Section: .. / 0711-advisories /
| /// File Name: |
USN-544-1.txt |
Description:
|
Ubuntu Security Notice 544-1 - Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 31890 | | Related CVE(s): | CVE-2007-5398, CVE-2007-4572 | | Last Modified: | Nov 16 02:51:57 2007 |
| MD5 Checksum: | 16bd422ddf2c0a218797ed724276624b |
|
| /// File Name: |
USN-544-2.txt |
Description:
|
Ubuntu Security Notice 544-2 - USN-544-1 fixed two vulnerabilities in Samba. Fixes for CVE-2007-5398 are unchanged, but the upstream changes for CVE-2007-4572 introduced a regression in all releases which caused Linux smbfs mounts to fail. Additionally, Dapper and Edgy included an incomplete patch which caused configurations using NetBIOS to fail. A proper fix for these regressions does not exist at this time, and so the patch addressing CVE-2007-4572 has been removed. This vulnerability is believed to be an unexploitable denial of service, but a future update will address this issue. We apologize for the inconvenience.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 32338 | | Related CVE(s): | CVE-2007-5398, CVE-2007-4572 | | Last Modified: | Nov 26 15:57:07 2007 |
| MD5 Checksum: | 72259e6752df012d7870529f5775034a |
|
| /// File Name: |
USN-545-1.txt |
Description:
|
Ubuntu Security Notice 545-1 - Alin Rad Pop discovered that AbiWord's Link Grammar parser did not correctly handle overly-long words. If a user were tricked into opening a specially crafted document, AbiWord, or other applications using Link Grammar, could be made to crash.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3920 | | Related CVE(s): | CVE-2007-5395 | | Last Modified: | Nov 26 22:58:31 2007 |
| MD5 Checksum: | e957ca3d108f1b1bd40f7b6c2d1138b6 |
|
| /// File Name: |
USN-546-1.txt |
Description:
|
Ubuntu Security Notice 546-1 - It was discovered that Firefox incorrectly associated redirected sites as the origin of "jar:" contents. A malicious web site could exploit this to modify or steal confidential data (such as passwords) from other web sites. Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. Gregory Fleischer discovered that it was possible to use JavaScript to manipulate Firefox's Referer header. A malicious web site could exploit this to conduct cross-site request forgeries against sites that relied only on Referer headers for protection from such attacks.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 29356 | | Related CVE(s): | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960 | | Last Modified: | Nov 26 22:59:34 2007 |
| MD5 Checksum: | 10d2c398e4ffa3201d0f41270a7d2f8a |
|
| /// File Name: |
USN-547-1.txt |
Description:
|
Ubuntu Security Notice 547-1 - Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 14953 | | Related CVE(s): | CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768 | | Last Modified: | Nov 26 23:00:48 2007 |
| MD5 Checksum: | 17583c6a6e227729add8aa3816fbb5ce |
|
| /// File Name: |
USN-548-1.txt |
Description:
|
Ubuntu Security Notice 548-1 - It was discovered that Pidgin did not correctly handle certain logging events. A remote attacker could send specially crafted messages and cause the application to crash, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4910 | | Related CVE(s): | CVE-2007-4999 | | Last Modified: | Nov 28 20:21:47 2007 |
| MD5 Checksum: | 1213091793c5e019bc3dcdb9fc792219 |
|
| /// File Name: |
USN-549-1.txt |
Description:
|
Ubuntu Security Notice 549-1 - Various integer overflows, arbitrary code execution, and denial of service vulnerabilities have been fixed in PHP 5.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 54920 | | Related CVE(s): | CVE-2007-1285, CVE-2007-2872, CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4660, CVE-2007-4661, CVE-2007-4662, CVE-2007-4670, CVE-2007-5898, CVE-2007-5899 | | Last Modified: | Nov 30 01:57:43 2007 |
| MD5 Checksum: | 480e0abf31a634a029d87570b870ea34 |
|
| /// File Name: |
wellsfargo-notsogood.txt |
Description:
|
It appears that Wells Fargo's online banking is now allowing third party javascript from Akamai. Hopefully they come to their senses.
| | Author: | joel | | File Size: | 897 | | Last Modified: | Nov 26 17:29:09 2007 |
| MD5 Checksum: | f70c4aad89a603207703fcc4f9b66d8e |
|
| /// File Name: |
yahooutf7-xss.txt |
Description:
|
Yahoo! suffered from a cross site scripting vulnerability using UTF-7. This has been fixed already.
| | Author: | HASEGAWA Yosuke | | File Size: | 1462 | | Last Modified: | Nov 26 22:15:52 2007 |
| MD5 Checksum: | ae5efe8d557f6c417545242adfecd106 |
|
| /// File Name: |
ZDI-07-065.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the parsing of the CTAB atom. While reading the CTAB RGB values, an invalid color table size can cause QuickTime to write past the end of the heap chunk. This memory corruption can lead to the execution of arbitrary code. QuickTime version 7.2 is affected.
| | Author: | Ruben Santamarta, Mario Ballano | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3057 | | Related CVE(s): | CVE-2007-4677 | | Last Modified: | Nov 6 01:54:30 2007 |
| MD5 Checksum: | fb69d59ed04b0aff6839be910543792e |
|
| /// File Name: |
ZDI-07-066.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist in the parsing of the PackBitsRgn field (Opcode 0x0099). Due to improper handling of a malformed element in the structure, heap corruption occurs. If properly constructed this can lead to code execution running under the credentials of the user. QuickTime version 7.2 is affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2810 | | Related CVE(s): | CVE-2007-4676 | | Last Modified: | Nov 6 01:55:28 2007 |
| MD5 Checksum: | 871f6e70129173aac370236241559541 |
|
| /// File Name: |
ZDI-07-067.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist in the parsing of Poly type opcodes (opcodes 0x0070-74). Due to improper handling of a malformed element in the structure heap corruption occurs. If properly constructed this can lead to code execution. QuickTime version 7.2 is affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2760 | | Related CVE(s): | CVE-2007-4676 | | Last Modified: | Nov 6 01:56:18 2007 |
| MD5 Checksum: | 7ac8efca696e1a6aa235afa137dec6d5 |
|
| /// File Name: |
ZDI-07-068.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious image file. The specific flaw exists in the parsing of the pict file format. If an invalid length is specified for the UncompressedQuickTimeData opcode, a stack based buffer overflow occurs, allowing the execution of arbitrary code. QuickTime version 7.2 is affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2742 | | Related CVE(s): | CVE-2007-4672 | | Last Modified: | Nov 6 01:57:10 2007 |
| MD5 Checksum: | d1010a84b5c27c095841dbbd3f14b5a5 |
|
| /// File Name: |
ZDI-07-069.txt |
Description:
|
A vulnerability allows attackers to arbitrarily access and modify the file system and registry of vulnerable installations of Computer Associates BrightStor ARCserve Backup. Authentication is not required to exploit this vulnerability.
| | Author: | Tenable Network Security | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3464 | | Related CVE(s): | CVE-2007-5328 | | Last Modified: | Nov 26 22:55:34 2007 |
| MD5 Checksum: | 5ad9a656249667513fa848639a2a2b7d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
