Section: .. / 0712-advisories /
| /// File Name: |
USN-550-2.txt |
Description:
|
Ubuntu Security Notice 550-2 - USN-550-1 fixed vulnerabilities in Cairo. The upstream fixes were incomplete, and under certain situations, applications using Cairo would crash with a floating point error. Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9760 | | Last Modified: | Dec 10 20:12:21 2007 |
| MD5 Checksum: | a86ef1bed2d880f4522bad4f6a7ec124 |
|
| /// File Name: |
USN-550-3.txt |
Description:
|
Ubuntu Security Notice 550-3 - USN-550-1 fixed vulnerabilities in Cairo. A bug in font glyph rendering was uncovered as a result of the new memory allocation routines. In certain situations, fonts containing characters with no width or height would not render any more. This update fixes the problem. Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16413 | | Related CVE(s): | CVE-2007-5503 | | Last Modified: | Dec 13 17:52:55 2007 |
| MD5 Checksum: | 2370d0c51e796c283bd73261ef0bf925 |
|
| /// File Name: |
USN-551-1.txt |
Description:
|
Ubuntu Security Notice 551-1 - Thomas Sesselmann discovered that the OpenLDAP slapd server did not properly handle certain modify requests. A remote attacker could send malicious modify requests to the server and cause a denial of service. Toby Blake discovered that slapd did not properly terminate an array while running as a proxy-caching server. A remote attacker may be able to send crafted search requests to the server and cause a denial of service. This issue only affects Ubuntu 7.04 and 7.10.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12244 | | Related CVE(s): | CVE-2007-5707, CVE-2007-5708 | | Last Modified: | Dec 4 00:35:17 2007 |
| MD5 Checksum: | 6f4f955592cc3827ccc22c9d96d994ab |
|
| /// File Name: |
USN-552-1.txt |
Description:
|
Ubuntu Security Notice 552-1 - It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. If a user or automated system were tricked into running a specially crafted regular expression, a remote attacker could crash the application or possibly execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 20344 | | Related CVE(s): | CVE-2007-5116 | | Last Modified: | Dec 5 23:25:51 2007 |
| MD5 Checksum: | 4bd5e0f01a7720c0a74954c65614f89c |
|
| /// File Name: |
USN-553-1.txt |
Description:
|
Ubuntu Security Notice 553-1 - It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 55916 | | Related CVE(s): | CVE-2007-5197 | | Last Modified: | Dec 5 23:26:33 2007 |
| MD5 Checksum: | a2d4438d070903934179bd745f3c5e2b |
|
| /// File Name: |
USN-554-1.txt |
Description:
|
Ubuntu Security Notice 554-1 - Bastien Roucaries discovered that dvips as included in tetex-bin and texlive-bin did not properly perform bounds checking. If a user or automated system were tricked into processing a specially crafted dvi file, dvips could be made to crash and execute code as the user invoking the program. Joachim Schrod discovered that the dviljk utilities created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. Joachim Schrod discovered that the dviljk utilities did not perform bounds checking in many instances. If a user or automated system were tricked into processing a specially crafted dvi file, the dviljk utilities could be made to crash and execute code as the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16925 | | Related CVE(s): | CVE-2007-5937, CVE-2007-5935, CVE-2007-5936 | | Last Modified: | Dec 7 19:43:18 2007 |
| MD5 Checksum: | 66e2a0f3a69dd3a6048a891fe1ea00d3 |
|
| /// File Name: |
USN-555-1.txt |
Description:
|
Ubuntu Security Notice 555-1 - Rafal Wojtczuk discovered multiple integer overflows in e2fsprogs. If a user or automated system were tricked into fscking a malicious ext2/ext3 filesystem, a remote attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 43267 | | Related CVE(s): | CVE-2007-5497 | | Last Modified: | Dec 8 17:37:38 2007 |
| MD5 Checksum: | 2e1b49fcabda668f1da3f8f4598f05d6 |
|
| /// File Name: |
USN-556-1.txt |
Description:
|
Ubuntu Security Notice 556-1 - Alin Rad Pop discovered that Samba did not correctly check the size of reply packets to mailslot requests. If a server was configured with domain logon enabled, an unauthenticated remote attacker could send a specially crafted domain logon packet and execute arbitrary code or crash the Samba service. By default, domain logon is disabled in Ubuntu.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 31916 | | Related CVE(s): | CVE-2007-6015 | | Last Modified: | Dec 18 19:54:20 2007 |
| MD5 Checksum: | 31b3cae20f8ab666b2f32ac044c89878 |
|
| /// File Name: |
USN-557-1.txt |
Description:
|
Ubuntu Security Notice 557-1 - Mattias Bengtsson and Philip Olausson discovered that the GD library did not properly perform bounds checking when creating images. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service or possibly execute arbitrary code.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17513 | | Related CVE(s): | CVE-2007-3996 | | Last Modified: | Dec 19 19:43:39 2007 |
| MD5 Checksum: | 7d84ed3040a2f4e9b790b1e25fc3ac5c |
|
| /// File Name: |
USN-559-1.txt |
Description:
|
Ubuntu Security Notice 559-1 - Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. An authenticated user could use a crafted CONTAINS statement to cause a denial of service. It was discovered that under certain conditions MySQL could be made to overwrite system table information. An authenticated user could use a crafted RENAME statement to escalate privileges. Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service. It was discovered that MySQL did not properly enforce access controls. An authenticated user could use a crafted CREATE TABLE LIKE statement to escalate privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 18551 | | Related CVE(s): | CVE-2007-3781, CVE-2007-5969, CVE-2007-5925, CVE-2007-6304 | | Last Modified: | Dec 24 14:44:42 2007 |
| MD5 Checksum: | c3db01b803d7263925949a98a2c9dc05 |
|
| /// File Name: |
vlcboffs.txt |
Description:
|
VideoLAN (VLC) versions 0.8.6d and below suffer from buffer overflow and format string vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | vlcboffs.zip | | File Size: | 4598 | | Last Modified: | Dec 24 15:01:40 2007 |
| MD5 Checksum: | 0a15179dfe129238afe5c061e039517d |
|
| /// File Name: |
websense-bypass.txt |
Description:
|
Websense Enterprise version 6.3.1 suffers from a web filtering bypass vulnerability due to a trust condition with the User-Agent: setting.
| | Author: | mrhinkydink | | File Size: | 1974 | | Last Modified: | Dec 13 17:52:09 2007 |
| MD5 Checksum: | 836b78b61b542dba2b9e8dfdd6ee55df |
|
| /// File Name: |
websense-xss.txt |
Description:
|
Websense Enterprise and Websense Web Security Suite contain a Version 6.3 is affected. vulnerability in the login page that is susceptible to a cross site scripting attack.
| | Author: | Dave Lewis | | Homepage: | http://www.liquidmatrix.org/ | | File Size: | 1565 | | Last Modified: | Dec 10 19:56:52 2007 |
| MD5 Checksum: | 4932a8e05d9f9d82c73b755f2e32e9af |
|
| /// File Name: |
winuaebof.txt |
Description:
|
WinUAE versions 1.4.4 and below suffer from a buffer overflow vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | winuaebof.zip | | File Size: | 2229 | | Last Modified: | Dec 24 14:50:20 2007 |
| MD5 Checksum: | fb7fe185c7451fb4a8250f2887bda215 |
|
| /// File Name: |
xmpbof.txt |
Description:
|
Extended Module Player (XMP) versions 2.5.1 and below suffer from multiple buffer overflow vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | xmpbof.zip | | File Size: | 2856 | | Last Modified: | Dec 28 19:52:18 2007 |
| MD5 Checksum: | d4c05fd64f85efa49ad651b4b11adcae |
|
| /// File Name: |
yshortcut-overflow.txt |
Description:
|
It appears that the YShortcut toolbar has a buffer overflow vulnerability.
| | Author: | Elazar Broad | | File Size: | 783 | | Last Modified: | Dec 20 16:22:42 2007 |
| MD5 Checksum: | 93c676aa83060f2436e7fd3889e4df0d |
|
| /// File Name: |
ZDI-07-070.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. Versions below 3.6 Gold are affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3015 | | Related CVE(s): | CVE-2007-5989 | | Last Modified: | Dec 7 19:52:36 2007 |
| MD5 Checksum: | 79876e3be8515d55bca5083fc99177ad |
|
| /// File Name: |
ZDI-07-071.txt |
Description:
|
Vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard (HP) OpenView Network Node Manager (NNM). Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the CGI applications that handle the management of the NNM server. Due to lack of bounds checking during a call to sprintf(), sending overly long arguments to the various CGI variables result in a classic stack overflow leading to compromise of the remote server. Exploitation leads to code execution running under the credentials of the web server. Further techniques can be leveraged to gain full SYSTEM access. OpenView Network Node Manager versions 7.51 and below are affected.
| | Author: | Tenable Network Security | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3372 | | Related CVE(s): | CVE-2007-6204 | | Last Modified: | Dec 7 19:54:09 2007 |
| MD5 Checksum: | 311ceae015110716c8b40553879d3e45 |
|
| /// File Name: |
ZDI-07-072.txt |
Description:
|
Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Novell NetMail. User interaction is not required to exploit this vulnerability. The specific flaws exist in the AntiVirus agent which listens on a random high TCP port. The avirus.exe service protocol reads a user-supplied ASCII integer value as an argument to a memory allocation routine. The specified size is added to without any integer overflow checks and can therefore result in an under allocation. A subsequent memory copy operation can then corrupt the heap and eventually result in arbitrary code execution. Novell NetMail version 3.5.2 is affected.
| | Author: | Tenable Network Security | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3196 | | Related CVE(s): | CVE-2007-6302 | | Last Modified: | Dec 10 20:15:11 2007 |
| MD5 Checksum: | df7e4d6dd1b17c15d1b0b235ca44924c |
|
| /// File Name: |
ZDI-07-073.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the CRecalcProperty function in mshtml.dll. When rendering HTML after calling the setExpression methods, followed by a modification of the outerHTML property of a programatically created element. The vulnerable code dereferences a previously freed memory location which can be leveraged to execute arbitrary code. Affected versions are 5.01 SP4, 6, and 7.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3185 | | Related CVE(s): | CVE-2007-3902 | | Last Modified: | Dec 11 23:37:45 2007 |
| MD5 Checksum: | e0dac5f14981b09e1dc863847489ab40 |
|
| /// File Name: |
ZDI-07-074.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists due to improper use of the "cloneNode" and "nodeValue" javascript functions. When a specially crafted element is used during a repetitive call to one of these functions memory corruption can occur leading to remote code execution. Affected versions are 6 and 7.
| | Author: | Sam Thomas | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3060 | | Related CVE(s): | CVE-2007-3903 | | Last Modified: | Dec 11 23:38:59 2007 |
| MD5 Checksum: | 9d7271a44009b158cbf029b35d907e4d |
|
| /// File Name: |
ZDI-07-075.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects that have been created, modified, deleted then accessed by JavaScript. By storing references to document nodes, then removing them by a separate reference, the document model in memory becomes unstable. Accessing the tags property while the document is in this unstable condition results in a heap corruption, allowing the execution of arbitrary code. Affected versions are 6 and 7.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3211 | | Related CVE(s): | CVE-2007-5344 | | Last Modified: | Dec 11 23:40:00 2007 |
| MD5 Checksum: | 8cb065228f52501f33ed8e57b6ede1fd |
|
| /// File Name: |
ZDI-07-076.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows with the Message Queuing Service enabled. Authentication is not required to exploit this vulnerability. The specific flaw exists in the RPC interface defined on port 2103 with UUID fdb3a030-065f-11d1-bb9b-00a024ea5525. During the processing of opnum 0x06 the service copies user-supplied information into a fixed length stack buffer. Sending at least 300 bytes will trigger a stack based buffer overflow due to a vulnerable wcscat() call. Exploitation of this issue can result in arbitrary code execution. Affected versions are Windows 2000 SP4 and Windows XP SP2.
| | Author: | Tenable Network Security | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3201 | | Related CVE(s): | CVE-2007-3039 | | Last Modified: | Dec 11 23:41:28 2007 |
| MD5 Checksum: | 1bd474b25aceb117a8378f9633f4f4c3 |
|
| /// File Name: |
ZDI-07-077.txt |
Description:
|
Vulnerabilities allow attackers to execute arbitrary code on vulnerable installations of Trend Micro ServerProtect. Authentication is not required to exploit these vulnerabilities. ServerProtect version 5.58 is affected.
| | Author: | Eric DETOISIEN | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3571 | | Last Modified: | Dec 17 21:21:46 2007 |
| MD5 Checksum: | a2dc2f74641791ae4540449193656821 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
