Section: .. / 0803-advisories /
| /// File Name: |
ircu-dos.txt |
Description:
|
ircu versions 2.10.12.12 and below and snircd versions 1.3.4 and below suffer from a denial of service vulnerability.
| | Author: | Chris Porter | | Homepage: | http://www.warp13.co.uk/ | | File Size: | 1020 | | Last Modified: | Mar 24 18:33:19 2008 |
| MD5 Checksum: | 74d2996986b18fd1e9cac7b0f213165a |
|
| /// File Name: |
jdk-overflow.txt |
Description:
|
A couple more JPEG ICC parsing bugs were fixed in the latest JDK updates. Link to a malicious JPEG included.
| | Author: | Chris Evans | | File Size: | 1009 | | Last Modified: | Mar 12 16:32:56 2008 |
| MD5 Checksum: | 6ebec7c73d336738ee4a30a00c038842 |
|
| /// File Name: |
lks-format.txt |
Description:
|
It appears that the Linux Kiss Server version 1.2 suffers from a format string vulnerability.
| | Author: | vashnukad | | Homepage: | http://www.vashnukad.com/ | | File Size: | 1200 | | Last Modified: | Mar 12 16:16:44 2008 |
| MD5 Checksum: | a3da915d25b378b059a7c7768a83c088 |
|
| /// File Name: |
maildisable.txt |
Description:
|
MailEnable Professional and Enterprise versions 3.13 and below suffer from buffer overflow and null pointer vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | maildisable.zip | | File Size: | 2052 | | Last Modified: | Mar 12 18:00:22 2008 |
| MD5 Checksum: | bc35cbc1c90857ea5c019b66d1c26cba |
|
| /// File Name: |
MDVSA-2008-058.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of service. Two vulnerabilities were found in how slapd handled modify (prior to 2.3.26) and modrdn (prior to 2.3.29) requests with NOOP control on objects stored in the BDB backend. An authenticated user with permission to perform modify or modrdn operations could cause slapd to crash.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9673 | | Related CVE(s): | CVE-2007-6698, CVE-2008-0658, CVE-2007-5708 | | Last Modified: | Mar 12 14:39:09 2008 |
| MD5 Checksum: | 94308e6a1ff488b41a71b7877ec02f38 |
|
| /// File Name: |
MDVSA-2008-059.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in the Tcl regular expression handling engine was originally discovered by Will Drewry in the PostgreSQL database server's Tcl regular expression engine. This flaw can result in an infinite loop when processing certain regular expressions.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7825 | | Related CVE(s): | CVE-2007-4772 | | Last Modified: | Mar 12 14:42:31 2008 |
| MD5 Checksum: | 426850af1a24df7366d52235ac29b3a4 |
|
| /// File Name: |
MDVSA-2008-061.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple cross-site scripting (XSS) vulnerabilities were found in Mailman prior to version 2.1.10b1, which allow remote attackers to inject arbitrary web script or HTML via editing templates and the list's info attribute in the web administrator interface.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4069 | | Related CVE(s): | CVE-2008-0564 | | Last Modified: | Mar 12 17:38:54 2008 |
| MD5 Checksum: | 6630467d76b59eee278cf3330ed32fa6 |
|
| /// File Name: |
MDVSA-2008-063.txt |
Description:
|
Mandriva Linux Security Advisory - Ulf Harnhammar of Secunia Research discovered a format string flaw in how Evolution displayed encrypted mail content. If a user were to open a carefully crafted email message, arbitrary code could be executed with the permissions of the user running Evolution.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3976 | | Related CVE(s): | CVE-2008-0072 | | Last Modified: | Mar 12 17:40:36 2008 |
| MD5 Checksum: | 6fbf265b975e2c247be78137ec719cad |
|
| /// File Name: |
MDVSA-2008-064.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in how tomboy handles LD_LIBRARY_PATH was discovered where by appending paths to LD_LIBRARY_PATH the program would also search the current directory for shared libraries. In directories containing network data, those libraries could be injected into the application.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2830 | | Related CVE(s): | CVE-2005-4790 | | Last Modified: | Mar 12 18:03:11 2008 |
| MD5 Checksum: | 8c601bc60f91546685df116096b447ab |
|
| /// File Name: |
MDVSA-2008-065.txt |
Description:
|
Mandriva Linux Security Advisory - Luigi Auriemma found a few programming errors in Pulseaudio, that can be used to crash the Pulseaudio daemon, by authenticated and unauthenticated users.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2874 | | Related CVE(s): | CVE-2007-1804 | | Last Modified: | Mar 12 18:56:11 2008 |
| MD5 Checksum: | 640706c025b80272d23e07ed04de4c28 |
|
| /// File Name: |
MDVSA-2008-066.txt |
Description:
|
Mandriva Linux Security Advisory - Jurgen Weigert found a directory traversal vulnerability in fastjar versions prior to 0.93. This vulnerability allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filename with ../ sequences.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 12532 | | Related CVE(s): | CVE-2006-3619 | | Last Modified: | Mar 13 16:42:16 2008 |
| MD5 Checksum: | d44b1a87f91fbceb277c852597cd642c |
|
| /// File Name: |
MDVSA-2008-067.txt |
Description:
|
Mandriva Linux Security Advisory - A number of vulnerabilities were found in Nagios and Nagios Plugins that are corrected with the latest version of both, as provided in this update. These vulnerabilities are buffer overflows and cross site scripting flaws.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 29119 | | Related CVE(s): | CVE-2007-5198, CVE-2007-5623, CVE-2007-5624, CVE-2008-1360 | | Last Modified: | Mar 18 22:43:45 2008 |
| MD5 Checksum: | 46c1767bff7aaf1e614ae4ab9469fd79 |
|
| /// File Name: |
MDVSA-2008-068.txt |
Description:
|
Mandriva Linux Security Advisory - Tavis Ormandy of Google Security discovered an invalid pointer flaw in unzip that could lead to the execution of arbitrary code with the privileges of the user running unzip.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4354 | | Related CVE(s): | CVE-2008-0888 | | Last Modified: | Mar 18 22:44:25 2008 |
| MD5 Checksum: | e36b7227b79e870237a7f130fb16e0fa |
|
| /// File Name: |
MDVSA-2008-072.txt |
Description:
|
Mandriva Linux Security Advisory - The Linux kernel prior to 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allowed local users to access kernel memory via an out-of-range offset.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4751 | | Related CVE(s): | CVE-2008-0007 | | Last Modified: | Mar 20 17:12:24 2008 |
| MD5 Checksum: | f5d038ddb5299d73a9753bf6160855aa |
|
| /// File Name: |
MDVSA-2008-073.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in the Net::DNS perl module was found that could allow remote attackers to cause a denial of service via a crafted DNS response.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4243 | | Related CVE(s): | CVE-2007-6341 | | Last Modified: | Mar 20 17:13:06 2008 |
| MD5 Checksum: | fa03a5b781a22077ba0450c3dad3c1cd |
|
| /// File Name: |
MDVSA-2008-074.txt |
Description:
|
Mandriva Linux Security Advisory - Audacity creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. This issue can also be leveraged to delete arbitrary files or directories via a symlink attack.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3513 | | Related CVE(s): | CVE-2007-6061 | | Last Modified: | Mar 20 19:01:51 2008 |
| MD5 Checksum: | 8421a0c047661e9a20b79a763fbdd2e5 |
|
| /// File Name: |
MDVSA-2008-075.txt |
Description:
|
Mandriva Linux Security Advisory - Bzip2 versions before 1.0.5 are vulnerable to a denial of service attack via malicious compressed data.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6185 | | Related CVE(s): | CVE-2008-1372 | | Last Modified: | Mar 24 17:29:34 2008 |
| MD5 Checksum: | 8b04c1783e09b4625b6b82ad11e007d5 |
|
| /// File Name: |
MDVSA-2008-076.txt |
Description:
|
Mandriva Linux Security Advisory - Two vulnerabilities were found in the Website META Language (WML) package that allowed local users to overwrite arbitrary files via symlink attacks.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2748 | | Related CVE(s): | CVE-2008-0665, CVE-2008-0666 | | Last Modified: | Mar 26 18:21:33 2008 |
| MD5 Checksum: | 8635c05f2b3a0be9d4fa9a4dc214b51b |
|
| /// File Name: |
MDVSA-2008-077.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in perl-Tk was found where specially crafted GIF images could crash perl-Tk (an identical issue to that found in php-gd, gd, and SDL_image).
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6106 | | Related CVE(s): | CVE-2006-4484 | | Last Modified: | Mar 27 02:26:57 2008 |
| MD5 Checksum: | fc87f943e85f299aa943b01edd0efed6 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
