Section: .. / 0710-advisories /
| /// File Name: |
MDKSA-2007-193.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in how OpenSSL performed Montgomery multiplications was discovered %that could allow a local attacker to reconstruct RSA private keys by examining another user's OpenSSL processes. Moritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function did not correctly check the size of the buffer it was writing to. As a result, a remote attacker could exploit this to write one NULL byte past the end of the application's cipher list buffer, which could possibly lead to a denial of service or the execution of arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7307 | | Related CVE(s): | CVE-2007-3108, CVE-2007-5135 | | Last Modified: | Oct 5 02:14:28 2007 |
| MD5 Checksum: | d2934c153f0679b7321b754ee6c07501 |
|
| /// File Name: |
SSRT071447.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. The vulnerabilities could be exploited remotely via Cross Site Scripting (XSS) to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 7263 | | Related CVE(s): | CVE-2005-2090, CVE-2006-5752, CVE-2007-0450, CVE-2007-0774, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-1887, CVE-2007-1900, CVE-2007-2449, CVE-2007-2450, CVE-2007-2756, CVE-2007-2872, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386 | | Last Modified: | Oct 10 01:27:27 2007 |
| MD5 Checksum: | 8639b3ba8e68a74767d3c010df39b14a |
|
| /// File Name: |
CAID-ARCserve.txt |
Description:
|
Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action. The first set of vulnerabilities occur due to insufficient bounds checking by multiple components. The second vulnerability occurs due to privileged functions being available for use without proper authorization. The third set of vulnerabilities are due to a memory corruption occurring with the processing of RPC procedure arguments by multiple services. The vulnerabilities allow an attacker to cause a denial of service, or potentially to execute arbitrary code.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 7170 | | Related CVE(s): | CVE-2007-5325, CVE-2007-5326, CVE-2007-5327, CVE-2007-5328, CVE-2007-5329, CVE-2007-5330, CVE-2007-5331, CVE-2007-5332 | | Last Modified: | Oct 12 00:45:16 2007 |
| MD5 Checksum: | 4b9058618aa139e33922525d849a8ced |
|
| /// File Name: |
MDKSA-2007-200.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerablity in Tk was found that could be used to overrun a buffer when loading certain GIF images. If a user were tricked into opening a specially crafted GIF file, it could lead to a denial of service condition or possibly the execution of arbitrary code with the user's privileges.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7166 | | Related CVE(s): | CVE-2007-5137, CVE-2007-5378 | | Last Modified: | Oct 18 18:44:35 2007 |
| MD5 Checksum: | 0e3f83e910e1f30abaa43c4df9dd66d7 |
|
| /// File Name: |
SSRT071453.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited locally to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 7157 | | Last Modified: | Oct 16 18:55:10 2007 |
| MD5 Checksum: | 6768849d172273a7cd69131597362142 |
|
| /// File Name: |
SYMSA-2007-011.txt |
Description:
|
Symantec Vulnerability Research SYMSA-2007-011 - A vulnerability has been discovered in the SMS handler on Windows Mobile 2005 Pocket PC Phone edition which means the sender of the original SMS message can be masked from the recipient when sent a specifically crafted WAP PUSH message.
| | Author: | Ollie Whitehouse | | Homepage: | http://www.symantec.com/research | | File Size: | 6964 | | Related CVE(s): | CVE-2007-5493 | | Last Modified: | Oct 18 18:36:57 2007 |
| MD5 Checksum: | e24110e7aa7f663a5d2ed64308d72156 |
|
| /// File Name: |
sa26994.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/26994/ | | File Size: | 6947 | | Last Modified: | Oct 3 19:13:39 2007 |
| MD5 Checksum: | e7364b8395d8001064797e1ed50c1910 |
|
| /// File Name: |
USN-530-1.txt |
Description:
|
Ubuntu Security Notice 530-1 - It was discovered that the hpssd tool of hplip did not correctly handle shell meta-characters. A local attacker could exploit this to execute arbitrary commands as the hplip user.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6875 | | Related CVE(s): | CVE-2007-5208 | | Last Modified: | Oct 12 21:28:59 2007 |
| MD5 Checksum: | 4bc05762b82d541e1f43877cff023eb9 |
|
| /// File Name: |
dsa-1380-1.txt |
Description:
|
Debian Security Advisory 1380-1 - Kalle Olavi Niemitalo discovered that elinks, an advanced text-mode WWW browser, sent HTTP POST data in cleartext when using an HTTPS proxy server potentially allowing private information to be disclosed.
| | Homepage: | http://www.debian.org/security | | File Size: | 6792 | | Related CVE(s): | CVE-2007-5034 | | Last Modified: | Oct 2 20:31:53 2007 |
| MD5 Checksum: | 69cd282fc888fb0462f9333dbb97be6c |
|
| /// File Name: |
dsa-1387-1.txt |
Description:
|
Debian Security Advisory 1387-1 - It has been discovered that the original patch for a buffer overflow in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (DSA-1368-1) was insufficient to protect from arbitrary code execution in some environments.
| | Homepage: | http://www.debian.org/security | | File Size: | 6746 | | Related CVE(s): | CVE-2007-4743, CVE-2007-3999 | | Last Modified: | Oct 15 19:15:59 2007 |
| MD5 Checksum: | 78de8493ffa5690c6e0c603f981854c8 |
|
| /// File Name: |
SSRT071445-1.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows. These vulnerabilities could by exploited remotely to allow cross site scripting (XSS).
| | Homepage: | http://www.hp.com/ | | File Size: | 6621 | | Last Modified: | Oct 10 01:29:21 2007 |
| MD5 Checksum: | cebcd1fa13f99d2ce348b5e590b3dd57 |
|
| /// File Name: |
sa27347.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in PHP Project Management, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27347/ | | File Size: | 6603 | | Last Modified: | Oct 23 14:14:24 2007 |
| MD5 Checksum: | 6f160d1aebe87ba1ca94d1ce7dd51365 |
|
| /// File Name: |
MDKSA-2007-194.txt |
Description:
|
Mandriva Linux Security Advisory - More vulnerabilities in libvorbis were found that could be used to cause an application linked to libvorbis to crash or execute arbitrary code if used to open a carefully crafted OGG file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6537 | | Related CVE(s): | CVE-2007-4065, CVE-2007-4066 | | Last Modified: | Oct 12 00:20:47 2007 |
| MD5 Checksum: | 28c2e1c92f5d34ee3fc2673b5baffce9 |
|
| /// File Name: |
SSRT071445.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for HP-UX. These vulnerabilities could by exploited remotely to allow cross site scripting (XSS).
| | Homepage: | http://www.hp.com/ | | File Size: | 6335 | | Last Modified: | Oct 10 01:28:12 2007 |
| MD5 Checksum: | 54c06269354825938acf38061e5a09a8 |
|
| /// File Name: |
sa27038.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for elinks. This fixes a weakness, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/27038/ | | File Size: | 6277 | | Last Modified: | Oct 3 20:36:17 2007 |
| MD5 Checksum: | 0852e6a6024e442092d64f218042e312 |
|
| /// File Name: |
MDKSA-2007-198.txt |
Description:
|
Mandriva Linux Security Advisory - The mount and umount programs in util-linux called the setuid() and setgid() functions in the wrong order and did not check the return values, which could allow attackers to grain privileges via helper applications such as mount.nfs.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6111 | | Related CVE(s): | CVE-2007-5191 | | Last Modified: | Oct 16 00:26:23 2007 |
| MD5 Checksum: | dd3bb8a621df79d81e88f389dec88ac1 |
|
| /// File Name: |
TA07-290A.txt |
Description:
|
Technical Cyber Security Alert TA07-290A - Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 5966 | | Last Modified: | Oct 18 18:35:44 2007 |
| MD5 Checksum: | d5c97101601ad13ece13321675a9d954 |
|
| /// File Name: |
EEYE-cabright.txt |
Description:
|
eEye Digital Security has discovered a remote vulnerability in CA BrightStor ARCserve Backup Server that allows an attacker to execute arbitrary code as SYSTEM without any user interaction. The exploit is extremely reliable and can be successfully delivered either across the Internet or within local networks via a random TCP port that is disclosed by the BrightStor portmapper service on TCP/111.
| | Author: | Greg Linares | | Homepage: | http://www.eeye.com/ | | File Size: | 5942 | | Last Modified: | Oct 12 00:49:31 2007 |
| MD5 Checksum: | 10aac82704a7a304ec3cd8cea6cade18 |
|
| /// File Name: |
SYMSA-2007-010.txt |
Description:
|
Symantec Vulnerability Research SYMSA-2007-010 - A vulnerability has been discovered in the mechanism that Microsoft ActiveSync 4.x uses to obfuscate the password when it's sent over the USB network interface between the device and the host machine. This enables malicious software on the host to either impersonate a device in order to obtain the current password or, if in a position to sniff network traffic, obtain the password for trivial decoding.
| | Author: | Ollie Whitehouse | | Homepage: | http://www.symantec.com/research | | File Size: | 5788 | | Related CVE(s): | CVE-2007-5460 | | Last Modified: | Oct 15 19:12:46 2007 |
| MD5 Checksum: | 0d040e6887b4ff392302b0aef6cceca6 |
|
| /// File Name: |
sa26989.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/26989/ | | File Size: | 5691 | | Last Modified: | Oct 1 23:39:22 2007 |
| MD5 Checksum: | f7fa8b16056edf51b7dcda45ecfcc818 |
|
| /// File Name: |
TA07-297A.txt |
Description:
|
Technical Cyber Security Alert TA07-297A - RealNetworks RealPlayer client for Microsoft Windows contains a stack buffer overflow in the playlist parameter passed to the client by an ActiveX control. This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code using a specially crafted web page or HTML email message.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 5603 | | Last Modified: | Oct 25 00:16:55 2007 |
| MD5 Checksum: | 71d1a302c9d89e721fd897151041c4f9 |
|
| /// File Name: |
sa27101.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/27101/ | | File Size: | 5588 | | Last Modified: | Oct 10 00:59:53 2007 |
| MD5 Checksum: | d6e9cc1143784646ba881d366c104d96 |
|
| /// File Name: |
SSRT071436.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP Select Identity. The vulnerability could be exploited to allow remote unauthorized access.
| | Homepage: | http://www.hp.com/ | | File Size: | 5518 | | Last Modified: | Oct 12 00:40:08 2007 |
| MD5 Checksum: | 44d3955a018c0b8443bf3a069369e251 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
