Section: .. / 0607-advisories /
| /// File Name: |
SUSE-SA-2006-040.txt |
Description:
|
SUSE Security Announcement SUSE-SA:2006:040 - Multiple vulnerabilities have been discovered in OpenOffice. A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon loading of the document. A security vulnerability related to OpenOffice.org documents may allow certain Java applets to break through the "sandbox" and therefore have full access to system resources with current user privileges. A buffer overflow in the XML UTF8 converter allows for a value to be written to an arbitrary location in memory. This may lead to command execution in the context of the current user.
| | Homepage: | http://www.suse.com | | File Size: | 55165 | | Related CVE(s): | CVE-2006-2198, CVE-2006-2199, CVE-2006-3117 | | Last Modified: | Jul 9 06:05:02 2006 |
| MD5 Checksum: | a364f0c11b9b8ec2bab518181300a6a4 |
|
| /// File Name: |
SUSE-SA-2006-041.txt |
Description:
|
SUSE Security Announcement SUSE-SA:2006:041 - Various unspecified security problems have been fixed in Acrobat Reader version 7.0.8.
| | Homepage: | http://www.suse.com | | File Size: | 14611 | | Related CVE(s): | CVE-2006-3093 | | Last Modified: | Jul 9 06:54:37 2006 |
| MD5 Checksum: | 0f00c4291cdbc364933a24a0ab6ee735 |
|
| /// File Name: |
SUSE-SA-2006-042.txt |
Description:
|
SUSE Security Announcement SUSE-SA:2006:042 - A slew of kernel related vulnerabilities has been fixed in SUSE Linux for the 2.6 series.
| | Homepage: | http://www.suse.com | | File Size: | 72071 | | Related CVE(s): | CVE-2006-0744, CVE-2006-1528, CVE-2006-1855, CVE-2006-1857, CVE-2006-1858, CVE-2006-1859, CVE-2006-1860, CVE-2006-2444, CVE-2006-2445, CVE-2006-2448, CVE-2006-2450, CVE-2006-2451, CVE-2006-2934, CVE-2006-2935, CVE-2006-3085, CVE-2006-3626 | | Last Modified: | Jul 27 22:40:22 2006 |
| MD5 Checksum: | 1f9995f27ac47ea16eaf51417e6e827a |
|
| /// File Name: |
SYMSA-2006-007.txt |
Description:
|
Symantec Vulnerability Research Security Advisory SYMSA-2006-007 - There exists an overflow condition in Microsoft Office when a malformed string included in an Office file is parsed by any of the affected Office applications.
| | Author: | Elia Florio | | Homepage: | http://www.symantec.com/research | | File Size: | 4399 | | Related CVE(s): | CVE-2006-1540 | | Last Modified: | Jul 12 05:01:35 2006 |
| MD5 Checksum: | 6131d58d5bc2b9b5deb2679b3d8f998f |
|
| /// File Name: |
SYMSA-2006-008.txt |
Description:
|
Symantec Vulnerability Research Security Advisory SYMSA-2006-008 - Password Safe versions 2.11, 2.16, and 3.0BETA1 are susceptible to a flaw where the Lock Password Database Configuration functionality may not be enforced.
| | Author: | J.R. Wikes | | Homepage: | http://www.symantec.com/research | | File Size: | 5163 | | Related CVE(s): | CVE-2006-3675 | | Last Modified: | Jul 26 02:57:24 2006 |
| MD5 Checksum: | c688e197a51c55a796ba912362293926 |
|
| /// File Name: |
TA06-192A.txt |
Description:
|
Technical Cyber Security Alert TA06-192A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, IIS, and Office. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 8372 | | Related CVE(s): | CVE-2006-0026, CVE-2006-1314, CVE-2006-2372, CVE-2006-3059, CVE-2006-1316, CVE-2006-1540, CVE-2006-2389, CVE-2006-0033, CVE-2006-0007 | | Last Modified: | Jul 12 05:29:58 2006 |
| MD5 Checksum: | f08886b6a1e7df8cb305253314b27751 |
|
| /// File Name: |
TA06-200A.txt |
Description:
|
Technical Cyber Security Alert TA06-200A - Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
| | Homepage: | http://www.cert.org | | File Size: | 6489 | | Last Modified: | Jul 23 23:32:01 2006 |
| MD5 Checksum: | dd25053db609c1812b9a640189bf9171 |
|
| /// File Name: |
tippingBypass.txt |
Description:
|
All TippingPoint appliances with TOS versions 2.2.3.6514 and below suffer from a flaw where a malformed packet can force the appliance to fallback to layer 2 mode. In this mode the appliance forwards all traffic without inspection.
| | Author: | Andres Riancho | | Homepage: | http://www.cybsec.com | | File Size: | 1978 | | Last Modified: | Jul 26 03:24:21 2006 |
| MD5 Checksum: | e500720c7e61c1564791f5d5cf606e6d |
|
| /// File Name: |
TK8Safe305.txt |
Description:
|
TK8 Safe version 3.0.5 suffers from password management and denial of service issues.
| | Author: | Michael Kemp | | Homepage: | http://www.clappymonkey.com | | File Size: | 1932 | | Last Modified: | Jul 9 05:22:01 2006 |
| MD5 Checksum: | 0bb60ab95476cad993623ef955904cb8 |
|
| /// File Name: |
TOPo22178.txt |
Description:
|
TOPo version 2.2.178 suffers from a password reset vulnerability.
| | Author: | Attila Gerendi | | File Size: | 723 | | Last Modified: | Jul 13 18:29:47 2006 |
| MD5 Checksum: | 8e81662d10b2fd981e02adee78449d5a |
|
| /// File Name: |
touchControl.txt |
Description:
|
Touch Control is susceptible to a remote file execution vulnerability.
| | Author: | GYU TAE PARK | | File Size: | 1557 | | Last Modified: | Jul 9 07:16:01 2006 |
| MD5 Checksum: | 5cfa86d593dbbb6b14b4b2ca1a5d8f27 |
|
| /// File Name: |
tpbook100.txt |
Description:
|
TP-Book versions 1.00 and below suffer from cross site scripting vulnerabilities.
| | Author: | Tamriel | | File Size: | 1212 | | Last Modified: | Jul 26 05:05:19 2006 |
| MD5 Checksum: | 22d05bd682276d939f91e2f255c3faac |
|
| /// File Name: |
TSLSA-2006-0040.txt |
Description:
|
Trustix Secure Linux Security Advisory #2006-0040: SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer.
| | Homepage: | http://http.trustix.org/pub/trustix/updates | | File Size: | 3326 | | Related CVE(s): | CVE-2006-2934 | | Last Modified: | Jul 9 08:37:38 2006 |
| MD5 Checksum: | 031b70073304c561aab8b4b83e2d9e99 |
|
| /// File Name: |
TSRT-06-02.txt |
Description:
|
The Microsoft SRV.SYS driver suffers from a memory corruption flaw when processing Mailslot messages. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability and code execution occurs within the context of the kernel.
| | Author: | Pedram Amini, H D Moore | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 2444 | | Related CVE(s): | CVE-2006-1314 | | Last Modified: | Jul 12 05:22:18 2006 |
| MD5 Checksum: | b47c1cbf91e63eaad1a5176c21856aef |
|
| /// File Name: |
TSRT-06-03.txt |
Description:
|
A vulnerability exists in the IQnetworks Enterprise Security Analyzer. The flaw specifically exists within the Syslog daemon, syslogserver.exe, during the processing of long arguments passed through various commands on TCP port 10617.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2832 | | Related CVE(s): | CVE-2006-3838 | | Last Modified: | Jul 26 05:15:27 2006 |
| MD5 Checksum: | a3eaf0380b3667bfe61509341cf90847 |
|
| /// File Name: |
TSRT-06-04.txt |
Description:
|
A vulnerability exists in the IQnetworks Enterprise Security Analyzer. The specific flaw exists within Topology.exe, which binds by default to TCP port 10628. During the processing of long prefixes to the GUIADDDEVICE, ADDDEVICE, or DELETEDEVICE command, a stack based buffer overflow occurs.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2540 | | Related CVE(s): | CVE-2006-3838 | | Last Modified: | Jul 26 05:16:16 2006 |
| MD5 Checksum: | 135f2de067322b0116c9e9f9ef6e959c |
|
| /// File Name: |
turbozip6-en.txt |
Description:
|
A vulnerability has been found in TurboZIP 6.0 that allows for arbitrary code execution.
| | Author: | Tan Chew Keong | | File Size: | 443 | | Last Modified: | Jul 26 04:26:12 2006 |
| MD5 Checksum: | 82ccc3e162c09fe5b8957e8ce9c53f17 |
|
| /// File Name: |
UFO2000.txt |
Description:
|
The UFO2000 multiplayer turn based game based on the X-COM series suffers from multiple vulnerabilities including possible remote code execution.
| | Author: | aluigi | | Homepage: | http://aluigi.org | | File Size: | 6989 | | Last Modified: | Jul 18 17:26:21 2006 |
| MD5 Checksum: | f1f946de9fac5af5a4672322e4e9835b |
|
| /// File Name: |
USN-308-1.txt |
Description:
|
Ubuntu Security Notice 308-1: Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid() call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6900 | | Last Modified: | Jul 9 07:37:49 2006 |
| MD5 Checksum: | 4af99ea7491c4cacf0261dc435622ab4 |
|
| /// File Name: |
USN-309-1.txt |
Description:
|
Ubuntu Security Notice 309-1: Several buffer overflows were found in libmms. By tricking a user into opening a specially crafted remote multimedia stream with an application using libmms, a remote attacker could overwrite an arbitrary memory portion with zeros, thereby crashing the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 2937 | | Related CVE(s): | CVE-2006-2200 | | Last Modified: | Jul 9 07:38:33 2006 |
| MD5 Checksum: | e188e8fafa939589575c697a405f1872 |
|
| /// File Name: |
USN-310-1.txt |
Description:
|
Ubuntu Security Notice 310-1: Marcus Meissner discovered that the winbind plugin of pppd does not check the result of the setuid() call. On systems that configure PAM limits for the maximum number of user processes and enable the winbind plugin, a local attacker could exploit this to execute the winbind NTLM authentication helper as root. Depending on the local winbind configuration, this could potentially lead to privilege escalation.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5538 | | Related CVE(s): | CVE-2006-2194 | | Last Modified: | Jul 9 07:39:16 2006 |
| MD5 Checksum: | ff48acb46e59a8b15cef35ff23e150f3 |
|
| /// File Name: |
USN-311-1.txt |
Description:
|
Ubuntu Security Notice 311-1 - A race condition was discovered in the do_add_counters() functions. Processes which do not run with full root privileges, but have the CAP_NET_ADMIN capability can exploit this to crash the machine or read a random piece of kernel memory. In Ubuntu there are no packages that are affected by this, so this can only be an issue for you if you use third-party software that uses Linux capabilities. John Stultz discovered a faulty BUG_ON trigger in the handling of POSIX timers. A local attacker could exploit this to trigger a kernel oops and crash the machine. Dave Jones discovered that the PowerPC kernel did not perform certain required access_ok() checks. A local user could exploit this to read arbitrary kernel memory and crash the kernel on 64-bit systems, and possibly read arbitrary kernel memory on 32-bit systems. A design flaw was discovered in the prctl(PR_SET_DUMPABLE, ...) system call, which allowed a local user to have core dumps created in a directory he could not normally write to. This could be exploited to drain available disk space on system partitions, or, under some circumstances, to execute arbitrary code with full root privileges. This flaw only affects Ubuntu 6.06 LTS.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 153729 | | Related CVE(s): | CVE-2006-0039, CVE-2006-2445, CVE-2006-2448, CVE-2006-2451 | | Last Modified: | Jul 12 05:13:11 2006 |
| MD5 Checksum: | 2fc78c9c9f579a3520a7baac3bc441b0 |
|
| /// File Name: |
USN-312-1.txt |
Description:
|
Ubuntu Security Notice 312-1 - Henning Makholm discovered that the gimp does not sufficiently validate the 'num_axes' parameter in XCF files. By tricking a user into opening a specially crafted XCF file with Gimp, an attacker could exploit this to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15225 | | Related CVE(s): | CVE-2006-3404 | | Last Modified: | Jul 12 04:50:53 2006 |
| MD5 Checksum: | 6fdb44786e3500203812d79cd48e71f9 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
