Section: .. / 0611-advisories /
| /// File Name: |
sa23112.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for texinfo. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23112/ | | File Size: | 6602 | | Last Modified: | Nov 30 11:12:25 2006 |
| MD5 Checksum: | 6282dd1efe445dbd2330f53e68ec7e38 |
|
| /// File Name: |
sa23020.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/23020/ | | File Size: | 6544 | | Last Modified: | Nov 21 19:45:15 2006 |
| MD5 Checksum: | d57a341a04bae464421b486fce018d53 |
|
| /// File Name: |
CAU-2006-0001.txt |
Description:
|
Myspace.com's navigation menu can be replaced with a malicious menu via CSS code in the attacker's profile.
| | Author: | int3l, I)ruid | | Homepage: | http://www.caughq.org/ | | File Size: | 6539 | | Last Modified: | Nov 18 20:39:52 2006 |
| MD5 Checksum: | 9b78967617e21a9ba77d7eacea36be93 |
|
| /// File Name: |
MOKB-02-11-2006.html |
Description:
|
The squashfs module of the Linux kernel (2.6.x) fails to properly handle corrupted fs structures, leading to a denial of service and possible data corruption condition. A specially crafted squashfs image will cause the kernel to double free a buffer when a read operation is performed on the corrupted filesystem.
| | Author: | LMH | | Homepage: | http://projects.info-pull.com/ | | Related Exploit: | MOKB-02-11-2006.img.gz | | File Size: | 6497 | | Last Modified: | Nov 2 21:02:31 2006 |
| MD5 Checksum: | 0cf04f31eeb59d9181f07ed34f2987f8 |
|
| /// File Name: |
BlooMooWeb.txt |
Description:
|
BlooMooWeb's ActiveX control suffers from multiple vulnerabilities.
| | Author: | Max Gipehtykrop | | File Size: | 6328 | | Last Modified: | Nov 2 20:38:46 2006 |
| MD5 Checksum: | cafc953a42cc6cf6dd40ace94f98d133 |
|
| /// File Name: |
USN-387-1.txt |
Description:
|
Ubuntu Security Notice 387-1 - Dovecot was discovered to have an error when handling its index cache files. This error could be exploited by authenticated POP and IMAP users to cause a crash of the Dovecot server, or possibly to execute arbitrary code. Only servers using the non-default option "mmap_disable=yes" were vulnerable.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6320 | | Related CVE(s): | CVE-2006-5973 | | Last Modified: | Nov 30 19:14:45 2006 |
| MD5 Checksum: | 62f8dcbd3a3d4b3b0fdcc6f655dedd55 |
|
| /// File Name: |
USN-370-1.txt |
Description:
|
Ubuntu Security Notice 370-1: cstone and Rich Felker discovered a programming error in the UTF8 string handling code of "screen" leading to a denial of service. If a crafted string was displayed within a screen session, screen would crash or possibly execute arbitrary code.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6277 | | Last Modified: | Nov 2 19:24:32 2006 |
| MD5 Checksum: | 5b4a81192dffbf487afe42b9c0e0875c |
|
| /// File Name: |
MDKSA-2006-215.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-215 - Steve Grubb discovered that netlink messages were not being checked for their sender identity. This could lead to local users manipulating the Avahi service.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6228 | | Related CVE(s): | CVE-2006-5461 | | Last Modified: | Nov 21 02:21:29 2006 |
| MD5 Checksum: | c5f6a049bbdb14335790a2c3013c45e1 |
|
| /// File Name: |
sa22841.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/22841/ | | File Size: | 6189 | | Last Modified: | Nov 15 22:19:38 2006 |
| MD5 Checksum: | 2212c08f73f3482255331164604f39e9 |
|
| /// File Name: |
SSRT061269-1.txt |
Description:
|
HPSBUX02172 SSRT061269 rev.1 - HP-UX VirtualVault running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS) , and Unauthorized Access
| | Homepage: | http://www.hp.com | | File Size: | 6181 | | Last Modified: | Nov 2 19:28:28 2006 |
| MD5 Checksum: | dd214bfb8e395c8dfeaf4d70cc37a95c |
|
| /// File Name: |
MDKSA-2006-209.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-209 - A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6134 | | Related CVE(s): | CVE-2006-3334, CVE-2006-5793 | | Last Modified: | Nov 17 20:41:02 2006 |
| MD5 Checksum: | f2310ca5d9d2326387d2498c4aebc1e1 |
|
| /// File Name: |
MDKSA-2006-207.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-207 - The BIND DNS server is vulnerable to the recently-discovered OpenSSL RSA signature verification problem. BIND uses RSA cryptography as part of its DNSSEC implementation.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 5948 | | Related CVE(s): | CVE-2006-4339 | | Last Modified: | Nov 16 11:32:32 2006 |
| MD5 Checksum: | 4104389466279b56bbe309055b3063c2 |
|
| /// File Name: |
SSRT061238-1.txt |
Description:
|
HPSBMA02159 SSRT061238 rev.1 - HP System Management Homepage (SMH), Remote Bypassing of Security Features or Cross Site Scripting or Denial of Service (DoS)
| | Homepage: | http://www.hp.com | | File Size: | 5931 | | Last Modified: | Nov 3 17:29:05 2006 |
| MD5 Checksum: | 5246b29cf0bdb98dcff2bfbf09d70c8a |
|
| /// File Name: |
sa22686.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mutt. This fixes some vulnerabilities, which can be exploited by malicious people to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/22686/ | | File Size: | 5868 | | Last Modified: | Nov 2 10:01:38 2006 |
| MD5 Checksum: | 8532dc96b83140d314adf819180fe0fb |
|
| /// File Name: |
DMA-2006-1107a.txt |
Description:
|
The openexec binary makes poor use of its setuid privileges when calling various helper binaries such as: cp, rm and killall. Each of the mentioned binaries winds up being called while openexec is running as root. Using the PATH environment variable it is possible to influence openbase in a manner that forces it to call the various helper binaries from a location of the attackers choice. OpenBase SQL versions 10.0 and below are affected.
| | Author: | Kevin Finisterre | | Homepage: | http://www.digitalmunition.com/ | | Related Exploit: | openexec_duh.pl.txt | | File Size: | 5826 | | Last Modified: | Nov 8 22:02:34 2006 |
| MD5 Checksum: | 80d7ccf691fcf8dee54392f7197690cb |
|
| /// File Name: |
sa22768.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for librpm4. This fixes a vulnerability which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/22768/ | | File Size: | 5786 | | Last Modified: | Nov 8 18:29:38 2006 |
| MD5 Checksum: | 8df41c58bf5d8be66630ddf6dbbc81a7 |
|
| /// File Name: |
VMSA-2006-0006.txt |
Description:
|
VMware Security Advisory - A new update has been released for VMware ESX versions 2.5.3 prior to upgrade patch 4. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.
| | Homepage: | http://www.vmware.com/ | | File Size: | 5470 | | Related CVE(s): | CAN-2004-2069, CVE-2006-3403, CVE-2005-2177, CVE-2006-3467, CVE-2006-1056, CVE-2006-1342, CVE-2006-1343, CVE-2006-1864, CVE-2006-2071 | | Last Modified: | Nov 14 03:17:33 2006 |
| MD5 Checksum: | 3f5369604f0c4d48579db01e332e6a04 |
|
| /// File Name: |
sa22953.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/22953/ | | File Size: | 5419 | | Last Modified: | Nov 20 11:05:00 2006 |
| MD5 Checksum: | b865c514c5a0cd35b3c6617fbba492b5 |
|
| /// File Name: |
MDKSA-2006-195.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-195: Vulnerabilities in the HTTP, LDAP, XOT, WBXML, and MIME Multipart dissectors were discovered in versions of wireshark less than 0.99.4, as well as various other bugs.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 5410 | | Last Modified: | Nov 3 18:04:35 2006 |
| MD5 Checksum: | f8121899a7b32febaf6feffa93d3299a |
|
| /// File Name: |
sa23133.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for openldap2-client. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23133/ | | File Size: | 5302 | | Last Modified: | Nov 27 19:52:20 2006 |
| MD5 Checksum: | 69045beef643534b6b9be2c81e18950e |
|
| /// File Name: |
advisory_132006.138.txt |
Description:
|
Hardened-PHP Project Security Advisory - PHP 5 versions 5.1.6 and below and PHP 4 versions 4.4.4 and below suffer from buffer overflows in htmlentities() and htmlspecialchars() which may allow for remote code execution.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 5250 | | Last Modified: | Nov 6 00:01:16 2006 |
| MD5 Checksum: | 8658dc867e0750a1191125a053d57e61 |
|
| /// File Name: |
VMSA-2006-0007.txt |
Description:
|
VMware Security Advisory - A new update has been released for VMware ESX 2.1.3 versions prior to upgrade patch 2. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.
| | Homepage: | http://www.vmware.com/ | | File Size: | 5214 | | Related CVE(s): | CAN-2004-2069, CVE-2006-3403, CVE-2005-2177, CVE-2006-3467, CVE-2006-1056, CVE-2006-1342, CVE-2006-1343, CVE-2006-1864, CVE-2006-2071 | | Last Modified: | Nov 14 03:19:47 2006 |
| MD5 Checksum: | 4f3cbd421d4a3476d5b84152399b3673 |
|
| /// File Name: |
secunia-mdaemon.txt |
Description:
|
Secunia Research has discovered a security issue in MDaemon versions 9.0.5, 9.0.6, 9.51, and 9.53, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/ | | File Size: | 5201 | | Last Modified: | Nov 17 19:59:35 2006 |
| MD5 Checksum: | 2135c6c3e01cc4e5fdd52513dd9bcb7e |
|
| /// File Name: |
dsa-1202-1.txt |
Description:
|
Debian Security Advisory 1202-1: "cstone" and Rich Felker discovered that specially crafted UTF-8 sequences may lead an out of bands memory write when displayed inside the screen terminal multiplexer, allowing denial of service and potentially the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 5168 | | Last Modified: | Nov 1 17:18:08 2006 |
| MD5 Checksum: | 3447b885b6a2db3b8b950df5e7b44d5b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
