Section: .. / 0702-advisories /
| /// File Name: |
sa24316.txt |
Description:
|
Secunia Security Advisory - Samenspender has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/24316/ | | File Size: | 2492 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | 2d8cf60329489745c9536dec886888bb |
|
| /// File Name: |
sa24319.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24319/ | | File Size: | 4575 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | 5f14ddb68cea7bbc2c0dd07b4fd92bd3 |
|
| /// File Name: |
sa24324.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been discovered in Debian, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24324/ | | File Size: | 2727 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | ed2939e576a379fefd8dda836941c875 |
|
| /// File Name: |
sa24325.txt |
Description:
|
Secunia Security Advisory - laurent gaffié has discovered a vulnerability in MTCMS, which potentially can be exploited by malicious users to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24325/ | | File Size: | 2446 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | 962d2ffac46d8f9bc31ae23ff4ef0927 |
|
| /// File Name: |
sa24326.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for php. This fixes some vulnerabilities and a weakness, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24326/ | | File Size: | 6537 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | db23a114fa3560eb5310b09447fc1926 |
|
| /// File Name: |
sa24327.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24327/ | | File Size: | 4623 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | dd080ced1cf4b563f345f84c49338320 |
|
| /// File Name: |
sa24328.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24328/ | | File Size: | 2999 | | Last Modified: | Feb 27 11:54:22 2007 |
| MD5 Checksum: | 36b21b4231cd6e6be89dc5343b8df243 |
|
| /// File Name: |
sa24205.txt |
Description:
|
Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24205/ | | File Size: | 5703 | | Last Modified: | Feb 27 11:54:01 2007 |
| MD5 Checksum: | 9ecbde98fc9137237a6a2ebf1a003d40 |
|
| /// File Name: |
SYM07-002.txt |
Description:
|
Symantec Security Advisory SYM07-002 - Vulnerabilities were identified in third-party trouble-shooting ActiveX controls, developed by SupportSoft, www.supportsoft.com. Two of these controls were signed, shipped and installed with the identified versions of Symantec's consumer products and as part of the Symantec Automated Support Assistant support tool. The vulnerability identified in the Symantec shipped controls could potentially result in a stack overflow requiring user interaction to exploit. If successfully exploited this vulnerability could potentially compromise a user's system possibly allowing execution of arbitrary code or unauthorized access to system assets with the permissions of the user's browser.
| | Author: | Mark Litchfield | | Homepage: | http://www.symantec.com/security/ | | File Size: | 10817 | | Related CVE(s): | CVE-2006-6490 | | Last Modified: | Feb 23 22:05:34 2007 |
| MD5 Checksum: | ef738e6cc836e4b569b9df1624c54701 |
|
| /// File Name: |
advisory_032007.142.txt |
Description:
|
Hardened PHP Project Security Advisory - Multiple browsers suffers from a cross domain charset inheritance vulnerability. Affected include Firefox versions 2.0.0.1 and below, Internet Explorer 7,and Opera 9.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 3451 | | Last Modified: | Feb 23 22:03:23 2007 |
| MD5 Checksum: | 0c406f7eda7195f1dc12ae3ca465699a |
|
| /// File Name: |
02.23.07-2.txt |
Description:
|
iDefense Security Advisory 02.23.07 - Remote exploitation of an input validation error causing an integer underflow in version 3.10 of the Mozilla Foundation's Network Security Services (NSS) may allow an attacker to cause a stack-based buffer overflow and execute arbitrary code on the affected application. The vulnerability specifically exists in code responsible for handling the client master key. While negotiating an SSLv2 session, a client can specify invalid parameters which causes an integer underflow. The resulting value is used as the amount of memory to copy into a fixed size stack buffer. As a result, a potentially exploitable stack-based buffer overflow condition occurs. iDefense has confirmed this vulnerability exists in versions 3.10 and 3.11.3 of the Mozilla Network Security Services. These libraries are used in a variety of products from multiple vendors including Sun Microsystems, Red Hat and Mozilla. Previous versions are also likely to be affected. The names 'libnss3.so' on Linux based systems or 'nss3.dll' on Windows based systems may indicate the library is being used by an application.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4420 | | Related CVE(s): | CVE-2007-0009 | | Last Modified: | Feb 23 22:01:56 2007 |
| MD5 Checksum: | 8c91b8eddd1ccac797ef1086095470ef |
|
| /// File Name: |
02.23.07-1.txt |
Description:
|
iDefense Security Advisory 02.23.07 - Remote exploitation of an input validation error causing an integer underflow in version 3.10 of the Mozilla Foundation's Network Security Services (NSS) may allow an attacker to execute arbitrary code in the context of the affected application. The vulnerability specifically exists due to a design error in the processing of malformed SSLv2 server messages. By sending a certificate with a public key too small to encrypt the "Master Secret", heap corruption can be triggered which may result in the execution of arbitrary code. iDefense has confirmed this vulnerability exists in versions 3.10 and 3.11.3 of Mozilla Network Security Services. These libraries are used in a variety of products from multiple vendors including Sun Microsystems, Red Hat and Mozilla. Previous versions are also likely to be affected. The names 'libnss3.so' on Linux based systems or 'nss3.dll' on Windows based systems may indicate the library is being used by an application.
| | Author: | regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 4503 | | Related CVE(s): | CVE-2007-0008 | | Last Modified: | Feb 23 22:01:11 2007 |
| MD5 Checksum: | f7504baa6cc0b0fa891f4666537695f2 |
|
| /// File Name: |
USN-427-1.txt |
Description:
|
Ubuntu Security Notice 427-1 - Mikhail Markin reported that enigmail incorrectly handled memory allocations for certain large encrypted attachments. This caused Thunderbird to crash and thus caused the entire message to be inaccessible.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5236 | | Related CVE(s): | CVE-2006-5877 | | Last Modified: | Feb 23 21:57:23 2007 |
| MD5 Checksum: | d49b121fc29cd6b664ff39b7cf5c2142 |
|
| /// File Name: |
secunia-ie7.txt |
Description:
|
Secunia Research has discovered a vulnerability in Internet Explorer 7, which can be exploited by a malicious website to spoof the address bar. The vulnerability is caused due to an error in Internet Explorer 7's handling of "onunload" events, enabling a malicious website to abort the loading of a new website. This can be exploited to spoof the address bar if e.g. the user enters a new website manually in the address bar, which is commonly exercised as best practice. The vulnerability is confirmed on a fully patched Windows XP SP2 system running Internet Explorer 7. Other versions may also be affected.
| | Author: | Jakob Balle | | Homepage: | http://secunia.com/ | | File Size: | 4652 | | Last Modified: | Feb 23 21:56:39 2007 |
| MD5 Checksum: | cac34bbafb574adea82cc7cf772428a8 |
|
| /// File Name: |
MDKSA-2007-048.txt |
Description:
|
Mandriva Security Advisory - Many buffer overflow flaws were discovered in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. An attacker able to use a PHP application using any of these functions could trigger these flaws and possibly execute arbitrary code as the apache user. A one-byte memory read will always occur prior to the beginning of a buffer, which could be triggered, for example, by any use of the header() function in a script. The wddx extension, if used to import WDDX data from an untrusted source, may allow a random portion of heap memory to be exposed due to certain WDDX input packets. The odbc_result_all() function, if used to display data from a database, and if the contents of the database are under the control of an attacker, could lead to the execution of arbitrary code due to a format string vulnerability. Several flaws in the PHP could allow attackers to clobber certain super-global variables via unspecified vectors. The zend_hash_init() function can be forced into an infinite loop if unserializing untrusted data on a 64-bit platform, resulting in the consumption of CPU resources until the script timeout alarm aborts the execution of the script.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 14576 | | Related CVE(s): | CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 | | Last Modified: | Feb 23 21:54:00 2007 |
| MD5 Checksum: | fcf252091d0bd2a2ca2cc2b59d97ab67 |
|
| /// File Name: |
02.22.07-3.txt |
Description:
|
iDefense Security Advisory 02.22.07 - Local exploitation of a multiple vulnerabilities in IBM Corp.'s DB2 Universal Database allow attackers to cause a denial of service condition or elevate privileges to root. Several vulnerabilities exist due to unsafe file access from within several setuid-root binaries. Specifically, when supplying certain environment variables, the DB2 administration binaries will use the specified filename for saving data. This allows an attacker to create or append to arbitrary files as root. A heap-based buffer overflow vulnerability can occur when copying data from an environment variable. The variable contents are copied to a static BSS segment buffer without ensuring proper NUL termination. Consequently, this allows an attacker to cause a heap overflow in a later function call. A stack-based buffer overflow can occur when an environment variable contains a long string. By specifying a specially crafted value, it is possible to overwrite the return address of a function and execute arbitrary code. iDefense has confirmed the existence of these vulnerabilities within IBM Corp.'s DB2 Universal Database 9.1 release installed on Linux. Other versions, including those installed on other architectures, are suspected to be vulnerable as well. These vulnerabilities do not appear to affect DB2 Universal Database running on the windows platform.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 4529 | | Last Modified: | Feb 23 21:50:56 2007 |
| MD5 Checksum: | 3c9750c1e4a747af81e04379de4095d8 |
|
| /// File Name: |
02.22.07-2.txt |
Description:
|
iDefense Security Advisory 02.22.07 - Local exploitation of a file creation vulnerability in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. This vulnerability exists due to unsafe file access from within several setuid-root binaries. Specifically, when supplying the DB2INSTANCE environment variable, the setuid-root DB2 administration binaries will use the home directory of the specified user for loading configuration data. This allows attackers create or append to arbitrary files by creating a specific executing environment. Additionally, the user's umask settings will be honored allowing the creation of root-owned world-writable files. iDefense has confirmed the existence of this vulnerability within IBM Corp.'s DB2 Universal Database 9.1 release installed on Linux. Other versions are suspected to be vulnerable as well. This vulnerability does not affect DB2 Universal Database running on the windows platform.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3685 | | Last Modified: | Feb 23 21:49:41 2007 |
| MD5 Checksum: | 2c23d7265527b5338afca6ce75a79b57 |
|
| /// File Name: |
02.22.07-1.txt |
Description:
|
iDefense Security Advisory 02.22.07 - Remote exploitation of a buffer overflow vulnerability in VeriSign Inc.'s ConfigChk ActiveX Control could allow an attacker to execute arbitrary code within the security context of the victim. iDefense has confirmed the existence of this vulnerability within version 2.0.0.2 of VeriSign Inc's VSCnfChk.dll. All versions are suspected to be vulnerable.
| | Author: | David D. Rude II | | Homepage: | http://www.idefense.com/ | | File Size: | 3252 | | Last Modified: | Feb 23 21:48:48 2007 |
| MD5 Checksum: | df82f344e125c06ae77aa1dfeb7c8a42 |
|
| /// File Name: |
readirchange.txt |
Description:
|
ReadDirectoryChangesW() in Microsoft Windows 2000/XP/2003/Vista does not check a user's permissions for child objects, making it possible to retrieve information about objects that a user has no LIST permissions for.
| | Author: | 3APA3A | | Homepage: | http://securityvulns.com/ | | Related Exploit: | spydir.c | | File Size: | 3321 | | Related CVE(s): | CVE-2007-0843 | | Last Modified: | Feb 23 21:45:58 2007 |
| MD5 Checksum: | 6c04fac47932131d4237f8749f08f6fa |
|
| /// File Name: |
USN-426-1.txt |
Description:
|
Ubuntu Security Notice 426-1 - Mu Security discovered a format string vulnerability in Ekiga. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5018 | | Related CVE(s): | CVE-2007-1006, CVE-2007-1007 | | Last Modified: | Feb 23 21:27:05 2007 |
| MD5 Checksum: | e0b73f01af64972a1d64b16035362623 |
|
| /// File Name: |
USN-425-1.txt |
Description:
|
Ubuntu Security Notice 425-1 - A flaw was discovered in the permission checking code of slocate. When reporting matching files, locate would not correctly respect the parent directory's "read" bits. This could result in filenames being displayed when the file owner had expected them to remain hidden from other system users.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3679 | | Related CVE(s): | CVE-2007-0227 | | Last Modified: | Feb 23 21:22:18 2007 |
| MD5 Checksum: | 613e2881513ca3a66777f911db0bcf02 |
|
| /// File Name: |
firefox-bookmark.txt |
Description:
|
There is an interesting vulnerability in how Firefox handles bookmarks. The flaw allows the attacker to steal credentials from commonly used browser start sites.
| | Author: | Michal Zalewski | | Homepage: | http://lcamtuf.coredump.cx/ | | File Size: | 1270 | | Last Modified: | Feb 23 20:45:50 2007 |
| MD5 Checksum: | a0329b99dae1c0984225a5d60d36c5a8 |
|
| /// File Name: |
02.16.07-1.txt |
Description:
|
iDefense Security Advisory 02.16.07 - TrendMicro's ServerProtect product uses a web interface which runs on port TCP 14942 to configure the product. This interface is protected with a user configurable password. Upon successful login, a cookie is set with the name 'splx_2376_info' and a valid session id as its value. The ServerProtect web application suffers from a design error vulnerability in its authorization checking routines. Attackers can gain full access to the web application by requesting any internal page while supplying their own 'splx_2376_info' cookie with an arbitrary value. iDefense has confirmed this vulnerability in Trend ServerProtect v1.3 for Linux. This vulnerability is not present in the Windows based versions of Server protect.
| | Author: | Damian Put | | Homepage: | http://www.idefense.com/ | | File Size: | 3317 | | Last Modified: | Feb 23 20:44:29 2007 |
| MD5 Checksum: | f95f0a15b78c940c6b57b3b8b6290278 |
|
| /// File Name: |
MDKSA-2007-047.txt |
Description:
|
Mandriva Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. A double free vulnerability in the squashfs module could allow a local user to cause a Denial of Service by mounting a crafted squashfs filesystem. The zlib_inflate function allows local users to cause a crash via a malformed filesystem that uses zlib compression that triggers memory corruption. The key serial number collision avoidance code in the key_alloc_serial function in kernels 2.6.9 up to 2.6.20 allows local users to cause a crash via vectors that will trigger a null dereference. The provided packages are patched to fix these vulnerabilities. All users are encouraged to upgrade to these updated kernels immediately and reboot to effect the fixes.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4757 | | Related CVE(s): | CVE-2006-5701, CVE-2006-5823, CVE-2007-0006 | | Last Modified: | Feb 23 20:41:13 2007 |
| MD5 Checksum: | d7df8353a48d46de10cb6d602dfe77c9 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
