Section: .. / 0906-advisories /
| /// File Name: |
06.08.09-1.txt |
Description:
|
iDefense Security Advisory 06.08.09 - Remote exploitation of a memory corruption vulnerability in multiple vendors' WebKit browser engine could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when JavaScript code is used to set a certain property of an HTML tag within a web page. When JavaScript code sets this property, child elements of the tag are freed. However, when an error in the remaining HTML is encountered, these previously freed tag values are referenced. The freed memory is then treated as a C++ object, which can lead to attacker controlled values being used as function pointers. iDefense has confirmed the existence of this vulnerability in WebKit-r42162. Previous versions may also be affected.
| | Author: | ling,wushi | | Homepage: | http://www.idefense.com/ | | File Size: | 3819 | | Related CVE(s): | CVE-2009-1690 | | Last Modified: | Jun 11 18:21:56 2009 |
| MD5 Checksum: | 6f9f6cb2c99b9edac1e2377d8bc5b6a1 |
|
| /// File Name: |
06.09.09-1.txt |
Description:
|
iDefense Security Advisory 06.09.09 - Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a Shared String Table (SST) record inside of an Excel file. This record is used to hold a table of strings that are used inside of the document. One of the fields in this record is a 32-bit integer that represents the number of unique strings in the table. This value is used to allocate an array of pointers to the strings contained inside of the table. When allocating this array, an integer overflow occurs in the calculation of its size. This leads to a heap based buffer overflow when the array is filled with pointers to strings from the file.
| | Author: | Joshua J. Drake,Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3884 | | Related CVE(s): | CVE-2009-0561 | | Last Modified: | Jun 11 18:28:23 2009 |
| MD5 Checksum: | e37fd1b16f08252d9bb8460f80138468 |
|
| /// File Name: |
06.09.09-2.txt |
Description:
|
iDefense Security Advisory 06.09.09 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s Windows 2000 operating system could allow an unauthenticated attacker to execute arbitrary code with system-level privileges. This vulnerability exists in the EnumeratePrintShares function in win32spl.dll. The vulnerable function does not correctly validate the length of the printer server's response. When a malformed response is received from the printer server, the stack buffer can be overflowed, resulting in an exploitable condition. iDefense has confirmed the existence of this vulnerability in win32spl.dll version 5.00.2195.7054, as included in Windows 2000 Service Pack 4, with all available patches as of September 2008. All previous versions are suspected vulnerable. Windows XP SP2 and later versions of Windows are not affected.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 4676 | | Related CVE(s): | CVE-2009-0228 | | Last Modified: | Jun 11 18:30:20 2009 |
| MD5 Checksum: | 84dfab800df1a2f61408093d471034c2 |
|
| /// File Name: |
06.09.09-3.txt |
Description:
|
iDefense Security Advisory 06.09.09 - Remote exploitation of an integer overflow vulnerability in multiple versions of Adobe Systems Inc's Reader and Acrobat PDF reader and processor could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a FlateDecode filter inside a PDF file. FlateDecode is a filter for data compressed with zlib deflate compression method. Several parameters can be specified for the FlateDecode filter. Those values are used in an arithmetic operation that calculates the number of bytes to allocate for a heap buffer. This calculation can overflow, which results in an undersized heap buffer being allocated. This buffer is then overflowed with data decompressed from the FlateDecode stream. This leads to a heap-based buffer overflow that can result in arbitrary code execution. Acrobat Reader and Acrobat Professional versions 7.1.0, 8.1.3, 9.0.0 and prior versions are vulnerable.
| | Author: | Jun Mao,Ryan Smith | | Homepage: | http://www.idefense.com/ | | File Size: | 4304 | | Related CVE(s): | CVE-2009-1856 | | Last Modified: | Jun 11 18:32:44 2009 |
| MD5 Checksum: | c2e94e2a0427402219837fdd656cefa2 |
|
| /// File Name: |
06.11.09-1.txt |
Description:
|
iDefense Security Advisory 06.11.09 - Remote exploitation of an invalid free vulnerability in Microsoft Corp.'s Active Directory Server allows attackers to exhaust all virtual memory. According to section 2.4 of the IETF Request For Comments (rfc) 4514, LDAP requests can contain strings that have been encoded using hexadecimal encoding. When Active Directory on Windows 2000 encounters such a request, it fails to release the memory associated with the hexadecimal encoded portion of the request. By continually making such requests, an attacker can exhaust virtual memory on the targeted system. iDefense confirmed the existence of this vulnerability using a Windows 2000 SP4 domain controller with all patches available as of January 2008 applied. All versions of Active Directory installed on Windows 2000 are suspected to be vulnerable.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 4202 | | Related CVE(s): | CVE-2009-1138 | | Last Modified: | Jun 11 18:24:06 2009 |
| MD5 Checksum: | 037d09bcff56732afc2ce408b4f638d1 |
|
| /// File Name: |
06.25.09-1.txt |
Description:
|
iDefense Security Advisory 06.25.09 - Remote exploitation of a stack based buffer overflow vulnerability in Unisys's Business Information Server could allow an attacker to execute arbitrary code with the privileges of the affected service. If attackers send a packet to the Unisys Business Information Server over a TCP port, the attacker can corrupt stack memory and gain arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Business Information Server version 10. Previous versions may also be affected.
| | Author: | Manuel Santamarina Suarez | | Homepage: | http://www.idefense.com/ | | File Size: | 3578 | | Related CVE(s): | CVE-2009-1628 | | Last Modified: | Jun 25 20:07:35 2009 |
| MD5 Checksum: | 281383e532465373da8e40325d9f5ed8 |
|
| /// File Name: |
06.25.09-2.txt |
Description:
|
iDefense Security Advisory 06.25.09 - Remote exploitation of a stack-based buffer overflow vulnerability in Motorola Inc.'s Timbuktu Pro could allow attackers to execute arbitrary code with SYSTEM privileges. Timbuktu fails to properly handle user-supplied data passed through a named pipe session. When the PlughNTCommand named pipe receives an overly large character string, a buffer overflow will occur resulting in arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Timbuktu Pro version 8.6.5. Previous versions may also be affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 4125 | | Related CVE(s): | CVE-2009-1394 | | Last Modified: | Jun 25 20:09:38 2009 |
| MD5 Checksum: | 7b1727374e978e65be5b7f035032e7ed |
|
| /// File Name: |
06.26.09-1.txt |
Description:
|
iDefense Security Advisory 06.26.09 - Remote exploitation of a stack based buffer overflow vulnerability in Hewlett-Packard Development Co. LP (HP)'s Network Node Manager could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists within the 'rping' application, which is distributed with the Linux version of NNM. It is possible for a remote attacker to launch the 'rping' application and trigger a stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in Network Node Manager version 7.53 for Linux. Previous versions may also be affected. The Windows version is not affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4172 | | Related CVE(s): | CVE-2009-1420 | | Last Modified: | Jun 26 18:46:50 2009 |
| MD5 Checksum: | fcfb9e98fc9783860856994c31754272 |
|
| /// File Name: |
acajoom-backdoor.txt |
Description:
|
The Joomla Acajoom component version 3.2.6 contains a backdoor.
| | Author: | Jan van Niekerk | | File Size: | 2232 | | Last Modified: | Jun 22 23:10:12 2009 |
| MD5 Checksum: | 1ebdf4310e2713314319927602afd132 |
|
| /// File Name: |
amsn-ssl.txt |
Description:
|
aMSN does not check SSL certificate before sending MSN user credentials. An attacker is able to obtain MSN username and password with a spoofed certificate and no alert is generated to the user. This vulnerability was found in aMSN 0.97.2. Other versions may also be affected.
| | Author: | Gabriel Menezes Nunes | | File Size: | 545 | | Last Modified: | Jun 26 14:57:33 2009 |
| MD5 Checksum: | 8cbc9608b15f915385537aac0240b3d4 |
|
| /// File Name: |
CA20090615-01.txt |
Description:
|
CA ARCserve Backup contains multiple vulnerabilities in the message engine that can allow a remote attacker to cause a denial of service. CA has issued an update to address the vulnerabilities. The vulnerabilities occur due to insufficient verification of data sent to the message engine. An attacker can make requests that can cause the message engine to crash.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 3383 | | Related CVE(s): | CVE-2009-1761 | | Last Modified: | Jun 16 14:48:25 2009 |
| MD5 Checksum: | 6fa94544d3fed11c9f97fd2e854a1646 |
|
| /// File Name: |
CA20090615-02.txt |
Description:
|
The release of Tomcat as included with CA Service Desk r11.2 is potentially susceptible to a cross-site scripting vulnerability. CA has issued a technical document that describes remediation procedures.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 2296 | | Related CVE(s): | CVE-2008-1232 | | Last Modified: | Jun 16 14:49:46 2009 |
| MD5 Checksum: | 02a9ce8a15dd69669003a85a3675e0c0 |
|
| /// File Name: |
cisco-sa-20090624-gateway.txt |
Description:
|
Cisco Security Advisory - A denial of service (DoS) vulnerability exists in the Cisco Physical Access Gateway. There are no workarounds available to mitigate the vulnerability. This vulnerability has been corrected in Cisco Physical Access Gateway software version 1.1. Cisco has released free software updates that address this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 10236 | | Related CVE(s): | CVE-2009-1163 | | Last Modified: | Jun 24 21:03:13 2009 |
| MD5 Checksum: | 7169be9394aad421683065af37722468 |
|
| /// File Name: |
cisco-sa-20090624-video.txt |
Description:
|
Cisco Security Advisory - Cisco Video Surveillance Stream Manager firmware for the Cisco Video Surveillance Services Platforms and Cisco Video Surveillance Integrated Services Platforms contain a denial of service (DoS) vulnerability that could result in a reboot on systems that receive a crafted packet. Cisco Video Surveillance 2500 Series IP Cameras contain an information disclosure vulnerability that could allow an authenticated user to view any file on a vulnerable camera. Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
| | Homepage: | http://www.cisco.com/ | | File Size: | 13727 | | Related CVE(s): | CVE-2009-2045, CVE-2009-2046 | | Last Modified: | Jun 24 21:00:27 2009 |
| MD5 Checksum: | 489aa04f83cb9af8e19c79414a331f09 |
|
| /// File Name: |
CVE-2009-0033.txt |
Description:
|
If Tomcat receives a request with invalid headers via the Java AJP connector, it does not return an error and instead closes the AJP connection. In case this connector is member of a mod_jk load balancing worker, this member will be put into an error state and will be blocked from use for approximately one minute. Thus the behavior can be used for a denial of service attack using a carefully crafted request. Versions affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.
| | Author: | Mark Thomas | | Homepage: | http://tomcat.apache.org/ | | File Size: | 1791 | | Related CVE(s): | CVE-2009-0033 | | Last Modified: | Jun 4 19:22:55 2009 |
| MD5 Checksum: | cddfc0b50c1108553df29136699f5d6c |
|
| /// File Name: |
CVE-2009-0580.txt |
Description:
|
Due to insufficient error checking in some authentication classes, Tomcat allows for the enumeration (brute force testing) of usernames by supplying illegally URL encoded passwords. Versions affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.
| | Author: | Mark Thomas | | Homepage: | http://tomcat.apache.org/ | | File Size: | 1826 | | Related CVE(s): | CVE-2009-0580 | | Last Modified: | Jun 4 19:20:16 2009 |
| MD5 Checksum: | 14181015de14c4d7c6ea42ce93b724c8 |
|
| /// File Name: |
CVE-2009-0783.txt |
Description:
|
Apache Tomcat suffers from a XML parser replacement related information disclosure vulnerability. Versions affected include Tomcat 6.0.0 to 6.0.18, Tomcat 5.5.0 to 5.5.27, and Tomcat 4.1.0 to 4.1.39.
| | Author: | Mark Thomas | | Homepage: | http://tomcat.apache.org/ | | File Size: | 2143 | | Related CVE(s): | CVE-2009-0783 | | Last Modified: | Jun 4 19:25:18 2009 |
| MD5 Checksum: | 08f1e7ba4435d455f05930aab934f184 |
|
| /// File Name: |
dsa-1807-1.txt |
Description:
|
Debian Security Advisory 1807-1 - James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires the string to be null terminated which can lead to denial of service or arbitrary code execution.
| | Homepage: | http://www.debian.org/security | | File Size: | 29460 | | Related CVE(s): | CVE-2009-0688 | | Last Modified: | Jun 2 18:56:35 2009 |
| MD5 Checksum: | 6b0c58fb9c8dc4c871e89bc957c57c2a |
|
| /// File Name: |
dsa-1808-1.txt |
Description:
|
Debian Security Advisory 1808-1 - Markus Petrux discovered a cross-site scripting vulnerability in the taxonomy module of drupal6, a fully-featured content management framework. It is also possible that certain browsers using the UTF-7 encoding are vulnerable to a different cross-site scripting vulnerability.
| | Homepage: | http://www.debian.org/security | | File Size: | 3186 | | Last Modified: | Jun 2 18:57:04 2009 |
| MD5 Checksum: | 5c31b7e90d453fa06e74b622e4b76cad |
|
| /// File Name: |
dsa-1810-1.txt |
Description:
|
Debian Security Advisory 1810-1 - Anibal Sacco discovered that cups, a general printing system for UNIX systems, suffers from null pointer dereference because of its handling of two consecutive IPP packets with certain tag attributes that are treated as IPP_TAG_UNSUPPORTED tags. This allows unauthenticated attackers to perform denial of service attacks by crashing the cups daemon.
| | Homepage: | http://www.debian.org/security | | File Size: | 34939 | | Related CVE(s): | CVE-2009-0949 | | Last Modified: | Jun 3 00:03:06 2009 |
| MD5 Checksum: | b75f070476e57f6d043a740ac4979e6b |
|
| /// File Name: |
dsa-1812-1.txt |
Description:
|
Debian Security Advisory 1812-1 - Apr-util, the Apache Portable Runtime Utility library, is used by Apache 2.x, Subversion, and other applications. Two denial of service vulnerabilities have been found in apr-util.
| | Homepage: | http://www.debian.org/security | | File Size: | 16992 | | Related CVE(s): | CVE-2009-0023 | | Last Modified: | Jun 5 16:21:25 2009 |
| MD5 Checksum: | f11758fcc84daa943e6c65ea23733256 |
|
| /// File Name: |
dsa-1814-1.txt |
Description:
|
Debian Security Advisory 1814-1 - Two vulnerabilities have been found in libsndfile, a library to read and write sampled audio data.
| | Homepage: | http://www.debian.org/security | | File Size: | 16224 | | Related CVE(s): | CVE-2009-1788, CVE-2009-1791 | | Last Modified: | Jun 15 15:44:13 2009 |
| MD5 Checksum: | 7f93ca0f9930ba4d869cb1cee399f024 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
