Section: .. / 0712-advisories /
| /// File Name: |
dsa-1442-1.txt |
Description:
|
Debian Security Advisory 1442-1 - Rubert Buchholz discovered that libsndfile, a library for reading / writing audio files performs insufficient boundary checks when processing FLAC files, which might lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 8448 | | Related CVE(s): | CVE-2007-4974 | | Last Modified: | Dec 29 15:40:29 2007 |
| MD5 Checksum: | 57b37d2a4f4496939ae7a1675e08b537 |
|
| /// File Name: |
efsup.txt |
Description:
|
Easy File Sharing Web Server versions 4.5 and below suffer from upload directory traversal, download of database files, and sensitive file reading vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | efsup.zip | | File Size: | 3268 | | Last Modified: | Dec 7 20:16:48 2007 |
| MD5 Checksum: | 7b8029936acf59c68c58d727e8087c1b |
|
| /// File Name: |
eleytt-various.txt |
Description:
|
Eleytt has discovered cross site scripting and username enumeration vulnerabilities in the IBM Tivoli Provisioning Manager Express, a HTML injection vulnerability in the Computer Associates eTrust Threat Management Console, and a denial of service and remote user addition vulnerability in Gadu-Gadu.
| | Author: | Michal Bucko, Tomasz Polis | | Homepage: | http://www.eleytt.com/ | | File Size: | 6731 | | Last Modified: | Dec 5 23:33:36 2007 |
| MD5 Checksum: | 5c1482d536691a3868f0e2029cdfc0df |
|
| /// File Name: |
fengulo.txt |
Description:
|
Feng versions 0.1.15 and below suffer from buffer overflow and denial of service vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | fengulo.zip | | File Size: | 7202 | | Last Modified: | Dec 28 19:58:39 2007 |
| MD5 Checksum: | b9d0d28e5b0104405b411a0afd34090d |
|
| /// File Name: |
fig-xml.txt |
Description:
|
Flash Image Gallery suffers from a direct download vulnerability where config.xml, the file containing the username and password for the administrator, can be directly accessed by anyone remotely. Advisory is in Spanish.
| | Author: | Yamabushiken | | File Size: | 1848 | | Last Modified: | Dec 13 17:06:16 2007 |
| MD5 Checksum: | a55edfc714d8b5a437f050ecb9f78d3a |
|
| /// File Name: |
fireflyz.txt |
Description:
|
Firefly media Server (mt-daapd) versions 2.4.1 and below and SVN versions 1699 and below suffer from directory traversal, authentication bypass, and denial of service vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | fireflyz.zip | | File Size: | 3860 | | Last Modified: | Dec 7 20:21:08 2007 |
| MD5 Checksum: | 4e6960fc67c7550976c4ff69b4e9b708 |
|
| /// File Name: |
firefox-filefocus.txt |
Description:
|
Firefox version 2.0.0.11 suffers from a file focus stealing vulnerability.
| | Author: | Carl Hardwick | | File Size: | 972 | | Last Modified: | Dec 2 16:09:11 2007 |
| MD5 Checksum: | a0f7065c5bea16e2e5097c956b701ada |
|
| /// File Name: |
firefox20011-dos.txt |
Description:
|
Firefox 2.0.0.11 appears to suffer from an INPUT denial of service flaw.
| | Author: | Azizov Emin | | File Size: | 3054 | | Last Modified: | Dec 6 01:10:53 2007 |
| MD5 Checksum: | dd76142b0e61be6770af6c6996a4cd2d |
|
| /// File Name: |
glsa-200711-29-2.txt |
Description:
|
Gentoo Linux Security Advisory [UPDATE] GLSA 200711-29:02 - Samba contains two buffer overflow vulnerabilities potentially resulting in the execution of arbitrary code. The original GLSA only resolved one of the two vulnerabilities due to a regression. New packages are available that resolve both buffer overflows. Versions less than 3.0.27a are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2726 | | Last Modified: | Dec 6 01:09:53 2007 |
| MD5 Checksum: | 0456ee59bbe2b5340732fa256d60f3a5 |
|
| /// File Name: |
glsa-200712-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-01 - Suse Linux reported that Hugin creates the hugin_debug_optim_results.txt temporary file in an insecure manner. Versions less than 0.7_beta4-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2870 | | Related CVE(s): | CVE-2007-5200 | | Last Modified: | Dec 6 01:07:43 2007 |
| MD5 Checksum: | a94b3270d66ec007daf616045c8fb5b4 |
|
| /// File Name: |
glsa-200712-02-2.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-02:02 - It has been reported that the local_graph_id variable used in the file graph.php is not properly sanitized before being processed in an SQL statement. Versions less than 0.8.7a are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2855 | | Related CVE(s): | CVE-2007-6035 | | Last Modified: | Dec 6 01:08:03 2007 |
| MD5 Checksum: | d09f45914fbc7ceb159ac021c5a24a0c |
|
| /// File Name: |
glsa-200712-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-03 - Drake Wilson reported that the hack-local-variables() function in GNU Emacs 22 does not properly match assignments of local variables in a file against a list of unsafe or risky variables, allowing to override them (CVE-2007-5795). Andreas Schwab (SUSE) discovered a stack-based buffer overflow in the format function when handling values with high precision (CVE-2007-6109). Versions less than 22.1-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3645 | | Related CVE(s): | CVE-2007-5795, CVE-2007-6109 | | Last Modified: | Dec 10 17:40:23 2007 |
| MD5 Checksum: | 77884420c272c521ca644fed9b674755 |
|
| /// File Name: |
glsa-200712-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-04 - Multiple integer overflows were reported, one of which Peter Valchev (Google Security) found to be leading to a heap-based buffer overflow in the cairo_image_surface_create_from_png() function that processes PNG images. Versions less than 1.4.12 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3006 | | Related CVE(s): | CVE-2007-5503 | | Last Modified: | Dec 10 17:40:45 2007 |
| MD5 Checksum: | c8181a83e53f8c137b7101bdae456400 |
|
| /// File Name: |
glsa-200712-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-05 - priyadi discovered that the request to store a URL string as a LOB is treated as a request to retrieve and store the contents of the URL. Versions less than 2.5.0_alpha1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3087 | | Related CVE(s): | CVE-2007-5934 | | Last Modified: | Dec 10 17:40:58 2007 |
| MD5 Checksum: | f9568a45ac52a80998d973e619b4c1bb |
|
| /// File Name: |
glsa-200712-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-06 - Adriano Lima and Ramon de Carvalho Valle reported that functions isc_attach_database() and isc_create_database() do not perform proper boundary checking when processing their input. Versions less than 2.0.3.12981.0-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2984 | | Related CVE(s): | CVE-2007-4992, CVE-2007-5246 | | Last Modified: | Dec 10 17:41:10 2007 |
| MD5 Checksum: | ad7dce3e42bd491bc9ff96405e6919f9 |
|
| /// File Name: |
glsa-200712-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-07 - Tatsuya Kinoshita reported that the ndeb-binary function does not handle temporary files correctly. Versions less than 1.4.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2720 | | Related CVE(s): | CVE-2007-0237 | | Last Modified: | Dec 10 17:41:33 2007 |
| MD5 Checksum: | 34ed7fd928a1c026a4c32cfb47181a49 |
|
| /// File Name: |
glsa-200712-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-08 - The Qt versions used by the AMD64 x86 emulation Qt libraries were vulnerable to several flaws (GLSA 200708-16, GLSA 200710-28). Versions less than 20071114-r2 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3289 | | Last Modified: | Dec 10 17:43:11 2007 |
| MD5 Checksum: | 4e4ec18e110d4bec5234e6ff509d5a87 |
|
| /// File Name: |
glsa-200712-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-09 - Chris Rohlf discovered that the Gtk::MessageDialog.new() method in the file gtk/src/rbgtkmessagedialog.c does not properly sanitize the message parameter before passing it to the gtk_message_dialog_new() function. Versions less than 0.16.0-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2981 | | Related CVE(s): | CVE-2007-6183 | | Last Modified: | Dec 10 17:43:18 2007 |
| MD5 Checksum: | 814b4fabe1fa41db564d277ab4ffe2d1 |
|
| /// File Name: |
glsa-200712-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-10 - Alin Rad Pop (Secunia Research) discovered a boundary checking error in the send_mailslot() function which could lead to a stack-based buffer overflow. Versions less than 3.0.28 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3265 | | Related CVE(s): | CVE-2007-6015 | | Last Modified: | Dec 10 17:44:00 2007 |
| MD5 Checksum: | 09bc05b35112c9d661915711bc0ff9fa |
|
| /// File Name: |
glsa-200712-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-11 - Mike Frysinger reported that the etc-update utility uses temporary files with the standard umask, which results in the files being world-readable when merging configuration files in a default setup. Versions less than 2.1.3.11 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2787 | | Related CVE(s): | CVE-2007-6249 | | Last Modified: | Dec 13 18:02:34 2007 |
| MD5 Checksum: | 1c89d50991d0f1a7225a67e7c4da8a1a |
|
| /// File Name: |
glsa-200712-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-12 - loverboy reported that the default_encrypt() function in file encrypt.c does not properly handle overly long passwords. Versions less than 5.0.63 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2752 | | Related CVE(s): | CVE-2007-6122 | | Last Modified: | Dec 13 18:03:27 2007 |
| MD5 Checksum: | 64eb586982ef52c6164644bfa1e097a4 |
|
| /// File Name: |
glsa-200712-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-13 - Rafal Wojtczuk (McAfee AVERT Research) discovered multiple integer overflows in libext2fs, that are triggered when processing information from within the file system, resulting in heap-based buffer overflows. Versions less than 1.40.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2830 | | Related CVE(s): | CVE-2007-5497 | | Last Modified: | Dec 18 19:58:05 2007 |
| MD5 Checksum: | d682a0d624b4a39415cc914588291b1f |
|
| /// File Name: |
glsa-200712-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-14 - Wei Wang (McAfee AVERT Research) discovered an integer underflow in the asn1_get_string() function of the SNMP backend, leading to a stack-based buffer overflow when handling SNMP responses (CVE-2007-5849). Elias Pipping (Gentoo) discovered that the alternate pdftops filter creates temporary files with predictable file names when reading from standard input (CVE-2007-6358). Furthermore, the resolution of a Denial of Service vulnerability covered in GLSA 200703-28 introduced another Denial of Service vulnerability within SSL handling (CVE-2007-4045). Versions less than 1.3.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4179 | | Related CVE(s): | CVE-2007-4045, CVE-2007-5849, CVE-2007-6358 | | Last Modified: | Dec 18 19:58:29 2007 |
| MD5 Checksum: | 3847712c7850384840dfe137e9d2921a |
|
| /// File Name: |
glsa-200712-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200712-15 - Meder Kydyraliev (Google Security) discovered an integer overflow vulnerability in the exif_data_load_data_thumbnail() function leading to a memory corruption (CVE-2007-6352) and an infinite recursion in the exif_loader_write() function (CVE-2007-6351). Versions less than 0.6.16-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3267 | | Related CVE(s): | CVE-2007-6351, CVE-2007-6352 | | Last Modified: | Dec 29 15:40:37 2007 |
| MD5 Checksum: | 0036504c0eb90eb8567eeebf7ed675d9 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
