Section: .. / 0705-advisories /
| /// File Name: |
glsa-200705-19.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-19 - Several vulnerabilities were found in PHP, most of them during the Month Of PHP Bugs (MOPB) by Stefan Esser. The most severe of these vulnerabilities are integer overflows in wbmp.c from the GD library and in the substr_compare() PHP 5 function. Ilia Alshanetsky also reported a buffer overflow in the make_http_soap_request() and in the user_filter_factory_create() functions, and Stanislav Malyshev discovered another buffer overflow in the bundled XMLRPC library. Additionally, the session_regenerate_id() and the array_user_key_compare() functions contain a double-free vulnerability. Finally, there exist implementation errors in the Zend engine, in the mb_parse_str(), the unserialize() and the mail() functions and other elements. Versions less than 5.2.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 5041 | | Related CVE(s): | CVE-2007-1001, CVE-2007-1285, CVE-2007-1286, CVE-2007-1484, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1701, CVE-2007-1711, CVE-2007-1717, CVE-2007-1718, CVE-2007-1864, CVE-2007-1900, CVE-2007-2509, CVE-2007-2510, CVE-2007-2511 | | Last Modified: | May 31 05:25:46 2007 |
| MD5 Checksum: | 57aafd3389cccd61dd0f2470e8144248 |
|
| /// File Name: |
glsa-200705-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200705-20 - Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered an unspecified vulnerability in the Sun JDK and the Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in the Sun JDK and the Sun JRE allowing unintended Java applet or application resource acquisition. Additionally, a memory corruption error has been found in the handling of GIF images with zero width field blocks. Versions less than 1.4.2.03-r14 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4156 | | Related CVE(s): | CVE-2006-6731, CVE-2006-6736, CVE-2006-6737, CVE-2006-6745 | | Last Modified: | May 31 05:25:53 2007 |
| MD5 Checksum: | 000b449b02865f4a4bcf9959e52b5db0 |
|
| /// File Name: |
GS07-01.txt |
Description:
|
Various HTTP content scanning systems fail to properly scan full-width/half-width Unicode encoded traffic. This may allow malicious content to bypass HTTP content scanning systems. Systems affected include Checkpoint Web Intelligence and IBM ISS Proventia Series systems.
| | Author: | Fatih Ozavci, Caglar Cakici | | Homepage: | http://www.gamasec.net/ | | File Size: | 1932 | | Last Modified: | May 17 02:35:37 2007 |
| MD5 Checksum: | 0a9c643277ef9ac0d42b10d2a455e812 |
|
| /// File Name: |
mailcopa.txt |
Description:
|
MailCopa is susceptible to an arbitrary code execution vulnerability.
| | Homepage: | http://www.skilltube.com/ | | File Size: | 927 | | Last Modified: | May 3 09:39:54 2007 |
| MD5 Checksum: | 6bd12d554bd6cc17a77834232db95102 |
|
| /// File Name: |
major_rls47.txt |
Description:
|
Simple Machines Forum (SMF) versions 1.1.2 and below suffer from a session fixation issue.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1990 | | Last Modified: | May 8 09:50:29 2007 |
| MD5 Checksum: | b38593cc2be9e9b70d7110f86e6f2d7f |
|
| /// File Name: |
MDKSA-2007-095.txt |
Description:
|
Mandriva Linux Security Advisory - A directory traversal vulnerability was found in KTorrent prior to 2.1.2, due to an incomplete fix for a prior directory traversal vulnerability that was corrected in version 2.1.2. Previously, KTorrent would only check for the string .., which could permit strings such as ../.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2632 | | Related CVE(s): | CVE-2007-1799 | | Last Modified: | May 3 09:11:00 2007 |
| MD5 Checksum: | 179f9eb72436d1809df8ff8f7db91e11 |
|
| /// File Name: |
MDKSA-2007-096.txt |
Description:
|
Mandriva Linux Security Advisory - The BGP routing daemon in Quagga did not properly validate length values in NLRI attributes which could allow a remote attacker to cause a denial of service via a crafted UPDATE message that triggered an assertion error or out of bounds read.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3037 | | Related CVE(s): | CVE-2007-1995 | | Last Modified: | May 3 09:51:36 2007 |
| MD5 Checksum: | 4ed3f6ce0eec54c446d6871f79e0f1a4 |
|
| /// File Name: |
MDKSA-2007-097.txt |
Description:
|
Mandriva Linux Security Advisory - A problem with the way xscreensaver verifies user passwords was discovered by Alex Yamauchi. When a system is using remote authentication (i.e. LDAP) for logins, a local attacker able to cause a network outage on the system could cause xscreensaver to crash, which would unlock the screen.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5445 | | Related CVE(s): | CVE-2007-1859 | | Last Modified: | May 3 09:59:37 2007 |
| MD5 Checksum: | c579a767dbc315aa96f2458392c2bc9a |
|
| /// File Name: |
MDKSA-2007-098.txt |
Description:
|
Mandriva Linux Security Advisory - iDefense discovered a stack-based overflow in ClamAV when processing negative values in .cab files. As well, multiple file descriptor leaks were also reported and fixed in chmunpack.c, pdf.c, and dblock.c.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10146 | | Related CVE(s): | CVE-2007-1745, CVE-2007-1997, CVE-2007-2029 | | Last Modified: | May 10 04:18:55 2007 |
| MD5 Checksum: | cfca507cc140144be51f7b12b72d5ae9 |
|
| /// File Name: |
MDKSA-2007-099.txt |
Description:
|
Mandriva Linux Security Advisory - An off-by-one error was discovered in the PyLocale_strxfrm function in Python 2.4 and 2.5 that could allow context-dependent attackers the ability to read portions of memory via special manipulations that trigger a buffer over-read due to missing null termination.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8041 | | Related CVE(s): | CVE-2007-2052 | | Last Modified: | May 10 04:20:04 2007 |
| MD5 Checksum: | 81e8b3a63ba41ed78498606f4867461a |
|
| /// File Name: |
MDKSA-2007-100.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in ISC BIND 9.4.0, when recursion is enabled, could allow a remote attacker to cause a denial of service (daemon exit) via a certain sequence of queries.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2673 | | Related CVE(s): | CVE-2007-2241 | | Last Modified: | May 10 05:54:48 2007 |
| MD5 Checksum: | afc4c5f4073697c579805c9672659cae |
|
| /// File Name: |
MDKSA-2007-101.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in vim 7.0's modeline processing capabilities was discovered where a user with modelines enabled could open a text file containing a carefully crafted modeline, executing arbitrary commands as the user running vim.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3818 | | Related CVE(s): | CVE-2007-2438 | | Last Modified: | May 11 03:46:54 2007 |
| MD5 Checksum: | 88bf9bb5d8efde4c030fd6a7087a4225 |
|
| /// File Name: |
MDKSA-2007-104-1.txt |
Description:
|
Mandriva Linux Security Advisory - A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server. A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh. Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8317 | | Related CVE(s): | CVE-2007-2446, CVE-2007-2447, CVE-2007-2444 | | Last Modified: | May 30 21:45:26 2007 |
| MD5 Checksum: | 03c7517049bd8ddbff5b953a0ff86565 |
|
| /// File Name: |
MDKSA-2007-104.txt |
Description:
|
Mandriva Linux Security Advisory - A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server. A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh. Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 15273 | | Related CVE(s): | CVE-2007-2446, CVE-2007-2447, CVE-207-2444 | | Last Modified: | May 15 08:45:37 2007 |
| MD5 Checksum: | 3eec7b3218dacabfa577cc59717b5c64 |
|
| /// File Name: |
MDKSA-2007-105.txt |
Description:
|
Mandriva Linux Security Advisory - The APOP functionality in fetchmail's POP3 client implementation was validating the APOP challenge too lightly, accepting random garbage as a POP3 server's APOP challenge, rather than insisting it conform to RFC-822 specifications. As a result of this flaw, it made man-in-the-middle attacks easier than necessary to retrieve the first few characters of the APOP secret, allowing them to potentially brute force the remaining characters easier than should be possible.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5625 | | Related CVE(s): | CVE-2007-1558 | | Last Modified: | May 21 05:54:04 2007 |
| MD5 Checksum: | 5405353ca73ccee3e5eb079b046836ce |
|
| /// File Name: |
MDKSA-2007-106.txt |
Description:
|
Mandriva Linux Security Advisory - A number of HTML filtering bugs were found in SquirrelMail that could allow an attacker to inject arbitrary JavaScript leading to cross-site scripting attacks by sending an email viewed by a user within SquirrelMail. As well, SquirrelMail did not sufficiently check arguments to IMG tags in HTML messages that could be exploited by an attacker by sending arbitrary email messages on behalf of a SquirrelMail user tricked into opening a maliciously-crafted HTML email message.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 13908 | | Related CVE(s): | CVE-2007-1262, CVE-2007-2589 | | Last Modified: | May 22 03:49:28 2007 |
| MD5 Checksum: | f57964ac9c10eaa501973270fec9ce02 |
|
| /// File Name: |
MDKSA-2007-107.txt |
Description:
|
Mandriva Linux Security Advisory - A weakness in the way Evolution processed certain APOP authentication requests was discovered. A remote attacker could potentially obtain certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8137 | | Related CVE(s): | CVE-2007-1558 | | Last Modified: | May 22 03:50:25 2007 |
| MD5 Checksum: | acb80c6bbe7ca3a3bb483aa81ec8bdbe |
|
| /// File Name: |
MDKSA-2007-108.txt |
Description:
|
Mandriva Linux Security Advisory - Marsu discovered a stack overflow issue in the GIMP's RAS file loader. An attacker could create a carefully crafted file that would cause the GIMP to crash or potentially execute arbitrary code as the user opening the file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5448 | | Related CVE(s): | CVE-2007-2356 | | Last Modified: | May 23 07:52:20 2007 |
| MD5 Checksum: | a1627792539c9d375a9fa670959abb88 |
|
| /// File Name: |
MDKSA-2007-109.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Tetex 3.x uses an embedded copy of the gd source and may also be affected by this issue. A buffer overflow in the open_sty function for makeindex in Tetex could allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 13713 | | Related CVE(s): | CVE-2007-0455, CVE-2007-0650 | | Last Modified: | May 30 21:43:47 2007 |
| MD5 Checksum: | 4e102e4b4ba75c80e6325b2e84cd1d80 |
|
| /// File Name: |
modprops-dos.txt |
Description:
|
Determina Security Research has discovered a denial of service vulnerability in the code responsible for parsing iCal email attachments in Microsoft Exchange. This vulnerability can be exploited by a malicious email message and results in a denial of service. The vulnerable code is present in Exchange 2000 and 2003.
| | Author: | Alexander Sotirov | | Homepage: | http://www.determina.com/ | | File Size: | 3806 | | Related CVE(s): | CVE-2007-0039 | | Last Modified: | May 10 04:17:36 2007 |
| MD5 Checksum: | 517efa884b7027c6bb781a308e87eb6b |
|
| /// File Name: |
mts-tls.txt |
Description:
|
Microsoft's Terminal Server on Windows 2003 Server with all of the current service packs fails to enforce its own settings.
| | Author: | Anonymous | | File Size: | 1216 | | Last Modified: | May 10 05:50:43 2007 |
| MD5 Checksum: | 43225560381e4dcb7faf779e29d8bb6b |
|
| /// File Name: |
n.runs-SA-2007.008.txt |
Description:
|
A remotely exploitable vulnerability has been found in the file parsing engine of ALWIL avast! antivirus software versions prior to 4.7.700.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 3151 | | Last Modified: | May 30 22:42:22 2007 |
| MD5 Checksum: | f7cc625231d8cfcdaec87993739d6639 |
|
| /// File Name: |
n.runs-SA-2007.009.txt |
Description:
|
A remotely exploitable vulnerability has been found in the file parsing engine of ALWIL avast! antivirus software versions prior to 4.7.700 when parsing .SIS files.
| | Author: | Sergio Alvarez | | Homepage: | http://www.nruns.com/ | | File Size: | 3151 | | Last Modified: | May 30 23:14:46 2007 |
| MD5 Checksum: | 68ed6d70bc1d37d65e894b6af1bfe3a8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
