Section: .. / 0712-advisories /
| /// File Name: |
MDKSA-2007-239.txt |
Description:
|
Mandriva Linux Security Advisory - It was found that the gss_userok() function in Heimdal 0.7.2 did not allocate memory for the ticketfile pointer before calling free(), which could possibly allow remote attackers to have an unknown impact via an invalid username. It is uncertain whether or not this is exploitable, however packages are being provided regardless.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3149 | | Related CVE(s): | CVE-2007-5939 | | Last Modified: | Dec 7 19:41:02 2007 |
| MD5 Checksum: | 151803a28f2157a089b6dac2183e73b4 |
|
| /// File Name: |
MDKSA-2007-240.txt |
Description:
|
Mandriva Linux Security Advisory - The NFSv4 ID mapper prior to 0.17 did not properly handle return values from the getpwnam_r() function when performing a username lookup, which could cause it to report a file as being owned by 'root' instead of 'nobody' if the file exists on the server but not the client.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3308 | | Related CVE(s): | CVE-2007-4135 | | Last Modified: | Dec 7 19:41:47 2007 |
| MD5 Checksum: | 1c159e5a8d0155d8c42d29c77de4cfa3 |
|
| /// File Name: |
MDKSA-2007-242.txt |
Description:
|
Mandriva Linux Security Advisory - Rafal Wojtczuk of McAfee AVERT Research found that e2fsprogs contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These flaws could result in heap-based overflows potentially allowing for the execution of arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6614 | | Related CVE(s): | CVE-2007-5497 | | Last Modified: | Dec 10 20:30:47 2007 |
| MD5 Checksum: | 42458e5239abe8645204d05adff4bd1d |
|
| /// File Name: |
MDKSA-2007-243.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in MySQL prior to 5.0.45 did not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, allowing remote authenticated users to obtain sensitive information such as the table structure. A vulnerability in the InnoDB engine in MySQL allowed remote authenticated users to cause a denial of service (database crash) via certain CONTAINS operations on an indexed column, which triggered an assertion error. Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options could be used to overwrite system table information by replacing the file to which a symlink pointed to.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 12890 | | Related CVE(s): | CVE-2007-5925, CVE-2007-5969, CVE-2007-3781 | | Last Modified: | Dec 10 20:32:21 2007 |
| MD5 Checksum: | 119982336fda1ac9f91108e528720a41 |
|
| /// File Name: |
MDKSA-2007-244.txt |
Description:
|
Mandriva Linux Security Advisory - Alin Rad Pop of Secunia Research discovered a stack buffer overflow in how Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or possibly execute arbitrary code with the permissions of the Samba server.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 17388 | | Related CVE(s): | CVE-2007-6015 | | Last Modified: | Dec 11 23:24:17 2007 |
| MD5 Checksum: | c193105c510cfb74c77dba05fb3dc896 |
|
| /// File Name: |
MDKSA-2007-245.txt |
Description:
|
Mandriva Linux Security Advisory - Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 allows remote attackers to cause a denial of service (crash) via crafted TSF data.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2493 | | Related CVE(s): | CVE-2007-6025 | | Last Modified: | Dec 13 18:10:08 2007 |
| MD5 Checksum: | 5c5dbb21af7e30ee58ce5ec63043d494 |
|
| /// File Name: |
msoffice-hyper.txt |
Description:
|
Microsoft Office 2007 fails to protect hyperlinks with the use of digital signatures on a document.
| | Author: | Henrich C. Poehls, Dong Tran, Finn Petersen, Frederic Pscheid | | File Size: | 3261 | | Last Modified: | Dec 13 17:59:43 2007 |
| MD5 Checksum: | b42a0e224039a164607a3c80d634dcbc |
|
| /// File Name: |
msoffice-signature.txt |
Description:
|
Microsoft Office 2007's digital signature protection does not protect meta-data.
| | Author: | Henrich C. Poehls, Dong Tran, Finn Petersen, Frederic Pscheid | | File Size: | 2944 | | Last Modified: | Dec 12 17:33:42 2007 |
| MD5 Checksum: | 4344e3549407ac807bc6531c29a6bf52 |
|
| /// File Name: |
nmapfinger-whoops.txt |
Description:
|
Fingerprints in Astaro Security Gateway version 7.1 could allow a remote attacker to create malicious payloads.
| | Author: | Josh Morin | | File Size: | 5572 | | Last Modified: | Dec 31 16:22:21 2007 |
| MD5 Checksum: | eff32c5c167100ba4562d1ea60f353e0 |
|
| /// File Name: |
openoffice-signature.txt |
Description:
|
OpenOffice versions 2.3.0 and 2.2.0 fail to protect certificate information in signed ODF documents.
| | Author: | Henrich C. Poehls, Dong Tran, Finn Petersen, Frederic Pscheid | | File Size: | 3851 | | Last Modified: | Dec 13 18:02:09 2007 |
| MD5 Checksum: | 5c820492a09565a4c5dfb11412c9acfa |
|
| /// File Name: |
opera9-dos.txt |
Description:
|
Opera is vulnerable to a remote denial of service attack, using specially crafted BMP files, that causes the browser to freeze for a short amount of time (around 4 minutes on fast computer).
| | Author: | Gynvael Coldwind | | File Size: | 2822 | | Last Modified: | Dec 6 00:18:30 2007 |
| MD5 Checksum: | a3edda8658493c8e107b5bba62d7cd2d |
|
| /// File Name: |
pdflib-overflows.txt |
Description:
|
pdflib, a library used for generating PDFs on the fly, suffers from multiple buffer overflow vulnerabilities due to the use of strcpy().
| | Author: | poplix | | Homepage: | http://px.dynalias.org/ | | File Size: | 839 | | Last Modified: | Dec 24 18:16:32 2007 |
| MD5 Checksum: | 5b5319a4404f4f00c7533d2437c848fa |
|
| /// File Name: |
penpals-sql.txt |
Description:
|
The PenPals login and search pages suffer from a SQL injection vulnerability.
| | Author: | The-0utl4w | | Homepage: | http://aria-security.net/ | | File Size: | 542 | | Last Modified: | Dec 7 12:52:17 2007 |
| MD5 Checksum: | dceb2c97d715efc0d06d9b2f8cc5365f |
|
| /// File Name: |
PR06-08.txt |
Description:
|
BEA Plumtree Portal is vulnerable to a internal hostname disclosure vulnerability.
| | Author: | Adrian Pastor, Jan Fry | | Homepage: | http://www.procheckup.com/ | | File Size: | 1530 | | Last Modified: | Dec 4 00:02:42 2007 |
| MD5 Checksum: | d6f1cecbee28f150e44052f22a42beb0 |
|
| /// File Name: |
PR06-09.txt |
Description:
|
By performing an advanced search, unauthenticated users can enumerate valid usernames with a single HTTP request on the BEA Plumtree Portal.
| | Author: | Adrian Pastor, Jan Fry, Richard Brain | | Homepage: | http://www.procheckup.com/ | | File Size: | 1291 | | Last Modified: | Dec 4 00:04:21 2007 |
| MD5 Checksum: | ea76691b3dd25da468a4123c8de2c266 |
|
| /// File Name: |
prolog-disclose.txt |
Description:
|
The Meridian Prolog Manager suffers from a credential disclosure vulnerability due to their method of "encryption".
| | File Size: | 4884 | | Last Modified: | Dec 11 23:20:00 2007 |
| MD5 Checksum: | 267f772815addf43a2fe071e5ad94dd7 |
|
| /// File Name: |
R7-0031.txt |
Description:
|
Rapid7 Security Advisory - JFreeChart version 1.0.8 is susceptible to cross site scripting vulnerabilities.
| | Author: | Chad Loder | | Homepage: | http://www.rapid7.com/ | | File Size: | 3174 | | Last Modified: | Dec 7 19:55:53 2007 |
| MD5 Checksum: | 624ac6261db9a1ca5f6984808e5ba952 |
|
| /// File Name: |
roundcube-xss.txt |
Description:
|
Roundcube webmail does not sanitize payloads allowing for cross site scripting attacks to occur when used in conjunction with Microsoft Internet Explorer.
| | Author: | Tomas Kuliavas | | Homepage: | http://www.topolis.lt/ | | Related Exploit: | expression.eml.gz | | File Size: | 729 | | Last Modified: | Dec 10 17:36:22 2007 |
| MD5 Checksum: | a304c7fefc56602b855eea3ab5e06236 |
|
| /// File Name: |
SA-20071204-0.txt |
Description:
|
SEC Consult Security Advisory 20071204-0 - SonicWALL Global VPN Client suffers from a format string vulnerability that can be triggered by supplying a specially crafted configuration file. Versions below 4.0.0.830 are vulnerable.
| | Author: | Bernhard Mueller | | Homepage: | http://www.sec-consult.com/ | | File Size: | 3706 | | Last Modified: | Dec 5 22:55:46 2007 |
| MD5 Checksum: | c4bf2e45ab9a3c6e640061f665f3024d |
|
| /// File Name: |
SA2007-02.txt |
Description:
|
The NSFOCUS Security Team has discovered a remote buffer overflow vulnerability in the Cisco Security Agent for Windows which allows remote code execution by sending a malicious SMB request. Cisco Security Agent for Windows versions below 4.5.1.672, 5.0.0.225, 5.1.0.106, and 5.2.0.238 are affected.
| | Homepage: | http://www.nsfocus.com/ | | File Size: | 3201 | | Related CVE(s): | CVE-2007-5580 | | Last Modified: | Dec 7 12:55:22 2007 |
| MD5 Checksum: | d2671763fc6dff1909051adc8a6d2a7a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
