Section: .. / 0601-advisories /
| /// File Name: |
FSA-2006-05.txt |
Description:
|
Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a buffer overflow vulnerability in the Apple QuickTime Player. Apple QuickTime has a buffer overflow vulnerability in parsing the specially crafted TGA image files. This is due to application failure to sanitize the parameter ImageWidth value while parsing TGA image files. A remote attacker could construct a web page with a specially crafted TGA file and entice a victim to view it, when the user opens the TGA image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, leading to potential arbitrary command execution.
| | Author: | Dejun Meng | | File Size: | 2222 | | Related CVE(s): | CVE-2005-3708 | | Last Modified: | Jan 15 17:50:03 2006 |
| MD5 Checksum: | b9a5dce603155c48cd21d11730128a39 |
|
| /// File Name: |
FSA-2006-04.txt |
Description:
|
Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered an improper memory access vulnerability in the Apple QuickTime Player. The vulnerability exists when parsing specially crafted TGA image files. A remote attacker could construct a web page with a specially crafted TGA file and entice a victim to view it, when the user opens the TGA image with Internet Explorer or Apple QuickTime Player, it will cause memory access violation, leading to potential arbitrary command execution.
| | Author: | Dejun Meng | | File Size: | 2123 | | Related CVE(s): | CVE-2005-3707 | | Last Modified: | Jan 15 17:45:18 2006 |
| MD5 Checksum: | d4bcc79ffc9528db2560678fa4f82600 |
|
| /// File Name: |
FSA-2006-03.txt |
Description:
|
Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a Denial of Service Vulnerability in the Apple QuickTime Player. Apple QuickTime has a denial of service vulnerability in parsing the specially crafted TIFF image files. This is due to an application failure to sanitize the parameter ImageWidth value while parsing TIFF image files. A remote attacker could construct a web page with a specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it will a cause memory access violation, leading to denial of service.
| | Author: | Dejun Meng | | File Size: | 1542 | | Related CVE(s): | CVE-2005-3710 | | Last Modified: | Jan 15 17:42:59 2006 |
| MD5 Checksum: | 6248ad9efb497e7b42f16c9c01c973d9 |
|
| /// File Name: |
FSA-2006-02.txt |
Description:
|
Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a vulnerability in the Apple QuickTime Player. Apple QuickTime has a vulnerability in parsing the specially crafted TIFF image files. This is due to application failure to sanitize the parameter StripOffsets value while parsing TIFF image files. A remote attacker could construct a web page with specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, leading to potential arbitrary command execution.
| | Author: | Dejun Meng | | File Size: | 1487 | | Related CVE(s): | CVE-2005-3711 | | Last Modified: | Jan 15 17:41:28 2006 |
| MD5 Checksum: | c7fd69be44413ae53a08c20785f0d143 |
|
| /// File Name: |
FSA-2006-01.txt |
Description:
|
Fortinet Security Advisory - Fortinet Security Research Team (FSRT) has discovered a buffer overflow vulnerability in the Apple QuickTime Player. Apple QuickTime has a buffer overflow vulnerability in parsing the specially crafted TIFF image files. This is due to application failure to sanitize the parameter StripByteCounts while parsing TIFF image files. A remote attacker could construct a web page with specially crafted tiff file and entice a victim to view it, when the user opens the TIFF image with Internet Explorer or Apple QuickTime Player, it will cause a memory access violation, and leading to potential arbitrary command execution.
| | Author: | Dejun Meng | | File Size: | 1540 | | Related CVE(s): | CVE-2005-3711 | | Last Modified: | Jan 15 17:38:48 2006 |
| MD5 Checksum: | 3bbccbc8968185754fb5e49537e6d12a |
|
| /// File Name: |
EV0025.txt |
Description:
|
ACal version 2.2.5 is susceptible to system bypass.
| | Author: | Aliaksandr Hartsuyeu | | File Size: | 972 | | Last Modified: | Jan 15 17:33:59 2006 |
| MD5 Checksum: | 008c5f7db9c3c538ba57df36d1495d7b |
|
| /// File Name: |
ZDI-06-001.txt |
Description:
|
Clam AntiVirus versions 0.80 through 0.87.1 suffer from a code execution flaw during the uncompressing of files compressed with with FSG version 1.33.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2543 | | Related CVE(s): | CAN-2006-0162 | | Last Modified: | Jan 15 17:06:24 2006 |
| MD5 Checksum: | 30512002d639462e152f9be6f1a8ebd5 |
|
| /// File Name: |
advisory_022006.113.txt |
Description:
|
Hardened-PHP Project Security Advisory - PHP5 comes with the new mysqli extension, which recently got a new error reporting feature using exceptions. When an exception for such an error is thrown the error message is used as format string. Depending on the situation and configuration, f.e. a malicious MySQL server or an erroneous SQL query (f.e. through SQL injection) can result in PHP reporting a (partly) user supplied error message, which can result in triggering the format string vulnerability, which can lead to remote code execution. Versions 5.1 through 5.1.1 are affected. PHP4 is not affected.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 4768 | | Last Modified: | Jan 15 16:55:48 2006 |
| MD5 Checksum: | 29f6651d4c9a1137b6551b4140bef858 |
|
| /// File Name: |
advisory_012006.112.txt |
Description:
|
Hardened-PHP Project Security Advisory - Since PHP5 a user supplied session ID is sent back to the user within a Set-Cookie HTTP header. Because there were no checks performed on the validity of this session id, it was possible to inject arbitrary HTTP headers into the response body of applications using PHP's builtin session functionality by supplying a special crafted session id. Versions 5.1.1 and below are affected. PHP4 is not affected.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 4826 | | Last Modified: | Jan 15 16:54:41 2006 |
| MD5 Checksum: | 04d3dba49413f20ee344aa659bd6cf2e |
|
| /// File Name: |
cisco-sa-20060112-wireless.txt |
Description:
|
Cisco Security Advisory - A vulnerability exists in Cisco Aironet Wireless Access Points (AP) running IOS which may allow a malicious user to send a crafted attack via IP address Resolution Protocol (ARP) to the Access point which will cause the device to stop passing traffic and/or drop user connections. Repeated exploitation of this vulnerability will create a sustained DoS.
| | Author: | Eric Smith | | Homepage: | http://www.cisco.com/ | | File Size: | 16515 | | Last Modified: | Jan 15 16:49:26 2006 |
| MD5 Checksum: | 40df5e485ee24b37927fa36a5a1a91d4 |
|
| /// File Name: |
phpPayPal.txt |
Description:
|
The PHP Toolkit for PayPal version 0.50 is susceptible to payment system bypass and sensitive information disclosure.
| | Author: | .cens | | File Size: | 1638 | | Last Modified: | Jan 15 16:48:02 2006 |
| MD5 Checksum: | de0020c7c7c76270e512a91b1a551045 |
|
| /// File Name: |
dsa-937-1.txt |
Description:
|
Debian Security Advisory DSA 937-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 15727 | | Related CVE(s): | CVE-2005-3191, CVE-2005-3192, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628 | | Last Modified: | Jan 15 16:44:49 2006 |
| MD5 Checksum: | 635b5e6044bdbb7b8ef3d66674e75834 |
|
| /// File Name: |
RHSA-2006-0157.txt |
Description:
|
Red Hat Security Advisory - A cross-site scripting flaw was found in the way Struts displays error pages. It may be possible for an attacker to construct a specially crafted URL which could fool a victim into believing they are viewing a trusted site.
| | Author: | Red Hat | | Homepage: | https://rhn.redhat.com/errata/RHSA-2006-0157.html | | File Size: | 7686 | | Related CVE(s): | CVE-2005-3745 | | Last Modified: | Jan 15 16:37:40 2006 |
| MD5 Checksum: | ace79271a106a4671cdd6b230f99152d |
|
| /// File Name: |
EEYEB-20051031.txt |
Description:
|
eEye Security Advisory - eEye Digital Security has discovered a critical heap overflow in the Apple Quicktime player that allows for the execution of arbitrary code via a maliciously crafted GIF file. This flaw has proven to allow for reliable control of data on the heap chunk and can be exploited via a web site by using ActiveX controls.
| | Author: | Fang Xing | | Homepage: | http://www.eeye.com/ | | File Size: | 4970 | | Related CVE(s): | CAN-2005-3713 | | Last Modified: | Jan 15 16:35:32 2006 |
| MD5 Checksum: | 144e38c9afe72b23ef2d14788692ffbd |
|
| /// File Name: |
EEYEB-20051117A.txt |
Description:
|
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in QuickTime Player. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code in the context of the user who executed the player or application hosting the QuickTime plug-in. This specific flaw exists within the QuickTime.qts file which many applications access QuickTime's functionality through. By specially crafting atoms within a movie file, a direct heap overwrite is triggered, and reliable code execution is then possible.
| | Author: | Karl Lynn | | Homepage: | http://www.eeye.com/ | | File Size: | 3480 | | Related CVE(s): | CAN-2005-4092 | | Last Modified: | Jan 15 16:33:12 2006 |
| MD5 Checksum: | 7e6b3665b681a41529b6cf5a26a940f5 |
|
| /// File Name: |
EEYEB-20051117B.txt |
Description:
|
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in QuickTime Player. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code in the context of the user who executed the player or application hosting the QuickTime plug-in. This specific flaw exists within the QuickTime.qts file which many applications access QuickTime's functionality through. By specially crafting atoms within a movie file, a direct heap overwrite is triggered, and reliable code execution is then possible.
| | Author: | Karl Lynn | | Homepage: | http://www.eeye.com/ | | File Size: | 2664 | | Related CVE(s): | CAN-2005-4092 | | Last Modified: | Jan 15 16:32:06 2006 |
| MD5 Checksum: | 6e6696ec76c924021bcf72d3901d01bd |
|
| /// File Name: |
EEYEB-20051229.txt |
Description:
|
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in QuickTime Player. There is a stack overflow in the way QuickTime processes qtif format files. An attacker can create a qtif file and send it to the user via email, web page, or qtif file with activex and can directy overflow a function pointer immediately used so it can bypass any stack overflow protection in systems such as xp sp2 and 2003 sp1.
| | Author: | Fang Xing | | Homepage: | http://www.eeye.com/ | | File Size: | 2869 | | Related CVE(s): | CAN-2005-3713 | | Last Modified: | Jan 15 16:29:29 2006 |
| MD5 Checksum: | fd3c67532e14fda9f8c490bc19e11c82 |
|
| /// File Name: |
cisco-sa-20060111-mars.txt |
Description:
|
Cisco Security Advisory - The Cisco Security Monitoring, Analysis and Response System (CS-MARS) software contains a default password for an undocumented administrative account. This password is set, without any user intervention, during installation of the software used by CS-MARS appliances, and is the same in all installations of the product. Users must be authenticated to the CS-MARS command line in order to utilize the default password to access the administrative account. Software version 4.1.2 and earlier of CS-MARS are affected by this vulnerability. Customers running software version 4.1.3 or higher can mitigate the effects of this vulnerability by applying the workaround listed in this advisory.
| | Homepage: | http://www.cisco.com | | File Size: | 12662 | | Last Modified: | Jan 15 16:26:16 2006 |
| MD5 Checksum: | 71520211bfff6eb63894b10ce679d8a2 |
|
| /// File Name: |
USN-240-1.txt |
Description:
|
Ubuntu Security Notice USN-240-1 - A buffer overflow was found in bogofilter's character set conversion handling. Certain invalid UTF-8 character sequences caused an invalid memory access. By sending a specially crafted email, a remote attacker could exploit this to crash bogofilter or possibly even execute arbitrary code with bogofilter's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 2958 | | Related CVE(s): | CVE-2005-4591 | | Last Modified: | Jan 15 16:23:57 2006 |
| MD5 Checksum: | 2002194252695e17bae56d6af62923d1 |
|
| /// File Name: |
cirt-41-advisory.pdf |
Description:
|
Apple Quicktime is susceptible to a buffer overflow vulnerability during the handling of .JPG/.PICT files. This vulnerability affects Windows Quicktime versions 6.5.1, 7.0.3, and Mac OSX Quicktime version 7.0.3. Earlier versions are suspected vulnerable.
| | Author: | Dennis Rand | | Homepage: | http://www.cirt.dk | | File Size: | 323777 | | Related CVE(s): | CAN-2005-2340 | | Last Modified: | Jan 15 16:22:47 2006 |
| MD5 Checksum: | 38c34f274ad8457c07a12f049aef22e9 |
|
| /// File Name: |
superXSS.txt |
Description:
|
Superonline.com is susceptible to a cross site scripting attack.
| | Author: | nukedx | | Homepage: | http://www.nukedx.com | | File Size: | 2154 | | Last Modified: | Jan 15 03:04:14 2006 |
| MD5 Checksum: | 23a61183007e7e291dc3981a50cff2b9 |
|
| /// File Name: |
FreeBSD-SA-06-04.ipfw.txt |
Description:
|
FreeBSD Security Advisory - ipfw maintains a pointer to layer 4 header information in the event that it needs to send a TCP reset or ICMP error message to discard packets. Due to incorrect handling of IP fragments, this pointer fails to get initialized.
| | Homepage: | http://www.freebsd.org/security/ | | File Size: | 3551 | | Related CVE(s): | CAN-2006-0054 | | Last Modified: | Jan 15 02:41:24 2006 |
| MD5 Checksum: | d3e9c839d07973392a022c0ef6c925c9 |
|
| /// File Name: |
FreeBSD-SA-06-02.ee.txt |
Description:
|
FreeBSD Security Advisory - The ispell_op function used by ee(1) while executing spell check operations employs an insecure method of temporary file generation. This method produces predictable file names based on the process ID and fails to confirm which path will be over written with the user.
| | Homepage: | http://www.freebsd.org/security/ | | File Size: | 5165 | | Related CVE(s): | CAN-2006-0055 | | Last Modified: | Jan 15 02:39:30 2006 |
| MD5 Checksum: | b9ff2feeff308372cbe743a954fe1571 |
|
| /// File Name: |
sa18453.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/18453/ | | File Size: | 1540 | | Last Modified: | Jan 14 06:07:24 2006 |
| MD5 Checksum: | 0c66aa168eda2d0e30be3327eae9e64d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
