Section: .. / 0705-advisories /
| /// File Name: |
USN-464-1.txt |
Description:
|
Ubuntu Security Notice 464-1 - Multiple vulnerabilities have been patched against in the Linux kernel. Philipp Richter discovered that the AppleTalk protocol handler did not sufficiently verify the length of packets. By sending a crafted AppleTalk packet, a remote attacker could exploit this to crash the kernel. Gabriel Campana discovered that the do_ipv6_setsockopt() function did not sufficiently verify option values for IPV6_RTHDR. A local attacker could exploit this to trigger a kernel crash. A Denial of Service vulnerability was discovered in the nfnetlink_log() netfilter function. A remote attacker could exploit this to trigger a kernel crash. The connection tracking module for IPv6 did not properly handle the status field when reassembling fragmented packets, so that the final packet always had the 'established' state. A remote attacker could exploit this to bypass intended firewall rules. Masayuki Nakagawa discovered an error in the flowlabel handling of IPv6 network sockets. A local attacker could exploit this to crash the kernel. The do_dccp_getsockopt() function did not sufficiently verify the optlen argument. A local attacker could exploit this to read kernel memory (which might expose sensitive data) or cause a kernel crash. This only affects Ubuntu 7.04. The IPv4 and DECnet network protocol handlers incorrectly declared an array variable so that it became smaller than intended. By sending crafted packets over a netlink socket, a local attacker could exploit this to crash the kernel.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 145200 | | Related CVE(s): | CVE-2007-1357, CVE-2007-1388, CVE-2007-1496, CVE-2007-1497, CVE-2007-1592, CVE-2007-1730, CVE-2007-2172 | | Last Modified: | May 30 22:52:13 2007 |
| MD5 Checksum: | 9b31d90401441ebd4532d2e93a14c4fe |
|
| /// File Name: |
dsa-1296-1.txt |
Description:
|
Debian Security Advisory 1296-1 - It was discovered that the ftp extension of PHP, a server-side, HTML-embedded scripting language performs insufficient input sanitising, which permits an attacker to execute arbitrary FTP commands. This requires the attacker to already have access to the FTP server.
| | Homepage: | http://www.debian.org/security | | File Size: | 72245 | | Related CVE(s): | CVE-2007-2509 | | Last Modified: | May 22 03:57:30 2007 |
| MD5 Checksum: | 6faea7ecb565932576eade47cf49581d |
|
| /// File Name: |
cisco-sa-20070522-SSL.txt |
Description:
|
Cisco Security Advisory - Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS). However, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
| | Homepage: | http://www.cisco.com/ | | File Size: | 53832 | | Last Modified: | May 23 07:12:02 2007 |
| MD5 Checksum: | 046365c9408891641728dd9d4ef424e7 |
|
| /// File Name: |
sa25025.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for php4. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, malicious users to disclose potentially sensitive information or compromise a vulnerable system, and by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25025/ | | File Size: | 51930 | | Last Modified: | May 2 04:17:18 2007 |
| MD5 Checksum: | c70013e1b7abf8324ef6cf3f84861a62 |
|
| /// File Name: |
cisco-sa-20070522-crypto.txt |
Description:
|
Cisco Security Advisory - A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password). Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS). However, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
| | Homepage: | http://www.cisco.com/ | | File Size: | 50903 | | Related CVE(s): | CVE-2006-3894 | | Last Modified: | May 23 07:09:57 2007 |
| MD5 Checksum: | 64938b2f1372fada115a7dd016695a2a |
|
| /// File Name: |
USN-462-1.txt |
Description:
|
Ubuntu Security Notice 462-1 - A flaw was discovered in the FTP command handler in PHP. Commands were not correctly filtered for control characters. An attacker could issue arbitrary FTP commands using specially crafted arguments. Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler in PHP. Remote attackers could send a specially crafted SOAP request and execute arbitrary code with web server privileges. Ilia Alshanetsky discovered a buffer overflow in the user filter factory in PHP. A local attacker could create a specially crafted script and execute arbitrary code with web server privileges. Gregory Beaver discovered that the PEAR installer did not validate installation paths. If a user were tricked into installing a malicious PEAR package, an attacker could overwrite arbitrary files.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 40563 | | Related CVE(s): | CVE-2007-2519, CVE-2007-2511, CVE-2007-2510, CVE-2007-2509 | | Last Modified: | May 23 07:51:19 2007 |
| MD5 Checksum: | aff70e3b3bc98415789824b7be8fccd9 |
|
| /// File Name: |
dsa-1295-1.txt |
Description:
|
Debian Security Advisory 1295-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 40480 | | Related CVE(s): | CVE-2007-2509, CVE-2007-2510 | | Last Modified: | May 22 03:40:08 2007 |
| MD5 Checksum: | 8571f744590f17fca69a2b36a006a226 |
|
| /// File Name: |
dsa-1289-1.txt |
Description:
|
Debian Security Advisory 1289-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 37514 | | Related CVE(s): | CVE-2007-1496, CVE-2007-1497, CVE-2007-1861 | | Last Modified: | May 15 07:48:03 2007 |
| MD5 Checksum: | aa26a2d339a1d2e6a053d8edeb795ca5 |
|
| /// File Name: |
sa25057.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information, bypass certain security restrictions, gain escalated privileges, cause a DoS (Denial of Service), compromise a vulnerable system, and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25057/ | | File Size: | 37499 | | Last Modified: | May 2 04:17:18 2007 |
| MD5 Checksum: | 8d5f40dcc252c34673571353c3bf0eff |
|
| /// File Name: |
sa25228.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), and by malicious people to bypass certain security restrictions or cause a DoS.
| | Homepage: | http://secunia.com/advisories/25228/ | | File Size: | 34396 | | Last Modified: | May 15 07:07:10 2007 |
| MD5 Checksum: | 620907bc0f5ddc85ad9046ddf4b15393 |
|
| /// File Name: |
sa25058.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for postgresql. This fixes a security issue, which can be exploited by malicious users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/25058/ | | File Size: | 29389 | | Last Modified: | May 2 04:17:18 2007 |
| MD5 Checksum: | 73c6ebcf980d366064696d47571a7331 |
|
| /// File Name: |
sa25078.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for linux-2.6. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges, and by malicious people to cause a DoS.
| | Homepage: | http://secunia.com/advisories/25078/ | | File Size: | 28771 | | Last Modified: | May 4 07:48:13 2007 |
| MD5 Checksum: | a8f4d86490d2039bdd611fa331527abf |
|
| /// File Name: |
sa25062.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for php5. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, malicious users to disclose potentially sensitive information, bypass certain security restrictions or compromise a vulnerable system, and by malicious people to bypass certain security restrictions and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25062/ | | File Size: | 27264 | | Last Modified: | May 2 04:17:18 2007 |
| MD5 Checksum: | e08f1e2a7981bb6e1a668738f61dac79 |
|
| /// File Name: |
cisco-sa-20070509-iosftp.txt |
Description:
|
Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco IOS File Transfer Protocol (FTP) Server feature. These vulnerabilities include Denial of Service, improper verification of user credentials and the ability to read or write any file in the device's filesystem, including the device's saved configuration, which may include passwords or other sensitive information.
| | Homepage: | http://www.cisco.com/ | | File Size: | 26707 | | Last Modified: | May 10 05:51:47 2007 |
| MD5 Checksum: | 791578dc6480cac0bd73f4d88fbef5d1 |
|
| /// File Name: |
cisco-sa-20070502-asa.txt |
Description:
|
Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco Adaptive Security Appliance (ASA) and PIX security appliances. These vulnerabilities include two Lightweight Directory Access Protocol (LDAP) authentication bypass vulnerabilities and two denial of service (DoS) vulnerabilities.
| | Homepage: | http://www.cisco.com/ | | File Size: | 25655 | | Last Modified: | May 3 09:41:36 2007 |
| MD5 Checksum: | b1f9337bacb853a0e04956396719779d |
|
| /// File Name: |
USN-460-1.txt |
Description:
|
Ubuntu Security Notice 460-1 - Paul Griffith and Andrew Hogue discovered that Samba did not fully drop root privileges while translating SIDs. A remote authenticated user could issue SMB operations during a small window of opportunity and gain root privileges. Brian Schafer discovered that Samba did not handle NDR parsing correctly. A remote attacker could send specially crafted MS-RPC requests that could overwrite heap memory and execute arbitrary code. It was discovered that Samba did not correctly escape input parameters for external scripts defined in smb.conf. Remote authenticated users could send specially crafted MS-RPC requests and execute arbitrary shell commands.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 24858 | | Related CVE(s): | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447 | | Last Modified: | May 17 04:22:48 2007 |
| MD5 Checksum: | 476081583b5fad8dc1a8e0b09b69c66f |
|
| /// File Name: |
dsa-1291-2.txt |
Description:
|
Debian Security Advisory 1291-2 - Various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data. Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution.
| | Homepage: | http://www.debian.org/security | | File Size: | 24189 | | Related CVE(s): | CVE-2007-2446, CVE-2007-2447 | | Last Modified: | May 21 04:47:15 2007 |
| MD5 Checksum: | bd00f0426584818823ae786c91fe45a4 |
|
| /// File Name: |
dsa-1291-3.txt |
Description:
|
Debian Security Advisory 1291-3 - The security update for CVE-2007-2444 introduced a regression in the handling of the "force group" share parameter if the forced group is a local Unix group for domain member servers. This update fixes this regression.
| | Homepage: | http://www.debian.org/security | | File Size: | 21001 | | Related CVE(s): | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447 | | Last Modified: | May 22 03:58:32 2007 |
| MD5 Checksum: | 1ff6e301b3553e7c9b79d510fead0938 |
|
| /// File Name: |
dsa-1291-1.txt |
Description:
|
Debian Security Advisory 1291-1 - Several issues have been identified in Samba, the SMB/CIFS file and print server implementation for GNU/Linux. When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal security stack may result in a transition to the root user id rather than the non-root user. The user is then able to temporarily issue SMB/CIFS protocol operations as the root user. This window of opportunity may allow the attacker to establish addition means of gaining root access to the server. Various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data. Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution
| | Homepage: | http://www.debian.org/security | | File Size: | 19272 | | Related CVE(s): | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447 | | Last Modified: | May 17 03:51:46 2007 |
| MD5 Checksum: | abe8236f5ffb6e401b46583bc92e37e5 |
|
| /// File Name: |
dsa-1292-1.txt |
Description:
|
Debian Security Advisory 1292-1 - Andreas Nolden discovered a bug in the UTF8 decoding routines in qt4-x11, a C++ GUI library framework, that could allow remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
| | Homepage: | http://www.debian.org/security | | File Size: | 17503 | | Related CVE(s): | CVE-2007-0242 | | Last Modified: | May 17 04:18:16 2007 |
| MD5 Checksum: | 12a7b7221ee6b51883cf8a3d510ec1d1 |
|
| /// File Name: |
sa25028.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for clamav. This fixes some vulnerabilities, where one has an unknown impact and the others can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25028/ | | File Size: | 17416 | | Last Modified: | May 2 04:17:18 2007 |
| MD5 Checksum: | 17c37dcbc03f39fb32827f6062a21243 |
|
| /// File Name: |
dsa-1281-2.txt |
Description:
|
Debian Security Advisory 1281-2 - On 25 April, the Debian Security Team released clamav 0.90.1-3etch1, an update to the Clam anti-virus toolkit, to address several vulnerabilities. Unfortunately, there was an error in the updated packages and CVE-2007-2029, a file descriptor leak in the PDF document handler, was not properly fixed in Debian 4.0 (etch) or the Debian testing distribution (lenny).
| | Homepage: | http://www.debian.org/security | | File Size: | 15916 | | Related CVE(s): | CVE-2007-2029 | | Last Modified: | May 23 06:31:15 2007 |
| MD5 Checksum: | 492588824ef5cc820221a67dde763282 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
