Section: .. / 0904-advisories /
| /// File Name: |
04.14.09-1.txt |
Description:
|
iDefense Security Advisory 04.14.09 - Exploitation of a stack corruption vulnerability in Microsoft Corp.'s Word 2000 WordPerfect 6.x Converter could allow an attacker to execute code in the context of the current user. Microsoft Word is able to open documents created in other applications by transparently applying a filter module which converts them to a format Word can use. The WordPerfect 6.x converter from Office 2000 fails to perform sufficient sanity checking on input files. A maliciously constructed WordPerfect document can cause potentially exploitable stack corruption. iDefense Labs have confirmed that the WordPerfect 6.x converter (WPFT632.CNV, with file version 1998.1.27.0) in Microsoft Word 2000 Service Pack 3 is vulnerable. However, the version of this converter installed with Word 2003 is not affected by this vulnerability.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4727 | | Related CVE(s): | CVE-2009-0088 | | Last Modified: | Apr 14 20:08:47 2009 |
| MD5 Checksum: | a3f7a6f79d5ec72d483ff50b45e67f03 |
|
| /// File Name: |
04.14.09-2.txt |
Description:
|
iDefense Security Advisory 04.14.09 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s WordPad could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing the content of a Word97 format file. When reading in the data, the code uses a 32-bit integer from the file to check a buffer length while using the lower 16-bit value to do the actual copy. This results in a stack buffer overflow. This stack buffer is overwritten with data from the file. iDefense has confirmed the existence of this vulnerability in Wordpad on Windows 2000 SP4. Windows XP SP3 is not affected. Vista and Server 2008 are not affected as they no longer contain the Word97 converter.
| | Author: | Sean Larsson,Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 4710 | | Related CVE(s): | CVE-2009-0235 | | Last Modified: | Apr 15 19:09:07 2009 |
| MD5 Checksum: | 6d1e854873fc0efe59cf75d35001e497 |
|
| /// File Name: |
04.15.09-1.txt |
Description:
|
iDefense Security Advisory 04.15.09 - Local exploitation of a buffer overflow vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) could allow an attacker to gain root privileges. The set-uid root binary "muxatmd" concatenates the calling program name with the static string ".pid". The destination buffer passed to the function call used for concatenation is a static-sized stack buffer. Since no bounds checking is performed, a stack-based buffer overflow can occur when a long program name is given. iDefense has confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3 (5300-09-02-0849). Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3463 | | Last Modified: | Apr 15 19:12:55 2009 |
| MD5 Checksum: | 87d46ac1f03c9524d880b907aa6e443f |
|
| /// File Name: |
04.28.09-1.txt |
Description:
|
iDefense Security Advisory 04.28.09 - Remote exploitation of a stack based buffer overflow vulnerability in TIBCO Software Inc.'s SmartSockets RTserver could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability occurs when parsing requests on the UDP interface of the RTserver. iDefense has confirmed the existence of this vulnerability in the RTserver version 4.0.10.1. Previous versions may also be affected. The SmartSockets framework is resold to various 3rd party vendors, and in this case iDefense used the version provided with Computer Associates Enterprise Communicator.
| | Author: | Stephen Fewer | | Homepage: | http://www.idefense.com/ | | File Size: | 4050 | | Related CVE(s): | CVE-2009-1291 | | Last Modified: | Apr 28 18:37:50 2009 |
| MD5 Checksum: | 9dfabca1de537611a55f2a79e07d3727 |
|
| /// File Name: |
04.29.09-1.txt |
Description:
|
iDefense Security Advisory 04.29.09 - Remote exploitation of a design error vulnerability in Symantec Corp.'s Symantec System Center may allow an attacker to execute arbitrary code with SYSTEM privileges. The vulnerability exists within the 'Intel File Transfer' service, which runs the xfr.exe application. When sent a properly formatted request, this service will extract a string from the request, and use it as the path of a program to execute as a new Process. The process will be started with SYSTEM privileges. iDefense has confirmed the existence of this vulnerability in Symantec Client Security version 3.1. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 5187 | | Related CVE(s): | CVE-2009-1431 | | Last Modified: | Apr 29 17:57:08 2009 |
| MD5 Checksum: | 2ecf8606a20bc70d4601dea1be45d33b |
|
| /// File Name: |
200904-contentkeeper.txt |
Description:
|
ContentKeeper versions 125.09 and below suffer from remote command execution and privilege escalation vulnerabilities.
| | Author: | Patrick Webster | | Homepage: | http://www.aushack.com/ | | File Size: | 2040 | | Last Modified: | Apr 2 16:13:48 2009 |
| MD5 Checksum: | 2179cc4777471f9744db2c64488f88d8 |
|
| /// File Name: |
adgregate-replay.txt |
Description:
|
Adgregate is susceptible a replay attack vulnerability.
| | Author: | Matthew Dempsky | | File Size: | 1418 | | Last Modified: | Apr 8 14:15:12 2009 |
| MD5 Checksum: | e2b97e2b7f4dca836ccb7ec9383f1b94 |
|
| /// File Name: |
AID-42309.txt |
Description:
|
Aruba Networks Security Advisory - A management user authentication bypass vulnerability was discovered during standard internal bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers using public key based SSH authentication for controller management users.
| | Homepage: | http://www.arubanetworks.com/ | | File Size: | 5479 | | Last Modified: | Apr 27 22:07:36 2009 |
| MD5 Checksum: | cc794e7691538d5a891d79e5ea7143a6 |
|
| /// File Name: |
AST-2009-003.txt |
Description:
|
Asterisk Project Security Advisory - The Asterisk maintainers have made it so that a scan for valid SIP usernames always returns with the same response.
| | Author: | Tilghman Lesher | | Homepage: | http://www.asterisk.org/security | | File Size: | 12240 | | Related CVE(s): | CVE-2008-3903 | | Last Modified: | Apr 2 16:56:13 2009 |
| MD5 Checksum: | be2252051a83bfcb8730414ae3a8ba49 |
|
| /// File Name: |
autodesk-activex.txt |
Description:
|
The Src, Background, PackageXml properties in the Autodesk IDrop Active-X control, IDrop.ocx version 17.1.51.160, can be manipulated to trigger a heap use after free condition resulting in arbitrary remote code execution.
| | Author: | Elazar Broad | | File Size: | 2234 | | Last Modified: | Apr 2 16:58:59 2009 |
| MD5 Checksum: | 9f55a5b229984db40abe2aaef85d4fc6 |
|
| /// File Name: |
Bkis-06-2009.txt |
Description:
|
GOM Player version 2.1.16.4613 suffers from a subtitle related buffer overflow vulnerability.
| | Author: | Bui Quang Minh | | Homepage: | http://security.bkis.vn/ | | Related Exploit: | gom-poc.txt | | File Size: | 1750 | | Last Modified: | Apr 8 14:32:07 2009 |
| MD5 Checksum: | 9669f44e17d6379cc438ae838b304b2c |
|
| /// File Name: |
CA20090429-01.txt |
Description:
|
CA ARCserve Backup on Solaris, Tru64, HP-UX, and AIX contains multiple vulnerabilities in the Apache HTTP Server version as shipped with ARCserve Backup. CA has issued updates that contain version 2.0.63 of the Apache HTTP Server to address the vulnerabilities.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4098 | | Related CVE(s): | CVE-2004-0747, CVE-2003-0132 | | Last Modified: | Apr 30 23:21:21 2009 |
| MD5 Checksum: | 17819dce878111fcd780dc2f7d8a527a |
|
| /// File Name: |
CVE-2008-5519.txt |
Description:
|
Apache Tomcat mod_jk versions 1.2.0 through 1.2.26 suffer from an information disclosure vulnerability.
| | Homepage: | http://tomcat.apache.org/ | | File Size: | 1004 | | Related CVE(s): | CVE-2008-5519 | | Last Modified: | Apr 7 18:30:07 2009 |
| MD5 Checksum: | 7b5fa8ff1f5c76753b7e1f0728a21a32 |
|
| /// File Name: |
DDIVRT-2009-23.txt |
Description:
|
Apache ActiveMQ version 5.2.0 suffers from multiple cross site scripting vulnerabilities.
| | Author: | David Marshall,r@b13$ | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 948 | | Last Modified: | Apr 16 18:25:31 2009 |
| MD5 Checksum: | 730bcdba54ba8bcb45c891039e83c7e2 |
|
| /// File Name: |
DDIVRT-2009-24.txt |
Description:
|
Certain Precidia Ether232 devices contain memory overwrite and authentication flaws.
| | Author: | princeofnigeria, r@b13$,Steven James | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1297 | | Last Modified: | Apr 27 23:35:28 2009 |
| MD5 Checksum: | 34d9c21405251aaab3e9e9d063f1afdf |
|
| /// File Name: |
dsa-1754-1.txt |
Description:
|
Debian Security Advisory 1754-1 - It was discovered that roundup, an issue tracker with a command-line, web and email interface, allows users to edit resources in unauthorized ways, including granting themselves admin rights.
| | Homepage: | http://www.debian.org/security | | File Size: | 4193 | | Last Modified: | Apr 9 17:43:12 2009 |
| MD5 Checksum: | c7a1c0dd1485dde7825ae73df0450898 |
|
| /// File Name: |
dsa-1761-1.txt |
Description:
|
Debian Security Advisory 1761-1 - Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn't check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files.
| | Homepage: | http://www.debian.org/security | | File Size: | 3900 | | Related CVE(s): | CVE-2009-1171 | | Last Modified: | Apr 3 16:09:35 2009 |
| MD5 Checksum: | fce42377f27998e182085e6fce6e4a29 |
|
| /// File Name: |
dsa-1762-1.txt |
Description:
|
Debian Security Advisory 1762-1 - It was discovered that icu, the internal components for Unicode, did not properly sanitise invalid encoded data, which could lead to cross site scripting attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 13505 | | Related CVE(s): | CVE-2008-1036 | | Last Modified: | Apr 2 15:59:51 2009 |
| MD5 Checksum: | 7eb639c9e9f5bba54b7477206034beaf |
|
| /// File Name: |
dsa-1763-1.txt |
Description:
|
Debian Security Advisory 1763-1 - It was discovered that insufficient length validations in the ASN.1 handling of the OpenSSL crypto library may lead to denial of service when processing a manipulated certificate.
| | Homepage: | http://www.debian.org/security | | File Size: | 26974 | | Related CVE(s): | CVE-2009-0590 | | Last Modified: | Apr 6 20:14:26 2009 |
| MD5 Checksum: | 501f984e2b5acc4da34911e21c92a321 |
|
| /// File Name: |
dsa-1764-1.txt |
Description:
|
Debian Security Advisory 1764-1 - Several vulnerabilities have been discovered in Tunapie, a GUI frontend to video and radio streams.
| | Homepage: | http://www.debian.org/security | | File Size: | 3672 | | Related CVE(s): | CVE-2009-1253, CVE-2009-1254 | | Last Modified: | Apr 7 18:40:03 2009 |
| MD5 Checksum: | 8c40e55ce09b6145d4139ca8fd9709b1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
