Section: .. / 0711-advisories /
| /// File Name: |
dsa-1400-1.txt |
Description:
|
Debian Security Advisory 1400-1 - Will Drewry and Tavis Ormandy of the Google Security Team have discovered a UTF-8 related heap overflow in Perl's regular expression compiler, probably allowing attackers to execute arbitrary code by compiling specially crafted regular expressions.
| | Homepage: | http://www.debian.org/security | | File Size: | 24666 | | Related CVE(s): | CVE-2007-5116 | | Last Modified: | Nov 6 23:20:16 2007 |
| MD5 Checksum: | 97da569e023ab9b3a0f3e419ff23c6f3 |
|
| /// File Name: |
dsa-1402-1.txt |
Description:
|
Debian Security Advisory 1402-1 - Steve Kemp from the Debian Security Audit project discovered that gforge, a collaborative development tool, used temporary files insecurely which could allow local users to truncate files upon the system with the privileges of the gforge user, or create a denial of service attack.
| | Homepage: | http://www.debian.org/security | | File Size: | 8173 | | Related CVE(s): | CVE-2007-3921 | | Last Modified: | Nov 7 15:30:00 2007 |
| MD5 Checksum: | 17dfaca82f3706e5ee00af94e90356b1 |
|
| /// File Name: |
dsa-1403-1.txt |
Description:
|
Debian Security Advisory 1403-1 - Omer Singer of the DigiTrust Group discovered several vulnerabilities in phpMyAdmin, an application to administrate MySQL over the WWW. phpMyAdmin allows a remote attacker to inject arbitrary web script or HTML in the context of a logged in user's session (cross site scripting). phpMyAdmin, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
| | Homepage: | http://www.debian.org/security | | File Size: | 4128 | | Related CVE(s): | CVE-2007-5589, CVE-2007-5386 | | Last Modified: | Nov 8 18:53:22 2007 |
| MD5 Checksum: | ebef30c98719dfff911a0788284f0536 |
|
| /// File Name: |
dsa-1404-1.txt |
Description:
|
Debian Security Advisory 1404-1 - Nicklous Roberts discovered that the Reupload module of Gallery 2, a web based photo management application, allowed unauthorized users to edit Gallery's data file.
| | Homepage: | http://www.debian.org/security | | File Size: | 2966 | | Related CVE(s): | CVE-2007-4650 | | Last Modified: | Nov 8 18:54:11 2007 |
| MD5 Checksum: | ac44e6a1640b5db47bbd2560fb44b166 |
|
| /// File Name: |
dsa-1405-1.txt |
Description:
|
Debian Security Advisory 1405-1 - It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies.
| | Homepage: | http://www.debian.org/security | | File Size: | 3301 | | Related CVE(s): | CVE-2007-5741 | | Last Modified: | Nov 9 20:25:10 2007 |
| MD5 Checksum: | 580ddeefe92d83875b885acbb1cff022 |
|
| /// File Name: |
dsa-1405-2.txt |
Description:
|
Debian Security Advisory 1405-2 - The zope-cmfplone update in DSA 1405 introduced a regression. This update corrects this flaw.
| | Homepage: | http://www.debian.org/security | | File Size: | 3246 | | Related CVE(s): | CVE-2007-5741 | | Last Modified: | Nov 12 23:15:15 2007 |
| MD5 Checksum: | 347d7f36794b6872add8dd766ad92774 |
|
| /// File Name: |
dsa-1406-1.txt |
Description:
|
Debian Security Advisory 1406-1 - Several remote vulnerabilities have been discovered in the Horde web application framework. Moritz Naumann discovered that Horde allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user (cross site scripting). Moritz Naumann discovered that Horde does not properly restrict its image proxy, allowing remote attackers to use the server as a proxy. Marc Ruef discovered that Horde allows remote attackers to include web pages from other sites, which could be useful for phishing attacks. iDefense discovered that the cleanup cron script in Horde allows local users to delete arbitrary files.
| | Homepage: | http://www.debian.org/security | | File Size: | 5082 | | Related CVE(s): | CVE-2006-3548, CVE-2006-3549, CVE-2006-4256, CVE-2007-1473, CVE-2007-1474 | | Last Modified: | Nov 9 20:26:24 2007 |
| MD5 Checksum: | 2f37a86186a6ae315e0b9f273de2cc32 |
|
| /// File Name: |
dsa-1407-1.txt |
Description:
|
Debian Security Advisory 1407-1 - Alin Rad Pop discovered that the Common UNIX Printing System is vulnerable to an off-by-one buffer overflow in the code to process IPP packets, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 16033 | | Related CVE(s): | CVE-2007-4351 | | Last Modified: | Nov 26 16:36:09 2007 |
| MD5 Checksum: | b0d8e1d4860d5ee1f39cbf7446d0a39f |
|
| /// File Name: |
dsa-1408-1.txt |
Description:
|
Debian Security Advisory 1408-1 - Alin Rad Pop discovered a buffer overflow in kpdf, which could allow the execution of arbitrary code if a malformed PDF file is displayed.
| | Homepage: | http://www.debian.org/security | | File Size: | 37672 | | Related CVE(s): | CVE-2007-5393 | | Last Modified: | Nov 26 18:01:25 2007 |
| MD5 Checksum: | d3bd82722c3c37c0e3e39ebceeb95f80 |
|
| /// File Name: |
dsa-1409-1.txt |
Description:
|
Debian Security Advisory 1409-1 - Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 41075 | | Related CVE(s): | CVE-2007-5398, CVE-2007-4572 | | Last Modified: | Nov 26 21:03:02 2007 |
| MD5 Checksum: | 01a6d1c5ccb32c0ac079aa4a9191785c |
|
| /// File Name: |
dsa-1409-2.txt |
Description:
|
Debian Security Advisory 1409-2 - The previous security update for samba introduced regressions in the handling of the depreciated filesystem smbfs. This update fixes the regression(s) whilst still fixing the security problems. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 45730 | | Related CVE(s): | CVE-2007-5398, CVE-2007-4572 | | Last Modified: | Nov 26 22:34:18 2007 |
| MD5 Checksum: | c61953cd66f9d45ae2767f3433a17404 |
|
| /// File Name: |
dsa-1409-3.txt |
Description:
|
Debian Security Advisory 1409-3 - This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 43013 | | Related CVE(s): | CVE-2007-5398, CVE-2007-4572 | | Last Modified: | Nov 30 01:05:04 2007 |
| MD5 Checksum: | 35eb85ee31049d6fb7c6321f9ecc5f02 |
|
| /// File Name: |
dsa-1410-1.txt |
Description:
|
Debian Security Advisory 1410-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 36378 | | Related CVE(s): | CVE-2007-5162, CVE-2007-5770 | | Last Modified: | Nov 26 22:03:30 2007 |
| MD5 Checksum: | 60a89e291c4c26e67721240a8b989b61 |
|
| /// File Name: |
dsa-1411-1.txt |
Description:
|
Debian Security Advisory 1411-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 5533 | | Related CVE(s): | CVE-2007-5162, CVE-2007-5770 | | Last Modified: | Nov 26 22:04:17 2007 |
| MD5 Checksum: | e010c9333d7617194bd9ea2dd48ed563 |
|
| /// File Name: |
dsa-1412-1.txt |
Description:
|
Debian Security Advisory 1412-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 17960 | | Related CVE(s): | CVE-2007-5162, CVE-2007-5770 | | Last Modified: | Nov 26 22:04:41 2007 |
| MD5 Checksum: | 7ed208a8827375254093620d6928cd88 |
|
| /// File Name: |
dsa-1415-1.txt |
Description:
|
Debian Security Advisory 1415-1 - It was discovered that Tk, a cross-platform graphical toolkit for Tcl performs insufficient input validation in the code used to load GIF images, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 11197 | | Related CVE(s): | CVE-2007-5378 | | Last Modified: | Nov 27 23:03:06 2007 |
| MD5 Checksum: | 8f5ae52053dcd2fe0de03dc5bf8ba870 |
|
| /// File Name: |
dsa-1416-1.txt |
Description:
|
Debian Security Advisory 1416-1 - It was discovered that Tk, a cross-platform graphical toolkit for Tcl performs insufficient input validation in the code used to load GIF images, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 6713 | | Related CVE(s): | CVE-2007-5378 | | Last Modified: | Nov 27 23:03:45 2007 |
| MD5 Checksum: | b5bfb274c533aa3afee4ec926a099efb |
|
| /// File Name: |
EEYE-bitdefender.txt |
Description:
|
eEye Digital Security has discovered a critical remote code execution condition within OScan8.ocx and Oscan81.ocx included by default in BitDefender Online Anti-Virus Scanner 8.0 released on May 24th 2006.
| | Author: | Greg Linares | | Homepage: | http://www.eeye.com/ | | File Size: | 5442 | | Last Modified: | Nov 26 17:30:47 2007 |
| MD5 Checksum: | 4799d99db7d7b71c17ec8dac9f47f60d |
|
| /// File Name: |
EEYE-flac.txt |
Description:
|
eEye Digital Security has discovered 14 vulnerabilities in the processing of FLAC (Free-Lossless Audio Codec) files affecting various applications. Processing a malicious FLAC file within a vulnerable application could result in the execution of arbitrary code at the privileges of the application or the current user (depending on OS).
| | Author: | Greg Linares | | Homepage: | http://www.eeye.com/ | | File Size: | 11134 | | Last Modified: | Nov 16 02:38:58 2007 |
| MD5 Checksum: | 706194b7826e52d2af09ba987033b92e |
|
| /// File Name: |
FreeBSD-SA-07-09.random.txt |
Description:
|
FreeBSD Security Advisory - Under certain circumstances, a bug in the internal state tracking on the random and urandom devices can be exploited to allow replaying of data distributed during subsequent reads.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 4560 | | Related CVE(s): | CVE-2007-6150 | | Last Modified: | Nov 30 01:08:37 2007 |
| MD5 Checksum: | 1a8e43d82656db1e04719bae42deb95b |
|
| /// File Name: |
FreeBSD-SA-07-10.gtar.txt |
Description:
|
FreeBSD Security Advisory - Insufficient sanity checking of paths containing '.' and '..' allows gtar to overwrite arbitrary files on the system.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 3247 | | Related CVE(s): | CVE-2007-4131 | | Last Modified: | Nov 30 01:09:59 2007 |
| MD5 Checksum: | bc93f9ccc2af18609b0279202b3894a1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
