Section: .. / 0611-advisories /
| /// File Name: |
sa22809.txt |
Description:
|
Secunia Security Advisory - David Kierznowski has discovered a vulnerability in the Sage extension for Firefox, which can be exploited by malicious people to conduct script insertion attacks.
| | Homepage: | http://secunia.com/advisories/22809/ | | File Size: | 2720 | | Last Modified: | Nov 10 11:02:24 2006 |
| MD5 Checksum: | d96ff72effac6f8b81791d2c0e687dad |
|
| /// File Name: |
openssh45.txt |
Description:
|
OpenSSH 4.5 has been released addressing a bug in the sshd privilege separation monitor that weakened its verification of successful authentication.
| | Homepage: | http://www.openssh.com/ | | Related File: | openssh-4.5p1.tar.gz | | File Size: | 1873 | | Last Modified: | Nov 9 01:26:34 2006 |
| MD5 Checksum: | 432780f91c42412fd8b5eeb9057c1d85 |
|
| /// File Name: |
TSRT-06-13.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable device installations of HP OpenView Client Configuraton Manager (CCM). Authentication is not required to exploit this vulnerability. The CCM server is not affected. OpenView Client Configuration Manager version 1.0 is affected.
| | Author: | Pedram Amini | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 2063 | | Related CVE(s): | CVE-2006-5782 | | Last Modified: | Nov 8 22:32:32 2006 |
| MD5 Checksum: | a9fb0a1d76c98986f4f646ac266020e2 |
|
| /// File Name: |
11.08.06-2.txt |
Description:
|
iDefense Security Advisory 11.08.06 - Local exploitation of an insecure permissions vulnerability in Cisco Systems Secure Desktop product could allow privilege escalation attacks to be conducted by local users. When Cisco Secure Desktop Web VPN product is installed on a NTFS formatted drive, permissions are set on all files to grant full control to all users. Certain files run as a system service and can be easily replaced. iDefense has confirmed this vulnerability exists on Cisco Secure Desktop version 3.1.1.27. Previous versions are suspected to be vulnerable.
| | Author: | Titon of Bastard Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3103 | | Last Modified: | Nov 8 22:29:25 2006 |
| MD5 Checksum: | d5de12952c5e16bcf7c19a0ad1132ae2 |
|
| /// File Name: |
MDKSA-2006-204.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-204 - A vulnerability in the privilege separation functionality in OpenSSH was discovered, caused by an incorrect checking for bad signatures in sshd's privsep monitor. As a result, the monitor and the unprivileged process can get out sync. The OpenSSH team indicated that this bug is not known to be exploitable in the absence of additional vulnerabilities.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8002 | | Related CVE(s): | CVE-2006-5794 | | Last Modified: | Nov 8 22:24:28 2006 |
| MD5 Checksum: | 0138f4f4460696fdf58ec6352bd8eb52 |
|
| /// File Name: |
TA06-312A.txt |
Description:
|
Technical Cyber Security Alert TA06-312A - The Mozilla web browser and derived products contain several vulnerabilities. The most severe impact of these vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the user running the affected application. Other effects include forging an RSA signatures and denial of service. A remote, unauthenticated attacker could execute arbitrary code, or cause a denial of service. Forging an RSA signature (VU#335392) may allow an attacker to craft a TLS/SSL or email certificate that will not be detected as invalid. This may allow that attacker to impersonate a website or email system that relies on certificates for authentication.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 5116 | | Last Modified: | Nov 8 22:23:21 2006 |
| MD5 Checksum: | 11870073daed2cef7d1918c4a8882d30 |
|
| /// File Name: |
cisco-sa-20061108-csd.txt |
Description:
|
Cisco Security Advisory - Cisco Secure Desktop (CSD) software is affected by three vulnerabilities that may cause information produced and accessed during an Internet browsing session to be left behind on a computer after an SSL VPN session terminates, may allow users to evade the system policy that prevents them from leaving the Secure Desktop while a VPN connection is active, and may allow local users to elevate their privileges. The vulnerabilities described in this document exist in versions 3.1.1.33 and earlier of Cisco Secure Desktop.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml | | File Size: | 14112 | | Last Modified: | Nov 8 22:21:32 2006 |
| MD5 Checksum: | 583f9dbdbc464da6aa70188db45f1b63 |
|
| /// File Name: |
MDKSA-2006-203.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-203 - Miloslav Trmac discovered a buffer overflow in texinfo. This issue can cause texi2dvi or texindex to crash when processing a carefully crafted file.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4925 | | Related CVE(s): | CVE-2006-4810 | | Last Modified: | Nov 8 22:19:01 2006 |
| MD5 Checksum: | 8b0a5af35b5a507348e95e3b1dd4eacc |
|
| /// File Name: |
lotusnotes_keyfiles.pdf |
Description:
|
FortConsult Security Advisory - It is possible to retrieve unencrypted data from the "names.nsf" database on Lotus Notes servers without being logged in.
| | Author: | Andrew Christensen | | Homepage: | http://www.fortconsult.net/ | | Related File: | 11.08.06-1.txt | | File Size: | 465791 | | Last Modified: | Nov 8 22:17:22 2006 |
| MD5 Checksum: | da0ec7b5b5e3e08dfef96944411396a9 |
|
| /// File Name: |
11.08.06-1.txt |
Description:
|
iDefense Security Advisory 11.08.06 - Local exploitation of multiple buffer overflow vulnerabilities in IBM's Lotus Domino could allow an attacker to elevate privileges to root. The 'tunekrnl' binary is used to set Linux/proc sysctl settings, allowing Domino to increase the resource limits of the running kernel. It is shipped with the owner set to root and the set-user-id bit on. Since the length of input is improperly validated when copying to fixed-size buffers, buffer overflow can occur.iDefense has confirmed the existence of this vulnerability in version 7.0.1.1 of IBM's Lotus Domino for Linux. Earlier versions may also be vulnerable.
| | Author: | Andrew Christensen | | Homepage: | http://www.idefense.com/ | | Related File: | lotusnotes_keyfiles.pdf | | File Size: | 3943 | | Last Modified: | Nov 8 22:14:26 2006 |
| MD5 Checksum: | 32a3f9881005e5e7b3bd27c6d54ad086 |
|
| /// File Name: |
FreeBSD-SA-06-24.libarchive.txt |
Description:
|
FreeBSD Security Advisory - If the end of an archive is reached while attempting to "skip" past a region of an archive, libarchive will enter an infinite loop wherein it repeatedly attempts (and fails) to read further data.
| | Homepage: | http://security.FreeBSD.org/ | | File Size: | 3123 | | Related CVE(s): | CVE-2006-5680 | | Last Modified: | Nov 8 22:09:38 2006 |
| MD5 Checksum: | cb7573a688f37154d2528878c2daed8f |
|
| /// File Name: |
PR05-06.txt |
Description:
|
PR05-06 - Immediacy .NET CMS suffers from a possible cross site scripting flaw due to a malformed cookie.
| | Author: | Gemma Hughes | | File Size: | 3818 | | Last Modified: | Nov 8 22:07:34 2006 |
| MD5 Checksum: | 314525efc889be6ae5d5b9ae9b793a87 |
|
| /// File Name: |
DMA-2006-1107a.txt |
Description:
|
The openexec binary makes poor use of its setuid privileges when calling various helper binaries such as: cp, rm and killall. Each of the mentioned binaries winds up being called while openexec is running as root. Using the PATH environment variable it is possible to influence openbase in a manner that forces it to call the various helper binaries from a location of the attackers choice. OpenBase SQL versions 10.0 and below are affected.
| | Author: | Kevin Finisterre | | Homepage: | http://www.digitalmunition.com/ | | Related Exploit: | openexec_duh.pl.txt | | File Size: | 5826 | | Last Modified: | Nov 8 22:02:34 2006 |
| MD5 Checksum: | 80d7ccf691fcf8dee54392f7197690cb |
|
| /// File Name: |
MDKSA-2006-202.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-202 - Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord?, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4442 | | Related CVE(s): | CVE-2006-4513 | | Last Modified: | Nov 8 21:47:44 2006 |
| MD5 Checksum: | 9327bef1f1b820d3045c101cf5dd8e08 |
|
| /// File Name: |
MDKSA-2006-201.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-201 - Pam_ldap does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. This might lead to an attacker being able to login into a suspended system account.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3345 | | Related CVE(s): | CVE-2006-5170 | | Last Modified: | Nov 8 21:47:01 2006 |
| MD5 Checksum: | cc0d043ec3e7eadad6fc898762760f90 |
|
| /// File Name: |
glsa-200611-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-03 - Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the accelerated rendering functionality. Versions less than 1.0.8776 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3032 | | Last Modified: | Nov 8 21:45:56 2006 |
| MD5 Checksum: | 3238572b3b7b6a3e7c01329fe7efbc3a |
|
| /// File Name: |
WFTPD-3.23.txt |
Description:
|
A buffer overflow with possible remote code execution was found in the APPE command in WFTPD Pro Server 3.23.
| | Author: | Joxean Koret | | Related Exploit: | WFTPD-bof.py | | File Size: | 937 | | Last Modified: | Nov 8 18:59:05 2006 |
| MD5 Checksum: | 5d7d6ddf80be23ea8a98131ab1767ee8 |
|
| /// File Name: |
WarFTPd-dos.txt |
Description:
|
WarFTPd 1.82.00-RC11 is vulnerable to a DOS condition when passing a long string to various commands.
| | Author: | Joxean Koret | | Related File: | WarFTPd-dos.py | | File Size: | 1731 | | Last Modified: | Nov 8 18:36:51 2006 |
| MD5 Checksum: | 93115b3f53712e34d1a190c780db15e0 |
|
| /// File Name: |
MDKSA-2006-200.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-200: A heap-based buffer overflow was discovered in librpm when the LANG or LC_ALL environment variable is set to ru_RU.UTF-8 (and possibly other locales), which could allow for user-assisted attackers to execute arbitrary code via crafted RPM packages.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 9501 | | Last Modified: | Nov 8 18:30:42 2006 |
| MD5 Checksum: | 813f70ae6a221d728b3368a58161b8a1 |
|
| /// File Name: |
MDKSA-2006-199.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-199 - The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 versions 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3033 | | Related CVE(s): | CVE-2006-5397 | | Last Modified: | Nov 8 18:30:23 2006 |
| MD5 Checksum: | af32234a8b70118dc5e704a48350c11f |
|
| /// File Name: |
MDKSA-2006-198.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-198 - M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. The load() function of several of the Imlib2 image loaders does not check the width and height of an image before allocating memory. As a result, a carefully crafted image file can trigger a segfault when an application using Imlib2 attempts to view the image. The tga loader fails to bounds check input data to make sure the input data doesn't load outside the memory mapped region. The RLE decoding loops of the load() function in the tga loader does not check that the count byte of an RLE packet doesn't cause a heap overflow of the pixel buffer. The load() function of the pnm loader writes arbitrary length user data into a fixed size stack allocated buffer buf[] without bounds checking.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 7454 | | Related CVE(s): | CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809 | | Last Modified: | Nov 8 18:30:17 2006 |
| MD5 Checksum: | 3216de2651f9fec6521ba221af69fe1f |
|
| /// File Name: |
USN-376-2.txt |
Description:
|
Ubuntu Security Notice 376-2: USN-376-1 provided an update to imlib2 to fix several security vulnerabilities. Unfortunately the update broke JPG file handling in certain situations. This update corrects this problem. We apologize for the inconvenience.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6869 | | Last Modified: | Nov 8 18:30:10 2006 |
| MD5 Checksum: | 4c8fb56bccc01a4c734cc9adaf25f7f8 |
|
| /// File Name: |
sa22696.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for pam_ldap. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/22696/ | | File Size: | 3133 | | Last Modified: | Nov 8 18:29:38 2006 |
| MD5 Checksum: | 990853302756a2cb8eac206f3e4f3285 |
|
| /// File Name: |
sa22703.txt |
Description:
|
Secunia Security Advisory - Kacper has discovered a vulnerability in Quick.Cms.Lite, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/22703/ | | File Size: | 2530 | | Last Modified: | Nov 8 18:29:38 2006 |
| MD5 Checksum: | 911bf1f0cb5e587fc815f56f782bcd6a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
