Section: .. / 0704-advisories /
| /// File Name: |
sa24979.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for krb5. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24979/ | | File Size: | 3759 | | Last Modified: | Apr 24 02:07:09 2007 |
| MD5 Checksum: | 30f3078d8c168adbc4f4561ccad47844 |
|
| /// File Name: |
sa24741.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in X.Org X11, which potentially can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24741/ | | File Size: | 3749 | | Last Modified: | Apr 5 00:36:24 2007 |
| MD5 Checksum: | fdf8f6cea318ca3377482829ec51ad07 |
|
| /// File Name: |
04.17.07-2.txt |
Description:
|
iDefense Security Advisory 04.17.07 - Remote exploitation of a denial of service (DoS) vulnerability in McAfee Inc.'s E-Business Server could allow an attacker to crash the administration server. Prior to authentication, an attacker can crash the server by sending a malformed authentication packet. The server will read in a length from the packet header, and then attempt to read that many bytes from the buffer. By specifying a large length value and sending a small packet, the server can be caused to read off the end of mapped heap memory. This will trigger an exception that is not handled, and the server will exit. iDefense has confirmed the existence of this vulnerability in McAfee E-Business Server version 8.5.1.101 for Windows. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3733 | | Last Modified: | Apr 19 04:18:44 2007 |
| MD5 Checksum: | cba7c6f6d0ff05eb5392429c569cd019 |
|
| /// File Name: |
04.17.07-1.txt |
Description:
|
iDefense Security Advisory 04.17.07 - Remote exploitation of a buffer overflow vulnerability in McAfee's VirusScan Antivirus application allows attackers to disable the On-Access scanner or potentially execute arbitrary code with SYSTEM privileges. The McAfee On-Access scanner component contains a common software flaw that leads to heap corruption when dealing with overly long file names that contain multi-byte characters. This flaw only manifests itself when the target system has East Asia language files installed and the default Unicode codepage is set to a language which contains multi-byte characters such as Chinese. iDefense has confirmed this vulnerability in McAfee VirusScan 8.0 Enterprise. Previous versions are suspected vulnerable as well.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3722 | | Last Modified: | Apr 19 04:18:11 2007 |
| MD5 Checksum: | 3d715bcec5a7afe04fbae672439ff82c |
|
| /// File Name: |
04.26.07-3.txt |
Description:
|
iDefense Security Advisory 04.26.07 - Norton Ghost allows administrators and other power users to schedule snapshots of local disks for backup and recovery purposes. If these recovery points are set to save to a remote network share Ghost will prompt the user to enter a user name and password for the share. Password information entered into Ghost for this purpose is encrypted and saved to the local file system in the applications home directory which has read access allowed for all users. The encryption key used by Ghost to decrypt these stored credentials is derived from the MD5 hash of the plain text user name stored in the configuration file. Since every user on the system has read access to these configuration files, any user can decrypt the stored passwords. iDefense verified the existence of this vulnerability on Norton Ghost 10.0. Other versions may be vulnerable as well.
| | Author: | Pravus | | Homepage: | http://www.idefense.com/ | | File Size: | 3690 | | Last Modified: | May 3 02:45:34 2007 |
| MD5 Checksum: | c9c6043fee23fdf1fc462b362a8403d3 |
|
| /// File Name: |
ZDI-07-020.txt |
Description:
|
Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of BMC Performance Manager. User interaction is not required to exploit this vulnerability. The specific flaw exists in the PatrolAgent.exe listening on TCP port 3181. The service allows remote attackers to modify configuration files without authentication. This can be exploited by an attacker by modifying parameters in SNMP communities definitions. By modifying the masterAgentName and masterAgentStartLine parameters, an attacker can execute arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3659 | | Related CVE(s): | CVE-2007-1972 | | Last Modified: | Apr 19 06:55:28 2007 |
| MD5 Checksum: | feea720a2860e085bdb160f01c3816ee |
|
| /// File Name: |
04.12.07-1.txt |
Description:
|
iDefense Security Advisory 04.12.07 - Remote exploitation of a buffer overflow vulnerability in pfs_mountd.rpc included in multiple versions of Hewlett Packard Co. HP-UX allows for remote root access. If a remote user sends two specially crafted packets over UDP, the buffer overflow is triggered. One must first send a call to procedure 5, and soon thereafter send the actual payload to procedure 2. Due to the closed nature of the pfs_mountd.rpc protocol specification, it is unclear at this time what functions the respective procedures actually perform. iDefense has confirmed the existence of this vulnerability in HP-UX 11.11i. It is suspected that previous versions are also vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3655 | | Last Modified: | Apr 13 01:05:32 2007 |
| MD5 Checksum: | 30ef5baf243b4e964bc645d9aeb659c5 |
|
| /// File Name: |
iedos-issue.txt |
Description:
|
Microsoft Internet Explorer contains a flaw that may allow a malicious user to cause IE7 to enter a loop in which IE7 become unresponsive resulting in a recoverable denial of service issue.
| | Author: | Lostmon | | Homepage: | http://lostmon.blogspot.com/ | | File Size: | 3651 | | Last Modified: | May 3 01:48:22 2007 |
| MD5 Checksum: | 57d7f19f626cd637a47ac4c467099cc9 |
|
| /// File Name: |
04.04.07-2.txt |
Description:
|
iDefense Security Advisory 04.04.07 - Remote exploitation of a buffer overflow vulnerability within Environmental Systems Research Institute (ESRI) Inc.'s ArcSDE service allows attackers to execute arbitrary code in the context of the running service. An iDefense contributor reported that version 9.2 is vulnerability to this attack. ESRI confirmed the vulnerability. All prior versions are suspected to be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3646 | | Last Modified: | Apr 8 01:28:41 2007 |
| MD5 Checksum: | 75819d79ed48371e0a643b82e4be2de5 |
|
| /// File Name: |
USN-453-2.txt |
Description:
|
Ubuntu Security Notice 453-2 - USN-453-1 provided an updated libx11 package to fix a security vulnerability. This triggered an error in rdesktop so that it crashed on startup. This update fixes the problem.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3637 | | Related CVE(s): | CVE-2007-1667 | | Last Modified: | May 3 02:01:01 2007 |
| MD5 Checksum: | c65cd90b31c101264b86a08cc036d8f7 |
|
| /// File Name: |
04.20.07-1.txt |
Description:
|
iDefense Security Advisory 04.20.07 - Local exploitation of multiple design error vulnerabilities within multiple Check Point Zone Alarm products could allow an attacker to gain elevated privileges. iDefense has confirmed the existence of these vulnerabilities within version 5.0.63.0 of srescan.sys as installed with Check Point Zone Labs Zone Alarm Free. All other products within the Zone Alarm product line are suspected to be vulnerable. Previous versions are also suspected to be vulnerable.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 3629 | | Last Modified: | Apr 23 05:55:41 2007 |
| MD5 Checksum: | f2c085825568801fef403af26b05a475 |
|
| /// File Name: |
sa24907.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for freeradius. This fixes a security issue, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24907/ | | File Size: | 3628 | | Last Modified: | Apr 17 18:18:04 2007 |
| MD5 Checksum: | e56fe5861380e8ebacb94959f5ba93fe |
|
| /// File Name: |
sa24986.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in ZomeAlarm products, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24986/ | | File Size: | 3616 | | Last Modified: | Apr 23 16:27:41 2007 |
| MD5 Checksum: | b9275e17044ae00e5296f1723b945e27 |
|
| /// File Name: |
ZDI-07-019.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of BMC Patrol. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper parsing of XDR data sent to the bgs_sdservice.exe process listening by default on TCP port 10128. An attacker can influence a parameter to a memory copy operation and cause corruption of the stack and including SEH pointers. This can be leveraged to execute arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3599 | | Related CVE(s): | CVE-2007-2136 | | Last Modified: | Apr 19 06:54:40 2007 |
| MD5 Checksum: | 7dcfd0677f70a6f1389e9e58d34ba113 |
|
| /// File Name: |
glsa-200704-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200704-12 - John Heasman of NGSSoftware has discovered a stack-based buffer overflow in the StarCalc parser and an input validation error when processing metacharacters in a link. Also OpenOffice.Org includes code from libwpd making it vulnerable to heap-based overflows when converting WordPerfect document tables (GLSA 200704-07). Versions less than 2.1.0-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3582 | | Related CVE(s): | CVE-2007-0002, CVE-2007-0238, CVE-2007-0239 | | Last Modified: | Apr 17 19:09:04 2007 |
| MD5 Checksum: | 808ac7bd7870bd34227ed9c74e8c24ec |
|
| /// File Name: |
04.03.07-2.txt |
Description:
|
iDefense Security Advisory 04.03.07 - Remote exploitation of a buffer overflow vulnerability in the Kerberos kadmind server, as included in various vendors' operating system distributions, could allow attackers to execute arbitrary code on a targeted host. The vulnerability exists within the server's logging function, klog_vsyslog(). A call is made to vsprintf(), with the destination buffer passed as a fixed size stack buffer. User input is not properly validated before being passed to this function, and a stack based buffer overflow can occur. iDefense has confirmed the existence of this vulnerability with Kerberos version 1.5.1 on Fedora CORE 5. It is likely that all distributions that contain this version of Kerberos are vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3557 | | Related CVE(s): | CVE-2007-0957 | | Last Modified: | Apr 5 02:11:15 2007 |
| MD5 Checksum: | d2db051bd931f4bf4da09013876b41ba |
|
| /// File Name: |
04.03.07-6.txt |
Description:
|
iDefense Security Advisory 04.03.07 - Local exploitation of a heap overflow vulnerability in Kaspersky Lab's Internet Security Suite klif.sys could allow an attacker to execute arbitrary code within kernel context. iDefense confirmed this vulnerability in Kaspersky Internet Security 6.0.1.411 for Windows. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3556 | | Last Modified: | Apr 5 08:55:41 2007 |
| MD5 Checksum: | 0994d9a726b1e80edff9e0fca9b3fc29 |
|
| /// File Name: |
sa24932.txt |
Description:
|
Secunia Security Advisory - Janek Vind has discovered some vulnerabilities in Phorum, which can be exploited by malicious users to conduct SQL injection attacks and to gain escalated privileges, and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
| | Homepage: | http://secunia.com/advisories/24932/ | | File Size: | 3465 | | Last Modified: | Apr 20 23:50:15 2007 |
| MD5 Checksum: | e4e3625dd4f0b4d84f1d9d4e258956fe |
|
| /// File Name: |
04.16.07-1.txt |
Description:
|
iDefense Security Advisory 04.16.07 - Remote exploitation of a buffer overflow vulnerability in Clam AntiVirus' ClamAV allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists within the cab_unstore() function in libclamav, the library used by clamd to scan various file types. A 32-bit signed integer is taken from the packet and compared against the sizeof() the destination buffer. However, the sizeof() return value is improperly casted to a signed integer. By supplying a negative value, an attacker can pass cause the comparison to succeed. This eventually leads to an exploitable stack-based buffer overflow. iDefense has confirmed the existence of this vulnerability in ClamAV in versions 0.90rc3 through 0.90.1.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3463 | | Related CVE(s): | CVE-2007-1997 | | Last Modified: | Apr 17 18:32:28 2007 |
| MD5 Checksum: | c651a7e917f03cee3ad31c1a26299810 |
|
| /// File Name: |
sa24722.txt |
Description:
|
Secunia Security Advisory - Mariano Nuņez Di Croce has reported some vulnerabilities in SAP RFC Library, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24722/ | | File Size: | 3451 | | Last Modified: | Apr 7 21:35:58 2007 |
| MD5 Checksum: | 53cfc125707140fdf51cf77e4692088a |
|
| /// File Name: |
sa24834.txt |
Description:
|
Secunia Security Advisory - eEye Digital Security has reported a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24834/ | | File Size: | 3447 | | Last Modified: | Apr 11 04:12:21 2007 |
| MD5 Checksum: | a353e61aa27162b8fa8c17ca9d1e0524 |
|
| /// File Name: |
03.31.07-2.txt |
Description:
|
iDefense Security Advisory 03.31.07 - Remote exploitation of a multiple vulnerabilities within IBM Corp.'s Tivoli Provisioning Manager for OS Deployment allows attackers to crash the service or potentially execute arbitrary code with SYSTEM privileges. These vulnerabilities specifically exist in the handling of multi part/form-data HTTP POST requests. Malformed requests can cause invalid memory accesses leading to denial of service, or in some cases heap corruption. iDefense has confirmed the existence of these vulnerabilities within version 5.1.0.116 of Tivoli Provisioning Manager for OS Deployment. Older versions are suspected to be vulnerable as well.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3447 | | Last Modified: | Apr 3 02:54:32 2007 |
| MD5 Checksum: | e832c816eea404fdaf3f90ee8f532d3a |
|
| /// File Name: |
04.04.07-1.txt |
Description:
|
iDefense Security Advisory 04.04.07 - Remote exploitation of a information disclosure vulnerability in Kaspersky AntiVirus 6 could allow malicious websites to steal files off of a user's machine. iDefense has confirmed the existence of this vulnerability in version 6.0 of Kaspersky Antivirus.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.idefense.com/ | | File Size: | 3414 | | Last Modified: | Apr 5 08:53:47 2007 |
| MD5 Checksum: | 25f95ec76b493a33ea7cd029093124fc |
|
| /// File Name: |
sa24737.txt |
Description:
|
Secunia Security Advisory - SUSE has issued updates for multiple packages. These fix some vulnerabilities and a security issue, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24737/ | | File Size: | 3389 | | Last Modified: | Apr 5 07:27:45 2007 |
| MD5 Checksum: | 8cb876270905cb0c26773d53c3929117 |
|
| /// File Name: |
04.02.07-1.txt |
Description:
|
iDefense Security Advisory 04.02.07 - Remote exploitation of a buffer overflow vulnerability in an ActiveX control installed by Hewlett-Packard Mercury Quality Center could allow for the execution of arbitrary code. iDefense has confirmed this vulnerability in the control that is installed with the 9.0 version of Hewlett-Packard Mercury Quality Center. The vulnerable ActiveX control is version 9.1.0.4353.
| | Author: | Eric Detoisien, Titon, Ri0t | | Homepage: | http://www.idefense.com/ | | File Size: | 3376 | | Last Modified: | Apr 3 02:53:44 2007 |
| MD5 Checksum: | 05cb3a803519f121f8fa5bf004dd3404 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
