Section: .. / 0801-advisories /
| /// File Name: |
hp-overflows.txt |
Description:
|
The hpvirtualrooms14.dll version 1.0.0.100 from HP Virtual Rooms suffers from ActiveX related buffer overflow vulnerabilities.
| | Author: | Elazar Broad | | File Size: | 965 | | Last Modified: | Jan 22 10:14:33 2008 |
| MD5 Checksum: | 55b583f2c0b268f1cd474b309a9ace43 |
|
| /// File Name: |
INFIGO-2008-01-06.txt |
Description:
|
INFIGO IS Security Advisory #ADV-2008-01-06 - The McAfee E-Business Server versions 8.5.2 and below suffer from a pre-authentication code execution and denial of service vulnerability.
| | Author: | Leon Juranic | | Homepage: | http://www.infigo.hr/ | | Related Exploit: | mcafee2.pl.txt | | File Size: | 2481 | | Last Modified: | Jan 9 13:11:21 2008 |
| MD5 Checksum: | 75667f5632db67420d78bca6139c7ed5 |
|
| /// File Name: |
MDVSA-2008-001-1.txt |
Description:
|
Mandriva Linux Security Advisory - A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or arbitrary code execution. This update provides Wireshark 0.99.7 which is not vulnerable to these issues. This update is being reissued without libcap (kernel capabilities) support, as that is not required by the original released packages, and thus gave trouble for a number of users.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7423 | | Related CVE(s): | CVE-2007-6111, CVE-2007-6112, CVE-2007-6113, CVE-2007-6114, CVE-2007-6115, CVE-2007-6116, CVE-2007-6117, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451 | | Last Modified: | Jan 8 12:02:16 2008 |
| MD5 Checksum: | 41ad1f8e033c40bb0496dba7da3bafee |
|
| /// File Name: |
MDVSA-2008-002.txt |
Description:
|
Mandriva Linux Security Advisory - The cache update reply processing functionality in Squid 2.x before 2.6.STABLE17, and Squid 3.0, allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5329 | | Related CVE(s): | CVE-2007-6239 | | Last Modified: | Jan 4 20:33:31 2008 |
| MD5 Checksum: | 32f40189c0be33a748292a2b1966f929 |
|
| /// File Name: |
MDVSA-2008-003.txt |
Description:
|
Mandriva Linux Security Advisory - An integer overflow vulnerability was reported by iDefense with clamav when parsing Portable Executable (PE) files packed in he MEW format. This could be exploited to cause a heap-based buffer overflow. Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files. As well, an unspecified vulnerability related to the bzip2 decompression algorithm was also discovered.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 12689 | | Related CVE(s): | CVE-2007-6336, CVE-2007-6335, CVE-2007-6337 | | Last Modified: | Jan 9 13:03:36 2008 |
| MD5 Checksum: | 1330f076ef6be171676b36fe6eeda847 |
|
| /// File Name: |
MDVSA-2008-004.txt |
Description:
|
Mandriva Linux Security Advisory - Index Functions Privilege Escalation: as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were permitted within index functions. Regular Expression Denial-of-Service: three separate issues in the regular expression libraries used by PostgreSQL allowed malicious users to initiate a denial-of-service by passing certain regular expressions in SQL queries. First, users could create infinite loops using some specific regular expressions. Second, certain complex regular expressions could consume excessive amounts of memory. Third, out-of-range backref numbers could be used to crash the backend. DBLink Privilege Escalation: DBLink functions combined with local trust or ident authentication could be used by a malicious user to gain superuser privileges. This issue has been fixed, and does not affect users who have not installed DBLink (an optional module), or who are using password authentication for local access. This same problem was addressed in the previous release cycle , but that patch failed to close all forms of the loophole.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3707 | | Related CVE(s): | CVE-2007-6600, CVE-2007-4772, CVE-2007-6067, CVE-2007-4769, CVE-2007-6601 | | Last Modified: | Jan 9 13:06:37 2008 |
| MD5 Checksum: | d93a0cdd381a117359d24819bc39bf3b |
|
| /// File Name: |
MDVSA-2008-005.txt |
Description:
|
Mandriva Linux Security Advisory - An infinite recursion flaw was found in the way that libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash. An integer overflow flaw was also found in how libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash or execute arbitrary code with the privileges of the user executing the application.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5429 | | Related CVE(s): | CVE-2007-6351, CVE-2007-6352 | | Last Modified: | Jan 10 03:58:29 2008 |
| MD5 Checksum: | 568437399ebadc129149c3644322a1d7 |
|
| /// File Name: |
MDVSA-2008-006.txt |
Description:
|
Mandriva Linux Security Advisory - An integer overflow in the Exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3424 | | Related CVE(s): | CVE-2007-6353 | | Last Modified: | Jan 10 18:04:35 2008 |
| MD5 Checksum: | 6998205f7a9adbfba9309a2e6767c2e3 |
|
| /// File Name: |
MDVSA-2008-007.txt |
Description:
|
Mandriva Linux Security Advisory - MadWifi prior to 0.9.3.3 allowed remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which would trigger an assertion error.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5012 | | Related CVE(s): | CVE-2007-5448 | | Last Modified: | Jan 11 13:31:46 2008 |
| MD5 Checksum: | b458d098d5fd5053c1a84c9262e963ed |
|
| /// File Name: |
MDVSA-2008-009-1.txt |
Description:
|
Mandriva Linux Security Advisory - The default behaviour of autofs 5 for the hosts map did not specify the nosuid and nodev mount options. This could allow a local user with control of a remote NFS server to create a setuid root executable on the exported filesystem of the remote NFS server. If this filesystem was mounted with the default hosts map, it would allow the user to obtain root privileges. Likewise, the same scenario would be available for local users able to create device files on the exported filesystem which could allow the user to gain access to important system devices. Because the default behaviour of autofs was to mount -hosts map entries with the dev and suid options enabled by default, autofs has been altered to always use nodev and nosuid by default. In order to have the old behaviour, the configuration must now explicitly set the dev and/or suid options. The previous update shipped with an incorrect LDAP lookup module that would prevent the automount daemon from starting. This update corrects that problem.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3937 | | Related CVE(s): | CVE-2007-5964, CVE-2007-6285 | | Last Modified: | Jan 12 19:37:36 2008 |
| MD5 Checksum: | f6177e8e7d3f51b060fff3292eb5e11a |
|
| /// File Name: |
MDVSA-2008-009.txt |
Description:
|
Mandriva Linux Security Advisory - The default behaviour of autofs 5 for the hosts map did not specify the nosuid and nodev mount options. This could allow a local user with control of a remote NFS server to create a setuid root executable on the exported filesystem of the remote NFS server. If this filesystem was mounted with the default hosts map, it would allow the user to obtain root privileges. Likewise, the same scenario would be available for local users able to create device files on the exported filesystem which could allow the user to gain access to important system devices. Because the default behaviour of autofs was to mount -hosts map entries with the dev and suid options enabled by default, autofs has been altered to always use nodev and nosuid by default. In order to have the old behaviour, the configuration must now explicitly set the dev and/or suid options.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4190 | | Related CVE(s): | CVE-2007-5964, CVE-2007-6285 | | Last Modified: | Jan 11 20:47:25 2008 |
| MD5 Checksum: | f9d1f61a7e9c079463f7defadccd3a0d |
|
| /// File Name: |
MDVSA-2008-010.txt |
Description:
|
Mandriva Linux Security Advisory - A denial of service flaw was discovered by the Google Security Team in the way libxml2 processes malformed XML content. This flaw could cause the application to stop responding.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7090 | | Related CVE(s): | CVE-2007-6284 | | Last Modified: | Jan 11 20:48:03 2008 |
| MD5 Checksum: | 0ac803914998a47b135ab3740d0315ba |
|
| /// File Name: |
MDVSA-2008-011.txt |
Description:
|
Mandriva Linux Security Advisory - rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4845 | | Related CVE(s): | CVE-2007-6199, CVE-2007-6200 | | Last Modified: | Jan 11 20:48:55 2008 |
| MD5 Checksum: | 6f2cfd48534e199dce8883b43461836d |
|
| /// File Name: |
MDVSA-2008-012.txt |
Description:
|
Mandriva Linux Security Advisory - An integer overflow flaw was discovered in how python's pcre module handled certain regular expressions. If a python application using the pcre module were to compile and execute untrusted regular expressions, it could possibly lead to an application crash or the execution of arbitrary code with the privileges of the python interpreter. Multiple integer overflows were found in python's imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4724 | | Related CVE(s): | CVE-2006-7228, CVE-2007-4965 | | Last Modified: | Jan 14 17:59:40 2008 |
| MD5 Checksum: | cb9f373cc74b45624bba55e90191bd4a |
|
| /// File Name: |
MDVSA-2008-013.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple integer overflows were found in python's imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7738 | | Related CVE(s): | CVE-2007-4965 | | Last Modified: | Jan 14 18:00:35 2008 |
| MD5 Checksum: | b5e65cb8e1d0632cc910452e440a7501 |
|
| /// File Name: |
MDVSA-2008-014.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw found in the mod_autoindex module could lead to a cross-site scripting attack on sites where mod_autoindex was enabled and the AddDefaultCharset directive was removed from the configuration, against web browsers that did not correctly derive the response character set following the rules in RFC 2616. A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4002 | | Related CVE(s): | CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005 | | Last Modified: | Jan 17 00:56:17 2008 |
| MD5 Checksum: | 73ce39335778435b022b8ca44386cf69 |
|
| /// File Name: |
MDVSA-2008-015.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7692 | | Related CVE(s): | CVE-2007-5000, CVE-2007-6388, CVE-2008-0005 | | Last Modified: | Jan 17 00:57:19 2008 |
| MD5 Checksum: | 0ed94da5fcca6e6eb55a8fe34371b8b5 |
|
| /// File Name: |
MDVSA-2008-016.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_balancer module could lead to a cross-site scripting attack against an authorized user on sites where mod_proxy_balancer was enabled. Another flaw in the mod_proxy_balancer module was found where, on sites with the module enabled, an authorized user could send a carefully crafted request that would cause the apache child process handling the request to crash, which could lead to a denial of service if using a threaded MPM. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 20603 | | Related CVE(s): | CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 | | Last Modified: | Jan 17 00:59:17 2008 |
| MD5 Checksum: | 72b735ddefb8eeff66a3a956e6a7dfa2 |
|
| /// File Name: |
MDVSA-2008-017.txt |
Description:
|
Mandriva Linux Security Advisory - MySQL 5.0.x did not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. The federated engine in MySQL 5.0.x, when performing a certain SHOW TABLE STATUS query, did not properly handle a response with a small number of columns, which could allow a remote MySQL server to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4903 | | Related CVE(s): | CVE-2007-6303, CVE-2007-6304 | | Last Modified: | Jan 21 20:24:53 2008 |
| MD5 Checksum: | 5460eb92252d60ca72b592bbd519f179 |
|
| /// File Name: |
MDVSA-2008-018.txt |
Description:
|
Mandriva Linux Security Advisory - Kalle Olavi Niemitalo found two boundary errors in the fsplib library, a copy of which is included in gFTP source. A remote attacker could trigger these vulnerabilities by enticing a user to download a file with a specially crafted directory or file name, possibly resulting in the execution of arbitrary code or a denial of service.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2786 | | Related CVE(s): | CVE-2007-3961, CVE-2007-3962 | | Last Modified: | Jan 21 21:54:32 2008 |
| MD5 Checksum: | b5a866774fba020ce271f221d962e4be |
|
| /// File Name: |
MDVSA-2008-019.txt |
Description:
|
Mandriva Linux Security Advisory - Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with the privileges of the user opening the file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5474 | | Related CVE(s): | CVE-2007-5503 | | Last Modified: | Jan 22 10:13:03 2008 |
| MD5 Checksum: | db81aa6bb531e1ab168e885f000ec566 |
|
| /// File Name: |
MDVSA-2008-020.txt |
Description:
|
Mandriva Linux Security Advisory - Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10599 | | Related CVE(s): | CVE-2008-0238, CVE-2008-0225 | | Last Modified: | Jan 22 19:02:56 2008 |
| MD5 Checksum: | d3f450da7f7f6e9205d34b6199928e32 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
