Section: .. / 0612-advisories /
| /// File Name: |
MDKSA-2006-233.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-233 - A vulnerability was discovered in D-Bus that could be exploited by a local attacker to cause a Denial of Service.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7901 | | Last Modified: | Dec 20 23:53:55 2006 |
| MD5 Checksum: | 43e365114d281914714c8c30ec9fa766 |
|
| /// File Name: |
sa23392.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/23392/ | | File Size: | 7656 | | Last Modified: | Dec 19 20:15:33 2006 |
| MD5 Checksum: | 27bf17450578eaabb25509c8838210e4 |
|
| /// File Name: |
MDKSA-2006-232.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-232 - Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7603 | | Last Modified: | Dec 20 23:54:34 2006 |
| MD5 Checksum: | 16da66359b69aa3cb3a71916d16abe8b |
|
| /// File Name: |
USN-389-1.txt |
Description:
|
Ubuntu Security Notice 389-1 - A buffer overflow was discovered in GnuPG. By tricking a user into running gpg interactively on a specially crafted message, an attacker could execute arbitrary code with the user's privileges. This vulnerability is not exposed when running gpg in batch mode.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7443 | | Last Modified: | Dec 6 03:49:45 2006 |
| MD5 Checksum: | 5f509dd942b610ab0fc36432c6963061 |
|
| /// File Name: |
USN-393-1.txt |
Description:
|
Ubuntu Security Notice 393-1 - Tavis Ormandy discovered that gnupg was incorrectly using the stack. If a user were tricked into processing a specially crafted message, an attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7334 | | Related CVE(s): | CVE-2006-6235 | | Last Modified: | Dec 7 10:49:11 2006 |
| MD5 Checksum: | ae7e885e1e848d46f45696388747c18b |
|
| /// File Name: |
dsa-1205-2.txt |
Description:
|
Debian Security Advisory 1205-2 - Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure temporary files when its logfiles are rotated, which might lead to a denial of service through a symlink attack. The original advisory for this issue did not contain fixed packages for all supported architectures which are corrected in this update.
| | Homepage: | http://www.debian.org/security | | File Size: | 7068 | | Related CVE(s): | CVE-2006-4248 | | Last Modified: | Dec 6 05:04:56 2006 |
| MD5 Checksum: | 07cd63b665e2ec67991dd49a4cccdbc6 |
|
| /// File Name: |
dsa-1244-1.txt |
Description:
|
Debian Security Advisory 1244-1 - It was discovered that the Xine multimedia library performs insufficient sanitizing of Real streams, which might lead to the execution of arbitrary code through a buffer overflow.
| | Homepage: | http://www.debian.org/security | | File Size: | 6984 | | Related CVE(s): | CVE-2006-6172 | | Last Modified: | Dec 29 16:10:26 2006 |
| MD5 Checksum: | 3fedb8c23a2485d0c89bc919c7b67173 |
|
| /// File Name: |
sa23284.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for gnupg. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23284/ | | File Size: | 6854 | | Last Modified: | Dec 14 10:45:41 2006 |
| MD5 Checksum: | 334fab4e2cde1b67bf3c66bde56cf5a4 |
|
| /// File Name: |
dsa-1228-1.txt |
Description:
|
Debian Security Advisory 1228-1 - Teemu Salmela discovered that the elinks character mode web browser performs insufficient sanitizing of smb:// URIs, which might lead to the execution of arbitrary shell commands.
| | Homepage: | http://www.debian.org/security | | File Size: | 6805 | | Related CVE(s): | CVE-2006-5925 | | Last Modified: | Dec 6 07:52:31 2006 |
| MD5 Checksum: | 5d878222604b9d0cb04c1dedc8a865ca |
|
| /// File Name: |
sa23234.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for elinks. This fixes a vulnerability, which can be exploited by malicious people to expose sensitive information and manipulate data.
| | Homepage: | http://secunia.com/advisories/23234/ | | File Size: | 6780 | | Last Modified: | Dec 7 07:24:29 2006 |
| MD5 Checksum: | 7b17606bc2008efa8a14691b61f78075 |
|
| /// File Name: |
SSRT061267-2.txt |
Description:
|
HPSBUX02178 SSRT061267 rev.2 - HP-UX Secure Shell Remote Unauthorized Denial of Service (DoS) - A potential security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 6725 | | Last Modified: | Dec 19 20:34:56 2006 |
| MD5 Checksum: | 4e29ccc601552decfbad11bc134ef0aa |
|
| /// File Name: |
sa23567.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for xine-lib. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23567/ | | File Size: | 6666 | | Last Modified: | Dec 29 16:04:15 2006 |
| MD5 Checksum: | 07ed22c56e49b503cb31c8c0fe1eb07f |
|
| /// File Name: |
SSRT061267.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a denial of service.
| | Homepage: | http://www.hp.com | | File Size: | 6661 | | Related CVE(s): | CVE-2006-0225, CVE-2006-4924 | | Last Modified: | Dec 6 07:51:39 2006 |
| MD5 Checksum: | f0dc16e20b7646299e0b0ccb7b51a158 |
|
| /// File Name: |
NETRAGARD-20061206.txt |
Description:
|
Netragard, L.L.C Advisory - @Mail version 4.51 does not properly sanitize email allowing for cross site scripting attacks.
| | Homepage: | http://www.netragard.com | | File Size: | 6550 | | Last Modified: | Dec 22 04:06:59 2006 |
| MD5 Checksum: | 1e73247370f70b7019041da3b6f68945 |
|
| /// File Name: |
MDKSA-2006-164-2.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006:164-2: Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6336 | | Last Modified: | Dec 14 21:56:45 2006 |
| MD5 Checksum: | ce5f771ccac7bafeda0e985a5d32ee59 |
|
| /// File Name: |
MDKSA-2006-224.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6191 | | Related CVE(s): | CVE-2006-6172 | | Last Modified: | Dec 7 09:29:23 2006 |
| MD5 Checksum: | 10a520f942a9054acd7a558701f48507 |
|
| /// File Name: |
sa23183.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for evince. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23183/ | | File Size: | 5958 | | Last Modified: | Dec 6 03:07:49 2006 |
| MD5 Checksum: | f8b363e194a10111072c01455b3dcdf0 |
|
| /// File Name: |
secunia-aolcddb.txt |
Description:
|
Secunia Research has discovered a vulnerability in AOL, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "CDDBControlAOL.CDDBAOLControl" ActiveX control (cddbcontrol.dll) when processing "ClientId" arguments passed to the "SetClientInfo()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (more than 256 bytes). Successful exploitation allows execution of arbitrary code when a user visits a malicious website with Internet Explorer. In order to exploit the vulnerability, a certain registry value has to be set to "1111". This is not set by default, but can be set up automatically by first instantiating the bundled CerberusCDPlayer ActiveX control. Affected software includes America Online 7.0 revision 4114.563, AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision 4156.910.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 5773 | | Last Modified: | Dec 11 17:37:38 2006 |
| MD5 Checksum: | f0bb98d80dc9504d3219b2129b854583 |
|
| /// File Name: |
MDKSA-2006-225.txt |
Description:
|
Mandriva Linux Security Advisory - Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5688 | | Related CVE(s): | CVE-2006-6303 | | Last Modified: | Dec 7 10:43:49 2006 |
| MD5 Checksum: | 28c110ebb76c2d5acf874470665df546 |
|
| /// File Name: |
MDKSA-2006-223.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
| | Homepage: | http://www.mandriva.com/security | | File Size: | 5683 | | Related CVE(s): | CVE-2006-5868 | | Last Modified: | Dec 6 05:35:54 2006 |
| MD5 Checksum: | 5832828f264d734b41be92d408e8dfc8 |
|
| /// File Name: |
SSRT061230-1.txt |
Description:
|
HPSBMA02173 SSRT061230 rev. 1 - HP Integrated Lights Out (iLO & iLO 2) Running SSH Key Based Authentication Remote Unauthorized Access: A potential security vulnerability has been identified in HP Integrated Lights Out (iLO & iLO 2) used on Proliant servers when using SSH key based authentication. The vulnerability can be remotely exploited to gain unauthorized access.
| | Homepage: | http://www.hp.com | | File Size: | 5637 | | Last Modified: | Dec 19 20:35:57 2006 |
| MD5 Checksum: | 6a88c706c55b6ed3a38065bcdd55b27b |
|
| /// File Name: |
sa23186.txt |
Description:
|
Secunia Security Advisory - Sun has acknowledged a vulnerability in various Sun Java System Server products, which can be exploited by malicious people to conduct HTTP request smuggling attacks.
| | Homepage: | http://secunia.com/advisories/23186/ | | File Size: | 5579 | | Last Modified: | Dec 6 03:07:49 2006 |
| MD5 Checksum: | bba44c0b0dc38ccc6f7841fa3c58674d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
