Section: .. / 0805-advisories /
| /// File Name: |
04.30.08-1.txt |
Description:
|
iDefense Security Advisory 04.30.08 - Remote exploitation of a design error in Akamai Technologies, Inc's Download Manager allows attackers to execute arbitrary code in the context of the current user. iDefense confirmed the existence of this vulnerability using version 2.2.2.1 of Akamai Technologies Inc's DownloadManagerV2.ocx. Additionally, iDefense confirmed the problem exists in version 2.2.2.0 of the Download Manager Java Applet. All versions prior to the fixed version are suspected to be vulnerable.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.idefense.com/ | | File Size: | 4508 | | Related CVE(s): | CVE-2008-6339 | | Last Modified: | May 1 18:26:46 2008 |
| MD5 Checksum: | 4026d3cb280e06a5aeaf9544acbbbdd7 |
|
| /// File Name: |
05.07.08-1.txt |
Description:
|
iDefense Security Advisory 05.07.08 - Remote exploitation of an integer underflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP request. When reading a request, a 16-bit integer value that represents the number of bytes that follow is taken from the packet. This value is then decremented by 4, and used to calculate how many bytes to read into a heap buffer. The subtraction operation can underflow, which will then lead to the heap buffer being overflowed. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3393 | | Related CVE(s): | CVE-2008-1801 | | Last Modified: | May 7 20:42:04 2008 |
| MD5 Checksum: | c018aff3b2b98000cb2a48058984a14d |
|
| /// File Name: |
05.07.08-2.txt |
Description:
|
iDefense Security Advisory 05.07.08 - Remote exploitation of a BSS overflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP redirect request. This request is used to redirect an RDP connection from one server to another. When parsing the redirect request, the rdesktop client reads several 32-bit integers from the request packet. These integers are then used to control the number of bytes read into statically allocated buffers. This results in several buffers located in the BSS section being overflowed, which can lead to the execution of arbitrary code. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3480 | | Related CVE(s): | CVE-2008-1802 | | Last Modified: | May 7 20:42:49 2008 |
| MD5 Checksum: | dcb778aa36d5093d53a1522ad73f6ceb |
|
| /// File Name: |
05.07.08-3.txt |
Description:
|
iDefense Security Advisory 05.07.08 - Remote exploitation of an integer signedness vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reallocating dynamic buffers. The rdesktop xrealloc() function uses a signed comparison to determine if the requested allocation size is less than 1. When this occurs, the function will incorrectly set the allocation size to be 1. This results in an improperly sized heap buffer being allocated, which can later be overflowed. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3416 | | Related CVE(s): | CVE-2008-1803 | | Last Modified: | May 7 20:43:37 2008 |
| MD5 Checksum: | c3320ef9f586bf2a8eadea9bdb952524 |
|
| /// File Name: |
05.12.08-1.txt |
Description:
|
iDefense Security Advisory 05.12.08 - Local exploitation of an input validation vulnerability within version 5.1.2600.2180 of i2omgmt.sys, as included with Microsoft Corp's Windows XP operating system, could allow an attacker to execute arbitrary code in the context of the kernel. iDefense has confirmed the existence of this vulnerability in i2omgmt.sys version 5.1.2600.2180 as installed on some Windows XP SP2 systems. All other Windows releases with this driver, including previous versions, are suspected to be vulnerable.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 4025 | | Related CVE(s): | CVE-2008-0322 | | Last Modified: | May 12 18:28:36 2008 |
| MD5 Checksum: | 9a855b4f3e57f9d46308c1a0f2293ded |
|
| /// File Name: |
05.13.08-1.txt |
Description:
|
iDefense Security Advisory 05.13.08 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code with the privileges of the logged in user. This vulnerability exists in the way Word handles CSS rules in an HTML document. When the number of CSS selectors is above some specific amount, an unspecified object will be corrupted causing Word to access a memory region that has already been freed. iDefense has confirmed fully patched Microsoft Word 2003 SP2, Microsoft Word XP SP3, Microsoft Word 2000 SP3 are vulnerable. Microsoft Word 2003 SP3 and Microsoft Word 2007 do not appear to be affected. Microsoft reports that all supported versions of Word, Word Viewer, and Outlook 2007 are vulnerable.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 4164 | | Related CVE(s): | CVE-2008-1434 | | Last Modified: | May 13 15:39:58 2008 |
| MD5 Checksum: | fd7486dbe9fda5cc2883cbfa6ad3cc65 |
|
| /// File Name: |
05.21.08-1.txt |
Description:
|
iDefense Security Advisory 05.21.08 - Remote exploitation of a design error vulnerability in Snort, as included in various vendors' operating system distributions, could allow an attacker to bypass filter rules. Due to a design error vulnerability, Snort does not properly reassemble fragmented IP packets. When receiving incoming fragments, Snort checks the Time To Live (TTL) value of the fragment, and compares it to the TTL of the initial fragment. If the difference between the initial fragment and the following fragments is more than a configured amount, the fragments will be silently discard. This results in valid traffic not being examined and/or filtered by Snort. iDefense has confirmed the existence of this vulnerability in Snort 2.8 and 2.6. Snort 2.4 is not vulnerable.
| | Author: | Silvio Cesare | | Homepage: | http://www.idefense.com/ | | File Size: | 3803 | | Related CVE(s): | CVE-2008-1804 | | Last Modified: | May 22 02:10:52 2008 |
| MD5 Checksum: | 46b4a8b5943f65351b159cc2fdd85eff |
|
| /// File Name: |
05.27.08-1.txt |
Description:
|
iDefense Security Advisory 05.27.08 - Remote exploitation of multiple stack based buffer overflow vulnerabilities in EMC Corp.'s AlphaStor could allow an attacker to execute arbitrary code with SYSTEM privileges. AlphaStor consists of multiple applications, one of which is the Server Agent. The Server Agent is one of the core components of AlphaStor, and is used to initiate disk management requests. The Agent consists of several processes, one of which is the AlphaStor Command Line Interface process. This process listens on TCP port 41025, and is prone to multiple stack based buffer overflow vulnerabilities. iDefense has confirmed the existence of these vulnerabilities in AlphaStor version 3.1 SP1 for Windows. Previous versions, as well as versions for other platforms, may also be affected.
| | Author: | Stephen Fewer, Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3349 | | Related CVE(s): | CVE-2008-2158 | | Last Modified: | May 27 19:42:17 2008 |
| MD5 Checksum: | f0e331dc95a7505a4903764fd5697dca |
|
| /// File Name: |
05.27.08-2.txt |
Description:
|
iDefense Security Advisory 05.27.08 - Remote exploitation of an arbitrary command execution vulnerability in EMC Corp.'s AlphaStor could allow an attacker to execute arbitrary code with SYSTEM privileges. AlphaStor consists of multiple applications, one of which is the Library Manager. The Library Manager is used to manage the replacement of disk drives in distributed locations. The Manager consists of a single process, the "robotd" process, that listens on TCP port 3500 for incoming connections. The Library Manager is prone to an arbitrary command execution vulnerability. When sent a specific request, "robotd" will use a string from the packet as a command to execute on the system via the CreateProcess() function. This allows an attacker to run arbitrary programs on the host with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in AlphaStor version 3.1 SP1 for Windows. Previous versions, as well as versions for other platforms, may also be affected.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 3614 | | Related CVE(s): | CVE-2008-2157 | | Last Modified: | May 27 19:44:27 2008 |
| MD5 Checksum: | 6c8ff6e0b7f32b25ed4398d7091c900b |
|
| /// File Name: |
aap-bypass.txt |
Description:
|
Two critical vulnerabilities exist in the javascript API of Adobe Acrobat Professional 7. A remote attacker who successfully exploits these vulnerabilities can execute restricted functions and arbitrary codes on the affected system. Adobe Acrobat Professional version 7.0.9 is affected.
| | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | File Size: | 3586 | | Related CVE(s): | CVE-2008-2042 | | Last Modified: | May 7 13:32:04 2008 |
| MD5 Checksum: | d5e4c5adb0d84a55148b570fa73bccdc |
|
| /// File Name: |
AD20080506EN.txt |
Description:
|
The Yahoo! Assistant (3721) ActiveX control is susceptible to a remote code execution vulnerability. Versions 3.6 and below are affected.
| | Author: | Sowhat | | Homepage: | http://www.nevisnetworks.com/ | | File Size: | 2584 | | Last Modified: | May 6 19:09:16 2008 |
| MD5 Checksum: | 93a8a3701807b7809398c4ed10235e20 |
|
| /// File Name: |
adobe-print-v2.txt |
Description:
|
A design error vulnerability exists in Adobe Reader and Adobe Acrobat Professional. A remote attacker who successfully exploit this vulnerability can control the printer without user's permission. Affected software versions include Adobe Reader 8.1.1 and below and Adobe Acrobat Professional 8.1.1 and below. This is an updated advisory.
| | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | Related File: | adobe-print.txt | | File Size: | 2533 | | Related CVE(s): | CVE-2008-0655 | | Last Modified: | May 7 13:34:32 2008 |
| MD5 Checksum: | b5590bc735cc6ed7a4c5c8923db40f71 |
|
| /// File Name: |
aid-051408.asc |
Description:
|
Aruba Networks Security Advisory - A user authentication vulnerability was discovered during standard bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers using TACACS authentication for Controller management users. Cross-site scripting vulnerabilities were discovered during standard bug reporting procedures in the Aruba Mobility Controller. Certain malformed inputs to the web UI allow the injection of cross-site scripting (XSS) components, leading to a potential compromise of client web session integrity.
| | Homepage: | http://www.arubanetworks.com/ | | File Size: | 6764 | | Last Modified: | May 15 13:16:38 2008 |
| MD5 Checksum: | 66fe78e297c3c703c1907d3bf9ea75e9 |
|
| /// File Name: |
AST-2008-007.txt |
Description:
|
Asterisk Project Security Advisory - Asterisk installations using cryptographic keys generated by Debian-based systems may be using a vulnerable implementation of OpenSSL.
| | Author: | Mark Michelson | | Homepage: | http://www.asterisk.org/security | | File Size: | 9119 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 22 12:01:18 2008 |
| MD5 Checksum: | b24f77b75cf9e5ce1ac37b7e1a6eb6e4 |
|
| /// File Name: |
astrocam-xss.txt |
Description:
|
AstroCam versions 2.5.0 through 2.7.3 suffer from a cross site scripting vulnerability.
| | Author: | Steffen Wendzel | | Homepage: | http://www.wendzel.de/ | | File Size: | 598 | | Last Modified: | May 1 10:48:53 2008 |
| MD5 Checksum: | da3dc7e8fa1ea5f18aabbed41e811105 |
|
| /// File Name: |
bthub-password.txt |
Description:
|
The BT Home Hub has now changed the default access password from admin to the serial number of the device, but allows retrieval of the number via a simple MDAP request in the same network.
| | Author: | Adrian Pastor | | Homepage: | http://www.gnucitizen.org/ | | File Size: | 3012 | | Last Modified: | May 22 19:36:52 2008 |
| MD5 Checksum: | 56e81d68bde3ea672d5c9fc490ad1054 |
|
| /// File Name: |
bugzilla-multi.txt |
Description:
|
Bugzilla Security Advisory - Bugzilla version 3.1.3 suffers from an unauthorized bug change vulnerability. Versions 2.17.2 and higher suffer from a cross site scripting vulnerability. Versions 2.23.4 and higher suffer from an account impersonation vulnerability.
| | Author: | Frederic Buclin, Max Kanat-Alexander, Bradley Baetz, Loren Butler, Marc Schumann | | Homepage: | http://www.bugzilla.org/ | | File Size: | 3485 | | Last Modified: | May 6 18:53:45 2008 |
| MD5 Checksum: | 13db085e595afc0bfe20386178dd1ece |
|
| /// File Name: |
CA-caloggerdxdr.txt |
Description:
|
CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability, CVE-2008-2241, is due to insufficient path verification by the logging service, caloggerd. An attacker can append data to arbitrary files, which can lead to system compromise. The second vulnerability, CVE-2008-2242, is due to insufficient bounds checking by multiple xdr functions. An attacker can cause an overflow and execute arbitrary code.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 5864 | | Related CVE(s): | CVE-2008-2241, CVE-2008-2242 | | Last Modified: | May 19 21:36:12 2008 |
| MD5 Checksum: | 612eed8dc378f0b53f234e2a163e0464 |
|
| /// File Name: |
cisco-sa-20080514-csm.txt |
Description:
|
Cisco Security Advisory - The Cisco Content Switching Module (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain a memory leak vulnerability that can result in a denial of service condition. The vulnerability exists when the CSM or CSM-S is configured for layer 7 load balancing. An attacker can trigger this vulnerability when the CSM or CSM-S processes TCP segments with a specific combination of TCP flags while servers behind the CSM/CSM-S are overloaded and/or fail to accept a TCP connection.
| | Homepage: | http://www.cisco.com/ | | File Size: | 17388 | | Related CVE(s): | CVE-2008-1749 | | Last Modified: | May 15 04:25:13 2008 |
| MD5 Checksum: | 0a7dfcd9f771e114ed6eafdd02388931 |
|
| /// File Name: |
cisco-sa-20080514-cup.txt |
Description:
|
Cisco Security Advisory - Administrators of systems running all Cisco Unified Presence versions can determine the software version by viewing the main page of the Cisco Unified Presence Administration interface. The software version can be determined by running the command show version active via the Command Line Interface (CLI).
| | Homepage: | http://www.cisco.com/ | | File Size: | 11779 | | Related CVE(s): | CVE-2008-1740, CVE-2008-1741 | | Last Modified: | May 15 04:28:20 2008 |
| MD5 Checksum: | fddfe8a3e45e0c202a50e5bc67fa484a |
|
| /// File Name: |
cisco-sa-20080521-cvp.txt |
Description:
|
Cisco Security Advisory - A vulnerability exists in the Cisco Unified Customer Voice Portal (CVP) where an authenticated user can create, modify, or delete a superuser account. Cisco has released free software updates that address this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 10604 | | Related CVE(s): | CVE-2008-2053 | | Last Modified: | May 22 01:25:57 2008 |
| MD5 Checksum: | 6f0780f5806abaa21ce03090e3c779b9 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
