Section: .. / 0701-advisories /
| /// File Name: |
CT09-01-2007.txt |
Description:
|
Microsoft Outlook is a popular personal communication manager that provides end users with a unified place to manage e-mail, calendar and contact information. As part of its standard offering, Outlook also includes an Advanced Search facility (Finder.exe) enabling end-users to query any aspect of their repository information. Unfortunately, it transpires that Outlook/Finder is susceptible to a remote Buffer overflow vulnerability, when processing the contents of a specially crafted Office Saved Search (.oss) file.
| | Author: | Stuart Pearson | | Homepage: | http://www.computerterrorism.com/ | | File Size: | 3364 | | Related CVE(s): | CVE-2007-0034 | | Last Modified: | Jan 13 19:10:08 2007 |
| MD5 Checksum: | ae714bb4c24e9aea624b67a515703c5f |
|
| /// File Name: |
sa23961.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for libsoup. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23961/ | | File Size: | 3362 | | Last Modified: | Jan 29 11:19:09 2007 |
| MD5 Checksum: | b6ff96c91bf0e0d560c1052aaca9aa72 |
|
| /// File Name: |
sa23979.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Java System Access Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/23979/ | | File Size: | 3344 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | 37247f78537f6e826facb6a136435985 |
|
| /// File Name: |
OpenPKG-SA-2007.002.txt |
Description:
|
OpenPKG Security Advisory - Together with two portability and stability issues, two older security issues were fixed in the compression tool BZip2, versions up to and including 1.0.3.
| | Homepage: | http://openpkg.com/security/ | | File Size: | 3342 | | Related CVE(s): | CVE-2005-0953, CVE-2005-0758 | | Last Modified: | Jan 13 15:35:58 2007 |
| MD5 Checksum: | aab4dc3086c8c35f78e33845441257e8 |
|
| /// File Name: |
01.05.07-3.txt |
Description:
|
iDefense Security Advisory - Remote exploitation of a DoS vulnerability in Kaspersky Lab's Antivirus could allow an attacker to cause a denial of service (DoS) condition. Kaspersky Antivirus is vulnerable to a DoS condition when processing a specially crafted PE (portable executable) file. One of the headers in a PE file is the Optional Windows Header section. This section of the PE header contains information needed by the Windows linker and loader. An invalid value for the 'NumberOfRvaAndSizes' field will cause Kaspersky to repeatedly seek and read from the same section of the file in an endless loop. iDefense has confirmed the existence of this vulnerability in Kaspersky Labs Antivirus Engine version 6.0 for Windows and 5.5-10 for Linux. Previous versions may also be affected. Any products that use the scanning engine are also affected. This includes the Kaspersky mail gateway scanner.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3341 | | Last Modified: | Jan 13 15:39:15 2007 |
| MD5 Checksum: | e94b06fe993ddfc575e800ea163fe0d9 |
|
| /// File Name: |
sa23923.txt |
Description:
|
Secunia Security Advisory - Slackware has issued an update for fetchmail. This fixes a vulnerability and a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to gain knowledge of sensitive information.
| | Homepage: | http://secunia.com/advisories/23923/ | | File Size: | 3310 | | Last Modified: | Jan 26 20:46:45 2007 |
| MD5 Checksum: | e63eb734131dca7c73d8d506a363e290 |
|
| /// File Name: |
sa23843.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Hitachi Web Server, which can be exploited by malicious people to bypass certain security restrictions or conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/23843/ | | File Size: | 3309 | | Last Modified: | Jan 26 20:46:45 2007 |
| MD5 Checksum: | 8f33e9c73ca0da724da004373196d5db |
|
| /// File Name: |
glsa-200701-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-10 - When decoding trackbacks with alternate character sets, WordPress does not correctly sanitize the entries before further modifying a SQL query. WordPress also displays different error messages in wp-login.php based upon whether or not a user exists. David Kierznowski has discovered that WordPress fails to properly sanitize recent file information in /wp-admin/templates.php before sending that information to a browser. Versions less than 2.0.6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3292 | | Last Modified: | Jan 15 22:39:07 2007 |
| MD5 Checksum: | dcb3e28bd38089a1c38245d8ab203566 |
|
| /// File Name: |
glsa-200701-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-07 - John Heasman of NGSSoftware has discovered integer overflows in the EMR_POLYPOLYGON and EMR_POLYPOLYGON16 processing and an error within the handling of META_ESCAPE records. Versions less than 2.1.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3277 | | Last Modified: | Jan 13 20:01:40 2007 |
| MD5 Checksum: | 773ed98805fd2342a933048ee1b95508 |
|
| /// File Name: |
OpenPKG-SA-2007.007.txt |
Description:
|
OpenPKG Security Advisory - As confirmed by vendor security advisories, two security issues exist in the DNS server BIND, versions up to 9.3.4. The first issue is a "use after free" vulnerability which allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors that cause BIND to "dereference (read) a freed fetch context". The second issue allows remote attackers to cause a Denial of Service (DoS) via a type "*" (ANY) DNS query response that contains multiple resource record (RR) sets in the answer section, which triggers an assertion error. To be vulnerable you need to have enabled DNSSEC validation in the configuration by specifying "trusted-keys".
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 3272 | | Related CVE(s): | CVE-2007-0493, CVE-2007-0494 | | Last Modified: | Jan 29 20:35:12 2007 |
| MD5 Checksum: | ef98c338e7f5a017b8877bfeaad6e259 |
|
| /// File Name: |
sa23757.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Sun Java Runtime Environment (JRE), which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23757/ | | File Size: | 3243 | | Last Modified: | Jan 18 03:44:32 2007 |
| MD5 Checksum: | 0306e562b9f2ab3b477ca1821fa5aa8c |
|
| /// File Name: |
OpenPKG-SA-2007.004.txt |
Description:
|
OpenPKG Security Advisory - According to vendor release notes and security advisories, two security issues exist in the POP3/IMAP batch client Fetchmail, version up to and including 6.3.5
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 3225 | | Related CVE(s): | CVE-2006-5867, CVE-2006-5974 | | Last Modified: | Jan 13 16:10:41 2007 |
| MD5 Checksum: | 9181a50fcb8e0f7003aa26fc56e316bb |
|
| /// File Name: |
OpenPKG-SA-2007.006.txt |
Description:
|
OpenPKG Security Advisory - According to vendor security advisories, two security issues exist in the Kerberos network authentication system implementation MIT Kerberos. First, the RPC library could call an uninitialized function pointer, which created a security vulnerability for kadmind(8). Second, the GSS-API "mechglue" layer could fail to initialize some output pointers, causing callers to attempt to free uninitialized pointers. This caused another security vulnerability in kadmind(8).
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 3214 | | Related CVE(s): | CVE-2006-6143, CVE-2006-6144 | | Last Modified: | Jan 13 18:28:16 2007 |
| MD5 Checksum: | 3a75c439922141b24caa9ca32a52438c |
|
| /// File Name: |
USN-413-1.txt |
Description:
|
Ubuntu Security Notice 413-1 - A flaw was discovered in the HID daemon of bluez-utils. A remote attacker could gain control of the mouse and keyboard if hidd was enabled. This does not affect a default Ubuntu installation, since hidd is normally disabled.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3212 | | Related CVE(s): | CVE-2006-6899 | | Last Modified: | Jan 24 01:54:05 2007 |
| MD5 Checksum: | 4bef66326f94da32f322b0dea50afec3 |
|
| /// File Name: |
CAID-34818.txt |
Description:
|
Multiple vulnerabilities have been discovered in CA Personal Firewall drivers. The vulnerabilities are due to errors in the HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys) drivers. Local attackers can exploit these vulnerabilities to gain escalated privileges.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 3206 | | Related OSVDB(s): | 30497,30498 | | Related CVE(s): | CVE-2006-6952 | | Last Modified: | Jan 26 22:02:12 2007 |
| MD5 Checksum: | 2892812304ef3817dcf5e68c4e4806cc |
|
| /// File Name: |
sa23972.txt |
Description:
|
Secunia Security Advisory - Slackware has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/23972/ | | File Size: | 3129 | | Last Modified: | Jan 29 11:19:09 2007 |
| MD5 Checksum: | b70bf31c6631465b1d88f10dcde2d965 |
|
| /// File Name: |
ngs-openoffice.txt |
Description:
|
Three heap overflows have been discovered in OpenOffice versions below 2.1.0 and StarOffice 6, 7 and 8. If an attacker can coax a user into opening a specially crafted document then the attacker can execute arbitrary code in the security context of their victim.
| | Author: | John Heasman | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 3113 | | Last Modified: | Jan 5 02:36:04 2007 |
| MD5 Checksum: | d57f283a83a2b118789d23e98b0062fd |
|
| /// File Name: |
glsa-200701-19.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-19 - Tavis Ormandy of the Gentoo Linux Security Team has discovered that the file gencert.sh distributed with the Gentoo ebuild for OpenLDAP does not exit upon the existence of a directory in /tmp during installation allowing for directory traversal. Versions less than 2.1.30-r10 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3110 | | Last Modified: | Jan 24 01:47:22 2007 |
| MD5 Checksum: | 14abc6ea3c398a78d14b17917370862e |
|
| /// File Name: |
glsa-200701-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-08 - Christoph Deal discovered that JPEG files with a specially crafted DHT marker can be exploited to cause a heap overflow. Furthermore, an anonymous person discovered that Opera does not correctly handle objects passed to the createSVGTransformFromMatrix() function. Versions less than 9.10 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3094 | | Last Modified: | Jan 13 20:01:56 2007 |
| MD5 Checksum: | b9390704b0a88f412d42778f70031082 |
|
| /// File Name: |
OpenPKG-SA-2007.005.txt |
Description:
|
OpenPKG Security Advisory - According to a security advisory from Stefan Esser, a vulnerability exists in the Weblog publishing system WordPress, versions up to and including 2.0.5.
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 3083 | | Last Modified: | Jan 13 16:12:47 2007 |
| MD5 Checksum: | 1ccf2de1be50e5673323b0d28d7e9d42 |
|
| /// File Name: |
MDKSA-2007-007.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in the NVIDIA Xorg driver was discovered by Derek Abdine who found that it did not correctly verify the size of buffers used to render text glyphs, resulting in a crash of the server when displaying very long strings of text. If a user was tricked into viewing a specially crafted series of glyphs, this flaw could be exploited to run arbitrary code with root privileges.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3072 | | Related CVE(s): | CVE-2006-5379 | | Last Modified: | Jan 13 18:45:14 2007 |
| MD5 Checksum: | 7d26cb114323b4398a01d9a778daebef |
|
| /// File Name: |
sa23900.txt |
Description:
|
Secunia Security Advisory - Sun has acknowledged a security issue in Sun Ray Server Software, which can be exploited by malicious, local users to gain sensitive information.
| | Homepage: | http://secunia.com/advisories/23900/ | | File Size: | 3065 | | Last Modified: | Jan 26 20:46:45 2007 |
| MD5 Checksum: | 814346ee9236410c12c2fd6e3c5ea18d |
|
| /// File Name: |
MDKSA-2007-028.txt |
Description:
|
Mandriva Linux Security Advisory - A buffer overflow in ulogd has unknown impact and attack vectors related to "improper string length calculations."
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3064 | | Related CVE(s): | CVE-2007-0460 | | Last Modified: | Jan 29 11:21:21 2007 |
| MD5 Checksum: | b92ae7566f3e0930160b67b19694cbbf |
|
| /// File Name: |
sa23928.txt |
Description:
|
Secunia Security Advisory - Hai Nam Luke has discovered a vulnerability in Yahoo Messenger, which potentially can be exploited by malicious users to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23928/ | | File Size: | 3046 | | Last Modified: | Jan 30 22:46:19 2007 |
| MD5 Checksum: | 86a2d10f323db80fd24ccaeb6e0a16f4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
