Section: .. / 0612-advisories /
| /// File Name: |
glsa-200612-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200612-12 - F-Prot Antivirus version 4.6.7 fixes a heap-based buffer overflow, an infinite loop, and other unspecified vulnerabilities. Versions less than 4.6.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3271 | | Last Modified: | Dec 14 21:59:44 2006 |
| MD5 Checksum: | a3edad08b495c2bd64ce74b596e116b3 |
|
| /// File Name: |
glsa-200612-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200612-13 - infamous41md has discovered that the ole_init_info function may allocate too little memory for storing the contents of an OLE document, resulting in a heap buffer overflow. Versions less than 1.14.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3087 | | Last Modified: | Dec 14 21:59:51 2006 |
| MD5 Checksum: | e0cb295ba2fa5a72d70eb19161444dce |
|
| /// File Name: |
glsa-200612-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200612-14 - Trac allows users to perform certain tasks via HTTP requests without performing correct validation on those requests. Versions less than 0.10.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3003 | | Last Modified: | Dec 14 21:59:59 2006 |
| MD5 Checksum: | df24557a7418fd51f15df73b378f6243 |
|
| /// File Name: |
glsa-200612-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200612-15 - Jakub Moc of Gentoo Linux discovered that McAfee VirusScan was distributed with an insecure DT_RPATH which included the current working directory, rather than $ORIGIN which was probably intended. Versions less than or equal to 4510e are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3772 | | Last Modified: | Dec 14 22:00:07 2006 |
| MD5 Checksum: | 31da4fdde7e506aaf166a6b7429e15e0 |
|
| /// File Name: |
glsa-200612-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200612-16 - Teemu Salmela discovered that Links does not properly validate smb:// URLs when it runs smbclient commands. Versions less than 2.1_pre26 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3114 | | Last Modified: | Dec 14 22:00:15 2006 |
| MD5 Checksum: | 62e45d337d85ef1d4311a4071b4fc681 |
|
| /// File Name: |
glsa-200612-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200612-17 - A format string vulnerability was found in the sqllog function from the SQL accounting code for radiusd. That function is only used if one or more of the postgresql, mysql or odbc USE flags are enabled, which is not the default, except for the server 2006.1 and 2007.0 profiles which enable the mysql USE flag. Versions less than 1.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3263 | | Last Modified: | Dec 14 22:00:22 2006 |
| MD5 Checksum: | 1f2b36743f2675aaf1d4b1df06c476cb |
|
| /// File Name: |
glsa-200612-18.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200612-18 - Hendrik Weimer discovered that ClamAV fails to properly handle deeply nested MIME multipart/mixed content. Versions less than 0.88.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2355 | | Last Modified: | Dec 22 00:42:42 2006 |
| MD5 Checksum: | 223c48fb4c72fd033db5220e28088f72 |
|
| /// File Name: |
glsa-200612-19.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200612-19 - Steve Rigler discovered that pam_ldap does not correctly handle PasswordPolicyResponse control responses from an LDAP directory. This causes the pam_authenticate() function to always succeed, even if the previous authentication failed. Versions less than 183 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2662 | | Last Modified: | Dec 22 01:16:52 2006 |
| MD5 Checksum: | 858a8324fd729cdd34528a6d7186e7b4 |
|
| /// File Name: |
glsa-200612-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200612-20 - M. Joonas Pihlaja discovered several buffer overflows in loader_argb.c, loader_png.c, loader_lbm.c, loader_jpeg.c, loader_tiff.c, loader_tga.c, loader_pnm.c and an out-of-bounds memory read access in loader_tga.c. Versions less than 1.3.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3166 | | Last Modified: | Dec 22 01:17:08 2006 |
| MD5 Checksum: | b6280592846dc94c99dfa386c24f1058 |
|
| /// File Name: |
glsa-200612-21.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200612-21 - The read_multipart function of the CGI library shipped with Ruby (cgi.rb) does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-12. Versions less than 1.8.5_p2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2663 | | Last Modified: | Dec 22 01:17:33 2006 |
| MD5 Checksum: | a828a0c735f3a68bd9f6b9f43240ea24 |
|
| /// File Name: |
gnupg-6235.txt |
Description:
|
Tavis Ormandy of the Gentoo security team identified a severe and exploitable bug in the processing of encrypted packets in GnuPG. Versions below 1.4.6 are susceptible as well as versions below GnuPG-2 2.0.2.
| | Homepage: | http://www.gnupg.org/ | | File Size: | 4781 | | Last Modified: | Dec 7 10:42:49 2006 |
| MD5 Checksum: | 41385d5f237ffa7e3cb5244672178f7c |
|
| /// File Name: |
hpftp-dos.txt |
Description:
|
Both versions 2.4 and 2.4.5 of HP printers suffer from a buffer overflow in the LIST and NLST commands.
| | Author: | Joxean Koret | | Related Exploit: | dos2.4.py.txt | | File Size: | 2638 | | Last Modified: | Dec 22 00:55:40 2006 |
| MD5 Checksum: | b7271c9e9e52fe202a24a09b0a7eccfb |
|
| /// File Name: |
hyperaccess84.txt |
Description:
|
Hyper Access version 8.4 suffers from multiple command execution vulnerabilities.
| | Author: | Brett Moore | | File Size: | 4374 | | Last Modified: | Dec 15 10:40:55 2006 |
| MD5 Checksum: | a64fe9ae871f31552cf383086fa87588 |
|
| /// File Name: |
iis51asp.txt |
Description:
|
IIS 5.1 suffers from a flaw where it allows an ASP shell to be spawned via execute rights for IUSR_Machine.
| | Author: | Brett Moore | | File Size: | 3630 | | Last Modified: | Dec 15 10:18:43 2006 |
| MD5 Checksum: | 27c670b23ab54e041855dfd8e033d2a7 |
|
| /// File Name: |
jabgb-xss.txt |
Description:
|
JAB Guest Book suffers from a cross site scripting vulnerability.
| | Author: | James Barnsley | | File Size: | 1553 | | Last Modified: | Dec 6 06:52:30 2006 |
| MD5 Checksum: | 0d68d0243222cd60d8554a571862e6bf |
|
| /// File Name: |
joomlabeit-rfi.txt |
Description:
|
The BE IT EasyPartner Joomla! component is susceptible to remote file inclusion vulnerabilities.
| | Author: | vitux | | File Size: | 2851 | | Last Modified: | Dec 28 01:59:14 2006 |
| MD5 Checksum: | 0ed4e8113111243298f94e1fae59ac78 |
|
| /// File Name: |
lda-1-novell.txt |
Description:
|
Layered Defense Advisory - A format string vulnerability was discovered within Novell client 4.91 . The vulnerability is due to improper processing of format strings within NMAS (Novell Modular Authentication Services) Information message window. An attacker who enters special crafted format strings in the Username field at the Novell logon and selects Sequences under the NMAS tab can read data from the winlogon process stack or read from arbitrary memory, and at a minimum cause a denial of service.
| | Author: | Deral Heiland | | Homepage: | http://www.layereddefense.com | | File Size: | 2353 | | Last Modified: | Dec 6 05:26:04 2006 |
| MD5 Checksum: | c40208dd24ae2ceaa0a6b1b4062cbfeb |
|
| /// File Name: |
logaheadunu10-exec.txt |
Description:
|
logahead UNU edition version 1.0 is susceptible to upload and code execution vulnerabilities.
| | Author: | CorryL | | File Size: | 1735 | | Last Modified: | Dec 28 01:55:18 2006 |
| MD5 Checksum: | 88ad8a0f3a159844b14e9f37b428267d |
|
| /// File Name: |
mb-ms.txt |
Description:
|
Microsoft Windows XP/2003/Vista suffers from a memory corruption flaw.
| | Author: | 3APA3A | | File Size: | 1358 | | Last Modified: | Dec 28 00:20:21 2006 |
| MD5 Checksum: | bfd23045022c2dead30c111f2929e546 |
|
| /// File Name: |
MDKSA-2006-164-2.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006:164-2: Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6336 | | Last Modified: | Dec 14 21:56:45 2006 |
| MD5 Checksum: | ce5f771ccac7bafeda0e985a5d32ee59 |
|
| /// File Name: |
MDKSA-2006-214-1.txt |
Description:
|
Mandriva Linux Security Advisory - A stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3885 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Dec 6 06:51:42 2006 |
| MD5 Checksum: | 217423cbf724de2784e9f414070441dd |
|
| /// File Name: |
MDKSA-2006-220.txt |
Description:
|
Mandriva Linux Security Advisory - "infamous41md" discovered a heap buffer overflow vulnerability in libgsf, a GNOME library for reading and writing structured file formats, which could lead to the execution of arbitrary code.
| | Homepage: | http://www.mandriva.com/security | | File Size: | 3344 | | Last Modified: | Dec 6 04:47:50 2006 |
| MD5 Checksum: | 997efcae3cc68433e965727f3a854752 |
|
| /// File Name: |
MDKSA-2006-221.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages that cause the make_printable_string function to return a longer string than expected while constructing a prompt.
| | Homepage: | http://www.mandriva.com/security | | File Size: | 4975 | | Related CVE(s): | CVE-2006-6169 | | Last Modified: | Dec 6 04:48:26 2006 |
| MD5 Checksum: | ae1488db9d998d40ccbb92cba27c8e5d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
