Name: |
sa21087.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for rssh. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21087/ | | File Size: | 4575 | | Last Modified: | Jul 17 03:39:34 2006 |
| MD5 Checksum: | e967c94a8b2d2f77a5684ed5fbc99cef |
|
| /// File Name: |
sa21130.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for zope. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/21130/ | | File Size: | 4564 | | Last Modified: | Jul 20 06:20:00 2006 |
| MD5 Checksum: | acacc07cf8b4be609763458d3049a6d1 |
|
| /// File Name: |
sa21022.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in Ubuntu, which potentially can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/21022/ | | File Size: | 4434 | | Last Modified: | Jul 13 13:58:07 2006 |
| MD5 Checksum: | 45d5076fd85b82d48df2711a42a0103c |
|
| /// File Name: |
sa21036.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for xine-lib. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21036/ | | File Size: | 4415 | | Last Modified: | Jul 13 13:58:07 2006 |
| MD5 Checksum: | a1ef92bf421308d7a944112cb1420640 |
|
| /// File Name: |
SYMSA-2006-007.txt |
Description:
|
Symantec Vulnerability Research Security Advisory SYMSA-2006-007 - There exists an overflow condition in Microsoft Office when a malformed string included in an Office file is parsed by any of the affected Office applications.
| | Author: | Elia Florio | | Homepage: | http://www.symantec.com/research | | File Size: | 4399 | | Related CVE(s): | CVE-2006-1540 | | Last Modified: | Jul 12 05:01:35 2006 |
| MD5 Checksum: | 6131d58d5bc2b9b5deb2679b3d8f998f |
|
| /// File Name: |
MDKSA-2006-129.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-129 - An additional overflow, similar to those corrected by patches for CVE-2006-1861 was found in libfreetype. If a user loads a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code as the user.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4392 | | Related CVE(s): | CVE-2006-3467, CVE-2006-1861 | | Last Modified: | Jul 24 00:17:29 2006 |
| MD5 Checksum: | fab98fd40c5f52a5f81d15c78824f97d |
|
| /// File Name: |
sa21050.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for php. This fixes some vulnerabilities, which potentially can be exploited by malicious, local users to bypass certain security restrictions or by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21050/ | | File Size: | 4324 | | Last Modified: | Jul 14 19:17:23 2006 |
| MD5 Checksum: | 6aafbb1d926940c90aa54c546d7e1165 |
|
| /// File Name: |
secunia-FileCOPA.txt |
Description:
|
Secunia Research has discovered a vulnerability in FileCOPA, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an integer underflow error in the FTP service (filecpnt.exe) when processing directory arguments passed to certain FTP commands (e.g. "CWD", "DELE", "MDTM", and "MKD"). This can be exploited to cause a stack-based buffer overflow by passing a specially crafted, overly long argument to one of the affected FTP commands. Successful exploitation allows execution of arbitrary code. Versions below 1.01 are affected.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4247 | | Related CVE(s): | CVE-2006-3768 | | Last Modified: | Jul 26 05:00:37 2006 |
| MD5 Checksum: | cbcc6166e39d9608e8505eee337a6a75 |
|
| /// File Name: |
USN-320-2.txt |
Description:
|
Ubuntu Security Notice 320-2 - USN-320-2 fixed several vulnerabilities in PHP. James Manning discovered that the Ubuntu 5.04 update introduced a regression, the function tempnam() caused a crash of the PHP interpreter in some circumstances. The updated packages fix this.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4203 | | Last Modified: | Jul 27 21:52:43 2006 |
| MD5 Checksum: | 67dc1b3f40e0b17696b72ffae751c7ff |
|
| /// File Name: |
sa21013.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/21013/ | | File Size: | 4181 | | Last Modified: | Jul 12 03:20:23 2006 |
| MD5 Checksum: | 5e626c54b32f9cf1d9b70fbc5b825f11 |
|
| /// File Name: |
sa21007.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to expose sensitive information and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21007/ | | File Size: | 4178 | | Last Modified: | Jul 12 03:20:23 2006 |
| MD5 Checksum: | 1249603c98c53992a64aafed768858c9 |
|
| /// File Name: |
USN-316-1.txt |
Description:
|
Ubuntu Security Notice 316-1 - Iwan Pieterse discovered that, if you select "Go Back" at the final message displayed by the alternate or server CD installer ("Installation complete") and then continue with the installation from the installer's main menu, the root password is left blank rather than locked. This was due to an error while clearing out the root password from the installer's memory to avoid possible information leaks.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4081 | | Last Modified: | Jul 13 18:30:54 2006 |
| MD5 Checksum: | 5fc474b997ce498eeca3a6915fb08a2d |
|
| /// File Name: |
glsa-200607-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200607-09 - Wireshark dissectors have been found vulnerable to a large number of exploits, including off-by-one errors, buffer overflows, format string overflows and an infinite loop. Versions less than 0.99.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4075 | | Last Modified: | Jul 26 04:58:30 2006 |
| MD5 Checksum: | b0e7ffe4211b404b4a952bf9178bf645 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
