Section: .. / Last 20 Advisory Files /
| /// File Name: | SSRT080039-2.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. This vulnerability could by exploited remotely to allow cross site scripting (XSS). | | Homepage: | http://www.hp.com/ | | File Size: | 6382 | | Related CVE(s): | CVE-2008-1663 | | Last Modified: | Aug 18 20:05:07 2008 | | MD5 Checksum: | 532beb0aee3e979142e353425bdaf021 |
|
| /// File Name: | dsa-1629-1.txt | Description:
| Debian Security Advisory 1629-1 - Sebastian Krahmer discovered that Postfix, a mail transfer agent, incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root. | | Homepage: | http://www.debian.org/security | | File Size: | 13634 | | Related CVE(s): | CVE-2008-2936 | | Last Modified: | Aug 18 19:15:23 2008 | | MD5 Checksum: | 5a5029498e47c3b0c8f6caa98004975c |
|
| /// File Name: | PLSA-2008-25.txt | Description:
| Pardus Linux Security Advisory - Sebastian Krahmer has reported some security issues in Postfix, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges. | | Author: | Pardus Linux | | File Size: | 2262 | | Related CVE(s): | CVE-2008-2936, CVE-2008-2937 | | Last Modified: | Aug 15 20:40:40 2008 | | MD5 Checksum: | e57d0cc8a2f7fccc61fb079bf6de7bda |
|
| /// File Name: | MDVSA-2008-172.txt | Description:
| Mandriva Linux Security Advisory - A flaw in Amarok prior to 1.4.10 would allow local users to overwrite arbitrary files via a symlink attack on a temporary file that Amarok created with a predictable name. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5625 | | Related CVE(s): | CVE-2008-3699 | | Last Modified: | Aug 15 20:39:23 2008 | | MD5 Checksum: | 35b9f3396f2f1dad47d3cfe0d6aee45f |
|
| /// File Name: | MDVSA-2008-171.txt | Description:
| Mandriva Linux Security Advisory - Sebastian Krahmer of the SUSE Security Team discovered a flaw in the way Postfix dereferenced symbolic links. If a local user had write access to a mail spool directory without a root mailbox file, it could be possible for them to append arbitrary data to files that root had write permissions to. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8984 | | Related CVE(s): | CVE-2008-2936 | | Last Modified: | Aug 15 20:39:05 2008 | | MD5 Checksum: | 48044f8eb8d0f450a53f132789027535 |
|
| /// File Name: | PLSA-2008-24.txt | Description:
| Pardus Linux Security Advisory - A security issue has been reported in Amarok, which can be exploited by malicious, local users to perform certain actions with escalated privileges. | | Author: | Pardus Linux | | File Size: | 1930 | | Related CVE(s): | CVE-2008-3699 | | Last Modified: | Aug 15 18:41:56 2008 | | MD5 Checksum: | fc8bca31f37dffda0b3a0d3f2f9656f1 |
|
| /// File Name: | cisco-sa-20080814-webex.txt | Description:
| Cisco Security Advisory - An ActiveX control (atucfobj.dll) that is used by the Cisco WebEx Meeting Manager contains a buffer overflow vulnerability that may result in a denial of service or remote code execution. The WebEx Meeting Manager is a client-side program that is provided by the Cisco WebEx meeting service. The Cisco WebEx meeting service automatically downloads, installs, and configures Meeting Manager the first time a user begins or joins a meeting. When users connect to the WebEx meeting service, the WebEx Meeting Manager is automatically upgraded to the latest version. There is a manual workaround available for users who are not able to connect to the WebEx meeting service. | | Homepage: | http://www.cisco.com/ | | File Size: | 14028 | | Related CVE(s): | CVE-2008-2737 | | Last Modified: | Aug 15 18:40:39 2008 | | MD5 Checksum: | b37ad9f1f0ade1da7287081770808eb6 |
|
| /// File Name: | glsa-200808-12.txt | Description:
| Gentoo Linux Security Advisory GLSA 200808-12 - Sebastian Krahmer of SuSE has found that Postfix allows to deliver mail to root-owned symlinks in an insecure manner under certain conditions. Normally, Postfix does not deliver mail to symlinks, except to root-owned symlinks, for compatibility with the systems using symlinks in /dev like Solaris. Furthermore, some systems like Linux allow to hardlink a symlink, while the POSIX.1-2001 standard requires that the symlink is followed. Depending on the write permissions and the delivery agent being used, this can lead to an arbitrary local file overwriting vulnerability (CVE-2008-2936). Furthermore, the Postfix delivery agent does not properly verify the ownership of a mailbox before delivering mail (CVE-2008-2937). Versions less than 2.5.3-r1 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 5453 | | Related CVE(s): | CVE-2008-2936, CVE-2008-2937 | | Last Modified: | Aug 14 20:12:35 2008 | | MD5 Checksum: | 3d10d7b22f9734485a3dd000961d1cf5 |
|
| /// File Name: | SYM08-015.txt | Description:
| Symantec Security Advisory - It is possible to circumvent the security patch that resolved a previously identified authentication bypass, remote code execution vulnerability in the Veritas Storage Foundation for Windows version 5.0 Volume Manager Scheduler Service. Successful exploitation could result in potential compromise of the targeted system. | | Homepage: | http://www.symantec.com/ | | File Size: | 5627 | | Last Modified: | Aug 14 20:07:58 2008 | | MD5 Checksum: | ec41ee8b4de02919527d674e1245726a |
|
| /// File Name: | ZDI-08-053.txt | Description:
| A vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the functionality exposed by the Storage Foundation for Windows Scheduler Service, VxSchedService.exe, which listens by default on TCP port 4888. The management console allows NULL NTLMSSP authentication thereby enabling a remote attacker to add, modify, or delete snapshots schedules and consequently run arbitrary code under the context of the SYSTEM user. | | Author: | Tenable Network Security | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3128 | | Last Modified: | Aug 14 20:05:49 2008 | | MD5 Checksum: | 95e5d86646e2ad48b9ff8481f0549ee9 |
|
| /// File Name: | ZDI-08-052.txt | Description:
| A vulnerability allows remote attackers to deny services on vulnerable installations of OpenLDAP. Authentication is not required to exploit this vulnerability. The specific flaw exists in the decoding of ASN.1 BER network datagrams. When the size of a BerElement is specified incorrectly, the application will trigger an assert(), leading to abnormal program termination. | | Author: | Oscar Mira-Sanchez | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3289 | | Related CVE(s): | CVE-2008-2952 | | Last Modified: | Aug 14 20:04:56 2008 | | MD5 Checksum: | c4b36d8934d8c8254cbb4f7fa85d22ad |
|
| /// File Name: | SUSE-SA-2008-041.txt | Description:
| SUSE Security Announcement - The SuSE Security-Team has found two critical issues in the code for openwsman. Two remote buffer overflows while decoding the HTTP basic authentication header exist and a possible SSL session replay attack affecting the client exists. | | Homepage: | http://www.suse.com | | File Size: | 12823 | | Related CVE(s): | CVE-2008-2234, CVE-2008-2233 | | Last Modified: | Aug 14 20:01:50 2008 | | MD5 Checksum: | a5c9b5a5bfbfb5a476e0fa336417c841 |
|
| /// File Name: | SUSE-SA-2008-040.txt | Description:
| SUSE Security Announcement - During a source code audit the SuSE Security-Team discovered a local privilege escalation bug as well as a mailbox ownership problem in postfix. The first bug allowed local users to execute arbitrary commands as root while the second one allowed local users to read other users mail. | | Homepage: | http://www.suse.com | | File Size: | 14399 | | Related CVE(s): | CVE-2008-2936, CVE-2008-2937 | | Last Modified: | Aug 14 19:55:59 2008 | | MD5 Checksum: | eaa21077f3779185d042f06a508f9688 |
|
| /// File Name: | postfix-ruhroh.txt | Description:
| Postfix on modern Solaris and Linux filesystems can be leveraged for privilege escalation via hardlinks. | | Author: | Wietse Venema | | File Size: | 10869 | | Last Modified: | Aug 14 19:55:00 2008 | | MD5 Checksum: | 02e30f6b6b0cba8ce26d00032feeeb2b |
|
| /// File Name: | MDVSA-2008-170.txt | Description:
| Mandriva Linux Security Advisory - Thomas Pollet discovered an integer overflow vulnerability in the PNG image handling filter in CUPS. This could allow a malicious user to execute arbitrary code with the privileges of the user running CUPS, or cause a denial of service by sending a specially crafted PNG image to the print server. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8933 | | Related CVE(s): | CVE-2008-1722 | | Last Modified: | Aug 14 01:58:26 2008 | | MD5 Checksum: | 660f4d454552514f438069932300c0cf |
|
| /// File Name: | MDVSA-2008-169.txt | Description:
| Mandriva Linux Security Advisory - Marc Schoenefeld of the Red Hat Security Response Team discovered a vulnerability in the hplip alert-mailing functionality that could allow a local attacker to elevate their privileges by using specially-crafted packets to trigger alert mails that are sent by the root account. Another vulnerability was discovered by Marc Schoenefeld in the hpssd message parser that could allow a local attacker to stop the hpssd process by sending specially-crafted packets, causing a denial of service. The updated packages have been patched to correct these issues. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9181 | | Related CVE(s): | CVE-2008-2940, CVE-2008-2941 | | Last Modified: | Aug 14 01:56:53 2008 | | MD5 Checksum: | 148dd1fdcbb7b4f86162eb048226603f |
|
| /// File Name: | MDVSA-2008-168.txt | Description:
| Mandriva Linux Security Advisory - A vulnerability was found in the OCSP search functionality in stunnel that could allow a remote attacker to use a revoked certificate that would be successfully authenticated by stunnel. This flaw only concerns users who have enabled OCSP validation in stunnel. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4735 | | Related CVE(s): | CVE-2008-2420 | | Last Modified: | Aug 14 01:56:21 2008 | | MD5 Checksum: | c99af4bde004b58dcbe22defa64c8221 |
|
| /// File Name: | msm-remote.txt | Description:
| A remote illegal access vulnerability exists in Microsoft Windows Live Messenger. A vicious attacker can control the Live Messenger via constructing a malicious web page. | | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | File Size: | 2079 | | Related CVE(s): | CVE-2008-0082 | | Last Modified: | Aug 14 01:56:09 2008 | | MD5 Checksum: | 893382da2903619e476e93b9b7952707 |
|
| /// File Name: | CORE-2008-0103.txt | Description:
| Core Security Technologies Advisory - A zone elevation vulnerability has been discovered in Internet Explorer versions 5 through 7 under Windows 2000, 2003, and XP. It also affects Windows Vista on IE 7 when protected mode is turned off. | | Author: | Jorge Luis Alvarez Medina | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 27082 | | Related CVE(s): | CVE-2008-1448 | | Last Modified: | Aug 13 19:27:23 2008 | | MD5 Checksum: | 7bcec620f32e9905726c1a58cd81f323 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
