Section: .. / 0803-advisories /
| /// File Name: |
cisco-sa-20080326-mvpn.txt |
Description:
|
Cisco Security Advisory - A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
| | Homepage: | http://www.cisco.com/ | | File Size: | 55614 | | Related CVE(s): | CVE-2008-1156 | | Last Modified: | Mar 26 18:25:39 2008 |
| MD5 Checksum: | b6b22521b835b52b20c91e549abbb8ed |
|
| /// File Name: |
cisco-sa-20080326-pptp.txt |
Description:
|
Cisco Security Advisory - Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution. The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.
| | Homepage: | http://www.cisco.com/ | | File Size: | 55004 | | Related CVE(s): | CVE-2008-1151, CVE-2008-1150 | | Last Modified: | Mar 26 18:26:39 2008 |
| MD5 Checksum: | f7a50af3ec20c59e5ab5ff3dc4993ae6 |
|
| /// File Name: |
cisco-sa-20080326-queue.txt |
Description:
|
Cisco Security Advisory - Certain Cisco Catalyst 6500 Series and Cisco 7600 Router devices that run branches of Cisco IOS based on 12.2 can be vulnerable to a denial of service vulnerability that can prevent any traffic from entering an affected interface. For a device to be vulnerable, it must be configured for Open Shortest Path First (OSPF) Sham-Link and Multi Protocol Label Switching (MPLS) Virtual Private Networking (VPN). This vulnerability only affects Cisco Catalyst 6500 Series or Catalyst 7600 Series devices with the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720) or Route Switch Processor 720 (RSP720) modules. The Supervisor 32, Supervisor 720, Supervisor 720-3B, Supervisor 720-3BXL, Route Switch Processor 720, Route Switch Processor 720-3C, and Route Switch Processor 720-3CXL are all potentially vulnerable.
| | Homepage: | http://www.cisco.com/ | | File Size: | 39760 | | Related CVE(s): | CVE-2008-0057 | | Last Modified: | Mar 26 18:24:02 2008 |
| MD5 Checksum: | 5c74aa992cd5ee8cef86af771b355b71 |
|
| /// File Name: |
CORE-2007-1212.txt |
Description:
|
Core Security Technologies Advisory - Secure Internet Life Conferencing (SILC) server versions 1.1.1 and below and client versions 1.1.3 and below suffer from a pkcs_decode related buffer overflow vulnerability.
| | Author: | Ariel Waissbein, Pedro Varangot, Martin Mizrahi, Oren Isacson, Carlos Garcia, Ivan Arce | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 8192 | | Last Modified: | Mar 25 20:29:31 2008 |
| MD5 Checksum: | 579aa50d9135f12aaf659ca54ca9d1d0 |
|
| /// File Name: |
DDIVRT-2008-09.txt |
Description:
|
The PacketTrap PT360 Tool Suite version 1.1.33.1.0 TFTP server component is vulnerable to a denial of service condition.
| | Author: | princeofnigeria | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1175 | | Last Modified: | Mar 3 17:37:51 2008 |
| MD5 Checksum: | 62d0c7485cdd2e557993698fd84e1921 |
|
| /// File Name: |
DDIVRT-2008-10.txt |
Description:
|
The PacketTrap PT360 Tool Suite version 1.1.33.1.0 TFTP server component is vulnerable to directory traversal attacks.
| | Author: | princeofnigeria | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1288 | | Last Modified: | Mar 3 17:37:18 2008 |
| MD5 Checksum: | 63a7c1cb6dc3594d286903361f7179b7 |
|
| /// File Name: |
dsa-1485-2.txt |
Description:
|
Debian Security Advisory 1485-2 - A regression has been fixed in icedove's frame handling code. Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.
| | Homepage: | http://www.debian.org/security | | File Size: | 17486 | | Related CVE(s): | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594 | | Last Modified: | Mar 17 19:58:02 2008 |
| MD5 Checksum: | 6dd351c68656cacad2d422da1b052a4a |
|
| /// File Name: |
dsa-1493-2.txt |
Description:
|
Debian Security Advisory 1493-2 - An oversight led to the version number of the Debian 4.0 Etch update for advisory DSA 1493-1 being lower than the version in the main archive, making it uninstallable. This update corrects the version number. Several local/remote vulnerabilities have been discovered in the image loading library for the Simple DirectMedia Layer 1.2.
| | Homepage: | http://www.debian.org/security | | File Size: | 12889 | | Related CVE(s): | CVE-2007-6697, CVE-2008-0554 | | Last Modified: | Mar 17 14:48:20 2008 |
| MD5 Checksum: | 551c44af8fe4179badea1fe6e5782ea7 |
|
| /// File Name: |
dsa-1503-2.txt |
Description:
|
Debian Security Advisory 1503-2 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 74207 | | Related CVE(s): | CVE-2004-2731, CVE-2006-4814, CVE-2006-5753, CVE-2006-5823, CVE-2006-6053, CVE-2006-6054, CVE-2006-6106, CVE-2007-1353, CVE-2007-1592, CVE-2007-2172, CVE-2007-2525, CVE-2007-3848, CVE-2007-4308, CVE-2007-4311, CVE-2007-5093, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6694, CVE-2008-0007 | | Last Modified: | Mar 12 16:38:11 2008 |
| MD5 Checksum: | 4d782fab669b98a7a56eca8a00c7628d |
|
| /// File Name: |
dsa-1506-2.txt |
Description:
|
Debian Security Advisory 1506-2 - A regression has been fixed in iceape's frame handling code. Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite.
| | Homepage: | http://www.debian.org/security | | File Size: | 18965 | | Related CVE(s): | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594 | | Last Modified: | Mar 20 16:53:26 2008 |
| MD5 Checksum: | 1f84163c02a8f2d6a2e67e052eeb0c64 |
|
| /// File Name: |
dsa-1511-1.txt |
Description:
|
Debian Security Advisory 1511-1 - libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. A heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack.
| | Homepage: | http://www.debian.org/security | | File Size: | 6819 | | Related CVE(s): | CVE-2007-4770, CVE-2007-4771 | | Last Modified: | Mar 3 17:41:07 2008 |
| MD5 Checksum: | 7a21892de68e8fbb86fad8249d0d85f3 |
|
| /// File Name: |
dsa-1512-1.txt |
Description:
|
Debian Security Advisory 1512-1 - Ulf Harnhammar discovered that Evolution, the e-mail and groupware suite, had a format string vulnerability in the parsing of encrypted mail messages. If the user opened a specially crafted email message, code execution was possible.
| | Homepage: | http://www.debian.org/security | | File Size: | 14627 | | Related CVE(s): | CVE-2008-0072 | | Last Modified: | Mar 12 14:37:34 2008 |
| MD5 Checksum: | d45354269b232b0ce7bb71f54e34c4bf |
|
| /// File Name: |
dsa-1513-1.txt |
Description:
|
Debian Security Advisory 1513-1 - It was discovered that lighttpd, a fast webserver with minimal memory footprint, would display the source to CGI scripts if their execution failed in some circumstances.
| | Homepage: | http://www.debian.org/security | | File Size: | 14146 | | Related CVE(s): | CVE-2008-1111 | | Last Modified: | Mar 12 17:36:52 2008 |
| MD5 Checksum: | cbd8864575abe6548d68a0c3828f6cae |
|
| /// File Name: |
dsa-1515-1.txt |
Description:
|
Debian Security Advisory 1515-1 - Several remote vulnerabilities have been discovered in libnet-dns-perl. It was discovered that libnet-dns-perl generates very weak transaction IDs when sending queries. Compression loops in domain names resulted in an infinite loop in the domain name expander written in Perl. Decoding malformed A records could lead to a crash (via an uncaught Perl exception) of certain applications using libnet-dns-perl.
| | Homepage: | http://www.debian.org/security | | File Size: | 9075 | | Related CVE(s): | CVE-2007-3377, CVE-2007-3409, CVE-2007-6341 | | Last Modified: | Mar 13 00:49:08 2008 |
| MD5 Checksum: | 96e00d35300c28a7d23ec47818dab7e7 |
|
| /// File Name: |
dsa-1516-1.txt |
Description:
|
Debian Security Advisory 1516-1 - Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory by other means (for example, through an SSH login) could read mailboxes owned by other users for which they do not have direct write access. In addition, an internal interpretation conflict in password handling has been addressed pro-actively, even though it is not known to be exploitable.
| | Homepage: | http://www.debian.org/security | | File Size: | 9746 | | Related CVE(s): | CVE-2008-1199, CVE-2008-1218 | | Last Modified: | Mar 15 16:18:30 2008 |
| MD5 Checksum: | d6c71042d5fe1b86af653cd58247a574 |
|
| /// File Name: |
dsa-1517-1.txt |
Description:
|
Debian Security Advisory 1517-1 - Don Armstrong discovered that ldapscripts, a suite of tools to manipulate user accounts in LDAP, sends the password as a command line argument when calling LDAP programs, which may allow a local attacker to read this password from the process listing.
| | Homepage: | http://www.debian.org/security | | File Size: | 3279 | | Related CVE(s): | CVE-2007-5373 | | Last Modified: | Mar 17 14:30:49 2008 |
| MD5 Checksum: | 9f386c0c1a74afd9d6e15b20adcd5245 |
|
| /// File Name: |
dsa-1518-1.txt |
Description:
|
Debian Security Advisory 1518-1 - Micha Lenk discovered that backup-manager, a command-line backup tool, sends the password as a command line argument when calling a FTP client, which may allow a local attacker to read this password (which provides access to all backed-up files) from the process listing.
| | Homepage: | http://www.debian.org/security | | File Size: | 4281 | | Related CVE(s): | CVE-2007-4656 | | Last Modified: | Mar 17 14:31:17 2008 |
| MD5 Checksum: | bb5289b17ba664f960328ba943d15ff5 |
|
| /// File Name: |
dsa-1519-1.txt |
Description:
|
Debian Security Advisory 1519-1 - It was discovered that the Horde web application framework permits arbitrary file inclusion by a remote attacker through the theme preference parameter.
| | Homepage: | http://www.debian.org/security | | File Size: | 3880 | | Related CVE(s): | CVE-2008-1284 | | Last Modified: | Mar 17 14:31:43 2008 |
| MD5 Checksum: | febf3fc9da978819bacce868470c9661 |
|
| /// File Name: |
dsa-1520-1.txt |
Description:
|
Debian Security Advisory 1520-1 - It was discovered that the regex module in Smarty, a PHP templating engine, allows attackers to call arbitrary PHP functions via templates using the regex_replace plugin by a specially crafted search string.
| | Homepage: | http://www.debian.org/security | | File Size: | 3951 | | Related CVE(s): | CVE-2008-1066 | | Last Modified: | Mar 17 14:45:43 2008 |
| MD5 Checksum: | e00f85ef1eec65997414270a5403e8ef |
|
| /// File Name: |
dsa-1521-1.txt |
Description:
|
Debian Security Advisory 1521-1 - Julien Cayzac discovered that under certain circumstances lighttpd, a fast webserver with minimal memory footprint, might allow the reading of arbitrary files from the system. This problem could only occur with a non-standard configuration.
| | Homepage: | http://www.debian.org/security | | File Size: | 13996 | | Related CVE(s): | CVE-2008-1270 | | Last Modified: | Mar 17 14:46:25 2008 |
| MD5 Checksum: | dc1c3b3c7b4f3759b5bdb4ee5edba525 |
|
| /// File Name: |
dsa-1522-1.txt |
Description:
|
Debian Security Advisory 1522-1 - Tavis Ormandy discovered that unzip, when processing specially crafted ZIP archives, could pass invalid pointers to the C library's free routine, potentially leading to arbitrary code execution.
| | Homepage: | http://www.debian.org/security | | File Size: | 7903 | | Related CVE(s): | CVE-2008-0888 | | Last Modified: | Mar 17 19:56:59 2008 |
| MD5 Checksum: | 6c9aa039688c021669b09b1483eb4324 |
|
| /// File Name: |
dsa-1523-1.txt |
Description:
|
Debian Security Advisory 1523-1 - Josh Triplett discovered that ikiwiki did not block Javascript in URLs, leading to cross-site scripting vulnerabilities.
| | Homepage: | http://www.debian.org/security | | File Size: | 2952 | | Related CVE(s): | CVE-2008-0808, CVE-2008-0809 | | Last Modified: | Mar 18 21:42:27 2008 |
| MD5 Checksum: | 9c131e45810e5b75e21d3db56f272e88 |
|
| /// File Name: |
dsa-1524-1.txt |
Description:
|
Debian Security Advisory 1524-1 - Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network.
| | Homepage: | http://www.debian.org/security | | File Size: | 41045 | | Related CVE(s): | CVE-2008-0062, CVE-2008-0063, CVE-2008-0947 | | Last Modified: | Mar 18 22:26:54 2008 |
| MD5 Checksum: | 6d2bce7caab09eb36eab512d2b157d88 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
