Section: .. / 0602-advisories /
| /// File Name: |
folderGuard.txt |
Description:
|
By renaming or moving the password file, Folder Guard version 4.11 fails to protect anything.
| | Author: | ShadowBeast | | File Size: | 448 | | Last Modified: | Feb 14 06:19:08 2006 |
| MD5 Checksum: | 99b26ce4dbb6515378723f13a5709441 |
|
| /// File Name: |
Fortinet-ftp.txt |
Description:
|
It is possible to bypass the Fortinet anti-virus engine when sending files over FTP under certain conditions. Those conditions will be disclosed later since Fortinet has not fixed the problem yet. This bug was tested on FortiOS v2.8MR10 and v3beta.
| | Author: | Mathieu Dessus | | File Size: | 1262 | | Last Modified: | Feb 13 11:31:24 2006 |
| MD5 Checksum: | 757918f27399a74aff726aaf6fa83daf |
|
| /// File Name: |
FreeBSD-SA-06-08.sack.txt |
Description:
|
FreeBSD Security Advisory FreeBSD-SA-06:08.sack - SACK (Selective Acknowledgment) is an extension to the TCP/IP protocol that allows hosts to acknowledge the receipt of some, but not all, of the packets sent, thereby reducing the cost of retransmissions. When insufficient memory is available to handle an incoming selective acknowledgment, the TCP/IP stack may enter an infinite loop.
| | Author: | Scott Wood | | Homepage: | http://www.freebsd.org/security/ | | File Size: | 3673 | | Related CVE(s): | CVE-2006-0433 | | Last Modified: | Feb 2 20:43:02 2006 |
| MD5 Checksum: | 6b1c54981d986ac912087927224ba779 |
|
| /// File Name: |
glsa-200601-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200601-16 - MyDNS contains an unspecified flaw that may allow a remote Denial of Service. Versions less than 1.1.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2415 | | Last Modified: | Feb 2 11:32:54 2006 |
| MD5 Checksum: | 34beec11c94e43edcf90ca938bca0a08 |
|
| /// File Name: |
glsa-200601-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200601-17 - Chris Evans has reported some integer overflows in Xpdf when attempting to calculate buffer sizes for memory allocation, leading to a heap overflow and a potential infinite loop when handling malformed input files. Versions less than 3.01-r5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4673 | | Last Modified: | Feb 2 11:33:04 2006 |
| MD5 Checksum: | 125840275c58cb93c34a6746d723e1ce |
|
| /// File Name: |
glsa-200602-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-01 - The GStreamer FFmpeg plugin contains derived code from the FFmpeg library, which is vulnerable to a heap overflow in the avcodec_default_get_buffer() function discovered by Simon Kilvington (see GLSA 200601-06). Versions less than 0.8.7-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3411 | | Last Modified: | Feb 6 04:50:57 2006 |
| MD5 Checksum: | a7ac21905c6f1ce1ce83449543902752 |
|
| /// File Name: |
glsa-200602-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-02 - Andy Staudacher discovered that ADOdb does not properly sanitize all parameters. Versions less than 4.71 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2927 | | Last Modified: | Feb 7 22:18:10 2006 |
| MD5 Checksum: | 99bbebe91b834b28249490a84fe6a9d7 |
|
| /// File Name: |
glsa-200602-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-03 - Apache's mod_imap fails to properly sanitize the Referer directive of imagemaps in some cases, leaving the HTTP Referer header unescaped. A flaw in mod_ssl can lead to a NULL pointer dereference if the site uses a custom Error 400 document. These vulnerabilities were reported by Marc Cox and Hartmut Keil, respectively. Versions less than 2.0.55-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4150 | | Last Modified: | Feb 7 22:18:18 2006 |
| MD5 Checksum: | 230c7b6d54832b4e8ea6a940f0fbc5b3 |
|
| /// File Name: |
glsa-200602-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-04 - Dirk Mueller has reported a vulnerability in Xpdf. It is caused by a missing boundary check in the splash rasterizer engine when handling PDF splash images with overly large dimensions. Versions less than 3.01-r7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3783 | | Last Modified: | Feb 13 09:37:49 2006 |
| MD5 Checksum: | 11fe831c0ee16bf5c8b611405c4fc1c5 |
|
| /// File Name: |
glsa-200602-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-05 - KPdf includes Xpdf code to handle PDF files. Dirk Mueller discovered that the Xpdf code is vulnerable a heap based overflow in the splash rasterizer engine. Versions less than 3.4.3-r4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3838 | | Last Modified: | Feb 13 09:37:55 2006 |
| MD5 Checksum: | 28424f9abafdde444d9727057bee16d3 |
|
| /// File Name: |
glsa-200602-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-06 - The SetImageInfo function was found vulnerable to a format string mishandling. Daniel Kobras discovered that the handling of %-escaped sequences in filenames passed to the function is inadequate. This is a new vulnerability that is not addressed by GLSA 200503-11. Versions less than 6.2.5.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2904 | | Last Modified: | Feb 14 08:42:51 2006 |
| MD5 Checksum: | d3f65409f6de37db6b7d10491be78303 |
|
| /// File Name: |
glsa-200602-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-07 - Applets executed using JRE or JDK can use reflection APIs functions to elevate its privileges beyond the sandbox restrictions. Adam Gowdiak discovered five vulnerabilities that use this method for privilege escalation. Two more vulnerabilities were discovered by the vendor. Peter Csepely discovered that Web Start Java applications also can an escalate their privileges. Versions less than 1.4.2.10 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4418 | | Last Modified: | Feb 15 19:40:02 2006 |
| MD5 Checksum: | 4801775b35b42032ae457a1bca577716 |
|
| /// File Name: |
glsa-200602-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-08 - Evgeny Legerov has reported a flaw in the DER decoding routines provided by libtasn1, which could cause an out of bounds access to occur. Versions less than 0.2.18 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3899 | | Last Modified: | Feb 16 23:05:00 2006 |
| MD5 Checksum: | 3f4f204d3f10c69cf4239e07b936f925 |
|
| /// File Name: |
glsa-200602-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-08 - Evgeny Legerov has reported a flaw in the DER decoding routines provided by libtasn1, which could cause an out of bounds access to occur. Versions less than 0.2.18 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3899 | | Last Modified: | Feb 16 23:05:05 2006 |
| MD5 Checksum: | 3f4f204d3f10c69cf4239e07b936f925 |
|
| /// File Name: |
glsa-200602-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-10 - Tavis Ormandy of the Gentoo Linux Security Auditing Team discovered that automated systems relying on the return code of GnuPG or gpgv to authenticate digital signatures may be misled by malformed signatures. GnuPG documentation states that a return code of zero (0) indicates success, however gpg and gpgv may also return zero if no signature data was found in a detached signature file. Versions less than 1.4.2.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3079 | | Last Modified: | Feb 20 21:22:35 2006 |
| MD5 Checksum: | a25305af869c11377e193f52d8282158 |
|
| /// File Name: |
glsa-200602-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-11 - To copy from a local filesystem to another local filesystem, scp constructs a command line using 'cp' which is then executed via system(). Josh Bressers discovered that special characters are not escaped by scp, but are simply passed to the shell. Versions less than 4.2_p1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3992 | | Last Modified: | Feb 22 20:34:22 2006 |
| MD5 Checksum: | 07a29c9ce849564f06d837b95ad63751 |
|
| /// File Name: |
glsa-200602-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-12 - Dirk Mueller found a heap overflow vulnerability in the XPdf codebase when handling splash images that exceed size of the associated bitmap. Versions less than 2.10.0-r4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3235 | | Last Modified: | Feb 22 20:34:59 2006 |
| MD5 Checksum: | 95e8598870c2665aff843cb170abe6d4 |
|
| /// File Name: |
googleReader.txt |
Description:
|
Google reader is supposed to display only content that the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using the Google reader service) to view unwanted web content carrying malicious payloads.
| | Author: | Debasis Mohanty | | Homepage: | http://www.hackingspirits.com | | File Size: | 3394 | | Last Modified: | Feb 26 03:24:26 2006 |
| MD5 Checksum: | b24de84c45fd97304d6aa1b792ccb041 |
|
| /// File Name: |
hauri.txt |
Description:
|
Global Hauri Virobot is susceptible to an authentication bypass flaw.
| | Author: | Xpl017Elz | | Homepage: | http://www.inetcop.org | | File Size: | 8622 | | Last Modified: | Feb 25 23:33:27 2006 |
| MD5 Checksum: | 0639d51c4366de335eddf6cc2e229776 |
|
| /// File Name: |
honeyd-2006-001.txt |
Description:
|
Honeyd Security Advisory 2006-001 - A bug in the IP reassembly codes causes Honeyd to reply to illegal fragments that other implementations would silently drop. Watching for replies, it is possible to detect IP addresses simulated by Honeyd.
| | Homepage: | http://www.honeyd.org/ | | File Size: | 1251 | | Last Modified: | Feb 16 23:54:04 2006 |
| MD5 Checksum: | f327f92a203cb524b784b6986caaef3f |
|
| /// File Name: |
invision214.txt |
Description:
|
Invision Power Board versions 2.1.4 and below are susceptible to path disclosure issues.
| | Author: | Paisterist | | Homepage: | http://neosecurityteam.net/ | | File Size: | 3720 | | Last Modified: | Feb 25 23:26:26 2006 |
| MD5 Checksum: | 8e90337ff1f8286a3e838ee96d19f244 |
|
| /// File Name: |
IRM-017.txt |
Description:
|
IRM Security Advisory No. 017 - PortalSE version 2.0 allows a remote attacker to read any file on the filesystem as it runs with root privileges by default. It is also susceptible to a directory revelation issue.
| | Author: | P. Robinson | | Homepage: | http://www.irmplc.com/advisories | | File Size: | 2994 | | Last Modified: | Feb 26 02:36:31 2006 |
| MD5 Checksum: | 53a6d085c73194ed7e99b4fceb971453 |
|
| /// File Name: |
IRM-018.txt |
Description:
|
IRM Security Advisory No. 018 - A buffer overflow exists in Winamp's handling of a m3u playlist file. Version 5.13 is affected.
| | Author: | P. Robinson | | Homepage: | http://www.irmplc.com/advisories | | File Size: | 1416 | | Last Modified: | Feb 26 05:38:14 2006 |
| MD5 Checksum: | 924d244e3e454672d333b985a74df005 |
|
| /// File Name: |
IronMail-5.0.1.txt |
Description:
|
If IronMail-5.0.1 is configured with "Denial of Service Protection" enabled, then a remote user can generate a TCP SYN flood, sending malformed packets via multiple connections to cause the server to become busy resulting in DOS.
| | Author: | Mark Ludwik | | File Size: | 1423 | | Last Modified: | Feb 6 04:21:26 2006 |
| MD5 Checksum: | 93a9a253744f64f74bef1004bd97e517 |
|
| /// File Name: |
kernelBSD.txt |
Description:
|
Due to a flaw in the original patch implemented by the NetBSD team in release 2.0.3 the kernfs_xread function was still vulnerable to exploitation. OpenBSD's 3.8 kernel release contained the same vulnerability and the same type of patch as NetBSD 2.0.3.
| | Homepage: | http://www.securitylab.net | | File Size: | 2221 | | Last Modified: | Feb 4 15:35:55 2006 |
| MD5 Checksum: | c35c3724bcfcae53b43286818cef97de |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
