Section: .. / 0611-advisories /
| /// File Name: |
etomiteCMS0612.txt |
Description:
|
Etomite CMS versions 0.6.1.2 and below suffer from SQL injection and local file inclusion vulnerabilities.
| | Author: | Alfredo Pesoli | | Related Exploit: | etm_0612_sqlinj.pl.txt | | File Size: | 2994 | | Last Modified: | Nov 17 19:55:46 2006 |
| MD5 Checksum: | ef386c55d47800928a66c7540bc6aac0 |
|
| /// File Name: |
FLSA-2006-195418.txt |
Description:
|
Fedora Legacy Update Advisory FLSA:195418 - Updated sendmail packages fix security issue
| | Homepage: | http://fedoralegacy.org | | File Size: | 10119 | | Last Modified: | Nov 1 17:20:12 2006 |
| MD5 Checksum: | b25437c410fb1e9b0d847f245cfae681 |
|
| /// File Name: |
freebsd-firewire.txt |
Description:
|
The Firewire device enabled by default in the GENERIC kernel for FreeBSD defines an IOCTL function which can be malicious called passing a negative buffer length value. This value will bypass the length check (because the value is negative) and will be used in a copyout operation. This is a kernel bug and the system can be compromised by local users and important system information can be disclosed.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://www.kernelhacking.com/rodrigo | | Related File: | bsd.patch | | File Size: | 3418 | | Last Modified: | Nov 16 12:13:44 2006 |
| MD5 Checksum: | 9bf61a2d6a3b88f11455cec5f19352c2 |
|
| /// File Name: |
FreeBSD-SA-06-24.libarchive.txt |
Description:
|
FreeBSD Security Advisory - If the end of an archive is reached while attempting to "skip" past a region of an archive, libarchive will enter an infinite loop wherein it repeatedly attempts (and fails) to read further data.
| | Homepage: | http://security.FreeBSD.org/ | | File Size: | 3123 | | Related CVE(s): | CVE-2006-5680 | | Last Modified: | Nov 8 22:09:38 2006 |
| MD5 Checksum: | cb7573a688f37154d2528878c2daed8f |
|
| /// File Name: |
glsa-200611-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-01 - cstone and Richard Felker discovered a flaw in Screen's UTF-8 combining character handling. Versions less than 4.0.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3662 | | Last Modified: | Nov 3 18:04:42 2006 |
| MD5 Checksum: | 458197d688275073032e419c428941f9 |
|
| /// File Name: |
glsa-200611-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-02 - An integer overflow flaw has been found in the pixmap handling of Qt. Versions less than 4.1.4-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2787 | | Last Modified: | Nov 7 00:34:48 2006 |
| MD5 Checksum: | f6ec79c4b9b9ec7b6eba6f4c0b06f970 |
|
| /// File Name: |
glsa-200611-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-03 - Rapid7 reported a boundary error in the NVIDIA binary graphics driver that leads to a buffer overflow in the accelerated rendering functionality. Versions less than 1.0.8776 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3032 | | Last Modified: | Nov 8 21:45:56 2006 |
| MD5 Checksum: | 3238572b3b7b6a3e7c01329fe7efbc3a |
|
| /// File Name: |
glsa-200611-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-04 - Bugzilla is vulnerable to cross-site scripting, script injection, and request forgery. Versions less than 2.18.6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3867 | | Last Modified: | Nov 13 11:01:56 2006 |
| MD5 Checksum: | b43590070f7b3bd00f7c82cef15a01a0 |
|
| /// File Name: |
glsa-200611-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-05 - Paul Szabo reported that an incorrect seteuid() call after the chdir() function can allow an attacker to access a normally forbidden directory, in some very particular circumstances, for example when the NFS-hosted targeted directory is not reachable by the client-side root user. Additionally, some potentially exploitable unchecked setuid() calls were also fixed. Versions less than 0.17-r4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2950 | | Last Modified: | Nov 13 11:08:34 2006 |
| MD5 Checksum: | 009b4341f09b3bc65697cf677e71f060 |
|
| /// File Name: |
glsa-200611-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-06 - Tavis Ormandy of the Google Security Team has discovered a pre-authentication vulnerability, causing sshd to spin until the login grace time has been expired. Mark Dowd found an unsafe signal handler that was vulnerable to a race condition. It has also been discovered that when GSSAPI authentication is enabled, GSSAPI will in certain cases incorrectly abort. Versions less than 4.4_p1-r5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3022 | | Last Modified: | Nov 14 03:01:46 2006 |
| MD5 Checksum: | 3b6b67d565d2a6e68a0594289f6bcc1e |
|
| /// File Name: |
glsa-200611-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-07 - M. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage() function of coders/dcm.c, causing the improper handling of DCM images. Pihlaja also reported that there are several boundary errors in the ReadPALMImage() function of coders/palm.c, similarly causing the improper handling of PALM images. Versions less than 1.1.7-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2839 | | Last Modified: | Nov 14 03:02:07 2006 |
| MD5 Checksum: | 304b459994a7c879fa655aedc958faf5 |
|
| /// File Name: |
glsa-200611-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-08 - Vladimir Mosgalin has reported that when processing certain packages, RPM incorrectly allocates memory for the packages, possibly causing a heap-based buffer overflow. Versions less than 4.4.6-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2657 | | Last Modified: | Nov 14 03:02:30 2006 |
| MD5 Checksum: | 52521940eebf7c4f721139f18e3c8eef |
|
| /// File Name: |
glsa-200611-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-09 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that a vulnerability exists in the sPLT chunk handling code of libpng, a large sPLT chunk may cause an application to attempt to read out of bounds. Versions less than 1.2.13 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2584 | | Last Modified: | Nov 17 20:00:18 2006 |
| MD5 Checksum: | b19f7cc113f2e8f811c56e647c5c9c50 |
|
| /// File Name: |
glsa-200611-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-10 - random discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. adapter found out that user-edit.php fails to effectively deny non-permitted users access to other user's metadata. Additionally, a directory traversal vulnerability in the wp-db-backup module was discovered. Versions less than 2.0.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3096 | | Last Modified: | Nov 17 20:00:33 2006 |
| MD5 Checksum: | dc6f9bde1424a776cc54219414f97106 |
|
| /// File Name: |
glsa-200611-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-11 - In numerous files TikiWiki provides an empty sort_mode parameter, causing TikiWiki to display additional information, including database authentication credentials, in certain error messages. TikiWiki also improperly sanitizes the url request variable sent to tiki-featured_link.php. Versions less than 1.9.6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2963 | | Last Modified: | Nov 21 04:52:10 2006 |
| MD5 Checksum: | 96b3aabeda2d884aaebb7cf3c7d0645e |
|
| /// File Name: |
glsa-200611-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-12 - Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported that the CGI library shipped with Ruby is vulnerable to a remote Denial of Service by an unauthenticated user. Versions less than 1.8.5-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2733 | | Last Modified: | Nov 21 02:12:20 2006 |
| MD5 Checksum: | e003b90fee89dc7c5842cfbe8fd92e73 |
|
| /// File Name: |
glsa-200611-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-13 - Avahi does not check that the netlink messages come from the kernel instead of a user-space process. Versions less than 0.6.15 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2544 | | Last Modified: | Nov 21 02:12:59 2006 |
| MD5 Checksum: | f4771183ddb5f7a327542342fb4429e3 |
|
| /// File Name: |
glsa-200611-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-14 - TORQUE creates temporary files with predictable names. Please note that the TORQUE package shipped in Gentoo Portage is not vulnerable in the default configuration. Only systems with more permissive access rights to the spool directory are vulnerable. Versions less than 2.1.2-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2767 | | Last Modified: | Nov 21 02:13:18 2006 |
| MD5 Checksum: | db5a1e959aff6c5219316be80335cbe1 |
|
| /// File Name: |
glsa-200611-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-15 - qmailAdmin fails to properly handle the PATH_INFO variable in qmailadmin.c. The PATH_INFO is a standard CGI environment variable filled with user supplied data. Versions less than 1.2.10 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2636 | | Last Modified: | Nov 21 21:28:04 2006 |
| MD5 Checksum: | 8a37e12e6d0589fa9a69f9da509f73dd |
|
| /// File Name: |
glsa-200611-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-16 - Miloslav Trmac from Red Hat discovered a buffer overflow in the readline() function of texindex.c. The readline() function is called by the texi2dvi and texindex commands. Versions less than 4.8-r5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2523 | | Last Modified: | Nov 21 21:28:36 2006 |
| MD5 Checksum: | 289a1002c49e7c82725e0f9bff9ed3d0 |
|
| /// File Name: |
glsa-200611-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-17 - Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that fvwm-menu-directory does not sufficiently sanitise directory names prior to generating menus. Versions less than 2.5.18-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2737 | | Last Modified: | Nov 26 21:43:32 2006 |
| MD5 Checksum: | 2ea56daab1a6c91c8cbf713a5dc24e67 |
|
| /// File Name: |
glsa-200611-18.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-18 - Urs Janssen and Aleksey Salow have reported multiple buffer overflows in TIN. Additionally, the OpenPKG project has reported an allocation off-by-one flaw which can lead to a buffer overflow. Versions less than 1.8.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2672 | | Last Modified: | Nov 26 22:19:22 2006 |
| MD5 Checksum: | e7c491eb81405c4e3065cb5d7b2e66a3 |
|
| /// File Name: |
glsa-200611-19.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-19 - M. Joonas Pihlaja has reported that a boundary error exists within the ReadDCMImage() function of coders/dcm.c, causing the improper handling of DCM images. Pihlaja also reported that there are several boundary errors in the ReadPALMImage() function of coders/palm.c, similarly causing the improper handling of PALM images. Versions less than 6.3.0.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2832 | | Last Modified: | Nov 26 22:19:43 2006 |
| MD5 Checksum: | 869549fe1008df9559656a273122376c |
|
| /// File Name: |
glsa-200611-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200611-20 - GNU gv does not properly boundary check user-supplied data before copying it into process buffers. Versions less than 3.6.2-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2433 | | Last Modified: | Nov 26 22:20:00 2006 |
| MD5 Checksum: | 7ae82392e20edf7870211646d9cf6170 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
